Commit graph

393 commits

Author SHA1 Message Date
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
Hynek Mlnarik
056ba75a72 KEYCLOAK-5656 Use standard infinispan remote-store 2017-10-16 21:49:42 +02:00
mposolda
1874820008 KEYCLOAK-5371 Fix ConcurrentLoginCrossDCTest.concurrentLoginWithRandomDcFailures 2017-10-11 13:02:55 +02:00
Hynek Mlnarik
fe972ce12b KEYCLOAK-5656 Remove remoteServers configuration option 2017-10-09 11:58:28 +02:00
Hynek Mlnarik
6cbfbeca0b KEYCLOAK-5656 Remove KeycloakTcpTransportFactory 2017-10-06 13:20:17 +02:00
mposolda
bca4c35708 KEYCLOAK-5371 Fix ActionTokenCrossDCTest and BruteForceCrossDCTest 2017-10-04 13:25:45 +02:00
Hynek Mlnařík
9aa4c3cf22 Merge pull request #4530 from vramik/KEYCLOAK-5586
KEYCLOAK-5586 crossdc tests on Wildfly using real database
2017-10-04 13:10:08 +02:00
vramik
b0a1550df5 KEYCLOAK-5586 crossdc tests on Wildfly using real database 2017-10-04 12:00:18 +02:00
Pavel Drozd
8e5db87b50 Merge pull request #4505 from mhajas/KEYCLOAK-5568
KEYCLOAK-5568 Run ConsoleProtection tests only with elytron
2017-10-04 08:02:31 +02:00
vramik
f806d4a5d6 KEYCLOAK-5586 Add support for testing cross dc tests on jboss-based containers 2017-10-03 14:01:45 +02:00
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
mhajas
efb43682a9 KEYCLOAK-5568 Run ConsoleProtection tests only with elytron 2017-09-27 17:45:20 +02:00
Antonio Howcroft Ferreira
a551195ddf KEYCLOAK-2035 update with feedback from PR by bburke 2017-09-22 15:05:49 +01:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
mhajas
330cb022eb KEYCLOAK-5320 Configure SSL using creaper 2017-09-08 13:19:48 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnarik
794c508b10 KEYCLOAK-4995 Support for distributed SAML logout in cross DC 2017-08-28 13:15:11 +02:00
mposolda
05c8c74c96 KEYCLOAK-5294 Updated README for cross-dc setup on Wildfly 2017-08-25 17:53:45 +02:00
Stian Thorgersen
20ac70d3fd KEYCLOAK-5119 (#4400) 2017-08-22 08:07:36 +02:00
mposolda
868e76fcf3 KEYCLOAK-4630 Added SessionsPreloadCrossDCTest for test preloading sessions and offline sessions. Support for manual.mode to control manually lifecycle of all servers. 2017-08-11 17:44:00 +02:00
Pavel Drozd
6bdc49048a KEYCLOAK-5267 Fuse tests - added timeouts for closing ssh channel 2017-08-09 13:39:04 +02:00
mposolda
251b41a7ac KEYCLOAK-4187 Fix LastSessionRefreshCrossDCTest and ConcurrentLoginCrossDCTest 2017-08-07 11:55:49 +02:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
Stian Thorgersen
badba7adaf KEYCLOAK-5143 Run auth-server-wildfly profile on Travis (#4317) 2017-07-14 07:01:54 +02:00
Stian Thorgersen
5fbb362710 KEYCLOAK-5119 Set encoding for TestingResourceProvider.runOnServer (#4292) 2017-07-05 13:39:16 +02:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Hynek Mlnarik
5e16a32f86 KEYCLOAK-5106 Fix BasicSamlTest on auth-server-wildfly 2017-06-28 20:47:43 +02:00
mhajas
29c2ef4c60 KEYCLOAK-5097 fix property name 2017-06-27 12:28:32 +02:00
Pavel Drozd
b02d48f772 Merge pull request #4249 from vramik/KEYCLOAK-5048
KEYCLOAK-5048 missing keycloak version in logs when staring auth-serv…
2017-06-27 11:40:26 +02:00
Bill Burke
22987bb90b Merge pull request #4250 from mposolda/RHSSO-1027
KEYCLOAK-5085 Easy fix to just handle the exception
2017-06-26 10:04:02 -04:00
Hynek Mlnarik
955cbc76d7 KEYCLOAK-5030 Change action tokens cache type to distributed 2017-06-26 10:11:53 +02:00
mposolda
756d996a4a KEYCLOAK-5085 RHSSO-1027 Fix to handle the exception thrown from alternative flow 2017-06-23 19:13:43 +02:00
vramik
e75f47d523 KEYCLOAK-5048 missing keycloak version in logs when staring auth-server-wildfly container. 2017-06-22 09:20:11 +02:00
mposolda
fc61a4e89f KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model 2017-06-21 22:14:20 +02:00
Hynek Mlnarik
2e2d15be9f KEYCLOAK-4189 Infinispan cache and channel statistics for Cross-DC-testing 2017-06-20 12:48:08 +02:00
vramik
5d72def1bc KEYCLOAK-4189 add possibility to use jdg as cache server 2017-06-15 12:57:25 +02:00
Hynek Mlnarik
bdadef1282 KEYCLOAK-4189 Fix in instructions for running Cross-DC tests 2017-06-14 14:36:10 +02:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
Pavel Drozd
a52a1f4618 Merge pull request #4196 from vramik/KEYCLOAK-4481
KEYCLOAK-4481 some authz export tests
2017-05-30 16:56:54 +02:00
Tomas Kyjovsky
67bee0dfc2 Upgraded wildfly-arquillian-container-* artifacts to 2.1.0.Alpha2 and added wildfly10 modules in app servers and adapter tests 2017-05-30 14:25:51 +02:00
vramik
8f1938c28d KEYCLOAK-4481 Role based permission test 2017-05-30 13:10:09 +02:00
mposolda
c4f172afe7 KEYCLOAK-4977 Upgrade infinispan and undertow version to align with Wildfly 11.0.0.Alpha1 2017-05-26 14:29:30 +02:00
mhajas
88473ce3c1 KEYCLOAK-4959 Use desired version of adapter 2017-05-25 12:02:16 +02:00
Pavel Drozd
c230edbf72 Merge pull request #4151 from pdrozd/KEYCLOAK-4931
KEYCLOAK-4931 - install patch available from http
2017-05-23 14:01:44 +02:00
Pavel Drozd
60ef910b5b KEYCLOAK-4931 - install patch available from http 2017-05-18 23:47:12 +02:00
Pavel Drozd
53ab314eb9 KEYCLOAK-4930 - Updated install-keycloak script for overlay installation - added ha installation. 2017-05-18 23:35:04 +02:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
Pedro Igor
80a80512ea [KEYCLOAK-4769] - Policy enforcer path matching tests 2017-04-20 13:21:01 -03:00
Pedro Igor
55f747ecd0 [KEYCLOAK-3135] - Part 1: Permission Management API 2017-04-12 00:52:13 -03:00
Pavel Drozd
b4c5eb8354 Merge pull request #3994 from vramik/KEYCLOAK-4534
KEYCLOAK-4534 ClientInitiatedAccountLinkTest fails with auth-server-w…
2017-04-04 10:47:36 +02:00
Pedro Igor
f857625d07 [KEYCLOAK-3573] - Elytron adapter CLI scripts and tests. 2017-03-31 11:31:33 -03:00
vramik
ca6d8c9dbe KEYCLOAK-4534 ClientInitiatedAccountLinkTest fails with auth-server-wildlfy 2017-03-30 12:47:51 +02:00
Pedro Igor
30d7a5b01f [KEYCLOAK-3573] - Elytron SAML and OIDC Adapters 2017-03-24 11:32:08 -03:00
Peter Nalyvayko
b2f10359c8 KEYCLOAK-4335: x509 client certificate authentication
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments

x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute

Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received

Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes

Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document

A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README

Changes to the formating of the readme

Added a list of features to readme

Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions

Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master

Removed a superfluous file created when merging x509 and main branches

X509 authentication: removed the PKIX path validation as superflous

Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main

Merge the unit tests from x509 branch

added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured

CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.

changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail

Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)

X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them

X509 fixed a compile error caused by the changes to the user model in master

Integration tests to validate X509 client certificate authentication

Minor tweaks to X509 client auth related integration tests

CRLs to support x509 client cert auth integration tests

X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime

X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class

X509 separated the browser and direct grant x509 authenction integration tests

x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator

x509 removed the dependency on mockito

x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests

index.txt.attr is needed by openssl to run a simple OCSP server

x509: minor grammar fixes

Add OCSP stub responder to integration tests

This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.

Replace printStackTrece with logging

This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.

Remove unused imports

Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.

Parameterized Hashtable variable

Removed unused CertificateFactory variable

Declared serialVersionUID for Serializable class

Removed unused CertificateBuilder class

The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.

Removing unused variable declaration

`response` variable is not used in the test, removed it.

Made sure InputStreams are closed

Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.

Removed deprecated usage of URLEncoder

Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.

Made it more clear how to control OCSP stub responder in the tests

X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job

KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests

KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Pavel Drozd
7ab67d205b Merge pull request #3903 from tkyjovsk/KEYCLOAK-4515
KEYCLOAK-4515 Make it possible to clean-up other DB types than mysql or postgres
2017-03-07 21:50:48 +01:00
mposolda
091b376624 KEYCLOAK-1590 Realm import per test class 2017-03-01 09:38:44 +01:00
Tomas Kyjovsky
c94b7922aa Added profile jdbc-driver-depencency to arq. testsuite; changed jdbc module path from layers/base/com/${db} to layers/base/test/jdbc/${db} 2017-03-01 01:37:53 +01:00
Tomas Kyjovsky
a5677e87db UserStorageTest migrated to Arquillian testsuite 2017-02-22 13:54:11 +01:00
mposolda
f6bc0806d5 KEYCLOAK-4368 Switch default WebDriver impl to htmlUnit 2017-02-20 21:52:15 +01:00
Pavel Drozd
4ede1174b7 Merge pull request #3805 from mhajas/KEYCLOAK-3841
KEYCLOAK-3841 Fix tests on windows
2017-02-13 10:37:32 +01:00
Stian Thorgersen
5b5dc3e442 KEYCLOAK-4265 Social login tests 2017-02-06 13:50:10 +01:00
Bill Burke
1d04d56bdb Merge pull request #3816 from patriot1burke/master
KEYCLOAK-4218
2017-02-01 08:55:10 -05:00
mposolda
5c5b7a33d3 KEYCLOAK-4169 Add initial testsuite how-to 2017-01-30 22:23:08 +01:00
Bill Burke
bb77ab4a81 account link tests 2017-01-27 17:37:08 -05:00
mhajas
1a073629ec KEYCLOAK-3841 2017-01-27 14:43:46 +01:00
Stian Thorgersen
5fd3eb2990 KEYCLOAK-3729 Ability to run tests within Keycloak server 2017-01-27 12:14:19 +01:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
Pavel Drozd
3d9f11168e KEYCLOAK-4210: Added Fuse admin tests 2017-01-13 01:05:37 +01:00
Pavel Drozd
cbd6f7e1d0 Merge pull request #3723 from mhajas/KEYCLOAK-3841
KEYCLOAK-3841 Unignore and fix fuse on eap test
2017-01-10 08:10:22 +01:00
mposolda
a09bc6520f KEYCLOAK-2888 KEYCLOAK-3927 Fully migrate kerberos tests to the new testsuite 2017-01-09 13:50:41 +01:00
mhajas
86c49f5e89 KEYCLOAK-3841 Unignore and fix fuse on eap test 2017-01-06 14:39:24 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Pedro Igor
40591cff25 Merge pull request #3662 from pedroigor/KEYCLOAK-4034
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
c9c9f05e29 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 11:22:37 -02:00
Stian Thorgersen
f29bb7d501 KEYCLOAK-4092 key provider for HMAC signatures 2016-12-19 10:50:43 +01:00
Bill Burke
62029e8a33 KEYCLOAK-3506 2016-12-10 11:59:29 -05:00
mposolda
a38544796f KEYCLOAK-3823 KEYCLOAK-3824 Added public-key-cache-ttl for OIDC adapters. Invalidate cache when notBefore sent 2016-12-01 12:25:07 +01:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
Bill Burke
9e50a45b4c UserBulkUpdateProvider interface 2016-11-29 18:43:22 -05:00
mposolda
803fde6c1d KEYCLOAK-3124 Possibility test adapter on embedded undertow 2016-11-29 22:08:23 +01:00
mposolda
69ce1e05f0 KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected 2016-11-28 15:27:25 +01:00
mposolda
7c6032cc84 KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite 2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70 remove User Fed SPI 2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf remove realm UserFed SPI methods 2016-11-23 08:31:20 -05:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
Vlasta Ramik
50339f6f0e Test backwards compatibility of realm import 2016-11-16 13:17:04 +01:00
Bill Burke
cc0eb47814 merge 2016-11-14 15:09:41 -05:00
Stian Thorgersen
7e33f4a7d1 KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private 2016-11-10 13:28:42 +01:00
Bill Burke
14dc0ff92f Merge remote-tracking branch 'upstream/master' 2016-11-05 20:05:01 -04:00
Bill Burke
c75dcb90c2 ldap port 2016-11-04 21:25:47 -04:00
Pavel Drozd
da516a78b3 Merge pull request #3450 from mhajas/KEYCLOAK-3841
KEYCLOAK-3841 Testing of Hawtio console on EAP6 + Fuse integration
2016-11-02 10:54:52 +01:00
mhajas
446b57b827 KEYCLOAK-3841 Testing of Hawtio console on EAP6 + fuse integration 2016-10-31 14:35:13 +01:00
Bill Burke
73e3f2a89b REST API for disable cred type 2016-10-26 15:48:45 -04:00
Vlasta Ramik
3ca836ffdc add profile for testing migration for productized version 2016-10-24 15:20:17 +02:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Stian Thorgersen
5a00aaefa8 KEYCLOAK-2594
bind credential being leaked in admin tool JSON response

KEYCLOAK-2972
Keycloak leaks configuration passwords in Admin Event logs
2016-10-20 19:30:59 +02:00
Vlasta Ramik
98aa516d74 KEYCLOAK-3619 minor fix 2016-10-19 09:59:30 +02:00
Vlasta Ramik
041413d8de KEYCLOAK-3619 Update default datasource definition to non-XA 2016-10-18 12:12:41 +02:00
Marek Posolda
2fd680092a Merge pull request #3336 from mposolda/master
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for …
2016-10-18 08:33:26 +02:00
mposolda
00879b39b7 KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue 2016-10-17 21:34:21 +02:00
Vlasta Ramik
b0448d1b6f KEYCLOAK-3589 Add support for manual upgrade of database schema to testsuite 2016-10-17 11:32:43 +02:00
mposolda
18e0c0277f KEYCLOAK-3666 Dynamic client registration policies 2016-10-14 20:20:40 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Vlasta Ramik
bc2eb2b9ea KEYCLOAK-3489 KEYCLOAK-3609 2016-10-12 12:28:56 +02:00
Stian Thorgersen
f1156a49cf Merge pull request #3273 from vramik/KEYCLOAK-3619
KEYCLOAK-3619 Update default datasource definition to XA
2016-10-03 13:54:20 +02:00
Bill Burke
d4c3fae546 merge conflicts 2016-09-30 19:19:12 -04:00
mposolda
f9a0abcfc4 KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url. 2016-09-30 21:28:23 +02:00
Vlasta Ramik
550ec2ff51 Update default datasource definition to XA 2016-09-30 12:50:17 +02:00
Bill Burke
8967ca4066 refactor mongo entities, optimize imports 2016-09-28 15:25:39 -04:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
Pavel Drozd
9ee58909ab Merge pull request #3248 from pdrozd/patches
KEYCLOAK-3597 - Arquillian testuite - server preparation (overlay & p…
2016-09-26 10:26:13 +02:00
Bill Burke
8e65356891 creds 2016-09-22 19:57:39 -04:00
Bill Burke
7209a95dce credential refactoring 2016-09-22 08:34:45 -04:00
Pavel Drozd
59eec8d5b4 KEYCLOAK-3597 - Arquillian testuite - server preparation (overlay & patches installation) 2016-09-20 13:00:54 +02:00
Stian Thorgersen
b2fd429749 Merge pull request #3234 from vramik/KEYCLOAK-3549
KEYCLOAK-3549 fix xsl locator to work with ibmjdk
2016-09-16 09:22:23 +02:00
Vlasta Ramik
bde45eaa07 fix xsl locator to work with ibmjdk 2016-09-14 14:43:14 +02:00
Martin Hardselius
04d03452bd KEYCLOAK-3422 support pairwise subject identifier in oidc 2016-09-13 09:18:45 +02:00
Vlasta Ramik
fa8f60a5f0 remove jta=false from default datasource definition 2016-09-08 15:25:17 +02:00
mposolda
5a015a6518 KEYCLOAK-3494 Input elements backed by user attributes fail to update in themes 2016-09-07 20:08:09 +02:00
Stian Thorgersen
22e85b11eb Merge pull request #3190 from vramik/KEYCLOAK-3489
KEYCLOAK-3489 Database migration testing
2016-09-05 15:19:24 +02:00
Vlasta Ramik
39fe439573 Database migration testing 2016-09-05 13:39:21 +02:00
mposolda
a24a43c4be KEYCLOAK-3349 Support for 'request' and 'request_uri' parameters 2016-09-02 20:20:38 +02:00
mposolda
892d5fd1b7 TestingExportImport in separate resource 2016-09-02 20:20:38 +02:00
Vlasta Ramik
099de9e6e3 KEYCLOAK-3459 Adapt testsuite according to server configuration inside standalone.xml instead of keycloak-server.json 2016-08-25 12:36:39 +02:00
mposolda
3eb9134e02 KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint 2016-08-12 15:51:14 +02:00
mposolda
d52e043322 Set version to 2.2.0-SNAPSHOT 2016-08-10 08:57:18 +02:00
fkiss
4974079794 KEYCLOAK-3211 - ExportImportTest fix for Wildfly 2016-08-09 15:20:40 +02:00
Thomas Darimont
e49afb2d83 KEYCLOAK-3142 - Revised according to codereview
Liquibase Moved schema evolution configuration from jpa-changelog-2.1.0
to jpa-changelog-2.2.0.
Corrected wrong ResourceType references in tests.
Adapted AdminEvents copy-routines to be aware of resourceType attribute.
Added ResourceType enum to exposed ENUMS of ServerInfoAdminResource.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-05 00:01:03 +02:00
Pavel Drozd
0e470d75e9 KEYCLOAK-3336 Arquillian testuite: Added possibility to install server patch 2016-07-19 14:22:49 +02:00
mposolda
38f89b93ff KEYCLOAK-3281 OIDC 'state' parameter is url-encoded twice when responseMode=form_post 2016-07-13 18:07:57 +02:00
Bill Burke
0040d3fc3b Merge remote-tracking branch 'upstream/master' 2016-07-07 10:35:45 -04:00
Stian Thorgersen
2591dd862b Merge pull request #2976 from vramik/KEYCLOAK-3151
KEYCLOAK-3151 removed adapter libs mode from testsuite
2016-07-06 14:21:07 +02:00
Bill Burke
a19469aba5 Merge remote-tracking branch 'upstream/master' 2016-06-30 17:18:17 -04:00
Bill Burke
b224917fc5 bump version 2016-06-30 17:17:53 -04:00
Bill Burke
3f1eecc4be Merge remote-tracking branch 'upstream/master' 2016-06-30 16:47:55 -04:00
Bill Burke
3ba3be877e fixes 2016-06-30 16:47:49 -04:00
Pedro Igor
46d02f15fe [KEYCLOAK-2999] - Authorization arquillian tests 2016-06-30 10:26:05 -03:00
Vlasta Ramik
47fab2d034 removed adapter libs mode from testsuite 2016-06-24 13:32:03 +02:00
mhajas
69919902b4 Fix duplicate plugin for adding truststore 2016-06-24 12:50:39 +02:00
Stan Silvert
38722e8273 KEYCLOAK-3031 Migrate exportimport package to arquillian testsuite 2016-06-23 11:09:55 -04:00
Stian Thorgersen
e2082ce29f Merge pull request #2950 from vramik/KEYCLOAK-3140
KEYCLOAK-3140 - fixed HTTP 404 Not Found by removing duplicate declaration of plugins in auth-server-jboss
2016-06-22 15:12:01 +02:00
mposolda
da945a69e6 KEYCLOAK-2474 Added test 2016-06-21 13:47:41 +02:00
Vlasta Ramik
48bd019165 fixed duplicate declaration of plugins in auth-server-jboss 2016-06-21 11:21:52 +02:00
Stian Thorgersen
8f3cfed7c5 Merge pull request #2934 from fkiss/master-truststore
KEYCLOAK-2283 added email truststore test
2016-06-17 14:05:38 +02:00
mhajas
0df2525298 Fix ssl tests on EAP6 2016-06-16 11:56:31 +02:00
fkiss
b50513a946 KEYCLOAK-2283 added email truststore test 2016-06-14 13:49:16 +02:00
mposolda
e6b3586b87 KEYCLOAK-3106 EventStoreProviderTest.query is failing in some environments 2016-06-13 15:02:10 +02:00
Pavel Drozd
54d9943a3b KEYCLOAK-3085 - Add module org.jboss.resteasy.resteasy-jaxrs to integration-arquillian-testsuite-providers 2016-06-06 11:51:20 +02:00
mposolda
c42b8f81e3 KEYCLOAK-3074 Change the TestingResourceProvider to always both firstResults and maxResults in JPA criteria query 2016-06-03 10:31:32 +02:00
mposolda
13bf36ce49 KEYCLOAK-3074 Change the signature of TestingResourceProvider.getAdminEvents to use String instead of java.util.Date 2016-06-03 10:31:24 +02:00
Tomas Kyjovsky
ef95510da4 Updates to the performance tests.
Conflicts:
	testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml
	testsuite/integration-arquillian/tests/other/clean-start/pom.xml
2016-06-01 16:06:51 +02:00
Stan Silvert
1042a22cf7 KEYCLOAK-2912 Migrate events package to new testsuite 2016-05-25 15:22:17 -04:00
mhajas
183feeb952 Fix ssl adapter tests on wildfly 2016-05-20 14:53:44 +02:00
Bruno Oliveira
c434dc8dcc
KEYCLOAK-2908 - Migration of oidc package 2016-05-14 00:50:23 -03:00
mposolda
fc9dbcf6cb KEYCLOAK-2881 Admin events testing 2016-05-13 11:29:08 +02:00
Marko Strukelj
0878109647 KEYCLOAK-2993 Fix integration-arquillian tests failing with -Pauth-server-wildfly 2016-05-12 09:39:25 +02:00
Bruno Oliveira
4664bb01d8
Migration of AuthorizationCodeTest 2016-05-11 06:21:12 -03:00
mposolda
bea2678e85 KEYCLOAK-2862 AuthenticationManagementResource tests 2016-05-06 20:19:58 +02:00
Stian Thorgersen
f4d751c839 Merge pull request #2786 from stianst/master
KEYCLOAK-2865 Extend coverage of client admin endpoints
2016-05-06 11:13:15 +02:00
Marek Posolda
411b71bcbb Merge pull request #2768 from vramik/KEYCLOAK-2936
KEYCLOAK-2936 Add app server module and test module for testing fuse6.3, ...
2016-05-06 08:37:34 +02:00
Stian Thorgersen
0ca117b8e9 KEYCLOAK-2865 Extend coverage of client admin endpoints 2016-05-06 08:08:52 +02:00
Bruno Oliveira
a5687e4660 Migration of RefreshTokenTest 2016-05-05 15:20:52 -03:00
Vlasta Ramik
01a96b62dc Add app server module and test module for testing fuse6.3, rename feature in fuse6.2 tests 2016-04-28 14:50:10 +02:00
Stian Thorgersen
20dac1d885 KEYCLOAK-2933
RealmTest is failing on WildFly
2016-04-28 12:22:41 +02:00
Stian Thorgersen
83370f0666 Merge pull request #2737 from mhajas/adapter-ssl-PR
KEYCLOAK-2915 Fix adapter ssl tests on EAP/EAP6
2016-04-27 13:50:08 +02:00
Stian Thorgersen
d77c1e616f Merge pull request #2734 from vramik/KEYCLOAK-2889
KEYCLOAK-2889 Fix adapter tests for Karaf/Fuse
2016-04-27 13:49:27 +02:00
Stian Thorgersen
95724e36f3 KEYCLOAK-2871 Extend coverage on RealmAdminResource 2016-04-27 10:29:24 +02:00
mhajas
57ccbb7f49 Fix adapter ssl tests on EAP/EAP6 2016-04-26 09:15:12 +02:00
Vlasta Ramik
bf76be21c7 Fix adapter tests for Karaf/Fuse 2016-04-25 15:29:41 +02:00
Marek Posolda
6c3d31dd4c Merge pull request #2728 from mstruk/KEYCLOAK-2899
KEYCLOAK-2899 Tests fail with -Pauth-server-wildfly due to missing logging dependecy
2016-04-22 21:37:48 +02:00
Marko Strukelj
eea19e7850 KEYCLOAK-2899 Tests fail with -Pauth-server-wildfly due to missing logging dependecy 2016-04-22 19:48:13 +02:00
mposolda
e0aedfb93d KEYCLOAK-2878 UserFederation mapper testing 2016-04-22 14:03:42 +02:00
mposolda
f6a718f10a KEYCLOAK-2878 Testing of UserFederation admin REST endpoints 2016-04-21 23:11:14 +02:00
Marko Strukelj
b8832d2d71 KEYCLOAK-2755 Refactor testsuite events provider 2016-04-20 16:43:20 +02:00
Stian Thorgersen
656161ff61 Merge pull request #2651 from mhajas/truststore
KEYCLOAK-2841 Trustore support in adapter tests
2016-04-20 06:57:01 +02:00
mhajas
77c37ccaf6 Trustore support in adapter tests + fix tests 2016-04-18 16:14:10 +02:00
Tomas Kyjovsky
92d9808cc0 Added module 'adapters/jboss/remote' with performance tests. 2016-04-18 14:10:36 +02:00
Stan Silvert
ca72a3bd70 KEYCLOAK-2743: Port OAuthClient to new testsuite 2016-04-14 15:39:03 -04:00
Stian Thorgersen
f64ffcbefe KEYCLOAK-2818
Fix poms not updated by versions plugin
2016-04-14 08:16:07 +02:00
mposolda
5a108c60a0 KEYCLOAK-2812 Make testsuite-arquillian working with -Pauth-server-wildfly 2016-04-13 16:05:03 +02:00
Vlasta Ramik
36266b8574 Change undertow-embedded version from snapshot to released version 1.0.0.Alpha2 2016-04-12 09:40:57 +02:00
Marek Posolda
c469109d22 Merge pull request #2517 from mposolda/master
KEYCLOAK-1982 Some builtin objects might be missing when import JSON exported from previous versions
2016-04-06 13:24:32 +02:00
mposolda
f0b168c18f Ensure KeycloakSessionFactory.close is called before shutdown of auth-server-undertow 2016-04-06 11:43:49 +02:00
Stian Thorgersen
0fc4ca0d12 KEYCLOAK-2590 Add custom rest endpoint to set time offset 2016-04-06 11:14:37 +02:00
Bill Burke
020d090aee Merge pull request #2430 from mstruk/assert-events
KEYCLOAK-2589 KEYCLOAK-2607 KEYCLOAK-2597 Port AssertEvents to integration-arquillian
2016-03-30 15:16:25 -04:00
Tomas Kyjovsky
6b6a673642 KEYCLOAK-2641 updated READMEs 2016-03-30 18:11:09 +02:00
Tomas Kyjovsky
47773371e3 KEYCLOAK-2641 Fixed location of module.xsl 2016-03-30 14:48:19 +02:00
Marko Strukelj
95d222348d KEYCLOAK-2589 Copy AssertEvents to Arquillian testsuite and modify to pull events from admin endpoints 2016-03-24 17:13:00 +01:00
Tomas Kyjovsky
a9c7bbd44c KEYCLOAK-2641 moved app-server configurations from adapter tests to servers/app-server module 2016-03-24 11:24:21 +01:00
Pavel Drozd
c61b457c02 KEYCLOAK-2685 - Updated EAP7 namespaces 2016-03-21 08:48:47 +01:00
Stian Thorgersen
28fe13a800 Next is 2.0.0.CR1 2016-03-10 08:13:00 +01:00
Stian Thorgersen
d722e53108 Next is 1.9.2.Final 2016-03-10 07:28:27 +01:00
Tomas Kyjovsky
73b6751219 KEYCLOAK-1679 added cluster profile for eap7 2016-03-01 16:13:12 +01:00