Commit graph

3668 commits

Author SHA1 Message Date
Takashi Norimatsu
375e47877e KEYCLOAK-18558 Client Policy - Endpoint : support Device Authorization Endpoint 2021-09-20 11:22:58 +02:00
Jess Thrysoee
b4fe7bbda2 KEYCLOAK-19344 Add CORS to Device Authorization Request
Add CORS headers to the Device Authorization Request (OAuth 2.0 Device Authorization Grant)
to make it available for non-confidential public webbrowser based clients, e.g. SPA like
signage or kiosk webapps.
2021-09-20 10:32:10 +02:00
chen kqing
c9809f0151 KEYCLOAK-18873 href attribute of a "Unable to scan?" tag is wrong in "Configure TOTP" page 2021-09-20 10:09:58 +02:00
Sophie Tauchert
b5d477c421 [KEYCLOAK-18556] Check for federated credentials when resolving authenticators 2021-09-15 16:54:56 +02:00
Stan Silvert
93e229e45d
KEYCLOAK-18512: Integrate New Admin Console into Keycloak build (#8366)
* KEYCLOAK-18512: Integrate New Admin Console into Keycloak build

* KEYCLOAK-18512: Integrate New Admin Console into Keycloak build

* Change version to project version.  Make experimental.

* Add PAT for reading packages (#12)

* Add PAT for reading packages

* Encode token

* Use generic GH account for installation of packages

* Enable Github packages repo only for snapshots

* KEYCLOAK-18512: Make ADMIN2 experimental instead of preview

* KEYCLOAK-18512: Remove early return

* KEYCLOAK-18512: Fix formatting issue

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2021-09-15 10:09:06 -04:00
Vlastimil Elias
2be5f528e4 KEYCLOAK-18700 - consistently record User profile attribute changes in
UPDATE_PROFILE event
2021-09-15 08:26:01 -03:00
bohmber
4fe7d6d318 KEYCLOAK-17110
LDAP Connection Pool not used with org.keycloak.truststore.SSLSocketFactory
2021-09-15 10:55:59 +02:00
Luca Leonardo Scorcia
6d0708d263
KEYCLOAK-17368 Show forwarded errors when a default remote IdP is configured (#7838) 2021-09-14 09:44:59 +02:00
bal1imb
67e3df654f KEYCLOAK-18740 Admin events trigger transaction rollback if exception is thrown. 2021-09-13 14:07:28 +02:00
Luca Leonardo Scorcia
af8354267b
KEYCLOAK-16462 X509 Auth: add option to revalidate certificate trust 2021-09-13 12:12:38 +02:00
David Hellwig
a6cd80c933
KEYCLOAK-16076 added new warining when cookies are disabled -with new branch- (#7632)
* KEYCLOAK-16076 added new warining when cookies are disabled

Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
2021-09-13 11:30:11 +02:00
Hynek Mlnarik
4518b3d3d1 KEYCLOAK-19143 Split note for broker and SP SAML request ID 2021-09-07 17:04:30 +02:00
Olivier Boudet
c7f8544b0c KEYCLOAK-18454 Reset password : wrong email instructions when duplicates email is allowed 2021-09-02 14:44:18 +02:00
Thomas Darimont
e217e9a175 KEYCLOAK-18818 Add CORS preflight handler to token revocation endpoint 2021-08-31 10:07:32 +02:00
vramik
5fe675b612 KEYCLOAK-18841 prevent deletion of default role using RoleContainerResource 2021-08-20 12:02:07 +02:00
Thomas Darimont
f16eb4d8b9 KEYCLOAK-18954 Refactor user consent list retrieval to avoid ConcurrentModificationException
This avoids a ConcurrentModificationException to be thrown in UserResource.getConsents()
calls that got introduced in 4e8b18f560 by filtering
the resulting stream explicitly instead of removing items from the collection
that we iterate over, which triggered the CME in the first place.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 10:39:44 +02:00
wuweixin
6431afe360 KEYCLOAK-18974 BitbucketIdentityProvider IdentityBrokerException message
github => bitbucket
2021-08-18 10:32:07 +02:00
rmartinc
5ff6ff57a8 [KEYCLOAK-18535] KeycloakSanitizerMethod causes java.lang.IndexOutOfBoundsException when there is more then one href in a sanitized message 2021-08-18 10:19:22 +02:00
bal1imb
269b661b8a KEYCLOAK-16633 Prevent deletion of internal clients. 2021-08-09 11:45:03 -03:00
Martin Kanis
b42f765c2a KEYCLOAK-18982 Token OIDC introspection endpoint should not update any of the timestamps 2021-08-05 18:21:16 +02:00
Yoshiyuki Tabata
b31b60fffe KEYCLOAK-18341 Support JWKS OAuth2 Client Metadata in the "by value" key loading method 2021-08-05 16:52:55 +02:00
mposolda
b1d39aa136 KEYCLOAK-18949 DirectGrant login should fail if authenticationSession contains some required actions 2021-08-04 08:50:27 +02:00
carlChen
a0b01b6ef4 KEYCLOAK-16703 The username returned by token introspect endpoint is null when remove or modify username mapper 2021-08-03 17:38:37 +02:00
Florian Ritterhoff
65480cb5a1 Prevent security flaw using passwordless authentication
If you register without an password or delete your last token your account can be hijacked. This is can be done by simply trying to login in that moment where the account is without a token. You get the "normal" registration dialog and can capture the complete account.
2021-08-03 10:49:45 -03:00
Sebastian Kanzow
4e8e4592ca [KEYCLOAK-18419] Support SAML 2.0 Encrypted IDs in Assertion 2021-08-03 11:55:36 +02:00
laskasn
f265d1d662 KEYCLOAK-18933 2021-08-02 15:27:08 +02:00
keycloak-bot
262ec3d031 Set version to 16.0.0-SNAPSHOT 2021-07-30 14:56:10 +02:00
Pedro Igor
afb0b16e43 [KEYCLOAK-18922] - Ignore empty values for internal attributes not set to user 2021-07-30 12:30:43 +02:00
Pedro Igor
ff70e2e04b [KEYCLOAK-18916] - Do not consider empty values when checking read-only attributes 2021-07-29 08:46:16 +02:00
Vlastimil Elias
32f2f095fe KEYCLOAK-7724 User Profile default validations 2021-07-29 08:42:37 +02:00
mposolda
4dacbb9e0b KEYCLOAK-16996 User not able to revoke his offline token for directGrant clients 2021-07-29 08:04:16 +02:00
mposolda
9b0e1fff8d KEYCLOAK-18903 More customizable OIDC WellKnown provider 2021-07-28 18:03:23 +02:00
mposolda
05dfed721a KEYCLOAK-18636 The mtls_endpoint_aliases claim is not advertized in the discovery document 2021-07-28 13:32:31 +02:00
Pedro Igor
ef72343a6a [KEYCLOAK-18882] - User Profile still tech preview 2021-07-28 08:45:35 +02:00
mposolda
4520cbd38c KEYCLOAK-18904 Support cert-bound tokens when doing client credentials grant. Client policies support for client credentials grant 2021-07-28 07:24:30 +02:00
mposolda
643b3c4c5a KEYCLOAK-18594 CIBA Ping Mode 2021-07-27 08:33:17 +02:00
Hynek Mlnarik
8889122dc1 KEYCLOAK-18845 Remove key type in map storage (simplify generics) 2021-07-23 17:04:20 +02:00
Takashi Norimatsu
9018fe9fad KEYCLOAK-18863 Global client profile for FAPI CIBA 2021-07-23 14:30:26 +02:00
Joerg Matysiak
9dff21d0a7 KEYCLOAK-18552
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
2021-07-23 09:26:21 -03:00
Takashi Norimatsu
6436716514 KEYCLOAK-18834 Client Policies : ClientScopesCondition needs to be evaluated on CIBA backchannel authentication request and token request 2021-07-23 10:06:02 +02:00
Martin Bartoš
036239a901 KEYCLOAK-18643 Generic Javascript failure in server and adapters test pipeline 2021-07-23 08:47:27 +02:00
Takashi Norimatsu
84e19f1c57 KEYCLOAK-18833 FAPI-CIBA-ID1 : need to only accept confidential client on Backchannel Authentication endpoint 2021-07-23 08:26:36 +02:00
Luca Leonardo Scorcia
6bd7420907 KEYCLOAK-17290 SAML Client - Generate AttributeConsumingService SP metadata section 2021-07-22 21:53:16 +02:00
Pedro Igor
8260c3c623 [KEYCLOAK-18860] - Fixing attributes returned from user api 2021-07-22 15:09:30 -03:00
Vlastimil Elias
f307c56fe1 KEYCLOAK-18812 UserProfile metadata in Account REST API 2021-07-22 08:46:30 -03:00
Pedro Igor
b4c940fe3f [KEYCLOAK-18860] - Return attributes defined in user profile from user api 2021-07-22 08:32:47 -03:00
Robert Schuh
843bbf1bb3 KEYCLOAK-18852 Prevent NPE in case of missing truststore
even though the "return null" at the top of the method is called if no truststore is set, the finally block is still executed. And since the keystore is not there an NPE is thrown when calling the remove method.
2021-07-21 14:13:22 +02:00
Pedro Igor
d29d945cc4 [KEYCLOAK-18857] - Do not force default to RS256 when verifying tokens sent by clients and JWK does not hold an algorithm 2021-07-21 11:09:02 +02:00
Takashi Norimatsu
2c019c9ce5 KEYCLOAK-18832 FAPI-CIBA-ID1 conformance test : need to return 401 error=invalid_client if client authentication is not successfully completed on Backchannel Authentication endpoint 2021-07-21 10:13:55 +02:00
Takashi Norimatsu
8df36fbf28 KEYCLOAK-18828 FAPI-CIBA-ID1 conformance test : Additional checks of signed authentication request 2021-07-21 08:19:19 +02:00
Takashi Norimatsu
61fcbb307b KEYCLOAK-18830 FAPI-CIBA-ID1 conformance test : HolderOfKeyEnforcerExecutor needs to be executed on CIBA token request 2021-07-21 08:07:50 +02:00
Pedro Igor
54a0e84070 [KEYCLOAK-18741] - Review error messages when validating PAR requests 2021-07-20 14:08:49 -03:00
Pedro Igor
7f34af4016 Revert "[KEYCLOAK-18425] - Allow mapping user profile attributes"
This reverts commit 3e07ca3c
2021-07-20 14:08:09 -03:00
mposolda
db7e247f7b KEYCLOAK-18848 KEYCLOAK-18850 Enable CIBA and PAR by default 2021-07-20 15:59:06 +02:00
Takashi Norimatsu
f154b0b209 KEYCLOAK-18831 FAPI-CIBA-ID1 conformance test : need to return 400 if user authentication is not successfully completed 2021-07-20 10:46:16 +02:00
Takashi Norimatsu
e2c5fa20a2 KEYCLOAK-18849 Client Policy - Condition : ClientRolesCondition needs to be evaluated on PAR endpoint 2021-07-20 09:41:48 +02:00
Pedro Igor
396a78bcc4 [KEYCLOAK-18723] - Configurable constraints for request object encryption 2021-07-20 09:28:09 +02:00
Pedro Igor
730d4e8ac9 [KEYCLOAK-18807] - Fixing claims in JARM responses 2021-07-20 08:23:33 +02:00
Pedro Igor
13a08362d4 [KEYCLOAK-18819] - SecureResponseType executor shall allow response_type=code when using JARM and response_mode=jwt 2021-07-20 08:16:19 +02:00
Takashi Norimatsu
f76c07476c KEYCLOAK-18827 FAPI-CIBA-ID1 conformance test : Client JWT authentication should allow Backchannel Authentication endpoint as audience 2021-07-20 06:39:28 +02:00
Takashi Norimatsu
02a9eb442d KEYCLOAK-18829 FAPI-CIBA-ID1 conformance test : ClientRolesCondition needs to be evaluated on CIBA backchannel authentication request and token request 2021-07-20 06:31:10 +02:00
Pedro Igor
fe4e089e81 [KEYCLOAK-18745] - Client JWT authentication should allow PAR endpoint as audience 2021-07-19 14:23:53 -03:00
Vlastimil Elias
61aa4e6a70 KEYCLOAK-18750 - Set "Email Verified" to false when email changed in
UserProfile Provider
2021-07-19 11:19:29 -03:00
Takashi Norimatsu
f188f02d03 KEYCLOAK-18826 FAPI-CIBA-ID1 conformance test : ID Token needs to include auth_time claim 2021-07-19 15:11:23 +02:00
Takashi Norimatsu
63f04c1118 KEYCLOAK-18683 Client policy executor for check Backchannel signed request algorithms matching FAPI compliant algorithms 2021-07-19 14:48:31 +02:00
Pedro Igor
a79d28f115 [KEYCLOAK-18729] - Support JAR when using PAR 2021-07-19 11:42:20 +02:00
bal1imb
2c8d4ad9b4 KEYCLOAK-18590 Realm localizations of one realm must not affect themes displayed in context of other realms. 2021-07-16 16:12:58 +02:00
bal1imb
fbaeb18a5f KEYCLOAK-18471 Added ID to admin event object. 2021-07-16 12:46:07 +02:00
Pedro Igor
f1face6973 [KEYCLOAK-18748] - Do not remove attributes when declarative provider is enabled 2021-07-15 12:00:39 -03:00
Vlastimil Elias
7618e66136 [KEYCLOAK-18541] separate template for IDP review page 2021-07-13 21:43:52 -03:00
vramik
00017b44a3 KEYCLOAK-18311 fix creation of roles during client registration 2021-07-12 11:39:47 +02:00
Pedro Igor
1baab67f3b [KEYCLOAK-18630] - Request object encryption support 2021-07-09 11:27:30 -03:00
Vlastimil Elias
6686482ba5 [KEYCLOAK-18591] - Support a dynamic IDP user review form 2021-07-09 10:05:26 -03:00
Takashi Norimatsu
7cdcf0f93e KEYCLOAK-18654 Client Policy - Endpoint : support Token Request by CIBA Backchannel Authentication 2021-07-09 11:24:12 +02:00
Takashi Norimatsu
43eb2b7c90 KEYCLOAK-18123 Client Policy - Executor : Enforce Backchannel Authentication Request satisfying high security level 2021-07-09 09:11:13 +02:00
Takashi Norimatsu
63b737545f KEYCLOAK-18653 Client Policy - Endpoint : support Pushed Authorization Request Endpoint 2021-07-09 09:06:38 +02:00
Pedro Igor
4099833be8 [KEYCLOAK-18693] - Declarative profile validating read-only attribute if it exists 2021-07-08 15:22:02 -03:00
Takashi Norimatsu
dce163d3e2 KEYCLOAK-18587 CIBA signed request: Client must configure the algorithm 2021-07-08 10:16:22 +02:00
Dmitry Telegin
3b3a61dfba KEYCLOAK-18639 Token Exchange SPI Milestone 1 2021-07-06 15:48:45 -03:00
Benjamin Weimer
8c1ea60b04 * Add sid claim to ID Token
* deprecate session state parameter in ID Token
* remove charset=UTF-8 from backchannel logout post request Content-Type header
2021-07-06 15:30:53 -03:00
Takashi Norimatsu
2b1624390a KEYCLOAK-17937 Client Policy - Endpoint : support CIBA Backchannel Authentication Endpoint 2021-07-03 08:57:20 +02:00
Hryhorii Hevorkian
2803685cd7 KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-07-03 08:47:42 +02:00
lbortoli
e5ae113453 KEYCLOAK-18452 FAPI JARM: JWT Secured Authorization Response Mode for OAuth 2.0 2021-07-03 00:00:32 +02:00
Vlastimil Elias
04ff2c327b [KEYCLOAK-18429] Support a dynamic update profile form 2021-07-02 10:22:47 -03:00
Vlastimil Elias
f32447bcc1 [KEYCLOAK-18424] GUI order for user profile attributes 2021-07-02 08:37:24 -03:00
Pedro Igor
b26b41332e [KEYCLOAK-18626] - Avoid changing username when registration as email is enabled 2021-07-02 08:07:04 -03:00
Pedro Igor
3e07ca3c22 [KEYCLOAK-18425] - Allow mapping user profile attributes 2021-07-01 10:19:28 -03:00
lbortoli
164f3df080 KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback. 2021-07-01 00:31:26 +02:00
Valentin Hervieu
aab6782bae KEYCLOAK-18603 Remove duplicated statement
This is super minor but saw this while reading this file.
2021-06-30 15:56:32 +02:00
Vlastimil Elias
bcfa6e4309 KEYCLOAK-18592 - put attribute validators configuration into freemarker
template for user profile pages
2021-06-30 09:01:12 -03:00
Václav Muzikář
eb3bd8bbb5 KEYCLOAK-18554 Make ErrorHandler to log all errors for debugging purposes 2021-06-30 08:58:09 +02:00
Takashi Norimatsu
cef742ee3f KEYCLOAK-18583 Remove OIDCWellKnownProvider.isAsymmetricAlgorithm 2021-06-30 07:35:46 +02:00
Luca Leonardo Scorcia
ae98d8ea28 KEYCLOAK-18315 SAML Client - Add parameter to request specific AttributeConsumingServiceIndex 2021-06-29 16:22:38 +02:00
Takashi Norimatsu
57c80483bb KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-06-29 08:07:40 +02:00
Pedro Igor
948f453e2d [KEYCLOAK-18427] - Allowing switching to declarative provider 2021-06-28 15:50:04 -03:00
Vlastimil Elias
512bcd14f7 [KEYCLOAK-18428] - dynamic registration form 2021-06-25 17:11:15 -03:00
Pedro Igor
faadb896ea [KEYCLOAK-18426] - Support required by role and scopes in Admin UI 2021-06-24 10:43:49 -03:00
Vlastimil Elias
b7a4fd8745 KEYCLOAK-18423 - Support a user-friendly name property for user profile
attributes
2021-06-24 08:17:06 -03:00
Luca Leonardo Scorcia
cdf9621257 KEYCLOAK-18450 Add basic tests for the Identity Provider Redirector Default IdP feature 2021-06-23 08:42:14 +02:00
Vlastimil Elias
458c841c39 [KEYCLOAK-18447] Dynamically select attributes based on requested scopes 2021-06-22 08:54:03 -03:00
Vlastimil Elias
82491ae5d2 KEYCLOAK-17446 - Prefill username in "Forgot Your Password" form if
called from Login form
2021-06-22 08:48:43 -03:00
Vlastimil Elias
b87d764137 [KEYCLOAK-17443] Username and email form fields kept in registration
form when duplicate
2021-06-22 08:46:42 -03:00
Luca Leonardo Scorcia
f5123cb51b KEYCLOAK-17935 SAML Client - Validate InResponseTo attribute 2021-06-21 12:25:18 +02:00
keycloak-bot
13f7831a77 Set version to 15.0.0-SNAPSHOT 2021-06-18 10:42:27 +02:00
vramik
e3c76035b2 KEYCLOAK-18359 Default role migration is not performed correctly when empty realm id 2021-06-14 20:54:37 +02:00
Davide Setti
74089a51b3 KEYCLOAK-18383 Update Group: don't check siblings if the name doesn't change 2021-06-14 12:58:45 +02:00
Pedro Igor
ef3a0ee06c [KEYCLOAK-17399] - Declarative User Profile and UI
Co-authored-by: Vlastimil Elias <velias@redhat.com>
2021-06-14 11:28:32 +02:00
Martin Bartoš
7ffa2835ef KEYCLOAK-18391 CIBATest failure 2021-06-11 10:36:56 +02:00
Yoshiyuki Tabata
4d1576b96a KEYCLOAK-18328 "access_denied" instead of "interaction_required" should
be returned when a user cancels the login
2021-06-10 11:16:50 +02:00
mposolda
070c68e18a KEYCLOAK-18069 Migration of client policies JSON from Keycloak 13 2021-06-10 10:40:14 +02:00
Douglas Palmer
aac0b6ec5f [KEYCLOAK-17602] Email account verification link is wrongly encoded 2021-06-10 08:34:53 +02:00
mposolda
91865fa93e KEYCLOAK-18368 Invalidate client session after refresh token re-use 2021-06-09 14:43:29 +02:00
Benjamin Weimer
f66354a80e KEYCLOAK-16947 add error parameters to access token response & improve logging 2021-06-07 17:53:30 +02:00
Marek Posolda
7a81dfff7a Update services/src/main/java/org/keycloak/services/clientpolicy/executor/FullScopeDisabledExecutorFactory.java
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2021-06-04 15:46:33 +02:00
mposolda
3d16a1e8d3 KEYCLOAK-16811 Add executor for disable 'Full Scope Allowed' and add it to FAPI profiles 2021-06-04 15:46:33 +02:00
Douglas Palmer
986b69c03f [KEYCLOAK-17405] Session auth time updated when user has not re-authenticated 2021-06-01 19:35:42 +02:00
stianst
c3a15cb368 KEYCLOAK-17796 Add options to http-builder to enable expect-continue, and to disable re-use of connections 2021-06-01 10:28:31 +02:00
mposolda
73a38997d8 KEYCLOAK-14208 Default client profiles for FAPI 2021-05-31 12:31:52 +02:00
Michito Okai
bc6a746780 KEYCLOAK-18112 Token introspection of the revoked refresh token 2021-05-31 11:01:01 +02:00
Michal Hajas
4dcb69596b KEYCLOAK-18146 Search for clients by client attribute when doing saml artifact resolution 2021-05-27 23:02:22 +02:00
Stian Thorgersen
2cb59e2503
KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients 2021-05-27 22:28:56 +02:00
Hynek Mlnarik
3d8f152787 KEYCLOAK-17747 KEYCLOAK-17754 Optimize getClients() calls 2021-05-27 22:12:56 +02:00
Martin Kanis
23aee6c210 KEYCLOAK-16616 Limit number of authSessios per rootAuthSession 2021-05-27 22:10:36 +02:00
Martin Kanis
122fbe1bc6 KEYCLOAK-18298 ClearExpiredUserSessions timeouts with large number of sessions 2021-05-27 16:31:10 +02:00
Takashi Norimatsu
669556af71 KEYCLOAK-18296 RefreshTokenRequest returns incorrect error code during failed HoK request 2021-05-27 15:28:29 +02:00
vramik
4e8b18f560 KEYCLOAK-17752 Avoid iterating over all clients in UserResource.getConsents() 2021-05-27 13:45:28 +02:00
vramik
3aa06c2721 KEYCLOAK-18073 avoid ModelDuplicateException during parallel starup of servers 2021-05-27 07:10:35 +02:00
Stefan Guilhen
eb631bf63b [KEYCLOAK-8730] Ensure role mappers don't remove roles already granted by another mapper when updating a brokered user 2021-05-26 17:21:54 +02:00
mposolda
9b76b07144 KEYCLOAK-18284 WARNING in the log when login to public clients 2021-05-26 14:38:14 +02:00
stianst
962047e7ea KEYCLOAK-17750 Check admin has view/query access first before listing clients 2021-05-25 16:14:35 +02:00
Luca Leonardo Scorcia
478319348b KEYCLOAK-16450 X509 Direct Grant Auth does not verify certificate timestamp validity 2021-05-25 10:32:17 +02:00
Takashi Norimatsu
6e7898039b KEYCLOAK-18139 SecureResponseTypeExecutor: polishing for FAPI 1 final 2021-05-25 08:32:43 +02:00
mposolda
d4374f37ae KEYCLOAK-18258 Not possible to login with public client, which was confidential with custom client authenticator set 2021-05-24 13:17:14 +02:00
Takashi Norimatsu
6532baa9a7 KEYCLOAK-18127 Option for skip return user's claims in the ID Token for hybrid flow 2021-05-24 08:02:34 +02:00
Vlastimil Elias
4ad1687f2b [KEYCLOAK-17399] UserProfile SPI - Validation SPI integration 2021-05-20 15:26:17 -03:00
Thomas Darimont
c49dbd66fa KEYCLOAK-15437 Ensure at_hash is generated for IDTokens on token-refresh 2021-05-20 16:05:11 +02:00
Hynek Mlnarik
860fc4c06c KEYCLOAK-17756 KEYCLOAK-17757 Optimize IdP-first lookup 2021-05-20 14:44:55 +02:00
Pedro Igor
a0f8d2bc0e [KEYCLOAK-17399] - Review User Profile SPI
Co-Authored-By: Vlastimil Elias <vlastimil.elias@worldonline.cz>
2021-05-20 08:44:24 -03:00
Michal Hajas
3bb5bff8e0 KEYCLOAK-17495 Do not include principal in the reference to broker sessionId 2021-05-20 11:32:11 +02:00
mposolda
d3e9e21abd KEYCLOAK-17906 Use auto-configure instead of is-augment. Use default-client-authenticator option in SecureClientAuthenticatorExecutor 2021-05-19 12:18:11 +02:00
Hynek Mlnarik
c02a706a86 KEYCLOAK-17748 Optimize validation of redirect URIs in logout endpoint
Reimplementation of KEYCLOAK-17718
2021-05-18 20:31:21 +02:00
Bastian Ike
5c3d7f186e KEYCLOAK-17784: URL encode Keycloak's remember-me cookie to allow non-ascii usernames.
International users using non-ascii symbols such as the german `äöü`
will make Keycloak set the KEYCLOAK_REMEMBER_ME cookie without URL
encoding. This will trigger an java.lang.IllegalArgumentException:
UT000173 exception in undertow's cookie parser which does not
allow non-ascii characters.

Co-authored-by: Fabian Freyer <mail@fabianfreyer.de>
2021-05-18 16:15:30 +02:00
Václav Muzikář
65fbf3f68c KEYCLOAK-18079 Client Policy UI Improvements: JSON error handling 2021-05-18 16:12:48 +02:00
Mathieu CLAUDEL
df714506cc KEYCLOAK-17655 - Can't impersonate 2021-05-18 14:16:01 +02:00
mposolda
71dcbec642 KEYCLOAK-18108 Refactoring retrieve of condition/executor providers. Make sure correct configuration of executor/condition is used for particular provider 2021-05-18 12:20:47 +02:00
mposolda
b8a7750000 KEYCLOAK-18113 Refactor some executor/condition provider IDs 2021-05-18 09:17:41 +02:00
Gregor Tudan
10f7ea01d4 KEYCLOAK-16091: only persist webauthn-authentication count if the authenticator increments it beyond zero
Fixes an issue with Apple Keys stored in the secure enclave. They don's support counters and recommend attestation instead. This is a valid design choice according to the Webauthn-Spec (counters are mentioned as SHOULD)
2021-05-17 08:42:50 +02:00
Václav Muzikář
62e6883524 KEYCLOAK-17084 KEYCLOAK-17434 Support querying clients by client attributes 2021-05-14 13:58:53 +02:00
vramik
d78d4a8d47 KEYCLOAK-17760 deprecate ScopeMappedResource.getScopeMappings() 2021-05-13 16:56:42 +02:00
Marek Posolda
a6d4316084
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies (#7969)
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
2021-05-12 16:19:55 +02:00