stianst
dda829710e
KEYCLOAK-12829 Require PKCE for admin and account console
2020-02-12 08:22:20 +01:00
Thomas Darimont
7969aed8e0
KEYCLOAK-10931 Trigger UPDATE_PASSWORD event on password update via AccountCredentialResource
2020-02-11 19:51:58 +01:00
Martin Kanis
1d54f2ade3
KEYCLOAK-9563 Improve access token checks for userinfo endpoint
2020-02-11 15:09:21 +01:00
stianst
ecec20ad59
KEYCLOAK-12193 Internal error message returned in error response
2020-02-07 18:10:41 +01:00
mabartos
a5d02d62c1
KEYCLOAK-12908 TOTP not accepted in request for Access token
2020-02-07 13:17:05 +01:00
stianst
7545749632
KEYCLOAK-12190 Add validation for client root and base URLs
2020-02-07 09:09:40 +01:00
Pedro Igor
fc514aa256
[KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering
2020-02-06 13:16:01 +01:00
Dmitry Telegin
b6c5acef25
KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID
2020-02-06 08:53:31 +01:00
Martin Bartoš
7dec314ed0
KEYCLOAK-12900 NullPointerException during WebAuthn Registration ( #6732 )
2020-02-05 17:01:36 +01:00
Axel Messinese
b73553e305
Keycloak-11526 search and pagination for roles
2020-02-05 15:28:25 +01:00
rmartinc
d39dfd8688
KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters
2020-02-05 11:30:28 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability ( #6710 )
2020-02-05 08:35:47 +01:00
Thomas Darimont
42fdc12bdc
KEYCLOAK-8573 Invalid client credentials should return Unauthorized status ( #6725 )
2020-02-05 08:27:15 +01:00
Thomas Darimont
d417639cb8
KEYCLOAK-11033 Avoid NPE in password endpoint of AccountCredentialResource ( #6721 )
...
Added additional null guard since some credentials provide might not
maintain a "CreatedDate" for a password credentials.
2020-02-04 16:01:27 +01:00
rmartinc
5b9eb0fe19
KEYCLOAK-10884: Need clock skew for SAML identity provider
2020-02-03 22:00:44 +01:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements ( #6709 )
...
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
the user to provide device name label,
Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages
Add a corresponding testcase
Also address issues pointed out by mposolda's review. Thanks, Marek!
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … ( #6668 )
2020-02-03 19:23:30 +01:00
Leon Graser
01a42f417f
Search and Filter for the count endpoint
2020-02-03 09:36:30 +01:00
Pedro Igor
ed2d392a3d
[KEYCLOAK-9666] - Entitlement request with service account results in server error
2020-02-03 08:57:56 +01:00
Pedro Igor
658a083a0c
[KEYCLOAK-9600] - Find by name in authz client returning wrong resource
2020-02-03 08:57:20 +01:00
rmartinc
1989483401
KEYCLOAK-12001: Audience support for SAML clients
2020-01-31 15:56:40 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… ( #6690 )
...
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
2020-01-31 14:28:23 +01:00
Stan Silvert
6ac5a2a17e
[KEYCLOAK-12744] rh-sso-preview theme for product build
...
* change logo for RH-SSO
* Small fixes to rh-sso-preview theme
* rh-sso-preview theme
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2020-01-31 08:16:52 -03:00
Pedro Igor
c37ca235ab
[KEYCLOAK-11352] - Can't request permissions by name by a non-owner resource service, although the audience is set
2020-01-30 11:36:21 +01:00
stianst
2916af351a
KEYCLOAK-12712 Add thread-safety for provider hot-deployment
2020-01-29 14:06:11 +01:00
stianst
a3e5f9d547
KEYCLOAK-12736 Set time for admin events in milliseconds, instead of converted seconds
2020-01-29 14:05:22 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless ( #6649 )
2020-01-29 09:33:45 +01:00
Takashi Norimatsu
993ba3179c
KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT ( #6633 )
2020-01-28 14:55:48 +01:00
Stian Thorgersen
87cab778eb
KEYCLOAK-11996 Authorization Endpoint does not return an error when a request includes a parameter more than once ( #6696 )
...
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2020-01-24 12:10:56 +01:00
Thomas Darimont
303861f7e8
KEYCLOAK-10003 Fix handling of request parameters for SMTP Connection Test
...
We now transfer the SMTP connection configuration via HTTP POST
request body parameters instead of URL parameters.
The improves handling of SMTP connection configuration values with
special characters. As a side effect sensitive information like SMTP
credentials are now longer exposed via URL parameters.
Previously the SMTP connection test send the connection parameters
as encoded URL parameters in combination with parameters in the request body.
However the server side endpoint did only look at the URL parameters.
Certain values, e.g. passwords with + or ; could lead to broken URL parameters.
2020-01-23 13:19:31 -06:00
Leon Graser
f1ddd5016f
KEYCLOAK-11821 Add account api roles to the client on creation
...
Co-authored-by: stianst <stianst@gmail.com>
2020-01-23 13:10:04 -06:00
Benjamin Weimer
dd9ad305ca
KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with
...
following features
* Regex support for claim values.
* Support for multiple claims.
2020-01-23 07:17:22 -06:00
Stan Silvert
210fd92d23
KEYCLOAK-11550: Signing In page
2020-01-23 07:35:09 -05:00
Domenico Briganti
812b69af13
KEYCLOAK-9837 Not hide exception in email templating - clean code
2020-01-23 05:45:25 -06:00
Domenico Briganti
f07e08ef28
KEYCLOAK-9837 Not hide exception in email templating - Throws always an Exception
2020-01-23 05:45:25 -06:00
Domenico Briganti
476da4f276
KEYCLOAK-9837 Not hide exception in email templating
2020-01-23 05:45:25 -06:00
Captain-P-Goldfish
b90a0307ea
Add certificate timestamp validation ( #6330 )
...
KEYCLOAK-11818 Add certificate timestamp validation
2020-01-22 20:53:06 +01:00
vmuzikar
03306b87e8
KEYCLOAK-12125 Introduce SameSite attribute in cookies
...
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
Martin Bartos RH
d3f6937a23
[KEYCLOAK-12426] Add username to the login form + ability to reset login
2020-01-17 09:40:13 +01:00
mposolda
85dc1b3653
KEYCLOAK-12426 Add username to the login form + ability to reset login - NOT DESIGN YET
2020-01-17 09:40:13 +01:00
Tomas Kyjovsky
05c428f6e7
KEYCLOAK-12295 After password reset, the new password has low priority ( #6653 )
2020-01-16 09:11:25 +01:00
k-tamura
562dc3ff8c
KEYCLOAK-10659 Proxy authentication support for proxy-mappings
2020-01-15 13:29:54 +01:00
Martin Bartoš
5aab03d915
[KEYCLOAK-12184] Remove BACK button from login forms ( #6657 )
2020-01-15 12:25:37 +01:00
Axel Messinese
789e8c70ce
KEYCLOAK-12630 full representation param for get groups by user endpoint
2020-01-15 10:14:52 +01:00
Axel Messinese
72aff51fca
KEYCLOAK-12670 inconsistent param name full to briefRepresentation
2020-01-15 08:32:57 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector ( #6591 )
2020-01-14 21:54:45 +01:00
k-tamura
221aad9877
KEYCLOAK-11511 Improve exception handling of REST user creation
2020-01-14 13:34:34 +01:00
mhajas
a79d6289de
KEYCLOAK-11416 Fix nil AttributeValue handling
2020-01-10 12:47:09 +01:00
Viswa Teja Nariboina
5082ed2fcb
[ KEYCLOAK-12606 ] Passing email in login_hint query parameter during Identity brokering fails when an account already exists
2020-01-09 10:40:42 +01:00
Pedro Igor
03bbf77b35
[KEYCLOAK-12511] - Mapper not visible in client's mapper list
2020-01-09 10:25:06 +01:00
Thomas Darimont
062cbf4e0a
KEYCLOAK-9925 Use Client WebOrigins in UserInfoEndpoint
...
We now use the allowed WebOrigins configured for the client
for which the user info is requested.
Previously, Web Origins defined on the Client were not being recognized
by the /userinfo endpoint unless you apply the "Allowed Web Origins"
protocol mapper.
This was an inconsistency with how the Web Origins work compared
with the /token endpoint.
2020-01-09 10:10:59 +01:00
Pedro Igor
709cbfd4b7
[KEYCLOAK-10705] - Return full resource representation when querying policies by id
2020-01-09 10:00:24 +01:00
Pedro Igor
9fd7ab81f0
[KEYCLOAK-10407] - Avoiding redundant calls on identity.getid
2020-01-09 09:56:48 +01:00
Manfred Duchrow
f926529767
KEYCLOAK-12616 Vault unit test always failes on Windows
2020-01-07 20:55:50 +01:00
Hynek Mlnarik
f7379086e0
KEYCLOAK-12619 Improve mapped byte buffer cleanup
2020-01-07 16:07:43 +01:00
Thomas Darimont
54b69bd1dc
KEYCLOAK-10190 Fix NPE on missing clientSession in TokenEndpoint.codeToToken
...
In certain scenarios, e.g. when an auth code from another realm login is
used to perform the code to token exchange, it can happen that the
ClientSession is null which triggered an NPE when the userSession field is accessed.
Added null check for clientSession in TokenEndpoint.codeToToken to prevent an NPE.
2020-01-06 14:45:20 +01:00
Thomas Darimont
1a7aeb9b20
KEYCLOAK-8249 Improve extraction of Bearer tokens from Authorization headers ( #6624 )
...
We now provide a simple way to extract the Bearer token string from
Authorization header with a null fallback.
This allows us to have more fine grained error handling for the
various endpoints.
2020-01-06 13:58:52 +01:00
rmartinc
401d36b446
KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts
2019-12-27 15:59:38 -03:00
Thomas Darimont
0219d62f09
KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens
...
As required by the OIDC spec (1) we now return a proper WWW-Authenticate
response header if the given token is invalid.
1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError
2019-12-23 07:42:06 -03:00
Andrei Arlou
eed4847469
KEYCLOAK-12311 Fix minor warnings with collections in packages: forms, keys, partialimport, protocol from module "services"
2019-12-20 13:31:38 +01:00
Peter Skopek
7a14661fce
KEYCLOAK-6115 Login fails if federated user is read-only and has selected a locale on the login screen
2019-12-19 14:36:50 +01:00
Andrei Arlou
aceb123242
KEYCLOAK-12417 Fix minor warnings in tests from module "services"
2019-12-19 10:51:37 +01:00
Andrei Arlou
697eaa4f36
KEYCLOAK-12309 Fix warnings with collections in packages:
...
authentification, authorization, broker, email, events, exportimport from module "services"
2019-12-18 14:02:27 +01:00
Andrei Arlou
bb156fb2fd
KEYCLOAK-12317 Fix minor warnings with modificators in packages: authentication, authorization, keys, partialimport, protocol from module "services"
2019-12-18 13:26:27 +01:00
Andrei Arlou
c61cc1a493
KEYCLOAK-12316 Simplify conditions in packages: authentication, broker, credential, protocol from module "services"
2019-12-18 13:22:36 +01:00
Stefan Guilhen
9f69386a53
[KEYCLOAK-11707] Add support for Elytron credential store vault
...
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
- Introduces an abstract provider and factory that unifies code that is common to the existing implementations
- Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
and key names when constructing the vault entry id
- Introduces a keyResolvers property to the existing implementation via superclass that allows for the
configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
are tried in the order they were declared when retrieving a secret from the vault
- Adds more tests for the files-plaintext provider using the new key resolvers
- Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb
[KEYCLOAK-12254] Fix re-evaluation of conditional flow ( #6558 )
2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9
[KEYCLOAK-11859] Added option to always display a client in the accounts console
2019-12-17 17:12:49 -03:00
jacac
3ae508e1b9
KEYCLOAK-12425 Encode userid with Base64Url. ( #6585 )
2019-12-16 20:40:27 +01:00
Douglas Palmer
af0594b58d
[KEYCLOAK-12463] Fixed missing consents
2019-12-12 17:27:54 -03:00
Douglas Palmer
f9fa5b551d
[KEYCLOAK-5628] Added application endpoint
2019-12-11 13:06:04 -03:00
Martin Bartoš
2cf6483cdf
[KEYCLOAK-12044] Fix messages in the UsernameForm ( #6548 )
2019-12-11 10:59:46 +01:00
Dmitry Telegin
56aa14ffab
KEYCLOAK-11347 - MicroProfile-Config
2019-12-10 12:08:22 +01:00
Denis Richtárik
48bddc37ae
KEYCLOAK-12011 Remove cancel button from OTP form ( #6511 )
...
* KEYCLOAK-12011 Remove cancel button from OTP form
* Remove back button
2019-12-09 19:23:26 +01:00
Dmitry Telegin
e2144d6aec
KEYCLOAK-12175 - Platform SPI
2019-12-09 09:55:04 +01:00
Yoshiyuki Tabata
b2664c7ef9
KEYCLOAK-12094 "client-session-stats" not search null client information ( #6554 )
2019-12-06 10:37:25 +01:00
Martin Bartoš
e405ce6e97
[KEYCLOAK-11824] Fix bug with only one value of the authentication model execution requirement ( #6570 )
2019-12-05 18:28:00 +01:00
Andrei Arlou
fb421d3086
KEYCLOAK-12262 Remove unused imports from packages "authorization" and "authentification" in module "services" ( #6547 )
2019-12-05 14:39:03 +01:00
Andrei Arlou
da7e0ba403
KEYCLOAK-12310 Remove unused imports from packages: exportimport, forms, jose, partialimport, protocol in module "services" ( #6560 )
2019-12-05 14:28:47 +01:00
Cristian Schuszter
5c7ce775cf
KEYCLOAK-11472 Pagination support for clients
...
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
vmuzikar
072cd9f93f
KEYCLOAK-12329 Fix linking accounts in the new Account Console
2019-12-03 18:49:40 -03:00
Martin Kanis
73d1a26040
KEYCLOAK-11773 Front-channel logout with identity brokering does not work after browser restart
2019-12-03 08:17:54 +01:00
harture
129c689855
[KEYCLOAK-12253] Fix conditional authenticators are evaluated even if they are disabled ( #6553 )
2019-11-28 09:30:31 +01:00
Stan Silvert
de6f90b43b
KEYCLOAK-11550: Single page for credentials (initial commit)
2019-11-27 07:32:13 -03:00
rmartinc
82ef5b7927
KEYCLOAK-12000: Allow overriding time lifespans on a SAML client
2019-11-26 10:02:34 +01:00
Dmitry Telegin
79074aa380
KEYCLOAK-12162 Modularize config backends ( #6499 )
...
* KEYCLOAK-12162 - Modularize configuration backends
* - Use JsonSerialization
- simplify backend selection (no fallbacks)
* Remove unused org.wildfly.core:wildfly-controller dependency
2019-11-22 15:23:04 +01:00
Yoshiyuki Tabata
0a9d058b81
KEYCLOAK-12150 change error response from invalid_request to unsupported_grant_type
2019-11-22 11:11:07 +01:00
Yoshiyuki Tabata
a36cfee84b
KEYCLOAK-12149 change error response from invalid_grant to unauthorized_client
2019-11-22 11:10:16 +01:00
Yoshiyuki Tabata
4117710379
KEYCLOAK-12019 change error response from unsupported_response_type to unauthorized_client
2019-11-22 11:03:02 +01:00
Vidhyadharan Deivamani
9e366f0453
KEYCLOAK-8162 review comment adopted
2019-11-22 10:37:50 +01:00
Vidhyadharan Deivamani
318b290f55
KEYCLOAK-8162 Added resourcesPath
2019-11-22 10:37:50 +01:00
Fuxin Hao
ff4c94506f
use reCAPTCHA globally
2019-11-22 10:22:15 +01:00
Stan Silvert
ea268af511
KEYCLOAK-12159: AIA and Logout broken in new acct console
2019-11-21 09:35:46 -03:00
stianst
3731e36ece
KEYCLOAK-12069 Add account-console client for new account console
2019-11-20 08:48:40 -05:00
keycloak-bot
76aa199fee
Set version to 9.0.0-SNAPSHOT
2019-11-15 20:43:21 +01:00
Stefan Guilhen
9a7c1a91a5
KEYCLOAK-10780 Stop creating placeholder e-mails for service accounts ( #228 )
2019-11-15 15:08:29 +01:00
k-tamura
43e2370f21
KEYCLOAK-11772 Fix temporary credential property to work correctly
2019-11-15 08:48:12 +01:00
AlistairDoswald
4553234f64
KEYCLOAK-11745 Multi-factor authentication ( #6459 )
...
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Stan Silvert
d439f4181a
KEYCLOAK-6503: Linked Accounts Page
2019-11-14 07:39:43 -03:00
Martin Kanis
25511d4dbf
KEYCLOAK-9651 Wrong ECDSA signature R and S encoding
2019-11-13 15:32:51 +01:00
stianst
b8881b8ea0
KEYCLOAK-11728 New default hostname provider
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2019-11-11 12:25:44 +01:00
stianst
062841a059
KEYCLOAK-11898 Refactor AIA implementation
2019-11-08 16:03:07 -03:00
stianst
63abebd993
KEYCLOAK-11627 Require users to re-authenticate before invoking AIA
2019-11-08 16:03:07 -03:00
stianst
bc5113053d
KEYCLOAK-11897 Change kc_action parameter to proper built-in parameter
2019-11-08 16:03:07 -03:00
stianst
1e66660fd0
KEYCLOAK-11896 Remove initiate-action role
2019-11-08 16:03:07 -03:00
Takashi Norimatsu
4574d37d8d
KEYCLOAK-11372 Support for attestation statement verification ( #6449 )
2019-11-08 09:15:28 +01:00
Stian Thorgersen
f14f92ab0b
KEYCLOAK-6073 Make adapters use discovery endpoint for URLs instead of hardcoding ( #6412 )
2019-11-06 10:34:35 +01:00
Stan Silvert
041229f9ca
KEYCLOAK-7429: Linked Accounts REST API
2019-11-05 16:03:21 -05:00
Takashi Norimatsu
ecae2c5772
KEYCLOAK-11743 Update to webauthn4j 0.9.14.RELEASE and add apache-kerby-asn1:2.0.0 dependency ( #6401 )
2019-11-05 09:23:09 +01:00
Miguel Paulos Nunes
aa44579a02
KEYCLOAK-9553 Performance optimization on role mappings retrieval.
2019-11-05 08:59:53 +01:00
Dmitry Telegin
203646627f
Use global bootstrap flag
2019-11-01 10:56:06 +01:00
Dmitry Telegin
b68e8323ed
KEYCLOAK-11785 - Support for deferred initialization
2019-11-01 10:56:06 +01:00
Gideon Caranzo
e07fd9ffa3
KEYCLOAK-9936 Added optional hooks for preprocessing SAML authentication
...
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2019-10-29 13:06:59 +01:00
Helge Olav Aarstein
d7a0597b1d
KEYCLOAK-9091 Fix for claims with dots from userInfo ( #6312 )
...
* KEYCLOAK-9091 Unable to map claim attributes with dots (.) in them when claims are retrieved from userInfo endpoint
2019-10-24 21:41:38 +02:00
pkokush
ff551c5545
KEYCLOAK-10307: check password history length in password verification ( #6058 )
2019-10-24 21:33:21 +02:00
Takashi Norimatsu
1905260eac
KEYCLOAK-11251 ES256 or PS256 support for Client Authentication by Signed JWT ( #6414 )
2019-10-24 17:58:54 +02:00
Pedro Igor
bb4ff55229
[KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server
...
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
2019-10-22 10:34:24 +02:00
Pedro Igor
bad9e29c15
[KEYCLOAK-10870] - Deprecate support for JavaScript policy support from UMA policy endpoint
...
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java
(cherry picked from commit 13923a7683cb666d2842bc61429c23409c1493b6)
2019-10-22 10:34:24 +02:00
Martin Kanis
0e0177136c
KEYCLOAK-9984 Remove org.apache.commons.* usages from the code
2019-10-22 09:48:15 +02:00
Martin Kanis
37304fdd7d
KEYCLOAK-10728 Upgrade to WildFly 18 Final
2019-10-21 14:06:44 +02:00
Martin Reinhardt
28748ebf3f
[KEYCLOAK-6376] Fix NPE and test setup
2019-10-21 10:41:04 +02:00
Martin Reinhardt
f18c8b9da5
[KEYCLOAK-6376] Switching to arquillian end2end tests
2019-10-21 10:41:04 +02:00
Martin Reinhardt
eed4449f8d
[KEYCLOAK-6376] Fixing Conditional OTP by reusing existing API for role checks
2019-10-21 10:41:04 +02:00
Kohei Tamura
59ba874e1d
KEYCLOAK-10945 Avoid lockout when clicking login twice
2019-10-21 10:36:16 +02:00
Pedro Igor
17785dac08
[KEYCLOAK-10714] - Add filtering support in My Resources endpoint by name
2019-10-16 16:26:55 +02:00
Sebastian Laskawiec
b6b7c11517
KEYCLOAK-11725 Removed VaultRealmModel from tests
2019-10-15 10:59:05 +02:00
stianst
c16cfe9696
Fixes for Quarkus
2019-10-15 10:57:54 +02:00
Sebastian Laskawiec
ea1b22daa7
KEYCLOAK-11227 Removed enabled/disabled flag from FileTruststoreProvider
2019-10-15 05:24:28 +02:00
stianst
52085da520
KEYCLOAK-11702 Remove RestEasy 4 dependencies from core codebase
2019-10-11 15:03:34 +02:00
mhajas
2f44c58a0d
KEYCLOAK-11495 Change name of PlaintextVaultProvider to FilesPlaintextVaultProvider
2019-10-09 14:48:00 +02:00
Pedro Igor
f0fb48fb76
[KEYCLOAK-11326] - Refactoring to support different versions of resteasy
2019-10-09 12:01:34 +02:00
Pedro Igor
a2e98b57f4
[KEYCLOAK-11326] - Refactoring to use types from JAX-RS API
2019-10-09 12:01:34 +02:00
Hisanobu Okuda
75a44696a2
KEYCLOAK-10636 Large Login timeout causes login failure
...
KEYCLOAK-10637 Large Login Action timeout causes login failure
2019-10-07 13:27:20 +02:00
vmuzikar
434ea0965c
KEYCLOAK-11632 Don't cache server info endpoint
2019-10-07 10:29:52 +02:00
Axel Messinese
f3607fd74d
KEYCLOAK-10712 get groups full representation endpoint
2019-10-03 11:26:30 +02:00
Takashi Norimatsu
66de87a211
KEYCLOAK-11253 Advertise acr claim in claims_supported Server Metadata
2019-10-03 11:25:45 +02:00
Niko Köbler
d0324d8098
KEYCLOAK-11566 add attribute resourceType to log output of admin events
2019-10-02 13:18:30 +02:00
Vincent Letarouilly
6b36e57593
KEYCLOAK-6698 - Add substitution of system properties and environment variables in theme.properties file
2019-10-01 16:34:54 +02:00
Takashi Norimatsu
6c9cf346c6
KEYCLOAK-11252 Implement Server Metadata of OAuth 2.0 Mutual TLS Client Authentication
2019-10-01 15:27:59 +02:00
Takashi Norimatsu
7c75546eac
KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
...
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
Jess Thrysoee
3b58692d7c
KEYCLOAK-11596 Enable template cache when cacheTemplates attribute is true
2019-10-01 14:37:48 +02:00
David Festal
d73a2b821c
Fix a NPE when using token-exchange
...
When using the preview token-exchange feature with the `openshit-v3` identity provider, a NPE is triggered, because it tries to extract the `metadata` field twice from the user profile:
```
13:17:13,667 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.NullPointerException
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getJsonProperty(AbstractOAuth2IdentityProvider.java:357)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractUserContext(OpenshiftV3IdentityProvider.java:61)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractIdentityFromProfile(OpenshiftV3IdentityProvider.java:87)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.validateExternalTokenThroughUserInfo(AbstractOAuth2IdentityProvider.java:489)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalUserInfoValidationOnly(AbstractOAuth2IdentityProvider.java:548)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalImpl(AbstractOAuth2IdentityProvider.java:528)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternal(AbstractOAuth2IdentityProvider.java:519)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.exchangeExternalToken(TokenEndpoint.java:917)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.tokenExchange(TokenEndpoint.java:696)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:194)
.....
13:17:28,916 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.NullPointerException
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getJsonProperty(AbstractOAuth2IdentityProvider.java:357)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractUserContext(OpenshiftV3IdentityProvider.java:61)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractIdentityFromProfile(OpenshiftV3IdentityProvider.java:87)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.validateExternalTokenThroughUserInfo(AbstractOAuth2IdentityProvider.java:489)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalUserInfoValidationOnly(AbstractOAuth2IdentityProvider.java:548)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalImpl(AbstractOAuth2IdentityProvider.java:528)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternal(AbstractOAuth2IdentityProvider.java:519)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.exchangeExternalToken(TokenEndpoint.java:917)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.tokenExchange(TokenEndpoint.java:696)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:194)
......
13:17:53,492 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.NullPointerException
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getJsonProperty(AbstractOAuth2IdentityProvider.java:357)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractUserContext(OpenshiftV3IdentityProvider.java:61)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractIdentityFromProfile(OpenshiftV3IdentityProvider.java:87)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.validateExternalTokenThroughUserInfo(AbstractOAuth2IdentityProvider.java:489)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalUserInfoValidationOnly(AbstractOAuth2IdentityProvider.java:548)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalImpl(AbstractOAuth2IdentityProvider.java:528)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternal(AbstractOAuth2IdentityProvider.java:519)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.exchangeExternalToken(TokenEndpoint.java:917)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.tokenExchange(TokenEndpoint.java:696)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:194)
```
2019-10-01 14:23:46 +02:00
Mathieu CLAUDEL
2fb507e170
KEYCLOAK-10802 add support of SAMLv2 ForceAuthn
2019-09-27 09:55:54 +02:00
Yaroslav Kvasetskiy
622d049207
KEYCLOAK-10837 Add possibility to disable certificate verification for outgoing https connections
2019-09-26 08:12:09 -03:00
madgaet
0d12b8dd5a
[KEYCLOAK-11497] OIDC Idp authentication with private_key_jwt may not always work ( #6337 )
2019-09-25 23:10:07 +02:00
Hisanobu Okuda
da49dbce2b
KEYCLOAK-10770 user-storage/{id}/sync should return 400 instead of 404
2019-09-20 11:17:09 +02:00
mhajas
37b7b595a5
KEYCLOAK-11410 Do not throw exception in PlaintextVaultProvider if unconfigured
2019-09-19 14:56:19 +02:00
rradillen
b71198af9f
[KEYCLOAK-8575] oidc idp basic auth ( #6268 )
...
* [KEYCLOAK-8575] Allow to choose between basic auth and form auth for oidc idp
* uncomment ui and add tests
* move basic auth to abstract identity provider (except for getting refresh tokens)
* removed duplications
2019-09-19 14:36:16 +02:00
rmartinc
7f54a57271
KEYCLOAK-10757: Replaying assertion with signature in SAML adapters
2019-09-18 16:49:00 +02:00
farmersmurf
515727c944
fix: as discussed changed to NOT_ACCEPTABLE rather than OK to prevent INTERNAL SERVER ERROR on validation
2019-09-17 16:35:42 +02:00
farmersmurf
ae74335760
KEYCLOAK-10944 Fix 500 Error Code on Update Password
2019-09-17 16:35:42 +02:00
farmersmurf
b443c8186d
KEYCLOAK-10944 Fix 500 Error Code on Update Password
2019-09-17 16:35:42 +02:00
madgaet
c35718cb87
[KEYCLOAK-9809] Support private_key_jwt authentication for external IdP
2019-09-17 16:04:23 +02:00
Kohei Tamura
09671aa480
KEYCLOAK-11178 Suppress incorrect warnings
2019-09-13 10:21:20 +02:00
Shiva Prasad Thagadur Prakash
ff8b790549
KEYCLOAK-10022 Fixing few admin events not raised bug
2019-09-11 18:01:10 -03:00
Cédric Couralet
9c37da0ee9
KEYCLOAK-8818 Support message bundle in theme resources
2019-09-11 08:03:16 +02:00
mhajas
2703388946
KEYCLOAK-11245 Adapt LDAPConnectionTestManager to use newly introduced LDAPContextManager
2019-09-10 22:51:19 +02:00
mhajas
9c2525ec1a
KEYCLOAK-11245 Use transcription object for LDAP bindCredential
2019-09-09 19:39:53 +02:00
Martin Kanis
4235422798
KEYCLOAK-11246 Use the transcription object for SMTP password
2019-09-09 13:27:11 +02:00
Hynek Mlnarik
9eb2e1d845
KEYCLOAK-11028 Use pessimistic locks to prevent DB deadlock when deleting objects
2019-09-09 10:57:49 +02:00
rmartinc
a726e625e9
KEYCLOAK-10782: Credentials tab on clients can only be displayed with view-realm
2019-09-06 16:45:08 -03:00
Martin Kanis
b1be6c2bdd
KEYCLOAK-11247 Use the transcription object for Identity providers password
2019-09-06 15:29:11 +02:00
Cédric Couralet
aadd5331bc
[KEYCLOAK-11219] log an explicit error message when state is null
2019-09-06 10:59:28 +02:00
Pedro Igor
a1d8850373
[KEYCLOAK-7416] - Device Activity
2019-09-05 11:43:27 -03:00
Sebastian Laskawiec
69d6613ab6
KEYCLOAK-10169 OpenShift 4 Identity Provider
2019-09-05 16:33:59 +02:00
Stefan Guilhen
bb9c811a65
[KEYCLOAK-10935] Add a vault transcriber implementation that can be obtained from the session.
...
- automatically parses ${vault.<KEY>} expressions to obtain the key that contains the secret in the vault.
- enchances the capabilities of the VaultProvider by offering methods to convert the raw secrets into other types.
2019-09-04 22:34:08 +02:00
Kohei Tamura
6ae0773e09
KEYCLOAK-11006 Add method to log catched exception
2019-09-02 10:11:20 +02:00
Sebastian Laskawiec
3afbdd3ea3
KEYCLOAK-10934 PlainTextVaultProvider
2019-08-20 21:46:47 +02:00
Pedro Igor
e12c245355
[KEYCLOAK-10779] - CSRF check to My Resources
...
(cherry picked from commit dbaba6f1b8c043da4a37c906dc0d1700956a0869)
2019-08-20 06:35:00 -03:00
Hynek Mlnarik
97811fdd51
KEYCLOAK-10786 Check signature presence in SAML broker
...
(cherry picked from commit ba9f73aaff22eb34c7dec16f4b76d36d855d569b)
2019-08-20 06:35:00 -03:00
Leon Graser
0ce10a3249
[KEYCLOAK-10653] Manage Consent via the Account API
2019-08-20 06:24:44 -03:00
Nemanja Hiršl
411ea331f6
KEYCLOAK-10785 X.509 Authenticator - Update user identity source mappers
...
Update user identity sources and the way how X.509 certificates are mapped to the user to:
1. Include "Serial number + Issuer DN" as described in RFC 5280
2. Include "Certificate's SHA256-Thumbprint"
3. Exclude "Issuer DN"
4. Exclude "Issuer Email"
Add an option to represent serial number in hexadecimal format.
Documentation PR created: https://github.com/keycloak/keycloak-documentation/pull/714
KEYCLOAK-10785 - Documentation for new user identity source mappers
2019-08-16 11:35:50 -03:00
Takashi Norimatsu
8225157a1c
KEYCLOAK-6768 Signed and Encrypted ID Token Support
2019-08-15 15:57:35 +02:00
Hynek Mlnarik
d2da206d6b
KEYCLOAK-10933 Interfaces for vault SPI
2019-08-13 08:50:29 +02:00
Kohei Tamura
c0f73c0df4
KEYCLOAK-10817 Set referrer on error
2019-08-02 10:02:23 -03:00
Vlastimil Elias
4571f65d1e
KEYCLOAK-10209 - AuthenticationSessionModel made available through
...
KeycloakContext in KeycloakSession
2019-07-30 12:36:57 +02:00
Pedro Igor
8b203d48ce
[KEYCLOAK-10949] - Proper error messages when failing to authenticate the request
2019-07-29 17:01:42 -03:00
Pedro Igor
967d21dbb5
[KEYCLOAK-10713] - Pagination to resources rest api
2019-07-29 16:19:22 -03:00
k-tamura
fe0d6f4583
KEYCLOAK-10665 Fix incorrect client link on my resources page
2019-07-26 15:36:06 -03:00
k-tamura
2dceda3f50
KEYCLOAK-10807 Fix incorrect RS link on my resources page
2019-07-26 15:29:25 -03:00
Stan Silvert
bc818367a1
KEYCLOAK-10854: App-initiated actions Phase I
2019-07-26 14:56:29 -03:00
Stan Silvert
6c79bdee41
KEYCLOAK-10854: App initiated actions phase I
2019-07-26 14:56:29 -03:00
mhajas
57a8fcb669
KEYCLOAK-10776 Add session expiration to Keycloak saml login response
2019-07-24 13:35:07 +02:00
keycloak-bot
17e9832dc6
Set version to 8.0.0-SNAPSHOT
2019-07-19 19:05:03 +02:00
Pedro Igor
5f5cb6cb7b
[KEYCLOAK-10808] - Do not show authorization tab when client is not confidential
2019-07-15 10:07:31 -03:00
rmartinc
1d2d6591b2
KEYCLOAK-10826: Provide the locale name in the LocaleBean to be used in themes
2019-07-13 07:18:40 +02:00
rmartinc
6d6db1f3e5
KEYCLOAK-10345: OCSP validation fails if there is no intermediate CA in the client certificate
2019-07-12 15:16:00 +02:00
Takashi Norimatsu
2e850b6d4a
KEYCLOAK-10747 Explicit Proof Key for Code Exchange Activation Settings
2019-07-12 08:33:20 +02:00
Martin Kanis
efdf0f1bd8
KEYCLOAK-6839 You took too long to login after SSO idle
2019-07-10 10:15:26 +02:00
Kohei Tamura
55a6141bff
KEYCLOAK-10783 Fix internal server error when logging out after sharing my resource
2019-07-09 09:06:58 -03:00
mposolda
5f9feee3f8
KEYCLOAK-9846 Verifying signatures on CRL during X509 authentication
2019-07-08 20:20:38 +02:00
Tomasz Prętki
0376e7241a
KEYCLOAK-10251 New Claim JSON Type - JSON
2019-07-08 11:59:57 +02:00
Sven-Torben Janus
c883c11e7e
KEYCLOAK-10158 Use PEM cert as X.509 user identity
...
Allows to use the full PEM encoded X.509 certificate from client cert
authentication as a user identity. Also allows to validate that user's
identity against LDAP in PEM (String and binary format). In addition,
a new custom attribute mapper allows to validate against LDAP when
certificate is stored in DER format (binay, Octet-String).
KEYCLOAK-10158 Allow lookup of certs in binary adn DER format from LDAP
2019-07-08 11:58:26 +02:00
Hynek Mlnarik
ca4e14fbfa
KEYCLOAK-7852 Use original NameId value in logout requests
2019-07-04 19:30:21 +02:00
Sebastian Laskawiec
b5d8f70cc7
KEYCLOAK-8224 Client not found error message
2019-07-03 18:34:56 +02:00
Asier Aguado
bed22b9b8d
[KEYCLOAK-10710] Make social providers compatible with OIDC UsernameTemplateMappers
2019-07-03 15:01:46 +02:00
rmartinc
bd5dec1830
KEYCLOAK-10112: Issues in loading offline session in a cluster environment during startup
2019-07-03 13:17:45 +02:00
Axel Messinese
b32d52e62b
KEYCLOAK-10750 Check if role exist on get user/group in role endpoint
2019-07-03 08:46:36 +02:00
Pedro Igor
0cdd23763c
[KEYCLOAK-10443] - Define a global decision strategy for resource servers
2019-07-02 09:14:37 -03:00
Jeroen ter Voorde
7518692c0d
[KEYCLOAK-10419] Added briefRepresentation parameter support to the admin client interface
...
And added a aquillian test for it.
2019-06-21 11:31:01 +02:00