libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
12843 commits 4 branches 5 tags 480 MiB
Commit graph

708 commits

Author SHA1 Message Date
Pedro Igor
adf0a19f9d [KEYCLOAK-8133] - Can't Sucessfully inject a custom KeycloakSpringBootConfigResolver in the Keycloak Spring Boot Security Adapter 2018-09-20 11:11:12 -03:00
Hynek Mlnarik
2bf6d75e57 KEYCLOAK-8010 Improve handling of Conditions SAML tag 2018-09-19 14:00:28 +02:00
Hynek Mlnarik
0b893d5634 KEYCLOAK-8187 Fix Undertow imports for Fuse 
Co-Authored-By: wyvie <irum@redhat.com>
 2018-09-18 16:54:03 +02:00
Pedro Igor
64f8fe4987 [KEYCLOAK-8070] - wrong expose headers when enable cors and policyenforcer 2018-09-17 17:02:15 -03:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
Hynek Mlnarik
812e76c39b KEYCLOAK-8163 Improve SAML validations 2018-09-05 15:47:03 +02:00
Pedro Igor
33efcc6b93 [KEYCLOAK-8142] - Fixing regression when setting path enforcement mode to disabled 2018-09-04 10:32:06 -03:00
Dmitry Telegin
bc8763ccf3 KEYCLOAK-7858 - OIDC servlet filter adapter OSGi support 2018-09-04 11:29:45 +02:00
Jani
42553cdc44 [KEYCLOAK-7695] Restore token_type and expires_in for implicit flow 
As KEYCLOAK-6585 concerns only hybrid flow, this commit restores the behavior for implicit flow.

This commit partially reverts #5041 (061049e41a6b0e6fb45c75f05748023ad7ab7d92).
 2018-08-29 13:00:57 +02:00
mposolda
6fc99cd749 KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2 
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2018-08-27 12:52:53 +02:00
Dan Hooper
0a8fca7ec4 Created common interface for parsed tokens in typescript declaration file 2018-08-23 16:14:17 -04:00
Frank Schmager
3e2e0ac91c Renamed factory and java doc 2018-08-22 16:39:55 +02:00
Frank Schmager
dda365e002 initial exposing of BasicAuthRequestAuthenticator to make extensible 2018-08-22 16:39:55 +02:00
Grzegorz Grzybek
fdc9882709 [KEYCLOAK-8101] Return just cached deployment to prevent NPE 2018-08-21 09:56:58 +02:00
Alex Szczuczko
a35ed671e6 KEYCLOAK-7480 Make fuse7 tomcat8 adapter community-only 2018-08-20 09:06:45 +02:00
Alex Szczuczko
f0a2f7a675 KEYCLOAK-7480 Make fuse7 adapter's jetty94 conditional on the community profile 
In commit d70859ef keycloak-pax-web-jetty94 was added.

org.keycloak:keycloak-jetty94-adapter:jar is a dependency of this module, and
isn't produced outside of the community profile. So, the jetty94 module here
must be consistent with that.
 2018-08-20 09:06:45 +02:00
Erin Recachinas
fa8cb004a1 KEYCLOAK-6086 Casting Jetty WebAppContext in Spring Adapter checks validity and unwraps 2018-08-13 11:16:19 +02:00
Hynek Mlnarik
a8a9631d4f KEYCLOAK-6832 Unify Destination attribute handling 2018-08-09 10:30:30 +02:00
Pedro Igor
80e5227bcd [KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests 2018-08-07 10:53:40 -03:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
Tair Sabirgaliev
d88568266f KEYCLOAK-7821 Enable tomcat-specific features: * (all roles), ** (authenticated user) in authRoles constraint 2018-07-27 14:24:49 +02:00
mhajas
a6e4f4f9aa KEYCLOAK-7922 Use Time.currentTimeMillis() instead of System.currentTimeMillis() in PathCache 2018-07-24 08:52:48 -03:00
Hynek Mlnarik
c8bc0d6d7b KEYCLOAK-7400 Remove dead code 
This commit can only be merged once the Camel 2.21.2 would be
released, otherwise the code won't compile due to missing dependencies.

See https://issues.apache.org/jira/browse/CAMEL-12514 for details.
 2018-07-23 14:46:00 +02:00
Pedro Igor
7c14a6a503 [KEYCLOAK-6547] - AuthenticatedActionsHandler should process responses after identity is established 2018-07-19 10:05:04 -03:00
Grzegorz Grzybek
2cb7ec9432 [KEYCLOAK-7703] HierarchicalPathBasedKeycloakConfigResolver for more fine/coarse grained Keycloak configuration in Karaf 2018-07-19 14:25:52 +02:00
Gregor Tudan
3417b569c0 KEYCLOAK-2606: add support for native browsers on cordova 
KEYCLOAK-2606 Added cordova native

KEYCLOAK-2606 Some more fixes and tweaks

Fix redirect in example realm

feature(cordova-native): fix universalLinks and kc options

Added 'cordova-native' to typings

Added an option to define a "default" redirectUri in keycloak.js

Added 'login' and 'logout' event to universalLinks configuration in config.xml

Improved 'cordova-native' example to always use a redirectUri and
update state after successfull logout

Setting the 'authenticated' flag for the keycloak instance to 'false'
after a logout redirect

KEYCLOAK-2606: Simplify example for cordova-native

I wanted to make it explicit which options are actually needed, so I didn't want to reuse the keycloak conf

KEYCLOAK-2606: simplify example

The update state after logout shouldn't be necessary as it is set in `keycloak.onAuthLogout = updateState;`
Not sure why it is called after the login promise...

Fixes
 2018-07-18 10:51:59 +02:00
Martin Kanis
b520dda3ef KEYCLOAK-4662 Keycloak adapter missing configuration attribute proxy-url 2018-07-13 14:30:40 +02:00
mhajas
5aebc74f8c KEYCLOAK-7269 Setting more uris for Authorization Resource 2018-07-11 17:48:34 -03:00
Pedro Igor
55550f2023 [KEYCLOAK-6547] - AuthenticatedActionsHandler should process responses after identity is established 2018-07-11 11:33:31 -03:00
rmartinc
4a82979792 KEYCLOAK-1925: SAML adapter multitenant support 2018-07-10 13:21:11 +02:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
sebastienblanc
f5d00ddffb making Spring Boot 2 the default starter 2018-07-03 22:04:16 +02:00
Pedro Igor
dcadc61220 [KEYCLOAK-7670] - PEP not returning correct status code when authorization header is not set 2018-06-29 09:39:55 -03:00
Pedro Igor
f10c47955f [KEYCLOAK-7427] - Fix to support writing to response when doing programmatic logouts 2018-06-28 11:08:28 -03:00
Pedro Igor
23db2b852b [KEYCLOAK-7679] - Wildfly adapter must be disabled when using Elytron 2018-06-28 11:08:28 -03:00
Grzegorz Grzybek
3c9d3c2c04 [KEYCLOAK-7681] Review pax-web OSGi dependencies 
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
 2018-06-22 13:47:20 +02:00
Grzegorz Grzybek
f90e0fc14c [KEYCLOAK-7425] Correctly import packages of httpclient and http core, fix Karaf feature 2018-06-21 14:28:47 +02:00
Hynek Mlnarik
6b968796ce KEYCLOAK-7667 Fix namespace handling when decrypting assertion 2018-06-21 13:09:18 +02:00
vramik
2fcfa5cf71 KEYCLOAK-7094 Support redirect to external logout page for saml filter adapter 2018-06-19 13:23:18 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Dennis Bayer
c43d8b3d85 Get role list to update directly from the security context rather than from previously created subject info. 
Roles within groups must be unpacked added separately in order to contain all roles.
 2018-06-13 21:03:30 -03:00
Dennis Bayer
6a2a121d4e Map group members of authenticated subject into subject info. 
This commit contains a POC for the issue "Roles get lost after security context was propagated back to wildfly-swarm, if using jwt for authentication" (KEYCLOAK-7309).
 2018-06-13 21:03:30 -03:00
Hynek Mlnarik
9dc5709ce7 KEYCLOAK-7593 Setters for httpContext 2018-06-13 16:32:39 +02:00
vramik
5f1f3dff5e KEYCLOAK-7094 Support redirect to external logout page for elytron adapter 2018-06-13 12:50:38 +02:00
Stefan Guilhen
d897159560 [KEYCLOAK-7598] - Set CIP config when defining paths in policy enforcer config (#5264) 2018-06-12 11:24:17 -03:00
Vlasta Ramik
182c975e01 KEYCLOAK-7597 fix logger classes (#5263) 2018-06-12 11:02:04 -03:00
Pedro Igor
db60abc604
[KEYCLOAK-7543] - Policy enforcer should not delegate decisions when using UMA (#5252) 2018-06-11 08:17:40 -03:00
Lorent Lempereur
f55c93a1e4 Javascript Adapter - Add 'cordovaOptions' to the Typescript definition of KeycloakLoginOptions (#5250) 2018-06-11 08:21:04 +02:00
Grzegorz Grzybek
fca6da3a5a KEYCLOAK-7523 better context path detection in PathBasedKeycloakConfigResolver 2018-06-08 21:32:14 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076) 
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
 2018-06-08 15:38:38 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353 
[KEYCLOAK-7353] Support Policy Management in Protection API
 2018-06-07 11:05:49 -03:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API 
See https://issues.jboss.org/browse/KEYCLOAK-7353
 2018-06-06 19:36:42 -03:00
Hynek Mlnarik
5a241392cf KEYCLOAK-7094 Support redirect to external logout page 2018-06-05 14:51:18 +02:00
Pedro Igor
bc665fdbc3
Merge pull request #5195 from suem/bugfix_FilterSessionStore 
NullPointerException in FilterSessionStore when restoring request
 2018-06-01 10:51:28 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Hynek Mlnarik
1e438cdc45 KEYCLOAK-7277 KEYCLOAK-7282 Tomcat 8/Pax Web integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
d70859ef1b KEYCLOAK-7277 KEYCLOAK-7282 Jetty/Pax Web integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
cace03c3cc KEYCLOAK-7279 Camel/Undertow integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
b2df872ad4 KEYCLOAK-7278 KEYCLOAK-7280 CXF/Undertow integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
dd65c231f9 KEYCLOAK-7277 KEYCLOAK-7282 Undertow/Pax Web integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
ae690e0679 KEYCLOAK-5522 Base for Fuse 7 adapter 2018-05-23 13:14:07 +02:00
Pedro Igor
dac5d313b3
Merge pull request #5166 from pedroigor/KEYCLOAK-7021 
[KEYCLOAK-7021] - keycloak-authz.js and keycloak-authz.d.ts do not work with TypeScript
 2018-05-17 17:42:51 -03:00
Pedro Igor
21d139c6c2
Merge pull request #5173 from pedroigor/KEYCLOAK-7148 
[KEYCLOAK-7148] - Associate sub resources to a parent resource
 2018-05-17 16:51:55 -03:00
Lorent Lempereur
27d8afe4a7 Javascript Adapter - Reject 'login' promise when users close their cordova in-app-browser on purpose (#5000) 2018-05-09 15:49:38 -07:00
Samuel Ueltschi
3391ec5377 check if content-type is null when restoring request 2018-05-09 12:47:14 +02:00
Lorent Lempereur
f6125a2542 [KEYCLOAK-6655] Javascript Adapter - Allow users to provide cordova-specific options to login and register (#4998) 
* Javascript Adapter - Allow users to pass cordova-specific options (in-app-browser) to the login and register functions

* Javascript Adapter - Allow users to pass cordova-specific options (in-app-browser) to the login and register functions

* [KEYCLOAK-6655] On Android 8, explicit hidden=no fails on in-app-browser load.
 2018-05-07 00:26:46 +02:00
pedroigor
7ebcc69cb9 [KEYCLOAK-7148] - Associate sub resources to a parent resource 2018-05-02 13:04:11 -03:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
Pedro Igor
e960642399
Merge pull request #5144 from pedroigor/KEYCLOAK-4903 
[KEYCLOAK-4903] - Pushed Claims
 2018-04-26 15:59:13 -03:00
Stan Silvert
35154db50f
KEYCLOAK-7123: l10n dropdowns (#5170) 
* KEYCLOAK-7196: Add kc_locale to keycloak.js

* KEYCLOAK-7123: Localization dropdowns

* Update keycloak-service to latest keycloak.js
 2018-04-25 15:04:12 -04:00
pedroigor
b249a48dcf [KEYCLOAK-7147] - Support obtaining a buffered input stream in HttpFacade.Request 2018-04-25 10:16:41 -03:00
pedroigor
035ebc881a [KEYCLOAK-4903] - Claim Information point Provider SPI and configuration 2018-04-25 10:16:41 -03:00
Stan Silvert
b6a0303a4c
KEYCLOAK-7196: Add kc_locale to keycloak.js (#5165) 
* KEYCLOAK-7196: Add kc_locale to keycloak.js

* Update keycloak.d.ts
 2018-04-23 11:45:32 -04:00
pedroigor
824b900a43 [KEYCLOAK-7021] - keycloak-authz.js and keycloak-authz.d.ts do not work with TypeScript 2018-04-23 08:48:42 -03:00
pedroigor
c3d297dd05 [KEYCLOAK-7162] - Expose WWW-Authenticate Header when using CORS 2018-04-23 08:46:54 +02:00
pedroigor
527d6ca4d8 [KEYCLOAK-6414] - Empty response body with 200 response when using Elytron 2018-04-23 08:46:54 +02:00
Wojciech Trocki
c3c1a0fb4e Allow to use custom adapter (#5067) 
* Allow to use custom adapter

* fix: improve TypeScript documentation
 2018-04-20 09:18:46 +02:00
Pedro Igor
e1f5245145
Merge pull request #5120 from pedroigor/KEYCLOAK-7029 
[KEYCLOAK-7029] - Configuration of cache policies for cached resources/path
 2018-04-05 09:33:23 -03:00
Stian Thorgersen
5514812a4d
KEYCLOAK-7048 Clear token if refresh fails (#5124) 2018-04-04 20:12:25 +02:00
pedroigor
a939c45d58 [KEYCLOAK-7029] - Configuration of cache policies for cached resources/path 2018-04-03 16:44:27 -03:00
Bill Burke
0b2fe75828
Merge pull request #5115 from patriot1burke/kcinit-browser 
KEYCLOAK-7004 KEYCLOAK-7003 KEYCLOAK-6999 KEYCLOAK-7033
 2018-04-03 10:31:30 -04:00
pedroigor
5c52da80c6 [KEYCLOAK-7028] - Propagating AuthorizationContext when enforcement-mode is disable for a path 2018-04-02 11:10:43 -03:00
Bill Burke
4078e84fb6 server driven success page 2018-03-31 10:16:44 -04:00
Pedro Igor
5cae1bb134
Merge pull request #5093 from pedroigor/KEYCLOAK-4102 
[KEYCLOAK-4102] - Support lazy load paths
 2018-03-29 09:16:34 -03:00
pedroigor
4a425c2674 [KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config 2018-03-28 09:23:59 -03:00
Bill Burke
ad5f3fefc5 Merge remote-tracking branch 'upstream/master' into kcinit 2018-03-27 16:38:35 -04:00
pedroigor
e9e376419d [KEYCLOAK-4102] - Removing create-resources configuration option 2018-03-27 09:51:13 -03:00
sebastienblanc
91135c95ae KEYCLOAK-6732 : Make Spring Sec Dep optional 2018-03-27 10:59:29 +02:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Pedro Igor
593f57fd2c
Merge pull request #5088 from pedroigor/KEYCLOAK-6878 
[KEYCLOAK-6878] - Always refresh token option not working for invalid tokens
 2018-03-26 09:38:05 -03:00
Ryan Dawson
d57fb445eb adapter for spring boot 2 
remove built directory

update snapshot version references

refactor out core library to remove duplication

adapter for spring boot 2

remove built directory

update snapshot version references

Revert "merge from upstream"

This reverts commit 88c39a2f23b8f2d4b25360e2b46e683d11b4972b, reversing
changes made to f0811145ceeb8ec609ed66b06067f797e288aa89.

setting correct versions

updating to latest keycloak

arquillian test app for spring boot2

update to 2.0.0.RELEASE

added Rest Customizer
 2018-03-22 14:23:55 +01:00
pedroigor
3559c5dc3c [KEYCLOAK-6878] - Always refresh token option not working for invalid tokens 2018-03-21 10:01:02 -03:00
Bill Burke
f000cedcbb Merge remote-tracking branch 'upstream/master' into kcinit 2018-03-20 16:49:43 -04:00
Bill Burke
681e3d751e golang integration 2018-03-20 16:42:35 -04:00
Bill Burke
8926837a3e tests 2018-03-19 16:47:13 -04:00
Bill Burke
4bba11cd94 kcinit 2018-03-16 12:11:57 -04:00
pedroigor
668b67dcdb [KEYCLOAK-6623] - Policy enforcer gets confused with similar paths ending with wildcards 2018-03-09 16:38:57 -03:00
Pedro Igor
91bdc4bde2 [KEYCLOAK-3169] - UMA 2.0 (#4368) 
* [KEYCLOAK-3169] - UMA 2.0 Support

* [KEYCLOAK-3169] - Changes to account service and more tests

* [KEYCLOAK-3169] - Code cleanup and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - More tests

* [KEYCLOAK-3169] - Changes to adapter configuration

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring

* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests

* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers

* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console

* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console

* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests

* [KEYCLOAK-3169] - Removing more UMA 1.0 related code

* [KEYCLOAK-3169] - Only submit requests if ticket exists

* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - 403 response in case ticket is not created

* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent

* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
 2018-02-28 08:53:10 +01:00
wyvie
f8022a5c2f [KEYCLOAK-6585] hybrid flow: removed token_type and expires_in paramters from oidc auth response 2018-02-27 15:31:12 +01:00
Hynek Mlnarik
1f20c03afa KEYCLOAK-6470 Refactor SAML adapter parsers 2018-02-27 09:37:29 +01:00
wyvie
52acd959e0 [KEYCLOAK-6584] removed not-before-policy parameter from authorization response 2018-02-26 17:41:18 +01:00
Hynek Mlnarik
e7cdb8ad54 KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers 2018-02-23 08:16:14 +01:00
stianst
eb326cd1bb KEYCLOAK-6534 Check for string in receiveMessage in session iframe 2018-02-22 07:02:16 +01:00
stianst
9b63cd35f0 KEYCLOAK-6431 2018-02-13 19:38:46 +01:00
Bill Burke
5d5373454c
Merge pull request #4991 from patriot1burke/challenge-support 
KEYCLOAK-6355
 2018-02-13 09:38:45 -05:00
Bill Burke
a3d6917f20 disable clisso experimental feature 2018-02-12 17:57:05 -05:00
David Festal
f44cda2621 Make the keycloak.js capable of working with alternate OIDC providers (#4978) 
* Make the `keycloak.js` capable of working with alternate OIDC providers

(provided that they create access_tokens as JWT tokens with `exp` and
`iat` claims).

Also add a `useNonce` option, to allow disabling the `nonce` check
since, in the OIDC specification, `nonce` is optional.

Signed-off-by: David Festal <dfestal@redhat.com>

* Update the `keycloak.ts` with the `useNonce` additional init option. 

Signed-off-by: David Festal <dfestal@redhat.com>

* Fix 2 errors in the case `checkSessionIframe` is used

Signed-off-by: David Festal <dfestal@redhat.com>
 2018-02-12 11:00:02 +01:00
Bill Burke
d6788a0839 finish 2018-02-10 13:38:39 -05:00
o.pakers
8495a7c05a [master]: fix type for checkLoginIframeInterval 2018-02-02 08:37:07 +01:00
Martin Kanis
6b8ec0bb82 KEYCLOAK-6154 Exclude common-logging/codec from keycloak-osgi-thirdparty 2018-01-31 21:26:41 +01:00
Takashi Norimatsu
502627f590 KEYCLOAK-5811 Client Authentication by JWS Client Assertion in client secret 2018-01-26 10:59:40 +01:00
Ray DeCampo
a21a94078b KEYCLOAK-5578: Keycloak JS adapter returns native Promise instances when available. 
Promise instances are adorned with success() and error() functions to retain backwards compatibility.
 2018-01-25 20:42:31 +01:00
stianst
06bb6f00e5 Include Jetty 9.1 in product profile 2018-01-04 09:14:11 +01:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Hynek Mlnarik
626004e782 KEYCLOAK-6066 Be less strict when handling cookies 2017-12-19 21:39:41 +01:00
sebastienblanc
a96c9d34c9 set auth contraint to true when wildcard is used 2017-12-14 14:00:03 +01:00
vramik
5a8ff72cb6 KEYCLOAK-4641 migrate remaining Adapter tests from old testsuite 2017-12-06 15:12:37 +01:00
stianst
5467d67c91 KEYCLOAK-5945 Strip default ports from urls 2017-12-04 19:56:01 +01:00
mposolda
ff6fcd30d9 KEYCLOAK-4478 OIDC auth response lacks session_state in some cases 2017-12-04 16:13:22 +01:00
Samuel Mendenhall
d69fe27cf9 set error instead of throw 2017-12-04 16:03:47 +01:00
Samuel Mendenhall
ca324c29e8 processInit should return a promise for setupCheckLoginIframe and should only call processCallback if that setupCheckLoginIframe is successful 2017-12-04 16:03:47 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
Domenico Briganti
b72b01bb9d fix logger class 2017-11-30 10:52:26 +01:00
pedroigor
5f43a6a342 [KEYCLOAK-3629] - Adding confidential-port attribute to wildfly adapter subsystem 2017-11-30 10:39:21 +01:00
pedroigor
6587cfa084 [KEYCLOAK-3629] - Some Adapters do not work with SSL Redirect 2017-11-30 10:39:21 +01:00
stianst
0bd2e63162 KEYCLOAK-5939 Align dependencies with WildFly 11 2017-11-29 20:39:10 +01:00
Pedro Igor
f48509c32c
Merge pull request #4741 from pedroigor/KEYCLOAK-2517 
[KEYCLOAK-2517] - Doesn't work always refresh token
 2017-11-28 20:58:56 -02:00
pedroigor
792ffdf39b [KEYCLOAK-5925] - Trace-level should log tokens without their signatures 2017-11-28 09:54:57 -02:00
Thomas Kuestermann
bb900f9db8 KEYCLOAK-5753 fixed NPE thrown when using custom RequestMatcher 2017-11-27 09:55:32 +01:00
pedroigor
819a60932e [KEYCLOAK-2517] - Doesn't work always refresh token 2017-11-24 23:40:29 -02:00
rmartinc
0b3ae30473 Parameter "ui_locales" not redirected to login page in java adapters 2017-11-23 11:18:29 +01:00
David De Vreese
9485a63157 KEYCLOAK-5183 Support for AssertionConsumerServiceUrl in Saml Adapter subsystem 
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
 2017-11-20 15:59:47 +01:00
Thomas Recloux
04ad634986 Add configuration for KeycloakAuthenticatedActionsFilter 
Fixes KEYCLOAK-5227
 2017-11-10 10:44:12 +01:00
Bartłomiej Piech
d4b9c3c014 KEYCLOAK-5679 2017-11-10 10:42:26 +01:00
emilienbondu
8b8e694c60 Fix https://issues.jboss.org/browse/KEYCLOAK-5636 NPE 2017-11-09 19:32:27 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Xiaojian Liu
19eed51582 KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
9ff22f596d KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
e1af9f133f KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Pedro Igor
476dd1cef5 [KEYCLOAK-4439] - Fixing saml adapter 2017-11-08 19:01:54 -02:00
Pedro Igor
a8ba3eb7f9 [KEYCLOAK-4439] - Fixing elytron adapter for standalone apps 2017-11-08 14:09:34 -02:00
Paramvir-JIndal
d1468eaa45 [KEYCLOAK-5767]IE9 sometimes using HTTP status code 1223 instead of 204 (#4628) 2017-11-07 10:46:13 +01:00
Pedro Igor
d3dee07956 [KEYCLOAK-5763] - Forward credentials when using Elytron Adapter 2017-10-27 12:34:31 -02:00
Pedro Igor
7dd7b6b984 [KEYCLOAK-5726] - Defaults to true in case no required scopes are defined 2017-10-24 10:39:55 -02:00
Pedro Igor
a6e1413d58 [KEYCLOAK-5726] - Support define enforcement mode for scopes on the adapter configuration 2017-10-24 10:39:54 -02:00
Pavel Drozd
20d0fa1b4e Merge pull request #4528 from RaiSaurabh/test 
KEYCLOAK-5623: Fix to support the URL handler for the file loading.
 2017-10-23 12:52:10 +02:00
saurabhrai
6dd8592434 KEYCLOAK-5623: Updated to code to check the profile configuration to support Jboss Fuse adapter. Read from profile resource. 2017-10-23 14:17:18 +05:30
Gabriel Lavoie
e2f5ac60cf KEYCLOAK-5499: Use authentication token type rather than token source detection to identify interactive and non-interactive authentications. (#4488) 
- access_token URL parameter wasn't interpreted correctly as a non-interactive authentication.
 2017-10-16 09:38:05 +02:00
Sjoerd Cranen
cb43e3d763 KEYCLOAK-5191 Prevent exception in KeycloakAuthenticationFailureHandler (#4319) 
* KEYCLOAK-5191 Don't attempt to send 401 when response is already committed

* KEYCLOAK-5191 Defend against configuration errors by preventing 2xx response after authentication failure
 2017-10-16 09:34:58 +02:00
Stian Thorgersen
7774d5c6b8 Revert changes in KEYCLOAK-5621 (#4539) 2017-10-06 14:02:34 +02:00
Wojciech Trocki
a6e852495d Remove bug with login redirect on IOS (#4514) 
* Create wrapper for window.open

* Move function to variable
 2017-10-06 06:24:07 +02:00
Bartek Andrzejczak
8c7313f290 Renames realmKey to realmPublicKey for consistency (#4526) 2017-10-04 08:29:09 +02:00
Pedro Igor
4c71e2ec17 [KEYCLOAK-4439] - Changes for Wildfly 11.0.0.CR1 (#4504) 
* [KEYCLOAK-4439] - Changes for Wildfly 11.0.0.CR1

* [KEYCLOAK-5463] - Fixing servlet filter when using elytron adapters
 2017-09-28 11:46:17 +02:00
jtyrrell-se-jboss
9673ce5541 Update OAuthRequestAuthenticator.java (#4427) 
Removed a check for a 400 error, I was seeing a 403 error, and it wasn't until I rewrote the code to be like what is in line 334 I did not see enough meaningful information to figure out I had a /etc/hosts issue, where I had it locally on my machine, but the remote tomcat instance needed it also.
 2017-09-12 08:24:36 +02:00
Bill Burke
2cadf0a260 Merge pull request #4454 from sebastienblanc/KEYCLOAK-3473 
KEYCLOAK-3473 : add new flag to determine if error response must be sent or not
 2017-09-11 18:52:07 -04:00
Bill Burke
9c48da2a78 Merge pull request #4417 from mgmeiner/master 
KEYCLOAK-5329 async support for tomcat7 and tomcat8
 2017-09-11 18:51:20 -04:00
Jasper Siepkes
458c2f2682
Clarify request URI mismatch error message in SAML adapter. 
Show expected URI and received URI in error message. Also makes the logging behavior of 'handleSamlResponse' the same as 'handleSamlRequest' since that method already shows the expected and received URI.
 2017-09-11 19:52:49 +02:00
sebastienblanc
aaac85e541 add new flag to determine if error response must be sent or not 2017-09-05 15:08:17 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnarik
794c508b10 KEYCLOAK-4995 Support for distributed SAML logout in cross DC 2017-08-28 13:15:11 +02:00
WITT-AD\Micgme
0a82a6b434 KEYCLOAK-5329 abstracted AuthenticatedActionsValve to allow async support for Tomcat7 and Tomcat8 adapter 2017-08-24 15:54:43 +02:00
Pedro Igor
b4530cfbe9 fixing policy enforcer /* 2017-08-23 13:30:24 -03:00
Pedro Igor
a6dfb4ccdd [KEYCLOAK-5015] - Support for Elytron capabilities in subsystem 2017-08-22 18:01:19 -03:00
Pedro Igor
d3e559453b [KEYCLOAK-5015] - Updating Elytron Adapters 2017-08-22 18:01:19 -03:00
Markus Heberling
ef32585f57 create JS source maps (#4365) 
updated minify plugin to 1.7.6
switch minify plugin to use CLOSURE compiler
enable source map generation https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k
include source maps in distribution files
 2017-08-22 08:10:09 +02:00
Stian Thorgersen
b5ed8961f7 Add title attribute for iframe to suppress accessibility errors (#4407) 2017-08-22 08:07:04 +02:00
Bill Burke
61ab6d5b8b Merge pull request #4303 from jmcshane/master 
KEYCLOAK-5173 Spring Boot KeycloakRestTemplate support
 2017-08-13 12:22:45 -04:00
Bill Burke
02f043d9a6 fix readme file 2017-07-28 16:21:33 -04:00
Bill Burke
852e9274d4 Merge remote-tracking branch 'upstream/master' 2017-07-28 16:15:53 -04:00
Bill Burke
db9b1bcb21 token exchange 2017-07-28 16:15:39 -04:00
Marek Posolda
1b83928652 Merge pull request #4354 from hmlnarik/KEYCLOAK-5241-Tomcat-Adapter-8-x-does-not-work-with-Tomcat-8-5-8 
KEYCLOAK-5241 Tomcat SAML Adapter (Fix for Tomcat 8.5.8)
 2017-07-27 14:27:19 +02:00
Hynek Mlnarik
96bdd32bd0 KEYCLOAK-5241 Tomcat SAML Adapter Tomcat 8.5.8 2017-07-27 10:20:49 +02:00
Hynek Mlnarik
d8b77895db KEYCLOAK-4788 Fix reversed arguments and String comparison 2017-07-27 08:25:22 +02:00
Marek Posolda
dd6a7b23c3 Merge pull request #4350 from hmlnarik/KEYCLOAK-4446-Failed-to-process-response-when-reject-consent-with-turned-on-encryption 
KEYCLOAK-4446 Do not encrypt SAML status messages
 2017-07-26 15:31:54 +02:00
Hynek Mlnarik
3c537f5f28 KEYCLOAK-4446 Do not encrypt SAML status messages 
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
 2017-07-26 11:22:56 +02:00
Hynek Mlnarik
8d81a4a2e4 KEYCLOAK-5236 2017-07-26 11:22:05 +02:00
c5403
ec89aab8fb Refactoring the spring-boot adapter to use the rest template customizer 2017-07-24 11:15:01 -05:00
Thomas Recloux
69fa9de4d8 Fix KEYCLOAK-3471 ClassCastException 2017-07-23 21:49:16 +02:00
Pedro Igor
5456514499 [KEYCLOAK-5015] - Pushing keycloak context to exchange scope 2017-07-19 16:39:38 -03:00
jmcshane
e99b08c6da Adding a instance of HttpComponentsClientHttpRequestFactory that supports the embedded servlet container auth pattern 2017-07-07 23:48:43 -05:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Marek Posolda
09ec642543 Merge pull request #4232 from wvdhaute/token-store 
[KEYCLOAK-5067] Allow refreshable context to have an optional adapter token store
 2017-07-03 20:55:26 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
hmlnarik
b4ad69b841 KEYCLOAK-5115 (#4272) 2017-06-29 15:50:50 +02:00
Sebastien Blanc
500a21685f KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters (#4255) 
* add rewrite rule config property

* add subsystem support for redirect rewrite

* update deployment unit test

* add license headers

* Optimize rewrite method
 2017-06-29 12:50:42 +02:00
Stian Thorgersen
4be0e36306 Merge pull request #4208 from ASzc/KEYCLOAK-4758 
KEYCLOAK-4758
 2017-06-27 11:35:43 +02:00
Stian Thorgersen
b041146a3f Merge pull request #4200 from guigarage/servlet-config 
KeycloakConfigResolver config for servlet filter
 2017-06-27 10:45:29 +02:00
Stian Thorgersen
cc14c5db23 Merge pull request #4239 from frelibert/KEYCLOAK-4897 
KEYCLOAK-4897 SAML Adapter fails to validate signature on assertion
 2017-06-22 08:45:04 +02:00
Stian Thorgersen
8e36a52f1e Merge pull request #4227 from sebastienblanc/KEYCLOAK-3492-rebased 
KEYCLOAK-3492 : Changing request matcher to attempt auth on /sso/login or Auhtorizati…
 2017-06-21 08:51:09 +02:00
Stian Thorgersen
9edb5b53c0 Merge pull request #4199 from guigarage/spring-security-annotation 
Easy Spring security annotation
 2017-06-21 08:47:17 +02:00
Frederik Libert
63d2d0f7ed KEYCLOAK-4897 SAML Adapter fails to validate signature on assertion 2017-06-19 18:26:17 +02:00
Wim Vandenhaute
0e0140d88b Allow refreshable context to have an optional adapter token store 2017-06-15 15:24:07 +02:00
Hendrik Ebbers
0ac92c4bfa new line in doc 2017-06-15 13:01:05 +02:00
Hendrik Ebbers
98a5c57e65 Author added 2017-06-15 13:00:24 +02:00
emilienbondu
91585f8563 Changing request matcher to attempt auth on /sso/login or Auhtorization header 
Add default login URL.

Throwing exception if login fails to enable auth entry point

Adding a test for invalid token and bearer-only

handle redirect correctly
 2017-06-14 14:41:35 +02:00
Stian Thorgersen
6cccd66162 Merge pull request #4192 from hokuda/KEYCLOAK-4980 
KEYCLOAK-4980 SAML adapter should return 403 when unauthenticated Aja…
 2017-06-09 04:40:26 +02:00
Hisanobu Okuda
9135ba7c40 KEYCLOAK-4980 SAML adapter should return 401 when unauthenticated Ajax client accesses 2017-06-08 23:36:25 +09:00
Alex Szczuczko
5d88c2b8be KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam. 2017-06-05 16:24:38 -06:00
Pedro Igor
d69d00082f [KEYCLOAK-4932] - Improvements to policy enforcer and better spring boot support 2017-06-01 22:55:58 -03:00
Hendrik Ebbers
4d5e03049e provide a custom KeycloakConfigResolver instance for servlet filter. 2017-06-01 14:35:12 +02:00
Hendrik Ebbers
7d017b4edf Easy Spring security annotation 2017-06-01 12:05:02 +02:00
Stian Thorgersen
63c237423d Merge pull request #4098 from ahus1/KEYCLOAK-4814-disable-keycloak-spring-boot-by-configuration 
KEYCLOAK-4814 disable keycloak spring boot by configuration
 2017-05-24 07:12:05 +02:00
Stian Thorgersen
c00a64208a Merge pull request #4136 from frelibert/KEYCLOAK-4897 
KEYCLOAK-4897
 2017-05-23 14:10:34 +02:00
Stian Thorgersen
cd53486566 Merge pull request #4167 from sebastienblanc/bug-KEYCLOAK-3492 
Fix https://issues.jboss.org/browse/KEYCLOAK-3492
 2017-05-23 13:58:19 +02:00
Stian Thorgersen
178fd08d9a Merge pull request #4066 from johnament/KEYCLOAK-4765 
KEYCLOAK-4765 - Add ability to disable Query Parameter parsing.
 2017-05-23 13:24:08 +02:00
emilienbondu
3580dea399 Fix https://issues.jboss.org/browse/KEYCLOAK-3492 2017-05-22 10:18:22 +02:00
Pedro Igor
b68494b3f0 [KEYCLOAK-4927] - Authz client incompatible with client definition 2017-05-18 09:57:12 -03:00
Frederik Libert
71f0db0837 KEYCLOAK-4897 
SAML Adapter fails to validate signature on encrypted assertion.
 2017-05-17 15:47:04 +02:00
Marek Posolda
70d7e07526 Merge pull request #4132 from mposolda/cross-dc4-squash 
KEYCLOAK-4626 KEYCLOAK-4627 Authentication sessions & Action tokens
 2017-05-15 12:46:43 +02:00
Bill Burke
789722ec6a Merge pull request #4137 from pedroigor/master 
Caching improvements and checking attachments in Elytron adapter
 2017-05-12 10:09:44 -04:00
Pedro Igor
aaddb035a8 Checking if attachments are supported by the underlying container 2017-05-12 10:23:37 -03:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
Stan Silvert
64cd689e38 KEYCLOAK-4822: Change copyright to reflect correct author. 2017-05-10 16:32:05 -04:00
Stan Silvert
2d825dd366 KEYCLOAK-4822: Update to ES6-compatible typings 2017-05-05 15:08:23 -04:00
Stian Thorgersen
e0da7ed6b4 Merge pull request #4074 from sebastienblanc/allow_headers 
Keycloak-3297 : adding cors-exposed-headers to conf
 2017-05-05 12:54:47 +02:00
Marko Strukelj
47ea1ade8a KEYCLOAK-4037 JS Adapter fails in Cordova mode for iOS apps 2017-05-03 17:05:54 +02:00
Alexander Schwartz
5a8634e359 KEYCLOAK-4814 disable keycloak spring boot by configuration 2017-04-28 09:48:42 +02:00
sebastienblanc
dee4548798 rename the starter and spring-boot-starter 2017-04-27 15:54:44 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
sebastienblanc
0781f3b33d add shading 
add new module containing adapters

remove conditional bean

move bundle module
 2017-04-27 09:15:36 +02:00
John Ament
b37ed7145c KEYCLOAK-4765 - Adding support for wildfly subsystem disable query parameter parsing. 2017-04-26 09:42:00 -04:00
Stian Thorgersen
7c2ea4db98 Merge pull request #4080 from hmlnarik/KEYCLOAK-2122-Config-of-AssertionConsumerServiceUrl-in-Saml-Adapter 
KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter
 2017-04-26 15:26:50 +02:00
Stian Thorgersen
eedb40bbe0 Merge pull request #4071 from stianst/KEYCLOAK-4784 
KEYCLOAK-4784 Cannot build project with -Dproduct
 2017-04-26 12:51:20 +02:00
Stian Thorgersen
c83e192a6f KEYCLOAK-4784 Add Jetty 9.3 to product profile 2017-04-26 12:07:47 +02:00
Hynek Mlnarik
d7615d6a68 KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter 2017-04-26 11:59:37 +02:00
John Ament
1f98dc5527 KEYCLOAK-4765 - Simplified unit tests. 2017-04-25 20:38:07 -04:00
Pedro Igor
79c9078caa [KEYCLOAK-4792] - Client credentials provider support and making easier to obtain authz client 2017-04-25 14:51:45 -03:00
emilienbondu
46bc102799 adding cors-exposed-headers to conf 
add missing field in the BaseAdapterConfig

cleaning for PR & adding unit test

Adding property to subsystem, removing formatting changes
 2017-04-25 12:02:17 +02:00
John Ament
cb7cef8858 KEYCLOAK-4765 - Add ability to disable Query Parameter parsing. 2017-04-24 14:42:03 -04:00
Stian Thorgersen
3dbd0d5063 Merge pull request #3838 from ahus1/KEYCLOAK-4208-spring-boot-adapter-roles 
KEYCLOAK-4208 restructure spring auth config to match servlet spec
 2017-04-21 15:34:09 +02:00
Stian Thorgersen
257a973995 KEYCLOAK-4503 Require init with token and refreshToken 2017-04-21 13:39:53 +02:00
Stian Thorgersen
606c385f26 Merge pull request #4057 from stianst/KEYCLOAK-4480 
KEYCLOAK-4480 Fix re-encoding of query params in keycloak.js after re…
 2017-04-21 13:37:44 +02:00
Stian Thorgersen
e6486ab1c1 KEYCLOAK-4480 Fix re-encoding of query params in keycloak.js after redirect 2017-04-21 13:29:46 +02:00
Stian Thorgersen
b45089f5f0 Merge pull request #4033 from sebastienblanc/KEYCLOAK-3818 
KEYCLOAK-3818 : safer method to retrieve the webcontext for jetty
 2017-04-21 11:20:59 +02:00
Pedro Igor
fa1b998802 Merge pull request #4050 from pedroigor/KEYCLOAK-4769 
[KEYCLOAK-4769] - Policy enforcer path matching tests
 2017-04-20 14:02:59 -03:00
Pedro Igor
70a3dd1e4a [KEYCLOAK-4769] - Better error message when resource has no or invalid uri 2017-04-20 13:21:01 -03:00
Pedro Igor
80a80512ea [KEYCLOAK-4769] - Policy enforcer path matching tests 2017-04-20 13:21:01 -03:00
Alexander Schwartz
4d5fd0b75e KEYCLOAK-4208 restructure spring config to match servlet spec. updating jetty, tomcat and undertow 2017-04-20 12:52:13 +02:00
Stian Thorgersen
14b109da18 Merge pull request #4047 from stianst/KEYCLOAK-4287 
KEYCLOAK-4287 Remove deprecated session iframe endpoint
 2017-04-19 15:49:40 +02:00
Stian Thorgersen
8919015f74 KEYCLOAK-4287 Remove deprecated session iframe endpoint 2017-04-19 15:01:15 +02:00
Stian Thorgersen
c9630157e8 Merge pull request #4035 from sebastienblanc/KEYCLOAK-4486 
KEYCLOAK-4486: add autodetect-bearer-only attribute in subsystem
 2017-04-19 09:47:42 +02:00
Stian Thorgersen
e54c1d7de1 Merge pull request #4026 from mhajas/KEYCLOAK-4733 
KEYCLOAK-4733 Replace character 160 with character 32
 2017-04-18 15:21:23 +02:00
Pedro Igor
2a1a19f290 [KEYCLOAK-4751] - Send default access denied page when requests don't match any path config 2017-04-12 18:25:13 -03:00
sebastienblanc
886528dab8 add autodetect-bearer-only in subsystem 2017-04-12 16:40:19 +02:00
sebastienblanc
ea9c663ae1 try the registered beans , then the handler 2017-04-12 10:41:46 +02:00
sebastienblanc
a011f44d39 safer method to retrieve the webcontext for jetty 2017-04-11 18:53:58 +02:00
mhajas
e8bbfd9012 KEYCLOAK-4733 Replace character 160 with character 32 2017-04-07 15:30:54 +02:00
Bill Burke
3ce0c57e17 Merge pull request #3831 from Hitachi/master 
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
 2017-04-06 15:36:08 -04:00
Stian Thorgersen
f0b44ea93b KEYCLOAK-4717 Added extra check for data content in receive message for session iframe 2017-04-06 08:49:32 +02:00
diego0020
a82278dcbf Verify message comes from loginIframe 
In the current implementation a message coming from any window on the same origin may cause the refresh token to be cleared.
In my case, messages generated by a chrome extension were causing the application to logout unexpectedly. With additional condition only messages coming from the login iFrame will be processed. Another suggestion would be changing the condition `event.data != "unchanged"` to something more specific.
 2017-04-04 16:32:21 -05:00