libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
6879 commits 4 branches 5 tags 480 MiB
Commit graph

6879 commits

This branch
This branch
All branches
Author SHA1 Message Date
Thomas Darimont
56a565f913 KEYCLOAK-3092: Show 20 users per page in user list by default 
More sensible default for number of users shown per page in
the user listing of the admin console.
This is also recommended in the patternfly guidelines.

Prior to the PR only 5 users were shown per page.
 2016-06-07 13:23:03 +02:00
Stian Thorgersen
816b01860b Merge pull request #2912 from thomasdarimont/issue/KEYCLOAK-2891-fix-openidc-endpoint-label-alignment 
KEYCLOAK-2891: Fix label alignment for OIDC Endpoint link.
 2016-06-07 07:07:17 +02:00
Stian Thorgersen
ce2f009e76 Merge pull request #2915 from pdrozd/KEYCLOAK-3082 
KEYCLOAK-3082 - clear queue before event
 2016-06-07 07:00:42 +02:00
Stian Thorgersen
d5a44db2de Merge pull request #2914 from pdrozd/master 
KEYCLOAK-3085 - Add module org.jboss.resteasy.resteasy-jaxrs to integ…
 2016-06-07 07:00:11 +02:00
Pavel Drozd
54d9943a3b KEYCLOAK-3085 - Add module org.jboss.resteasy.resteasy-jaxrs to integration-arquillian-testsuite-providers 2016-06-06 11:51:20 +02:00
Pavel Drozd
81de73df8e KEYCLOAK-3082 - clear queue before event 2016-06-06 11:46:39 +02:00
Thomas Darimont
51312ff7ff KEYCLOAK-2891: Fix label alignment for OIDC Endpoint link. 
This probably happend during merge.
 2016-06-06 09:55:31 +02:00
Bill Burke
b2d8c6bca2 Merge pull request #2418 from schmeedy/master 
Fix k_query_bearer_token endpoint in proxy
 2016-06-05 11:20:08 -04:00
Bill Burke
4c9a0b45d4 Merge pull request #2229 from thomasdarimont/issue/KEYCLOAK-2489-script-based-authenticator-definitions 
KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
 2016-06-05 11:12:05 -04:00
Bill Burke
b3f3449e39 Merge pull request #2810 from thomasdarimont/issue/KEYCLOAK-2974-handle-ModelException-in-UsersResource 
KEYCLOAK-2974: Handle ModelException in UsersResource
 2016-06-05 11:06:32 -04:00
Bill Burke
a76a4730e3 Merge pull request #2884 from thomasdarimont/issue/KEYCLOAK-2891-link-to-oidc-endpoints-from-admin-console 
KEYCLOAK-2891: Add link to OpenID Endpoint Configuration to realm details page.
 2016-06-05 11:06:11 -04:00
Bill Burke
dbeb3353f8 Merge pull request #2911 from thomasdarimont/issue/KEYCLOAK-3081-oidc-support-user-role-mapper 
KEYCLOAK-3081: Add client mappers to map user roles to token
 2016-06-05 11:03:47 -04:00
Thomas Darimont
a2d1c8313d KEYCLOAK-3081: Add client mapper to map user roles to token 
Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token.
Each protocol mapper supports to use a prefix string that is prepended to each role name.

 The client role protocol mapper can specify from which client the roles should be considered.
 Composite Roles are resolved recursively.

Background:
Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures.
In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure
(e.g. comma separated list) as a top-level  (ID/Access) Token attribute that can easily be matched with a regex.

In order to differentiate between client specific roles and realm roles it is possible to configure
both separately to be able to use the same role names with different contexts rendered as separate token attributes.
 2016-06-03 15:52:58 +02:00
Marek Posolda
193233899f Merge pull request #2910 from mposolda/master 
KEYCLOAK-3074 AdminEventStoreProviderTest fixes
 2016-06-03 11:33:22 +02:00
mposolda
c42b8f81e3 KEYCLOAK-3074 Change the TestingResourceProvider to always both firstResults and maxResults in JPA criteria query 2016-06-03 10:31:32 +02:00
mposolda
13bf36ce49 KEYCLOAK-3074 Change the signature of TestingResourceProvider.getAdminEvents to use String instead of java.util.Date 2016-06-03 10:31:24 +02:00
Stian Thorgersen
31eee347d4 Merge pull request #2895 from mhajas/fixMissingPOM 
KEYCLOAK-3051 Fix missing version in POM
 2016-06-02 18:55:03 +02:00
Stian Thorgersen
c37f1c24ee Merge pull request #2900 from tkyjovsk/performance-tests 
Updates to the performance tests.
 2016-06-02 18:54:47 +02:00
Stian Thorgersen
fba78f3e2a Merge pull request #2908 from mstruk/KEYCLOAK-2879-a 
KEYCLOAK-2879 UserResource
 2016-06-02 18:53:53 +02:00
Marko Strukelj
ec258c6515 KEYCLOAK-2879 UserResource 2016-06-02 15:23:18 +02:00
Stian Thorgersen
087f84bfff Merge pull request #2901 from mposolda/master 
KEYCLOAK-3065 Remove 'provider' from realmCache in keycloak-server.js…
 2016-06-02 14:58:16 +02:00
Stian Thorgersen
733a51b1ea Merge pull request #2903 from pedroigor/KEYCLOAK-3068 
[KEYCLOAK-3068] - Setting XInclude to false
 2016-06-02 07:59:17 +02:00
Stian Thorgersen
4141690857 Merge pull request #2905 from pedroigor/KEYCLOAK-3069 
[KEYCLOAK-3069] - Adding back javax.xml.soap.api dependency
 2016-06-02 07:58:35 +02:00
Pedro Igor
0ad86b3a53 [KEYCLOAK-3069] - Adding javax.xml.soap.api dependency 2016-06-01 16:57:06 -03:00
Pedro Igor
a39907de76 [KEYCLOAK-3068] - Setting XInclude to false 2016-06-01 16:43:02 -03:00
mposolda
fd2fc34386 KEYCLOAK-3065 Remove 'provider' from realmCache in keycloak-server.json to have 'enabled' switch working 2016-06-01 17:25:51 +02:00
Stian Thorgersen
93d3a0eb38 Merge pull request #2898 from stianst/master 
KEYCLOAK-3066
 2016-06-01 16:30:06 +02:00
Tomas Kyjovsky
ef95510da4 Updates to the performance tests. 
Conflicts:
	testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml
	testsuite/integration-arquillian/tests/other/clean-start/pom.xml
 2016-06-01 16:06:51 +02:00
Stian Thorgersen
8fab2f0718 KEYCLOAK-3066 
Uploaded Realm Certificate is not validated
 2016-06-01 15:12:21 +02:00
mhajas
6da8ca70dc Fix missing version in POM 2016-05-27 12:09:20 +02:00
Stian Thorgersen
2343e517c9 Merge pull request #2891 from pedroigor/KEYCLOAK-2894 
[KEYCLOAK-2894] - Fixing saml signature validation
 2016-05-26 16:57:13 +02:00
Pedro Igor
60f954a497 [KEYCLOAK-2894] - Fixing saml signature validation 2016-05-26 10:48:30 -03:00
Stian Thorgersen
af30142097 Merge pull request #2886 from ssilvert/migrate-events 
KEYCLOAK-2912 Migrate events package to new testsuite
 2016-05-26 15:01:57 +02:00
Stian Thorgersen
c5e287b7b1 Merge pull request #2885 from fernandomora/fix-base-theme-login 
KEYCLOAK-3045 Fixes displaying message on login using base theme
 2016-05-26 08:40:06 +02:00
Stian Thorgersen
c206ae13db Merge pull request #2889 from mposolda/master 
Admin events fixes and more tests
 2016-05-26 08:29:51 +02:00
mposolda
882dbc3f25 KEYCLOAK-3006 Fix admin event inconsistencies related to roles (points 1,3,4,15,16 from JIRA) 2016-05-25 23:18:01 +02:00
mposolda
022be3aee5 KEYCLOAK-3006 Fix admin event inconsistencies (points 2,5-14 from JIRA) 2016-05-25 23:17:47 +02:00
Thomas Darimont
5f73c338d8 KEYCLOAK-2947: Include group representation for GroupMembership changes in AdminEvents 
We now include the full group representation in AdminEvents
for Group Membership changes.
This enables EventListener to propagate potential role / attribute
chnages based on the removal / addition of the group.
 2016-05-25 23:17:35 +02:00
mposolda
f58936025f KEYCLOAK-3003 Support for admin events in AuthenticationManagementResource 2016-05-25 23:17:24 +02:00
Stan Silvert
1042a22cf7 KEYCLOAK-2912 Migrate events package to new testsuite 2016-05-25 15:22:17 -04:00
Fernando Mora
5148e69006 Fixes displaying message on login using base theme 
Using base theme produces an error when login page tries to display a message.
The following properties that are not defined in base theme (only in keycloak theme) are being called without default_value operator "!"

* Steps to Reproduce:
1. Set `base` theme as `Login Theme`
2. Sign out
3. Try to sign in using and invalid username/password

* Expected behaviour:
  * Message `Invalid username or password.`is shown
* Actual behavior:
  * Bank page is shown and following stackatrace in logs:
```
15:58:19,575 ERROR [freemarker.runtime] (default task-9) Error executing FreeMarker template: freemarker.core.InvalidReferenceException: The following has evaluated to null or missing:
==> properties.kcFeedbackErrorIcon  [in template "template.ftl" at line 67, column 76]

----
Tip: It's the step after the last dot that caused this error, not those before it.
----
Tip: If the failing expression is known to be legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#else>when-missing</#if>. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)??
----

----
FTL stack trace ("~" means nesting-related):
	- Failed at: ${properties.kcFeedbackErrorIcon}  [in template "template.ftl" in macro "registrationLayout" at line 67, column 74]
	- Reached through: @layout.registrationLayout displayInf...  [in template "login.ftl" at line 2, column 1]
----
	at freemarker.core.InvalidReferenceException.getInstance(InvalidReferenceException.java:131)
	at freemarker.core.EvalUtil.coerceModelToString(EvalUtil.java:355)
	at freemarker.core.Expression.evalAndCoerceToString(Expression.java:82)
	at freemarker.core.DollarVariable.accept(DollarVariable.java:41)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.MixedContent.accept(MixedContent.java:54)
	at freemarker.core.Environment.visitByHiddingParent(Environment.java:345)
	at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.MixedContent.accept(MixedContent.java:54)
	at freemarker.core.Environment.visitByHiddingParent(Environment.java:345)
	at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.MixedContent.accept(MixedContent.java:54)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.Macro$Context.runMacro(Macro.java:184)
	at freemarker.core.Environment.invoke(Environment.java:701)
	at freemarker.core.UnifiedCall.accept(UnifiedCall.java:84)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.MixedContent.accept(MixedContent.java:54)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.Environment.process(Environment.java:302)
	at freemarker.template.Template.process(Template.java:325)
	at org.keycloak.theme.FreeMarkerUtil.processTemplate(FreeMarkerUtil.java:61)
	at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createResponse(FreeMarkerLoginFormsProvider.java:314)
	at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createLogin(FreeMarkerLoginFormsProvider.java:431)
	at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidUser(AbstractUsernameFormAuthenticator.java:58)
	at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidUser(AbstractUsernameFormAuthenticator.java:87)
	at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword(AbstractUsernameFormAuthenticator.java:141)
	at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.validateForm(UsernamePasswordForm.java:56)
	at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.action(UsernamePasswordForm.java:49)
	at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:84)
	at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:75)
	at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:756)
	at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:359)
	at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:341)
	at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:386)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:88)
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
```
 2016-05-25 18:38:11 +02:00
Thomas Darimont
08320890b1 KEYCLOAK-2891: Add link to OpenID Endpoint Configuration to realm details page 
We now show a link to the OIDC Endpoints configuration in the realm
details page.
This makes it easier for users to find the OIDC endpoints.
 2016-05-25 14:26:44 +02:00
Stian Thorgersen
5ed09acd94 Merge pull request #2881 from stianst/KEYCLOAK-3034 
KEYCLOAK-3034 NullPointerException when log in via Twitter
 2016-05-25 13:44:05 +02:00
Stian Thorgersen
4728729302 Merge pull request #2882 from stianst/master 
KEYCLOAK-3029
 2016-05-25 08:56:25 +02:00
Stian Thorgersen
d016ea4116 KEYCLOAK-3029 2016-05-25 08:55:45 +02:00
Stian Thorgersen
fa3a2aafec KEYCLOAK-3034 NullPointerException when log in via Twitter 2016-05-25 08:10:55 +02:00
Stian Thorgersen
d85f9cb4e2 Merge pull request #2858 from thomasdarimont/issue/KEYCLOAK-3021-add-realm-display-name-to-otpauth-uri-label 
KEYCLOAK-3021: Add Realm Display Name to the label part of the otpauth URI
 2016-05-25 07:29:14 +02:00
Stian Thorgersen
9edec8e4a6 Merge pull request #2875 from abstractj/KEYCLOAK-3023 
OAuthRedirectUriTest.testLocalhost fails on wildfly
 2016-05-25 07:25:22 +02:00
Stian Thorgersen
f12c54387c Merge pull request #2873 from vramik/KEYCLOAK-3024 
KEYCLOAK-3024 support for smoke test - clean start domain mode
 2016-05-25 07:24:14 +02:00
Stian Thorgersen
d51a2cde2f Merge pull request #2859 from ssilvert/migrate-i18n 
KEYCLOAK-2913 Migrate i18n package to new testsuite
 2016-05-25 07:22:54 +02:00