rmartinc
d39dfd8688
KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters
2020-02-05 11:30:28 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability ( #6710 )
2020-02-05 08:35:47 +01:00
Thomas Darimont
42fdc12bdc
KEYCLOAK-8573 Invalid client credentials should return Unauthorized status ( #6725 )
2020-02-05 08:27:15 +01:00
Thomas Darimont
d417639cb8
KEYCLOAK-11033 Avoid NPE in password endpoint of AccountCredentialResource ( #6721 )
...
Added additional null guard since some credentials provide might not
maintain a "CreatedDate" for a password credentials.
2020-02-04 16:01:27 +01:00
rmartinc
5b9eb0fe19
KEYCLOAK-10884: Need clock skew for SAML identity provider
2020-02-03 22:00:44 +01:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements ( #6709 )
...
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
the user to provide device name label,
Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages
Add a corresponding testcase
Also address issues pointed out by mposolda's review. Thanks, Marek!
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … ( #6668 )
2020-02-03 19:23:30 +01:00
Leon Graser
01a42f417f
Search and Filter for the count endpoint
2020-02-03 09:36:30 +01:00
Pedro Igor
ed2d392a3d
[KEYCLOAK-9666] - Entitlement request with service account results in server error
2020-02-03 08:57:56 +01:00
Pedro Igor
658a083a0c
[KEYCLOAK-9600] - Find by name in authz client returning wrong resource
2020-02-03 08:57:20 +01:00
rmartinc
1989483401
KEYCLOAK-12001: Audience support for SAML clients
2020-01-31 15:56:40 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… ( #6690 )
...
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
2020-01-31 14:28:23 +01:00
Stan Silvert
6ac5a2a17e
[KEYCLOAK-12744] rh-sso-preview theme for product build
...
* change logo for RH-SSO
* Small fixes to rh-sso-preview theme
* rh-sso-preview theme
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2020-01-31 08:16:52 -03:00
Pedro Igor
c37ca235ab
[KEYCLOAK-11352] - Can't request permissions by name by a non-owner resource service, although the audience is set
2020-01-30 11:36:21 +01:00
stianst
2916af351a
KEYCLOAK-12712 Add thread-safety for provider hot-deployment
2020-01-29 14:06:11 +01:00
stianst
a3e5f9d547
KEYCLOAK-12736 Set time for admin events in milliseconds, instead of converted seconds
2020-01-29 14:05:22 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless ( #6649 )
2020-01-29 09:33:45 +01:00
Takashi Norimatsu
993ba3179c
KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT ( #6633 )
2020-01-28 14:55:48 +01:00
Stian Thorgersen
87cab778eb
KEYCLOAK-11996 Authorization Endpoint does not return an error when a request includes a parameter more than once ( #6696 )
...
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2020-01-24 12:10:56 +01:00
Thomas Darimont
303861f7e8
KEYCLOAK-10003 Fix handling of request parameters for SMTP Connection Test
...
We now transfer the SMTP connection configuration via HTTP POST
request body parameters instead of URL parameters.
The improves handling of SMTP connection configuration values with
special characters. As a side effect sensitive information like SMTP
credentials are now longer exposed via URL parameters.
Previously the SMTP connection test send the connection parameters
as encoded URL parameters in combination with parameters in the request body.
However the server side endpoint did only look at the URL parameters.
Certain values, e.g. passwords with + or ; could lead to broken URL parameters.
2020-01-23 13:19:31 -06:00
Leon Graser
f1ddd5016f
KEYCLOAK-11821 Add account api roles to the client on creation
...
Co-authored-by: stianst <stianst@gmail.com>
2020-01-23 13:10:04 -06:00
Benjamin Weimer
dd9ad305ca
KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with
...
following features
* Regex support for claim values.
* Support for multiple claims.
2020-01-23 07:17:22 -06:00
Stan Silvert
210fd92d23
KEYCLOAK-11550: Signing In page
2020-01-23 07:35:09 -05:00
Domenico Briganti
812b69af13
KEYCLOAK-9837 Not hide exception in email templating - clean code
2020-01-23 05:45:25 -06:00
Domenico Briganti
f07e08ef28
KEYCLOAK-9837 Not hide exception in email templating - Throws always an Exception
2020-01-23 05:45:25 -06:00
Domenico Briganti
476da4f276
KEYCLOAK-9837 Not hide exception in email templating
2020-01-23 05:45:25 -06:00
Captain-P-Goldfish
b90a0307ea
Add certificate timestamp validation ( #6330 )
...
KEYCLOAK-11818 Add certificate timestamp validation
2020-01-22 20:53:06 +01:00
vmuzikar
03306b87e8
KEYCLOAK-12125 Introduce SameSite attribute in cookies
...
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
Martin Bartos RH
d3f6937a23
[KEYCLOAK-12426] Add username to the login form + ability to reset login
2020-01-17 09:40:13 +01:00
mposolda
85dc1b3653
KEYCLOAK-12426 Add username to the login form + ability to reset login - NOT DESIGN YET
2020-01-17 09:40:13 +01:00
Tomas Kyjovsky
05c428f6e7
KEYCLOAK-12295 After password reset, the new password has low priority ( #6653 )
2020-01-16 09:11:25 +01:00
k-tamura
562dc3ff8c
KEYCLOAK-10659 Proxy authentication support for proxy-mappings
2020-01-15 13:29:54 +01:00
Martin Bartoš
5aab03d915
[KEYCLOAK-12184] Remove BACK button from login forms ( #6657 )
2020-01-15 12:25:37 +01:00
Axel Messinese
789e8c70ce
KEYCLOAK-12630 full representation param for get groups by user endpoint
2020-01-15 10:14:52 +01:00
Axel Messinese
72aff51fca
KEYCLOAK-12670 inconsistent param name full to briefRepresentation
2020-01-15 08:32:57 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector ( #6591 )
2020-01-14 21:54:45 +01:00
k-tamura
221aad9877
KEYCLOAK-11511 Improve exception handling of REST user creation
2020-01-14 13:34:34 +01:00
mhajas
a79d6289de
KEYCLOAK-11416 Fix nil AttributeValue handling
2020-01-10 12:47:09 +01:00
Viswa Teja Nariboina
5082ed2fcb
[ KEYCLOAK-12606 ] Passing email in login_hint query parameter during Identity brokering fails when an account already exists
2020-01-09 10:40:42 +01:00
Pedro Igor
03bbf77b35
[KEYCLOAK-12511] - Mapper not visible in client's mapper list
2020-01-09 10:25:06 +01:00
Thomas Darimont
062cbf4e0a
KEYCLOAK-9925 Use Client WebOrigins in UserInfoEndpoint
...
We now use the allowed WebOrigins configured for the client
for which the user info is requested.
Previously, Web Origins defined on the Client were not being recognized
by the /userinfo endpoint unless you apply the "Allowed Web Origins"
protocol mapper.
This was an inconsistency with how the Web Origins work compared
with the /token endpoint.
2020-01-09 10:10:59 +01:00
Pedro Igor
709cbfd4b7
[KEYCLOAK-10705] - Return full resource representation when querying policies by id
2020-01-09 10:00:24 +01:00
Pedro Igor
9fd7ab81f0
[KEYCLOAK-10407] - Avoiding redundant calls on identity.getid
2020-01-09 09:56:48 +01:00
Manfred Duchrow
f926529767
KEYCLOAK-12616 Vault unit test always failes on Windows
2020-01-07 20:55:50 +01:00
Hynek Mlnarik
f7379086e0
KEYCLOAK-12619 Improve mapped byte buffer cleanup
2020-01-07 16:07:43 +01:00
Thomas Darimont
54b69bd1dc
KEYCLOAK-10190 Fix NPE on missing clientSession in TokenEndpoint.codeToToken
...
In certain scenarios, e.g. when an auth code from another realm login is
used to perform the code to token exchange, it can happen that the
ClientSession is null which triggered an NPE when the userSession field is accessed.
Added null check for clientSession in TokenEndpoint.codeToToken to prevent an NPE.
2020-01-06 14:45:20 +01:00
Thomas Darimont
1a7aeb9b20
KEYCLOAK-8249 Improve extraction of Bearer tokens from Authorization headers ( #6624 )
...
We now provide a simple way to extract the Bearer token string from
Authorization header with a null fallback.
This allows us to have more fine grained error handling for the
various endpoints.
2020-01-06 13:58:52 +01:00
rmartinc
401d36b446
KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts
2019-12-27 15:59:38 -03:00
Thomas Darimont
0219d62f09
KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens
...
As required by the OIDC spec (1) we now return a proper WWW-Authenticate
response header if the given token is invalid.
1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError
2019-12-23 07:42:06 -03:00
Andrei Arlou
eed4847469
KEYCLOAK-12311 Fix minor warnings with collections in packages: forms, keys, partialimport, protocol from module "services"
2019-12-20 13:31:38 +01:00