mposolda
a24a43c4be
KEYCLOAK-3349 Support for 'request' and 'request_uri' parameters
2016-09-02 20:20:38 +02:00
Vaclav Muzikar
1b085d3e13
KEYCLOAK-3421 Validation for URI fragments in redirect_uri
2016-08-31 13:07:33 +02:00
mposolda
02f28a7e8e
KEYCLOAK-3416 Add support for signed Userinfo requests
2016-08-30 20:21:04 +02:00
Stian Thorgersen
5a4bb5f3f0
Merge pull request #3168 from stianst/master
...
KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer
2016-08-30 09:47:31 +02:00
mposolda
f4aee129e4
KEYCLOAK-3424 Issuer or token-endpoint as audience in signed JWT
2016-08-29 14:43:35 +02:00
mposolda
a7f9a6e095
KEYCLOAK-3424 Support for import from public key
2016-08-29 14:43:29 +02:00
Stian Thorgersen
4f51b7b34c
KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer
2016-08-29 09:21:22 +02:00
Stian Thorgersen
2a29f2a9c6
Merge pull request #3151 from ssilvert/dmr-server-config
...
KEYCLOAK-3196: Use WildFly management model for server configuration.
2016-08-26 13:44:45 +02:00
Marek Posolda
d138b19adb
Merge pull request #3142 from vmuzikar/KEYCLOAK-3429
...
KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components
2016-08-24 09:53:29 +02:00
Stan Silvert
3abcf713e5
KEYCLOAK-3196: Test need ability to load keycloak-server.json from
...
/META-INF
2016-08-23 11:27:06 -04:00
Stan Silvert
e4d97485ec
KEYCLOAK-3196: Create master cli script for server-subsystem.
2016-08-23 11:27:04 -04:00
Stan Silvert
3493aa4ab7
KEYCLOAK-3196: Use WildFly management model for server configuration.
2016-08-23 11:26:56 -04:00
Stian Thorgersen
c522a20ab9
KEYCLOAK-3447 Manual upgrade of database schema
2016-08-22 10:22:08 +02:00
Pedro Igor
4cd0a8e894
[KEYCLOAK-3377] - Add pagination to authorization UI
2016-08-18 13:29:54 -03:00
Pedro Igor
a8d2b810cf
[KEYCLOAK-3144] - Add authorization settings when exporting/importing a realm.
2016-08-15 10:35:28 -03:00
mposolda
2cba13db9c
KEYCLOAK-3424 Possibility to import JWK key through admin console
2016-08-12 15:51:14 +02:00
mposolda
3eb9134e02
KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint
2016-08-12 15:51:14 +02:00
Vaclav Muzikar
b7f2e0b5ff
KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components
2016-08-12 14:02:17 +02:00
Pedro Igor
27187c11f1
Merge pull request #3138 from pedroigor/KEYCLOAK-3428
...
[KEYCLOAK-3428] - Removing scope policies in case the resource does not match
2016-08-11 14:59:20 -03:00
Pedro Igor
0030df060b
[KEYCLOAK-3428] - Removing scope policies in case the resource does not match
2016-08-11 14:58:14 -03:00
Marek Posolda
f6f587e472
Merge pull request #3137 from thomasdarimont/issue/KEYCLOAK-3412-remove-unused-adminEventBuilder-error-method
...
KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method
2016-08-11 17:41:04 +02:00
Thomas Darimont
e0d70a35d6
KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method
...
Wasn't used within the Keycloak codebase and wouldn't have worked either
since the OperationType lookup would always fail since there are no
"_ERROR" operation types.
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-11 16:10:49 +02:00
mposolda
0520d465c1
KEYCLOAK-3414 Support for client registration from trusted hosts
2016-08-11 15:55:32 +02:00
mposolda
a8fb988e31
KEYCLOAK-3406 OIDC dynamic client registrations specs fixes
2016-08-11 15:54:51 +02:00
mposolda
d52e043322
Set version to 2.2.0-SNAPSHOT
2016-08-10 08:57:18 +02:00
Marek Posolda
26bc07b2c4
Merge pull request #3126 from pedroigor/KEYCLOAK-3398
...
[KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand
2016-08-10 06:50:51 +02:00
Pedro Igor
70eb27ec83
[KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand
2016-08-09 21:56:29 -03:00
Bill Burke
530870f05e
realm components import/export
2016-08-09 15:06:29 -04:00
Bill Burke
ff703f935f
component export/import
2016-08-09 12:25:04 -04:00
Bill Burke
f838c697d1
Merge remote-tracking branch 'upstream/master'
2016-08-08 16:04:16 -04:00
Bill Burke
83306963e8
jta transaction abstraction
2016-08-08 12:32:36 -04:00
mposolda
65e2f127c9
KEYCLOAK-3400 OIDC request with missing response_type should respond with error
2016-08-08 16:11:50 +02:00
mposolda
9be6777685
KEYCLOAK-2169 KEYCLOAK-3286 Support for at_hash and c_hash
2016-08-08 10:57:44 +02:00
Bill Burke
f14f303dfe
Merge remote-tracking branch 'upstream/master'
2016-08-07 11:50:44 -04:00
Bill Burke
33d7d89ad9
provider hot deployment
2016-08-07 11:41:52 -04:00
Marek Posolda
65c49c39f4
Merge pull request #3114 from mposolda/master
...
KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected …
2016-08-05 16:45:56 +02:00
mposolda
e0a59baaf2
KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected unless using the code flow. Started responseType tests
2016-08-05 15:05:26 +02:00
Thomas Darimont
e49afb2d83
KEYCLOAK-3142 - Revised according to codereview
...
Liquibase Moved schema evolution configuration from jpa-changelog-2.1.0
to jpa-changelog-2.2.0.
Corrected wrong ResourceType references in tests.
Adapted AdminEvents copy-routines to be aware of resourceType attribute.
Added ResourceType enum to exposed ENUMS of ServerInfoAdminResource.
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-05 00:01:03 +02:00
Thomas Darimont
586f6eeece
KEYCLOAK-3142 - Capture ResourceType that triggers an AdminEvent
...
Introduced new ResourceType enum for AdminEvents which lists
the current supported ResourceTypes for which AdminEvents
can be fired.
Previously it was difficult for custom EventListeners to figure
out which ResourceType triggered an AdminEvent in order
to handle it appropriately, effectively forcing users to parse
the representation.
Having dedicated resource types as a marker on an AdminEvent helps
to ease custom EventListener code.
We now also allow filtering of admin events by ResourceType in the
admin-console.
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-04 11:30:02 +02:00
Bill Burke
534ee2e50c
Merge remote-tracking branch 'upstream/master'
2016-08-03 19:16:45 -04:00
Bill Burke
70722d0d3d
user storage provider jpa example
2016-08-03 19:16:11 -04:00
Bill Burke
7f08717dfb
Merge pull request #3105 from patriot1burke/master
...
component model
2016-08-02 09:28:55 -04:00
Bill Burke
e3aec098a2
Merge pull request #3064 from cainj13/oneSamlAttributeStatement
...
SamlProtocol should only drop attributes into a single attributeStatement
2016-08-02 07:14:08 -04:00
Bill Burke
17e75950fe
more fixes
2016-08-02 06:56:22 -04:00
Bill Burke
1c75b03e59
props
2016-08-02 06:50:13 -04:00
Bill Burke
1d695237b7
fix
2016-08-02 05:49:50 +02:00
Bill Burke
09693eb108
component model
2016-08-02 05:48:57 +02:00
Pedro Igor
ae1a7542d8
[KEYCLOAK-3385] - Improvements to evaluation tool UI and result
2016-08-01 18:01:24 -03:00
Bill Burke
a8a77add39
fix
2016-08-01 12:07:02 -04:00
Bill Burke
5facec73e4
Merge remote-tracking branch 'upstream/master'
2016-08-01 11:19:09 -04:00
Bill Burke
91a267a0d8
component model
2016-08-01 11:18:58 -04:00
Marek Posolda
0d99b797b6
Merge pull request #3068 from mstruk/KEYCLOAK-2981-m
...
KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys
2016-08-01 11:20:55 +02:00
Marek Posolda
159b752fb0
Merge pull request #3085 from pedroigor/master
...
[KEYCLOAK-3376] - Show authorization data when evaluating authorization requests
2016-08-01 09:09:55 +02:00
Dmitry Telegin
fea277a7f5
KEYCLOAK-3369: Fire RealmPostCreateEvent
2016-08-01 01:00:50 +03:00
Pedro Igor
bd5b434894
[KEYCLOAK-3376] - Show authorization data when evaluating authorization requests
2016-07-29 22:09:17 -03:00
Pedro Igor
3c8ed8e3d8
[KEYCLOAK-3372] - Code cleanup
2016-07-29 05:18:38 -03:00
Pedro Igor
8cfa50f134
[KEYCLOAK-3338] More testing and improvements when importing role policies
2016-07-28 12:31:46 -03:00
Bill Burke
5d9fe09599
Merge pull request #3070 from mstruk/KEYCLOAK-2571
...
KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired
2016-07-28 07:23:32 -04:00
Bill Burke
2219cd363e
Merge pull request #3079 from patriot1burke/master
...
KEYCLOAK-3268
2016-07-28 07:22:45 -04:00
Pedro Igor
7e1b97888a
[KEYCLOAK-3338] - Adding client roles to role policy and UX improvements
2016-07-27 15:15:14 -03:00
Bill Burke
46b4bb0909
KEYCLOAK-3268
2016-07-27 09:28:48 -04:00
Marko Strukelj
59e0570cdf
KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired
2016-07-26 21:32:57 +02:00
Marko Strukelj
94f583e935
KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys
2016-07-25 11:13:21 +02:00
Bill Burke
3973aed57d
Merge pull request #2989 from thomasdarimont/issue/KEYCLOAK-3234-allow-restricting-mapper-for-userinfo
...
KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint
2016-07-22 17:54:00 -04:00
Josh Cain
535a0763fc
put imports back, new IDE snuck a * in there.
2016-07-22 14:57:07 -05:00
Josh Cain
283581f920
SamlProtocol should only drop attributes into a single attributeStatement element
2016-07-22 14:49:48 -05:00
mposolda
01830fd7f3
KEYCLOAK-3319 More OIDC tests. Minor refactoring
2016-07-22 18:16:58 +02:00
mposolda
9169bcd88d
KEYCLOAK-3354 request and request_uri not supported
2016-07-22 13:44:45 +02:00
mposolda
56e011dce4
KEYCLOAK-3318 Adapter support for prompt and max_age. Refactoring to not hardcode OIDC specifics to CookieAuthenticator
2016-07-21 18:19:53 +02:00
Pedro Igor
484d5d6e08
[KEYCLOAK-3313] - UI improvements and messages
2016-07-20 22:11:24 -03:00
mposolda
f4ddfe4a52
KEYCLOAK-3318 Support for prompt=login. More tests for prompt parameter
2016-07-20 21:27:38 +02:00
Bill Burke
6f92bac782
Merge pull request #3000 from tonswieb/master
...
KEYCLOAK-3265 Support writing a NameIDType AttributeValue
2016-07-20 11:23:18 -04:00
Stian Thorgersen
1b517a461e
Merge pull request #3041 from stianst/KEYCLOAK-3302
...
KEYCLOAK-3302 Allow logout with expired refresh token
2016-07-19 08:03:52 +02:00
Marek Posolda
a6bdf81e6d
Merge pull request #3040 from mposolda/master
...
KEYCLOAK-3220 Added test for missing response_type
2016-07-15 22:19:52 +02:00
Stian Thorgersen
e708c53730
KEYCLOAK-3302 Allow logout with expired refresh token
2016-07-15 12:56:31 +02:00
Stian Thorgersen
1ce17c459d
Merge pull request #3039 from stianst/KEYCLOAK-3192
...
KEYCLOAK-3192 Ignore disabled required action
2016-07-15 10:38:49 +02:00
mposolda
fda0a79e27
KEYCLOAK-3237 Add scopes_supported to OIDC WellKnown endpoint
2016-07-15 09:47:09 +02:00
Stian Thorgersen
970c89dd6a
KEYCLOAK-3192 Ignore disabled required action
2016-07-15 09:01:44 +02:00
mposolda
13a21e5fda
KEYCLOAK-3220 Improve error handling on adapters
2016-07-14 23:56:46 +02:00
mposolda
dcc4ea3aea
KEYCLOAK-3237 Change OIDC adapters to use scope=openid as required per specs
2016-07-14 23:56:46 +02:00
Pedro Igor
aacf2e9390
[KEYCLOAK-3137] - Review i18n for AuthZ Services
2016-07-14 13:54:37 -03:00
mposolda
ee3ac3fdaf
KEYCLOAK-3223 Basic support for acr claim
2016-07-14 12:36:12 +02:00
Stian Thorgersen
4f1d83b9dc
Merge pull request #3030 from stianst/KEYCLOAK-2824-2
...
KEYCLOAK-2824 Password Policy SPI
2016-07-14 10:12:25 +02:00
Stian Thorgersen
ea44b5888b
KEYCLOAK-2824 Password Policy SPI
2016-07-14 07:20:30 +02:00
mposolda
abde62f369
KEYCLOAK-3220 redirect to client with error if possible
2016-07-13 20:57:43 +02:00
mposolda
38f89b93ff
KEYCLOAK-3281 OIDC 'state' parameter is url-encoded twice when responseMode=form_post
2016-07-13 18:07:57 +02:00
mposolda
d5199501c7
KEYCLOAK-3219 Added claims info to OIDCWellKnownProvider. More tests
2016-07-13 10:17:45 +02:00
Stian Thorgersen
5b0980172d
KEYCLOAK-3267 Fix identity broker login with brute force enabled
2016-07-12 15:21:00 +02:00
Stian Thorgersen
f97d0846ed
Merge pull request #3010 from wadahiro/KEYCLOAK-3278
...
KEYCLOAK-3278 Add support for any encoding property file in theme
2016-07-12 10:34:34 +02:00
Stian Thorgersen
19e5ddeba5
Merge pull request #3015 from martin-kanis/master
...
KEYCLOAK-3096 Remove leading/trailing spaces from username/email
2016-07-12 10:03:55 +02:00
mposolda
039bb103c2
KEYCLOAK-3295 Kerberos authenticator changed during userFederationProvider update just if it was DISABLED
2016-07-11 15:52:49 +02:00
Martin Kanis
c67d834d39
KEYCLOAK-3096 Remove leading/trailing spaces from login
2016-07-09 18:35:51 +02:00
mposolda
629390dd4a
KEYCLOAK-2986 Require either expiration or issuedAt for client authentication with signed JWT
2016-07-08 16:16:38 +02:00
mposolda
3bfd999590
KEYCLOAK-3222 extend WellKnown to return supported types of client authentications. More tests
2016-07-08 15:39:13 +02:00
Pedro Igor
80a67149af
Merge pull request #3002 from pedroigor/KEYCLOAK-3249
...
[KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE
2016-07-08 09:16:51 -03:00
mposolda
c10a005997
KEYCLOAK-3290 UserInfoEndpoint error responses don't have correct statuses
2016-07-08 12:15:07 +02:00
mposolda
4dd28c0adf
KEYCLOAK-3221 Tokens should be invalidated if an attempt to reuse code is made
2016-07-08 11:04:08 +02:00
Bill Burke
bdc57d57c1
Merge pull request #3008 from patriot1burke/master
...
new User Fed SPI initial iteration
2016-07-07 14:56:38 -04:00
Hiroyuki Wada
930b0d9ad7
KEYCLOAK-3278 Add support for any encoding property file in theme
2016-07-08 02:58:48 +09:00
mposolda
a7c9e71490
KEYCLOAK-3218 Support for max_age OIDC authRequest parameter and support for auth_time in IDToken
2016-07-07 17:04:32 +02:00
Bill Burke
0040d3fc3b
Merge remote-tracking branch 'upstream/master'
2016-07-07 10:35:45 -04:00
Bill Burke
7e5a5f79cf
fixes for new user fed spi
2016-07-07 10:35:35 -04:00
Marek Posolda
7a161cc8bb
Merge pull request #3005 from mposolda/KEYCLOAK-3217
...
KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request sec…
2016-07-07 13:49:43 +02:00
Marek Posolda
c5e8a010dc
Merge pull request #3004 from mposolda/KEYCLOAK-3147
...
KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter
2016-07-07 13:49:34 +02:00
mposolda
56e09bf189
KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter
2016-07-07 12:46:36 +02:00
mposolda
7aafbcd5d9
KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request secured with Bearer header
2016-07-07 12:28:25 +02:00
Pedro Igor
5ef65e837c
[KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE
2016-07-06 09:39:56 -03:00
Stan Silvert
a231c1b31b
RHSSO-296: Required Action "Configure Totp" should be "Configure OTP"
2016-07-05 15:07:52 -04:00
Ton Swieb
fed7339558
KEYCLOAK-3265 Support writing a NameIDType AttributeValue
2016-07-05 14:54:38 +02:00
Stian Thorgersen
7cfee80e58
KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header
2016-07-05 08:26:26 +02:00
Stian Thorgersen
435cdb6180
Merge pull request #2994 from wadahiro/KEYCLOAK-3259
...
KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files
2016-07-04 19:25:03 +02:00
Hiroyuki Wada
00cb0a798a
KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files
2016-07-04 19:46:00 +09:00
Stan Silvert
d90a708ceb
RHSSO-274: "Undefined" as auth flow execution
2016-07-01 10:25:14 -04:00
Stian Thorgersen
fa312fb3db
Merge pull request #2979 from cainj13/localeNpeFix
...
make locale retrieval null-safe
2016-07-01 12:33:36 +02:00
Thomas Darimont
ce7e7ef1d7
KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint
...
Client mappers can now be configured to be limited to the
userinfo endpoint. This allows to keep access-tokens lean
while providing extended user information on demand via the
userinfo endpoint.
2016-07-01 11:35:19 +02:00
Bill Burke
a19469aba5
Merge remote-tracking branch 'upstream/master'
2016-06-30 17:18:17 -04:00
Bill Burke
b224917fc5
bump version
2016-06-30 17:17:53 -04:00
Bill Burke
3f1eecc4be
Merge remote-tracking branch 'upstream/master'
2016-06-30 16:47:55 -04:00
Bill Burke
3ba3be877e
fixes
2016-06-30 16:47:49 -04:00
Pedro Igor
01f3dddd91
Adding a column to list policies associated with a permission.
2016-06-30 10:26:05 -03:00
Pedro Igor
afa9471c7c
[KEYCLOAK-3128] - Admin Client Authorization Endpoints
2016-06-30 10:26:05 -03:00
Bill Burke
a9f6948d74
Merge remote-tracking branch 'upstream/master'
2016-06-29 15:37:32 -04:00
Bill Burke
f51098c50b
user fed refactor
2016-06-29 15:37:22 -04:00
Pedro Igor
8b0bf503c3
[KEYCLOAK-3172] - Migrating older versions with authorization services.
2016-06-29 12:07:49 -03:00
Josh Cain
ec402f759b
make locale retrieval null-safe
2016-06-28 13:25:48 -05:00
Stian Thorgersen
2e2f34d94e
Merge pull request #2957 from pedroigor/authz-changes
...
Changes to authz examples and some minor improvements
2016-06-23 07:49:47 +02:00
Pedro Igor
074a312fe5
Renaming authorization attributes.
2016-06-22 17:20:50 -03:00
Pedro Igor
f48288865b
[KEYCLOAK-3156] - Missing CORS when responding with denies
2016-06-22 14:39:07 -03:00
Pedro Igor
905421a292
[KEYCLOAK-3152] - Keycloak Authorization JS Adapter
2016-06-22 14:28:02 -03:00
mposolda
f7a2ad021e
KEYCLOAK-3141 Fix DB2 and some other DB issues
2016-06-22 17:06:55 +02:00
mposolda
5c731b4d14
KEYCLOAK-3149 DB update triggered before DBLock is retrieved
2016-06-21 17:14:25 +02:00
Pedro Igor
8402cedd82
Merge pull request #2946 from pedroigor/KEYCLOAK-3130
...
[KEYCLOAK-3130] - Permission checks to authorization admin endpoints
2016-06-21 10:50:29 -03:00
Erik Mulder
f4ead484de
KEYCLOAK-2474 Possibility to add custom SPI and extend the data model
2016-06-20 10:56:33 +02:00
Pedro Igor
dd279dd0fd
[KEYCLOAK-3130] - Permission checks to authorization admin endpoints
2016-06-17 15:27:42 -03:00
Stian Thorgersen
3c0f7e2ee2
Merge pull request #2617 from pedroigor/KEYCLOAK-2753
...
[KEYCLOAK-2753] - Fine-grained Authorization Services
2016-06-17 13:40:15 +02:00
Pedro Igor
086c29112a
[KEYCLOAK-2753] - Fine-grained Authorization Services
2016-06-17 02:07:34 -03:00
Stian Thorgersen
e538394e60
KEYCLOAK-3091 Change brute force to use userId
2016-06-13 15:30:13 +02:00
mposolda
1510ac5eb4
KEYCLOAK-3105 Can't access single realm with the admin user from master realm
2016-06-13 12:09:11 +02:00
Stian Thorgersen
1c694b4795
Merge pull request #2921 from thomasdarimont/issue/KEYCLOAK-3054-fix-npe-on-unknown-protocol-adjustment
...
KEYCLOAK-3054: Use string format for log message
2016-06-08 07:08:05 +02:00
Stian Thorgersen
819c42dad2
Merge pull request #2918 from chameleon82/issue/KEYCLOAK-3089-email-subject-internationalization
...
KEYCLOAK-3089 Change email subject encoding to utf-8/base64
2016-06-08 07:07:37 +02:00
Некрасов Александр Сергеевич
7bdccc21b2
KEYCLOAK-3089 Change email subject encoding to utf-8
2016-06-08 09:10:39 +06:00
Thomas Darimont
a9f461bfd1
KEYCLOAK-3054: Use string format for log message
...
Need to use log.debugf(..) to correctly resolve the %s placeholder.
2016-06-07 21:56:04 +02:00
Thomas Darimont
67a63a806e
KEYCLOAK-3054: Fix potential NPE in RealmsResource
...
Prior to PR .well-known Endpoint threw NPE with if unknown
Protocol was provided.
2016-06-07 08:29:23 +02:00
Некрасов Александр Сергеевич
5474496867
KEYCLOAK-3089 Change email subject encoding to utf-8/base64
2016-06-07 09:11:46 +06:00
Bill Burke
4c9a0b45d4
Merge pull request #2229 from thomasdarimont/issue/KEYCLOAK-2489-script-based-authenticator-definitions
...
KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
2016-06-05 11:12:05 -04:00
Bill Burke
b3f3449e39
Merge pull request #2810 from thomasdarimont/issue/KEYCLOAK-2974-handle-ModelException-in-UsersResource
...
KEYCLOAK-2974: Handle ModelException in UsersResource
2016-06-05 11:06:32 -04:00
Thomas Darimont
a2d1c8313d
KEYCLOAK-3081: Add client mapper to map user roles to token
...
Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token.
Each protocol mapper supports to use a prefix string that is prepended to each role name.
The client role protocol mapper can specify from which client the roles should be considered.
Composite Roles are resolved recursively.
Background:
Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures.
In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure
(e.g. comma separated list) as a top-level (ID/Access) Token attribute that can easily be matched with a regex.
In order to differentiate between client specific roles and realm roles it is possible to configure
both separately to be able to use the same role names with different contexts rendered as separate token attributes.
2016-06-03 15:52:58 +02:00
Stian Thorgersen
8fab2f0718
KEYCLOAK-3066
...
Uploaded Realm Certificate is not validated
2016-06-01 15:12:21 +02:00
Stian Thorgersen
2343e517c9
Merge pull request #2891 from pedroigor/KEYCLOAK-2894
...
[KEYCLOAK-2894] - Fixing saml signature validation
2016-05-26 16:57:13 +02:00
Pedro Igor
60f954a497
[KEYCLOAK-2894] - Fixing saml signature validation
2016-05-26 10:48:30 -03:00
mposolda
882dbc3f25
KEYCLOAK-3006 Fix admin event inconsistencies related to roles (points 1,3,4,15,16 from JIRA)
2016-05-25 23:18:01 +02:00
mposolda
022be3aee5
KEYCLOAK-3006 Fix admin event inconsistencies (points 2,5-14 from JIRA)
2016-05-25 23:17:47 +02:00
Thomas Darimont
5f73c338d8
KEYCLOAK-2947: Include group representation for GroupMembership changes in AdminEvents
...
We now include the full group representation in AdminEvents
for Group Membership changes.
This enables EventListener to propagate potential role / attribute
chnages based on the removal / addition of the group.
2016-05-25 23:17:35 +02:00
mposolda
f58936025f
KEYCLOAK-3003 Support for admin events in AuthenticationManagementResource
2016-05-25 23:17:24 +02:00
Stian Thorgersen
fa3a2aafec
KEYCLOAK-3034 NullPointerException when log in via Twitter
2016-05-25 08:10:55 +02:00
Stian Thorgersen
477c0872b0
KEYCLOAK-3020
...
Increase default password hashing intervals to 20K
2016-05-23 11:20:31 +02:00
Stian Thorgersen
d43b230b93
KEYCLOAK-2880 Refactor PermissionTest to not require Java8
2016-05-09 07:25:03 +02:00
mposolda
bea2678e85
KEYCLOAK-2862 AuthenticationManagementResource tests
2016-05-06 20:19:58 +02:00
Thomas Darimont
146a26e714
KEYCLOAK-2974: Handle ModelException in UsersResource
...
We now handle ModelExceptions thrown while creating and updating
a new User by rolling back the transaction and presenting
an error message with a HTTP 409 (conflict) code.
Previously only ModelDuplicateExceptions were handled and
ModelExceptions, e.g. due to a failed database operation
lead to a HTTP 500 server error.
2016-05-06 20:17:22 +02:00
Stian Thorgersen
0ca117b8e9
KEYCLOAK-2865 Extend coverage of client admin endpoints
2016-05-06 08:08:52 +02:00
Stian Thorgersen
1cc4cc30a6
KEYCLOAK-2549 Re-create master admin client if master realm is overwritten on import
2016-05-05 07:19:32 +02:00
Stian Thorgersen
2355db57da
KEYCLOAK-2880 Permissions tests for admin endpoints
2016-05-04 08:25:05 +02:00
Thomas Darimont
c8d47926b8
KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
...
This is a POC for script based authenticator support.
Introduced a ScriptBasedAuthenticator that is bootstraped via a
ScriptBasedAuthenticatorFactory can be execute a configured script
against a provided execution context.
Added an alias property to the AuthFlowExecutionRepresentation in order
to be able to differentiate multiple instances of an Authenticator
within the same AuthFlow.
For convenience editing the AngularJS bindings for the ACE editor were
added for fancy script editing - this needs to be cut down a bit wrt to
themes and supported scripts - e.g. we probably don't expect users to write
authenticator scripts in Cobol...
Removed currently not needed ACE sytax highlighting and themes.
Scripting is now available to all keycloak components that have access to the KeycloakSession.
Introduced new Scripting SPI for configurable scripting providers.
2016-04-27 14:37:13 +02:00
Thomas Darimont
27ef919d07
KEYCLOAK-2924: Fire AdminEvents on user group membership changes.
...
We now fire AdminEvents if a user joins or leaves a group.
This information can be used to deduce potential role changes
in custom event listeners.
2016-04-27 11:17:23 +02:00
mposolda
c7335fa242
KEYCLOAK-2903 Fix WelcomeResource to not allow requests forwarded from proxy/loadbalancer
2016-04-26 12:03:43 +02:00
Marek Posolda
5f16f0ede8
Merge pull request #2732 from mposolda/master
...
KEYCLOAK-2900
2016-04-25 15:00:09 +02:00
mposolda
fa8b272e76
KEYCLOAK-2900
2016-04-25 13:20:29 +02:00
Bruno Oliveira
1cc4ca2e71
RHSSO-130: AccessTokenTest migration
2016-04-22 16:30:57 -03:00
mposolda
e0aedfb93d
KEYCLOAK-2878 UserFederation mapper testing
2016-04-22 14:03:42 +02:00
mposolda
f6a718f10a
KEYCLOAK-2878 Testing of UserFederation admin REST endpoints
2016-04-21 23:11:14 +02:00
Stian Thorgersen
756cc0dca0
KEYCLOAK-2866 KEYCLOAK-2874 Test role mapping resource
2016-04-21 14:21:27 +02:00
Stian Thorgersen
4f5b71d81a
KEYCLOAK-2872 Test RoleByIdResource
2016-04-21 07:09:25 +02:00
Stian Thorgersen
b6257e66b3
Merge pull request #2679 from pedroigor/KEYCLOAK-2835
...
[KEYCLOAK-2835] - Adding SOAP binding to the list of supported SingleSignOnService.
2016-04-20 20:13:49 +02:00
mposolda
a341889d2c
KEYCLOAK-2842 Not possible to add new execution under registration flow
2016-04-20 18:39:11 +02:00
Pedro Igor
81e4f4b351
[KEYCLOAK-2835] - Adding SOAP binding to the list of supported SingleSignOnService.
2016-04-20 08:48:59 -03:00
mposolda
afc8179cf8
KEYCLOAK-2846 export/import of clientTemplate scopes
2016-04-20 13:30:01 +02:00
mposolda
919a3791ea
KEYCLOAK-2844 Unexpected error when trying to remove clientTemplate in use
2016-04-20 13:25:13 +02:00
Stian Thorgersen
04d76b0052
KEYCLOAK-2491 Fix permissions in admin console to match permissions in admin endpoints
2016-04-20 09:57:57 +02:00
Stian Thorgersen
f71273a1f9
KEYCLOAK-2832
...
Authentication failure logs at ERROR level
2016-04-20 07:32:07 +02:00
Stian Thorgersen
5606160e70
KEYCLOAK-2828 Refactor contribution and add tests
2016-04-19 13:09:00 +02:00
Thomas Raehalme
cd1094c3ad
KEYCLOAK-2828: LoginStatusIframeEndpoint now sets the P3P header.
...
IE requires a P3P header to be present in <iframe /> response. Otherwise
cookies are forbidden. The value of the header does not seem to matter.
2016-04-19 10:24:28 +02:00
Bill Burke
600f429abb
KEYCLOAK-2740
2016-04-15 16:49:06 -04:00
Stian Thorgersen
6a428c8ee7
KEYCLOAK-2810 Added robots.txt and robots meta header
2016-04-13 11:22:57 +02:00
Bill Burke
515ed226be
Merge remote-tracking branch 'upstream/master'
2016-04-12 15:19:58 -04:00
Bill Burke
cca91dd175
public/private
2016-04-12 15:19:46 -04:00
Stian Thorgersen
1c2eafeb80
KEYCLOAK-2807 Fix server info providers page
2016-04-12 15:38:52 +02:00
Stian Thorgersen
538e49117f
KEYCLOAK-2799 Show error for identity brokering login if user is disabled
2016-04-12 13:14:42 +02:00
Stian Thorgersen
fcf7b28b8f
Merge pull request #2583 from stianst/KEYCLOAK-2803
...
KEYCLOAK-2803 Fix failure to add execution to client flow
2016-04-12 13:05:05 +02:00
Stian Thorgersen
350a9cd997
KEYCLOAK-2803 Fix failure to add execution to client flow
2016-04-12 08:04:15 +02:00
Stian Thorgersen
bd2238dbb8
KEYCLOAK-2770 Close mail transport after sending message
2016-04-12 07:06:52 +02:00
mposolda
e4f75409c9
KEYCLOAK-2802 NPE during identity broker cancelled from account mgmt
2016-04-11 23:31:24 +02:00
mposolda
98ad9b7e7c
KEYCLOAK-2801 Redirected to login theme error page after failed social linking from account management
2016-04-11 23:30:18 +02:00
mposolda
3e9ba71baa
KEYCLOAK-2769 Better error handling of expired code in IdentityBrokerService
2016-04-11 18:20:26 +02:00
mposolda
ee9c87877f
KEYCLOAK-2769 Fix NPE during 'Identity Broker cancelled' and instead show keycloak 'we are sorry' page
2016-04-08 19:07:06 +02:00
mposolda
90fc721315
KEYCLOAK-2614 Refactor database lock to use 'SELECT FOR UPDATE' pessimistic locking
2016-04-08 12:20:54 +02:00
Stian Thorgersen
8ea057a122
KEYCLOAK-2683 Remove QRCodeResource and embed QR code in image
2016-04-08 09:00:57 +02:00
Stian Thorgersen
c1a8e692d0
Merge pull request #2538 from stianst/KEYCLOAK-2751
...
KEYCLOAK-2751
2016-04-07 16:27:11 +02:00
Stian Thorgersen
b6d861fea6
KEYCLOAK-2751
...
Separate HTTP status codes for REST API errors
2016-04-07 15:39:12 +02:00
Guus der Kinderen
be578684b9
KEYCLOAK-2767: Should return a primitive if possible.
...
A JSON primitive is valid JSON. There is no need to construct a JSON object
just for the sake of being JSON complient. This keeps things nice and simple.
2016-04-07 13:19:29 +02:00
Stian Thorgersen
2694e003c4
KEYCLOAK-2759 Fix error message when renaming realm to name that exists
2016-04-07 06:00:31 +02:00