Phillip Schichtel
f754b34c0c
KEYCLOAK-13633 Generalize GenericPrincipalFactory to PrincipleFactory
...
This allows to replace java.security.acl.Group usage only where necessary while keeping legacy adapter unchanged.
Signed-off-by: Phillip Schichtel <phillip@schich.tel>
2021-03-22 15:40:51 +01:00
Andrew Elwell
c76ca4ad13
Correct "doesn't exists" typos - fixes KEYCLOAK-14986 ( #7316 )
...
* Correct "doesn't exists" typos
* Revert changes to imported package
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2021-03-16 11:52:36 +01:00
Hynek Mlnarik
acfea8ecd2
KEYCLOAK-4250 Include certificates without name for validation
...
Nameless certificates are now included for signature validation
in the SAML adapter when the certificate is downloaded from
metadataUrl.
2021-01-15 22:03:16 +01:00
keycloak-bot
75be33ccad
Set version to 13.0.0-SNAPSHOT
2020-12-16 17:31:55 +01:00
Miquel Simon
53dfa7c56b
KEYCLOAK-14109. Added profiles for Spring 2.3 version.
...
KEYCLOAK-14737. Updated Jetty version to 9.4.29, as required per Spring 2.3.
2020-11-13 12:09:22 -03:00
Hynek Mlnarik
4541a1b250
KEYCLOAK-15907 Fix new host in SAML adapter cannot restore session
2020-10-12 13:23:03 +02:00
testn
269a72d672
KEYCLOAK-15184: Use static inner class where possible
2020-10-09 23:37:08 +02:00
testn
2cd03569d6
KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader
2020-09-21 13:05:03 +02:00
Luca Leonardo Scorcia
da6530471b
KEYCLOAK-14742 SAML2NameIDPolicyBuilder: add AllowCreate and SPNameQualifier properties
2020-07-25 10:16:57 +02:00
keycloak-bot
afff0a5109
Set version to 12.0.0-SNAPSHOT
2020-07-22 14:36:15 +02:00
Jan Lieskovsky
969b09f530
[KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final"
...
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-07-20 22:15:08 +02:00
Stefan Guilhen
76717134ba
[KEYCLOAK-12998] Prevent duplicate resources from being added to the keycloak-saml subsystem
...
- Fixes an issue in parser where the closing tag of the IDP element was in the wrong place, which could break the server configuration
- Parser now checks for duplicates of elements described with maxOccurs=1 in the schema
- Add handler for SP and IDP now check for existing SPs or IDPs in the config, preventing addition of a duplicate resource via CLI
- Subsystem test was enhanced so it now tests some invalid configs with duplicate elements
2020-06-23 20:03:36 +02:00
mhajas
5d1d75db40
KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration
2020-06-15 14:45:57 +02:00
Hynek Mlnarik
32f13016fa
KEYCLOAK-12874 Align Destination field existence check with spec
2020-05-04 09:19:44 +02:00
keycloak-bot
ae20b7d3cd
Set version to 11.0.0-SNAPSHOT
2020-04-29 12:57:55 +02:00
Stefan Guilhen
fd9c4e9228
[KEYCLOAK-12097] Fix NPE when trying to obtain the cache container name from jboss-web.xml
...
- check if the cache name as configured in jboss-web.xml is composite - i.e. has a 'parent.child' structure
2020-04-27 10:13:25 +02:00
keycloak-bot
33314ae3ca
Set version to 10.0.0-SNAPSHOT
2020-04-21 09:19:32 +02:00
keycloak-bot
f6a592b15a
Set version to 9.0.4-SNAPSHOT
2020-03-24 08:31:18 +01:00
Hynek Mlnarik
0cf0955318
KEYCLOAK-13181 Fix NPE in EAP 6 adapter
2020-03-04 10:19:43 +01:00
keycloak-bot
d352d3fa8e
Set version to 9.0.1-SNAPSHOT
2020-02-17 20:38:54 +01:00
Stefan Guilhen
d943b8a9e3
[KEYCLOAK-12873] Fix differences between keycloak-saml.xml (adapter) and the keycloak-saml subsystem
2020-02-07 12:06:28 +01:00
mhajas
fc7b769b6e
KEYCLOAK-6817 Ignore SniSSLSocketFactory exception for IBM jdk
2020-01-31 09:08:44 +01:00
vramik
3b1bdb216a
KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem
2020-01-14 13:17:13 +01:00
mhajas
a79d6289de
KEYCLOAK-11416 Fix nil AttributeValue handling
2020-01-10 12:47:09 +01:00
keycloak-bot
76aa199fee
Set version to 9.0.0-SNAPSHOT
2019-11-15 20:43:21 +01:00
Douglas Palmer
a32c8c5190
[KEYCLOAK-11185] Fixed build with JDK 11
2019-11-04 10:56:07 -03:00
Benjamin Bentmann
d6f56e58c1
KEYCLOAK-11806 Fix SAML adapter to not fail upon receiving a login response without the optional Destination attribute
2019-10-29 23:12:15 +01:00
Martin Kanis
4d872d0c2c
KEYCLOAK-11527 Override version of jboss-as-subsystem-test for product profile
2019-10-10 21:09:22 +02:00
stianst
7866a6cff3
Playing with Travis
2019-10-09 10:10:20 +02:00
Martin Kanis
9200a33346
KEYCLOAK-11527 Change type of jboss-as-subsystem-test artifact to pom for product
2019-10-07 13:12:16 +02:00
rmartinc
6283c7add3
KEYCLOAK-10975: Clock skew configuration in keycloak-saml.xml can't be found in the keycloak-saml subsystem
2019-09-27 09:35:03 +02:00
Stefan Guilhen
b833ce9dd3
[KEYCLOAK-11485] Add test case for the as7-eap6 SAML subsystem
2019-09-19 13:39:24 +02:00
rmartinc
7f54a57271
KEYCLOAK-10757: Replaying assertion with signature in SAML adapters
2019-09-18 16:49:00 +02:00
Stefan Guilhen
60205845a8
[KEYCLOAK-7264] Add a RoleMappingsProvider SPI to allow for the configuration of custom role mappers in the SAML adapters.
...
- Provides a default implementation based on mappings loaded from a properties file.
- Role mappers can also be configured in the keycloak-saml susbsytem.
2019-09-09 05:24:25 -03:00
Martin Kanis
75d2ec8ff6
KEYCLOAK-11012 Unable to install EAP6 adapter
2019-08-16 12:44:50 +02:00
mhajas
4b18c6a117
KEYCLOAK-7207 Check session expiration for SAML session
2019-07-24 13:35:07 +02:00
keycloak-bot
17e9832dc6
Set version to 8.0.0-SNAPSHOT
2019-07-19 19:05:03 +02:00
Hynek Mlnarik
67f8622d13
KEYCLOAK-8318 Workaround Elytron's double encoding of the query parameters
...
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-07-19 14:37:38 +02:00
Stefan Guilhen
ceaae7a254
[KEYCLOAK-10384] Add equals and hashCode to KeycloakUndertowAccount, SamlPrincipal and SamlSession to avoid cache misses in the PicketBox JAAS auth manager
2019-07-18 21:08:22 +02:00
Hynek Mlnarik
67eb0c3079
KEYCLOAK-8318 Workaround ELY-1525 similarly to OIDC adapter
2019-07-17 09:33:20 +02:00
Hynek Mlnarik
3d4283fac9
KEYCLOAK-9987 Upgrade to Wildfly17
...
Co-Authored-By: hmlnarik <hmlnarik@redhat.com>
2019-07-16 08:05:46 +02:00
Steeve Beroard
fc9a0e1766
[KEYCLOAK-8104] Keycloak SAML Adapter does not support clockSkew configuration
...
Co-Authored-By: vramik <vramik@redhat.com>
2019-07-15 13:08:52 +02:00
Hynek Mlnarik
ca4e14fbfa
KEYCLOAK-7852 Use original NameId value in logout requests
2019-07-04 19:30:21 +02:00
Vlasta Ramik
cc8cfd4269
KEYCLOAK-10751 Fix SAML undertow adapter not sending challenge
...
Co-Authored-By: mhajas <mhajas@redhat.com>
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2019-07-04 10:04:51 +02:00
vramik
d245287320
KEYCLOAK-9598 Apache Tomcat adapter
2019-06-14 10:09:13 +02:00
Sebastian Laskawiec
e739344556
KEYCLOAK-9640 Unify surefire versions
2019-06-13 13:26:49 +02:00
vramik
3bbab225c8
KEYCLOAK-9596 Remove Apache Tomcat 6.0.x adapter
2019-05-28 12:00:19 +02:00
keycloak-bot
49d4e935cb
Set version to 7.0.0-SNAPSHOT
2019-04-17 09:48:07 +01:00
Sebastian Laskawiec
0042726dd8
KEYCLOAK-9601 KEYCLOAK-9602 Jetty 8.1 and 9.1 removal
...
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-04-16 11:21:29 +02:00
Martin Ball
21e2fa8784
KEYCLOAK-4249 - Make IDP URL in keycloak-saml.xml configurable
...
Added the metadata url as an attribute on the IDP in the keycloak saml configuration which then propagates through to the DefaultSamlDeployment where it is used on the construction of the SamlDescriptorPublicKeyLocator thereby allowing support for ADFS or other IDP which uses a path that is different to the Keycloak IDP.
To make this work when testing with ADFS a change was made to SamlDescriptorIDPKeysExtractor because it would not extract keys from metadata which contained the EntityDescriptor as the root element. The solution was to change the xpath expression in SamlDescriptorIDPKeysExtractor so that it does not require a wrapping EntitiesDescriptor but instead loads all EntityDescriptors located in the document. This allows it to handle a single EntityDescriptor or multiple descriptors wrapped in an EntitiesDescriptor in the same xpath expression. A unit test SamlDescriptorIDPKeysExtractorTest has been added which validates that keys can be loaded in both scenarios.
2019-03-27 08:04:53 +01:00