Commit graph

709 commits

Author SHA1 Message Date
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
Sebastian Laskawiec
0042726dd8 KEYCLOAK-9601 KEYCLOAK-9602 Jetty 8.1 and 9.1 removal
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-04-16 11:21:29 +02:00
slominskir
4a227ae564 KEYCLOAK-5665 - elytron propagate security domain to ejb 2019-04-12 10:23:56 -03:00
vramik
7638226741 KEYCLOAK-10002 remove microprofile-metrics and microprofile-health extensions in domain mode 2019-04-10 11:04:09 +02:00
slominskir
8dd96d6962 KEYCLOAK - 9923 - add-user-keycloak detect if Java uses modules (JDK 9+) 2019-04-09 17:34:16 -03:00
Pedro Igor
fe1ba7e0ef [KEYCLOAK-9250] - missing javadoc for org.keycloak.admin.client.Keycloak 2019-03-21 16:34:46 -03:00
vramik
5808ad2de0 KEYCLOAK-9708 Enable SmallRye Health and Metrics extensions 2019-03-18 10:57:28 +01:00
vramik
3cc405b1c5 KEYCLOAK-8542 Remove resteasy workaround - KeycloakStringEntityFilter 2019-03-16 13:53:54 +01:00
vramik
d7313d91e5 KEYCLOAK-9709 Upgrade to Wildfly 16 2019-03-15 22:18:09 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
stianst
7ad02e7318 Fixes for releasing 2019-03-06 11:38:09 +01:00
stianst
c52c4fec23 KEYCLOAK-9720 Move bower/npm packaging from keycloak/keycloak-js-bower repository 2019-03-05 08:15:05 +01:00
stianst
8dfd07662c KEYCLOAK-8397 Remove deprecated Keycloak Proxy 2019-02-25 08:23:12 -03:00
Hynek Mlnarik
37ef47d6ab KEYCLOAK-9509 Upgrade to Wildfly 15
KEYCLOAK-9584 Update Wildfly Arquillian version

KEYCLOAK-9581: Fix CookiePathTests

KEYCLOAK-9607 CLI sripts and configuration files update

KEYCLOAK-9580 Fix component registration error

KEYCLOAK-9590 Update JDG to newest version

* Infinispan is using whatever version is set in root pom.xml.

KEYCLOAK-9509 Fix Undertow tests

Co-Authored-By: vramik <vramik@redhat.com>
Co-Authored-By: sebastienblanc <scm.blanc@gmail.com>
2019-02-25 08:56:46 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
pskopek
132d0a44be KEYCLOAK-9029: generated licence files using distribution/licenses-common/update-licenses.sh 2018-12-17 08:11:08 +01:00
pskopek
808a743671 KEYCLOAK-9029: fixed licenses files issue per PR review
+ some wrong license file URLs fixed
2018-12-17 08:11:08 +01:00
pskopek
d56fdabb5e KEYCLOAK-9029: generated licence files using distribution/licenses-common/update-licenses.sh 2018-12-17 08:11:08 +01:00
pskopek
835321a0ed KEYCLOAK-9029: disable sym-linking 2018-12-17 08:11:08 +01:00
pskopek
4d8b3424d1 KEYCLOAK-9029: update licenses.xml files 2018-12-17 08:11:08 +01:00
Pedro Igor
0c39eda8d2 [KECLOAK-8237] - Openshift Client Storage 2018-12-06 10:57:53 -02:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
stianst
00cee1d8cf KEYCLOAK-8654 Update licenses 2018-11-01 08:52:39 +01:00
Alex Szczuczko
e843297238 KEYCLOAK-8673 Disable maven-plugin-plugin helpmojo
It's suddenly started breaking the build, not obvious why. Disabling it is the
easiest solution. It's not required for these plugins that are only needed to
serve the keycloak build itself.
2018-10-29 20:00:22 +01:00
Jan Lieskovsky
f3796d2eb8 [KEYCLOAK-8452] Return the definition of the 'keycloak' cache-container
into the infinispan subsystem

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2018-10-24 08:22:43 +02:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
stianst
11374a2707 KEYCLOAK-8556 Improvements to profile 2018-10-12 12:26:37 +02:00
mposolda
4483677cdd KEYCLOAK-8529 Fix most of adapter tests on EAP6 2018-10-12 12:01:33 +02:00
Takashi Mogi
c3f1bd5a25 KEYCLOAK-8342 Add core-management module to standalone and standaloen-ha 2018-10-08 22:21:07 +02:00
stianst
6ebc6c0354 KEYCLOAK-8437 Remove Keycloak demo dist 2018-10-04 20:54:23 +02:00
Pedro Igor
0a6e22ba54 [KEYCLOAK-8412] - Upgrade to Drools 7.11.0.Final 2018-10-04 09:41:41 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
Dmitry Telegin
bc8763ccf3 KEYCLOAK-7858 - OIDC servlet filter adapter OSGi support 2018-09-04 11:29:45 +02:00
mposolda
6fc99cd749 KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
stianst
90bafee5eb Fixes to examples-dist for removed Fuse example 2018-08-15 16:57:23 +02:00
mposolda
a63676ce93 KEYCLOAK-7989 Running server config migration fails due the Hostname SPI 2018-08-03 13:47:17 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
ssilvert@win.redhat.com
e7e15652cf KEYCLOAK-7479: Sanitize 2018-08-01 14:22:39 -04:00
stianst
f99299ee39 KEYCLOAK-7967 Introduce Hostname SPI 2018-08-01 11:57:45 +02:00
Pedro Igor
3fc6eed1ce [KEYCLOAK-7827] - Missing org.jboss.logging dependency to keycloak-authz-client module 2018-07-13 09:17:49 -03:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
Grzegorz Grzybek
3c9d3c2c04 [KEYCLOAK-7681] Review pax-web OSGi dependencies
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2018-06-22 13:47:20 +02:00
Martin Kanis
998227ac53 KEYCLOAK-5461 Upgrade to Liquibase 3.5.5 2018-06-22 13:20:10 +02:00
Hynek Mlnarik
d3a6b6f587 KEYCLOAK-7678 Remove osgi-thirdparty module 2018-06-21 15:35:03 +02:00
Grzegorz Grzybek
f90e0fc14c [KEYCLOAK-7425] Correctly import packages of httpclient and http core, fix Karaf feature 2018-06-21 14:28:47 +02:00
stianst
e98fcfe56e KEYCLOAK-7641 Add details on how to build server-only, including some fixes to poms 2018-06-18 10:38:15 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Hynek Mlnarik
6a2f73df9c KEYCLOAK-7433 Update licenses 2018-05-25 11:27:51 +02:00
Hynek Mlnarik
dd6735285d KEYCLOAK-7438 Don't create symlinks in download-license-files.sh 2018-05-25 09:50:41 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Hynek Mlnarik
1e438cdc45 KEYCLOAK-7277 KEYCLOAK-7282 Tomcat 8/Pax Web integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
d70859ef1b KEYCLOAK-7277 KEYCLOAK-7282 Jetty/Pax Web integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
3ab8ff2ea1 KEYCLOAK-5522 Features and distibution 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
cace03c3cc KEYCLOAK-7279 Camel/Undertow integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
dd65c231f9 KEYCLOAK-7277 KEYCLOAK-7282 Undertow/Pax Web integration 2018-05-23 13:14:07 +02:00
Vlasta Ramik
8022a74565 KEYCLOAK-7274 Hardcoded config in offline adapter installation scripts (#5184) 2018-05-03 19:50:36 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
stianst
66186273ca Removed authz from examples-dist 2018-03-26 18:17:38 +02:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Alex Szczuczko
3ade41a76d KEYCLOAK-6299 Upstream keycloak-javadocs-pom into the product profile of keycloak-api-docs-dist
A product profile has been added to keycloak-api-docs-dist, to replace the
downstream product javadocs POM. I've merged in any misc. changes from that
pom, but I've kept the upstream zip layout:

```
index.html
rest-api/index.html
javadocs/index.html
javadocs/index-all.html
javadocs/*
```

instead of the current product deliverable layout of:

```
META-INF/*
index.html
index-all.html
*
```

The community layout includes the rest-api that's distributed as a separate
product deliverable in 7.2.0. I've kept this layout for better artifact
consistency, but it could easily be changed to keep the product artifacts
consistent for the next product minor version.
2018-03-20 04:41:31 +01:00
stianst
505cf5b251 KEYCLOAK-6519 Theme resource provider 2018-02-09 08:28:59 +01:00
David
2743e4a182 Update changes on sssd.conf file to make script idempotent 2018-02-06 09:04:37 -02:00
Hynek Mlnarik
972c3dd36b KEYCLOAK-6521 Update licenses 2018-02-06 11:58:11 +01:00
Martin Kanis
6b8ec0bb82 KEYCLOAK-6154 Exclude common-logging/codec from keycloak-osgi-thirdparty 2018-01-31 21:26:41 +01:00
Bruno Oliveira
179e371d0e [KEYCLOAK-6298] SAML adapter script should support offline installation of adapter 2018-01-31 17:10:31 -02:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
stianst
c7ce279aef KEYCLOAK-6076 Exclude transitive dependencies in Fuse ZIP 2017-12-21 09:03:21 +01:00
stianst
61fe554617 KEYCLOAK-6051 Fix licenses 2017-12-19 08:20:29 +01:00
Martin Kanis
47721957b7 KEYCLOAK-6018 Create BOM for Drools dependencies 2017-12-14 14:51:25 +01:00
stianst
35e60e0aa4 KEYCLOAK-5957 2017-12-06 08:59:40 +01:00
Hynek Mlnarik
b4532ec629 KEYCLOAK-5964 Fix keycloak-install-base.cli client session caches 2017-12-04 12:15:07 +01:00
pedroigor
b1127ffafe [KEYCLOAK-5953] - Making elytron dependencies optional 2017-12-04 10:13:55 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
Peter Nalyvayko
b8e5fd2b99 KC-4335: working on adding a reverse proxy support to allow X.509 client certificate authentication when running keycloak behind a reverse proxy
KC-4335: reverse proxy => a swtich to change a type of reverse proxy when running the X509 integration tests; changes to the names of the reverse proxy providers

KC-4335: updated the migration scripts to add x509 spi to standalone and domain configurations; removed the HAproxy and apache x509 spi configuration
2017-11-30 11:00:32 +01:00
Alex Szczuczko
c860ca61c3 KEYCLOAK-5843 Add custom license processing plugin to avoid directory symlinks (#4723)
Symlinks are frequently unavailable on Windows (must be on NTFS and user must
have SeCreateSymbolicLinkPrivilege). Removing the symlinks for licenses/common/
should enable the build to function mostly normally on Windows. The individual
license files will be incorrect, but that shouldn't matter for local builds.
Release builds are done on *nix.

The plugin rolls several different plugin executions into one. The common files
are distributed using a resource jar, used by and unpacked by the plugin.
2017-11-27 12:31:31 -05:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Stian Thorgersen
e28652489e KEYCLOAK-5565 Change theme files to writable to permit patching 2017-11-09 15:37:01 +01:00
Pedro Igor
476dd1cef5 [KEYCLOAK-4439] - Fixing saml adapter 2017-11-08 19:01:54 -02:00
Alex Szczuczko
eb46f403d6 Extract the license files with maven-dependency-plugin instead of wildfly-server-provisioning-maven-plugin
This works around WFBUILD-27 aka wildfly/wildfly-build-tools#39. Once that's merged and new version is released this commit can be reverted.
2017-11-08 12:58:38 +01:00
Alex Szczuczko
9c0ec8cb10 Enforce a standard sort order on deduplication in download-license-files.sh
This will avoid noise in the diffs (files switching between symlink and regular
status) when users on systems with a different default sort order run the
script. `LC_ALL=C sort` will sort by byte order.
2017-11-08 12:58:38 +01:00
Alex Szczuczko
d268412738 Initial run of download-license-files.sh on license XMLs
Command line used:

find -path '*/src/main/resources/licenses' | while read -r r; do pushd "$r"; common/download-license-files.sh rh-sso/licenses.xml; common/download-license-files.sh keycloak/licenses.xml; popd; done
2017-11-08 12:58:38 +01:00
Alex Szczuczko
e360aadcd4 Explicitly define the dependency for unpacking in js-adapter-zip.
This makes it visible to append-product-licenses.groovy and other plugins.
2017-11-08 12:58:38 +01:00
Alex Szczuczko
f88b3cddb6 Port forward license data from maintenance, with improvements.
org.keycloak dependencies will be automatically added to the xml during the
build, removing the need for runs of download-license-files.sh every time the
keycloak version changes.

Documentation on "why and how" for the license data has also been added.

To reduce code duplication issues, plugin definitions are stored in
keycloak-parent, but only active in the projects that need them (not bound to
any phase by default). Also, the common files have been moved into
licenses/common/, so that a single symlink will suffice to replicate the
current and future files needed by the plugin executions. While the
assembly.xml definitions remain duplicated, they are fairly minimal and
shouldn't need to change often.

License data is available for all adapters shipped in the product, plus
server-feature-pack.

The keycloak slot is populated with data, in addition to the rh-sso slot. A
number of the adapters don't depend on any third-party artifacts, so they have
(mostly) blank license.xml files.
2017-11-08 12:58:38 +01:00
Marek Posolda
9e2ab2750a Merge pull request #4616 from vramik/KEYCLOAK-5749
KEYCLOAK-5749 Update migration scripts for WildFly 11 Final
2017-10-26 13:24:29 +02:00
vramik
906538e6aa KEYCLOAK-5749 Update migration scripts for WildFly 11 Final 2017-10-26 11:21:48 +02:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
Hynek Mlnarik
d01be82b35 KEYCLOAK-5700 Add option to build jarless Wildfly distro
Use via the following maven command:

mvn clean install -Pdistribution -Dkeycloak.provisioning.xml=server-provisioning-devel.xml
2017-10-18 15:14:58 +02:00
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
vramik
a42e0d6a31 KEYCLOAK-5674 updated migration scripts 2017-10-16 22:36:40 +02:00
Stan Silvert
6082e49252 KEYCLOAK-4952: Header information disclosure 2017-10-06 16:04:39 -04:00
Stian Thorgersen
ee35673615 KEYCLOAK-1250 Profile and console loader for new account management console 2017-09-14 19:53:02 +02:00
Bill Burke
e907a9aa6d put back elytron and resteasy providers 2017-09-11 17:21:30 -04:00
Bill Burke
cf47d49fc6 add back multipart provider 2017-09-11 09:47:56 -04:00
Bill Burke
1ed5730769 add back multipart, remove elytron 2017-09-08 14:47:37 -04:00
Bill Burke
9f660b48c4 KEYCLOAK-5439 2017-09-08 11:28:12 -04:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Stian Thorgersen
8cc1d02d46 KEYCLOAK-5342 (#4431) 2017-08-28 14:35:58 +02:00
Hynek Mlnarik
794c508b10 KEYCLOAK-4995 Support for distributed SAML logout in cross DC 2017-08-28 13:15:11 +02:00
Stian Thorgersen
31be564fa3 KEYCLOAK-5339 Upgrade to WildFly 11 CR1 (#4429) 2017-08-28 12:06:37 +02:00
Pedro Igor
a6dfb4ccdd [KEYCLOAK-5015] - Support for Elytron capabilities in subsystem 2017-08-22 18:01:19 -03:00
Pedro Igor
d3e559453b [KEYCLOAK-5015] - Updating Elytron Adapters 2017-08-22 18:01:19 -03:00
Markus Heberling
ef32585f57 create JS source maps (#4365)
updated minify plugin to 1.7.6
switch minify plugin to use CLOSURE compiler
enable source map generation https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k
include source maps in distribution files
2017-08-22 08:10:09 +02:00
Stian Thorgersen
efd44d86c5 KEYCLOAK-5263 (#4393) 2017-08-17 14:40:29 +02:00
Stian Thorgersen
ae54dd848d KEYCLOAK-5185 (#4392) 2017-08-17 13:15:41 +02:00
Hynek Mlnarik
f5d7f9b09b KEYCLOAK-5216 ClassNotFoundException when using SAML ECP 2017-07-21 15:57:14 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Stian Thorgersen
073f1eda54 Fix dependency exclusions in server-dist to make sure dependency versions are inherited from WF 2017-06-27 14:24:22 +02:00
Stian Thorgersen
af63fcbc4d KEYCLOAK-4891 Add keycloak-api-docs-dist to mvn repo in prod profile 2017-06-26 19:54:33 +02:00
Hynek Mlnarik
955cbc76d7 KEYCLOAK-5030 Change action tokens cache type to distributed 2017-06-26 10:11:53 +02:00
Pedro Igor
1d5bd2567e [KEYCLOAK-4913] - Caching more query methods 2017-05-23 16:13:20 -03:00
Stian Thorgersen
43a625db28 KEYCLOAK-4477 Fix update to WF 11 2017-05-19 08:31:29 +02:00
Stian Thorgersen
cc42ea9332 KEYCLOAK-4773 Remove 'providers' directory 2017-05-19 06:24:58 +02:00
Stian Thorgersen
9ec3a8c3d9 KEYCLOAK-4933 Fixes 2017-05-19 06:24:58 +02:00
Stian Thorgersen
2e83eda172 KEYCLOAK-4477 Update to WildFly 11 2017-05-19 06:24:58 +02:00
Stian Thorgersen
6d8a3f7a8b KEYCLOAK-4933 Fixes 2017-05-19 06:24:58 +02:00
Bob McWhirter
56d68c17f5 KEYCLOAK-4933
Use a newer version of the server-provisioning-plugin.

By using a newer version of the plugin, we can reduce
the amount of build code that replicates the provisioning
logic when building overlays.

This applies to both:

* Server distribution overlay
* Adapter distribution overlay

Both overlays are created purely by using the provisioning
plugin and the feature-packs produced elsewhere in the build,
along with the admin-cli artifact when appropriate.
2017-05-19 06:24:58 +02:00
Stian Thorgersen
28acf489a1 KEYCLOAK-4921
add-user-keycloak broken
2017-05-18 09:33:33 +02:00
mposolda
c178a2392d KEYCLOAK-4907 Fix postgresql and mssql. Fix migration 2017-05-17 22:44:44 +02:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
mposolda
db8b733610 KEYCLOAK-4626 Fix TrustStoreEmailTest and PolicyEvaluationCompositeRoleTest. Distribution update 2017-05-11 22:16:26 +02:00
Pedro Igor
978619ead0 [KEYCLOAK-4867] - Missing cache config in server overlay 2017-05-09 14:21:06 -03:00
Stian Thorgersen
e6477ed261 KEYCLOAK-4856
[RHSSO] Adapter feature pack requires org.jboss.eap:wildfly-feature-pack in product
2017-05-05 12:08:22 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
Stian Thorgersen
57bf9254e1 Fix downloads dist 2017-04-27 14:14:12 +02:00
Bill Burke
2b84b8255e Update host-slave.xml 2017-04-26 18:57:31 -04:00
Stian Thorgersen
4b417c5ae8 KEYCLOAK-4713 Update domain mode config for EAP 7.1 2017-04-26 15:17:43 +02:00
Stian Thorgersen
038c4765a3 KEYCLOAK-4764 Fixes for distribution 2017-04-19 13:58:39 +02:00
Stian Thorgersen
56320cc023 Merge branch 'master' into KEYCLOAK-4563 2017-04-07 09:36:40 +02:00
Stian Thorgersen
6201257f76 KEYCLOAK-4549 [RH-SSO] EAP 7.1.0 Alpha16 2017-04-05 11:55:21 +02:00
Pedro Igor
f857625d07 [KEYCLOAK-3573] - Elytron adapter CLI scripts and tests. 2017-03-31 11:31:33 -03:00
Stian Thorgersen
642aeeb937 KEYCLOAK-4615 Build demo-dist, example-dist and proxy-dist only in jboss-release profile 2017-03-29 11:39:40 +02:00
Stian Thorgersen
0180d54dd9 KEYCLOAK-4668 Exclude modules in product profile 2017-03-28 10:04:20 +02:00
Stian Thorgersen
9303a9c7d0 KEYCLOAK-3258 Add server dist changes to product profile 2017-03-27 20:50:13 +02:00
Bill Burke
e5a2642e62 Merge pull request #3978 from pedroigor/KEYCLOAK-3573
[KEYCLOAK-3573] - Elytron SAML and OIDC Adapters
2017-03-25 19:24:42 -04:00
Stian Thorgersen
3ce8da0126 Merge pull request #3976 from stianst/KEYCLOAK-3250-PROD-PROFILE
KEYCLOAK-4659 Changes to adapters for product profile
2017-03-24 15:34:35 +01:00
Pedro Igor
30d7a5b01f [KEYCLOAK-3573] - Elytron SAML and OIDC Adapters 2017-03-24 11:32:08 -03:00
Stian Thorgersen
5d028205bf KEYCLOAK-4659 Changes to adapters for product profile 2017-03-24 12:07:21 +01:00
Stian Thorgersen
ef7cb1e0cb Merge pull request #3973 from stianst/KEYCLOAK-3250-PROD-PROFILE
KEYCLOAK-3251 Add product Maven profile
2017-03-24 09:36:28 +01:00
Stian Thorgersen
90c4de27e5 KEYCLOAK-3251 Add product Maven profile
KEYCLOAK-3254 Product profile should include RH-SSO theme and change default theme
2017-03-24 07:10:11 +01:00
Stian Thorgersen
fc009969c9 Merge pull request #3971 from ssilvert/KEYCLOAK-4396-ng2-wrapper
KEYCLOAK-4396: Add keycloak.d.ts for TypeScript
2017-03-23 14:12:03 +01:00
Stan Silvert
e2970fcf8a KEYCLOAK-4396: Add keycloak.d.ts for TypeScript 2017-03-20 12:42:26 -04:00
Peter Nalyvayko
b2f10359c8 KEYCLOAK-4335: x509 client certificate authentication
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments

x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute

Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received

Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes

Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document

A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README

Changes to the formating of the readme

Added a list of features to readme

Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions

Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master

Removed a superfluous file created when merging x509 and main branches

X509 authentication: removed the PKIX path validation as superflous

Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main

Merge the unit tests from x509 branch

added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured

CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.

changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail

Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)

X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them

X509 fixed a compile error caused by the changes to the user model in master

Integration tests to validate X509 client certificate authentication

Minor tweaks to X509 client auth related integration tests

CRLs to support x509 client cert auth integration tests

X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime

X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class

X509 separated the browser and direct grant x509 authenction integration tests

x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator

x509 removed the dependency on mockito

x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests

index.txt.attr is needed by openssl to run a simple OCSP server

x509: minor grammar fixes

Add OCSP stub responder to integration tests

This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.

Replace printStackTrece with logging

This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.

Remove unused imports

Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.

Parameterized Hashtable variable

Removed unused CertificateFactory variable

Declared serialVersionUID for Serializable class

Removed unused CertificateBuilder class

The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.

Removing unused variable declaration

`response` variable is not used in the test, removed it.

Made sure InputStreams are closed

Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.

Removed deprecated usage of URLEncoder

Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.

Made it more clear how to control OCSP stub responder in the tests

X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job

KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests

KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Gabriel Lavoie
fb507048f5 KEYCLOAK-4563: Large user account ID and group ID may break distribution builds.
- Maven documentation recommends using POSIX tar format.
2017-03-13 13:28:51 -04:00
Bill Burke
0ff4223184 Merge pull request #3922 from hmlnarik/KEYCLOAK-4288-SAML-logouts-are-not-invalidating-the-sessions-for-all-the-logged-in-applications
KEYCLOAK-4288 Invalidate sessions in cluster for SAML logouts
2017-03-09 19:13:37 -05:00