Thomas Darimont
3103e0fd0a
KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider ( #4370 )
...
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider
This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.
The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.
I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords ) project.
For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/
Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```
Password blacklist is stored in a TreeSet.
* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter
We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.
BloomFilter implementation is provided by google-guava
which is available in wildfly.
Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.
This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.
Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.
Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.
The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.
Configure password blacklist folder for tests
* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers
* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
ckEriksen
f1593d3fb8
KEYCLOAK-5592 Build on OS-X no longer launches ForkedBooter UI ( #4519 )
2017-10-03 14:20:22 +02:00
mposolda
18031e2ed3
KEYCLOAK-5498 Update infinispan version to 8.2.8.Final to align with version in Wildfly
2017-09-18 18:05:35 +02:00
Stian Thorgersen
a6b9e5604c
Fix Tomcat 6 issues ( #4478 )
...
* Fix Tomcat test failures due to dependency conflicts
* Added proxy and tomcat6 to old tests to run on Travis
2017-09-15 09:55:42 +02:00
Stian Thorgersen
ee35673615
KEYCLOAK-1250 Profile and console loader for new account management console
2017-09-14 19:53:02 +02:00
Stian Thorgersen
433a8dd2e3
KEYCLOAK-5354 ( #4440 )
2017-08-30 07:59:47 +02:00
vramik
801205a5bc
KEYCLOAK-5123 rename integration to integration-deprecated
2017-08-30 05:21:30 +02:00
Stian Thorgersen
463661b051
Set version to 3.4.0.CR1-SNAPSHOT
2017-08-28 15:46:22 +02:00
Stian Thorgersen
31be564fa3
KEYCLOAK-5339 Upgrade to WildFly 11 CR1 ( #4429 )
2017-08-28 12:06:37 +02:00
Pedro Igor
d3e559453b
[KEYCLOAK-5015] - Updating Elytron Adapters
2017-08-22 18:01:19 -03:00
Markus Heberling
ef32585f57
create JS source maps ( #4365 )
...
updated minify plugin to 1.7.6
switch minify plugin to use CLOSURE compiler
enable source map generation https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k
include source maps in distribution files
2017-08-22 08:10:09 +02:00
Stian Thorgersen
672dd295f5
KEYCLOAK-5297 Update to WildFLy 11 Beta1 ( #4387 )
2017-08-15 11:55:01 +02:00
Stan Silvert
4b9ea5cbe0
KEYCLOAK-5127: Fix packaging of node_modules ( #4347 )
2017-07-24 09:12:43 -04:00
Hynek Mlnarik
d52d685161
KEYCLOAK-4818 Fix undeclared namespace error in context serialization
2017-07-19 15:18:53 +02:00
Stian Thorgersen
454c5f4d83
Set version to 3.3.0.CR1-SNAPSHOT
2017-06-30 09:47:11 +02:00
Stian Thorgersen
6bbdc13544
Upgrade EAP
2017-06-27 14:26:05 +02:00
mposolda
c4f172afe7
KEYCLOAK-4977 Upgrade infinispan and undertow version to align with Wildfly 11.0.0.Alpha1
2017-05-26 14:29:30 +02:00
Stian Thorgersen
0b6c9aa927
KEYCLOAK-4723
...
Refactor service dependencies for caches in KeycloakServerDeploymentProcessor
2017-05-19 09:43:15 +02:00
Stian Thorgersen
a2af516df7
KEYCLOAK-4855
...
[RHSSO] Compilation issues with Bouncycastle 1.56
2017-05-19 09:37:32 +02:00
Stian Thorgersen
2e83eda172
KEYCLOAK-4477 Update to WildFly 11
2017-05-19 06:24:58 +02:00
Stian Thorgersen
6d8a3f7a8b
KEYCLOAK-4933 Fixes
2017-05-19 06:24:58 +02:00
Bob McWhirter
56d68c17f5
KEYCLOAK-4933
...
Use a newer version of the server-provisioning-plugin.
By using a newer version of the plugin, we can reduce
the amount of build code that replicates the provisioning
logic when building overlays.
This applies to both:
* Server distribution overlay
* Adapter distribution overlay
Both overlays are created purely by using the provisioning
plugin and the feature-packs produced elsewhere in the build,
along with the admin-cli artifact when appropriate.
2017-05-19 06:24:58 +02:00
Stian Thorgersen
18295497ae
Bump RH-SSO version to 7.2.0.DR3
2017-05-09 19:44:37 +02:00
Stian Thorgersen
12e56086d5
KEYCLOAK-4873
...
product.version property should refer to product version
2017-05-09 19:17:42 +02:00
Stian Thorgersen
f0a0b553e5
KEYCLOAK-4870
...
Travis doesn't run unit tests
2017-05-08 14:35:17 +02:00
Stian Thorgersen
43f64e51c6
KEYCLOAK-4857
...
[RHSSO] async-http-servlet-3.0 missing in newest resteasy
2017-05-05 12:08:22 +02:00
Stian Thorgersen
b00651391b
KEYCLOAK-4859 [RHSSO] Upgrade to EAP 7.1.0 Alpha17
2017-05-05 12:08:22 +02:00
vramik
5b926a3da6
KEYCLOAK-4819 update product.filename.version
2017-04-28 14:40:37 +02:00
Stian Thorgersen
87dedb56e5
Set version to 3.2.0.CR1-SNAPSHOT
2017-04-27 14:23:03 +02:00
Stian Thorgersen
038c4765a3
KEYCLOAK-4764 Fixes for distribution
2017-04-19 13:58:39 +02:00
Stian Thorgersen
56320cc023
Merge branch 'master' into KEYCLOAK-4563
2017-04-07 09:36:40 +02:00
Stian Thorgersen
6201257f76
KEYCLOAK-4549 [RH-SSO] EAP 7.1.0 Alpha16
2017-04-05 11:55:21 +02:00
Stian Thorgersen
0180d54dd9
KEYCLOAK-4668 Exclude modules in product profile
2017-03-28 10:04:20 +02:00
Stian Thorgersen
9303a9c7d0
KEYCLOAK-3258 Add server dist changes to product profile
2017-03-27 20:50:13 +02:00
Bill Burke
e5a2642e62
Merge pull request #3978 from pedroigor/KEYCLOAK-3573
...
[KEYCLOAK-3573] - Elytron SAML and OIDC Adapters
2017-03-25 19:24:42 -04:00
Pedro Igor
30d7a5b01f
[KEYCLOAK-3573] - Elytron SAML and OIDC Adapters
2017-03-24 11:32:08 -03:00
Stian Thorgersen
e74f037732
KEYCLOAK-4658 Updates client-cli
2017-03-24 09:41:56 +01:00
Stian Thorgersen
90c4de27e5
KEYCLOAK-3251 Add product Maven profile
...
KEYCLOAK-3254 Product profile should include RH-SSO theme and change default theme
2017-03-24 07:10:11 +01:00
Stian Thorgersen
a87ee04024
Bump to 3.1.0.CR1-SNAPSHOT
2017-03-16 14:21:40 +01:00
David Klassen
32d3f760ec
KEYCLOAK-4421: Change http url to https
...
Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-14 10:18:40 +01:00
Gabriel Lavoie
fb507048f5
KEYCLOAK-4563: Large user account ID and group ID may break distribution builds.
...
- Maven documentation recommends using POSIX tar format.
2017-03-13 13:28:51 -04:00
Stian Thorgersen
2cf4518ffd
Disable snapshot for repositories
2017-03-13 09:03:46 +01:00
Rene Ploetz
e770a05db0
KEYCLOAK-4537 Jetty 9.4 implementation (OIDC/SAML)
2017-03-06 23:01:24 +01:00
Pavel Drozd
52fbe00c04
Merge pull request #3874 from vramik/KEYCLOAK-4258
...
KEYCLOAK-4258 add server-config-migration module to parent pom
2017-03-01 08:27:59 +01:00
vramik
e960e45671
Enable server-config-migration for distribution
2017-02-16 13:00:27 +01:00
Stian Thorgersen
49ac3587b6
KEYCLOAK-4384 Remove Mongo support
2017-02-15 15:20:58 +01:00
sebastienblanc
083f27f19d
KEYCLOAK-4423 : Adding Spring Boot Adapter
2017-02-14 14:33:15 +01:00
Stian Thorgersen
7210ea36d2
KEYCLOAK-4195 Keycloak adapter and SPI bom
2017-01-27 12:19:40 +01:00
Marko Strukelj
3e13ffda65
KEYCLOAK-4324 Upgrade and unify Aesh version to 0.66.12
2017-01-26 18:08:48 +01:00
Stian Thorgersen
6f22f88d85
Bump version to 3.0.0.CR1
2017-01-26 06:18:11 +01:00
Stian Thorgersen
1ef2eb6110
Merge pull request #3693 from ssilvert/config-migration-2
...
KEYCLOAK-4101: jboss-cli script to do migration of configuration
2017-01-16 09:37:01 +01:00
Martin Kanis
f28b3c1269
KEYCLOAK-4157 Move drools-bom from keycloak-parent
2017-01-12 13:58:56 +01:00
Stan Silvert
420286c103
KEYCLOAK-4101: jboss-cli script to do migration of configuration
2017-01-09 18:15:26 -05:00
Stian Thorgersen
e805ffd945
Bump version to 2.5.1.Final-SNAPSHOT
2016-12-22 08:22:18 +01:00
Marko Strukelj
c3d9859c6e
KEYCLOAK-912 Admin CLI
2016-12-19 01:05:03 +01:00
Bill Burke
8b4bb72fb3
enhance user storage jpa example
2016-12-03 13:33:16 -05:00
Stian Thorgersen
b771b84f56
Bump to 2.5.0.Final-SNAPSHOT
2016-11-30 15:44:51 +01:00
Bill Burke
cd92cc504b
fix pom
2016-11-23 17:08:24 -05:00
Stian Thorgersen
6ec82865d3
Bump version to 2.4.1.Final-SNAPSHOT
2016-11-22 14:56:21 +01:00
mposolda
a27be0cee7
KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches.
2016-11-16 22:29:23 +01:00
Stian Thorgersen
cf17687b8b
Merge pull request #3506 from abstractj/KEYCLOAK-3913
...
[KEYCLOAK-3913] - Native libraries included within SSSD jar
2016-11-16 14:56:53 +01:00
Bruno Oliveira
8a0cb507c5
[KEYCLOAK-3913] - Native libraries included within SSSD jar
...
- Revert "[KEYCLOAK-3580] - Migrate DBus Java from Unix Socket C library to jnr-unixsocket"
This reverts commit 6c5d1b9214
.
- Use JNA RPM, instead of Maven
2016-11-16 09:14:05 -02:00
Pedro Igor
394a9daa64
[KEYCLOAK-3906] - Update IP-BOM 6.0.10.Final
2016-11-15 01:03:35 +00:00
Stian Thorgersen
7e33f4a7d1
KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private
2016-11-10 13:28:42 +01:00
Bruno Oliveira
6c5d1b9214
[KEYCLOAK-3580] - Migrate DBus Java from Unix Socket C library to jnr-unixsocket
2016-11-03 10:25:45 -02:00
Stian Thorgersen
c615674cbb
Bump version
2016-10-21 07:03:15 +02:00
mposolda
acbb17a331
KEYCLOAK-3768 Fix executing embedded apacheDS via maven exec plugin
2016-10-20 10:08:33 +02:00
gil
490b7f6ba4
KEYCLOAK-3519 port to apache-ldap-api-1.0.0-M33
2016-10-19 11:29:31 +02:00
Marko Strukelj
c912f941e7
KEYCLOAK-2084 Client Registration CLI
2016-10-18 12:33:02 +02:00
Stian Thorgersen
4ce5f9e087
Moved version property for jboss-integration-platform to Keycloak parent
2016-10-17 19:55:43 +02:00
Bill Burke
ecc104719d
bump pom version
2016-09-26 11:01:18 -04:00
Stian Thorgersen
4977527f60
Merge pull request #3239 from stianst/SERVER-PROFILE
...
KEYCLOAK-3579 Add ability to define profiles
2016-09-20 10:39:05 +02:00
Stian Thorgersen
992268a8e6
KEYCLOAK-3579 Add ability to define profiles
2016-09-20 08:41:23 +02:00
Stian Thorgersen
80cc9b0585
KEYCLOAK-3578 Remove source distribution
2016-09-19 10:32:40 +02:00
Stian Thorgersen
05ae84d533
Added version for keycloak-fuse-adapter-dist
2016-09-09 17:08:38 +02:00
Bill Burke
cdda19d1f8
pom.xml
2016-09-07 23:19:16 -04:00
Bruno Oliveira
1b2a5eda32
Initial FreeIPA Integration
...
- Provide username/password authentication with PAM
- Obtain user data from SSSD
- Feature packs for dbus-java, libpam4j and SSSD API
- Provisioning script
2016-09-06 18:04:43 -03:00
mposolda
d52e043322
Set version to 2.2.0-SNAPSHOT
2016-08-10 08:57:18 +02:00
Bill Burke
33d7d89ad9
provider hot deployment
2016-08-07 11:41:52 -04:00
Stian Thorgersen
4bdd67da79
Add versions for Jetty 9.3 adapter dists
2016-07-08 08:21:03 +02:00
Alexander Schwartz
9384aa1398
KEYCLOAK-2684: jetty 9.3 implementation
2016-07-01 12:26:59 +02:00
Bill Burke
b224917fc5
bump version
2016-06-30 17:17:53 -04:00
Stian Thorgersen
107830bd2c
KEYCLOAK-3093 Remove documentation from main repository
2016-06-22 13:40:21 +02:00
Pedro Igor
6a1fb8f870
[KEYCLOAK-3132] - Single module for common policy providers
2016-06-17 20:38:03 -03:00
Stian Thorgersen
8f3cfed7c5
Merge pull request #2934 from fkiss/master-truststore
...
KEYCLOAK-2283 added email truststore test
2016-06-17 14:05:38 +02:00
Pedro Igor
086c29112a
[KEYCLOAK-2753] - Fine-grained Authorization Services
2016-06-17 02:07:34 -03:00
fkiss
b50513a946
KEYCLOAK-2283 added email truststore test
2016-06-14 13:49:16 +02:00
Paolo Antinori
53799297b3
KEYCLOAK-2805 - Moved cxf.version up to the main pom
2016-05-05 15:22:03 +02:00
Paolo Antinori
f5f36545f3
KEYCLOAK-2805 - Support for JBoss Fuse 6.3
...
Upgrade of CXF, Jetty and Pax-Web required to rewrite part of the integration.
2016-05-05 15:21:51 +02:00
mposolda
6a75aec6d8
Easier MariaDB support in tests
2016-05-04 23:08:30 +02:00
Bill Burke
b080e1e782
merge adapter-spi adapter-spi-public
2016-04-13 22:25:30 -04:00
Bill Burke
515ed226be
Merge remote-tracking branch 'upstream/master'
2016-04-12 15:19:58 -04:00
Bill Burke
cca91dd175
public/private
2016-04-12 15:19:46 -04:00
Vlasta Ramik
54e745c6c9
added nexus-staging-maven-plugin
2016-04-08 15:40:26 +02:00
Stian Thorgersen
28fe13a800
Next is 2.0.0.CR1
2016-03-10 08:13:00 +01:00
Stian Thorgersen
d722e53108
Next is 1.9.2.Final
2016-03-10 07:28:27 +01:00
Pedro Igor
3b8364f1e6
Updating xmlsec to 2.0.5
2016-02-25 11:43:00 -03:00
Stian Thorgersen
a1d9753ec2
Next is 1.9.1.Final-SNAPSHOT
2016-02-23 08:48:26 +01:00
Stian Thorgersen
4fd97091ff
Version bump to 2.0.0.CR1-SNAPSHOT
2016-02-22 11:36:56 +01:00
Stian Thorgersen
0840f39495
Merge pull request #2247 from vramik/KEYCLOAK-2502
...
Update test jvm memory settings
2016-02-22 08:03:32 +00:00