Commit graph

590 commits

Author SHA1 Message Date
Stan Silvert
574fd42534 KEYCLOAK-5681: Upgrade AngularJS for Admin Console (#4571) 2017-10-23 12:03:46 -04:00
Stan Silvert
9083e5fe5c KEYCLOAK-5298: Enable autoescaping in Freemarker (#4561)
* KEYCLOAK-5298: Enable autoescaping in Freemarker

* Fix several of the failing tests.

* Fix broken tests in integration-deprecated

* Fix last failing test.
2017-10-23 12:03:00 -04:00
Stian Thorgersen
9b75b603e3 KEYCLOAK-5234 (#4585) 2017-10-23 16:13:22 +02:00
Bill Burke
8faa6f1f4d KEYCLOAK-5701 2017-10-18 18:20:50 -04:00
Bill Burke
0fb99a0098 Merge pull request #4569 from patriot1burke/master
KEYCLOAK-4328
2017-10-18 10:49:52 -04:00
Bill Burke
649bca7618 KEYCLOAK-4328 2017-10-18 09:37:17 -04:00
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
Cédric Couralet
656fc5d7c0 KEYCLOAK-4052 - add an option to validate Password Policy for ldap user storage 2017-10-13 13:54:50 +02:00
Gaetan Collaud
06ad4caa1b KEYCLOAK-5505 put tabindex in login page 2017-10-10 16:56:03 +02:00
Stan Silvert
9131e7e73c KEYCLOAK-4248: Remove revocation tab for SAML clients. 2017-10-04 14:03:39 -04:00
Herbert Mühlburger
f0f7321c38 Fix spelling error in admin message properties (#4525)
* fix spelling error in admin message properties

* fix typo in admin messages
2017-10-03 20:58:17 +02:00
Bill Burke
817d6cc8c7 minor ui fix 2017-10-02 11:02:19 -04:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens.
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b Merge pull request #4209 from guitaro/feature/group-search-and-pagination
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Bill Burke
3020a04a8b Merge pull request #4490 from Fiercely/master
Keycloak 2035
2017-09-22 16:13:22 -04:00
Thomas Darimont
236b2b9273 KEYCLOAK-3599 Add Script based OIDC ProtocolMapper 2017-09-22 21:24:20 +02:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Stan Silvert
7124d93a24 Merge pull request #4487 from ssilvert/kc1250-big-commit
KEYCLOAK-5502: Fix install of node and yarn for account2 profile.
2017-09-19 10:39:38 -04:00
Stan Silvert
9d66d55ac1 KEYCLOAK-5502: Fix install of node and yarn for account2 profile. 2017-09-19 09:53:22 -04:00
Stan Silvert
657c68475d Merge pull request #4486 from ssilvert/kc1250-big-commit
KEYCLOAK-1250: Initial commit for new account mgt.
2017-09-18 16:51:18 -04:00
Stan Silvert
c8a4fc2c57 KEYCLOAK-1250: Initial commit for new account mgt. 2017-09-18 15:32:43 -04:00
Bill Burke
3e6adbc904 KEYCLOAK-5490 (#4477) 2017-09-15 11:36:48 +02:00
Stian Thorgersen
ee35673615 KEYCLOAK-1250 Profile and console loader for new account management console 2017-09-14 19:53:02 +02:00
Levente NAGY
d18aa44fb4 Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination 2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7 KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache 2017-09-13 16:45:45 +02:00
Stan Silvert
56e0a52197 Merge pull request #4436 from tuxetuxe/master
Do not show empty page size selectors in events lists
2017-09-13 10:22:56 -04:00
Léventé NAGY
503ce3a47f Merge branch 'master' into feature/group-search-and-pagination 2017-09-13 10:27:38 +02:00
Petter Lysne
7f8b5e032a feat: added PayPal IDP (#4449) 2017-09-12 11:57:59 +02:00
Levente NAGY
db56d82dbd KEYCLOAK 2538 - UI group pagination - fix duplicate result for search + sort result 2017-09-12 11:45:37 +02:00
Levente NAGY
2c24b39268 KEYCLOAK 2538 - UI group pagination 2017-09-07 19:39:06 +02:00
Stan Silvert
1fb8846a7a KEYCLOAK-5391: Add node_modules back to repository for commons theme (#4457) 2017-09-05 14:27:19 -04:00
Stian Thorgersen
dcfa4aca8c KEYCLOAK-943 Started account rest service. Profile and sessions completed. (#4439) 2017-08-29 20:12:09 +02:00
Luis Santos
944332a84a Do not show empty page size selectors in events lists 2017-08-29 11:30:53 +03:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Pedro Igor
36c5490250 Merge pull request #4426 from pedroigor/master
[KEYCLOAK-5323] - Fixing filter when searching/selecting clients
2017-08-25 17:07:38 -03:00
Pedro Igor
9a7d56097a [KEYCLOAK-5323] - Fixing filter when searching/selecting clients 2017-08-25 14:06:28 -03:00
Stian Thorgersen
d58c6ad4e0 [KEYCLOAK-4900] Pass login_hint parameter to idp & review (#4421) 2017-08-25 10:14:38 +02:00
Bill Burke
6696c44dc0 Merge remote-tracking branch 'upstream/master' 2017-08-24 15:19:48 -04:00
Bill Burke
7a57723c01 more token exchange 2017-08-24 15:19:38 -04:00
Pedro Igor
16305418f0 [KEYCLOAK-4915] - Unable to update resource permission without changing applied policies 2017-08-23 15:13:24 -03:00
Stan Silvert
245f6c0c84 KEYCLOAK-5232: 'undefined' in allowed protocol mappers field (#4398) 2017-08-23 09:56:28 -04:00
Stan Silvert
010dd5709c KEYCLOAK-5286: js error on save in client/mappers/details screen (#4409) 2017-08-23 09:55:49 -04:00
Stan Silvert
eb5a5023c6 KEYCLOAK-5266: Component numberOfPages in clients view is missing (#4411) 2017-08-23 09:55:19 -04:00
Edwin de Jong
5f97f23c12 KEYCLOAK-5307 Dutch locale (#4340)
- Thanks to Jacob van Lingen to provide the initial translation for
login messages
2017-08-17 11:26:41 +02:00
Stian Thorgersen
31f82243fc KEYCLOAK-5281 (#4390) 2017-08-17 08:47:25 +02:00
Bill Burke
45eac1093d show permissions 2017-08-09 10:39:59 -04:00
Bill Burke
ed5e880931 Merge remote-tracking branch 'upstream/master' 2017-08-07 12:02:50 -04:00
Bill Burke
c9b7504e3f KEYCLOAK-5190 2017-08-07 12:02:18 -04:00
Bill Burke
3fce14d9ce Merge pull request #4369 from patriot1burke/master
KEYCLOAK-5249
2017-08-03 09:57:55 -04:00
Bill Burke
5423e0534b Merge pull request #4330 from stoffus/master
Swedish translation fixes
2017-08-02 19:49:03 -04:00