Commit graph

89 commits

Author SHA1 Message Date
vramik
3b1bdb216a KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem 2020-01-14 13:17:13 +01:00
mhajas
a79d6289de KEYCLOAK-11416 Fix nil AttributeValue handling 2020-01-10 12:47:09 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
Douglas Palmer
a32c8c5190 [KEYCLOAK-11185] Fixed build with JDK 11 2019-11-04 10:56:07 -03:00
Benjamin Bentmann
d6f56e58c1 KEYCLOAK-11806 Fix SAML adapter to not fail upon receiving a login response without the optional Destination attribute 2019-10-29 23:12:15 +01:00
rmartinc
7f54a57271 KEYCLOAK-10757: Replaying assertion with signature in SAML adapters 2019-09-18 16:49:00 +02:00
Stefan Guilhen
60205845a8 [KEYCLOAK-7264] Add a RoleMappingsProvider SPI to allow for the configuration of custom role mappers in the SAML adapters.
- Provides a default implementation based on mappings loaded from a properties file.
 - Role mappers can also be configured in the keycloak-saml susbsytem.
2019-09-09 05:24:25 -03:00
mhajas
4b18c6a117 KEYCLOAK-7207 Check session expiration for SAML session 2019-07-24 13:35:07 +02:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Stefan Guilhen
ceaae7a254 [KEYCLOAK-10384] Add equals and hashCode to KeycloakUndertowAccount, SamlPrincipal and SamlSession to avoid cache misses in the PicketBox JAAS auth manager 2019-07-18 21:08:22 +02:00
Steeve Beroard
fc9a0e1766 [KEYCLOAK-8104] Keycloak SAML Adapter does not support clockSkew configuration
Co-Authored-By: vramik <vramik@redhat.com>
2019-07-15 13:08:52 +02:00
Hynek Mlnarik
ca4e14fbfa KEYCLOAK-7852 Use original NameId value in logout requests 2019-07-04 19:30:21 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
Martin Ball
21e2fa8784 KEYCLOAK-4249 - Make IDP URL in keycloak-saml.xml configurable
Added the metadata url as an attribute on the IDP in the keycloak saml configuration which then propagates through to the DefaultSamlDeployment where it is used on the construction of the SamlDescriptorPublicKeyLocator thereby allowing support for ADFS or other IDP which uses a path that is different to the Keycloak IDP.

To make this work when testing with ADFS a change was made to SamlDescriptorIDPKeysExtractor because it would not extract keys from metadata which contained the EntityDescriptor as the root element. The solution was to change the xpath expression in SamlDescriptorIDPKeysExtractor so that it does not require a wrapping EntitiesDescriptor but instead loads all EntityDescriptors located in the document. This allows it to handle a single EntityDescriptor or multiple descriptors wrapped in an EntitiesDescriptor in the same xpath expression. A unit test SamlDescriptorIDPKeysExtractorTest has been added which validates that keys can be loaded in both scenarios.
2019-03-27 08:04:53 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
Hynek Mlnarik
2bf6d75e57 KEYCLOAK-8010 Improve handling of Conditions SAML tag 2018-09-19 14:00:28 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
Hynek Mlnarik
812e76c39b KEYCLOAK-8163 Improve SAML validations 2018-09-05 15:47:03 +02:00
Hynek Mlnarik
a8a9631d4f KEYCLOAK-6832 Unify Destination attribute handling 2018-08-09 10:30:30 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
rmartinc
4a82979792 KEYCLOAK-1925: SAML adapter multitenant support 2018-07-10 13:21:11 +02:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
Hynek Mlnarik
6b968796ce KEYCLOAK-7667 Fix namespace handling when decrypting assertion 2018-06-21 13:09:18 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Hynek Mlnarik
1f20c03afa KEYCLOAK-6470 Refactor SAML adapter parsers 2018-02-27 09:37:29 +01:00
Hynek Mlnarik
e7cdb8ad54 KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers 2018-02-23 08:16:14 +01:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Hynek Mlnarik
626004e782 KEYCLOAK-6066 Be less strict when handling cookies 2017-12-19 21:39:41 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Jasper Siepkes
458c2f2682
Clarify request URI mismatch error message in SAML adapter.
Show expected URI and received URI in error message. Also makes the logging behavior of 'handleSamlResponse' the same as 'handleSamlRequest' since that method already shows the expected and received URI.
2017-09-11 19:52:49 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnarik
794c508b10 KEYCLOAK-4995 Support for distributed SAML logout in cross DC 2017-08-28 13:15:11 +02:00
Hynek Mlnarik
8d81a4a2e4 KEYCLOAK-5236 2017-07-26 11:22:05 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
hmlnarik
b4ad69b841 KEYCLOAK-5115 (#4272) 2017-06-29 15:50:50 +02:00
Frederik Libert
63d2d0f7ed KEYCLOAK-4897 SAML Adapter fails to validate signature on assertion 2017-06-19 18:26:17 +02:00
Hisanobu Okuda
9135ba7c40 KEYCLOAK-4980 SAML adapter should return 401 when unauthenticated Ajax client accesses 2017-06-08 23:36:25 +09:00
Frederik Libert
71f0db0837 KEYCLOAK-4897
SAML Adapter fails to validate signature on encrypted assertion.
2017-05-17 15:47:04 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00