Commit graph

1678 commits

Author SHA1 Message Date
mposolda
65e2f127c9 KEYCLOAK-3400 OIDC request with missing response_type should respond with error 2016-08-08 16:11:50 +02:00
mposolda
9be6777685 KEYCLOAK-2169 KEYCLOAK-3286 Support for at_hash and c_hash 2016-08-08 10:57:44 +02:00
Bill Burke
f14f303dfe Merge remote-tracking branch 'upstream/master' 2016-08-07 11:50:44 -04:00
Bill Burke
33d7d89ad9 provider hot deployment 2016-08-07 11:41:52 -04:00
Marek Posolda
65c49c39f4 Merge pull request #3114 from mposolda/master
KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected …
2016-08-05 16:45:56 +02:00
mposolda
e0a59baaf2 KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected unless using the code flow. Started responseType tests 2016-08-05 15:05:26 +02:00
Thomas Darimont
e49afb2d83 KEYCLOAK-3142 - Revised according to codereview
Liquibase Moved schema evolution configuration from jpa-changelog-2.1.0
to jpa-changelog-2.2.0.
Corrected wrong ResourceType references in tests.
Adapted AdminEvents copy-routines to be aware of resourceType attribute.
Added ResourceType enum to exposed ENUMS of ServerInfoAdminResource.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-05 00:01:03 +02:00
Thomas Darimont
586f6eeece KEYCLOAK-3142 - Capture ResourceType that triggers an AdminEvent
Introduced new ResourceType enum for AdminEvents which lists
the current supported ResourceTypes for which AdminEvents
can be fired.

Previously it was difficult for custom EventListeners to figure
out which ResourceType triggered an AdminEvent in order
to handle it appropriately, effectively forcing users to parse
the representation.
Having dedicated resource types as a marker on an AdminEvent helps
to ease custom EventListener code.

We now also allow filtering of admin events by ResourceType in the
admin-console.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-04 11:30:02 +02:00
Bill Burke
534ee2e50c Merge remote-tracking branch 'upstream/master' 2016-08-03 19:16:45 -04:00
Bill Burke
70722d0d3d user storage provider jpa example 2016-08-03 19:16:11 -04:00
Bill Burke
7f08717dfb Merge pull request #3105 from patriot1burke/master
component model
2016-08-02 09:28:55 -04:00
Bill Burke
e3aec098a2 Merge pull request #3064 from cainj13/oneSamlAttributeStatement
SamlProtocol should only drop attributes into a single attributeStatement
2016-08-02 07:14:08 -04:00
Bill Burke
17e75950fe more fixes 2016-08-02 06:56:22 -04:00
Bill Burke
1c75b03e59 props 2016-08-02 06:50:13 -04:00
Bill Burke
1d695237b7 fix 2016-08-02 05:49:50 +02:00
Bill Burke
09693eb108 component model 2016-08-02 05:48:57 +02:00
Pedro Igor
ae1a7542d8 [KEYCLOAK-3385] - Improvements to evaluation tool UI and result 2016-08-01 18:01:24 -03:00
Bill Burke
a8a77add39 fix 2016-08-01 12:07:02 -04:00
Bill Burke
5facec73e4 Merge remote-tracking branch 'upstream/master' 2016-08-01 11:19:09 -04:00
Bill Burke
91a267a0d8 component model 2016-08-01 11:18:58 -04:00
Marek Posolda
0d99b797b6 Merge pull request #3068 from mstruk/KEYCLOAK-2981-m
KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys
2016-08-01 11:20:55 +02:00
Marek Posolda
159b752fb0 Merge pull request #3085 from pedroigor/master
[KEYCLOAK-3376] - Show authorization data when evaluating authorization requests
2016-08-01 09:09:55 +02:00
Dmitry Telegin
fea277a7f5 KEYCLOAK-3369: Fire RealmPostCreateEvent 2016-08-01 01:00:50 +03:00
Pedro Igor
bd5b434894 [KEYCLOAK-3376] - Show authorization data when evaluating authorization requests 2016-07-29 22:09:17 -03:00
Pedro Igor
3c8ed8e3d8 [KEYCLOAK-3372] - Code cleanup 2016-07-29 05:18:38 -03:00
Pedro Igor
8cfa50f134 [KEYCLOAK-3338] More testing and improvements when importing role policies 2016-07-28 12:31:46 -03:00
Bill Burke
5d9fe09599 Merge pull request #3070 from mstruk/KEYCLOAK-2571
KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired
2016-07-28 07:23:32 -04:00
Bill Burke
2219cd363e Merge pull request #3079 from patriot1burke/master
KEYCLOAK-3268
2016-07-28 07:22:45 -04:00
Pedro Igor
7e1b97888a [KEYCLOAK-3338] - Adding client roles to role policy and UX improvements 2016-07-27 15:15:14 -03:00
Bill Burke
46b4bb0909 KEYCLOAK-3268 2016-07-27 09:28:48 -04:00
Marko Strukelj
59e0570cdf KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired 2016-07-26 21:32:57 +02:00
Marko Strukelj
94f583e935 KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys 2016-07-25 11:13:21 +02:00
Bill Burke
3973aed57d Merge pull request #2989 from thomasdarimont/issue/KEYCLOAK-3234-allow-restricting-mapper-for-userinfo
KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint
2016-07-22 17:54:00 -04:00
Josh Cain
535a0763fc put imports back, new IDE snuck a * in there. 2016-07-22 14:57:07 -05:00
Josh Cain
283581f920 SamlProtocol should only drop attributes into a single attributeStatement element 2016-07-22 14:49:48 -05:00
mposolda
01830fd7f3 KEYCLOAK-3319 More OIDC tests. Minor refactoring 2016-07-22 18:16:58 +02:00
mposolda
9169bcd88d KEYCLOAK-3354 request and request_uri not supported 2016-07-22 13:44:45 +02:00
mposolda
56e011dce4 KEYCLOAK-3318 Adapter support for prompt and max_age. Refactoring to not hardcode OIDC specifics to CookieAuthenticator 2016-07-21 18:19:53 +02:00
Pedro Igor
484d5d6e08 [KEYCLOAK-3313] - UI improvements and messages 2016-07-20 22:11:24 -03:00
mposolda
f4ddfe4a52 KEYCLOAK-3318 Support for prompt=login. More tests for prompt parameter 2016-07-20 21:27:38 +02:00
Bill Burke
6f92bac782 Merge pull request #3000 from tonswieb/master
KEYCLOAK-3265 Support writing a NameIDType AttributeValue
2016-07-20 11:23:18 -04:00
Stian Thorgersen
1b517a461e Merge pull request #3041 from stianst/KEYCLOAK-3302
KEYCLOAK-3302 Allow logout with expired refresh token
2016-07-19 08:03:52 +02:00
Marek Posolda
a6bdf81e6d Merge pull request #3040 from mposolda/master
KEYCLOAK-3220 Added test for missing response_type
2016-07-15 22:19:52 +02:00
Stian Thorgersen
e708c53730 KEYCLOAK-3302 Allow logout with expired refresh token 2016-07-15 12:56:31 +02:00
Stian Thorgersen
1ce17c459d Merge pull request #3039 from stianst/KEYCLOAK-3192
KEYCLOAK-3192 Ignore disabled required action
2016-07-15 10:38:49 +02:00
mposolda
fda0a79e27 KEYCLOAK-3237 Add scopes_supported to OIDC WellKnown endpoint 2016-07-15 09:47:09 +02:00
Stian Thorgersen
970c89dd6a KEYCLOAK-3192 Ignore disabled required action 2016-07-15 09:01:44 +02:00
mposolda
13a21e5fda KEYCLOAK-3220 Improve error handling on adapters 2016-07-14 23:56:46 +02:00
mposolda
dcc4ea3aea KEYCLOAK-3237 Change OIDC adapters to use scope=openid as required per specs 2016-07-14 23:56:46 +02:00
Pedro Igor
aacf2e9390 [KEYCLOAK-3137] - Review i18n for AuthZ Services 2016-07-14 13:54:37 -03:00
mposolda
ee3ac3fdaf KEYCLOAK-3223 Basic support for acr claim 2016-07-14 12:36:12 +02:00
Stian Thorgersen
4f1d83b9dc Merge pull request #3030 from stianst/KEYCLOAK-2824-2
KEYCLOAK-2824 Password Policy SPI
2016-07-14 10:12:25 +02:00
Stian Thorgersen
ea44b5888b KEYCLOAK-2824 Password Policy SPI 2016-07-14 07:20:30 +02:00
mposolda
abde62f369 KEYCLOAK-3220 redirect to client with error if possible 2016-07-13 20:57:43 +02:00
mposolda
38f89b93ff KEYCLOAK-3281 OIDC 'state' parameter is url-encoded twice when responseMode=form_post 2016-07-13 18:07:57 +02:00
mposolda
d5199501c7 KEYCLOAK-3219 Added claims info to OIDCWellKnownProvider. More tests 2016-07-13 10:17:45 +02:00
Stian Thorgersen
5b0980172d KEYCLOAK-3267 Fix identity broker login with brute force enabled 2016-07-12 15:21:00 +02:00
Stian Thorgersen
f97d0846ed Merge pull request #3010 from wadahiro/KEYCLOAK-3278
KEYCLOAK-3278 Add support for any encoding property file in theme
2016-07-12 10:34:34 +02:00
Stian Thorgersen
19e5ddeba5 Merge pull request #3015 from martin-kanis/master
KEYCLOAK-3096 Remove leading/trailing spaces from username/email
2016-07-12 10:03:55 +02:00
mposolda
039bb103c2 KEYCLOAK-3295 Kerberos authenticator changed during userFederationProvider update just if it was DISABLED 2016-07-11 15:52:49 +02:00
Martin Kanis
c67d834d39 KEYCLOAK-3096 Remove leading/trailing spaces from login 2016-07-09 18:35:51 +02:00
mposolda
629390dd4a KEYCLOAK-2986 Require either expiration or issuedAt for client authentication with signed JWT 2016-07-08 16:16:38 +02:00
mposolda
3bfd999590 KEYCLOAK-3222 extend WellKnown to return supported types of client authentications. More tests 2016-07-08 15:39:13 +02:00
Pedro Igor
80a67149af Merge pull request #3002 from pedroigor/KEYCLOAK-3249
[KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE
2016-07-08 09:16:51 -03:00
mposolda
c10a005997 KEYCLOAK-3290 UserInfoEndpoint error responses don't have correct statuses 2016-07-08 12:15:07 +02:00
mposolda
4dd28c0adf KEYCLOAK-3221 Tokens should be invalidated if an attempt to reuse code is made 2016-07-08 11:04:08 +02:00
Bill Burke
bdc57d57c1 Merge pull request #3008 from patriot1burke/master
new User Fed SPI initial iteration
2016-07-07 14:56:38 -04:00
Hiroyuki Wada
930b0d9ad7 KEYCLOAK-3278 Add support for any encoding property file in theme 2016-07-08 02:58:48 +09:00
mposolda
a7c9e71490 KEYCLOAK-3218 Support for max_age OIDC authRequest parameter and support for auth_time in IDToken 2016-07-07 17:04:32 +02:00
Bill Burke
0040d3fc3b Merge remote-tracking branch 'upstream/master' 2016-07-07 10:35:45 -04:00
Bill Burke
7e5a5f79cf fixes for new user fed spi 2016-07-07 10:35:35 -04:00
Marek Posolda
7a161cc8bb Merge pull request #3005 from mposolda/KEYCLOAK-3217
KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request sec…
2016-07-07 13:49:43 +02:00
Marek Posolda
c5e8a010dc Merge pull request #3004 from mposolda/KEYCLOAK-3147
KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter
2016-07-07 13:49:34 +02:00
mposolda
56e09bf189 KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter 2016-07-07 12:46:36 +02:00
mposolda
7aafbcd5d9 KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request secured with Bearer header 2016-07-07 12:28:25 +02:00
Pedro Igor
5ef65e837c [KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE 2016-07-06 09:39:56 -03:00
Stan Silvert
a231c1b31b RHSSO-296: Required Action "Configure Totp" should be "Configure OTP" 2016-07-05 15:07:52 -04:00
Ton Swieb
fed7339558 KEYCLOAK-3265 Support writing a NameIDType AttributeValue 2016-07-05 14:54:38 +02:00
Stian Thorgersen
7cfee80e58 KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header 2016-07-05 08:26:26 +02:00
Stian Thorgersen
435cdb6180 Merge pull request #2994 from wadahiro/KEYCLOAK-3259
KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files
2016-07-04 19:25:03 +02:00
Hiroyuki Wada
00cb0a798a KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files 2016-07-04 19:46:00 +09:00
Stan Silvert
d90a708ceb RHSSO-274: "Undefined" as auth flow execution 2016-07-01 10:25:14 -04:00
Stian Thorgersen
fa312fb3db Merge pull request #2979 from cainj13/localeNpeFix
make locale retrieval null-safe
2016-07-01 12:33:36 +02:00
Thomas Darimont
ce7e7ef1d7 KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint
Client mappers can now be configured to be limited to the
userinfo endpoint. This allows to keep access-tokens lean
while providing extended user information on demand via the
userinfo endpoint.
2016-07-01 11:35:19 +02:00
Bill Burke
3f1eecc4be Merge remote-tracking branch 'upstream/master' 2016-06-30 16:47:55 -04:00
Bill Burke
3ba3be877e fixes 2016-06-30 16:47:49 -04:00
Pedro Igor
01f3dddd91 Adding a column to list policies associated with a permission. 2016-06-30 10:26:05 -03:00
Pedro Igor
afa9471c7c [KEYCLOAK-3128] - Admin Client Authorization Endpoints 2016-06-30 10:26:05 -03:00
Bill Burke
a9f6948d74 Merge remote-tracking branch 'upstream/master' 2016-06-29 15:37:32 -04:00
Bill Burke
f51098c50b user fed refactor 2016-06-29 15:37:22 -04:00
Pedro Igor
8b0bf503c3 [KEYCLOAK-3172] - Migrating older versions with authorization services. 2016-06-29 12:07:49 -03:00
Josh Cain
ec402f759b make locale retrieval null-safe 2016-06-28 13:25:48 -05:00
Stian Thorgersen
2e2f34d94e Merge pull request #2957 from pedroigor/authz-changes
Changes to authz examples and some minor improvements
2016-06-23 07:49:47 +02:00
Pedro Igor
074a312fe5 Renaming authorization attributes. 2016-06-22 17:20:50 -03:00
Pedro Igor
f48288865b [KEYCLOAK-3156] - Missing CORS when responding with denies 2016-06-22 14:39:07 -03:00
Pedro Igor
905421a292 [KEYCLOAK-3152] - Keycloak Authorization JS Adapter 2016-06-22 14:28:02 -03:00
mposolda
f7a2ad021e KEYCLOAK-3141 Fix DB2 and some other DB issues 2016-06-22 17:06:55 +02:00
mposolda
5c731b4d14 KEYCLOAK-3149 DB update triggered before DBLock is retrieved 2016-06-21 17:14:25 +02:00
Pedro Igor
8402cedd82 Merge pull request #2946 from pedroigor/KEYCLOAK-3130
[KEYCLOAK-3130] - Permission checks to authorization admin endpoints
2016-06-21 10:50:29 -03:00
Erik Mulder
f4ead484de KEYCLOAK-2474 Possibility to add custom SPI and extend the data model 2016-06-20 10:56:33 +02:00