Commit graph

80 commits

Author SHA1 Message Date
Bill Burke
ea3bba98aa saml frontchannel logout 2015-01-28 17:09:13 -05:00
pedroigor
edecda8599 [KEYCLOAK-986] - Escape characters when doing SAML POST Binding. 2015-01-23 12:09:44 -02:00
Stian Thorgersen
72b4790c4f Merge pull request #922 from pedroigor/KEYCLOAK-883
[KEYCLOAK-883] - More SAML configuration. Using SAML builders to create AuthnRequest.
2015-01-22 12:26:19 +01:00
pedroigor
d1f38a4236 [KEYCLOAK-987] - IdP should respect the protocol binding when processing AuthnRequest. 2015-01-21 23:53:56 -02:00
pedroigor
b9a7594113 [KEYCLOAK-883] - More SAML configuration. Using SAML builders to create AuthnRequest. 2015-01-21 23:40:20 -02:00
Bill Burke
a0ba6d2c16 saml redirect logout 1st step 2015-01-16 18:57:33 -05:00
Stian Thorgersen
959933a227 Version bump 2015-01-12 10:35:50 +01:00
Bill Burke
795b1d2893 saml persistent and transient id support 2015-01-07 19:23:33 -05:00
Bill Burke
6c04e26376 bump 2014-12-05 21:09:38 -05:00
Bill Burke
c0059a875b bump version 2014-12-05 19:03:13 -05:00
Bill Burke
5c6dd8e0c3 temp fix for contributor SAML PR 2014-11-11 22:09:38 -05:00
Eivind Mikkelsen
24a2773524 Add SAML NameID Formats and include certificate in signature
The NameID Format in the AuthnRequest NameIDPolicy is now respected,
and support has been added for the following NameID Formats:

  - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
  - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
  - urn:oasis:names:tc:SAML:2.0:nameid-format:transient

The persistent NameID format was previously used in all responses
and mapped to the principal's username. Now, unspecified is mapped
to the principal's username and used by default if no NameIDPolicy
is specified by the SP.

The persistent format requires generating a pseudo-random identifier
that must be generated by the IdP on first login and stored in the
user's profile. Persistent NameID Format is not yet implemented.

The certificate is now added to the signature to enable support for
integration with Service Providers where only the IdP's certificate
fingerprint is configured (e.g. Zendesk).
2014-11-12 01:24:51 +01:00
Stian Thorgersen
0f8c073354 Version bump 2014-11-04 09:01:06 +01:00
Stian Thorgersen
9b0d5acb50 KEYCLOAK-704 KEYCLOAK-768 Improvements to access code generation 2014-10-31 12:45:03 +01:00
Bill Burke
12e2a4698d idp descriptor 2014-10-28 12:49:31 -04:00
Bill Burke
e3609cc85b app importer 2014-10-28 11:54:58 -04:00
Bill Burke
ce76270ad8 saml key refactor 2014-10-24 10:58:32 -04:00
Bill Burke
f715a026ba force post binding switch 2014-10-22 14:32:46 -04:00
Bill Burke
f38c6d3412 config optiosn 2014-10-22 14:00:56 -04:00
Bill Burke
4d3299ae08 saml distro and examples 2014-10-21 21:39:10 -04:00
Bill Burke
668497df4d upload keys 2014-10-21 16:33:17 -04:00
Bill Burke
d3375962ad signature algorithm support 2014-10-21 10:35:39 -04:00
Bill Burke
e2de6edff8 saml unit tests 2014-10-20 16:31:00 -04:00
Bill Burke
c91ecc3033 saml redirect binding 2014-10-17 16:48:45 -04:00
Bill Burke
3e5afcde9e saml encryption 2014-10-16 11:44:51 -04:00
Bill Burke
4750b22b6d saml signatures 2014-10-16 09:14:04 -04:00
Stian Thorgersen
1021e8af5c KEYCLOAK-753 Add 'username:' prefix to remember me cookie to prevent issue with old cookie 2014-10-14 13:44:03 +02:00
Bill Burke
13a2108846 undertow slash redirect problem 2014-10-08 09:45:49 -04:00
Bill Burke
6d5ab0f66b saml backchannel logout 2014-10-07 18:06:02 -04:00
Bill Burke
e3a3933390 saml basic 2014-10-04 21:27:48 -04:00