Commit graph

2801 commits

Author SHA1 Message Date
Stan Silvert
6c79bdee41 KEYCLOAK-10854: App initiated actions phase I 2019-07-26 14:56:29 -03:00
mhajas
57a8fcb669 KEYCLOAK-10776 Add session expiration to Keycloak saml login response 2019-07-24 13:35:07 +02:00
Pedro Igor
5f5cb6cb7b [KEYCLOAK-10808] - Do not show authorization tab when client is not confidential 2019-07-15 10:07:31 -03:00
rmartinc
1d2d6591b2 KEYCLOAK-10826: Provide the locale name in the LocaleBean to be used in themes 2019-07-13 07:18:40 +02:00
rmartinc
6d6db1f3e5 KEYCLOAK-10345: OCSP validation fails if there is no intermediate CA in the client certificate 2019-07-12 15:16:00 +02:00
Takashi Norimatsu
2e850b6d4a KEYCLOAK-10747 Explicit Proof Key for Code Exchange Activation Settings 2019-07-12 08:33:20 +02:00
Martin Kanis
efdf0f1bd8 KEYCLOAK-6839 You took too long to login after SSO idle 2019-07-10 10:15:26 +02:00
Kohei Tamura
55a6141bff KEYCLOAK-10783 Fix internal server error when logging out after sharing my resource 2019-07-09 09:06:58 -03:00
mposolda
5f9feee3f8 KEYCLOAK-9846 Verifying signatures on CRL during X509 authentication 2019-07-08 20:20:38 +02:00
Tomasz Prętki
0376e7241a KEYCLOAK-10251 New Claim JSON Type - JSON 2019-07-08 11:59:57 +02:00
Sven-Torben Janus
c883c11e7e KEYCLOAK-10158 Use PEM cert as X.509 user identity
Allows to use the full PEM encoded X.509 certificate from client cert
authentication as a user identity. Also allows to validate that user's
identity against LDAP in PEM (String and binary format). In addition,
a new custom attribute mapper allows to validate against LDAP when
certificate is stored in DER format (binay, Octet-String).

KEYCLOAK-10158 Allow lookup of certs in binary adn DER format from LDAP
2019-07-08 11:58:26 +02:00
Hynek Mlnarik
ca4e14fbfa KEYCLOAK-7852 Use original NameId value in logout requests 2019-07-04 19:30:21 +02:00
Sebastian Laskawiec
b5d8f70cc7 KEYCLOAK-8224 Client not found error message 2019-07-03 18:34:56 +02:00
Asier Aguado
bed22b9b8d [KEYCLOAK-10710] Make social providers compatible with OIDC UsernameTemplateMappers 2019-07-03 15:01:46 +02:00
rmartinc
bd5dec1830 KEYCLOAK-10112: Issues in loading offline session in a cluster environment during startup 2019-07-03 13:17:45 +02:00
Axel Messinese
b32d52e62b KEYCLOAK-10750 Check if role exist on get user/group in role endpoint 2019-07-03 08:46:36 +02:00
Pedro Igor
0cdd23763c [KEYCLOAK-10443] - Define a global decision strategy for resource servers 2019-07-02 09:14:37 -03:00
Jeroen ter Voorde
7518692c0d [KEYCLOAK-10419] Added briefRepresentation parameter support to the admin client interface
And added a aquillian test for it.
2019-06-21 11:31:01 +02:00
Jeroen ter Voorde
a2099cff39 [KEYCLOAK-10419] Added support for briefRepresentation param on the GroupResource members endpoint. 2019-06-21 11:31:01 +02:00
k-tamura
542333a0dd KEYCLOAK-10660 Fix internal server error when re-logging in from my resources page 2019-06-18 06:18:36 -03:00
Hisanobu Okuda
1ac51611d3 KEYCLOAK-10664 correct the error message when no SAML request provided 2019-06-18 08:47:35 +02:00
Pedro Igor
fdc0943a92 [KEYCLOAK-8060] - My Resources REST API 2019-06-11 14:23:26 -03:00
Pedro Igor
61eb94c674 [KEYCLOAK-8915] - Support resource type in authorization requests 2019-06-04 21:02:54 -03:00
Stefan Guilhen
40ec46b79b [KEYCLOAK-8043] Allow prompt=none query parameter to be propagated to default IdP 2019-05-29 09:22:46 +02:00
Pedro Igor
e9ea1f0e36 [KEYCLOAK-10279] - Do not limit results when fetching resources 2019-05-28 15:35:29 -03:00
Ian Duffy
de0ee474dd Review feedback 2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4 [KEYCLOAK-10230] Support for LDAP with Start TLS
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
2019-05-27 21:30:01 +02:00
vramik
d64f716a20 KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title 2019-05-20 09:51:04 +02:00
Sebastian Loesch
76a6e82173 Fix log message
Single quotes need to be represented by double single quotes throughout a String.
See: https://docs.oracle.com/javase/7/docs/api/java/text/MessageFormat.html
2019-05-15 15:33:43 +02:00
Kohei Tamura
8bee7ec542 KEYCLOAK-9983 - Fix the P3P header corruption in Japanese and Turkish (#6006) 2019-05-15 15:23:45 +02:00
Tomohiro Nagai
d593ac3e6f KEYCLOAK-9711 REQUIRED authentictor in ALTERNATIVE subflow throws AuthenticationFlowException when the authentictor returns ATTEMPTED. 2019-05-15 12:45:50 +02:00
Hynek Mlnarik
b8aa1916d8 KEYCLOAK-10195 Fix role lookup to address roles with dots 2019-05-14 13:00:04 +02:00
Kohei Tamura
43bda455bc KEYCLOAK-10106 - Fix typos in default scripts (#6010) 2019-05-07 10:20:04 +02:00
Stefan Guilhen
f1acdc000e [KEYCLOAK-10168] Handle microprofile-jwt client scope migration 2019-05-06 15:14:27 -03:00
Jan Lieskovsky
9eb400262f KEYCLOAK-6055 Include X.509 certificate data in audit logs
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2019-04-30 11:31:04 +02:00
Sebastian Loesch
96250c9685 [KEYCLOAK-9573] Allow AdminEvents for custom resource types 2019-04-26 09:57:28 +01:00
Hynek Mlnarik
65326ce16a KEYCLOAK-9629 Update cookie type 2019-04-24 07:18:41 +01:00
Sebastian Loesch
43393220bf Add X.509 authenticator option for canonical DN
Because the current distinguished name determination is security provider
dependent, a new authenticator option is added to use the canonical format
of the distinguished name, as descriped in
javax.security.auth.x500.X500Principal.getName(String format).
2019-04-23 21:04:18 +02:00
Bekh-Ivanov George
ebcfeb20a3 [KEYCLOAK-10020] - Add ability to request user-managed (ticket) permissions by name 2019-04-12 08:44:57 -03:00
Takashi Norimatsu
9b3e297cd0 KEYCLOAK-9756 PS256 algorithm support for token signing and validation 2019-04-09 20:52:02 +02:00
Francesco Degrassi
1bf19ada7e KEYCLOAK-9825: keep existing refresh token on token exchange requiring refresh if new one not provided in response 2019-04-09 15:21:56 -03:00
Francesco Degrassi
5b78063dce KEYCLOAK-6614: Support requesting refresh tokens from Google using access_type=offline 2019-04-08 15:06:03 -03:00
Stefan Guilhen
2fa2437555 KEYCLOAK-5613 Add built-in optional client scope for MicroProfile-JWT 2019-04-02 08:40:19 -03:00
Hisanobu Okuda
b44c86bd26 KEYCLOAK-9833 Large SSO Session Idle/SSO Session Max causes login failure 2019-03-27 11:42:40 +01:00
vramik
b7c5ca8b38 KEYCLOAK-8535 Inconsistent SAML Logout endpoint handling 2019-03-22 14:09:31 +01:00
Pedro Igor
d2275ca563 [KEYCLOAK-7939] - Startup logs warning instead of error when admin user already exists 2019-03-21 11:44:17 -03:00
mposolda
db271f7150 KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-20 15:00:44 +01:00
Hynek Mlnarik
25c07f78bc KEYCLOAK-9578 Fix typo in SAML attribute name format 2019-03-19 11:45:38 +01:00
Hynek Mlnarik
1c906c834b KEYCLOAK-3373 Remove SAML IdP descriptor from client installation and publicize it in realm endpoint instead 2019-03-19 11:37:15 +01:00
fisache
a868b8b22a [KEYCLOAK-9772] Permissions are duplicated
- when resource server is current user
2019-03-18 16:37:54 -03:00
stianst
8d42c9193b KEYCLOAK-9838 Trim username in admin welcome page 2019-03-18 09:20:38 +01:00
vramik
3cc405b1c5 KEYCLOAK-8542 Remove resteasy workaround - KeycloakStringEntityFilter 2019-03-16 13:53:54 +01:00
mposolda
a48698caa3 KEYCLOAK-6056 Map user by Subject Alternative Name (otherName) when authenticating user with X509 2019-03-15 23:11:47 +01:00
Yaser Abouelenein
404ac1d050 KEYCLOAK-8701 changes needed to include x5c property in jwks 2019-03-15 06:01:15 +01:00
Axel Messinese
e18fb56389 KEYCLOAK-4978 Add endpoint to get groups by role 2019-03-15 06:00:17 +01:00
Corey McGregor
be77fd9459 KEYCLOAK-2339 Adding impersonator details to user session notes and supporting built-in protocol mappers. 2019-03-08 09:14:42 +01:00
rmartinc
231db059b2 KEYCLOAK-8996: Provide a way to set a responder certificate in OCSP/X509 Authenticator 2019-03-07 07:57:20 +01:00
Gilles
f295a2e303 [KEYCLOAK-3723] Fixed updated of protocol mappers within client updates in clients-registrations resource 2019-03-04 11:57:59 +01:00
vramik
5d205d16e8 KEYCLOAK-9167 Using kcadm to update an identity-provider instance via a json file does not work without an "internalId" present in the json 2019-02-27 14:56:36 +01:00
Stan Silvert
fe5966d224 KEYCLOAK-8602: PatternFly 4 integration 2019-02-25 08:26:54 -03:00
Simon Neaves
b5fbc04e5e KEYCLOAK-9376 Add "aud" to DEFAULT_CLAIMS_SUPPORTED
See https://issues.jboss.org/browse/KEYCLOAK-9376?_sscc=t
2019-02-25 10:21:49 +01:00
Pedro Igor
99f8e5f808 [KEYCLOAK-9489] - Fixing fine-grained permission functionality 2019-02-22 09:22:14 -03:00
Steven Aerts
d36cb27bd9 KEYCLOAK-9526 admin console auth-url with hostname SPI 2019-02-21 11:55:11 +01:00
Guilhem Lucas
b666756b8f KEYCLOAK-9320 Make theme properties available in email templates 2019-02-21 11:19:17 +01:00
Pedro Igor
34d8974e7f [KEYCLOAK-9489] - User not able to log in to admin console when using query-* roles 2019-02-20 18:09:36 +01:00
Hynek Mlnarik
52840533c9 KEYCLOAK-9111 Fix for unhandled exception 2019-02-13 15:49:49 +01:00
Hynek Mlnarik
37e6b6ffc6 KEYCLOAK-9113 Add support for inspecting log messages for uncaught errors 2019-02-13 15:49:49 +01:00
Pedro Igor
382f6b0c2c [KEYCLOAK-9185] - Update LinkedIn broker to LinkedIn API v2 2019-01-09 15:29:40 +01:00
Hynek Mlnarik
ca76f943c1 KEYCLOAK-9190 Update GoogleIdentityProvider endpoints
per https://accounts.google.com/.well-known/openid-configuration
2019-01-03 14:32:57 +01:00
stianst
07ccbdc3db KEYCLOAK-9182 2019-01-03 14:28:35 +01:00
Hynek Mlnarik
2e52093ac5 KEYCLOAK-9123 Fix content-type check 2018-12-19 10:43:33 +01:00
mposolda
061693a8c9 KEYCLOAK-9089 IllegalArgumentException when trying to use ES256 as OIDC access token signature 2018-12-14 21:01:03 +01:00
mposolda
1237986fd0 KEYCLOAK-8838 Incorrect resource_access in accessToken when clientId contains dots 2018-12-13 10:31:27 +01:00
rmartinc
3c44e6c377 KEYCLOAK-9068: IDP-initiated-flow is not working with REDIRECT binding 2018-12-13 06:28:38 -02:00
mposolda
c51c492996 KEYCLOAK-9050 Change LoginProtocol.authenticated to read most of the values from authenticationSession 2018-12-12 13:30:03 +01:00
Stan Silvert
3ed77825a2 KEYCLOAK-8495: Account REST Svc doesn't require acct roles 2018-12-12 12:07:29 +01:00
mposolda
a7f57c7e23 KEYCLOAK-9021 2018-12-12 07:09:14 +01:00
mposolda
10eb13854e KEYCLOAK-9028 Fix another NPE in Cors debug logging 2018-12-11 21:24:32 +01:00
Hynek Mlnarik
cea9e877ad KEYCLOAK-9036 Fix NPE 2018-12-11 15:35:19 +01:00
MICHEL Arnault (UA 2118)
3f13df81ab [KEYCLOAK-8580] Fixes and log improvements :
- fix  buildChain method (return value)
- method setJVMDebuggingForCertPathBuilder removed as it doesn't output anything in server.log
- Performance : don't reload truststore on each authentication request
- Don't generate stacktrace while detecting intermediate CA's
- review log levels and messages : no log if
- log if truststore is not properly configured in standalone[-ha].xml
2018-12-10 13:58:58 +01:00
Hynek Mlnarik
dad12635f6 KEYCLOAK-9014 Fix displayed applications 2018-12-10 09:59:46 +01:00
Pedro Igor
0c39eda8d2 [KECLOAK-8237] - Openshift Client Storage 2018-12-06 10:57:53 -02:00
Hynek Mlnarik
27f145969f KEYCLOAK-7936 Prevent registration of the same node
The root cause is that NodesRegistrationManagement.tryRegister can be
called from multiple threads on the same node, so it can require
registration of the same node multiple times. Hence once it turns to
tasks that invoke sendRegistrationEvent (called sequentially), the same
check has been added to that method to prevent multiple invocations on
server side, or invocation upon undeployment/termination.
2018-12-05 12:34:17 +01:00
Pedro Igor
e798c3bca2 [KEYCLOAK-8901] - Identity Provider : UserInfo response as JWT Token not supported 2018-12-05 09:28:12 -02:00
Pedro Igor
4355c89b9d [KEYCLOAK-7365] - No need to check roles when refreshing tokens 2018-11-29 08:51:25 -02:00
rmartinc
1b37394276 KEYCLOAK-7242: LDAPS not working with truststore SPI and connection timeout 2018-11-29 11:21:46 +01:00
mposolda
6db1f60e27 KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs 2018-11-21 21:51:32 +01:00
Cédric Couralet
dc06a8cee3 Fix KEYCLOAK-8832 (#5735)
Avoid NullPointerException when browser sends "Origin" header and
allowedOrigin is null. This happens on chrome with admin console
2018-11-19 17:53:05 +01:00
Stian Thorgersen
f3bf1456ab
KEYCLOAK-8781 Mark OpenShift integration as preview. Fix issue in Profile where preview features was not enabled in preview mode. (#5738) 2018-11-19 17:32:21 +01:00
Hynek Mlnarik
548950ed8e KEYCLOAK-8756 Consider also required actions of AuthenticationSession 2018-11-19 16:04:43 +01:00
Marek Posolda
f67d6f9660 KEYCLOAK-8482 Access token should never contain azp as an audience (#5719) 2018-11-19 14:38:41 +01:00
Stian Thorgersen
3756cf629b
KEYCLOAK-7081 Fixes for manual/qr mode switches on login config otp page (#5717) 2018-11-19 14:32:28 +01:00
Takashi Norimatsu
0793234c19 KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603)
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

also support client signed signature verification by refactored token
verification mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

incorporate feedbacks and refactor client public key loading mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

unsigned request object not allowed

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

revert to re-support "none"
2018-11-19 14:28:32 +01:00
Hynek Mlnarik
461dae20de KEYCLOAK-8731 Ensure password history is kept in line with password policy 2018-11-19 12:48:51 +01:00
mposolda
0533782d90 KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB 2018-11-16 14:23:28 +01:00
Stan Silvert
0b36020bf5 KEYCLOAK-8759: Wrong RH-SSO name on Welcome Page 2018-11-15 13:00:55 -05:00
Leon Graser
85f11873c3 KEYCLOAK-8613 Group Membership Pagination 2018-11-15 17:54:07 +01:00
Gideon Caranzo
39bf08e1b9 KEYCLOAK-8783 also checked admin roles when realm admin client is specified 2018-11-15 14:23:18 +01:00
Gideon Caranzo
9f88abb022 KEYCLOAK-8783 only checked master and realm admin roles when roles are specified in imported realm 2018-11-15 14:23:18 +01:00
Thomas Darimont
cf57a1bc4b KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.

SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.

Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
Pedro Igor
f5ae76d8e3 [KEYCLOAK-8768] - Policy evaluation tool failing when client is used and identity.getId is called 2018-11-14 19:16:41 -02:00
Hynek Mlnarik
c3778e66db KEYCLOAK-8260 Improve SAML conditions handling 2018-11-14 20:09:22 +01:00
Martin Kanis
6a23eb19f5 KEYCLOAK-8166 2018-11-14 20:09:22 +01:00
Martin Kanis
72b23c1357 KEYCLOAK-8160 2018-11-14 20:09:22 +01:00
Martin Kanis
0cb6053699 KEYCLOAK-8125 2018-11-14 20:09:22 +01:00
vramik
6564cebc0f KEYCLOAK-7707 2018-11-14 20:09:22 +01:00
Bruno Oliveira da Silva
a957e118e6 Redirect URLs are not normalized 2018-11-14 20:09:22 +01:00
mposolda
0897d969b1 KEYCLOAK-7340 2018-11-14 20:09:22 +01:00
mposolda
1b5a83c4f1 KEYCLOAK-6980 Check if client_assertion was already used during signed JWT client authentication 2018-11-14 20:09:22 +01:00
Pedro Igor
cd96d6cc35 [KEYCLOAK-8694] - Mark Drools policy as tech preview 2018-11-09 11:08:49 -02:00
Pedro Igor
bce2aee144 [KEYCLOAK-8646] - Error deleting policies when admin events are enabled 2018-11-06 11:27:32 -02:00
rmartinc
cbe59f03b7 KEYCLOAK-8708: Provide aggregation of group attributes for mappers 2018-11-06 13:42:38 +01:00
Torbjørn Skyberg Knutsen
36b0d8b80e KEYCLOAK-7166 Added the possibility of not logging out of remote idp on browser logout, by passing a query param containing the id of the identity provider 2018-11-06 13:39:19 +01:00
Pedro Igor
327991bd73 [KEYCLOAK-8716] - Issue with caching resolved roles in KeycloakSession 2018-11-06 10:27:04 -02:00
mposolda
ffcd8e09e7 KEYCLOAK-8175 Possibility of clientScope not being used if user doesn't have a role 2018-10-31 18:04:41 +01:00
mposolda
cfeb56e18a KEYCLOAK-8641 Remove aud from the authorization tickets 2018-10-31 13:31:26 +01:00
mposolda
9652748ba9 KEYCLOAK-8484 Remove audience client scope template 2018-10-31 11:11:02 +01:00
Pedro Igor
f6943296c7 [KEYCLOAK-8489] - RPT request: Authorized Party's protocol mappers are being applied instead of the Audience's ones 2018-10-26 09:40:32 -03:00
Graser Leon
9ef4c7fffd KEYCLOAK-8377 Role Attributes 2018-10-24 22:04:28 +02:00
Pedro Igor
2af9d002b6 [KEYCLOAK-8172] - Evaluation not considering scopes inherited from parent resources 2018-10-24 12:50:27 -03:00
Pedro Igor
a2b13715ed [KEYCLOAK-8625] - Saving client settings will cause always adding default authorization settings 2018-10-24 10:18:04 -03:00
mposolda
c36b577566 KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken 2018-10-23 13:52:09 +02:00
Gideon Caranzo
7d85ce93bb KEYCLOAK-8555 queried only realms with user storage provider to speed up user storage sync bootstrap 2018-10-19 09:53:58 +02:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
MICHEL Arnault (UA 2118)
ab8789739f [KEYCLOAK-8580] Add Nginx certificate lookup provider 2018-10-16 07:53:18 +02:00
stianst
5f0424fb11 KEYCLOAK-8310 Change scheme option to alwaysHttps option 2018-10-15 14:00:00 +02:00
Stefan Guilhen
68a54abb09 KEYCLOAK-6757 Update MicrosoftIdentityProvider to use the Microsoft Graph endpoints 2018-10-15 12:46:15 +02:00
stianst
11374a2707 KEYCLOAK-8556 Improvements to profile 2018-10-12 12:26:37 +02:00
Gideon Caranzo
0e8d79bbfb KEYCLOAK-8554 checked if master realm exist instead of number of realms for new installation check 2018-10-12 09:43:41 +02:00
stianst
aaa33ad883 KEYCLOAK-8509 Improvements to session iframe 2018-10-10 21:01:05 +02:00
rmartinc
0a6f43c1a1 KEYCLOAK-8490: Direct grants returns invalid credentials when user has pending actions 2018-10-10 20:18:20 +02:00
Toni Ristola
22d64368a6 KEYCLOAK-8191 Fixed DI that was not working 2018-10-09 08:22:43 -03:00
Pedro Igor
79ca722b49 [KEYCLOAK-7605] - Make sure Evaluation API is read-only 2018-10-09 08:09:29 -03:00
Moritz Becker
f17b5f0f49 fix KEYCLOAK-7572 consistently perform duplicate user checks during account update only if email changes
Fix test
2018-10-05 09:35:05 +02:00
stianst
86a2f28561 KEYCLOAK-8310 Add support to set fixed scheme on fixed hostname provider 2018-10-05 09:34:17 +02:00
gbtec-igormartens
c41bcddd8d Update UserResource.java
In my opinion, the old documentation does not match the actual behaviour of the resetPassword method.
2018-10-04 12:54:49 +02:00
mposolda
2a4cee6044 KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers 2018-10-04 12:00:38 +02:00
Stan Silvert
dba513c921 KEYCLOAK-8419: Make most act mgt APIs only active in preview mode 2018-10-02 16:32:56 -04:00
Pedro Igor
b4b3527df7 [KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups 2018-10-02 15:44:23 -03:00
mposolda
4b9b189016 KEYCLOAK-8008 Ensure InputStream are closed 2018-10-01 16:06:32 +02:00
Martin Kanis
efe6a38648 KEYCLOAK-6718 Auth Flow does not Check Client Protocol 2018-09-26 21:00:02 +02:00
Pedro Igor
43f5983613 [KEYCLOAK-8289] - Remove authorization services from product preview profile 2018-09-26 18:27:27 +02:00
mposolda
3777dc45d0 KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch 2018-09-21 11:17:05 +02:00
Douglas Palmer
b748e269ec [KEYCLOAK-7435] Added code to delete a specific session and tests for session deletion 2018-09-20 15:57:58 +02:00
Pedro Igor
6b0bc0b3be [KEYCLOAK-8308] - Deprecate token_introspection_endpoint claim from OIDC discovery document 2018-09-19 09:46:50 -03:00
Rafael Weingärtner
3dd6f9cb85 Enable "DockerComposeYamlInstallationProviderTest" to run on Windows 2018-09-19 11:22:57 +02:00
Pedro Igor
aaf78297c9 [KEYCLOAK-7987] - Can't set authorization enabled when using kcreg 2018-09-18 10:00:16 -03:00
mposolda
99a16dcc1f KEYCLOAK-6638 Support for adding audiences to tokens 2018-09-13 21:40:16 +02:00
slominskir
c4a651bcac KEYCLOAK-7270 - Support for automatically linking brokered identities 2018-09-12 18:50:35 +02:00
Johannes Knutsen
d4a5c81034 KEYCLOAK-8146: Extract LocaleSelectorSPI to allow custom overrides of locale selection 2018-09-11 20:35:48 +02:00