Commit graph

2515 commits

Author SHA1 Message Date
vmuzikar
7087c081f0 KEYCLOAK-14023 Instagram User Endpoint change
Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>
2020-07-10 17:36:51 -03:00
Pedro Igor
1db1deb066 [KEYCLOAK-13141] - Supporting re-augmentation 2020-07-10 11:04:46 -03:00
Pavel Drozd
48e4432e9d KEYCLOAK-14508 - Exclude SessionNotOnOrAfterTest from remote tests 2020-07-10 14:22:11 +02:00
Luca Leonardo Scorcia
d6934c64fd Refactor SAML metadata generation to use the SAMLMetadataWriter class 2020-07-09 09:39:35 +02:00
Pedro Igor
9c4da9b3ce [KEYCLOAK-14147] - Request filter refactoring
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2020-07-07 11:26:12 -03:00
kurisumakise2011
738f24aa38 [KEYCLOAK-14570] Resolve nullpointer issue in controller
Some ProviderFactory returns null as properties instead of
Collections.emptyList() and it leads to NPE.

Fix it with using Optional.ofNullable(...).orElse(Collections.emptyList())
2020-07-07 07:46:26 +02:00
Douglas Palmer
9369c7cf4d Add filter by name to applications endpoint 2020-07-03 15:35:38 -03:00
Martin Idel
8fe25948f7 KEYCLOAK-13959 Add AdvancedAttribute mapper for SAML to allow regexes 2020-07-03 18:19:35 +02:00
Plamen Kostov
914b226d11 [KEYCLOAK-14282] Create additional filtering for GET /users endpoint for enabled/disabled users 2020-07-03 09:07:42 -03:00
Axel Messinese
f30395d535 KEYCLOAK-12687 Add briefRepresentation queryParams to get roles 'composite' endpoints 2020-07-03 09:41:53 +02:00
Bartosz Siemieńczuk
e2040f5d13 KEYCLOAK-14006 Allow administrator to add additional fields to be fetched with Facebook profile request 2020-07-01 18:27:04 -03:00
Eric Rodrigues Pires
de9a0a0a4a [KEYCLOAK-13044] Fix owner name representations of UMA tickets for client-owned resources 2020-07-01 18:15:22 -03:00
vmuzikar
dc6f7d0547 KEYCLOAK-14635 Saml tests are failing with invalid redirect urls 2020-07-01 13:46:43 +02:00
vmuzikar
001fe9eb11 KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked
Co-authored-by: mhajas <mhajas@redhat.com>
2020-06-30 17:11:20 -03:00
Douglas Palmer
5e44bb781b [KEYCLOAK-14344] Cannot revoke offline access for an app if the app doesn't require consent 2020-06-26 14:56:08 -04:00
Martin Idel
05b6ef8327 KEYCLOAK-14536 Migrate UserModel fields to attributes
- In order to make lastName/firstName/email/username field
  configurable in profile
  we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)

Fix tests with logic changes

- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes

Potential impact on users:

- When subclassing UserModel, consistency issues may occur since one can
  now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Pedro Igor
337a751aaa [KEYCLOAK-11330] - Clustering tests for GA 2020-06-24 17:23:45 +02:00
Douglas Palmer
1434f14663 [KEYCLOAK-14346] Base URL for applications is broken 2020-06-23 15:26:07 -03:00
vramik
1b988cc12e KEYCLOAK-14516 app-server-eap6 tests fails due to compilation error 2020-06-22 13:43:11 +02:00
Hiroyuki Wada
f73b51818b KEYCLOAK-14113 Support for exchanging to SAML 2.0 token 2020-06-19 22:08:42 +02:00
Dirk Weinhardt
08dca9e89f KEYCLOAK-13205 Apply locale resolution strategy to admin console. 2020-06-19 10:27:13 -04:00
Peter Skopek
5f78a09db1 KEYCLOAK-13029 kcadm composite role creation fails 2020-06-18 16:37:02 +02:00
vmuzikar
662f7fbccd KEYCLOAK-14497 Compilation error in UsernameTemplateMapperTest 2020-06-18 09:15:07 -03:00
Martin Bartos
ec9bf6206e [KEYCLOAK-13202] Reset password redirects to account client 2020-06-18 13:08:36 +02:00
Erik Jan de Wit
c20766f2d7 KEYCLOAK-14140 added more test cases
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
2020-06-17 13:56:11 -04:00
Thomas Darimont
92ab9c08ae KEYCLOAK-8100 Expose sub claim in OIDC IdentityBroker Mappers
We now expose the claims "sub" for use in Identity Broker mappers.
Previously claims directly mapped to `JsonWebToken` fields were not
accessible for mappings.
2020-06-17 12:56:08 -03:00
Pedro Igor
d331091c5e [KEYCLOAK-11330] - Quarkus tests 2020-06-17 17:20:55 +02:00
vmuzikar
d71e81ed5e KEYCLOAK-14235 Support for running broker tests with different hostnames for auth server and IdP 2020-06-17 14:13:00 +02:00
Pedro Igor
a8bad5b9bb [KEYCLOAK-11330] - Quarkus clustering tests 2020-06-16 10:07:24 -03:00
vramik
c403aa49f7 KEYCLOAK-14087 migration from 9.0.3 2020-06-15 14:47:13 +02:00
mhajas
5d1d75db40 KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration 2020-06-15 14:45:57 +02:00
Jan Lieskovsky
df7d85b38d [KEYCLOAK-14358] Enable StartTLS LDAP tests
Thanks to KEYCLOAK-14343 Use Truststore SPI StartTLS bug fix
they will work with Truststore SPI used by auth server Wildfly too

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00
Tero Saarni
3c82f523ff [KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS
Signed-off-by:  Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00
Pedro Igor
e16f30d31f [KEYCLOAK-2343] - Allow exact user search by user attributes
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2020-06-10 12:02:50 -03:00
vramik
d63b3ceca4 KEYCLOAK-14141 0 downtime upgrade test 2020-06-10 12:45:34 +02:00
Pedro Igor
6ccde288a3 [KEYCLOAK-11330] - SSL Support 2020-06-09 08:43:52 +02:00
vmuzikar
b192ac4ea7 KEYCLOAK-14233 Support for generating SSL keystore before running testsuite
Move profile for app server to base
2020-06-08 10:51:54 -03:00
Douglas Palmer
33863ba161 KEYCLOAK-10162 Usage of ObjectInputStream without checking the object types
Co-authored-by: mposolda <mposolda@gmail.com>
2020-06-08 13:12:08 +02:00
Yoshiyuki Tabata
f03ee2ec98 KEYCLOAK-14145 OIDC support for Client "offline" session lifespan 2020-06-04 14:24:52 +02:00
Denis
8d6f8d0465 EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows 2020-06-04 08:08:52 +02:00
Alfredo Boullosa
2ddfc94495 KEYCLOAK-14115 Add a refresh to avoid failure 2020-06-03 20:13:08 -04:00
Pedro Igor
357982adf6 [KEYCLOAK-11330] - Initial changes to get testsuite working for Quarkus 2020-06-03 09:57:24 -03:00
Jan Lieskovsky
a121f77ea4 [KEYCLOAK-12305] [Testsuite] Check LDAP federated user (in)valid
login(s) using various authentication methods, bind credential
types, and connection encryption mechanisms

The tests cover various possible combinations of the following:
* Authentication method: Anonymous or Simple (default),
* Bind credential: Secret (default) or Vault,
* Connection encryption: Plaintext (default), SSL, or startTLS

Also, ignore the StartTLS LDAP tests for now till KEYCLOAK-14343
& KEYCLOAK-14354 are corrected (due these issues they aren't
working with auth server Wildfly). They will be re-enabled later
via KEYCLOAK-14358 once possible

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-02 14:44:17 +02:00
Pedro Igor
e8dc10b4a1 [KEYCLOAK-11330] - Properly handling POST formdata and UriInfo 2020-06-02 09:36:40 +02:00
stianst
90b29b0e31 KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy 2020-05-29 13:57:38 +02:00
Benjamin Weimer
4265fdcab2 KEYCLOAK-14318 Client Empty Root URL and relative Base URL is valid 2020-05-29 11:21:28 +02:00
vmuzikar
f8dce7fc3e KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies 2020-05-28 13:37:56 +02:00
Thomas Darimont
e825ec24cb KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow
Revised tests
2020-05-27 07:34:05 +02:00
Thomas Darimont
5a337d0376 KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow
Added missing test
2020-05-27 07:34:05 +02:00
Torsten Juergeleit
6005503a3d Namespace support to group-ldap-mapper
Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.

This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.

This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.

A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.

This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.

An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.
2020-05-26 17:37:29 +02:00