Pedro Igor
93d57c7d00
Merge pull request #4236 from CoreFiling/js-policy-performance
...
[KEYCLOAK-5072] - Improve performance of JSPolicyProvider
2017-06-20 15:11:40 -03:00
mposolda
f363dbcad0
KEYCLOAK-4327 Switching language on User consent gives error
2017-06-20 09:21:41 +02:00
Jay Anslow
7614ff8c6f
Extract EvaluatebleScriptAdapter
...
Precursor for InvocableScriptAdapter, which compiles/evaluates a script without affecting the engine's bindings. This allows the same script to be compiled once and then evaluated multiple times (with the same ScriptEngine).
2017-06-19 15:32:14 +01:00
Pedro Igor
0b5e6b0d49
JS policy should use ScriptingSPI
2017-06-16 11:49:32 -03:00
Pedro Igor
169280b6a1
[KEYCLOAK-3168] - Group-Based Access Control
2017-06-13 19:05:44 -03:00
Pedro Igor
fd8a3dccaf
Merge pull request #4214 from pedroigor/KEYCLOAK-4904
...
[KEYCLOAK-4904] - Authorization Audit - Part 1
2017-06-09 17:17:30 -03:00
Pedro Igor
f12cef2c86
[KEYCLOAK-4904] - Authorization Audit - Part 1
2017-06-09 13:31:06 -03:00
Pedro Igor
84d2d7b431
Missing invalidation for some queries cache
2017-06-08 18:09:44 -03:00
Bill Burke
94528976d4
console work
2017-06-07 16:29:43 -04:00
Levente NAGY
c4da7637d6
[KEYCLOAK-2538] - groups pagination and group search
2017-06-06 18:32:48 +02:00
Pedro Igor
9be9e30ad6
Merge pull request #4206 from pedroigor/KEYCLOAK-4983
...
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-05 16:19:58 -03:00
Pedro Igor
23887f4031
Fixing tests and more client policy tests
2017-06-05 11:26:33 -03:00
Pedro Igor
3760f2753b
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-02 20:09:33 -03:00
Pedro Igor
d0f505455d
[KEYCLOAK-4991] - Allow clients to limit the number of permission in a RPT when using entitlements
2017-06-02 19:06:40 -03:00
Bill Burke
b9f7a43a72
group permissions
2017-06-01 20:16:35 -04:00
Pedro Igor
c4a0470a37
[KEYCLOAK-4987] - Remove async support from AuthZ Token Endpoints
2017-05-30 12:48:18 -03:00
Stian Thorgersen
8c53c5a90e
KEYCLOAK-4888
...
Change default hashing provider for realm
2017-05-30 09:54:05 +02:00
mposolda
5560175888
KEYCLOAK-4626 Changed javadoc. Remove unused ClientSessionModel class
2017-05-25 18:51:05 +02:00
Stian Thorgersen
c442bcd8d3
Merge pull request #4174 from stianst/KEYCLOAK-4889
...
KEYCLOAK-4889
2017-05-23 14:26:15 +02:00
Stian Thorgersen
ff2d6941d0
Merge pull request #4140 from mstruk/RHSSO-978
...
RHSSO-978 Cannot migrate event types using export/import
2017-05-23 13:55:17 +02:00
Stian Thorgersen
130452f6c3
Merge pull request #4085 from mstruk/RHSSO-402
...
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-23 13:29:32 +02:00
Stian Thorgersen
097a2267f5
KEYCLOAK-4889
...
Improve error messages for password policies
2017-05-23 13:18:06 +02:00
mposolda
8adde64e2c
KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout
2017-05-23 09:08:58 +02:00
Pedro Igor
62ffab7239
Exporting a client is updating policy config
2017-05-19 19:45:47 -03:00
Bill Burke
ab763e7c5b
fixes after merge
2017-05-19 15:54:36 -04:00
Bill Burke
2cac8b1bb7
KEYCLOAK-4929
2017-05-18 16:53:31 -04:00
Bill Burke
c291748f43
KEYCLOAK-4929
2017-05-18 16:48:04 -04:00
mposolda
c178a2392d
KEYCLOAK-4907 Fix postgresql and mssql. Fix migration
2017-05-17 22:44:44 +02:00
Marko Strukelj
27b291c345
RHSSO-978 Cannot migrate event types using export/import
2017-05-16 18:52:58 +02:00
Marko Strukelj
7d0ca42c6c
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-15 12:13:58 +02:00
Bill Burke
954ef99f22
Merge remote-tracking branch 'upstream/master'
2017-05-12 10:10:29 -04:00
mposolda
7d8796e614
KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes.
2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02
KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01
KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes
2017-05-11 22:16:26 +02:00
mposolda
168153c6e7
KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
47aaa5a636
KEYCLOAK-4627 reset credentials and admin e-mails use action tokens. E-mail verification via action tokens.
2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a
KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added
2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424
KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows
2017-05-11 22:16:26 +02:00
mposolda
83b29c5080
KEYCLOAK-4626 AuthenticationSessions: start
2017-05-11 22:16:26 +02:00
Stian Thorgersen
c3a2b3a6b6
KEYCLOAK-4523 PBKDF2WithHmacSHA256 and PBKDF2WithHmacSHA512 providers
2017-05-11 11:58:22 +02:00
Pedro Igor
e14be4460b
[KEYCLOAK-4867] - Cluster events and invalidations
2017-05-05 22:48:51 -03:00
Bill Burke
c3b44e61d4
Merge remote-tracking branch 'upstream/master'
2017-05-01 14:51:07 -04:00
Eriksson Fabian
ca1152c3e5
KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
...
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Bill Burke
2276f99d54
Merge remote-tracking branch 'upstream/master'
2017-04-26 14:39:45 -04:00
Johannes Knutsen
0809033924
KEYCLOAK-4780 Ensure Base64 encoded HMAC secret key is decoded before use
2017-04-26 16:04:44 +02:00
Stian Thorgersen
cf7f28d97e
Merge pull request #4031 from abacusresearch/KEYCLOAK-4736_http_header_x-xss-protection
...
KEYCLOAK-4736 Extend security defenses with X-XSS-Protection header
2017-04-25 10:38:21 +02:00
Stian Thorgersen
54ee055bd8
KEYCLOAK-4671 Add server-private-spi to dependency deployer
2017-04-25 10:16:24 +02:00
Bill Burke
12cb295a35
Merge remote-tracking branch 'upstream/master'
2017-04-24 10:05:46 -04:00
Bill Burke
58868ca99f
prototype
2017-04-24 10:05:39 -04:00
Pedro Igor
bf69bc94bb
[KEYCLOAK-4754] - Unable to delete realm when using aggregated policies
2017-04-20 12:10:52 -03:00
Pedro Igor
b6978a424f
[KEYCLOAK-3135] - Reverting change to support import unordered policies
2017-04-12 15:15:46 -03:00
Pedro Igor
8e877a7f6c
[KEYCLOAK-3135] - More tests
2017-04-12 14:34:27 -03:00
Pedro Igor
eec712a259
[KEYCLOAK-3135] - Role and user policies apis
2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c
[KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests
2017-04-12 00:52:13 -03:00
Pedro Igor
d60dcb4c62
[KEYCLOAK-3135] - Some more tests and making policy type rest api more generic
2017-04-12 00:52:13 -03:00
Pedro Igor
8e64bc3e4d
Tests for new permission management rest api
2017-04-12 00:52:13 -03:00
Pedro Igor
cf1e8d1dd8
[KEYCLOAK-3135] - Tests and typos
2017-04-12 00:52:13 -03:00
Pedro Igor
55f747ecd0
[KEYCLOAK-3135] - Part 1: Permission Management API
2017-04-12 00:52:13 -03:00
Dominik Langenegger
8840bc073f
KEYCLOAK-4736 Extend security defenses with additional option to set the X-XSS-Protection header, block by default
2017-04-10 11:20:07 +02:00
Bill Burke
3ce0c57e17
Merge pull request #3831 from Hitachi/master
...
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Bill Burke
6ca5b7de03
Merge pull request #3998 from cainj13/fixNullProtocols
...
Fix null protocols for default clients
2017-04-06 15:29:21 -04:00
Stian Thorgersen
eaf386f1d2
KEYCLOAK-4693
...
Improve blocking search indexing
2017-04-04 09:56:48 +02:00
Josh Cain
971f053f13
flip null switch for conditionally adding login protocol to default clients
2017-03-31 16:20:21 -05:00
Josh Cain
0482ec40fd
Fix null protocols in default realm applications
2017-03-31 16:13:38 -05:00
Takashi Norimatsu
a183d50ad2
delete erroneous characters inserted by mistake
2017-03-29 09:53:24 +09:00
Takashi Norimatsu
ef3aef9381
Merge branch 'master' into master
2017-03-28 16:21:40 +09:00
vramik
c41bc65bf8
KEYCLOAK-4638 Migrator to 3.0.0 contains code coppied from 2.5.0
2017-03-22 13:08:12 +01:00
Stian Thorgersen
2aa93d7d55
Merge pull request #3924 from daklassen/KEYCLOAK-2486
...
KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
2017-03-15 09:50:06 +01:00
Pedro Igor
e7e6314146
[KEYCLOAK-4555] - Fixes and improvements to evaluation code
2017-03-13 14:08:54 -03:00
David Klassen
7029ef80f8
KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
...
Update SimpleHTTP to use Apache HTTP client under the covers.
2017-03-09 09:23:09 +01:00
Bill Burke
c6dc59f63e
Merge remote-tracking branch 'upstream/master'
2017-03-03 11:00:32 -05:00
Bill Burke
3bb29e033b
KEYCLOAK-4501, KEYCLOAK-4511, KEYCLOAK-4513
2017-03-03 09:48:52 -05:00
mposolda
091b376624
KEYCLOAK-1590 Realm import per test class
2017-03-01 09:38:44 +01:00
Bill Burke
b4f625e1ce
KEYCLOAK-4501
2017-02-27 18:46:00 -05:00
Stian Thorgersen
d72b67c460
Merge pull request #3857 from anderius/feature/KEYCLOAK-4392-component-id
...
KEYCLOAK-4392 Copy component id from representation to model
2017-02-14 09:43:38 +01:00
Bill Burke
c3e72b11db
KEYCLOAK-4382
2017-02-13 10:51:10 -05:00
Anders Båtstrand
3af9f2f989
KEYCLOAK-4392 Copy component id from representation to model
2017-02-13 13:03:57 +01:00
Bill Burke
d9633dc20c
Merge remote-tracking branch 'upstream/master'
2017-02-09 09:13:00 -05:00
Bill Burke
f128be9b31
LDAP No-Import
2017-02-04 10:29:34 -05:00
Takashi Norimatsu
88bfa563df
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
...
7636 - Server Side Implementation
2017-02-03 10:38:54 +09:00
Stian Thorgersen
be2378a424
Merge pull request #3820 from patriot1burke/master
...
KEYCLOAK-4363
2017-02-02 11:32:30 +01:00
Bill Burke
79dede8e78
KEYCLOAK-4363
2017-02-01 10:19:15 -05:00
Bill Burke
1d04d56bdb
Merge pull request #3816 from patriot1burke/master
...
KEYCLOAK-4218
2017-02-01 08:55:10 -05:00
Bill Burke
0d308e2b69
KEYCLOAK-4218
2017-01-31 15:15:49 -05:00
Pedro Igor
c705a8ffc8
[KEYCLOAK-4340] - Exporting authorization settings is updating policies with wrong data
2017-01-31 13:11:14 -02:00
mposolda
2de2df3a41
KEYCLOAK-4282 Fix authorization import in DirImportProvider
2017-01-24 21:57:35 +01:00
mposolda
194a63cc71
KEYCLOAK-4282 Import authorization after users are imported
2017-01-24 17:32:34 +01:00
mposolda
e487db349c
KEYCLOAK-4274 Fix recursive composite role mappings
2017-01-23 17:55:45 +01:00
Pedro Igor
c19360c6f2
[KEYCLOAK-4203] - Removing references to Drools
2017-01-18 12:44:30 -02:00
Bill Burke
6aee6b0c46
KEYCLOAK-4220
2017-01-13 11:45:48 -05:00
Stian Thorgersen
7ceef826ac
Merge pull request #3734 from stianst/KEYCLOAK-4176
...
KEYCLOAK-4176
2017-01-10 15:19:05 +01:00
Marek Posolda
227900f288
Merge pull request #3731 from mposolda/master
...
KEYCLOAK-4175 Provide a way to set the connect and read timeout for l…
2017-01-10 09:49:18 +01:00
Stian Thorgersen
426e55664f
KEYCLOAK-4176
2017-01-10 08:02:49 +01:00
Stian Thorgersen
7eeebff874
Merge pull request #3720 from hmlnarik/KEYCLOAK-4091-Possible-NullPointerExceptions-with-disabled-cache
...
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-10 06:23:10 +01:00
Bill Burke
452611242c
Merge remote-tracking branch 'upstream/master'
2017-01-09 17:14:34 -05:00
Bill Burke
d075172fd2
KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118
2017-01-09 17:14:20 -05:00
mposolda
c32620b718
KEYCLOAK-4175 Provide a way to set the connect and read timeout for ldap connections
2017-01-09 21:35:58 +01:00
Pedro Igor
5bc134ea7b
Merge pull request #3717 from pedroigor/KEYCLOAK-4164
...
[KEYCLOAK-4164] - Creating typed resources always result in error
2017-01-06 17:29:47 -02:00
Hynek Mlnarik
377fbced4a
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-06 10:00:11 +01:00
Pedro Igor
72691b2e74
[KEYCLOAK-4164] - Creating typed resources always result in error
2017-01-05 14:32:49 -02:00
Stian Thorgersen
15af61a7cc
Merge pull request #3708 from stianst/KEYCLOAK-2856
...
KEYCLOAK-2856
2017-01-05 09:01:37 +01:00
Stian Thorgersen
09a61f4706
KEYCLOAK-2856
2017-01-04 08:38:06 +01:00
Stian Thorgersen
b7c98ed433
KEYCLOAK-2980 Fix admin query for resource path
2017-01-03 10:34:21 +01:00
Stian Thorgersen
9c2944c090
Change id of CachedStoreFactorySpi to authorizationCache
2016-12-21 07:01:19 +01:00
Stian Thorgersen
7bad8e6ff3
KEYCLOAK-4110
...
Broken key providers in Admin Console
2016-12-20 12:08:18 +01:00
Pedro Igor
c9c8acd029
[KEYCLOAK-4034] - Invalidating policy cache when creating resources and scopes
2016-12-19 20:28:49 -02:00
Pedro Igor
40591cff25
Merge pull request #3662 from pedroigor/KEYCLOAK-4034
...
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Marek Posolda
c6363aa146
Merge pull request #3630 from sldab/duplicate-email-support
...
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 15:37:18 +01:00
Pedro Igor
c9c9f05e29
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 11:22:37 -02:00
Slawomir Dabek
93cec9b3ee
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 10:55:12 +01:00
Stian Thorgersen
f29bb7d501
KEYCLOAK-4092 key provider for HMAC signatures
2016-12-19 10:50:43 +01:00
Stian Thorgersen
97a08a1d99
Merge pull request #3644 from stianst/KEYCLOAK-4071
...
KEYCLOAK-4071
2016-12-14 09:55:55 +01:00
Stian Thorgersen
480d4e6f4f
KEYCLOAK-4071
2016-12-14 07:01:54 +01:00
mposolda
40216b5e7d
KEYCLOAK-3921 LDAP binary attributes
2016-12-13 18:31:26 +01:00
Bill Burke
5996149a8d
KEYCLOAK-3506
2016-12-10 17:01:08 -05:00
Bill Burke
1f0600044a
KEYCLOAK-3967
2016-12-08 19:29:02 -05:00
Bruno Oliveira
15f23eb045
[KEYCLOAK-3560]: Unable to import exported users which contain terms_and_conditions required action
2016-12-06 15:29:56 -02:00
Bill Burke
77d17de14d
Merge pull request #3611 from patriot1burke/master
...
KEYCLOAK-3620
2016-12-06 08:18:36 -05:00
Marek Posolda
c8b22e71f0
Merge pull request #3573 from glavoie/KEYCLOAK-4003
...
KEYCLOAK-4003: Slow Infinispan RoleAdapter.hasRole() call.
2016-12-06 09:49:42 +01:00
Bill Burke
6587cd2478
KEYCLOAK-3620
2016-12-05 17:51:06 -05:00
Bill Burke
ce50b0ed29
Merge remote-tracking branch 'upstream/master'
2016-12-02 19:26:34 -05:00
Bill Burke
e88af874ca
finish
2016-12-02 19:25:17 -05:00
Marek Posolda
458ca8a7ee
Merge pull request #3578 from sldab/msadlds
...
KEYCLOAK-4009 Compatibility with AD LDS
2016-12-02 17:50:21 +01:00
Slawomir Dabek
b2f0acfe26
KEYCLOAK-4009 Compatibility with AD LDS
2016-12-02 14:43:42 +01:00
Manuel Palacio
bfec073457
KEYCLOAK-3648
2016-12-01 19:34:33 +01:00
Stian Thorgersen
5ecc8d1c71
KEYCLOAK-4006 Fix performance drop caused by changes to client session codes
2016-12-01 12:17:54 +01:00
Gabriel Lavoie
6fa504489f
KEYCLOAK-4003: Slow Infinispan RoleAdapter.hasRole() call.
...
- Added a session/query cache for the result getComposites() to avoid always hitting the Infinispan cache.
- KeycloakModelUtils doesn't rely anymore on a "visited" set as performance seems good without it.
- Added test for multiple levels of composite roles. Only one level was covered.
2016-11-30 10:56:26 -05:00
mposolda
69ce1e05f0
KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected
2016-11-28 15:27:25 +01:00
Marek Posolda
a8de125e26
Merge pull request #3551 from vramik/KEYCLOAK-3983
...
KEYCLOAK-3983 update protocol mappers of clients and client templates for backward compatibility import
2016-11-25 21:48:41 +01:00
mposolda
7c6032cc84
KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite
2016-11-25 17:45:37 +01:00
Vlasta Ramik
939da455d7
update protocol mappers of clients and client templates for backward compatibility import
2016-11-25 15:12:38 +01:00
Bill Burke
e82e584b81
port removed migrators
2016-11-23 16:48:02 -05:00
Bill Burke
ccbd8e8c70
remove User Fed SPI
2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf
remove realm UserFed SPI methods
2016-11-23 08:31:20 -05:00
Bill Burke
0c05dc093f
Merge remote-tracking branch 'upstream/master'
2016-11-21 12:26:24 -05:00
Bill Burke
798fd84698
Merge remote-tracking branch 'upstream/master'
2016-11-21 11:33:52 -05:00
Bill Burke
19575b2c8f
port kerberos
2016-11-21 11:33:44 -05:00
mposolda
27e5d9672a
KEYCLOAK-3944 Imported legacy LDAP Federation provider doesn't have default mappers available
2016-11-21 16:17:49 +01:00
mposolda
76bfbad2c4
KEYCLOAK-3895 Make UserSessionProvider and UserSessionPersisterProvider to rely on UserRemovedEvent callbacks
2016-11-18 15:58:33 +01:00
mposolda
a27be0cee7
KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches.
2016-11-16 22:29:23 +01:00
Stian Thorgersen
b4f072ed81
KEYCLOAK-3882 Move more provider factories and SPIs to private
2016-11-15 12:05:25 +01:00
Bill Burke
8794416241
fix db2
2016-11-14 16:22:30 -05:00
Bill Burke
cc0eb47814
merge
2016-11-14 15:09:41 -05:00
Pedro Igor
fb1cd9d27d
[KEYCLOAK-3554] - Properly handle dependencies between policies when importing settings
2016-11-14 18:55:53 +00:00
Stian Thorgersen
7e33f4a7d1
KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private
2016-11-10 13:28:42 +01:00