Hendrik Ebbers
98a5c57e65
Author added
2017-06-15 13:00:24 +02:00
emilienbondu
91585f8563
Changing request matcher to attempt auth on /sso/login or Auhtorization header
...
Add default login URL.
Throwing exception if login fails to enable auth entry point
Adding a test for invalid token and bearer-only
handle redirect correctly
2017-06-14 14:41:35 +02:00
Stian Thorgersen
6cccd66162
Merge pull request #4192 from hokuda/KEYCLOAK-4980
...
KEYCLOAK-4980 SAML adapter should return 403 when unauthenticated Aja…
2017-06-09 04:40:26 +02:00
Hisanobu Okuda
9135ba7c40
KEYCLOAK-4980 SAML adapter should return 401 when unauthenticated Ajax client accesses
2017-06-08 23:36:25 +09:00
Alex Szczuczko
5d88c2b8be
KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam.
2017-06-05 16:24:38 -06:00
Pedro Igor
d69d00082f
[KEYCLOAK-4932] - Improvements to policy enforcer and better spring boot support
2017-06-01 22:55:58 -03:00
Hendrik Ebbers
4d5e03049e
provide a custom KeycloakConfigResolver instance for servlet filter.
2017-06-01 14:35:12 +02:00
Hendrik Ebbers
7d017b4edf
Easy Spring security annotation
2017-06-01 12:05:02 +02:00
Stian Thorgersen
63c237423d
Merge pull request #4098 from ahus1/KEYCLOAK-4814-disable-keycloak-spring-boot-by-configuration
...
KEYCLOAK-4814 disable keycloak spring boot by configuration
2017-05-24 07:12:05 +02:00
Stian Thorgersen
c00a64208a
Merge pull request #4136 from frelibert/KEYCLOAK-4897
...
KEYCLOAK-4897
2017-05-23 14:10:34 +02:00
Stian Thorgersen
cd53486566
Merge pull request #4167 from sebastienblanc/bug-KEYCLOAK-3492
...
Fix https://issues.jboss.org/browse/KEYCLOAK-3492
2017-05-23 13:58:19 +02:00
Stian Thorgersen
178fd08d9a
Merge pull request #4066 from johnament/KEYCLOAK-4765
...
KEYCLOAK-4765 - Add ability to disable Query Parameter parsing.
2017-05-23 13:24:08 +02:00
emilienbondu
3580dea399
Fix https://issues.jboss.org/browse/KEYCLOAK-3492
2017-05-22 10:18:22 +02:00
Pedro Igor
b68494b3f0
[KEYCLOAK-4927] - Authz client incompatible with client definition
2017-05-18 09:57:12 -03:00
Frederik Libert
71f0db0837
KEYCLOAK-4897
...
SAML Adapter fails to validate signature on encrypted assertion.
2017-05-17 15:47:04 +02:00
Marek Posolda
70d7e07526
Merge pull request #4132 from mposolda/cross-dc4-squash
...
KEYCLOAK-4626 KEYCLOAK-4627 Authentication sessions & Action tokens
2017-05-15 12:46:43 +02:00
Bill Burke
789722ec6a
Merge pull request #4137 from pedroigor/master
...
Caching improvements and checking attachments in Elytron adapter
2017-05-12 10:09:44 -04:00
Pedro Igor
aaddb035a8
Checking if attachments are supported by the underlying container
2017-05-12 10:23:37 -03:00
mposolda
168153c6e7
KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes
2017-05-11 22:16:26 +02:00
Stan Silvert
64cd689e38
KEYCLOAK-4822: Change copyright to reflect correct author.
2017-05-10 16:32:05 -04:00
Stan Silvert
2d825dd366
KEYCLOAK-4822: Update to ES6-compatible typings
2017-05-05 15:08:23 -04:00
Stian Thorgersen
e0da7ed6b4
Merge pull request #4074 from sebastienblanc/allow_headers
...
Keycloak-3297 : adding cors-exposed-headers to conf
2017-05-05 12:54:47 +02:00
Marko Strukelj
47ea1ade8a
KEYCLOAK-4037 JS Adapter fails in Cordova mode for iOS apps
2017-05-03 17:05:54 +02:00
Alexander Schwartz
5a8634e359
KEYCLOAK-4814 disable keycloak spring boot by configuration
2017-04-28 09:48:42 +02:00
sebastienblanc
dee4548798
rename the starter and spring-boot-starter
2017-04-27 15:54:44 +02:00
Stian Thorgersen
87dedb56e5
Set version to 3.2.0.CR1-SNAPSHOT
2017-04-27 14:23:03 +02:00
sebastienblanc
0781f3b33d
add shading
...
add new module containing adapters
remove conditional bean
move bundle module
2017-04-27 09:15:36 +02:00
John Ament
b37ed7145c
KEYCLOAK-4765 - Adding support for wildfly subsystem disable query parameter parsing.
2017-04-26 09:42:00 -04:00
Stian Thorgersen
7c2ea4db98
Merge pull request #4080 from hmlnarik/KEYCLOAK-2122-Config-of-AssertionConsumerServiceUrl-in-Saml-Adapter
...
KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter
2017-04-26 15:26:50 +02:00
Stian Thorgersen
eedb40bbe0
Merge pull request #4071 from stianst/KEYCLOAK-4784
...
KEYCLOAK-4784 Cannot build project with -Dproduct
2017-04-26 12:51:20 +02:00
Stian Thorgersen
c83e192a6f
KEYCLOAK-4784 Add Jetty 9.3 to product profile
2017-04-26 12:07:47 +02:00
Hynek Mlnarik
d7615d6a68
KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter
2017-04-26 11:59:37 +02:00
John Ament
1f98dc5527
KEYCLOAK-4765 - Simplified unit tests.
2017-04-25 20:38:07 -04:00
Pedro Igor
79c9078caa
[KEYCLOAK-4792] - Client credentials provider support and making easier to obtain authz client
2017-04-25 14:51:45 -03:00
emilienbondu
46bc102799
adding cors-exposed-headers to conf
...
add missing field in the BaseAdapterConfig
cleaning for PR & adding unit test
Adding property to subsystem, removing formatting changes
2017-04-25 12:02:17 +02:00
John Ament
cb7cef8858
KEYCLOAK-4765 - Add ability to disable Query Parameter parsing.
2017-04-24 14:42:03 -04:00
Stian Thorgersen
3dbd0d5063
Merge pull request #3838 from ahus1/KEYCLOAK-4208-spring-boot-adapter-roles
...
KEYCLOAK-4208 restructure spring auth config to match servlet spec
2017-04-21 15:34:09 +02:00
Stian Thorgersen
257a973995
KEYCLOAK-4503 Require init with token and refreshToken
2017-04-21 13:39:53 +02:00
Stian Thorgersen
606c385f26
Merge pull request #4057 from stianst/KEYCLOAK-4480
...
KEYCLOAK-4480 Fix re-encoding of query params in keycloak.js after re…
2017-04-21 13:37:44 +02:00
Stian Thorgersen
e6486ab1c1
KEYCLOAK-4480 Fix re-encoding of query params in keycloak.js after redirect
2017-04-21 13:29:46 +02:00
Stian Thorgersen
b45089f5f0
Merge pull request #4033 from sebastienblanc/KEYCLOAK-3818
...
KEYCLOAK-3818 : safer method to retrieve the webcontext for jetty
2017-04-21 11:20:59 +02:00
Pedro Igor
fa1b998802
Merge pull request #4050 from pedroigor/KEYCLOAK-4769
...
[KEYCLOAK-4769] - Policy enforcer path matching tests
2017-04-20 14:02:59 -03:00
Pedro Igor
70a3dd1e4a
[KEYCLOAK-4769] - Better error message when resource has no or invalid uri
2017-04-20 13:21:01 -03:00
Pedro Igor
80a80512ea
[KEYCLOAK-4769] - Policy enforcer path matching tests
2017-04-20 13:21:01 -03:00
Alexander Schwartz
4d5fd0b75e
KEYCLOAK-4208 restructure spring config to match servlet spec. updating jetty, tomcat and undertow
2017-04-20 12:52:13 +02:00
Stian Thorgersen
14b109da18
Merge pull request #4047 from stianst/KEYCLOAK-4287
...
KEYCLOAK-4287 Remove deprecated session iframe endpoint
2017-04-19 15:49:40 +02:00
Stian Thorgersen
8919015f74
KEYCLOAK-4287 Remove deprecated session iframe endpoint
2017-04-19 15:01:15 +02:00
Stian Thorgersen
c9630157e8
Merge pull request #4035 from sebastienblanc/KEYCLOAK-4486
...
KEYCLOAK-4486: add autodetect-bearer-only attribute in subsystem
2017-04-19 09:47:42 +02:00
Stian Thorgersen
e54c1d7de1
Merge pull request #4026 from mhajas/KEYCLOAK-4733
...
KEYCLOAK-4733 Replace character 160 with character 32
2017-04-18 15:21:23 +02:00
Pedro Igor
2a1a19f290
[KEYCLOAK-4751] - Send default access denied page when requests don't match any path config
2017-04-12 18:25:13 -03:00
sebastienblanc
886528dab8
add autodetect-bearer-only in subsystem
2017-04-12 16:40:19 +02:00
sebastienblanc
ea9c663ae1
try the registered beans , then the handler
2017-04-12 10:41:46 +02:00
sebastienblanc
a011f44d39
safer method to retrieve the webcontext for jetty
2017-04-11 18:53:58 +02:00
mhajas
e8bbfd9012
KEYCLOAK-4733 Replace character 160 with character 32
2017-04-07 15:30:54 +02:00
Bill Burke
3ce0c57e17
Merge pull request #3831 from Hitachi/master
...
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Stian Thorgersen
f0b44ea93b
KEYCLOAK-4717 Added extra check for data content in receive message for session iframe
2017-04-06 08:49:32 +02:00
diego0020
a82278dcbf
Verify message comes from loginIframe
...
In the current implementation a message coming from any window on the same origin may cause the refresh token to be cleared.
In my case, messages generated by a chrome extension were causing the application to logout unexpectedly. With additional condition only messages coming from the login iFrame will be processed. Another suggestion would be changing the condition `event.data != "unchanged"` to something more specific.
2017-04-04 16:32:21 -05:00
Stian Thorgersen
0180d54dd9
KEYCLOAK-4668 Exclude modules in product profile
2017-03-28 10:04:20 +02:00
Takashi Norimatsu
ef3aef9381
Merge branch 'master' into master
2017-03-28 16:21:40 +09:00
Bill Burke
e5a2642e62
Merge pull request #3978 from pedroigor/KEYCLOAK-3573
...
[KEYCLOAK-3573] - Elytron SAML and OIDC Adapters
2017-03-25 19:24:42 -04:00
Stian Thorgersen
3ce8da0126
Merge pull request #3976 from stianst/KEYCLOAK-3250-PROD-PROFILE
...
KEYCLOAK-4659 Changes to adapters for product profile
2017-03-24 15:34:35 +01:00
Pedro Igor
30d7a5b01f
[KEYCLOAK-3573] - Elytron SAML and OIDC Adapters
2017-03-24 11:32:08 -03:00
Stian Thorgersen
5d028205bf
KEYCLOAK-4659 Changes to adapters for product profile
2017-03-24 12:07:21 +01:00
Stian Thorgersen
fc009969c9
Merge pull request #3971 from ssilvert/KEYCLOAK-4396-ng2-wrapper
...
KEYCLOAK-4396: Add keycloak.d.ts for TypeScript
2017-03-23 14:12:03 +01:00
Stan Silvert
e2970fcf8a
KEYCLOAK-4396: Add keycloak.d.ts for TypeScript
2017-03-20 12:42:26 -04:00
Pedro Igor
258af94889
Delegating caching of resource instances to to path matcher
2017-03-17 09:35:19 -03:00
Pedro Igor
dabd7c0b27
[KEYCLOAK-4602] - Improving pattern matching algorithm
2017-03-17 09:34:52 -03:00
Pedro Igor
f6786e29c6
[KEYCLOAK-4602] - A runtime cache for path configurations
2017-03-17 09:34:16 -03:00
Stian Thorgersen
a87ee04024
Bump to 3.1.0.CR1-SNAPSHOT
2017-03-16 14:21:40 +01:00
Stian Thorgersen
f44405207b
Merge pull request #3828 from wildloop/master
...
verifySSL() - debug info
2017-03-15 09:55:42 +01:00
Stian Thorgersen
feeac69197
Merge pull request #3888 from daklassen/KEYCLOAK-4421
...
KEYCLOAK-4421 Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-15 09:54:21 +01:00
wildloop
80c9e23282
Update RequestAuthenticator.java
2017-03-15 09:14:48 +01:00
wildloop
366dee6575
Update RequestAuthenticator.java
2017-03-15 09:13:41 +01:00
wildloop
d723c608d6
Update RequestAuthenticator.java
2017-03-14 11:36:57 +01:00
Stian Thorgersen
a555f99b1a
Merge pull request #3937 from sebastienblanc/document_sb_properties
...
KEYCLOAK-4565 : javadoc for adapter properties and add metada generator
2017-03-14 10:19:34 +01:00
David Klassen
32d3f760ec
KEYCLOAK-4421: Change http url to https
...
Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-14 10:18:40 +01:00
sebastienblanc
68da8c23ad
KEYCLOAK-4565 : javadoc for adapter properties and add metada generator
2017-03-10 18:13:19 +01:00
Bill Burke
0ff4223184
Merge pull request #3922 from hmlnarik/KEYCLOAK-4288-SAML-logouts-are-not-invalidating-the-sessions-for-all-the-logged-in-applications
...
KEYCLOAK-4288 Invalidate sessions in cluster for SAML logouts
2017-03-09 19:13:37 -05:00
wildloop
7904ce5a37
one-line debug log
2017-03-07 16:01:13 +01:00
Rene Ploetz
e770a05db0
KEYCLOAK-4537 Jetty 9.4 implementation (OIDC/SAML)
2017-03-06 23:01:24 +01:00
Hynek Mlnarik
3a0c2be885
KEYCLOAK-4288 AS 7 / EAP 6
2017-03-01 15:17:39 +01:00
Hynek Mlnarik
04da679628
KEYCLOAK-4288 Wildfly
2017-03-01 15:17:39 +01:00
Hynek Mlnarik
43be3fc409
KEYCLOAK-4288 Use SessionListener to keep track of local HTTP-SSO session mappings
2017-03-01 15:17:39 +01:00
Hynek Mlnarik
567393a102
KEYCLOAK-4288 Fix SAML logout session for Tomcat/EAP6
...
When logging out via application (via ?GLO=true query parameter),
CatalineSamlSessionStore does not expire session, while it does that
in logging by SAML session index.
This causes distributed sessions being invalidated only on node hanling
the request, but remains active in other nodes of the cluster. Then the
session can be resurrected on next cache replication back even to the
node where the logout was performed. This behaviour is fixed here.
2017-03-01 15:17:39 +01:00
mposolda
f6bc0806d5
KEYCLOAK-4368 Switch default WebDriver impl to htmlUnit
2017-02-20 21:52:15 +01:00
Stian Thorgersen
aa59c2f95f
KEYCLOAK-4394 Use JBoss logging
2017-02-15 09:05:42 +01:00
Stian Thorgersen
e3a8bed5b2
Merge pull request #3853 from pedroigor/RHSSO-767
...
[RHSSO-767] - Wrong implementation of Request.getRelativePath causing failures on Tomcat-like adapters
2017-02-13 10:26:34 +01:00
Pedro Igor
9416ee7224
[RHSSO-767] - Wrong implementation of Request.getRelativePath causing failures on Tomcat-like adapters
2017-02-09 21:27:28 -02:00
mposolda
72a5d03f34
KEYCLOAK-4385 Added BundleBasedKeycloakConfigResolver
2017-02-06 21:24:20 +01:00
Takashi Norimatsu
fe5fe4c968
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
...
7636 - Client Side Implementation
2017-02-03 12:02:54 +09:00
Agile Developer
d60c3b7c0c
missing import
2017-02-03 00:47:41 +01:00
Agile Developer
cde3e87ad9
verifySSL() - debug info
...
DEBUG report like this:
SSL Verification:
passed: true, request is secure: true,
SSL is required for: EXTERNAL,
SSL is required for remote addr 192.168.100.123: false
2017-02-02 21:18:14 +01:00
Stian Thorgersen
9aa2dacec9
KEYCLOAK-4366 Issues when keycloak.js is initialized with token
2017-02-02 10:57:03 +01:00
Stian Thorgersen
ee62c52543
KEYCLOAK-4338 KEYCLOAK-4331 Fixes to session iframe
2017-02-02 08:12:29 +01:00
Stian Thorgersen
6f22f88d85
Bump version to 3.0.0.CR1
2017-01-26 06:18:11 +01:00
Stian Thorgersen
d1e491d57d
KEYCLOAK-4286 Add deprecated support for old keycloak.js
2017-01-25 15:59:43 +01:00
Stian Thorgersen
94ffeda62a
Merge pull request #3773 from hmlnarik/KEYCLOAK-4181-SAML-Response-without-any-assertion-leads-to-an-exception
...
KEYCLOAK-4181 Fix handling of SAML error code in broker
2017-01-24 10:33:05 +01:00
Pedro Igor
13e92cdb35
[KEYCLOAK-3261] - Properly handle apps deployed at the ROOT context
2017-01-23 21:27:43 -02:00
Slawomir Dabek
cc788cf44e
KEYCLOAK-4222 Remove slash from state parameter
2017-01-19 20:11:18 +01:00
Hynek Mlnarik
350b9550c3
KEYCLOAK-4264
2017-01-19 16:30:01 +01:00
Bill Burke
41630d6962
Merge pull request #3727 from hmlnarik/KEYCLOAK-4141
...
KEYCLOAK-4141
2017-01-12 08:49:29 -05:00
Stian Thorgersen
139e12fa5f
KEYCLOAK-4179 Fixed logic to init with token to prevent issues with timeSkew
2017-01-10 09:09:50 +01:00
Hynek Mlnarik
4df70c517d
KEYCLOAK-4141
2017-01-10 09:02:36 +01:00
Stian Thorgersen
e805ffd945
Bump version to 2.5.1.Final-SNAPSHOT
2016-12-22 08:22:18 +01:00
Stian Thorgersen
b6b3c04400
Merge pull request #3663 from sldab/autodetect-bearer-only
...
KEYCLOAK-2962 Autodetect bearer-only clients
2016-12-20 14:05:25 +01:00
Pedro Igor
18b94a2153
[KEYCLOAK-4034] - More logging.
2016-12-20 00:04:59 -02:00
Pedro Igor
0b3e867362
[KEYCLOAK-4034] - Minor changes to policy enforcer
2016-12-19 23:44:51 -02:00
Slawomir Dabek
b6d29ccd30
KEYCLOAK-2962 Autodetect bearrer-only clients
...
Suport more headers
2016-12-19 17:13:14 +01:00
Bill Burke
1c0e23db66
Merge pull request #3647 from tkyjovsk/fix-module-names
...
fixed module names
2016-12-16 08:41:01 -05:00
Hynek Mlnarik
7d51df4eed
KEYCLOAK-3971 Explicitly set encoding for SAML message processing
2016-12-15 14:04:34 +01:00
Tomas Kyjovsky
e5d744f7d5
fixed module names
2016-12-14 17:02:07 +01:00
Stian Thorgersen
c11f65720b
Merge pull request #3639 from hmlnarik/KEYCLOAK-4062-Provide-GUI-for-KeyName-format-in-identity-broker-and-client
...
KEYCLOAK-4062 - GUI changes for KeyName format + few tests
2016-12-13 11:33:16 +01:00
Hynek Mlnarik
5006fe2292
KEYCLOAK-4062 - GUI changes for KeyName format + few tests
2016-12-12 22:29:01 +01:00
mposolda
8c99a13387
Minor synchronize update
2016-12-12 13:09:19 +01:00
mhajas
081958e282
KEYCLOAK-4051 Use debug instead of debugf
2016-12-08 09:42:52 +01:00
Bill Burke
7271fdaaaa
KEYCLOAK-3509
2016-12-06 18:52:37 -05:00
Bill Burke
e3d0f8f6e5
Merge pull request #3548 from sebastienblanc/KEYCLOAK-3725
...
KEYCLOAK-3725: return Unauthorized when accessing bearer only in inte…
2016-12-03 13:46:52 -05:00
danren
87b243ed59
Fix for KEYCLOAK-3961
2016-12-02 13:30:53 +01:00
mposolda
74967737ee
KEYCLOAK-3824 Ensure sending notBefore invalidates JWKPublicKeyLocator
2016-12-01 17:07:50 +01:00
mposolda
a38544796f
KEYCLOAK-3823 KEYCLOAK-3824 Added public-key-cache-ttl for OIDC adapters. Invalidate cache when notBefore sent
2016-12-01 12:25:07 +01:00
Stian Thorgersen
c9cf7f6564
Merge pull request #3549 from RamonGebben/patch-1
...
KEYCLOAK-3993: Removed compare bug in `checkState` function
2016-12-01 07:57:29 +01:00
Stian Thorgersen
ba406d5747
Merge pull request #3332 from ebondu/master
...
fix bug https://issues.jboss.org/browse/KEYCLOAK-3474
2016-12-01 07:51:07 +01:00
Stian Thorgersen
b771b84f56
Bump to 2.5.0.Final-SNAPSHOT
2016-11-30 15:44:51 +01:00
Ramon Gebben
e5ce080fd3
Update with PR feedback
2016-11-29 09:49:58 +01:00
sebastienblanc
df93244373
keep orignal API
2016-11-26 09:30:27 +01:00
sebastienblanc
0f447fadd4
KEYCLOAK-3725: return Unauthorized when accessing bearer only in interactive mode
2016-11-25 11:59:52 +01:00
Ramon Gebben
79825dfa1d
Removed compare bug in checkState
function
2016-11-25 11:45:40 +01:00
Stian Thorgersen
6ec82865d3
Bump version to 2.4.1.Final-SNAPSHOT
2016-11-22 14:56:21 +01:00
Pedro Igor
9b2ef96b22
[KEYCLOAK-3830] - Allow to configure enforcement-mode to a path definition
2016-11-17 20:50:28 -02:00
Pedro Igor
44ee53b0d8
[KEYCLOAK-3830] - Only enforce permissions when there is a KeycloakSecurityContext.
2016-11-17 20:50:17 -02:00
Stian Thorgersen
65136fabdd
Merge pull request #3486 from hmlnarik/KEYCLOAK-3488
...
KEYCLOAK-3488 Fix typo in SamlPrincipal
2016-11-16 12:21:50 +01:00
Hynek Mlnarik
43002f7a8a
KEYCLOAK-3488 Fix typo
2016-11-09 15:11:45 +01:00
Hynek Mlnarik
025cf5ebaf
KEYCLOAK-3870 Schema for keycloak-saml.xml
...
Updated schema schema for keycloak-saml.xml (added documentation, set
up enumeration instead of free string where applicable per documentation)
and updated existing keycloak-saml.xml files with schema reference.
2016-11-09 10:45:43 +01:00
Stian Thorgersen
292777259e
Merge pull request #3472 from hmlnarik/KEYCLOAK-1881-saml-key-rotation
...
Keycloak 1881 - SAML key/cert rotation for IdP
2016-11-08 07:56:25 +01:00
Stian Thorgersen
ef48594d85
Merge pull request #3470 from sebastienblanc/KEYCLOAK-3548
...
KEYCLOAK-3548 : Send 401 when no keycloak.json for EAP6/AS7 Adapter
2016-11-08 07:37:00 +01:00
Stian Thorgersen
5b54375490
Merge pull request #3468 from sebastienblanc/KEYCLOAK-3514
...
KEYCLOAK-3514 : fix servlet logout on bearer-only client
2016-11-08 07:35:44 +01:00
Hynek Mlnarik
570d71c07b
KEYCLOAK-1881 Update client adapter configuration
...
Client adapter configuration was updated to support for customization
of HttpClient used for key retrieval similarly to OIDC. Further, it is
now possible to specify several static public keys for signature
verification in saml-client.xml.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f
KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
...
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
10deac0b06
KEYCLOAK-1881 KeyLocator implementation for SAML descriptor
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
057cc37b60
KEYCLOAK-1881 Clone OIDC adapter HttpClient tools to SAML adapter
...
and
KEYCLOAK-1881 Extract httpclient configuration from AdapterConfig
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af
KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
...
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
sebastien blanc
76c37de1e8
KEYCLOAK-3545: Send 401 if no kc configuration in EAP6/AS7
2016-11-03 15:39:02 +01:00
sebastien blanc
d98c375495
KEYCLOAK-3514 : Don't call logout for bearer-only client
2016-11-02 11:39:37 +01:00
Pedro Igor
44977207e3
Merge pull request #3402 from brewers/feature/js-entitlement-request
...
KEYCLOAK-3777: Add client api for requesting entitlements with permission requests
2016-11-02 07:15:02 -02:00
Stian Thorgersen
3ea555bae6
Merge pull request #3443 from stianst/KEYCLOAK-3606
...
KEYCLOAK-3606
2016-10-28 11:51:21 +02:00
Stian Thorgersen
5f58c96258
KEYCLOAK-3606
...
keycloak.js calls localStorage.key(localStorage.length) indirectly
2016-10-28 10:05:57 +02:00
Stian Thorgersen
4cc44bc174
Merge pull request #3420 from bdalenoord/master
...
KEYCLOAK-3807: Calling 'setHandler' is forbidden
2016-10-28 06:45:47 +02:00
Stian Thorgersen
3e5f490882
Merge pull request #3424 from sebastienblanc/KEYCLOAK-3669
...
KEYCLOAK-3669: Fix Tomcat Adapter for 8.5.5
2016-10-28 06:45:01 +02:00
sebastien blanc
621d234adc
renaming fields to align with json names
2016-10-27 16:16:30 +02:00
sebastien blanc
1c2f49ab4e
KEYCLOAK-3669: Fix Tomcat Adapter for 8.5.5
2016-10-25 16:27:41 +02:00