libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions
11885 commits 4 branches 9 tags 483 MiB
Commit graph

581 commits

Author SHA1 Message Date
rmartinc
82ef5b7927 KEYCLOAK-12000: Allow overriding time lifespans on a SAML client 2019-11-26 10:02:34 +01:00
Yoshiyuki Tabata
0a9d058b81 KEYCLOAK-12150 change error response from invalid_request to unsupported_grant_type 2019-11-22 11:11:07 +01:00
Yoshiyuki Tabata
a36cfee84b KEYCLOAK-12149 change error response from invalid_grant to unauthorized_client 2019-11-22 11:10:16 +01:00
Yoshiyuki Tabata
4117710379 KEYCLOAK-12019 change error response from unsupported_response_type to unauthorized_client 2019-11-22 11:03:02 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459) 
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
 2019-11-14 14:45:05 +01:00
stianst
b8881b8ea0 KEYCLOAK-11728 New default hostname provider 
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2019-11-11 12:25:44 +01:00
stianst
062841a059 KEYCLOAK-11898 Refactor AIA implementation 2019-11-08 16:03:07 -03:00
stianst
63abebd993 KEYCLOAK-11627 Require users to re-authenticate before invoking AIA 2019-11-08 16:03:07 -03:00
stianst
bc5113053d KEYCLOAK-11897 Change kc_action parameter to proper built-in parameter 2019-11-08 16:03:07 -03:00
Stian Thorgersen
f14f92ab0b KEYCLOAK-6073 Make adapters use discovery endpoint for URLs instead of hardcoding (#6412) 2019-11-06 10:34:35 +01:00
Gideon Caranzo
e07fd9ffa3 KEYCLOAK-9936 Added optional hooks for preprocessing SAML authentication 
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
 2019-10-29 13:06:59 +01:00
Takashi Norimatsu
1905260eac KEYCLOAK-11251 ES256 or PS256 support for Client Authentication by Signed JWT (#6414) 2019-10-24 17:58:54 +02:00
Pedro Igor
bb4ff55229 [KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server 
Conflicts:
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java

(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
 2019-10-22 10:34:24 +02:00
Takashi Norimatsu
66de87a211 KEYCLOAK-11253 Advertise acr claim in claims_supported Server Metadata 2019-10-03 11:25:45 +02:00
Takashi Norimatsu
6c9cf346c6 KEYCLOAK-11252 Implement Server Metadata of OAuth 2.0 Mutual TLS Client Authentication 2019-10-01 15:27:59 +02:00
Mathieu CLAUDEL
2fb507e170 KEYCLOAK-10802 add support of SAMLv2 ForceAuthn 2019-09-27 09:55:54 +02:00
rmartinc
7f54a57271 KEYCLOAK-10757: Replaying assertion with signature in SAML adapters 2019-09-18 16:49:00 +02:00
Takashi Norimatsu
8225157a1c KEYCLOAK-6768 Signed and Encrypted ID Token Support 2019-08-15 15:57:35 +02:00
Stan Silvert
bc818367a1 KEYCLOAK-10854: App-initiated actions Phase I 2019-07-26 14:56:29 -03:00
mhajas
57a8fcb669 KEYCLOAK-10776 Add session expiration to Keycloak saml login response 2019-07-24 13:35:07 +02:00
Takashi Norimatsu
2e850b6d4a KEYCLOAK-10747 Explicit Proof Key for Code Exchange Activation Settings 2019-07-12 08:33:20 +02:00
Martin Kanis
efdf0f1bd8 KEYCLOAK-6839 You took too long to login after SSO idle 2019-07-10 10:15:26 +02:00
Tomasz Prętki
0376e7241a KEYCLOAK-10251 New Claim JSON Type - JSON 2019-07-08 11:59:57 +02:00
Hisanobu Okuda
1ac51611d3 KEYCLOAK-10664 correct the error message when no SAML request provided 2019-06-18 08:47:35 +02:00
Stefan Guilhen
40ec46b79b [KEYCLOAK-8043] Allow prompt=none query parameter to be propagated to default IdP 2019-05-29 09:22:46 +02:00
vramik
d64f716a20 KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title 2019-05-20 09:51:04 +02:00
Kohei Tamura
8bee7ec542 KEYCLOAK-9983 - Fix the P3P header corruption in Japanese and Turkish (#6006) 2019-05-15 15:23:45 +02:00
Hynek Mlnarik
b8aa1916d8 KEYCLOAK-10195 Fix role lookup to address roles with dots 2019-05-14 13:00:04 +02:00
Kohei Tamura
43bda455bc KEYCLOAK-10106 - Fix typos in default scripts (#6010) 2019-05-07 10:20:04 +02:00
Stefan Guilhen
f1acdc000e [KEYCLOAK-10168] Handle microprofile-jwt client scope migration 2019-05-06 15:14:27 -03:00
Stefan Guilhen
2fa2437555 KEYCLOAK-5613 Add built-in optional client scope for MicroProfile-JWT 2019-04-02 08:40:19 -03:00
vramik
b7c5ca8b38 KEYCLOAK-8535 Inconsistent SAML Logout endpoint handling 2019-03-22 14:09:31 +01:00
Hynek Mlnarik
25c07f78bc KEYCLOAK-9578 Fix typo in SAML attribute name format 2019-03-19 11:45:38 +01:00
Hynek Mlnarik
1c906c834b KEYCLOAK-3373 Remove SAML IdP descriptor from client installation and publicize it in realm endpoint instead 2019-03-19 11:37:15 +01:00
Yaser Abouelenein
404ac1d050 KEYCLOAK-8701 changes needed to include x5c property in jwks 2019-03-15 06:01:15 +01:00
Corey McGregor
be77fd9459 KEYCLOAK-2339 Adding impersonator details to user session notes and supporting built-in protocol mappers. 2019-03-08 09:14:42 +01:00
Simon Neaves
b5fbc04e5e KEYCLOAK-9376 Add "aud" to DEFAULT_CLAIMS_SUPPORTED 
See https://issues.jboss.org/browse/KEYCLOAK-9376?_sscc=t
 2019-02-25 10:21:49 +01:00
stianst
07ccbdc3db KEYCLOAK-9182 2019-01-03 14:28:35 +01:00
mposolda
061693a8c9 KEYCLOAK-9089 IllegalArgumentException when trying to use ES256 as OIDC access token signature 2018-12-14 21:01:03 +01:00
mposolda
1237986fd0 KEYCLOAK-8838 Incorrect resource_access in accessToken when clientId contains dots 2018-12-13 10:31:27 +01:00
rmartinc
3c44e6c377 KEYCLOAK-9068: IDP-initiated-flow is not working with REDIRECT binding 2018-12-13 06:28:38 -02:00
mposolda
c51c492996 KEYCLOAK-9050 Change LoginProtocol.authenticated to read most of the values from authenticationSession 2018-12-12 13:30:03 +01:00
mposolda
a7f57c7e23 KEYCLOAK-9021 2018-12-12 07:09:14 +01:00
Pedro Igor
4355c89b9d [KEYCLOAK-7365] - No need to check roles when refreshing tokens 2018-11-29 08:51:25 -02:00
mposolda
6db1f60e27 KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs 2018-11-21 21:51:32 +01:00
Stian Thorgersen
f3bf1456ab
KEYCLOAK-8781 Mark OpenShift integration as preview. Fix issue in Profile where preview features was not enabled in preview mode. (#5738) 2018-11-19 17:32:21 +01:00
Marek Posolda
f67d6f9660 KEYCLOAK-8482 Access token should never contain azp as an audience (#5719) 2018-11-19 14:38:41 +01:00
Takashi Norimatsu
0793234c19 KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603) 
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

also support client signed signature verification by refactored token
verification mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

incorporate feedbacks and refactor client public key loading mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

unsigned request object not allowed

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

revert to re-support "none"
 2018-11-19 14:28:32 +01:00
mposolda
0533782d90 KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB 2018-11-16 14:23:28 +01:00
Thomas Darimont
cf57a1bc4b KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me 
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.

SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.

Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
 2018-11-15 06:11:22 +01:00