Hynek Mlnarik
65b269cd54
KEYCLOAK-3731 Provide functionality for IdP-initiated SSO for broker
...
A SAML brokered IdP can send unsolicited login response to the broker.
This commit adds a new GET/POST endpoint under [broker SAML
endpoint]/clients/{client_id}. Broken will respond to submission to
this new endpoint by looking up a SAML client with URL name equal to
client_id, and if found, it performs IdP-initiated SSO to that client.
2016-11-28 13:54:04 +01:00
mposolda
7c6032cc84
KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite
2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70
remove User Fed SPI
2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf
remove realm UserFed SPI methods
2016-11-23 08:31:20 -05:00
Stian Thorgersen
6ec82865d3
Bump version to 2.4.1.Final-SNAPSHOT
2016-11-22 14:56:21 +01:00
mposolda
d8c8afe070
KEYCLOAK-3943 Admin console issues when updating LDAP Storage provider
2016-11-21 14:22:45 +01:00
mposolda
da52a5c9cf
KEYCLOAK-3930 KEYCLOAK-3931 LDAP and Mongo fixes
2016-11-18 20:02:02 +01:00
Stian Thorgersen
7043ecc21b
KEYCLOAK-3881 Fix login status iframe with * origin
2016-11-18 12:50:52 +01:00
Marek Posolda
3e71aeddf3
Merge pull request #3479 from hmlnarik/KEYCLOAK-3469-UserRealmRoleMapper
...
KEYCLOAK-3469 Make role mappers account for user groups
2016-11-18 09:21:56 +01:00
Marek Posolda
b434c2b9cf
Merge pull request #3510 from ssilvert/delete-subflows
...
KEYCLOAK-3681: Delete top flow doesn't remove all subflows
2016-11-18 08:50:13 +01:00
mposolda
a27be0cee7
KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches.
2016-11-16 22:29:23 +01:00
Stan Silvert
55556fc63c
KEYCLOAK-3681: Delete top flow doesn't remove all subflows
2016-11-16 12:43:11 -05:00
Stian Thorgersen
26b1541f4a
Merge pull request #3476 from abstractj/KEYCLOAK-3875
...
[KEYCLOAK-3875] - Conditional OTP Forms not working as expected
2016-11-16 12:44:50 +01:00
Stian Thorgersen
1c3a475d1e
Merge pull request #3485 from hmlnarik/KEYCLOAK-3071
...
KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import
2016-11-16 12:38:45 +01:00
Bill Burke
cc0eb47814
merge
2016-11-14 15:09:41 -05:00
Bill Burke
c280634bfa
fix tests
2016-11-14 15:06:17 -05:00
Hynek Mlnarik
750e942267
KEYCLOAK-3469 Make role mappers account for user groups
2016-11-14 11:38:00 +01:00
Bruno Oliveira
39f40bc005
[KEYCLOAK-3875] - Conditional OTP Forms not working as expected
2016-11-11 15:16:08 -02:00
Stian Thorgersen
a86b5988b5
Merge pull request #3484 from hmlnarik/KEYCLOAK-3658
...
KEYCLOAK-3658 Fixed typo in condition
2016-11-11 09:41:48 +01:00
Stian Thorgersen
088f0ea630
Merge pull request #3490 from stianst/KEYCLOAK-3086
...
[KEYCLOAK-3086] - NPE when accessing Account with invalid clientId s…
2016-11-11 09:35:45 +01:00
Bruno Oliveira
675faee593
[KEYCLOAK-3086] - NPE when accessing Account with invalid clientId set as ?referrer, and additional referrer_uri set
2016-11-10 13:49:40 +01:00
Stian Thorgersen
7e33f4a7d1
KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private
2016-11-10 13:28:42 +01:00
Bill Burke
94076a3b24
admin console ui
2016-11-09 17:34:07 -05:00
Hynek Mlnarik
8816b55843
KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import
2016-11-09 14:13:53 +01:00
Hynek Mlnarik
9c724b616d
KEYCLOAK-3658 Fixed typo in condition
2016-11-09 11:27:33 +01:00
Vlasta Ramik
6f1b8e1fee
remove KEYCLOAK_REMEMBERME when user logs in without rememberme checked + tests
2016-11-09 10:33:46 +01:00
Bill Burke
4880c0443c
ldap port admin console
2016-11-08 12:30:20 -05:00
Stian Thorgersen
292777259e
Merge pull request #3472 from hmlnarik/KEYCLOAK-1881-saml-key-rotation
...
Keycloak 1881 - SAML key/cert rotation for IdP
2016-11-08 07:56:25 +01:00
Stian Thorgersen
db4f3561a5
Merge pull request #3454 from ssilvert/keystore-error-messages
...
KEYCLOAK-3817: More detailed errors when loading keys from JKS
2016-11-08 07:33:43 +01:00
Bill Burke
5a86623c88
merge
2016-11-06 08:52:10 -05:00
Bill Burke
14dc0ff92f
Merge remote-tracking branch 'upstream/master'
2016-11-05 20:05:01 -04:00
Bill Burke
4302b440ee
ldap port
2016-11-05 20:04:53 -04:00
Bill Burke
c75dcb90c2
ldap port
2016-11-04 21:25:47 -04:00
Hynek Mlnarik
8ae1b1740d
KEYCLOAK-1881 Client installers
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
4f9e35c0a1
KEYCLOAK-1881 Support for multiple certificates in broker (hardcoded at the moment)
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
67bb9aef3d
KEYCLOAK-1881 Add switch to enable/disable generation of <Extensions>
...
Some SP clients might be confused by using a standard SAML protocol tag
<Extensions> which is used for signed REDIRECT binding messages to
specify signing key ID. To enable the interoperability, generation of
the tag is disabled by default and can be enabled for individual
clients.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f
KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
...
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
d5c3bde0af
KEYCLOAK-1881 Make SAML descriptor endpoint return all certificates
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af
KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
...
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
Pedro Igor
706c1e2660
[KEYCLOAK-3704] - Registering UserSinchronizer to remove resources when the owner is removed
2016-11-02 21:40:58 -02:00
Pedro Igor
95d2130405
[KEYCLOAK-3704] - Checkign if owner is a valid user
2016-11-02 21:01:24 -02:00
Stan Silvert
a5e5f4cf9c
KEYCLOAK-3817: More detailed errors when loading keys from JKS
2016-11-01 13:54:34 -04:00
Bill Burke
ccaac40863
Merge pull request #3437 from patriot1burke/master
...
disable credential type REST and admin ui
2016-10-28 11:33:16 -04:00
Stian Thorgersen
f4a77c3d06
Merge pull request #3444 from stianst/KEYCLOAK-3225
...
KEYCLOAK-3225
2016-10-28 11:51:35 +02:00
Stian Thorgersen
b6b567f948
Merge pull request #3441 from stianst/KEYCLOAK-3733
...
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 10:36:24 +02:00
Stian Thorgersen
479295cfd2
KEYCLOAK-3225
...
Modifying user's Identity Provider Links requires manage-realm client role
2016-10-28 10:25:41 +02:00
Stian Thorgersen
a78cfa4b2c
Merge pull request #3440 from stianst/KEYCLOAK-3667
...
KEYCLOAK-3667
2016-10-28 10:13:06 +02:00
Stian Thorgersen
c6caeb3bec
Merge pull request #3439 from stianst/KEYCLOAK-3828
...
KEYCLOAK-3828
2016-10-28 10:12:51 +02:00
Stian Thorgersen
a9d47287ee
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 09:15:05 +02:00
Stian Thorgersen
3d46b4c425
KEYCLOAK-3667
2016-10-28 08:43:24 +02:00