libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
7023 commits 4 branches 9 tags 483 MiB
Commit graph

220 commits

Author SHA1 Message Date
Marek Posolda
7a161cc8bb Merge pull request #3005 from mposolda/KEYCLOAK-3217 
KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request sec…
 2016-07-07 13:49:43 +02:00
mposolda
56e09bf189 KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter 2016-07-07 12:46:36 +02:00
mposolda
7aafbcd5d9 KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request secured with Bearer header 2016-07-07 12:28:25 +02:00
Stian Thorgersen
7cfee80e58 KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header 2016-07-05 08:26:26 +02:00
Pedro Igor
086c29112a [KEYCLOAK-2753] - Fine-grained Authorization Services 2016-06-17 02:07:34 -03:00
Thomas Darimont
a2d1c8313d KEYCLOAK-3081: Add client mapper to map user roles to token 
Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token.
Each protocol mapper supports to use a prefix string that is prepended to each role name.

 The client role protocol mapper can specify from which client the roles should be considered.
 Composite Roles are resolved recursively.

Background:
Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures.
In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure
(e.g. comma separated list) as a top-level  (ID/Access) Token attribute that can easily be matched with a regex.

In order to differentiate between client specific roles and realm roles it is possible to configure
both separately to be able to use the same role names with different contexts rendered as separate token attributes.
 2016-06-03 15:52:58 +02:00
Bruno Oliveira
1cc4ca2e71 RHSSO-130: AccessTokenTest migration 2016-04-22 16:30:57 -03:00
Stian Thorgersen
5606160e70 KEYCLOAK-2828 Refactor contribution and add tests 2016-04-19 13:09:00 +02:00
Thomas Raehalme
cd1094c3ad KEYCLOAK-2828: LoginStatusIframeEndpoint now sets the P3P header. 
IE requires a P3P header to be present in <iframe /> response. Otherwise
cookies are forbidden. The value of the header does not seem to matter.
 2016-04-19 10:24:28 +02:00
Stian Thorgersen
a4335c3eb8 Merge pull request #2502 from velias/KEYCLOAK-2670-master 
KEYCLOAK-2670 for master - client app is able to push additional HTTP GET
 2016-04-05 11:20:06 +02:00
Vlastimil Elias
21a2a47172 KEYCLOAK-2670 - client app is able to push additional HTTP GET 
parameters in initial OpenID auth request for use in Auth flows
 2016-04-05 10:41:28 +02:00
Stian Thorgersen
55c5e9a381 KEYCLOAK-2722 Check user session in token introspection endpoint 2016-04-05 09:31:39 +02:00
Bill Burke
6030a65d1b KEYCLOAK-2543 2016-03-24 08:49:08 -04:00
Stian Thorgersen
b4239c40c1 KEYCLOAK-2547 NPE in TokenEndpoint and InfinispanUserSessionProvider 2016-03-03 10:45:05 +01:00
Stian Thorgersen
3ca39801dc KEYCLOAK-2511 Rename session-state in access token response to session_state 2016-02-25 10:14:12 +01:00
mposolda
1328531f31 KEYCLOAK-2412 Added ClusterProvider. Avoid concurrent federation sync execution by more cluster nodes at the same time. 
Clustering - more progress
 2016-02-17 11:02:42 +01:00
mposolda
969b8c153f KEYCLOAK-1989 Refreshing offline tokens didn't work correctly in cluster with revokeRefreshToken enabled 2016-02-12 12:54:47 +01:00
Stian Thorgersen
c7a8742a36 KEYCLOAK-1524 
Source code headers
 2016-02-03 11:20:22 +01:00
Bill Burke
25347cd45e browser back button 2016-01-27 22:14:28 -05:00
mposolda
3731964a2a KEYCLOAK-2351 Support for response_type=token to be OAuth2 compliant 2016-01-26 17:09:42 +01:00
Stian Thorgersen
ee847c1f20 KEYCLOAK-2390 
Relative redirect uri is broken
 2016-01-26 09:01:14 +01:00
Stan Silvert
0de4170865 KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.utils 2016-01-21 11:55:23 -05:00
Stan Silvert
9c33738941 KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.mappers 2016-01-21 11:55:21 -05:00
Stan Silvert
adfc192877 KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.endpoints 2016-01-21 11:55:20 -05:00
Stan Silvert
550e23c8f6 KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc 2016-01-21 11:55:18 -05:00
Stian Thorgersen
bc845bed0e KEYCLOAK-2286 Remove deprecated OpenID Connect endpoints 2016-01-18 20:31:23 +01:00
Bill Burke
b0054b7682 email, login, account 2016-01-16 09:38:24 -05:00
Bill Burke
007e9530ec brute force refactr, mv protocol 2016-01-15 19:25:28 -05:00
Bill Burke
b93d55cb63 remove model-api, add server-spi 2016-01-15 18:44:17 -05:00
Stian Thorgersen
435980d776 KEYCLOAK-1809 
Upgrade jackson to version 2.x
 2016-01-14 16:34:30 +01:00
Stian Thorgersen
a6da6e48f9 Fix client installation test 2016-01-14 11:54:39 +01:00
Pedro Igor
c9f9ee9799 [KEYCLOAK-2266] - OAuth2 Token Introspection. 2016-01-12 11:16:42 -02:00
Stian Thorgersen
ddd99c2411 KEYCLOAK-2259 
Redirect URIs and token domains are matched case-sensitively
 2016-01-08 15:38:00 +01:00
Bill Burke
64de96d34b installation provider 2016-01-06 16:49:58 -05:00
Bill Burke
39d5a07218 KEYCLOAK-2221 2016-01-05 10:59:13 -05:00
Bill Burke
3bacbdf6ff set framework for template config 2016-01-04 17:13:15 -05:00
mposolda
41d22986d5 KEYCLOAK-1899 Added HardcodedLDAPRoleMapper 2015-12-22 16:22:02 +01:00
Bill Burke
ea6374163d Merge pull request #1957 from stianst/master 
KEYCLOAK-2043
 2015-12-21 16:56:01 -05:00
Bill Burke
b90409c5e4 refactor client create 2015-12-21 16:36:13 -05:00
Stian Thorgersen
9a921f66ff KEYCLOAK-2043 
.well-known/openid-configuration doesn't set cache-control header
 2015-12-21 15:35:23 +01:00
Bill Burke
d939b6a431 template scope 2015-12-18 17:15:27 -05:00
Bill Burke
96e1813b34 client templates backend 2015-12-11 10:31:42 -05:00
mposolda
5b61a10b55 KEYCLOAK-2061 Direct Access Grants disabled by default 2015-11-30 15:56:21 +01:00
mposolda
ec327c99f4 KEYCLOAK-2152 KEYCLOAK-2061 Client switches changes. Support for response_types and grant_types in OIDC Client registration 2015-11-30 15:31:38 +01:00
mposolda
57b60797ce KEYCLOAK-1129 Implicit flow: more work 2015-11-28 00:15:41 +01:00
mposolda
ef80b64d1c KEYCLOAK-1129 Implicit flow and Hybrid flow support 2015-11-27 22:28:38 +01:00
mposolda
8d2e4c0316 KEYCLOAK-2061 Add switches to enable/disable grant types for clients 2015-11-27 22:28:38 +01:00
Stian Thorgersen
c83e3bd2d1 KEYCLOAK-2106 HTTP 500 for unparsable refresh tokens 2015-11-27 08:59:23 +01:00
Stian Thorgersen
ee363a4c56 KEYCLOAK-2129 2015-11-26 12:41:55 +01:00
Stian Thorgersen
c26aeb654b KEYCLOAK-2134 login-status-iframe.html without any parameter throws 500 with NullpointerException 2015-11-25 19:58:46 +01:00