Commit graph

115 commits

Author SHA1 Message Date
Stian Thorgersen
842b811a41 Merge pull request #2987 from ssilvert/RHSSO-319
KEYCLOAK-3242: Some hints in admin console contain backslash in front of
2016-07-04 19:17:29 +02:00
Stian Thorgersen
07ab632351 Merge pull request #2986 from ssilvert/RHSSO-253
KEYCLOAK-3240: No tooltip shown for Client Mapper Type
2016-07-04 19:16:57 +02:00
Julien Giovaresco
9bcfda64fa Fix typo in email and login french translations 2016-07-04 19:14:36 +02:00
Stian Thorgersen
122cb1f490 Merge pull request #2925 from chameleon82/issue/KEYCLOAK-3102-russian-localization
KEYCLOAK-3102 Add russian localization
2016-07-04 19:03:04 +02:00
Alex
cb085cc598 KEYCLOAK-3102 update Russian grammar in admin console 2016-07-02 10:04:57 +06:00
Alex
a8b39edd73 KEYCLOAK-3102 Fix russian grammar in admin messages 2016-07-01 23:17:36 +06:00
Bill Burke
b224917fc5 bump version 2016-06-30 17:17:53 -04:00
Stan Silvert
daefbcf994 RHSSO-319: Some hints in admin console contain backslash in front of
collon
2016-06-30 13:32:21 -04:00
Stan Silvert
5d9669e5a6 RHSSO-253: No tooltip shown for Client Mapper Type 2016-06-30 13:10:47 -04:00
Pedro Igor
01f3dddd91 Adding a column to list policies associated with a permission. 2016-06-30 10:26:05 -03:00
Pedro Igor
2db41ef052 [KEYCLOAK-2999] - Changes to authz examples for integration test 2016-06-30 10:26:05 -03:00
Alexandre
a9e8f315a4 Update messages_fr.properties
Change the word "adminitrateur" to "administrateur"

The "s" was missing in "admini-S-trateur"

That all !
2016-06-30 07:34:17 +02:00
Iván Perdomo
8a8bf47043 [KEYCLOAK-3185] Fix navigation resource > permission 2016-06-27 14:21:19 +02:00
Alex
01d0821142 KEYCLOAK-3102 Fix grammar 2016-06-25 13:30:22 +06:00
Pedro Igor
074a312fe5 Renaming authorization attributes. 2016-06-22 17:20:50 -03:00
Pedro Igor
7512abe9a7 Renaming Scopes tab to Authorization Scopes 2016-06-22 16:58:09 -03:00
Alex
61be5cc90e KEYCLOAK-3102 Fix Russian translation more cleaner 2016-06-21 01:16:05 +06:00
Stian Thorgersen
2beb1f2466 Merge branch 'KEYCLOAK-3052' of https://github.com/cargosoft/keycloak into cargosoft-KEYCLOAK-3052 2016-06-17 13:55:55 +02:00
Stian Thorgersen
3c0f7e2ee2 Merge pull request #2617 from pedroigor/KEYCLOAK-2753
[KEYCLOAK-2753] - Fine-grained Authorization Services
2016-06-17 13:40:15 +02:00
Pedro Igor
086c29112a [KEYCLOAK-2753] - Fine-grained Authorization Services 2016-06-17 02:07:34 -03:00
Dimitri Teleguin
524ad9728a correct resource URL 2016-06-14 21:07:36 +03:00
Dmitry Telegin
3203842b58 Fix KEYCLOAK-3052 2016-06-14 12:32:43 +03:00
Stian Thorgersen
e538394e60 KEYCLOAK-3091 Change brute force to use userId 2016-06-13 15:30:13 +02:00
Некрасов Александр Сергеевич
1422d2962e KEYCLOAK-3102 Add russian localization 2016-06-10 15:54:19 +06:00
Thomas Darimont
56a565f913 KEYCLOAK-3092: Show 20 users per page in user list by default
More sensible default for number of users shown per page in
the user listing of the admin console.
This is also recommended in the patternfly guidelines.

Prior to the PR only 5 users were shown per page.
2016-06-07 13:23:03 +02:00
Thomas Darimont
51312ff7ff KEYCLOAK-2891: Fix label alignment for OIDC Endpoint link.
This probably happend during merge.
2016-06-06 09:55:31 +02:00
Bill Burke
4c9a0b45d4 Merge pull request #2229 from thomasdarimont/issue/KEYCLOAK-2489-script-based-authenticator-definitions
KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
2016-06-05 11:12:05 -04:00
Bill Burke
a76a4730e3 Merge pull request #2884 from thomasdarimont/issue/KEYCLOAK-2891-link-to-oidc-endpoints-from-admin-console
KEYCLOAK-2891: Add link to OpenID Endpoint Configuration to realm details page.
2016-06-05 11:06:11 -04:00
Thomas Darimont
a2d1c8313d KEYCLOAK-3081: Add client mapper to map user roles to token
Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token.
Each protocol mapper supports to use a prefix string that is prepended to each role name.

 The client role protocol mapper can specify from which client the roles should be considered.
 Composite Roles are resolved recursively.

Background:
Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures.
In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure
(e.g. comma separated list) as a top-level  (ID/Access) Token attribute that can easily be matched with a regex.

In order to differentiate between client specific roles and realm roles it is possible to configure
both separately to be able to use the same role names with different contexts rendered as separate token attributes.
2016-06-03 15:52:58 +02:00
Fernando Mora
5148e69006 Fixes displaying message on login using base theme
Using base theme produces an error when login page tries to display a message.
The following properties that are not defined in base theme (only in keycloak theme) are being called without default_value operator "!"

* Steps to Reproduce:
1. Set `base` theme as `Login Theme`
2. Sign out
3. Try to sign in using and invalid username/password

* Expected behaviour:
  * Message `Invalid username or password.`is shown
* Actual behavior:
  * Bank page is shown and following stackatrace in logs:
```
15:58:19,575 ERROR [freemarker.runtime] (default task-9) Error executing FreeMarker template: freemarker.core.InvalidReferenceException: The following has evaluated to null or missing:
==> properties.kcFeedbackErrorIcon  [in template "template.ftl" at line 67, column 76]

----
Tip: It's the step after the last dot that caused this error, not those before it.
----
Tip: If the failing expression is known to be legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#else>when-missing</#if>. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)??
----

----
FTL stack trace ("~" means nesting-related):
	- Failed at: ${properties.kcFeedbackErrorIcon}  [in template "template.ftl" in macro "registrationLayout" at line 67, column 74]
	- Reached through: @layout.registrationLayout displayInf...  [in template "login.ftl" at line 2, column 1]
----
	at freemarker.core.InvalidReferenceException.getInstance(InvalidReferenceException.java:131)
	at freemarker.core.EvalUtil.coerceModelToString(EvalUtil.java:355)
	at freemarker.core.Expression.evalAndCoerceToString(Expression.java:82)
	at freemarker.core.DollarVariable.accept(DollarVariable.java:41)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.MixedContent.accept(MixedContent.java:54)
	at freemarker.core.Environment.visitByHiddingParent(Environment.java:345)
	at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.MixedContent.accept(MixedContent.java:54)
	at freemarker.core.Environment.visitByHiddingParent(Environment.java:345)
	at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.MixedContent.accept(MixedContent.java:54)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.Macro$Context.runMacro(Macro.java:184)
	at freemarker.core.Environment.invoke(Environment.java:701)
	at freemarker.core.UnifiedCall.accept(UnifiedCall.java:84)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.MixedContent.accept(MixedContent.java:54)
	at freemarker.core.Environment.visit(Environment.java:324)
	at freemarker.core.Environment.process(Environment.java:302)
	at freemarker.template.Template.process(Template.java:325)
	at org.keycloak.theme.FreeMarkerUtil.processTemplate(FreeMarkerUtil.java:61)
	at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createResponse(FreeMarkerLoginFormsProvider.java:314)
	at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createLogin(FreeMarkerLoginFormsProvider.java:431)
	at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidUser(AbstractUsernameFormAuthenticator.java:58)
	at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidUser(AbstractUsernameFormAuthenticator.java:87)
	at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword(AbstractUsernameFormAuthenticator.java:141)
	at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.validateForm(UsernamePasswordForm.java:56)
	at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.action(UsernamePasswordForm.java:49)
	at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:84)
	at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:75)
	at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:756)
	at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:359)
	at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:341)
	at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:386)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:88)
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
```
2016-05-25 18:38:11 +02:00
Thomas Darimont
08320890b1 KEYCLOAK-2891: Add link to OpenID Endpoint Configuration to realm details page
We now show a link to the OIDC Endpoints configuration in the realm
details page.
This makes it easier for users to find the OIDC endpoints.
2016-05-25 14:26:44 +02:00
Stian Thorgersen
27bdc996e7 KEYCLOAK-3008 Upload Realm Keys doesn't work 2016-05-23 10:35:23 +02:00
Thomas Darimont
c59fdb4299 KEYCLOAK-2994: Revise german translations for login pages in base theme
Reworded some german translations and fixed some spelling errors.

This could also be applied to 1.9.x.
2016-05-12 10:41:09 +02:00
Thomas Darimont
c8d47926b8 KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
This is a POC for script based authenticator support.
Introduced a ScriptBasedAuthenticator that is bootstraped via a
ScriptBasedAuthenticatorFactory can be execute a configured script
against a provided execution context.
Added an alias property to the AuthFlowExecutionRepresentation in order
to be able to differentiate multiple instances of an Authenticator
within the same AuthFlow.

For convenience editing the AngularJS bindings for the ACE editor were
added for fancy script editing - this needs to be cut down a bit wrt to
themes and supported scripts - e.g. we probably don't expect users to write
authenticator scripts in Cobol...
Removed currently not needed ACE sytax highlighting and themes.

Scripting is now available to all keycloak components that have access to the KeycloakSession.
Introduced new Scripting SPI for configurable scripting providers.
2016-04-27 14:37:13 +02:00
Stian Thorgersen
04d76b0052 KEYCLOAK-2491 Fix permissions in admin console to match permissions in admin endpoints 2016-04-20 09:57:57 +02:00
Stian Thorgersen
5606160e70 KEYCLOAK-2828 Refactor contribution and add tests 2016-04-19 13:09:00 +02:00
Thomas Raehalme
cd1094c3ad KEYCLOAK-2828: LoginStatusIframeEndpoint now sets the P3P header.
IE requires a P3P header to be present in <iframe /> response. Otherwise
cookies are forbidden. The value of the header does not seem to matter.
2016-04-19 10:24:28 +02:00
Bill Burke
600f429abb KEYCLOAK-2740 2016-04-15 16:49:06 -04:00
mposolda
44ea920f92 KEYCLOAK-2823 Password policy 'hashAlgorithm' value not correctly shown in admin console 2016-04-14 13:16:14 +02:00
Stian Thorgersen
6a428c8ee7 KEYCLOAK-2810 Added robots.txt and robots meta header 2016-04-13 11:22:57 +02:00
Stian Thorgersen
bb3937e3c1 KEYCLOAK-2804 Prevent browser from prefilling username/password into non-login form 2016-04-13 10:00:48 +02:00
Stian Thorgersen
350a9cd997 KEYCLOAK-2803 Fix failure to add execution to client flow 2016-04-12 08:04:15 +02:00
mposolda
e4f75409c9 KEYCLOAK-2802 NPE during identity broker cancelled from account mgmt 2016-04-11 23:31:24 +02:00
mposolda
98ad9b7e7c KEYCLOAK-2801 Redirected to login theme error page after failed social linking from account management 2016-04-11 23:30:18 +02:00
mposolda
3e9ba71baa KEYCLOAK-2769 Better error handling of expired code in IdentityBrokerService 2016-04-11 18:20:26 +02:00
Stian Thorgersen
8ea057a122 KEYCLOAK-2683 Remove QRCodeResource and embed QR code in image 2016-04-08 09:00:57 +02:00
Stian Thorgersen
f2dd556323 Merge pull request #2532 from stianst/KEYCLOAK-2762
KEYCLOAK-2762 Renaming a realm without saving the form affects all li…
2016-04-07 09:34:35 +02:00
Stian Thorgersen
f585f5dfc9 Merge pull request #2530 from stianst/KEYCLOAK-2761
KEYCLOAK-2761 Broken on/off switch at Client Mappers with specific wi…
2016-04-07 07:13:35 +02:00
Stian Thorgersen
61ae15cf56 KEYCLOAK-2762 Renaming a realm without saving the form affects all links in Console 2016-04-07 06:59:21 +02:00
Stian Thorgersen
139e19514b Merge pull request #2528 from stianst/KEYCLOAK-2760
KEYCLOAK-2760
2016-04-07 06:51:24 +02:00