libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions
10696 commits 4 branches 5 tags 480 MiB
Commit graph

2465 commits

Author SHA1 Message Date
Pedro Igor
1bd2f0e98f
Merge pull request #4674 from thomasdarimont/issue/fix-npe-in-userpermissions 
KEYCLOAK-5841 Fix NPE in deletePermissionSetup in UserPermissions
 2017-11-15 10:22:44 -02:00
Pedro Igor
eebf0b0499
Merge pull request #4690 from pedroigor/KEYCLOAK-5824 
[KEYCLOAK-5824] - Keycloak throws "Error while evaluating permissions" exception often
 2017-11-14 18:35:56 -02:00
Pedro Igor
b0ccce397a [KEYCLOAK-5824] - Fixing logging of error mesages 2017-11-14 11:28:21 -02:00
Stian Thorgersen
89f4b87038 KEYCLOAK-5567 Set correct status code on login error pages 2017-11-14 12:33:29 +01:00
Bruno Oliveira
03d0488335 [KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link 
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2017-11-13 19:57:04 -02:00
Stian Thorgersen
925d5e1dea KEYCLOAK-3173 enable logout offline refresh token using OIDC logout endpoint 2017-11-13 18:23:39 +01:00
Stian Thorgersen
51c7917853 KEYCLOAK-5772 Missing produces type on welcome resource post 2017-11-13 16:38:42 +01:00
Stian Thorgersen
d02ffd33b3 KEYCLOAK-5721 Moved state checker from separate cookie to claim on identity cookie 2017-11-13 14:11:28 +01:00
Thomas Darimont
a5b73a365d KEYCLOAK-5841 Fix NPE in deletePermissionSetup in UserPermissions 
Previously a call to `UserPermissions#deletePermissionSetup`
always resulted in a NPE if the usersResource was null.

We now only try to delete the resourceStore information if
the given usersResource is not null.
 2017-11-13 13:35:40 +01:00
Stian Thorgersen
90900b1a1f KEYCLOAK-5825 Clear state checker for welcome on form submit 2017-11-10 13:40:29 +01:00
Stian Thorgersen
4295f4ec31 KEYCLOAK-1886 Added cors headers to errors in token endpoint 2017-11-10 12:01:21 +01:00
Marko Strukelj
7035a4647d KEYCLOAK-5702 kcadm delete realm fails with nullpointer 2017-11-09 20:57:49 +01:00
Xiaojian Liu
19eed51582 KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
9ff22f596d KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
e1af9f133f KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Bruno Oliveira
26e253f4a5 [KEYCLOAK-5284] 2017-11-09 13:45:06 +01:00
mposolda
701b7acd80 KEYCLOAK-5371 More stable cross-dc tests 2017-11-08 10:03:04 +01:00
Stian Thorgersen
b1a05dfce2
KEYCLOAK-5664 (#4604) 2017-11-07 10:09:34 +01:00
Hynek Mlnarik
fe2f65daac KEYCLOAK-5581 Fix SAML identity broker context serialization 2017-11-03 21:09:18 +01:00
Pedro Igor
3716fa44ac [KEYCLOAK-5728] - Permission Claims support 2017-10-27 12:40:30 -02:00
Pedro Igor
57d3c44bb7 [KEYCLOAK-4901] - New policy mgmt rest api should return specific representations for a policy type 2017-10-26 15:26:40 -02:00
Pedro Igor
a70cab502c [KEYCLOAK-4901] - Reviewing methods on provider spis 2017-10-26 13:39:57 -02:00
Hynek Mlnařík
248da4687a Merge pull request #4610 from hmlnarik/KEYCLOAK-5745-Extract-client-sessions-from-user-sessions 
KEYCLOAK-5745 Separate user and client sessions in infinispan
 2017-10-26 13:09:06 +02:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
Bruno Oliveira da Silva
375e01a074 KEYCLOAK-5278 (#4606) 2017-10-25 15:27:24 +02:00
Stian Thorgersen
f0bbcbf0fd KEYCLOAK-5487 (#4603) 2017-10-24 10:49:08 +02:00
Stan Silvert
9083e5fe5c KEYCLOAK-5298: Enable autoescaping in Freemarker (#4561) 
* KEYCLOAK-5298: Enable autoescaping in Freemarker

* Fix several of the failing tests.

* Fix broken tests in integration-deprecated

* Fix last failing test.
 2017-10-23 12:03:00 -04:00
Stian Thorgersen
9b75b603e3 KEYCLOAK-5234 (#4585) 2017-10-23 16:13:22 +02:00
Stian Thorgersen
d9ffc4fa21 KEYCLOAK-5225 (#4577) 
KEYCLOAK-5225 fix test

Fix
 2017-10-19 08:23:16 +02:00
Stian Thorgersen
fea4c54adc KEYCLOAK-5280 (#4576) 2017-10-19 08:02:23 +02:00
Bill Burke
649bca7618 KEYCLOAK-4328 2017-10-18 09:37:17 -04:00
Hynek Mlnarik
056ba75a72 KEYCLOAK-5656 Use standard infinispan remote-store 2017-10-16 21:49:42 +02:00
Bruno Oliveira da Silva
b6ab2852c2 Remove unused imports (#4558) 2017-10-16 14:23:42 +02:00
Bill Burke
31dccc9a5e Merge pull request #4509 from TeliaSoneraNorge/KEYCLOAK-5032 
KEYCLOAK-5032 Forward request parameters to another IdP
 2017-10-13 18:47:05 -04:00
Bill Burke
46d3ed7832 Merge remote-tracking branch 'upstream/master' 2017-10-13 17:00:57 -04:00
Bill Burke
d9af93850c KEYCLOAK-5683, KEYCLOAK-5684, KEYCLOAK-5682, KEYCLOAK-5612, KEYCLOAK-5611 2017-10-13 16:51:56 -04:00
mposolda
26f11078dc KEYCLOAK-5371 Use managed executors on Wildfly 2017-10-11 11:09:53 +02:00
mposolda
f5ff24ccdb KEYCLOAK-5371 Fix SessionExpirationCrossDCTest, Added ExecutorsProvider. Debug support for cache-servers in tests 2017-10-10 22:30:44 +02:00
Bill Burke
b0464f1751 Merge remote-tracking branch 'upstream/master' 2017-10-10 09:10:04 -04:00
Bill Burke
5bd4ea30ad rev 2017-10-10 09:09:51 -04:00
Marek Posolda
d336667972 Merge pull request #4527 from Hitachi/master 
OIDC Financial API Read Only Profile : scope MUST be returned in the response from Token Endpoint
 2017-10-10 11:37:45 +02:00
Carl Kristian Eriksen
50dd07217d KEYCLOAK-5032 Forward request parameters to another IdP 
Forwarding of prompt and acr_values, if provided in the authorization request.
If prompt is set in the configuration for the identity provider, the configuration overrules the request parameter.
 2017-10-09 16:15:27 +02:00
Marek Posolda
c6483f8b1e Merge pull request #4523 from abustya/master 
KEYCLOAK-5616 Processing of claims parameter
 2017-10-09 11:14:23 +02:00
Bill Burke
c8516c2349 support social external exchange 2017-10-06 16:44:26 -04:00
Vlastimil Eliáš
c9da02912e KEYCLOAK-2671 - FreeMarker form providers refactored for better (#4533) 
extensibility
 2017-10-05 13:37:32 +02:00
Takashi Norimatsu
6f6a467c7b OIDC Financial API Read Only Profile : scope MUST be returned in the 
response from Token Endpoint
 2017-10-04 12:59:49 +09:00
Václav Muzikář
da146f13c1 KEYCLOAK-5566 Google IdP doesn't reliably fetch user's full name (#4503) 2017-10-03 20:56:25 +02:00
Áron Bustya
c2ffaa0777 Merge remote-tracking branch 'keycloak/master' 2017-10-03 14:53:40 +02:00
Áron Bustya
632414cc92 process claims parameter 
also support parsing from request object
 2017-10-03 14:51:46 +02:00
Bruno Oliveira da Silva
da72968085 KEYCLOAK-4401: Wrong message when a temporarily disabled user requests password reset (#4506) 2017-10-03 06:28:34 +02:00
mposolda
4a7013d550 KEYCLOAK-5440 RestartLoginCookie field 'cs' not marked ignorable 2017-10-02 14:19:27 +02:00
Bruno Oliveira da Silva
bb0bccc3c0 [KEYCLOAK-5486] Test email connection feature does not work the second time (#4517) 2017-10-02 13:14:50 +02:00
Marek Posolda
13fe9e7cf8 Merge pull request #4510 from glavoie/KEYCLOAK-3303 
KEYCLOAK-3303: Allow reuse of refresh tokens.
 2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens. 
- Configurable max reuse count.
 2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b Merge pull request #4209 from guitaro/feature/group-search-and-pagination 
[KEYCLOAK-2538] - groups pagination and group search
 2017-09-23 20:52:19 -04:00
Bill Burke
9db6a5e0df Merge pull request #4497 from thomasdarimont/issue/KEYCLOAK-3599-add-script-based-protocol-mapper 
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
 2017-09-23 20:38:51 -04:00
Thomas Darimont
57c633967a KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper 
We now use the `ScriptingProvider` API instead of
using the `ScriptEngineManager` because dynamic
`ScriptEngineManager` lookups might fail in some
environments like JBoss EAP.

Refactored `AbstractOIDCProtocolMapper` to provide
a new version of the `setClaim(..)` method which takes a
`KeycloakSession` as additional argument.
The old `setClaim(..)` method is marked as deprecated and
should be scheduled for removal in a later release.
To ensure backwards compatibility we call the old `setClaim(..)`
from the new `setClaim(..,keycloakSession)` method in order
to not break user implementations of OIDC ProtocolMappers.

The existing OIDC ProtocolMappers which override the old
`setClaim(..)` method should be updated to use the new version
`setClaim(..,keycloakSession)`.

This was necessary to be able to lookup a `ScriptingProvider`.
 2017-09-22 22:57:07 +02:00
Bill Burke
1599e6db6e KEYCLOAK-5518 2017-09-22 16:38:50 -04:00
Bill Burke
537081ec9d Merge pull request #4494 from patriot1burke/master 
KEYCLOAK-5516
 2017-09-22 16:38:13 -04:00
Bill Burke
3020a04a8b Merge pull request #4490 from Fiercely/master 
Keycloak 2035
 2017-09-22 16:13:22 -04:00
Bill Burke
790e2dc69f fix compiler bug 2017-09-22 15:43:13 -04:00
Thomas Darimont
236b2b9273 KEYCLOAK-3599 Add Script based OIDC ProtocolMapper 2017-09-22 21:24:20 +02:00
Bill Burke
eb4f7f3b21 KEYCLOAK-5516 2017-09-22 11:48:30 -04:00
howcroft
e78bf5f876 Keycloak 2035 
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
 2017-09-22 15:05:49 +01:00
Bill Burke
8ace0e68c3 KEYCLOAK-910 KEYCLOAK-5455 2017-09-21 17:15:18 -04:00
Bill Burke
ab58052a4c Merge pull request #4482 from patriot1burke/master 
KEYCLOAK-5491 KEYCLOAK-5492 KEYCLOAK-5490
 2017-09-19 14:01:40 -04:00
Marek Posolda
fa35249afd Merge pull request #4480 from TeliaSoneraNorge/KEYCLOAK-5494 
Fix introspection error for pairwise access tokens
 2017-09-18 16:44:24 +02:00
Pedro Igor
e8ef050093 Merge pull request #4471 from pedroigor/KEYCLOAK-5095 
[KEYCLOAK-5095] - RPT should contain the RS as audience
 2017-09-18 09:32:47 -03:00
Martin Hardselius
6b687c4318 Fix offline validation errors 
Refactored token validation method to run user checks only if the user
session is valid.
 2017-09-18 11:26:57 +02:00
Bill Burke
f927ee7b4e KEYCLOAK-5491 KEYCLOAK-5492 2017-09-15 16:30:45 -04:00
Bill Burke
3e6adbc904 KEYCLOAK-5490 (#4477) 2017-09-15 11:36:48 +02:00
Martin Hardselius
a4315f4076 Fix introspection error for pairwise access tokens 
When access tokens containing a pairwise sub are introspected, user
related checks are using that sub to fetch the UserModel instead of
fetching the user from the UserSession. No corresponding user is found
(or possibly even another user) and the token is reported inactive.

Resolves: KEYCLOAK-5494
 2017-09-15 10:31:47 +02:00
Bill Burke
c999a0d8f9 Merge remote-tracking branch 'upstream/master' 2017-09-14 21:17:12 -04:00
Bill Burke
affeadf4f3 KEYCLOAK-5490 2017-09-14 21:16:50 -04:00
Stian Thorgersen
ee35673615 KEYCLOAK-1250 Profile and console loader for new account management console 2017-09-14 19:53:02 +02:00
Levente NAGY
d18aa44fb4 Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination 2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7 KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache 2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f Merge branch 'master' into feature/group-search-and-pagination 2017-09-13 10:27:38 +02:00
Hisanobu Okuda
b7af96aa4d KEYCLOAK-5315 Conditional OTP enforcement does not work (#4399) 2017-09-13 06:58:59 +02:00
Martin Kanis
550e5f752a KEYCLOAK-5146 TokenEndpoint returns wrong methods for preflight requests (#4455) 2017-09-13 06:23:11 +02:00
Pedro Igor
cdb3c159c5 [KEYCLOAK-5095] - RPT should contain the RS as audience 2017-09-12 16:59:20 -03:00
Pedro Igor
90db6654d3 Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer 
KEYCLOAK-4858: Slow query performance for client with large data volume
 2017-09-12 15:54:16 -03:00
Levente NAGY
c8c88dd58c KEYCLOAK 2538 - UI group pagination - TU + some code improvement + add mockito dependency 2017-09-12 15:09:08 +02:00
Petter Lysne
7f8b5e032a feat: added PayPal IDP (#4449) 2017-09-12 11:57:59 +02:00
Hynek Mlnarik
24e9cbb292 KEYCLOAK-4899 Replace updates to user session with temporary auth session 2017-09-11 21:43:49 +02:00
Levente NAGY
2c24b39268 KEYCLOAK 2538 - UI group pagination 2017-09-07 19:39:06 +02:00
Gabriel Lavoie
c1664478d9 KEYCLOAK-4858: Slow query performance for client with large data volume 
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
 2017-09-06 09:55:53 -03:00
mposolda
fe43c26829 KEYCLOAK-5248 auth_time is not updated when reauthentication is requested with 'login=prompt' 2017-09-05 12:22:30 +02:00
Pedro Igor
fa6d5f0ee2 [KEYCLOAK-4653] - Identity.hasClientRole(String) and Identity.hasRole(String) break role namespaces and should be removed 2017-09-01 16:08:34 -03:00
filipelautert
e055589448 [KEYCLOAK-4778] Fix for Oracle null value when having an empty String as attribute value (#4406) 
* Add client.name as a second parameter to the title expressions in login template

* Fixing tooltip.

* pt_BR localization for admin screens.

* Reverting login.ftl

* Added all tooltip messages - even the ones not translated.
Translated around 150 messages todas.

* More translations.

* Fixing wrong edit.

* [KEYCLOAK-4778] Null check on Attribute value. This value can be null when retrieved from an Oracle database.

* [KEYCLOAK-4778] Create unit tests for empty and null values.

* [KEYCLOAK-4778] Move empty and null attributes tests to a separated test method; change tests to empty or null Strings.

* [KEYCLOAK-4778] Check if value is null and set it as empty array. In the former code if null was received it would generate an array with 1 string element ["null"]. Also if we set value as null instead of ArrayList, later when the rest call is executed it will generate the same incorrect array again.

* [KEYCLOAK-4778] Tests clean up.
 2017-08-31 06:09:41 +02:00
Wim Vandenhaute
924b4f651a KEYCLOAK-5186 createUser: set federationLink (#4316) 2017-08-31 06:07:43 +02:00
Hynek Mlnařík
e36b94d905 KEYCLOAK-5318 Verify signature on raw query parameters (#4445) 2017-08-31 05:46:26 +02:00
Stian Thorgersen
d3dc26181e KEYCLOAK-3481 (#4441) 2017-08-30 08:00:22 +02:00
Stian Thorgersen
dcfa4aca8c KEYCLOAK-943 Started account rest service. Profile and sessions completed. (#4439) 2017-08-29 20:12:09 +02:00
Stian Thorgersen
8cc1d02d46 KEYCLOAK-5342 (#4431) 2017-08-28 14:35:58 +02:00
Hynek Mlnařík
9ee8f72be9 \KEYCLOAK-5335 Destination attr in SAML requests is optional (#4424) 2017-08-28 08:06:48 +02:00
Stian Thorgersen
d58c6ad4e0 [KEYCLOAK-4900] Pass login_hint parameter to idp & review (#4421) 2017-08-25 10:14:38 +02:00
w9n
e173bf33ba auth is already part of the serverBaseUri (#4418) 2017-08-25 08:16:01 +02:00
John Ament
30ea556a7a KEYCLOAK-5285: Adding protected access. (#4405) 
Allows FreemarkerEmailTemplateProvider to be more extensible.
 2017-08-25 07:30:26 +02:00
Bill Burke
6696c44dc0 Merge remote-tracking branch 'upstream/master' 2017-08-24 15:19:48 -04:00
Bill Burke
7a57723c01 more token exchange 2017-08-24 15:19:38 -04:00
mposolda
fe5891fbdb KEYCLOAK-5293 Add notBefore to user 2017-08-23 08:58:26 +02:00
Stian Thorgersen
20ac70d3fd KEYCLOAK-5119 (#4400) 2017-08-22 08:07:36 +02:00
John Ament
5b179420fd KEYCLOAK-5274: Check that authenticator config id is null before attempting to fetch it. (#4404) 2017-08-22 06:57:49 +02:00
mposolda
a6a6a62dc0 KEYCLOAK-5260 kc_idp_hint was only working first time 2017-08-18 11:09:17 +02:00
mposolda
089514d8a6 KEYCLOAK-4634 Cross-dc support for UserLoginFailures 2017-08-17 10:22:12 +02:00
Bill Burke
16954fc370 fix 2017-08-10 14:58:09 -04:00
Levente NAGY
c8aa708cff Merge remote-tracking branch 'upstream/master' 2017-08-10 18:14:49 +02:00
Bill Burke
41cdd9db70 KEYCLOAK-5268 2017-08-10 09:36:45 -04:00
Bill Burke
fbeef3e75f manageMembership not deleted 2017-08-10 09:25:44 -04:00
Bill Burke
45eac1093d show permissions 2017-08-09 10:39:59 -04:00
Bill Burke
3470b1839d Merge remote-tracking branch 'upstream/master' 2017-08-09 10:25:25 -04:00
Bill Burke
2fa55550f3 token exchange permissions 2017-08-09 10:04:14 -04:00
mposolda
a72c297d5d KEYCLOAK-4187 Fix LoginCrossDCTest 2017-08-08 14:02:48 +02:00
Hynek Mlnarik
9ca72dc5c6 KEYCLOAK-4189 Improve logging and concurrency/cross-DC testing 2017-08-08 10:11:51 +02:00
Bill Burke
430fe60533 Merge pull request #4374 from patriot1burke/master 
KEYCLOAK-5190
 2017-08-07 14:19:23 -04:00
Bill Burke
ed5e880931 Merge remote-tracking branch 'upstream/master' 2017-08-07 12:02:50 -04:00
Bill Burke
c9b7504e3f KEYCLOAK-5190 2017-08-07 12:02:18 -04:00
Bill Burke
3fce14d9ce Merge pull request #4369 from patriot1burke/master 
KEYCLOAK-5249
 2017-08-03 09:57:55 -04:00
Bill Burke
3b5ca2bac0 Merge pull request #4366 from hmlnarik/KEYCLOAK-4694-null 
KEYCLOAK-4694
 2017-08-02 19:47:34 -04:00
Bill Burke
cf0ee31bc5 KEYCLOAK-5249 2017-08-02 19:42:35 -04:00
Hynek Mlnarik
4583a45e78 KEYCLOAK-4694 2017-08-01 09:57:12 +02:00
Bill Burke
8f542618f7 KEYCLOAK-4748 2017-07-31 10:36:04 -04:00
Bill Burke
486a0c9528 remove restriction 2017-07-28 16:25:32 -04:00
Bill Burke
6b991b850e change role name 2017-07-28 16:20:23 -04:00
Bill Burke
852e9274d4 Merge remote-tracking branch 'upstream/master' 2017-07-28 16:15:53 -04:00
Bill Burke
db9b1bcb21 token exchange 2017-07-28 16:15:39 -04:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
Hynek Mlnarik
ab05216730 KEYCLOAK-4775 Added encryption certificate to SAML metadata 2017-07-27 08:18:10 +02:00
Hynek Mlnarik
3c537f5f28 KEYCLOAK-4446 Do not encrypt SAML status messages 
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
 2017-07-26 11:22:56 +02:00
Hynek Mlnarik
c7046b6325 KEYCLOAK-4189 Preparation for cross-DC SAML testing 2017-07-25 09:44:36 +02:00
Marek Posolda
79a64657f7 Merge pull request #4331 from hmlnarik/KEYCLOAK-5209-IdpEmailVerificationAuthenticator-should-use-user-action-timeout 
KEYCLOAK-5209 Make IdpEmailVerificationAuthenticator use user action …
 2017-07-21 15:32:40 +02:00
Hynek Mlnarik
a192b6f50a KEYCLOAK-5209 Make IdpEmailVerificationAuthenticator use user action timeout 2017-07-19 15:25:20 +02:00
Hynek Mlnarik
d52d685161 KEYCLOAK-4818 Fix undeclared namespace error in context serialization 2017-07-19 15:18:53 +02:00
Hynek Mlnarik
c36074c7f3 KEYCLOAK-4187 Minor updates (abstraction) 2017-07-18 15:08:06 +02:00
Bill Burke
27b4f0e25d Merge pull request #4324 from patriot1burke/master 
KEYCLOAK-5194
 2017-07-15 09:26:51 -04:00
Bill Burke
a7940c6ffa KEYCLOAK-5194 2017-07-14 18:29:48 -04:00
Bill Burke
1e059e3fa3 Merge pull request #4282 from cargosoft/KEYCLOAK-5131 
KEYCLOAK-5131 ProviderFactory::postInit not called with hot deployment
 2017-07-14 15:53:34 -04:00
Bill Burke
01152144bb Merge pull request #4321 from hmlnarik/KEYCLOAK-4187-Minor-updates 
KEYCLOAK-4187 Minor updates in API
 2017-07-14 15:48:53 -04:00
Bill Burke
f68754290f KEYCLOAK-5152 2017-07-14 14:14:38 -04:00
Hynek Mlnarik
ddcbee2bff KEYCLOAK-4187 Minor updates in API 2017-07-14 15:40:43 +02:00
Bill Burke
b0a33c9765 KEYCLOAK-5155 2017-07-13 14:51:27 -04:00
mposolda
3fca731395 KEYCLOAK-5136 Improve browser refresh button after switch to different flow 2017-07-11 13:03:18 +02:00
mposolda
936efe872a KEYCLOAK-5061 Process correct initial flow when action expired 2017-07-10 22:52:54 +02:00
mposolda
7be2c55f61 KEYCLOAK-5061 Better error messages when action expired 2017-07-10 19:50:28 +02:00
Marek Posolda
48eaebf1c3 Merge pull request #4293 from TeliaSoneraNorge/KEYCLOAK-5139 
KEYCLOAK-5139 refresh token does not work with pairwise subject ident…
 2017-07-10 11:21:34 +02:00
Pedro Igor
65251748c7 [KEYCLOAK-5148] - Create authorization settings when creating a new client using a config file 2017-07-05 18:19:00 -03:00
Pedro Igor
4b7c61111c Merge pull request #4288 from pedroigor/KEYCLOAK-5135 
[KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation
 2017-07-05 08:22:23 -03:00
Martin Hardselius
8cb8678525 KEYCLOAK-5139 refresh token does not work with pairwise subject identifiers 2017-07-05 12:32:43 +02:00
Stian Thorgersen
c95aace6e0 KEYCLOAK-5141 Return '*' in Cors requests when '*' is in list of permitted origins. Stop caching well-known information as it can change. (#4290) 2017-07-05 09:25:21 +02:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Pedro Igor
adffe16cb8 [KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation 2017-07-04 10:16:55 -03:00
Stan Silvert
32b16717a7 KEYCLOAK-4234: Link to app in acct mgt doesn't use root url (#4285) 
* KEYCLOAK-4234: Link to app in acct mgt not use root url

* Add tests.
 2017-07-04 07:01:58 +02:00
Dmitry Telegin
fba264433a KEYCLOAK-5131 ProviderFactory::postInit not called with hot deployment 2017-07-03 12:20:29 +03:00
Bill Burke
999dff353c Merge remote-tracking branch 'upstream/master' 2017-06-29 17:37:45 -04:00
Bill Burke
f5389b0e17 don't clean up properly 2017-06-29 17:36:45 -04:00
Sebastien Blanc
500a21685f KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters (#4255) 
* add rewrite rule config property

* add subsystem support for redirect rewrite

* update deployment unit test

* add license headers

* Optimize rewrite method
 2017-06-29 12:50:42 +02:00
Stian Thorgersen
5e225c2bd5 Merge pull request #4266 from CoreFiling/FullNameMapper 
Fallback to using username in FullNameMapper
 2017-06-29 07:28:42 +02:00
Stian Thorgersen
c9bc321d2a Merge pull request #4269 from stianst/dockerdockerdocker 
KEYCLOAK-3592 Docker auth implementation
 2017-06-29 07:23:47 +02:00
Stian Thorgersen
74fe9249d5 Merge pull request #4216 from machielg/master 
KEYCLOAK-5026 Store credentials
 2017-06-29 06:52:16 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Stian Thorgersen
e964b156cc Merge pull request #4264 from stianst/KEYCLOAK-5074 
KEYCLOAK-5074 Allow updating client secret through client registratio…
 2017-06-28 11:40:04 +02:00
Jay Anslow
bdc9e8d2c3 Omit empty name claim in FullNameMapper 
If a user has no first or last name, don't add the `name` claim.
 2017-06-28 09:40:57 +01:00
Stian Thorgersen
ce4506f367 Merge pull request #4261 from hmlnarik/KEYCLOAK-4377-null 
KEYCLOAK-4377
 2017-06-28 08:21:20 +02:00
Stian Thorgersen
1220d7f898 KEYCLOAK-5074 Allow updating client secret through client registration service 2017-06-28 08:11:51 +02:00
Hynek Mlnarik
a3ccac2012 KEYCLOAK-4377 2017-06-27 14:34:47 +02:00
Stian Thorgersen
4be0e36306 Merge pull request #4208 from ASzc/KEYCLOAK-4758 
KEYCLOAK-4758
 2017-06-27 11:35:43 +02:00
Stian Thorgersen
56c5996aff Merge pull request #4259 from stianst/abstractj-KEYCLOAK-4444 
KEYCLOAK-4444
 2017-06-27 10:44:30 +02:00
Machiel Groeneveld
7849191ec7 Merge branch 'master' into master 2017-06-27 10:27:07 +02:00
Stian Thorgersen
06a318d7d5 KEYCLOAK-4444 Update for fine grained permissions 2017-06-27 08:38:51 +02:00
Bruno Oliveira
361ab1c988 [KEYCLOAK-4444] Allow sending test email 2017-06-27 08:38:36 +02:00
Stian Thorgersen
b4d39ca061 KEYCLOAK-4984 Don't update client registration access token on read 2017-06-27 08:29:03 +02:00
Léventé NAGY
1a50e77a4d Merge branch 'master' into feature/group-search-and-pagination 2017-06-26 20:36:36 +02:00
Bill Burke
bc05560d4d Merge remote-tracking branch 'upstream/master' 2017-06-26 11:41:12 -04:00
Bill Burke
28b3ef9aa9 admin console work 2017-06-26 11:40:32 -04:00
Bill Burke
22987bb90b Merge pull request #4250 from mposolda/RHSSO-1027 
KEYCLOAK-5085 Easy fix to just handle the exception
 2017-06-26 10:04:02 -04:00
Bill Burke
f1807aead4 impersonate 2017-06-25 11:28:37 -04:00
mposolda
756d996a4a KEYCLOAK-5085 RHSSO-1027 Fix to handle the exception thrown from alternative flow 2017-06-23 19:13:43 +02:00
Bill Burke
3ee86fedc7 Merge remote-tracking branch 'upstream/master' 2017-06-23 09:57:35 -04:00
Bill Burke
e7f781df5a fix 2017-06-23 09:57:25 -04:00
Hynek Mlnarik
8f9ed32a66 KEYCLOAK-5078 ConcurrencyTest fails intermittently 
This commit fixes 401 Unauthorized issues
 2017-06-23 15:16:23 +02:00
Bill Burke
39dea4b078 restricting admin role mapping 2017-06-22 16:51:46 -04:00
Léventé NAGY
41d8d17062 Merge branch 'master' into feature/group-search-and-pagination 2017-06-22 17:41:30 +02:00
Levente NAGY
124bf43a27 [KEYCLOAK-2538] - groups count for pagination 2017-06-22 17:32:38 +02:00
Stian Thorgersen
6f731dfee9 Merge pull request #4118 from skjolber/feature/KEYCLOAK-3056-verify-signature-2 
Some adjustments for KEYCLOAK-3056 / PR #3893
 2017-06-22 08:44:32 +02:00
Marek Posolda
ab7a0c2252 Merge pull request #4248 from mposolda/client-initial-access-db 
KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to…
 2017-06-22 06:27:25 +02:00
Bill Burke
d08ddade2e merge 2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc removal 2017-06-21 17:42:57 -04:00
Bill Burke
2b1613d36b Merge pull request #4064 from frelibert/KEYCLOAK-4781 
KEYCLOAK-4781 Support for an AttributeStatement Mapper
 2017-06-21 17:06:16 -04:00
Bill Burke
f1132ffabe Merge pull request #4175 from mrezai/fix-pkce-s256-code-challenge 
KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
 2017-06-21 17:04:31 -04:00
mposolda
fc61a4e89f KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model 2017-06-21 22:14:20 +02:00
Marek Posolda
eae0360eb1 Merge pull request #4243 from mposolda/KEYCLOAK-3316 
KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid'
 2017-06-20 22:05:23 +02:00
Pedro Igor
93d57c7d00 Merge pull request #4236 from CoreFiling/js-policy-performance 
[KEYCLOAK-5072] - Improve performance of JSPolicyProvider
 2017-06-20 15:11:40 -03:00
mposolda
32cf8b7cad KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid' 2017-06-20 17:17:43 +02:00
mposolda
f363dbcad0 KEYCLOAK-4327 Switching language on User consent gives error 2017-06-20 09:21:41 +02:00
Bill Burke
57cb46148f tests 2017-06-19 11:21:59 -04:00
Jay Anslow
7614ff8c6f Extract EvaluatebleScriptAdapter 
Precursor for InvocableScriptAdapter, which compiles/evaluates a script without affecting the engine's bindings. This allows the same script to be compiled once and then evaluated multiple times (with the same ScriptEngine).
 2017-06-19 15:32:14 +01:00
Bill Burke
a994af9010 remove scope 2017-06-16 11:26:43 -04:00
Pedro Igor
93105a2182 [KEYCLOAK-5056] - @NoCache to scope admin api 2017-06-15 09:49:20 -03:00