todor
897965f604
KEYCLOAK-20343 Add message bundle to export/import
...
Closes #20343
2023-07-20 23:00:28 +02:00
Patrick Jennings
399a23bd56
Find an appropriate key based on the given KID and JWA ( #21160 )
...
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.
Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.
* Update js/apps/admin-ui/public/locales/en/clients.json
Co-authored-by: Marek Posolda <mposolda@gmail.com>
* Updating boolean variable name based on suggestions by Marek.
* Adding integration test specifically for the JWT parameters for regression #20847 .
---------
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-07-10 13:28:55 +02:00
mposolda
dc3b037e3a
Incorrect Signature algorithms presented by Client Authenticator
...
closes #15853
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-06-21 08:55:58 +02:00
Pedro Igor
17c3804402
Tests for user property mapper
...
Closes #20534
2023-05-29 14:21:03 +02:00
Yoshiyuki Tabata
bd37875a66
allow specifying format of "permission" parameter in the UMA grant token
...
endpoint (#15947 )
2023-05-29 08:56:39 -03:00
Pedro Igor
409e1c3581
Policy Enforcer built-in support for Elytron and Jakarta
...
Closes #19540
2023-04-05 17:03:15 +02:00
alwibrm
9f15cf432b
Respecting key use of EC keys in JWKS
2023-04-03 19:06:25 -03:00
Yoann GUION
ba66fe84fa
iterate any attribute in multi-valued RDN to find the correct one ( #14283 )
...
Closes #14280
2023-03-23 11:51:01 +01:00
Pedro Igor
a30b6842a6
Decouple the policy enforcer from adapters and provide a separate library
...
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version ( #17334 )
...
* Use a valid SemVer format for the SNAPSHOT version
* Update pom.xml
* Update pom.xml
---------
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
rmartinc
c9fdaf572b
jwks endpoint for X/Y coordinates in EC keypair can return less bytes than expected ( #14952 )
...
Closes #14933
2023-02-23 16:22:23 +01:00
laskasn
dc8b759c3d
Use encryption keys rather than sig for crypto in SAML
...
Closes #13606
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
2023-02-10 12:06:49 +01:00
mposolda
7f017f540e
BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication
...
Closes #16678
2023-01-30 08:40:46 +01:00
mposolda
3e9c729f9e
X.509 authentication fixes for FIPS
...
Closes #14967
2022-11-25 11:50:30 +01:00
stianst
1de9c201c6
Refactor Profile
...
Closes #15206
2022-11-07 07:28:11 -03:00
Marek Posolda
c0c0d3a6ba
Short passwords with PBKDF2 mode working ( #14437 )
...
* Short passwords with PBKDF2 mode working
Closes #14314
* Add config option to Pbkdf2 provider to control max padding
* Update according to PR review - more testing for padding and for non-fips mode
2022-11-06 14:49:50 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS ( #15114 )
...
Closes #14794
2022-11-03 09:32:45 +01:00
mposolda
55c514ad56
More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS
...
Closes #14964
2022-10-24 08:36:37 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron ( #14415 )
...
Closes #12702
2022-09-27 08:53:46 +02:00
mposolda
47340e9318
Initial GH actions unit tests for crypto modules
...
Closes #14241
2022-09-14 15:51:59 +02:00
Martin Bartoš
0fcf5d3936
Reuse of token in TOTP is possible
...
Fixes #13607
2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default ( #14293 )
...
Closes #14292
2022-09-09 13:47:51 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 ( #14179 )
...
Closes #14179
2022-09-07 10:09:30 +02:00
Marek Posolda
19daf2b375
Not possible to login in FIPS enabled RHEL 8.6. Support for parsing PEM private keys in BCFIPS module in both traditional and PKCS8 format ( #14008 )
...
Closes #13994
2022-08-30 22:33:12 +02:00
Lex Cao
6b1c64a1a9
Add rememberMe to a user session representation( #13408 ) ( #13765 )
...
Closes #13408
2022-08-23 15:28:52 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup ( #13406 )
...
Closes #13128
2022-07-29 18:03:56 +02:00
Marek Posolda
4e4fc16617
Skip adding xmlsec security provider. Adding KeycloakFipsSecurityProvider to workaround 'Security.getInstance("SHA1PRNG")' ( #12786 )
...
Closes #12425 #12853
2022-07-26 16:40:36 +02:00
David Anderson
ee0c67c0c8
Remove BC dependancy from keycloak-core ( #13235 )
...
Closes #12856
2022-07-23 12:07:16 +02:00
Stian Thorgersen
a251d785db
Remove text based login flows ( #13249 )
...
* Remove text based login flows
Closes #8752
* Add display param back in case it's used by some custom authenticators
2022-07-22 15:15:25 +02:00
Douglas Palmer
adeef6c2a0
Partial import feature does not import Identity Provider mappers in Keycloak #12861
2022-07-21 18:04:15 +02:00
Lex Cao
f0988a62b8
Use base64 url decoded for client secret when authenticating with Basic Auth ( #12486 )
...
Closes #11908
2022-07-16 09:38:41 +02:00
kz-masa
d26cff270f
Delete unnecessary import statements ( #12935 ) ( #12936 )
2022-07-12 19:37:15 -03:00
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration ( #12692 )
...
Closes #12625
2022-06-29 07:17:09 +02:00
Marek Posolda
3f5741e988
Possibility to switch between FIPS and non-FIPS during keycloak+quarkus seerver build ( #12513 )
...
* Possibility to switch between FIPS and non-FIPS during keycloak+quarkus server build
Closes #12522
2022-06-21 11:17:45 +02:00
Alexander Schwartz
850af55edc
Ensure that only JDK 8 APIs are used where JDK 8 is still required.
...
Closes #10842
2022-06-20 14:44:33 -03:00
vramik
df41f233d5
Introduce unique index for enums stored by storages
...
Closes #12277
2022-06-15 09:12:10 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration ( #12244 )
...
Closes #12243
2022-06-07 09:02:00 +02:00
rmartinc
5332a7d435
Issue #9194 : Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256
2022-06-06 12:07:09 +02:00
Stian Thorgersen
e3f3e65ac5
Remove JDK7 support for adapters ( #11607 )
...
Closes #11606
2022-04-27 08:33:23 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature ( #11117 )
...
Closes #9865
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-04-20 14:25:16 +02:00
Giacomo Altiero
3b7243cd47
Support for UserInfo response encrypted ( #10519 )
...
Close #10517
2022-04-12 14:01:14 +02:00
Marek Posolda
aacae9b9ac
Support for frontchannel_logout_session_required OIDC client parameter ( #11009 )
...
* Support for frontchannel_logout_session_required OIDC client parameter
Closes #10137
2022-03-31 14:25:24 +02:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint ( #10887 )
...
* OIDC RP-Initiated logout endpoint
Closes #10885
Co-Authored-By: Marek Posolda <mposolda@gmail.com>
* Review feedback
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
2022-03-30 11:55:26 +02:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT ( #10784 )
2022-03-22 09:22:48 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes ( #8730 )
...
Closes #9540
Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
2022-03-10 15:49:25 +01:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation ( #10603 )
...
Closes #10602
2022-03-09 00:05:14 +01:00
lars-christian stitz
74695c0242
Add @JsonProperty annotation to PathCacheConfig.lifespan.
...
Closes #9756 .
2022-02-25 16:37:22 -03:00
Marek Posolda
caf37b1f70
Support for acr_values_supported in OIDC well-known endpoint ( #10265 )
...
* Support for acr_values_supported in OIDC well-known endpoint
closes #10159
2022-02-18 11:33:31 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT ( #10165 )
2022-02-11 21:28:06 +01:00
Daniel Gozalo
3528e7ba54
[ fixes #9224 ] - Get consented scopes from AuthorizationContext
...
Always show the consent screen when a dynamic scope is requested and show the requested parameter
Improve the code that handles dynamic scopes consent and add some log traces
Add a test to check how we show dynamic scope in the consent screen and added missing template file change
Fix merge problem in comment and improve other comments
Fix the Dynamic Scope test by assigning it to the client as optional instead of default
Change how dynamic scopes are represented in the consent screen and adapt test
2022-02-02 09:10:20 +01:00