Bill Burke
b0464f1751
Merge remote-tracking branch 'upstream/master'
2017-10-10 09:10:04 -04:00
Bill Burke
5bd4ea30ad
rev
2017-10-10 09:09:51 -04:00
Carl Kristian Eriksen
50dd07217d
KEYCLOAK-5032 Forward request parameters to another IdP
...
Forwarding of prompt and acr_values, if provided in the authorization request.
If prompt is set in the configuration for the identity provider, the configuration overrules the request parameter.
2017-10-09 16:15:27 +02:00
Bill Burke
c8516c2349
support social external exchange
2017-10-06 16:44:26 -04:00
Stian Thorgersen
7774d5c6b8
Revert changes in KEYCLOAK-5621 ( #4539 )
2017-10-06 14:02:34 +02:00
Bartek Andrzejczak
8c7313f290
Renames realmKey to realmPublicKey for consistency ( #4526 )
2017-10-04 08:29:09 +02:00
Takashi Norimatsu
6f6a467c7b
OIDC Financial API Read Only Profile : scope MUST be returned in the
...
response from Token Endpoint
2017-10-04 12:59:49 +09:00
mposolda
7d641baf4e
KEYCLOAK-5570 Added InvalidationCrossDCTest
2017-09-29 19:36:40 +02:00
Marek Posolda
13fe9e7cf8
Merge pull request #4510 from glavoie/KEYCLOAK-3303
...
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93
KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT
2017-09-29 13:20:22 +02:00
mposolda
63673c4328
KEYCLOAK-5569 Added JWE
2017-09-29 13:01:42 +02:00
Gabriel Lavoie
134daeac7f
KEYCLOAK-3303: Allow reuse of refresh tokens.
...
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
8ace0e68c3
KEYCLOAK-910 KEYCLOAK-5455
2017-09-21 17:15:18 -04:00
Bill Burke
f927ee7b4e
KEYCLOAK-5491 KEYCLOAK-5492
2017-09-15 16:30:45 -04:00
filipelautert
e055589448
[KEYCLOAK-4778] Fix for Oracle null value when having an empty String as attribute value ( #4406 )
...
* Add client.name as a second parameter to the title expressions in login template
* Fixing tooltip.
* pt_BR localization for admin screens.
* Reverting login.ftl
* Added all tooltip messages - even the ones not translated.
Translated around 150 messages todas.
* More translations.
* Fixing wrong edit.
* [KEYCLOAK-4778] Null check on Attribute value. This value can be null when retrieved from an Oracle database.
* [KEYCLOAK-4778] Create unit tests for empty and null values.
* [KEYCLOAK-4778] Move empty and null attributes tests to a separated test method; change tests to empty or null Strings.
* [KEYCLOAK-4778] Check if value is null and set it as empty array. In the former code if null was received it would generate an array with 1 string element ["null"]. Also if we set value as null instead of ArrayList, later when the rest call is executed it will generate the same incorrect array again.
* [KEYCLOAK-4778] Tests clean up.
2017-08-31 06:09:41 +02:00
Stian Thorgersen
d3dc26181e
KEYCLOAK-3481 ( #4441 )
2017-08-30 08:00:22 +02:00
Stian Thorgersen
dcfa4aca8c
KEYCLOAK-943 Started account rest service. Profile and sessions completed. ( #4439 )
2017-08-29 20:12:09 +02:00
Bill Burke
6696c44dc0
Merge remote-tracking branch 'upstream/master'
2017-08-24 15:19:48 -04:00
Bill Burke
7a57723c01
more token exchange
2017-08-24 15:19:38 -04:00
mposolda
fe5891fbdb
KEYCLOAK-5293 Add notBefore to user
2017-08-23 08:58:26 +02:00
Bill Burke
16954fc370
fix
2017-08-10 14:58:09 -04:00
Bill Burke
2fa55550f3
token exchange permissions
2017-08-09 10:04:14 -04:00
Bill Burke
6b991b850e
change role name
2017-07-28 16:20:23 -04:00
Bill Burke
db9b1bcb21
token exchange
2017-07-28 16:15:39 -04:00
Sebastien Blanc
500a21685f
KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters ( #4255 )
...
* add rewrite rule config property
* add subsystem support for redirect rewrite
* update deployment unit test
* add license headers
* Optimize rewrite method
2017-06-29 12:50:42 +02:00
Stian Thorgersen
c9bc321d2a
Merge pull request #4269 from stianst/dockerdockerdocker
...
KEYCLOAK-3592 Docker auth implementation
2017-06-29 07:23:47 +02:00
Josh Cain
89fcddd605
KEYCLOAK-3592 Docker auth implementation
2017-06-29 06:37:34 +02:00
Machiel Groeneveld
7849191ec7
Merge branch 'master' into master
2017-06-27 10:27:07 +02:00
Bill Burke
28b3ef9aa9
admin console work
2017-06-26 11:40:32 -04:00
Bill Burke
d08ddade2e
merge
2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc
removal
2017-06-21 17:42:57 -04:00
Pedro Igor
169280b6a1
[KEYCLOAK-3168] - Group-Based Access Control
2017-06-13 19:05:44 -03:00
Machiel Keizer-Groeneveld
80f8815b9a
KEYCLOAK-5026 Store credentials
...
Credentials are stored with user creation if they are present in the UserRepresentation.
2017-06-09 09:32:33 +02:00
Bill Burke
94528976d4
console work
2017-06-07 16:29:43 -04:00
Pedro Igor
d69d00082f
[KEYCLOAK-4932] - Improvements to policy enforcer and better spring boot support
2017-06-01 22:55:58 -03:00
Bill Burke
b9f7a43a72
group permissions
2017-06-01 20:16:35 -04:00
Pedro Igor
829bcf5eaf
Fix to evaluation tool
2017-05-23 17:50:06 -03:00
Stian Thorgersen
178fd08d9a
Merge pull request #4066 from johnament/KEYCLOAK-4765
...
KEYCLOAK-4765 - Add ability to disable Query Parameter parsing.
2017-05-23 13:24:08 +02:00
Bill Burke
ab763e7c5b
fixes after merge
2017-05-19 15:54:36 -04:00
Hynek Mlnarik
b8262a9f02
KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token
2017-05-11 22:16:26 +02:00
mposolda
168153c6e7
KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
b55b089355
KEYCLOAK-4627 Changes in TokenVerifier to include token in exceptions. Reset credentials uses checks to validate individual token aspects
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
19a41c8704
KEYCLOAK-4627 Refactor TokenVerifier to support more than just access token checks. Action tokens implementation with reset e-mail action converted to AT
2017-05-11 22:16:26 +02:00
Bill Burke
a8a8ea4bcd
Merge remote-tracking branch 'upstream/master'
2017-05-08 13:49:03 -04:00
Bill Burke
f760427c5c
fine grain tests
2017-05-08 13:48:51 -04:00
Stian Thorgersen
e0da7ed6b4
Merge pull request #4074 from sebastienblanc/allow_headers
...
Keycloak-3297 : adding cors-exposed-headers to conf
2017-05-05 12:54:47 +02:00
Bill Burke
c3b44e61d4
Merge remote-tracking branch 'upstream/master'
2017-05-01 14:51:07 -04:00
Eriksson Fabian
ca1152c3e5
KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
...
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Bill Burke
2276f99d54
Merge remote-tracking branch 'upstream/master'
2017-04-26 14:39:45 -04:00
Bill Burke
f67013bcb6
fix
2017-04-26 14:39:41 -04:00
Pedro Igor
fbcfcfa088
[KEYCLOAK-4755] - Client UI Tests
2017-04-26 12:11:53 -03:00
Pedro Igor
b3131bf679
[KEYCLOAK-3135] - Rules UI Tests
2017-04-25 16:52:14 -03:00
emilienbondu
46bc102799
adding cors-exposed-headers to conf
...
add missing field in the BaseAdapterConfig
cleaning for PR & adding unit test
Adding property to subsystem, removing formatting changes
2017-04-25 12:02:17 +02:00
Pedro Igor
49547ccfbc
[KEYCLOAK-3135] - Scope permission UI tests and reusable ui-select2 component
2017-04-24 23:12:46 -03:00
Pedro Igor
5972c94dc8
[KEYCLOAK-3135] - More UI tests
2017-04-24 16:50:23 -03:00
John Ament
cb7cef8858
KEYCLOAK-4765 - Add ability to disable Query Parameter parsing.
2017-04-24 14:42:03 -04:00
Pedro Igor
e0f753bcf5
[KEYCLOAK-3135] - More changes to Policy Management API
2017-04-24 07:34:08 -03:00
Pedro Igor
80a80512ea
[KEYCLOAK-4769] - Policy enforcer path matching tests
2017-04-20 13:21:01 -03:00
Stian Thorgersen
906739f8f3
Merge pull request #4034 from sebastienblanc/KEYCLOAK-3108
...
KEYCLOAK-3108: Make the credentials map case insensitive
2017-04-19 09:49:07 +02:00
Pedro Igor
8e877a7f6c
[KEYCLOAK-3135] - More tests
2017-04-12 14:34:27 -03:00
sebastienblanc
9a2d36aa9d
KEYCLOAK-3108: Make the credentials map case insensitive
2017-04-12 10:58:54 +02:00
Pedro Igor
eec712a259
[KEYCLOAK-3135] - Role and user policies apis
2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c
[KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests
2017-04-12 00:52:13 -03:00
Pedro Igor
d60dcb4c62
[KEYCLOAK-3135] - Some more tests and making policy type rest api more generic
2017-04-12 00:52:13 -03:00
Pedro Igor
8e64bc3e4d
Tests for new permission management rest api
2017-04-12 00:52:13 -03:00
Pedro Igor
55f747ecd0
[KEYCLOAK-3135] - Part 1: Permission Management API
2017-04-12 00:52:13 -03:00
Bill Burke
3ce0c57e17
Merge pull request #3831 from Hitachi/master
...
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Bill Burke
31074c3c8d
KEYCLOAK-4727 KEYCLOAK-4652
2017-04-06 10:44:33 -04:00
Takashi Norimatsu
ef3aef9381
Merge branch 'master' into master
2017-03-28 16:21:40 +09:00
Bill Burke
3bb29e033b
KEYCLOAK-4501, KEYCLOAK-4511, KEYCLOAK-4513
2017-03-03 09:48:52 -05:00
Takashi Norimatsu
fe5fe4c968
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
...
7636 - Client Side Implementation
2017-02-03 12:02:54 +09:00
Takashi Norimatsu
88bfa563df
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
...
7636 - Server Side Implementation
2017-02-03 10:38:54 +09:00
Stian Thorgersen
5fd3eb2990
KEYCLOAK-3729 Ability to run tests within Keycloak server
2017-01-27 12:14:19 +01:00
Stian Thorgersen
426e55664f
KEYCLOAK-4176
2017-01-10 08:02:49 +01:00
Stian Thorgersen
b6b3c04400
Merge pull request #3663 from sldab/autodetect-bearer-only
...
KEYCLOAK-2962 Autodetect bearer-only clients
2016-12-20 14:05:25 +01:00
Stian Thorgersen
f6323d94ec
Merge pull request #3676 from stianst/KEYCLOAK-4109
...
KEYCLOAK-4109 Ability to disable impersonation
2016-12-20 09:35:03 +01:00
Stian Thorgersen
eb7ad07e31
KEYCLOAK-4109 Ability to disable impersonation
2016-12-20 08:46:21 +01:00
Pedro Igor
0b3e867362
[KEYCLOAK-4034] - Minor changes to policy enforcer
2016-12-19 23:44:51 -02:00
Pedro Igor
40591cff25
Merge pull request #3662 from pedroigor/KEYCLOAK-4034
...
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Slawomir Dabek
b6d29ccd30
KEYCLOAK-2962 Autodetect bearrer-only clients
...
Suport more headers
2016-12-19 17:13:14 +01:00
Marek Posolda
c6363aa146
Merge pull request #3630 from sldab/duplicate-email-support
...
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 15:37:18 +01:00
Pedro Igor
c9c9f05e29
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 11:22:37 -02:00
Slawomir Dabek
93cec9b3ee
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 10:55:12 +01:00
Stian Thorgersen
f29bb7d501
KEYCLOAK-4092 key provider for HMAC signatures
2016-12-19 10:50:43 +01:00
mposolda
a38544796f
KEYCLOAK-3823 KEYCLOAK-3824 Added public-key-cache-ttl for OIDC adapters. Invalidate cache when notBefore sent
2016-12-01 12:25:07 +01:00
Bill Burke
1dacddb7e3
KEYCLOAK-3980
2016-11-28 12:20:40 -05:00
Pedro Igor
9b2ef96b22
[KEYCLOAK-3830] - Allow to configure enforcement-mode to a path definition
2016-11-17 20:50:28 -02:00
Bill Burke
cc0eb47814
merge
2016-11-14 15:09:41 -05:00
Bill Burke
c75dcb90c2
ldap port
2016-11-04 21:25:47 -04:00
Hynek Mlnarik
057cc37b60
KEYCLOAK-1881 Clone OIDC adapter HttpClient tools to SAML adapter
...
and
KEYCLOAK-1881 Extract httpclient configuration from AdapterConfig
2016-11-04 21:53:43 +01:00
Bill Burke
ccaac40863
Merge pull request #3437 from patriot1burke/master
...
disable credential type REST and admin ui
2016-10-28 11:33:16 -04:00
Bill Burke
91da6a47d7
disable cred types ui
2016-10-27 16:17:02 -04:00
sebastien blanc
621d234adc
renaming fields to align with json names
2016-10-27 16:16:30 +02:00
sebastien blanc
e8dd05619b
KEYCLOAK-3796 : add missing setters
2016-10-27 14:41:52 +02:00
Bill Burke
3129e392b0
storage link on user detail
2016-10-25 16:50:34 -04:00
mposolda
3779bfb6b4
KEYCLOAK-3666 client registration policies - polishing
2016-10-19 17:45:23 +02:00
Stian Thorgersen
4efe12cb93
KEYCLOAK-3745 Change attributes in user rep
2016-10-19 12:15:13 +02:00
Bill Burke
2199df71bf
Merge remote-tracking branch 'upstream/master'
2016-10-18 10:14:00 -04:00
Bill Burke
4182e4d92a
federated import/export
2016-10-18 10:13:51 -04:00
mposolda
00879b39b7
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue
2016-10-17 21:34:21 +02:00
Geir Ole Hiåsen Stevning
95f62c6aeb
KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent
2016-10-17 13:53:12 +02:00
mposolda
18e0c0277f
KEYCLOAK-3666 Dynamic client registration policies
2016-10-14 20:20:40 +02:00
Bill Burke
8c8a39c833
sync and import
2016-10-13 20:49:02 -04:00
Bill Burke
0938390654
sync and import
2016-10-13 20:38:49 -04:00
Stian Thorgersen
d2cae0f8c3
KEYCLOAK-905
...
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Bill Burke
d4c3fae546
merge conflicts
2016-09-30 19:19:12 -04:00
mposolda
f9a0abcfc4
KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url.
2016-09-30 21:28:23 +02:00
Bill Burke
8967ca4066
refactor mongo entities, optimize imports
2016-09-28 15:25:39 -04:00
Bruno Oliveira
98d2fe15e8
[KEYCLOAK-2438] - Add display name to social login buttons
...
[KEYCLOAK-3291] - Names of social identity providers are wrongly capitalized (eg GitHub vs Github)
2016-09-26 13:36:28 -03:00
Bill Burke
8e65356891
creds
2016-09-22 19:57:39 -04:00
Bill Burke
7209a95dce
credential refactoring
2016-09-22 08:34:45 -04:00
Stian Thorgersen
992268a8e6
KEYCLOAK-3579 Add ability to define profiles
2016-09-20 08:41:23 +02:00
Martin Hardselius
04d03452bd
KEYCLOAK-3422 support pairwise subject identifier in oidc
2016-09-13 09:18:45 +02:00
mposolda
bf6246f5c1
KEYCLOAK-905 Realm keys rotation support on adapters
2016-09-12 21:24:04 +02:00
Stian Thorgersen
f726caea9b
Merge pull request #3205 from stianst/KEYCLOAK-3342
...
KEYCLOAK-3342 Add Identity Provider authenticator
2016-09-08 08:40:32 +02:00
Stian Thorgersen
1f27fc9e4b
Merge pull request #3153 from cargosoft/KEYCLOAK-3327
...
KEYCLOAK-3327 Make realm attributes accessible via the RealmModel
2016-09-08 08:00:14 +02:00
Stian Thorgersen
7c292b1213
KEYCLOAK-3342 Add Identity Provider authenticator
2016-09-08 07:20:35 +02:00
mposolda
02f28a7e8e
KEYCLOAK-3416 Add support for signed Userinfo requests
2016-08-30 20:21:04 +02:00
Dimitri Teleguin
b109ce14b0
KEYCLOAK-3327 Make realm attributes accessible via the RealmModel
2016-08-18 23:28:32 +03:00
Pedro Igor
a8d2b810cf
[KEYCLOAK-3144] - Add authorization settings when exporting/importing a realm.
2016-08-15 10:35:28 -03:00
mposolda
2cba13db9c
KEYCLOAK-3424 Possibility to import JWK key through admin console
2016-08-12 15:51:14 +02:00
mposolda
3eb9134e02
KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint
2016-08-12 15:51:14 +02:00
mposolda
0520d465c1
KEYCLOAK-3414 Support for client registration from trusted hosts
2016-08-11 15:55:32 +02:00
mposolda
a8fb988e31
KEYCLOAK-3406 OIDC dynamic client registrations specs fixes
2016-08-11 15:54:51 +02:00
Bill Burke
ff703f935f
component export/import
2016-08-09 12:25:04 -04:00
mposolda
9be6777685
KEYCLOAK-2169 KEYCLOAK-3286 Support for at_hash and c_hash
2016-08-08 10:57:44 +02:00
Marek Posolda
65c49c39f4
Merge pull request #3114 from mposolda/master
...
KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected …
2016-08-05 16:45:56 +02:00
mposolda
e0a59baaf2
KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected unless using the code flow. Started responseType tests
2016-08-05 15:05:26 +02:00
Thomas Darimont
586f6eeece
KEYCLOAK-3142 - Capture ResourceType that triggers an AdminEvent
...
Introduced new ResourceType enum for AdminEvents which lists
the current supported ResourceTypes for which AdminEvents
can be fired.
Previously it was difficult for custom EventListeners to figure
out which ResourceType triggered an AdminEvent in order
to handle it appropriately, effectively forcing users to parse
the representation.
Having dedicated resource types as a marker on an AdminEvent helps
to ease custom EventListener code.
We now also allow filtering of admin events by ResourceType in the
admin-console.
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-04 11:30:02 +02:00
Bill Burke
09693eb108
component model
2016-08-02 05:48:57 +02:00
Pedro Igor
ae1a7542d8
[KEYCLOAK-3385] - Improvements to evaluation tool UI and result
2016-08-01 18:01:24 -03:00
Pedro Igor
3c8ed8e3d8
[KEYCLOAK-3372] - Code cleanup
2016-07-29 05:18:38 -03:00
Pedro Igor
7e1b97888a
[KEYCLOAK-3338] - Adding client roles to role policy and UX improvements
2016-07-27 15:15:14 -03:00
mposolda
9169bcd88d
KEYCLOAK-3354 request and request_uri not supported
2016-07-22 13:44:45 +02:00
mposolda
56e011dce4
KEYCLOAK-3318 Adapter support for prompt and max_age. Refactoring to not hardcode OIDC specifics to CookieAuthenticator
2016-07-21 18:19:53 +02:00
Pedro Igor
484d5d6e08
[KEYCLOAK-3313] - UI improvements and messages
2016-07-20 22:11:24 -03:00
mposolda
f4ddfe4a52
KEYCLOAK-3318 Support for prompt=login. More tests for prompt parameter
2016-07-20 21:27:38 +02:00
mposolda
dcc4ea3aea
KEYCLOAK-3237 Change OIDC adapters to use scope=openid as required per specs
2016-07-14 23:56:46 +02:00
mposolda
ee3ac3fdaf
KEYCLOAK-3223 Basic support for acr claim
2016-07-14 12:36:12 +02:00
Stian Thorgersen
4f1d83b9dc
Merge pull request #3030 from stianst/KEYCLOAK-2824-2
...
KEYCLOAK-2824 Password Policy SPI
2016-07-14 10:12:25 +02:00
Stian Thorgersen
ea44b5888b
KEYCLOAK-2824 Password Policy SPI
2016-07-14 07:20:30 +02:00
mposolda
abde62f369
KEYCLOAK-3220 redirect to client with error if possible
2016-07-13 20:57:43 +02:00
mposolda
3bfd999590
KEYCLOAK-3222 extend WellKnown to return supported types of client authentications. More tests
2016-07-08 15:39:13 +02:00
Pedro Igor
80a67149af
Merge pull request #3002 from pedroigor/KEYCLOAK-3249
...
[KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE
2016-07-08 09:16:51 -03:00
mposolda
c10a005997
KEYCLOAK-3290 UserInfoEndpoint error responses don't have correct statuses
2016-07-08 12:15:07 +02:00
mposolda
a7c9e71490
KEYCLOAK-3218 Support for max_age OIDC authRequest parameter and support for auth_time in IDToken
2016-07-07 17:04:32 +02:00
Pedro Igor
5ef65e837c
[KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE
2016-07-06 09:39:56 -03:00
Stian Thorgersen
7cfee80e58
KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header
2016-07-05 08:26:26 +02:00
Pedro Igor
01f3dddd91
Adding a column to list policies associated with a permission.
2016-06-30 10:26:05 -03:00
Pedro Igor
afa9471c7c
[KEYCLOAK-3128] - Admin Client Authorization Endpoints
2016-06-30 10:26:05 -03:00
Pedro Igor
f48288865b
[KEYCLOAK-3156] - Missing CORS when responding with denies
2016-06-22 14:39:07 -03:00
Pedro Igor
086c29112a
[KEYCLOAK-2753] - Fine-grained Authorization Services
2016-06-17 02:07:34 -03:00
Ben Loy
ec180db39f
KEYCLOAK-2028: Add preemptive access token refresh support
...
Add a new keycloak.json property and mechanism to automatically
refresh access tokens if they are going to expire in less than a configurable
amount of time.
2016-06-09 19:22:15 +02:00
Bill Burke
4c9a0b45d4
Merge pull request #2229 from thomasdarimont/issue/KEYCLOAK-2489-script-based-authenticator-definitions
...
KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
2016-06-05 11:12:05 -04:00
mposolda
f58936025f
KEYCLOAK-3003 Support for admin events in AuthenticationManagementResource
2016-05-25 23:17:24 +02:00
mposolda
bea2678e85
KEYCLOAK-2862 AuthenticationManagementResource tests
2016-05-06 20:19:58 +02:00
Stian Thorgersen
2355db57da
KEYCLOAK-2880 Permissions tests for admin endpoints
2016-05-04 08:25:05 +02:00
Thomas Darimont
c8d47926b8
KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
...
This is a POC for script based authenticator support.
Introduced a ScriptBasedAuthenticator that is bootstraped via a
ScriptBasedAuthenticatorFactory can be execute a configured script
against a provided execution context.
Added an alias property to the AuthFlowExecutionRepresentation in order
to be able to differentiate multiple instances of an Authenticator
within the same AuthFlow.
For convenience editing the AngularJS bindings for the ACE editor were
added for fancy script editing - this needs to be cut down a bit wrt to
themes and supported scripts - e.g. we probably don't expect users to write
authenticator scripts in Cobol...
Removed currently not needed ACE sytax highlighting and themes.
Scripting is now available to all keycloak components that have access to the KeycloakSession.
Introduced new Scripting SPI for configurable scripting providers.
2016-04-27 14:37:13 +02:00
mposolda
f6a718f10a
KEYCLOAK-2878 Testing of UserFederation admin REST endpoints
2016-04-21 23:11:14 +02:00
mposolda
afc8179cf8
KEYCLOAK-2846 export/import of clientTemplate scopes
2016-04-20 13:30:01 +02:00
Stian Thorgersen
01beff741d
KEYCLOAK-2766 Add missing id to AuthenticatorConfigRepresentation
2016-04-11 07:42:55 +02:00
Thomas Darimont
bccc5fa7b1
KEYCLOAK-2054 - Allow to configure proxy for auth-server requests in adapters.
...
Previously the adapter configuration did not support specifying a proxy
for auth-server requests issued via the Apache HTTP Client by Keycloak.
This made it very difficult to connect an Application with Keycloak
that was required to use a proxy.
Introduced new `proxy-url` attribute to the adapter configuration
which makes it possible to configure a proxy to be used for auth-server
requests. Proxy-Host, Proxy-Port and Proxy-Scheme are taken from the
configured proxy URL.
Note that proxies that require authentication are currently not supported.
2016-04-07 11:09:40 +02:00
mposolda
65dc7ddb44
KEYCLOAK-2623 Remove auth-server-url-for-backend-requests from adapters
2016-04-05 11:43:41 +02:00
Bill Burke
4ed1061487
KEYCLOAK-2738
2016-04-04 18:47:11 -04:00
mposolda
a4d9aaf916
KEYCLOAK-2613 Add version to RealmRepresentation in JSON exports
2016-04-01 16:04:58 +02:00
Bill Burke
020d090aee
Merge pull request #2430 from mstruk/assert-events
...
KEYCLOAK-2589 KEYCLOAK-2607 KEYCLOAK-2597 Port AssertEvents to integration-arquillian
2016-03-30 15:16:25 -04:00
Stan Silvert
0f52768064
KEYCLOAK-2619: Partial Import doesn't support groups
2016-03-28 14:26:34 -04:00
Marko Strukelj
95d222348d
KEYCLOAK-2589 Copy AssertEvents to Arquillian testsuite and modify to pull events from admin endpoints
2016-03-24 17:13:00 +01:00
Stian Thorgersen
56c3d53a24
Merge pull request #2324 from ssilvert/client-tests
...
KEYCLOAK-2535: ClientResource endpoint tests
2016-03-07 06:13:55 +01:00
Stian Thorgersen
57b6ddbace
KEYCLOAK-2592 Set secure on OAuth_Token_Request_State cookie
2016-03-04 14:22:48 +01:00
Stan Silvert
2c79456e72
KEYCLOAK-2535: ClientResource endpoint tests
2016-03-04 07:41:24 -05:00
Bill Burke
37584a24e0
unsecure url has principal
...
KEYCLOAK-2550
Typo in userguide
KEYCLOAK-1928 Kerberos working with IBM JDK
KEYCLOAK-1928 Remove sun.jdk.jgss module
KEYCLOAK-1928 Fix kerberos with adapter on JDK7
KPR-147 - Initial login scenarios around admin password - test
KEYCLOAK-2561 Fix issues with blank password
KEYCLOAK-2559 Missing add/remove button for 'Valid Redirect URIs' in a client settings form
Added simple test for JPA performance (with many users).
Fixed "re-import" operation logging.
Fixed for Timer.saveData()
Fixed for Timer.saveData()
ManyUsersTest: ArrayList --> LinkedList
Fix AbstractUserTest
Fix parentheses in login page object
Add tests for IDP initiated login
KEYCLOAK-1040
Allow import of realm keys (like we do for SAML)
KEYCLOAK-2556 Remove required for client create root url and saml endpoint
KEYCLOAK-2555 ForbiddenException when importing test realm or creating test user
KEYCLOAK-2553
Unexpected form behavior while creating a client
KEYCLOAK-2551
Broken navigation links while creating/editing a Client Mapper
2016-02-29 09:30:28 -05:00
Bill Burke
abddbfb3a4
clustered testing
2016-02-26 15:39:22 -05:00
Stian Thorgersen
3ca39801dc
KEYCLOAK-2511 Rename session-state in access token response to session_state
2016-02-25 10:14:12 +01:00
mposolda
0f21b6f6d9
KEYCLOAK-2479 Avoid ZIPException during bigger load
2016-02-18 19:28:20 +01:00
Marko Strukelj
dadb470609
KEYCLOAK-1967 Add support for authentication flows into admin-rest-client
2016-02-11 12:18:01 +01:00
Stan Silvert
e89f511465
KEYCLOAK-1976: Add support for events into admin-rest-client. Also,
...
arquillian tests for events.
2016-02-05 18:45:25 -05:00
Bill Burke
e26ac0983a
KEYCLOAK-2367
2016-02-04 16:50:02 -05:00
Stian Thorgersen
c7a8742a36
KEYCLOAK-1524
...
Source code headers
2016-02-03 11:20:22 +01:00
Stian Thorgersen
26897ea46d
KEYCLOAK-2299
...
createdDate of credential is not exported
2016-02-03 09:49:10 +01:00
Stian Thorgersen
54abfa4859
KEYCLOAK-2237
...
Offer the possibility to add own locale to login/registration dialogs
2016-01-26 10:16:05 +01:00
Bill Burke
fedf3d0e52
KEYCLOAK-2377
2016-01-22 17:00:51 -05:00
Stian Thorgersen
3dc090b893
KEYCLOAK-2185 Add support to disable realm and user cache, and added support to clear caches from admin console
2016-01-20 14:09:03 +01:00
Stian Thorgersen
435980d776
KEYCLOAK-1809
...
Upgrade jackson to version 2.x
2016-01-14 16:34:30 +01:00
mposolda
3336d4d7ac
KEYCLOAK-2290 bulk update of algorithm field during migration from 1.7
2016-01-12 18:04:50 +01:00
Pedro Igor
c9f9ee9799
[KEYCLOAK-2266] - OAuth2 Token Introspection.
2016-01-12 11:16:42 -02:00
Stian Thorgersen
f1602b3b8d
Merge pull request #1998 from ssilvert/partial-import
...
KEYCLOAK-1979: Partial import
2016-01-11 09:22:09 +01:00
Stan Silvert
fbff61bfba
For overwrite, do all deletes, then all adds.
...
Minor UI enhancements.
Fix 2 JPA bugs.
General cleanup.
Documentation.
2016-01-08 13:45:22 -05:00
Bill Burke
2892b093ab
Merge remote-tracking branch 'upstream/master'
2016-01-07 17:25:58 -05:00
Stian Thorgersen
8695e16971
KEYCLOAK-2269
...
add-user script adds identityFederationEnabled field to keycloak-add-user.json
2016-01-07 13:17:10 +01:00
Bill Burke
64de96d34b
installation provider
2016-01-06 16:49:58 -05:00
Stan Silvert
55e36acfc0
For overwrite, delete then create.
...
Do all prepares to check for errors, then call doImport on each type.
Combine Realm Role and Client Role processing (RolesPartialImport).
2016-01-05 15:33:45 -05:00
Stan Silvert
f6a02bd408
Clean commit for partial import with single page for all imports.
2016-01-05 15:33:42 -05:00
Bill Burke
3bacbdf6ff
set framework for template config
2016-01-04 17:13:15 -05:00
mposolda
1747e0981f
KEYCLOAK-2154 Added Group mapper for LDAP. LDAP mappers improvements and fixes
2015-12-22 08:54:09 +01:00
Stian Thorgersen
606e6fa479
KEYCLOAK-1934
...
Add display-name and display-name-html to realm
2015-12-21 12:15:13 +01:00
Bill Burke
5caf3e0a2d
Merge remote-tracking branch 'upstream/master'
2015-12-18 17:15:40 -05:00
Bill Burke
d939b6a431
template scope
2015-12-18 17:15:27 -05:00
mposolda
0d52e4e6c5
Added sync support to UserFederationMapper
2015-12-16 13:52:11 +01:00
Bill Burke
96e1813b34
client templates backend
2015-12-11 10:31:42 -05:00
mposolda
081db0d353
KEYCLOAK-2124 Post-Broker login flow support
2015-12-09 16:36:26 +01:00
Stian Thorgersen
34c3ffaae1
Ported AdminApiTest to use admin client
2015-12-03 08:24:23 +01:00
mposolda
ec327c99f4
KEYCLOAK-2152 KEYCLOAK-2061 Client switches changes. Support for response_types and grant_types in OIDC Client registration
2015-11-30 15:31:38 +01:00
mposolda
57b60797ce
KEYCLOAK-1129 Implicit flow: more work
2015-11-28 00:15:41 +01:00
mposolda
ef80b64d1c
KEYCLOAK-1129 Implicit flow and Hybrid flow support
2015-11-27 22:28:38 +01:00
mposolda
8d2e4c0316
KEYCLOAK-2061 Add switches to enable/disable grant types for clients
2015-11-27 22:28:38 +01:00
Stian Thorgersen
7200996ae0
Merge pull request #1886 from stianst/master
...
KEYCLOAK-2156
2015-11-27 12:32:07 +01:00
Stian Thorgersen
34cc750b13
KEYCLOAK-2156
...
Unrecognized field identityFederationEnabled importing old realm json
2015-11-27 12:31:00 +01:00
Stian Thorgersen
c83e3bd2d1
KEYCLOAK-2106 HTTP 500 for unparsable refresh tokens
2015-11-27 08:59:23 +01:00
Stian Thorgersen
cfc28b861b
KEYCLOAK-1758 add-user script
2015-11-24 21:54:58 +01:00
Stian Thorgersen
4f2b97de7f
KEYCLOAK-1937
...
OpenID Connect Dynamic Client Registration
KEYCLOAK-1938
Register clients from SAML Entity Descriptors
2015-11-24 15:39:36 +01:00
Bill Burke
98958a2bc4
default groups
2015-11-18 19:40:30 -05:00
Bill Burke
6989589e72
Merge remote-tracking branch 'upstream/master'
2015-11-18 15:24:45 -05:00
Bill Burke
41331111da
resolve conflicts
2015-11-18 09:39:19 -05:00
Bill Burke
bff334d365
group token/assertion and tests
2015-11-18 09:36:47 -05:00
Stian Thorgersen
764c20d748
KEYCLOAK-2085 Initial access tokens for client registration
2015-11-18 10:33:24 +01:00
Stian Thorgersen
bad0a95123
KEYCLOAK-1749 Client registration service
...
Changed endpoints of client registration to just clients
Started installation
Added adapter config retrival to client reg
2015-11-16 13:24:56 +01:00
Bill Burke
21119604c6
user group membership
2015-11-12 11:31:44 -05:00
Bill Burke
33ac048c8c
resolve conflicts
2015-11-11 18:06:39 -05:00
Bill Burke
e25157655b
group ui
2015-11-11 18:03:53 -05:00
mposolda
4ca442d1b2
KEYCLOAK-1750 Option updateProfileOnFirstLogin moved from IdentityProvider to IdpReviewProfile authenticator
2015-11-10 11:06:23 +01:00
mposolda
adbf2b22ad
KEYCLOAK-1750 Improve first time login with social. Added 'first broker login' flow
2015-11-09 10:34:55 +01:00
Bill Burke
d896800ec6
groups initial
2015-10-29 16:33:02 -04:00
mposolda
9cc5ca3ce4
KEYCLOAK-1972 docs and export/import fixes for offline tokens. DB fixes
2015-10-16 19:09:52 +02:00
mposolda
4587fd23b6
KEYCLOAK-1929 Change package names. Fix Fuse demo
2015-10-16 16:30:42 +02:00
Stian Thorgersen
a6556a49c2
Merge pull request #1738 from gerbermichi/locale
...
KEYCLOAK-1962 update realm overwrites supported locales with empty list
2015-10-16 10:21:20 +02:00
mposolda
802a39b1ce
KEYCLOAK-904 Offline session idle timeout + admin console
2015-10-15 22:30:17 +02:00
Stian Thorgersen
e582de2837
KEYCLOAK-1961
...
Same token can be used multiple times to obtain access token
2015-10-15 09:11:18 +02:00
Michael Gerber
f8effaee58
return null instead of an empty set.
2015-10-15 08:19:18 +02:00
Thomas Darimont
870702fd81
KEYCLOAK-1918 - Add description field to client definition.
...
Introduced description field with support for i18n for more descriptive client information.
Applications can use the description to display a "slightly" longer gist of
what the client / application is about, especially useful for tooltips.
The description is currently limited to 255 characters.
2015-10-15 07:33:38 +02:00
Stian Thorgersen
c85e0248dd
KEYCLOAK-1883
...
Improve setting of users locale
2015-10-13 19:47:10 +02:00
Stian Thorgersen
366a1629e5
KEYCLOAK-1749 Client registration service and client java api
2015-10-08 11:55:42 +02:00
mposolda
7816f053a6
KEYCLOAK-1856 KEYCLOAK-1860 Fix onoffswitchvalue directive
2015-10-02 11:09:54 +02:00
Bill Burke
75343986b0
keycloak-common
2015-10-01 14:27:51 -04:00
Stian Thorgersen
25a6fcc382
Set product name/version in keycloak-paren pom
2015-09-30 13:41:37 +02:00
mposolda
6fbb8ccf71
KEYCLOAK-904 Offline tokens - model changes, admin console, export/import, docs
2015-09-30 10:51:36 +02:00
mposolda
018866aa81
KEYCLOAK-904 Offline portal example added
2015-09-30 09:23:23 +02:00
Stian Thorgersen
55deedd3b8
KEYCLOAK-1868 Import clients through admin console
...
KEYCLOAK-1869 Add root url to clients that should be used to resolve relative urls
2015-09-29 12:16:05 +02:00
Stian Thorgersen
75c0d5089f
KEYCLOAK-1878
...
Add Base64 to Keycloak core
2015-09-25 07:02:25 +02:00
mposolda
046edbbd54
KEYCLOAK-904 Consents support. Added scopeParamRequired flag to RoleModel
2015-09-23 12:52:47 +02:00
mposolda
7ec3f86efb
KEYCLOAK-904 Offline tokens
2015-09-21 10:28:30 +02:00
Tomas Kyjovsky
ac91deac96
Removed occurences of serialVersionUID from all classes.
2015-09-17 17:27:39 +02:00
mposolda
86f0092622
KEYCLOAK-1821 KEYCLOAK-1825 Migration and export/import of clientAuthFlow + resetCredentialsFlow
2015-09-08 19:53:35 +02:00
Stian Thorgersen
f3675681c3
KEYCLOAK-1804
...
Replace -snapshot with startup time in resource urls
2015-09-04 16:55:32 +02:00
mposolda
bc189554aa
KEYCLOAK-1795 Add just one clientAuthenticatorType per client
2015-09-04 00:09:54 +02:00
mposolda
d8d6348f67
KEYCLOAK-1295 Adapter support. Fixes
2015-08-21 08:26:12 +02:00
Stian Thorgersen
5ca3a48094
KEYCLOAK-1723 Allow aud to be single field or array
2015-08-20 15:55:52 +02:00
mposolda
7028496601
KEYCLOAK-1295 pluggable client authentication. Support authenticate clients with signed JWT
2015-08-17 23:21:23 +02:00
Bill Burke
c0f3d851db
reset password refactor/flow
2015-08-16 12:23:15 -04:00
Bill Burke
33e402e7be
binding custom flows
2015-08-07 19:00:07 -04:00