Commit graph

190 commits

Author SHA1 Message Date
mhajas
429863e83b KEYCLOAK-9095 Fix NPE in AuthenticatedActionsHandler 2019-05-02 13:03:06 +02:00
Pedro Igor
c8970c95d5 [KEYCLOAK-10015] - CIP not properly resolving objects from JSON request body 2019-04-11 18:19:43 -03:00
mhajas
5b47df8979 KEYCLOAK-10013 Do not reject tokens with issuedAt == notBefore 2019-04-11 21:57:11 +02:00
Pedro Igor
ad9f59f9f7 [KEYCLOAK-9353] - Avoids initialization of the policy enforcer during deployment 2019-04-05 16:02:53 -03:00
Pedro Igor
20376c9111 [KEYCLOAK-9353] - Quarkus integration 2019-03-21 11:45:35 -03:00
Pedro Igor
75d9847672 [KEYCLOAK-9478] - Support multiple CIP providers in the policy enforcer configuration 2019-02-27 19:08:57 -03:00
sakanaou
007c364027 Store rewritten redirect URL in adapter-core 2019-02-27 15:39:32 -03:00
Pedro Igor
4d5dff1d64 [KEYCLOAK-9474] - Public endpoints are returning 403 with body when enforcement mode is disabled 2019-02-21 16:27:07 -03:00
Sebastian Laskawiec
ee41a0450f KEYCLOAK-8349 KEYCLOAK-8659 Use TLS for all tests in the suite 2019-02-08 08:57:48 -02:00
Boudewijn van Klingeren
5354e88f60 KEYCLOAK-8243 Change error logging to debug for normal flow outcomes 2018-12-13 08:39:54 +01:00
Hynek Mlnarik
27f145969f KEYCLOAK-7936 Prevent registration of the same node
The root cause is that NodesRegistrationManagement.tryRegister can be
called from multiple threads on the same node, so it can require
registration of the same node multiple times. Hence once it turns to
tasks that invoke sendRegistrationEvent (called sequentially), the same
check has been added to that method to prevent multiple invocations on
server side, or invocation upon undeployment/termination.
2018-12-05 12:34:17 +01:00
scranen
e6b9364c39 KEYCLOAK-4342 PR comments 2018-11-06 10:28:06 -02:00
scranen
0c6b20e862 [KEYCLOAK-4342] Make adapter state cookie path configurable 2018-11-06 10:28:06 -02:00
mposolda
c36b577566 KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken 2018-10-23 13:52:09 +02:00
Pedro Igor
6f8f8e6a28 [KEYCLOAK-8449] - Option to automatically map HTTP verbs to scopes when configuring the policy enforcer 2018-10-23 08:40:54 -03:00
mposolda
4483677cdd KEYCLOAK-8529 Fix most of adapter tests on EAP6 2018-10-12 12:01:33 +02:00
Pedro Igor
2da758ac86 [KEYCLOAK-6928] - Selecting first bearer if multiple values exists in authorization header 2018-10-01 09:36:10 -03:00
Pedro Igor
081e9883e6 [KEYCLOAK-7659] - k_version not supporting cors 2018-09-25 11:50:17 -03:00
Pedro Igor
df311b60b4 [KEYCLOAK-8168] - PEP is resolving claims twice under certain circumstances 2018-09-25 11:47:50 -03:00
mposolda
3777dc45d0 KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch 2018-09-21 11:17:05 +02:00
Pedro Igor
64f8fe4987 [KEYCLOAK-8070] - wrong expose headers when enable cors and policyenforcer 2018-09-17 17:02:15 -03:00
Pedro Igor
33efcc6b93 [KEYCLOAK-8142] - Fixing regression when setting path enforcement mode to disabled 2018-09-04 10:32:06 -03:00
Frank Schmager
dda365e002 initial exposing of BasicAuthRequestAuthenticator to make extensible 2018-08-22 16:39:55 +02:00
Pedro Igor
80e5227bcd [KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests 2018-08-07 10:53:40 -03:00
mhajas
a6e4f4f9aa KEYCLOAK-7922 Use Time.currentTimeMillis() instead of System.currentTimeMillis() in PathCache 2018-07-24 08:52:48 -03:00
mhajas
5aebc74f8c KEYCLOAK-7269 Setting more uris for Authorization Resource 2018-07-11 17:48:34 -03:00
Pedro Igor
dcadc61220 [KEYCLOAK-7670] - PEP not returning correct status code when authorization header is not set 2018-06-29 09:39:55 -03:00
Stefan Guilhen
d897159560 [KEYCLOAK-7598] - Set CIP config when defining paths in policy enforcer config (#5264) 2018-06-12 11:24:17 -03:00
Pedro Igor
db60abc604
[KEYCLOAK-7543] - Policy enforcer should not delegate decisions when using UMA (#5252) 2018-06-11 08:17:40 -03:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Pedro Igor
21d139c6c2
Merge pull request #5173 from pedroigor/KEYCLOAK-7148
[KEYCLOAK-7148] - Associate sub resources to a parent resource
2018-05-17 16:51:55 -03:00
pedroigor
7ebcc69cb9 [KEYCLOAK-7148] - Associate sub resources to a parent resource 2018-05-02 13:04:11 -03:00
pedroigor
035ebc881a [KEYCLOAK-4903] - Claim Information point Provider SPI and configuration 2018-04-25 10:16:41 -03:00
pedroigor
c3d297dd05 [KEYCLOAK-7162] - Expose WWW-Authenticate Header when using CORS 2018-04-23 08:46:54 +02:00
pedroigor
a939c45d58 [KEYCLOAK-7029] - Configuration of cache policies for cached resources/path 2018-04-03 16:44:27 -03:00
pedroigor
5c52da80c6 [KEYCLOAK-7028] - Propagating AuthorizationContext when enforcement-mode is disable for a path 2018-04-02 11:10:43 -03:00
pedroigor
4a425c2674 [KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config 2018-03-28 09:23:59 -03:00
pedroigor
e9e376419d [KEYCLOAK-4102] - Removing create-resources configuration option 2018-03-27 09:51:13 -03:00
pedroigor
668b67dcdb [KEYCLOAK-6623] - Policy enforcer gets confused with similar paths ending with wildcards 2018-03-09 16:38:57 -03:00
Pedro Igor
91bdc4bde2 [KEYCLOAK-3169] - UMA 2.0 (#4368)
* [KEYCLOAK-3169] - UMA 2.0 Support

* [KEYCLOAK-3169] - Changes to account service and more tests

* [KEYCLOAK-3169] - Code cleanup and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - More tests

* [KEYCLOAK-3169] - Changes to adapter configuration

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring

* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests

* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers

* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console

* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console

* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests

* [KEYCLOAK-3169] - Removing more UMA 1.0 related code

* [KEYCLOAK-3169] - Only submit requests if ticket exists

* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - 403 response in case ticket is not created

* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent

* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
Takashi Norimatsu
502627f590 KEYCLOAK-5811 Client Authentication by JWS Client Assertion in client secret 2018-01-26 10:59:40 +01:00
Hynek Mlnarik
626004e782 KEYCLOAK-6066 Be less strict when handling cookies 2017-12-19 21:39:41 +01:00
vramik
5a8ff72cb6 KEYCLOAK-4641 migrate remaining Adapter tests from old testsuite 2017-12-06 15:12:37 +01:00
stianst
5467d67c91 KEYCLOAK-5945 Strip default ports from urls 2017-12-04 19:56:01 +01:00
mposolda
ff6fcd30d9 KEYCLOAK-4478 OIDC auth response lacks session_state in some cases 2017-12-04 16:13:22 +01:00
Domenico Briganti
b72b01bb9d fix logger class 2017-11-30 10:52:26 +01:00
pedroigor
6587cfa084 [KEYCLOAK-3629] - Some Adapters do not work with SSL Redirect 2017-11-30 10:39:21 +01:00
pedroigor
792ffdf39b [KEYCLOAK-5925] - Trace-level should log tokens without their signatures 2017-11-28 09:54:57 -02:00
rmartinc
0b3ae30473 Parameter "ui_locales" not redirected to login page in java adapters 2017-11-23 11:18:29 +01:00
emilienbondu
8b8e694c60 Fix https://issues.jboss.org/browse/KEYCLOAK-5636 NPE 2017-11-09 19:32:27 +01:00
Xiaojian Liu
19eed51582 KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
9ff22f596d KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
e1af9f133f KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Pedro Igor
7dd7b6b984 [KEYCLOAK-5726] - Defaults to true in case no required scopes are defined 2017-10-24 10:39:55 -02:00
Pedro Igor
a6e1413d58 [KEYCLOAK-5726] - Support define enforcement mode for scopes on the adapter configuration 2017-10-24 10:39:54 -02:00
saurabhrai
6dd8592434 KEYCLOAK-5623: Updated to code to check the profile configuration to support Jboss Fuse adapter. Read from profile resource. 2017-10-23 14:17:18 +05:30
jtyrrell-se-jboss
9673ce5541 Update OAuthRequestAuthenticator.java (#4427)
Removed a check for a 400 error, I was seeing a 403 error, and it wasn't until I rewrote the code to be like what is in line 334 I did not see enough meaningful information to figure out I had a /etc/hosts issue, where I had it locally on my machine, but the remote tomcat instance needed it also.
2017-09-12 08:24:36 +02:00
sebastienblanc
aaac85e541 add new flag to determine if error response must be sent or not 2017-09-05 15:08:17 +02:00
Pedro Igor
b4530cfbe9 fixing policy enforcer /* 2017-08-23 13:30:24 -03:00
Marek Posolda
09ec642543 Merge pull request #4232 from wvdhaute/token-store
[KEYCLOAK-5067] Allow refreshable context to have an optional adapter token store
2017-07-03 20:55:26 +02:00
Sebastien Blanc
500a21685f KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters (#4255)
* add rewrite rule config property

* add subsystem support for redirect rewrite

* update deployment unit test

* add license headers

* Optimize rewrite method
2017-06-29 12:50:42 +02:00
Wim Vandenhaute
0e0140d88b Allow refreshable context to have an optional adapter token store 2017-06-15 15:24:07 +02:00
Alex Szczuczko
5d88c2b8be KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam. 2017-06-05 16:24:38 -06:00
Pedro Igor
d69d00082f [KEYCLOAK-4932] - Improvements to policy enforcer and better spring boot support 2017-06-01 22:55:58 -03:00
Stian Thorgersen
178fd08d9a Merge pull request #4066 from johnament/KEYCLOAK-4765
KEYCLOAK-4765 - Add ability to disable Query Parameter parsing.
2017-05-23 13:24:08 +02:00
Pedro Igor
b68494b3f0 [KEYCLOAK-4927] - Authz client incompatible with client definition 2017-05-18 09:57:12 -03:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
Stian Thorgersen
e0da7ed6b4 Merge pull request #4074 from sebastienblanc/allow_headers
Keycloak-3297 : adding cors-exposed-headers to conf
2017-05-05 12:54:47 +02:00
John Ament
1f98dc5527 KEYCLOAK-4765 - Simplified unit tests. 2017-04-25 20:38:07 -04:00
Pedro Igor
79c9078caa [KEYCLOAK-4792] - Client credentials provider support and making easier to obtain authz client 2017-04-25 14:51:45 -03:00
emilienbondu
46bc102799 adding cors-exposed-headers to conf
add missing field in the BaseAdapterConfig

cleaning for PR & adding unit test

Adding property to subsystem, removing formatting changes
2017-04-25 12:02:17 +02:00
John Ament
cb7cef8858 KEYCLOAK-4765 - Add ability to disable Query Parameter parsing. 2017-04-24 14:42:03 -04:00
Pedro Igor
70a3dd1e4a [KEYCLOAK-4769] - Better error message when resource has no or invalid uri 2017-04-20 13:21:01 -03:00
Pedro Igor
80a80512ea [KEYCLOAK-4769] - Policy enforcer path matching tests 2017-04-20 13:21:01 -03:00
Pedro Igor
2a1a19f290 [KEYCLOAK-4751] - Send default access denied page when requests don't match any path config 2017-04-12 18:25:13 -03:00
Takashi Norimatsu
ef3aef9381 Merge branch 'master' into master 2017-03-28 16:21:40 +09:00
Pedro Igor
258af94889 Delegating caching of resource instances to to path matcher 2017-03-17 09:35:19 -03:00
Pedro Igor
dabd7c0b27 [KEYCLOAK-4602] - Improving pattern matching algorithm 2017-03-17 09:34:52 -03:00
Pedro Igor
f6786e29c6 [KEYCLOAK-4602] - A runtime cache for path configurations 2017-03-17 09:34:16 -03:00
wildloop
80c9e23282 Update RequestAuthenticator.java 2017-03-15 09:14:48 +01:00
wildloop
366dee6575 Update RequestAuthenticator.java 2017-03-15 09:13:41 +01:00
wildloop
d723c608d6 Update RequestAuthenticator.java 2017-03-14 11:36:57 +01:00
wildloop
7904ce5a37 one-line debug log 2017-03-07 16:01:13 +01:00
Takashi Norimatsu
fe5fe4c968 KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
7636 - Client Side Implementation
2017-02-03 12:02:54 +09:00
Agile Developer
d60c3b7c0c missing import 2017-02-03 00:47:41 +01:00
Agile Developer
cde3e87ad9 verifySSL() - debug info
DEBUG report like this:

SSL Verification: 
		passed: true, request is secure: true, 
		SSL is required for: EXTERNAL, 
		SSL is required for remote addr 192.168.100.123: false
2017-02-02 21:18:14 +01:00
Pedro Igor
13e92cdb35 [KEYCLOAK-3261] - Properly handle apps deployed at the ROOT context 2017-01-23 21:27:43 -02:00
Slawomir Dabek
cc788cf44e KEYCLOAK-4222 Remove slash from state parameter 2017-01-19 20:11:18 +01:00
Stian Thorgersen
b6b3c04400 Merge pull request #3663 from sldab/autodetect-bearer-only
KEYCLOAK-2962 Autodetect bearer-only clients
2016-12-20 14:05:25 +01:00
Pedro Igor
18b94a2153 [KEYCLOAK-4034] - More logging. 2016-12-20 00:04:59 -02:00
Pedro Igor
0b3e867362 [KEYCLOAK-4034] - Minor changes to policy enforcer 2016-12-19 23:44:51 -02:00
Slawomir Dabek
b6d29ccd30 KEYCLOAK-2962 Autodetect bearrer-only clients
Suport more headers
2016-12-19 17:13:14 +01:00
mposolda
8c99a13387 Minor synchronize update 2016-12-12 13:09:19 +01:00
mhajas
081958e282 KEYCLOAK-4051 Use debug instead of debugf 2016-12-08 09:42:52 +01:00
Bill Burke
7271fdaaaa KEYCLOAK-3509 2016-12-06 18:52:37 -05:00
mposolda
74967737ee KEYCLOAK-3824 Ensure sending notBefore invalidates JWKPublicKeyLocator 2016-12-01 17:07:50 +01:00
mposolda
a38544796f KEYCLOAK-3823 KEYCLOAK-3824 Added public-key-cache-ttl for OIDC adapters. Invalidate cache when notBefore sent 2016-12-01 12:25:07 +01:00
Pedro Igor
9b2ef96b22 [KEYCLOAK-3830] - Allow to configure enforcement-mode to a path definition 2016-11-17 20:50:28 -02:00
Pedro Igor
44ee53b0d8 [KEYCLOAK-3830] - Only enforce permissions when there is a KeycloakSecurityContext. 2016-11-17 20:50:17 -02:00
Hynek Mlnarik
057cc37b60 KEYCLOAK-1881 Clone OIDC adapter HttpClient tools to SAML adapter
and
KEYCLOAK-1881 Extract httpclient configuration from AdapterConfig
2016-11-04 21:53:43 +01:00