Pedro Igor
55f747ecd0
[KEYCLOAK-3135] - Part 1: Permission Management API
2017-04-12 00:52:13 -03:00
Bill Burke
9452d37926
Merge remote-tracking branch 'upstream/master'
2017-04-06 18:33:50 -04:00
Bill Burke
2e284bdd9b
fix protocol mappers
2017-04-06 18:33:06 -04:00
Bill Burke
54cd41c955
Revert "KEYCLOAK-4727 KEYCLOAK-4652 - Fixing protocol mappers when evaluating policies using the tool"
2017-04-06 18:24:31 -04:00
Pedro Igor
6a959b32fc
KEYCLOAK-4727 KEYCLOAK-4652 - Fixing protocol mappers when evaluating policies using the tool
2017-04-06 18:43:54 -03:00
Bill Burke
3ce0c57e17
Merge pull request #3831 from Hitachi/master
...
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Bill Burke
0fd11d16ee
Merge pull request #3983 from bartoszmajsak/oso_typo_fix
...
Fixes misspelled config class in Openshift provider
2017-04-06 15:29:44 -04:00
Bill Burke
6ca5b7de03
Merge pull request #3998 from cainj13/fixNullProtocols
...
Fix null protocols for default clients
2017-04-06 15:29:21 -04:00
Bill Burke
13afc0147e
close user/client session later
2017-04-06 15:07:40 -04:00
Bill Burke
201d2c6aac
Merge remote-tracking branch 'upstream/master'
2017-04-06 10:44:43 -04:00
Bill Burke
31074c3c8d
KEYCLOAK-4727 KEYCLOAK-4652
2017-04-06 10:44:33 -04:00
Stian Thorgersen
af4c74f1d9
Merge pull request #3718 from thomasdarimont/issue/KEYCLOAK-4163-improve-support-for-email-addresses
...
KEYCLOAK-4163 Improve support for e-mail addresses
2017-04-06 15:34:30 +02:00
Stian Thorgersen
6201257f76
KEYCLOAK-4549 [RH-SSO] EAP 7.1.0 Alpha16
2017-04-05 11:55:21 +02:00
Josh Cain
0482ec40fd
Fix null protocols in default realm applications
2017-03-31 16:13:38 -05:00
Pedro Igor
838a045239
[KEYCLOAK-4650] - Adding scope filter and fixing cancel buttons
2017-03-29 12:59:41 -03:00
Takashi Norimatsu
ef3aef9381
Merge branch 'master' into master
2017-03-28 16:21:40 +09:00
Stian Thorgersen
6b21b4d87b
KEYCLOAK-4657 Sort out REST API for prod profile
2017-03-27 20:50:13 +02:00
Bartosz Majsak
0197600565
Fixes misspelled config class
2017-03-27 09:38:47 +02:00
Bill Burke
71f0c01d4f
Merge pull request #3980 from patriot1burke/master
...
KEYCLOAK-4664 KEYCLOAK-4665
2017-03-25 20:12:22 -04:00
Bill Burke
8c2e756732
fix
2017-03-25 19:21:50 -04:00
Bill Burke
d8e98d1de6
KEYCLOAK-4665
2017-03-25 12:47:32 -04:00
Bill Burke
dd8a64f30c
KEYCLOAK-4664
2017-03-25 11:21:11 -04:00
Bartosz Majsak
63e8e7f842
Alings SimpleHttp API with new version
2017-03-23 13:51:14 +01:00
Bartosz Majsak
210143738e
Merge branch 'master' into oso_provider
2017-03-23 13:45:07 +01:00
Peter Nalyvayko
b2f10359c8
KEYCLOAK-4335: x509 client certificate authentication
...
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments
x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute
Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received
Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes
Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document
A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README
Changes to the formating of the readme
Added a list of features to readme
Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions
Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master
Removed a superfluous file created when merging x509 and main branches
X509 authentication: removed the PKIX path validation as superflous
Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main
Merge the unit tests from x509 branch
added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured
CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.
changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail
Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)
X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them
X509 fixed a compile error caused by the changes to the user model in master
Integration tests to validate X509 client certificate authentication
Minor tweaks to X509 client auth related integration tests
CRLs to support x509 client cert auth integration tests
X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime
X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class
X509 separated the browser and direct grant x509 authenction integration tests
x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator
x509 removed the dependency on mockito
x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests
index.txt.attr is needed by openssl to run a simple OCSP server
x509: minor grammar fixes
Add OCSP stub responder to integration tests
This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.
Replace printStackTrece with logging
This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.
Remove unused imports
Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.
Parameterized Hashtable variable
Removed unused CertificateFactory variable
Declared serialVersionUID for Serializable class
Removed unused CertificateBuilder class
The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.
Removing unused variable declaration
`response` variable is not used in the test, removed it.
Made sure InputStreams are closed
Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.
Removed deprecated usage of URLEncoder
Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.
Made it more clear how to control OCSP stub responder in the tests
X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job
KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests
KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Stian Thorgersen
a87ee04024
Bump to 3.1.0.CR1-SNAPSHOT
2017-03-16 14:21:40 +01:00
Bartosz Majsak
a250f08b6c
Removes trailing slash from the base url
2017-03-15 22:27:24 +01:00
Stian Thorgersen
feeac69197
Merge pull request #3888 from daklassen/KEYCLOAK-4421
...
KEYCLOAK-4421 Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-15 09:54:21 +01:00
Stian Thorgersen
2aa93d7d55
Merge pull request #3924 from daklassen/KEYCLOAK-2486
...
KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
2017-03-15 09:50:06 +01:00
Thomas Darimont
b782892769
KEYCLOAK-4163 Improve support for e-mail addresses
...
Added support for user friendly email addresses as well as dedicated
reply-to addresses for emails being sent by Keycloak.
Both can be customized via the email settings per realm in
the admin-console.
User friendly email addresses use the format:
"Friendly Name"<email@example.org> and provide way to add a meaning
full name to an e-mail address.
We also allow to specify an optional envelope from bounce address.
If a mail sent to a user could not be delivered the email-provider
will sent a notification to that address.
See: https://en.wikipedia.org/wiki/Bounce_address
Add test for proper email headers in sent messages
2017-03-14 18:22:54 +01:00
Bill Burke
6d51862057
Merge pull request #3897 from anderius/feature/KEYCLOAK-4504-redirect-logout
...
[WIP] Saml broker: Option to specify logout request binding
2017-03-14 11:32:26 -04:00
David Klassen
32d3f760ec
KEYCLOAK-4421: Change http url to https
...
Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-14 10:18:40 +01:00
Pedro Igor
9d1d22565c
Merge pull request #3938 from pedroigor/authz-fixes
...
AuthZ Services Fixes
2017-03-13 15:20:41 -03:00
Pedro Igor
e7e6314146
[KEYCLOAK-4555] - Fixes and improvements to evaluation code
2017-03-13 14:08:54 -03:00
Alexey Kazakov
063f5303dd
KEYCLOAK-4568 Identity broker service may fail to validate client session if there is more then one active session
2017-03-11 12:59:25 -08:00
Mark Pardijs
c78c0b73d3
KEYCLOAK-4360: Add OneTimeUse condition to SAMLResponse
...
Add OneTimeUse Condition to SAMLResponse when configured in client settings
2017-03-09 13:01:05 +01:00
David Klassen
7029ef80f8
KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
...
Update SimpleHTTP to use Apache HTTP client under the covers.
2017-03-09 09:23:09 +01:00
Thomas Darimont
1dea38bdbb
KEYCLOAK-4205 Allow to return json arrays in Client and Realm Role Mappers
...
Previously the ClientRoleMapper and RealmRoleMapper returned
roles as a comma delimited String in OIDC tokens which
needed to be parsed by client applications.
We now support to generate the role information as JSON
arrays by setting "multi valued" to "true" in the
client role mapper or realm role mappers respectively
which makes it easier for clients to consume.
The default setting for "multi valued" is "false" to
remain backwards compatible.
An example AccessToken that shows the two modes can be found here:
https://gist.github.com/thomasdarimont/dff0cd691cd6e0b5e33c2eb4c76ae5e8
2017-03-08 20:56:56 +01:00
Bill Burke
efffcc5f41
Merge pull request #3915 from TeliaSoneraNorge/KEYCLOAK-4524
...
KEYCLOAK-4524
2017-03-08 10:08:04 -05:00
Bill Burke
c6dc59f63e
Merge remote-tracking branch 'upstream/master'
2017-03-03 11:00:32 -05:00
Martin Hardselius
a0a85f62c6
KEYCLOAK-4524 possible to add identity prover mappers with same name into single identity provider
...
- unique name enforcement working
- test added
2017-03-03 16:40:49 +01:00
Bill Burke
3bb29e033b
KEYCLOAK-4501, KEYCLOAK-4511, KEYCLOAK-4513
2017-03-03 09:48:52 -05:00
Bartosz Majsak
1a6bb2fedb
Adds Openshift Identity Provider as part of social brokers
2017-03-02 15:14:57 +01:00
Marek Posolda
cfb8d25ff2
Merge pull request #3900 from KillerDiller/wellknownprovider-four-oh-four
...
KEYCLOAK-4519: Avoid NPE for unknown paths under .../.well-known/.
2017-03-02 12:22:35 +01:00
Marek Posolda
4f4ae44a16
Merge pull request #3896 from thomasdarimont/issue/KEYCLOAK-4505-expose-clientSession-binding-to-ScriptBasedAuthenticator
...
KEYCLOAK-4505 Expose current clientSession binding to ScriptBasedAuthenticator
2017-03-01 12:17:29 +01:00
mposolda
091b376624
KEYCLOAK-1590 Realm import per test class
2017-03-01 09:38:44 +01:00
Anders Båtstrand
8d82390843
KEYCLOAK-4504 New configuration option for SAML Broker:
...
* postBindingLogout: Indicates if POST or redirect should be used for the logout requests.
This applies to both IdP-initiated logout, and Keycloak-initiated logout. If unset (for example when upgrading Keycloak), the setting is initially set to the same as postBindingResponse.
The flag is also set when importing IdP metadata.
2017-02-28 12:08:22 +01:00
Bill Burke
0765b01189
Merge remote-tracking branch 'upstream/master'
2017-02-27 18:46:09 -05:00
Bill Burke
b4f625e1ce
KEYCLOAK-4501
2017-02-27 18:46:00 -05:00
Stefan Paletta
bcbde3fdf0
Avoid NPE for unknown paths under .../.well-known/.
2017-02-27 02:42:02 +01:00
Anders Båtstrand
89c6cda2ac
Two new configuration options for the Saml broker:
...
* wantAssertionsSigned: This will toggle the flag in the SP Metadata Descriptor, and validate the signature if and only if "Validate signature" is selected.
* wantAssertionsEncrypted: This will simply require that the assertion is encrypted.
Default behavior is unchanged. The signature validation uses the original XML, and supports therefore an IdP that adds whitespace and line breaks between tags (for example OpenAM).
2017-02-24 15:08:57 +01:00
Thomas Darimont
18a8ed3e95
KEYCLOAK-4505 Expose current clientSession binding to ScriptBasedAuthenticator.
...
Previously the ScriptBasedAuthenticator did not expose the current
clientSession from the AuthenticationFlowContext.
In order to implement client specific authentications with javascript
one needs information about the current client.
2017-02-24 14:01:10 +01:00
Stian Thorgersen
e2b1c97e26
KEYCLOAK-943 Added initial implementation for update profile
2017-02-24 13:19:29 +01:00
Stian Thorgersen
faf0e98665
Merge pull request #3736 from guusdk/api-documentation
...
Improving the generated REST API documentation
2017-02-20 15:30:32 +01:00
Stian Thorgersen
3653d7ed9a
Merge pull request #3762 from sldab/hide-providers
...
KEYCLOAK-4224 Allow hiding identity providers on login page
2017-02-17 12:04:35 +01:00
Bill Burke
c3e72b11db
KEYCLOAK-4382
2017-02-13 10:51:10 -05:00
Bill Burke
d9633dc20c
Merge remote-tracking branch 'upstream/master'
2017-02-09 09:13:00 -05:00
Stian Thorgersen
44180a68e6
Merge pull request #3845 from frelibert/KEYCLOAK-4378
...
KEYCLOAK-4378 New user attribute is not added after first login from …
2017-02-09 10:02:09 +01:00
Bill Burke
cf5e2a1d20
unlink/remoteimported
2017-02-08 19:48:22 -05:00
Frederik Libert
f3a552ac9d
KEYCLOAK-4378 New user attribute is not added after first login from broker
2017-02-07 15:37:16 +01:00
mposolda
8a16ab52a9
KEYCLOAK-4371 Offline Tokens still useless When SSO Session Max is Reached and normal userSession expired
2017-02-03 11:55:58 +01:00
Takashi Norimatsu
88bfa563df
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
...
7636 - Server Side Implementation
2017-02-03 10:38:54 +09:00
Bill Burke
1d04d56bdb
Merge pull request #3816 from patriot1burke/master
...
KEYCLOAK-4218
2017-02-01 08:55:10 -05:00
Bill Burke
0d308e2b69
KEYCLOAK-4218
2017-01-31 15:15:49 -05:00
Pedro Igor
57c74e3f39
[KEYCLOAK-4341] - Resources are not properly exported when exporting authorization settings
2017-01-31 13:10:25 -02:00
Stian Thorgersen
6f22f88d85
Bump version to 3.0.0.CR1
2017-01-26 06:18:11 +01:00
Stian Thorgersen
d1e491d57d
KEYCLOAK-4286 Add deprecated support for old keycloak.js
2017-01-25 15:59:43 +01:00
mposolda
2de2df3a41
KEYCLOAK-4282 Fix authorization import in DirImportProvider
2017-01-24 21:57:35 +01:00
mposolda
194a63cc71
KEYCLOAK-4282 Import authorization after users are imported
2017-01-24 17:32:34 +01:00
Stian Thorgersen
94ffeda62a
Merge pull request #3773 from hmlnarik/KEYCLOAK-4181-SAML-Response-without-any-assertion-leads-to-an-exception
...
KEYCLOAK-4181 Fix handling of SAML error code in broker
2017-01-24 10:33:05 +01:00
Marek Posolda
29c0fe564c
Merge pull request #3752 from mposolda/master
...
KEYCLOAK-4024 Migration of old offline tokens
2017-01-23 16:25:35 +01:00
Stian Thorgersen
15d0a116ac
Merge pull request #3769 from hmlnarik/KEYCLOAK-4167-Unable-to-validate-access-token-for-OIDC-External-IDP-using-configured-public-key
...
KEYCLOAK-4167 Always use preset key for verification if key ID not set
2017-01-23 13:59:35 +01:00
Hynek Mlnarik
5da491c270
KEYCLOAK-4181 Fix handling of SAML error code in broker
2017-01-19 16:30:06 +01:00
Hynek Mlnarik
f289b281a0
KEYCLOAK-4262
2017-01-19 16:00:03 +01:00
Stian Thorgersen
536b88790e
Merge pull request #3757 from mstruk/KEYCLOAK-4150
...
KEYCLOAK-4150 Unresolved variable ${cliane_security-admin-console} in admin web client
2017-01-19 13:55:36 +01:00
Bill Burke
73d3e8afd9
Merge pull request #3770 from patriot1burke/master
...
KEYCLOAK-4077
2017-01-19 07:35:10 -05:00
Hynek Mlnarik
df4f1e7129
KEYCLOAK-4167 Always use preset key for verification if key ID not set
2017-01-18 10:29:06 +01:00
Stian Thorgersen
5a0504b5d9
Merge pull request #3753 from hmlnarik/KEYCLOAK-4216-mod-auth-mellon-logout-failed-when-using-SSO
...
KEYCLOAK-4216 Fix NPE and logout binding choice
2017-01-18 08:40:02 +01:00
Stian Thorgersen
e364680792
Merge pull request #3721 from hmlnarik/KEYCLOAK-3399-End-session-endpoint-returns-error-when-keycloak-session-is-expired
...
KEYCLOAK-3399 Ignore user session expiration on OIDC logout
2017-01-18 08:38:53 +01:00
mposolda
843b4b470b
KEYCLOAK-2333 LDAP/MSAD password policies are not used when user changes password
2017-01-17 21:06:09 +01:00
Bill Burke
dcf6da2a51
KEYCLOAK-4077
2017-01-17 09:20:44 -05:00
Slawomir Dabek
9bb65ba9b7
KEYCLOAK-4224 Allow hiding identity providers on login page
2017-01-17 14:32:59 +01:00
Stian Thorgersen
1913f801b9
Merge pull request #3739 from hmlnarik/KEYCLOAK-2847-Unexpected-error-when-trying-to-update-clientTemplate-to-already-existing-name
...
KEYCLOAK-2847 Fix for client template duplicate name
2017-01-16 09:45:39 +01:00
Stian Thorgersen
5842f7c837
Merge pull request #3751 from stianst/KEYCLOAK-4192
...
KEYCLOAK-4192 Added missing produces annotations for update methods
2017-01-16 09:41:29 +01:00
Stian Thorgersen
178625d3f2
Merge pull request #3745 from velias/master
...
KEYCLOAK-4202 - Attribute importer of Social Identity providers doesn't handle JSON 'null' values correctly
2017-01-16 08:22:04 +01:00
Marko Strukelj
d68f6bbc42
KEYCLOAK-4150 Unresolved variable ${cliane_security-admin-console} in admin web client
2017-01-13 17:48:21 +01:00
Bill Burke
ffb688b393
Merge remote-tracking branch 'upstream/master'
2017-01-13 11:45:55 -05:00
Bill Burke
6aee6b0c46
KEYCLOAK-4220
2017-01-13 11:45:48 -05:00
Hynek Mlnarik
02eda8943c
KEYCLOAK-4216 Fix NPE and logout binding choice
2017-01-13 14:30:32 +01:00
mposolda
9ad14d991c
KEYCLOAK-4140 Migration of old offline tokens
2017-01-13 11:35:19 +01:00
Stian Thorgersen
ac9268bd48
KEYCLOAK-4192 Added missing produces annotations for update methods
2017-01-13 09:56:20 +01:00
Hynek Mlnarik
0b58bebc90
KEYCLOAK-2847 Fix for client template duplicate name
2017-01-13 09:32:28 +01:00
mposolda
93157e49d5
KEYCLOAK-4201 Offline tokens become useless when accessing admin REST API
2017-01-13 09:06:53 +01:00
Vlastimil Elias
f13deab812
KEYCLOAK-4202 - Attribute importer of Social Identity providers doesn't
...
handle JSON 'null' values correctly
2017-01-12 14:14:09 +01:00
Hynek Mlnarik
e11957ecf3
KEYCLOAK-4167 Make OIDC identity provider key ID configurable
2017-01-11 18:24:22 +01:00
Guus der Kinderen
ba73ab1c2a
API documentation: Overview to left-hand side
2017-01-10 17:08:32 +01:00
Guus der Kinderen
45f5fa6a74
API documentation: Introduce and group by tags.
...
This commit introduces grouping of the documented REST resources. The grouping is based
on a free-form name of a resource (a 'tag' in Swagger terminology), which is introduced
by adding a @resource javadoc tag to every Resource class.
2017-01-10 17:08:27 +01:00
Guus der Kinderen
50b7dbe7b2
API documentation: Update dependencies.
2017-01-10 17:08:14 +01:00
Marek Posolda
227900f288
Merge pull request #3731 from mposolda/master
...
KEYCLOAK-4175 Provide a way to set the connect and read timeout for l…
2017-01-10 09:49:18 +01:00
Stian Thorgersen
7eeebff874
Merge pull request #3720 from hmlnarik/KEYCLOAK-4091-Possible-NullPointerExceptions-with-disabled-cache
...
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-10 06:23:10 +01:00
Bill Burke
452611242c
Merge remote-tracking branch 'upstream/master'
2017-01-09 17:14:34 -05:00
Bill Burke
d075172fd2
KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118
2017-01-09 17:14:20 -05:00
mposolda
c32620b718
KEYCLOAK-4175 Provide a way to set the connect and read timeout for ldap connections
2017-01-09 21:35:58 +01:00
Pedro Igor
0b5b27ea3a
[KEYCLOAK-4166] - Export/Import clients functionality not working as expected
2017-01-06 16:07:10 -02:00
Hynek Mlnarik
9fb3201c8b
KEYCLOAK-3399 Ignore user session expiration on OIDC logout
2017-01-06 15:15:46 +01:00
Hynek Mlnarik
377fbced4a
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-06 10:00:11 +01:00
Bill Burke
f9eeecf836
test KEYCLOAK-4013
2017-01-05 11:27:17 -05:00
Pedro Igor
4044b39ab7
[KEYCLOAK-3517] - Filtering SAML ECP flow
2017-01-04 11:17:39 -02:00
Stian Thorgersen
f2ee9df600
KEYCLOAK-4116 Trim username on recover password page
2017-01-03 11:50:08 +01:00
Stian Thorgersen
45411b1199
KEYCLOAK-4090
2017-01-03 07:53:08 +01:00
Stian Thorgersen
902332c5ae
Merge pull request #3696 from stianst/KEYCLOAK-4038
...
KEYCLOAK-4038 Get bind credential from component if stored
2017-01-02 15:44:59 +01:00
Stian Thorgersen
08d7211a93
KEYCLOAK-4038 Get bind credential from component if stored
2017-01-02 14:40:12 +01:00
Stian Thorgersen
1c0e204f50
Merge pull request #3690 from stianst/master
...
Bump version to 2.5.1.Final-SNAPSHOT
2017-01-02 08:52:04 +01:00
Stian Thorgersen
d6e620a266
Merge pull request #3689 from stianst/KEYCLOAK-4133
...
KEYCLOAK-4133
2017-01-02 08:51:37 +01:00
Pedro Igor
31ed69a970
[KEYCLOAK-4136] - Missing update on resource_set endpoint
2016-12-29 11:59:42 -02:00
Stian Thorgersen
e805ffd945
Bump version to 2.5.1.Final-SNAPSHOT
2016-12-22 08:22:18 +01:00
Stian Thorgersen
40b5731198
KEYCLOAK-4133
...
Login status iframe endpoint doesn't set encoding
2016-12-22 08:20:55 +01:00
Stian Thorgersen
04179c5681
Merge branch 'KEYCLOAK-4004' of https://github.com/l-robinson/keycloak into l-robinson-KEYCLOAK-4004
2016-12-22 06:13:41 +01:00
Stian Thorgersen
d365d9d784
Merge pull request #3649 from sldab/bearer-client-credentials
...
KEYCLOAK-4086 Client credentials missing in bearer-only JSON config
2016-12-20 12:32:03 +01:00
Stian Thorgersen
f6323d94ec
Merge pull request #3676 from stianst/KEYCLOAK-4109
...
KEYCLOAK-4109 Ability to disable impersonation
2016-12-20 09:35:03 +01:00
Stian Thorgersen
eb7ad07e31
KEYCLOAK-4109 Ability to disable impersonation
2016-12-20 08:46:21 +01:00
Pedro Igor
0b3e867362
[KEYCLOAK-4034] - Minor changes to policy enforcer
2016-12-19 23:44:51 -02:00
Pedro Igor
c9c8acd029
[KEYCLOAK-4034] - Invalidating policy cache when creating resources and scopes
2016-12-19 20:28:49 -02:00
Pedro Igor
40591cff25
Merge pull request #3662 from pedroigor/KEYCLOAK-4034
...
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
5cf5168770
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:48:16 -02:00
Slawomir Dabek
16fb1e2078
KEYCLOAK-4086 Client credentials missing in bearer-only Keycloak OIDC JSON
2016-12-19 16:55:19 +01:00
mposolda
ac00f7fee2
KEYCLOAK-4087 LDAP group mapping should be possible via uidNumber in memberUid mode
2016-12-19 16:27:57 +01:00
Marek Posolda
c6363aa146
Merge pull request #3630 from sldab/duplicate-email-support
...
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 15:37:18 +01:00
Pedro Igor
c9c9f05e29
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 11:22:37 -02:00
Stian Thorgersen
3bd3d0285d
Merge branch 'duplicate-groups' of https://github.com/ssilvert/keycloak into ssilvert-duplicate-groups
2016-12-19 13:07:39 +01:00
Stian Thorgersen
b8adfcad87
Merge pull request #3658 from hmlnarik/KEYCLOAK-4095--Not-Recently-Used-Password-Policy-with-value-set-to-1-doesn-t-work
...
KEYCLOAK-4095 Fix for expiring passwords
2016-12-19 12:15:26 +01:00
Slawomir Dabek
93cec9b3ee
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 10:55:12 +01:00
Stian Thorgersen
f29bb7d501
KEYCLOAK-4092 key provider for HMAC signatures
2016-12-19 10:50:43 +01:00
Hynek Mlnarik
787a3f8fcc
KEYCLOAK-4095 Fix for expiring passwords
2016-12-16 14:45:05 +01:00
Bill Burke
a4cbf130b4
Merge pull request #3592 from sldab/default-hooks
...
KEYCLOAK-4074 Decoupling of default provider implementations
2016-12-16 08:42:55 -05:00
Hynek Mlnarik
5453bec1bf
KEYCLOAK-4079, KEYCLOAK-4080 Fix for single-valued claims
2016-12-16 10:00:36 +01:00
Stian Thorgersen
9be9d3f580
Merge pull request #3651 from stianst/KEYCLOAK-4081
...
KEYCLOAK-4081
2016-12-15 15:53:39 +01:00
Bill Burke
3c2a12d019
Merge pull request #3648 from patriot1burke/master
...
KEYCLOAK-3451
2016-12-14 15:46:24 -05:00
Bill Burke
56f9aa41d0
KEYCLOAK-3451
2016-12-14 15:04:53 -05:00
Stian Thorgersen
394676222f
Merge pull request #3616 from sldab/fix-cors
...
KEYCLOAK-4047 WebOrigins not expanded in CORS handling of token endpoints
2016-12-14 15:13:49 +01:00
Stian Thorgersen
e316037910
KEYCLOAK-4081
2016-12-14 11:22:10 +01:00
Stian Thorgersen
97a08a1d99
Merge pull request #3644 from stianst/KEYCLOAK-4071
...
KEYCLOAK-4071
2016-12-14 09:55:55 +01:00
Stian Thorgersen
480d4e6f4f
KEYCLOAK-4071
2016-12-14 07:01:54 +01:00
mposolda
40216b5e7d
KEYCLOAK-3921 LDAP binary attributes
2016-12-13 18:31:26 +01:00
Slawomir Dabek
7ad028fcb1
KEYCLOAK-4074 Added hooks to default implementations of direct grant authenticators
...
and email sender.
2016-12-13 15:32:39 +01:00
Bill Burke
62029e8a33
KEYCLOAK-3506
2016-12-10 11:59:29 -05:00
Bill Burke
10fc7302eb
Merge pull request #3632 from hmlnarik/KEYCLOAK-4057-MS-AD-FS-does-not-recognize-certificate-for-POST-signed-AuthnRequest-for-brokering
...
KEYCLOAK-4057 Do not include KeyName for brokered IdPs
2016-12-09 09:09:13 -05:00
Hynek Mlnarik
24a36e6848
KEYCLOAK-4057 Do not include KeyName for brokered IdPs
...
Active Directory Federation Services require that the subject name
matches KeyName element when present. While KeyName is beneficial for
Keycloak adapters, it breaks functionality for AD FS as the name
included there is a key ID, not certificate subject expected by AD FS.
This patch contains functionality that excludes KeyName from SAML
messages to identity providers. This behaviour should be made
configurable per client/identity provider and is prepared to do so,
however actual GUI changes are left for a separate patch.
2016-12-09 14:33:40 +01:00
Bill Burke
1f0600044a
KEYCLOAK-3967
2016-12-08 19:29:02 -05:00
Bill Burke
d3e3990d77
Merge pull request #3629 from patriot1burke/master
...
KEYCLOAK-2806
2016-12-08 17:36:28 -05:00
Bill Burke
4a80f1e913
Merge remote-tracking branch 'upstream/master'
2016-12-08 17:05:46 -05:00
Bill Burke
0550bdb467
KEYCLOAK-3214
2016-12-08 16:47:17 -05:00
Bill Burke
5f07fa8057
KEYCLOAK-2806
2016-12-08 16:28:22 -05:00
mposolda
e7f6c780e2
KEYCLOAK-4058 Improve LDAPStorageMapper and remove LDAPStorageMapperBridge
2016-12-08 18:35:56 +01:00
Bill Burke
75e2b404c8
Merge pull request #3618 from abstractj/KEYCLOAK-3685
...
[KEYCLOAK-3685]: Username not updated when "Email as username" is enabled
2016-12-06 22:06:55 -05:00
Bill Burke
7271fdaaaa
KEYCLOAK-3509
2016-12-06 18:52:37 -05:00
Bill Burke
68c8bfa0e1
KEYCLOAK-2705
2016-12-06 17:32:41 -05:00
Bruno Oliveira
ddb201db6c
[KEYCLOAK-3685]: Username not updated when "Email as username" is enabled
2016-12-06 19:46:31 -02:00
Slawomir Dabek
4069be3ff6
KEYCLOAK-4047 Expand + to valid WebOrigins in Cors class
2016-12-06 20:22:35 +01:00
Bill Burke
77d17de14d
Merge pull request #3611 from patriot1burke/master
...
KEYCLOAK-3620
2016-12-06 08:18:36 -05:00
Bill Burke
bab08bf8f0
Merge remote-tracking branch 'upstream/master'
2016-12-06 08:18:05 -05:00
Bill Burke
6587cd2478
KEYCLOAK-3620
2016-12-05 17:51:06 -05:00
Bill Burke
693d6c0e5d
Merge pull request #3608 from hmlnarik/KEYCLOAK-4035
...
KEYCLOAK-4035 Composite roles need to be expanded in SAML attribute mapper
2016-12-05 14:44:21 -05:00
Bill Burke
952c1decf0
Merge pull request #3607 from patriot1burke/master
...
KEYCLOAK-4033
2016-12-05 14:44:07 -05:00
Bill Burke
f03d79c7d3
Merge pull request #3603 from thomasdarimont/issue/KEYCLOAK-3969-Allow-authentication-via-ScriptAuthenticator-without-user
...
KEYCLOAK-3969 Allow use of ScriptAuthenticator without user
2016-12-05 10:19:02 -05:00
Hynek Mlnarik
3c4114091f
KEYCLOAK-4035 Composite roles need to be expanded in SAML attribute mapper
2016-12-05 16:16:08 +01:00
Bill Burke
d354aa1f62
KEYCLOAK-4033
2016-12-05 10:15:55 -05:00
Hynek Mlnarik
197f51e50f
KEYCLOAK-3950 Fix NPE on request for NameIDPolicy without format
...
... and two more one-line issues
2016-12-05 07:24:38 +01:00
l-robinson
1c66ce7dd7
Additional test case added to check the text in the 'Back to application' link
2016-12-05 12:13:30 +10:30
Thomas Darimont
8610a02d72
KEYCLOAK-3969 Allow use of ScriptAuthenticator without user
...
Previously ScriptAuthenticator required a user to be authenticated
before it could be used as an additional authentication step which
limited the scenarios the authenticator could be used.
We now allow ScriptAuthenticators to be used without requiring an
user to be authenticated before.
Adapted the authenticator-template.js with a null safe username check.
Note that existing custom ScriptAuthenticators might need some additional
null checks since the user can now be undefined.
2016-12-04 23:15:53 +01:00
Bill Burke
0ab352706b
Merge pull request #3554 from hassaneinaltememyictu/2.3.0-ictu-change-role-attributeToRoleMapper
...
grant the new role from the saml token if it exist
2016-12-03 13:43:40 -05:00
Bill Burke
88d08c4f38
component query and remove provider alis fix
2016-12-03 11:34:48 -05:00
Bill Burke
8fd7091068
KEYCLOAK-3986
2016-12-03 09:33:52 -05:00
Bill Burke
ce50b0ed29
Merge remote-tracking branch 'upstream/master'
2016-12-02 19:26:34 -05:00
Bill Burke
e88af874ca
finish
2016-12-02 19:25:17 -05:00
mposolda
17d8394ab6
KEYCLOAK-3340 Service Account user not renamed when renaming client-id
2016-12-02 18:13:29 +01:00
mposolda
cccb532a21
KEYCLOAK-3701 NullPointerException when trying to get access token from offline token
2016-12-02 16:35:21 +01:00
Stian Thorgersen
8842d88058
Merge pull request #3562 from ssilvert/overwrite-client-role-fails
...
KEYCLOAK-3042: NPE when trying to overwrite client role
2016-12-02 14:06:27 +01:00
Stian Thorgersen
209f8155d1
KEYCLOAK-3835 Remove redirect on flow and return not modified if page is refreshed
2016-12-02 06:29:59 +01:00
Manuel Palacio
bfec073457
KEYCLOAK-3648
2016-12-01 19:34:33 +01:00
l-robinson
c72ceadfce
KEYCLOAK-4004 Pass the client name in the ReferrerBean instead of the referrer parameter
2016-12-01 17:17:57 +10:30
Stian Thorgersen
1e7f1b1e54
Merge pull request #3570 from stianst/master
...
Bump to 2.5.0.Final-SNAPSHOT
2016-12-01 06:36:37 +01:00
Stian Thorgersen
433f373f60
KEYCLOAK-3889 Add produces to server info endpoint
2016-11-30 15:46:01 +01:00
Stian Thorgersen
b771b84f56
Bump to 2.5.0.Final-SNAPSHOT
2016-11-30 15:44:51 +01:00
mposolda
d0a96d463d
KEYCLOAK-3831 Improve AddressMapper configurability. Support for 'formatted' subclaim
2016-11-30 13:04:45 +01:00
Bill Burke
9e50a45b4c
UserBulkUpdateProvider interface
2016-11-29 18:43:22 -05:00
Stan Silvert
83063a5740
KEYCLOAK-3042: NPE when trying to overwrite client role
2016-11-29 15:43:48 -05:00
Bill Burke
7efa3a3ddf
Merge remote-tracking branch 'upstream/master'
2016-11-29 11:34:04 -05:00
Marek Posolda
80c4b2aa31
Merge pull request #3556 from mposolda/master
...
KEYCLOAK-3822 Changing signature validation settings of an external I…
2016-11-28 22:37:44 +01:00
Bill Burke
63458a7de7
Merge pull request #3559 from patriot1burke/master
...
KEYCLOAK-3980
2016-11-28 13:36:52 -05:00
Bill Burke
f6a080729a
javadoc
2016-11-28 12:25:54 -05:00
Bill Burke
1dacddb7e3
KEYCLOAK-3980
2016-11-28 12:20:40 -05:00
mposolda
69ce1e05f0
KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected
2016-11-28 15:27:25 +01:00
Hynek Mlnarik
65b269cd54
KEYCLOAK-3731 Provide functionality for IdP-initiated SSO for broker
...
A SAML brokered IdP can send unsolicited login response to the broker.
This commit adds a new GET/POST endpoint under [broker SAML
endpoint]/clients/{client_id}. Broken will respond to submission to
this new endpoint by looking up a SAML client with URL name equal to
client_id, and if found, it performs IdP-initiated SSO to that client.
2016-11-28 13:54:04 +01:00
mposolda
7c6032cc84
KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite
2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70
remove User Fed SPI
2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf
remove realm UserFed SPI methods
2016-11-23 08:31:20 -05:00
Stian Thorgersen
6ec82865d3
Bump version to 2.4.1.Final-SNAPSHOT
2016-11-22 14:56:21 +01:00
mposolda
d8c8afe070
KEYCLOAK-3943 Admin console issues when updating LDAP Storage provider
2016-11-21 14:22:45 +01:00
mposolda
da52a5c9cf
KEYCLOAK-3930 KEYCLOAK-3931 LDAP and Mongo fixes
2016-11-18 20:02:02 +01:00
Stian Thorgersen
7043ecc21b
KEYCLOAK-3881 Fix login status iframe with * origin
2016-11-18 12:50:52 +01:00
Marek Posolda
3e71aeddf3
Merge pull request #3479 from hmlnarik/KEYCLOAK-3469-UserRealmRoleMapper
...
KEYCLOAK-3469 Make role mappers account for user groups
2016-11-18 09:21:56 +01:00
Marek Posolda
b434c2b9cf
Merge pull request #3510 from ssilvert/delete-subflows
...
KEYCLOAK-3681: Delete top flow doesn't remove all subflows
2016-11-18 08:50:13 +01:00
mposolda
a27be0cee7
KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches.
2016-11-16 22:29:23 +01:00
Stan Silvert
55556fc63c
KEYCLOAK-3681: Delete top flow doesn't remove all subflows
2016-11-16 12:43:11 -05:00
Stian Thorgersen
26b1541f4a
Merge pull request #3476 from abstractj/KEYCLOAK-3875
...
[KEYCLOAK-3875] - Conditional OTP Forms not working as expected
2016-11-16 12:44:50 +01:00
Stian Thorgersen
1c3a475d1e
Merge pull request #3485 from hmlnarik/KEYCLOAK-3071
...
KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import
2016-11-16 12:38:45 +01:00
Bill Burke
cc0eb47814
merge
2016-11-14 15:09:41 -05:00
Bill Burke
c280634bfa
fix tests
2016-11-14 15:06:17 -05:00
Hynek Mlnarik
750e942267
KEYCLOAK-3469 Make role mappers account for user groups
2016-11-14 11:38:00 +01:00
Bruno Oliveira
39f40bc005
[KEYCLOAK-3875] - Conditional OTP Forms not working as expected
2016-11-11 15:16:08 -02:00
Stian Thorgersen
a86b5988b5
Merge pull request #3484 from hmlnarik/KEYCLOAK-3658
...
KEYCLOAK-3658 Fixed typo in condition
2016-11-11 09:41:48 +01:00
Stian Thorgersen
088f0ea630
Merge pull request #3490 from stianst/KEYCLOAK-3086
...
[KEYCLOAK-3086] - NPE when accessing Account with invalid clientId s…
2016-11-11 09:35:45 +01:00
Bruno Oliveira
675faee593
[KEYCLOAK-3086] - NPE when accessing Account with invalid clientId set as ?referrer, and additional referrer_uri set
2016-11-10 13:49:40 +01:00
Stian Thorgersen
7e33f4a7d1
KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private
2016-11-10 13:28:42 +01:00
Bill Burke
94076a3b24
admin console ui
2016-11-09 17:34:07 -05:00
Hynek Mlnarik
8816b55843
KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import
2016-11-09 14:13:53 +01:00
Hynek Mlnarik
9c724b616d
KEYCLOAK-3658 Fixed typo in condition
2016-11-09 11:27:33 +01:00
Vlasta Ramik
6f1b8e1fee
remove KEYCLOAK_REMEMBERME when user logs in without rememberme checked + tests
2016-11-09 10:33:46 +01:00
Bill Burke
4880c0443c
ldap port admin console
2016-11-08 12:30:20 -05:00
Stian Thorgersen
292777259e
Merge pull request #3472 from hmlnarik/KEYCLOAK-1881-saml-key-rotation
...
Keycloak 1881 - SAML key/cert rotation for IdP
2016-11-08 07:56:25 +01:00
Stian Thorgersen
db4f3561a5
Merge pull request #3454 from ssilvert/keystore-error-messages
...
KEYCLOAK-3817: More detailed errors when loading keys from JKS
2016-11-08 07:33:43 +01:00
Bill Burke
5a86623c88
merge
2016-11-06 08:52:10 -05:00
Bill Burke
14dc0ff92f
Merge remote-tracking branch 'upstream/master'
2016-11-05 20:05:01 -04:00
Bill Burke
4302b440ee
ldap port
2016-11-05 20:04:53 -04:00
Bill Burke
c75dcb90c2
ldap port
2016-11-04 21:25:47 -04:00
Hynek Mlnarik
8ae1b1740d
KEYCLOAK-1881 Client installers
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
4f9e35c0a1
KEYCLOAK-1881 Support for multiple certificates in broker (hardcoded at the moment)
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
67bb9aef3d
KEYCLOAK-1881 Add switch to enable/disable generation of <Extensions>
...
Some SP clients might be confused by using a standard SAML protocol tag
<Extensions> which is used for signed REDIRECT binding messages to
specify signing key ID. To enable the interoperability, generation of
the tag is disabled by default and can be enabled for individual
clients.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f
KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
...
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
d5c3bde0af
KEYCLOAK-1881 Make SAML descriptor endpoint return all certificates
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af
KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
...
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
Pedro Igor
706c1e2660
[KEYCLOAK-3704] - Registering UserSinchronizer to remove resources when the owner is removed
2016-11-02 21:40:58 -02:00
Pedro Igor
95d2130405
[KEYCLOAK-3704] - Checkign if owner is a valid user
2016-11-02 21:01:24 -02:00
Stan Silvert
facdd586a3
KEYCLOAK-2720: Should not allow two groups with the same path.
2016-11-01 16:08:30 -04:00
Stan Silvert
a5e5f4cf9c
KEYCLOAK-3817: More detailed errors when loading keys from JKS
2016-11-01 13:54:34 -04:00
Bill Burke
ccaac40863
Merge pull request #3437 from patriot1burke/master
...
disable credential type REST and admin ui
2016-10-28 11:33:16 -04:00
Stian Thorgersen
f4a77c3d06
Merge pull request #3444 from stianst/KEYCLOAK-3225
...
KEYCLOAK-3225
2016-10-28 11:51:35 +02:00
Stian Thorgersen
b6b567f948
Merge pull request #3441 from stianst/KEYCLOAK-3733
...
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 10:36:24 +02:00
Stian Thorgersen
479295cfd2
KEYCLOAK-3225
...
Modifying user's Identity Provider Links requires manage-realm client role
2016-10-28 10:25:41 +02:00
Stian Thorgersen
a78cfa4b2c
Merge pull request #3440 from stianst/KEYCLOAK-3667
...
KEYCLOAK-3667
2016-10-28 10:13:06 +02:00
Stian Thorgersen
c6caeb3bec
Merge pull request #3439 from stianst/KEYCLOAK-3828
...
KEYCLOAK-3828
2016-10-28 10:12:51 +02:00
Stian Thorgersen
a9d47287ee
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 09:15:05 +02:00
Stian Thorgersen
3d46b4c425
KEYCLOAK-3667
2016-10-28 08:43:24 +02:00
Stian Thorgersen
db428dad1d
KEYCLOAK-3828
...
Component uses wrong role
2016-10-28 07:56:44 +02:00
Stian Thorgersen
e958bd254a
Merge pull request #3435 from stianst/KEYCLOAK-3331
...
KEYCLOAK-3331 Reset password leads to 400 bad request when link is op…
2016-10-28 06:40:48 +02:00
Stian Thorgersen
0c6b47b9f2
Merge pull request #3433 from stianst/KEYCLOAK-3641
...
KEYCLOAK-3641 Clicking an invalid verification link due to re-send re…
2016-10-28 06:40:27 +02:00
Bill Burke
91da6a47d7
disable cred types ui
2016-10-27 16:17:02 -04:00
Stian Thorgersen
c6ac3266f0
KEYCLOAK-3641 Clicking an invalid verification link due to re-send removes the email verification key from the session
2016-10-27 16:16:52 +02:00
Stian Thorgersen
ab72b2b141
KEYCLOAK-3331 Reset password leads to 400 bad request when link is opened in a different browser session
2016-10-27 16:04:45 +02:00
Bill Burke
73e3f2a89b
REST API for disable cred type
2016-10-26 15:48:45 -04:00
Bill Burke
68e853b4bd
Merge remote-tracking branch 'upstream/master'
2016-10-25 13:40:32 -04:00
Bill Burke
b67cb0e97a
Merge remote-tracking branch 'upstream/master'
2016-10-25 11:44:22 -04:00
Stian Thorgersen
4b27e66714
KEYCLOAK-3782 Keysize for rsa-generated should be a dropdown
2016-10-25 08:52:02 +02:00
Bill Burke
3e28ac1e46
user spi cache policy
2016-10-24 15:36:37 -04:00
hassaneinaltememyictu
a119a46495
grant the new role from the saml token if it exist
...
grant the user with the new role from the saml token if it is a realm role in keycloak
2016-10-24 17:17:22 +02:00
Stian Thorgersen
4d47f758fc
Merge pull request #3405 from stianst/master
...
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb
Bump version
2016-10-21 07:03:15 +02:00
Stian Thorgersen
1a4f9e656d
Merge pull request #3398 from stianst/KEYCLOAK-3774
...
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redir…
2016-10-21 06:34:43 +02:00
Stian Thorgersen
9801f09a93
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redirect_uri
2016-10-20 21:31:25 +02:00
Stian Thorgersen
5a00aaefa8
KEYCLOAK-2594
...
bind credential being leaked in admin tool JSON response
KEYCLOAK-2972
Keycloak leaks configuration passwords in Admin Event logs
2016-10-20 19:30:59 +02:00
Stian Thorgersen
1bf24d26a4
Merge pull request #3395 from stianst/master
...
KEYCLOAK-3772
2016-10-20 19:27:03 +02:00
Stian Thorgersen
839c4e8ede
KEYCLOAK-3772
...
Login with Twitter is not working
2016-10-20 15:05:07 +02:00
mposolda
072ccb5c61
KEYCLOAK-3770 OIDC registration with id_token grant type should set publicClient flag to true
2016-10-20 14:10:53 +02:00
Stian Thorgersen
dfc09b69a8
Merge pull request #3380 from stianst/KEYCLOAK-3364
...
KEYCLOAK-3364 Fix for dns that ends with digit
2016-10-20 06:24:50 +02:00
Stian Thorgersen
d2e0432afb
Merge pull request #3389 from patriot1burke/master
...
KEYCLOAK-3651
2016-10-20 06:24:15 +02:00
Bill Burke
34d80c9083
KEYCLOAK-3651
2016-10-19 20:28:33 -04:00
Bill Burke
9f00f693c6
Merge pull request #3387 from ssilvert/spelling-represenation
...
KEYCLOAK-3496: Spelling Error in Admin GUI Documentation
2016-10-19 19:59:41 -04:00
Stan Silvert
ad59cd618e
Merge pull request #3383 from ssilvert/duplicate-fed-provider
...
KEYCLOAK-2892: Bad error when create fed provider w/ same name.
2016-10-19 16:40:58 -04:00
Stan Silvert
ac80f99e8c
KEYCLOAK-3496: Spelling Error in Admin GUI Documentation
2016-10-19 16:33:59 -04:00
Bill Burke
cdf7dd3a6c
Merge pull request #3372 from patriot1burke/master
...
onCreate for Components
2016-10-19 16:21:20 -04:00
Bill Burke
934ea1c33c
KEYCLOAK-3562
2016-10-19 14:01:21 -04:00
Stan Silvert
9d098e9068
KEYCLOAK-2892: Bad error when create fed provider w/ same name.
2016-10-19 13:32:28 -04:00
Stian Thorgersen
ffce2023c0
KEYCLOAK-3364 Fix for dns that ends with digit
2016-10-19 18:41:43 +02:00
mposolda
3779bfb6b4
KEYCLOAK-3666 client registration policies - polishing
2016-10-19 17:45:23 +02:00
mposolda
964cd50f1d
KEYCLOAK-3666 Added client reg policies for maxClients and clientDisabled
2016-10-19 17:45:23 +02:00
Stian Thorgersen
36c367a3bc
Merge pull request #3369 from stianst/KEYCLOAK-3625
...
KEYCLOAK-3625
2016-10-19 15:56:57 +02:00
Stian Thorgersen
1b24d2edd8
KEYCLOAK-3625 More work on the issue
2016-10-19 14:21:50 +02:00
Stian Thorgersen
bbc1d26b72
Merge pull request #3367 from stianst/KEYCLOAK-3745
...
KEYCLOAK-3745 Change attributes in user rep
2016-10-19 14:01:39 +02:00
Stian Thorgersen
4efe12cb93
KEYCLOAK-3745 Change attributes in user rep
2016-10-19 12:15:13 +02:00
Stian Thorgersen
f2f508ac2e
Merge pull request #3357 from stianst/KEYCLOAK-3107
...
KEYCLOAK-3017 Expose Location header in cors request to admin endpoint
2016-10-19 08:45:18 +02:00
Stian Thorgersen
13220e1d38
Merge pull request #3355 from stianst/KEYCLOAK-2699
...
KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport
2016-10-19 07:35:54 +02:00
Stian Thorgersen
116027bd7b
Merge pull request #3354 from stianst/KEYCLOAK-2488
...
KEYCLOAK-2488 Token introspection returns wrong response for invalid …
2016-10-19 07:33:25 +02:00
Stian Thorgersen
a33997976f
KEYCLOAK-3017 Expose Location header in cors request to admin endpoint
2016-10-18 21:27:46 +02:00
Stian Thorgersen
0a8d1e28f1
KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport
2016-10-18 20:31:51 +02:00
Stian Thorgersen
29538332d9
KEYCLOAK-2488 Token introspection returns wrong response for invalid token
2016-10-18 20:28:14 +02:00
Bill Burke
d941e07169
Merge pull request #3350 from patriot1burke/master
...
federated import/export to json
2016-10-18 14:15:25 -04:00
Stian Thorgersen
e41d11877f
Merge pull request #3349 from stianst/KEYCLOAK-2741
...
KEYCLOAK-2741
2016-10-18 19:39:54 +02:00
mposolda
b62e6e2751
KEYCLOAK-3653 CORS headers not sent in certs endpoint
2016-10-18 16:57:06 +02:00
Stian Thorgersen
74dad004e3
KEYCLOAK-2741
...
Don't remove KEYCLOAK_REMEMBERME cookie when sso session expires.
2016-10-18 16:14:36 +02:00
Bill Burke
2199df71bf
Merge remote-tracking branch 'upstream/master'
2016-10-18 10:14:00 -04:00
Bill Burke
4182e4d92a
federated import/export
2016-10-18 10:13:51 -04:00
Marek Posolda
3986ce2ce0
Merge pull request #3345 from mposolda/master
...
KEYCLOAK-3499 Fixes in OIDCProtocolMapper support for includeInUserInfo
2016-10-18 14:28:29 +02:00
Stian Thorgersen
4b56743788
Merge pull request #3343 from stianst/KEYCLOAK-2884
...
KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()
2016-10-18 14:08:50 +02:00
mposolda
a7287aad36
KEYCLOAK-3499 More fixes for IncludeInUserInfo. Fixing tests and migration
2016-10-18 13:09:30 +02:00
Thomas Darimont
c3b577de11
KEYCLOAK-3499 Revise OIDCProtocolMapper support
...
Moved methods `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken` to the `AbstractOIDCProtocolMapper` base class
in order to reduce code duplication.
Previously every mapper implemented at least one or two of those
methods with exactly the same code.
Having those methods in the base class ensures that the code is the
same for all mappers. Since the mentioned methods are declared
on the `OIDCIDTokenMapper`, `OIDCAccessTokenMapper` and `UserInfoTokenMapper`
interfaces `AbstractOIDCProtocolMapper` implementations can now choose
how they should be handled by the `TokenManager`
by implementing the desired set of interfaces `*TokenMapper`-interfaces.
I think this provides a good balance between ease of use, reduced code duplication
and ensured backwards compatiblity.
Existing protocol mapper implementations will still work since they just implement
their own logic for `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken`.
The "claim" information provided by a `ProtocolMapper` to a `*Token` can now
be provided by overriding the `AbstractOIDCProtocolMapper.setClaim` method.
Adapted all eligible ProtocolMapper implementations within the
`org.keycloak.protocol.oidc.mappers` package accordingly.
2016-10-18 13:09:30 +02:00
Stian Thorgersen
e157a60a23
KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()
2016-10-18 09:01:24 +02:00
Marek Posolda
2fd680092a
Merge pull request #3336 from mposolda/master
...
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for …
2016-10-18 08:33:26 +02:00
mposolda
00879b39b7
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue
2016-10-17 21:34:21 +02:00
Stian Thorgersen
77499be8d2
KEYCLOAK-3728
...
Disable script based authenticator in product profile
2016-10-17 21:16:51 +02:00
Stian Thorgersen
64339aaca7
Merge pull request #3317 from stianst/KEY-ROTATION
...
Updated labels for java keystore provider config
2016-10-17 19:39:47 +02:00
Stian Thorgersen
2ed6067de0
Merge pull request #3290 from hmlnarik/KEYCLOAK-3655
...
KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow
2016-10-17 19:31:43 +02:00
Stian Thorgersen
d22f45f0d2
Merge pull request #3335 from stianst/KEYCLOAK-3635
...
KEYCLOAK-3635 Not possible to filter debug/trace logging
2016-10-17 18:50:10 +02:00
Stian Thorgersen
b320eb8fc7
KEYCLOAK-3635 Not possible to filter debug/trace logging
2016-10-17 16:12:14 +02:00
Geir Ole Hiåsen Stevning
95f62c6aeb
KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent
2016-10-17 13:53:12 +02:00
mposolda
5732b2c58f
KEYCLOAK-3716 Unable to start Keycloak on wildfly
2016-10-17 12:22:33 +02:00
mposolda
18e0c0277f
KEYCLOAK-3666 Dynamic client registration policies
2016-10-14 20:20:40 +02:00
Bill Burke
1c0abbd722
Merge pull request #3315 from patriot1burke/master
...
import and sync spi
2016-10-14 10:12:42 -04:00
Stian Thorgersen
422805b511
Updated labels for java keystore provider config
2016-10-14 10:36:17 +02:00
Bill Burke
8c8a39c833
sync and import
2016-10-13 20:49:02 -04:00
Bill Burke
0938390654
sync and import
2016-10-13 20:38:49 -04:00
Stian Thorgersen
4e245d428c
KEYCLOAK-905 More testing
2016-10-13 20:44:33 +02:00
Stian Thorgersen
d2cae0f8c3
KEYCLOAK-905
...
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Bill Burke
fbaa731dfa
import spi
2016-10-11 18:33:59 -04:00
Bill Burke
db05dc6ee4
KEYCLOAK-3671
2016-10-06 15:02:15 -04:00
Bill Burke
fbb65fa072
KEYCLOAK-3671
2016-10-06 14:56:02 -04:00
Bill Burke
74325fe133
initial sync/import spi
2016-10-06 14:48:53 -04:00
Hynek Mlnarik
cfbc9cf14b
KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow
2016-10-05 13:57:02 +02:00
Bill Burke
c5600e888d
revactor CredentialValidationOutput apis
2016-10-04 17:26:45 -04:00
Bill Burke
4af0976194
remove UserCredValueModel and hold hash providers
2016-10-04 12:34:15 -04:00
mposolda
bc916a1909
KEYCLOAK-3564 Update demo examples with public key rotation
2016-10-04 14:05:01 +02:00
mposolda
0f9798a10d
KEYCLOAK-3493 KEYCLOAK-3532 Renamed KeyStorageProvider to PublicKeyStorageProvider
2016-10-03 15:23:50 +02:00
Thomas Darimont
c852d6d817
KEYCLOAK-3642 Favor StreamUtil over IOUTils in ScriptBasedAuthenticatorFactory
...
The dependency on commons-io through the use of IOUtils in
ScriptBasedAuthenticatorFactory resulted in
NoClassDefFoundError org/apache/commons/io/IOUtils when building the
keycloak-distribution.
We now use the StreamUtil from keycloak-common to avoid this dependency.
2016-10-03 13:33:53 +02:00
Bill Burke
d4c3fae546
merge conflicts
2016-09-30 19:19:12 -04:00
Bill Burke
6a4e413bf4
final mongo fixes
2016-09-30 19:08:34 -04:00
mposolda
f9a0abcfc4
KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url.
2016-09-30 21:28:23 +02:00
Stian Thorgersen
5d34b7e682
Merge pull request #3189 from thomasdarimont/issue/KEYCLOAK-3491-revise-scripting-support
...
KEYCLOAK-3491 Revise Scripting Support
2016-09-29 10:12:15 +02:00
Bill Burke
8967ca4066
refactor mongo entities, optimize imports
2016-09-28 15:25:39 -04:00
Stian Thorgersen
34f62eb31d
Fixes to [KEYCLOAK-2438] PR
2016-09-28 10:25:37 +02:00
Bruno Oliveira
98d2fe15e8
[KEYCLOAK-2438] - Add display name to social login buttons
...
[KEYCLOAK-3291] - Names of social identity providers are wrongly capitalized (eg GitHub vs Github)
2016-09-26 13:36:28 -03:00
Bill Burke
ecc104719d
bump pom version
2016-09-26 11:01:18 -04:00
Stian Thorgersen
033d1f564a
KEYCLOAK-2756
...
Renaming a realm breaks down the Clients
2016-09-26 10:11:28 +02:00
Bill Burke
27e86e36c4
Merge remote-tracking branch 'upstream/master'
2016-09-23 16:50:16 -04:00
Bill Burke
ff1326fe35
authenticator example updated
2016-09-23 16:50:08 -04:00
Marek Posolda
5fc7149aac
Merge pull request #3257 from mposolda/pairwise
...
KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring
2016-09-23 20:58:51 +02:00
Bill Burke
a1bcd0651d
fixes
2016-09-23 10:38:49 -04:00
Marek Posolda
22aaa4cb52
Merge pull request #3237 from brat000012001/kc-iss-3505
...
KEYCLOAK-3505: updated the oidc user attribute mapper used to map oid…
2016-09-23 15:38:20 +02:00
mposolda
04f05c0cd1
KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring
2016-09-23 15:29:13 +02:00
Bill Burke
8e65356891
creds
2016-09-22 19:57:39 -04:00
Bill Burke
7209a95dce
credential refactoring
2016-09-22 08:34:45 -04:00
Thomas Darimont
8e113384aa
KEYCLOAK-3491 Revise Scripting Support
...
Refactored the scripting infrastructure and added documentation.
Added tests and an authenticator template in JavaScript for a quickstart.
Increased height of ace code editor to 600px to avoid scrolling.
2016-09-20 14:33:39 +02:00
Stian Thorgersen
4977527f60
Merge pull request #3239 from stianst/SERVER-PROFILE
...
KEYCLOAK-3579 Add ability to define profiles
2016-09-20 10:39:05 +02:00
Stian Thorgersen
992268a8e6
KEYCLOAK-3579 Add ability to define profiles
2016-09-20 08:41:23 +02:00
Stian Thorgersen
44c47431a1
Merge pull request #3233 from betovieirasilva/master-KEYCLOAK-LoginUsername
...
[PULL-REQUEST-3181 & PULL-REQUEST-3233] Username is not displayed on the login screen with that email
2016-09-16 09:23:26 +02:00
Peter Nalyvayko
0348e427de
KEYCLOAK-3505: cosmetic coding style changes
2016-09-15 15:42:09 -04:00
Peter Nalyvayko
b97908fb02
KEYCLOAK-3505: updated the oidc user attribute mapper used to map oidc broker claims to map the claims from userinfo claim set
2016-09-15 11:11:58 -04:00
Gilberto Vieira da Silva
6d5dc673d4
When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field.
...
Conflicts:
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
[PULL-REQUEST-3181]
2016-09-13 18:56:25 -03:00
Gilberto Vieira da Silva
55e07bcde2
Reverted to appli to branch master-KEYCLOAK-LoginUsername
2016-09-13 18:52:16 -03:00
Gilberto Vieira da Silva
cb1b34eee5
When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field.
...
Conflicts:
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
2016-09-13 18:21:04 -03:00
Martin Hardselius
04d03452bd
KEYCLOAK-3422 support pairwise subject identifier in oidc
2016-09-13 09:18:45 +02:00