keycloak-scim

Author	SHA1	Message	Date
Hynek Mlnarik	df4f1e7129	KEYCLOAK-4167 Always use preset key for verification if key ID not set	2017-01-18 10:29:06 +01:00
Stian Thorgersen	5a0504b5d9	Merge pull request #3753 from hmlnarik/KEYCLOAK-4216-mod-auth-mellon-logout-failed-when-using-SSO KEYCLOAK-4216 Fix NPE and logout binding choice	2017-01-18 08:40:02 +01:00
Stian Thorgersen	e364680792	Merge pull request #3721 from hmlnarik/KEYCLOAK-3399-End-session-endpoint-returns-error-when-keycloak-session-is-expired KEYCLOAK-3399 Ignore user session expiration on OIDC logout	2017-01-18 08:38:53 +01:00
mposolda	843b4b470b	KEYCLOAK-2333 LDAP/MSAD password policies are not used when user changes password	2017-01-17 21:06:09 +01:00
Bill Burke	dcf6da2a51	KEYCLOAK-4077	2017-01-17 09:20:44 -05:00
Slawomir Dabek	9bb65ba9b7	KEYCLOAK-4224 Allow hiding identity providers on login page	2017-01-17 14:32:59 +01:00
Stian Thorgersen	1913f801b9	Merge pull request #3739 from hmlnarik/KEYCLOAK-2847-Unexpected-error-when-trying-to-update-clientTemplate-to-already-existing-name KEYCLOAK-2847 Fix for client template duplicate name	2017-01-16 09:45:39 +01:00
Stian Thorgersen	5842f7c837	Merge pull request #3751 from stianst/KEYCLOAK-4192 KEYCLOAK-4192 Added missing produces annotations for update methods	2017-01-16 09:41:29 +01:00
Stian Thorgersen	178625d3f2	Merge pull request #3745 from velias/master KEYCLOAK-4202 - Attribute importer of Social Identity providers doesn't handle JSON 'null' values correctly	2017-01-16 08:22:04 +01:00
Marko Strukelj	d68f6bbc42	KEYCLOAK-4150 Unresolved variable ${cliane_security-admin-console} in admin web client	2017-01-13 17:48:21 +01:00
Bill Burke	ffb688b393	Merge remote-tracking branch 'upstream/master'	2017-01-13 11:45:55 -05:00
Bill Burke	6aee6b0c46	KEYCLOAK-4220	2017-01-13 11:45:48 -05:00
Hynek Mlnarik	02eda8943c	KEYCLOAK-4216 Fix NPE and logout binding choice	2017-01-13 14:30:32 +01:00
mposolda	9ad14d991c	KEYCLOAK-4140 Migration of old offline tokens	2017-01-13 11:35:19 +01:00
Stian Thorgersen	ac9268bd48	KEYCLOAK-4192 Added missing produces annotations for update methods	2017-01-13 09:56:20 +01:00
Hynek Mlnarik	0b58bebc90	KEYCLOAK-2847 Fix for client template duplicate name	2017-01-13 09:32:28 +01:00
mposolda	93157e49d5	KEYCLOAK-4201 Offline tokens become useless when accessing admin REST API	2017-01-13 09:06:53 +01:00
Vlastimil Elias	f13deab812	KEYCLOAK-4202 - Attribute importer of Social Identity providers doesn't handle JSON 'null' values correctly	2017-01-12 14:14:09 +01:00
Hynek Mlnarik	e11957ecf3	KEYCLOAK-4167 Make OIDC identity provider key ID configurable	2017-01-11 18:24:22 +01:00
Guus der Kinderen	45f5fa6a74	API documentation: Introduce and group by tags. This commit introduces grouping of the documented REST resources. The grouping is based on a free-form name of a resource (a 'tag' in Swagger terminology), which is introduced by adding a @resource javadoc tag to every Resource class.	2017-01-10 17:08:27 +01:00
Marek Posolda	227900f288	Merge pull request #3731 from mposolda/master KEYCLOAK-4175 Provide a way to set the connect and read timeout for l…	2017-01-10 09:49:18 +01:00
Stian Thorgersen	7eeebff874	Merge pull request #3720 from hmlnarik/KEYCLOAK-4091-Possible-NullPointerExceptions-with-disabled-cache KEYCLOAK-4091 Prevent NPE with disabled cache	2017-01-10 06:23:10 +01:00
Bill Burke	452611242c	Merge remote-tracking branch 'upstream/master'	2017-01-09 17:14:34 -05:00
Bill Burke	d075172fd2	KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118	2017-01-09 17:14:20 -05:00
mposolda	c32620b718	KEYCLOAK-4175 Provide a way to set the connect and read timeout for ldap connections	2017-01-09 21:35:58 +01:00
Pedro Igor	0b5b27ea3a	[KEYCLOAK-4166] - Export/Import clients functionality not working as expected	2017-01-06 16:07:10 -02:00
Hynek Mlnarik	9fb3201c8b	KEYCLOAK-3399 Ignore user session expiration on OIDC logout	2017-01-06 15:15:46 +01:00
Hynek Mlnarik	377fbced4a	KEYCLOAK-4091 Prevent NPE with disabled cache	2017-01-06 10:00:11 +01:00
Bill Burke	f9eeecf836	test KEYCLOAK-4013	2017-01-05 11:27:17 -05:00
Pedro Igor	4044b39ab7	[KEYCLOAK-3517] - Filtering SAML ECP flow	2017-01-04 11:17:39 -02:00
Stian Thorgersen	f2ee9df600	KEYCLOAK-4116 Trim username on recover password page	2017-01-03 11:50:08 +01:00
Stian Thorgersen	45411b1199	KEYCLOAK-4090	2017-01-03 07:53:08 +01:00
Stian Thorgersen	902332c5ae	Merge pull request #3696 from stianst/KEYCLOAK-4038 KEYCLOAK-4038 Get bind credential from component if stored	2017-01-02 15:44:59 +01:00
Stian Thorgersen	08d7211a93	KEYCLOAK-4038 Get bind credential from component if stored	2017-01-02 14:40:12 +01:00
Stian Thorgersen	d6e620a266	Merge pull request #3689 from stianst/KEYCLOAK-4133 KEYCLOAK-4133	2017-01-02 08:51:37 +01:00
Pedro Igor	31ed69a970	[KEYCLOAK-4136] - Missing update on resource_set endpoint	2016-12-29 11:59:42 -02:00
Stian Thorgersen	40b5731198	KEYCLOAK-4133 Login status iframe endpoint doesn't set encoding	2016-12-22 08:20:55 +01:00
Stian Thorgersen	04179c5681	Merge branch 'KEYCLOAK-4004' of https://github.com/l-robinson/keycloak into l-robinson-KEYCLOAK-4004	2016-12-22 06:13:41 +01:00
Stian Thorgersen	d365d9d784	Merge pull request #3649 from sldab/bearer-client-credentials KEYCLOAK-4086 Client credentials missing in bearer-only JSON config	2016-12-20 12:32:03 +01:00
Stian Thorgersen	f6323d94ec	Merge pull request #3676 from stianst/KEYCLOAK-4109 KEYCLOAK-4109 Ability to disable impersonation	2016-12-20 09:35:03 +01:00
Stian Thorgersen	eb7ad07e31	KEYCLOAK-4109 Ability to disable impersonation	2016-12-20 08:46:21 +01:00
Pedro Igor	0b3e867362	[KEYCLOAK-4034] - Minor changes to policy enforcer	2016-12-19 23:44:51 -02:00
Pedro Igor	c9c8acd029	[KEYCLOAK-4034] - Invalidating policy cache when creating resources and scopes	2016-12-19 20:28:49 -02:00
Pedro Igor	40591cff25	Merge pull request #3662 from pedroigor/KEYCLOAK-4034 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup	2016-12-19 16:49:10 -02:00
Pedro Igor	5cf5168770	[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup	2016-12-19 16:48:16 -02:00
Slawomir Dabek	16fb1e2078	KEYCLOAK-4086 Client credentials missing in bearer-only Keycloak OIDC JSON	2016-12-19 16:55:19 +01:00
mposolda	ac00f7fee2	KEYCLOAK-4087 LDAP group mapping should be possible via uidNumber in memberUid mode	2016-12-19 16:27:57 +01:00
Marek Posolda	c6363aa146	Merge pull request #3630 from sldab/duplicate-email-support KEYCLOAK-4059 Support for duplicate emails	2016-12-19 15:37:18 +01:00
Pedro Igor	c9c9f05e29	[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup	2016-12-19 11:22:37 -02:00
Stian Thorgersen	3bd3d0285d	Merge branch 'duplicate-groups' of https://github.com/ssilvert/keycloak into ssilvert-duplicate-groups	2016-12-19 13:07:39 +01:00
Stian Thorgersen	b8adfcad87	Merge pull request #3658 from hmlnarik/KEYCLOAK-4095--Not-Recently-Used-Password-Policy-with-value-set-to-1-doesn-t-work KEYCLOAK-4095 Fix for expiring passwords	2016-12-19 12:15:26 +01:00
Slawomir Dabek	93cec9b3ee	KEYCLOAK-4059 Support for duplicate emails	2016-12-19 10:55:12 +01:00
Stian Thorgersen	f29bb7d501	KEYCLOAK-4092 key provider for HMAC signatures	2016-12-19 10:50:43 +01:00
Hynek Mlnarik	787a3f8fcc	KEYCLOAK-4095 Fix for expiring passwords	2016-12-16 14:45:05 +01:00
Bill Burke	a4cbf130b4	Merge pull request #3592 from sldab/default-hooks KEYCLOAK-4074 Decoupling of default provider implementations	2016-12-16 08:42:55 -05:00
Hynek Mlnarik	5453bec1bf	KEYCLOAK-4079, KEYCLOAK-4080 Fix for single-valued claims	2016-12-16 10:00:36 +01:00
Stian Thorgersen	9be9d3f580	Merge pull request #3651 from stianst/KEYCLOAK-4081 KEYCLOAK-4081	2016-12-15 15:53:39 +01:00
Bill Burke	3c2a12d019	Merge pull request #3648 from patriot1burke/master KEYCLOAK-3451	2016-12-14 15:46:24 -05:00
Bill Burke	56f9aa41d0	KEYCLOAK-3451	2016-12-14 15:04:53 -05:00
Stian Thorgersen	394676222f	Merge pull request #3616 from sldab/fix-cors KEYCLOAK-4047 WebOrigins not expanded in CORS handling of token endpoints	2016-12-14 15:13:49 +01:00
Stian Thorgersen	e316037910	KEYCLOAK-4081	2016-12-14 11:22:10 +01:00
Stian Thorgersen	97a08a1d99	Merge pull request #3644 from stianst/KEYCLOAK-4071 KEYCLOAK-4071	2016-12-14 09:55:55 +01:00
Stian Thorgersen	480d4e6f4f	KEYCLOAK-4071	2016-12-14 07:01:54 +01:00
mposolda	40216b5e7d	KEYCLOAK-3921 LDAP binary attributes	2016-12-13 18:31:26 +01:00
Slawomir Dabek	7ad028fcb1	KEYCLOAK-4074 Added hooks to default implementations of direct grant authenticators and email sender.	2016-12-13 15:32:39 +01:00
Bill Burke	62029e8a33	KEYCLOAK-3506	2016-12-10 11:59:29 -05:00
Bill Burke	10fc7302eb	Merge pull request #3632 from hmlnarik/KEYCLOAK-4057-MS-AD-FS-does-not-recognize-certificate-for-POST-signed-AuthnRequest-for-brokering KEYCLOAK-4057 Do not include KeyName for brokered IdPs	2016-12-09 09:09:13 -05:00
Hynek Mlnarik	24a36e6848	KEYCLOAK-4057 Do not include KeyName for brokered IdPs Active Directory Federation Services require that the subject name matches KeyName element when present. While KeyName is beneficial for Keycloak adapters, it breaks functionality for AD FS as the name included there is a key ID, not certificate subject expected by AD FS. This patch contains functionality that excludes KeyName from SAML messages to identity providers. This behaviour should be made configurable per client/identity provider and is prepared to do so, however actual GUI changes are left for a separate patch.	2016-12-09 14:33:40 +01:00
Bill Burke	1f0600044a	KEYCLOAK-3967	2016-12-08 19:29:02 -05:00
Bill Burke	d3e3990d77	Merge pull request #3629 from patriot1burke/master KEYCLOAK-2806	2016-12-08 17:36:28 -05:00
Bill Burke	4a80f1e913	Merge remote-tracking branch 'upstream/master'	2016-12-08 17:05:46 -05:00
Bill Burke	0550bdb467	KEYCLOAK-3214	2016-12-08 16:47:17 -05:00
Bill Burke	5f07fa8057	KEYCLOAK-2806	2016-12-08 16:28:22 -05:00
mposolda	e7f6c780e2	KEYCLOAK-4058 Improve LDAPStorageMapper and remove LDAPStorageMapperBridge	2016-12-08 18:35:56 +01:00
Bill Burke	75e2b404c8	Merge pull request #3618 from abstractj/KEYCLOAK-3685 [KEYCLOAK-3685]: Username not updated when "Email as username" is enabled	2016-12-06 22:06:55 -05:00
Bill Burke	7271fdaaaa	KEYCLOAK-3509	2016-12-06 18:52:37 -05:00
Bill Burke	68c8bfa0e1	KEYCLOAK-2705	2016-12-06 17:32:41 -05:00
Bruno Oliveira	ddb201db6c	[KEYCLOAK-3685]: Username not updated when "Email as username" is enabled	2016-12-06 19:46:31 -02:00
Slawomir Dabek	4069be3ff6	KEYCLOAK-4047 Expand + to valid WebOrigins in Cors class	2016-12-06 20:22:35 +01:00
Bill Burke	77d17de14d	Merge pull request #3611 from patriot1burke/master KEYCLOAK-3620	2016-12-06 08:18:36 -05:00
Bill Burke	bab08bf8f0	Merge remote-tracking branch 'upstream/master'	2016-12-06 08:18:05 -05:00
Bill Burke	6587cd2478	KEYCLOAK-3620	2016-12-05 17:51:06 -05:00
Bill Burke	693d6c0e5d	Merge pull request #3608 from hmlnarik/KEYCLOAK-4035 KEYCLOAK-4035 Composite roles need to be expanded in SAML attribute mapper	2016-12-05 14:44:21 -05:00
Bill Burke	952c1decf0	Merge pull request #3607 from patriot1burke/master KEYCLOAK-4033	2016-12-05 14:44:07 -05:00
Bill Burke	f03d79c7d3	Merge pull request #3603 from thomasdarimont/issue/KEYCLOAK-3969-Allow-authentication-via-ScriptAuthenticator-without-user KEYCLOAK-3969 Allow use of ScriptAuthenticator without user	2016-12-05 10:19:02 -05:00
Hynek Mlnarik	3c4114091f	KEYCLOAK-4035 Composite roles need to be expanded in SAML attribute mapper	2016-12-05 16:16:08 +01:00
Bill Burke	d354aa1f62	KEYCLOAK-4033	2016-12-05 10:15:55 -05:00
Hynek Mlnarik	197f51e50f	KEYCLOAK-3950 Fix NPE on request for NameIDPolicy without format ... and two more one-line issues	2016-12-05 07:24:38 +01:00
l-robinson	1c66ce7dd7	Additional test case added to check the text in the 'Back to application' link	2016-12-05 12:13:30 +10:30
Thomas Darimont	8610a02d72	KEYCLOAK-3969 Allow use of ScriptAuthenticator without user Previously ScriptAuthenticator required a user to be authenticated before it could be used as an additional authentication step which limited the scenarios the authenticator could be used. We now allow ScriptAuthenticators to be used without requiring an user to be authenticated before. Adapted the authenticator-template.js with a null safe username check. Note that existing custom ScriptAuthenticators might need some additional null checks since the user can now be undefined.	2016-12-04 23:15:53 +01:00
Bill Burke	0ab352706b	Merge pull request #3554 from hassaneinaltememyictu/2.3.0-ictu-change-role-attributeToRoleMapper grant the new role from the saml token if it exist	2016-12-03 13:43:40 -05:00
Bill Burke	88d08c4f38	component query and remove provider alis fix	2016-12-03 11:34:48 -05:00
Bill Burke	8fd7091068	KEYCLOAK-3986	2016-12-03 09:33:52 -05:00
Bill Burke	ce50b0ed29	Merge remote-tracking branch 'upstream/master'	2016-12-02 19:26:34 -05:00
Bill Burke	e88af874ca	finish	2016-12-02 19:25:17 -05:00
mposolda	17d8394ab6	KEYCLOAK-3340 Service Account user not renamed when renaming client-id	2016-12-02 18:13:29 +01:00
mposolda	cccb532a21	KEYCLOAK-3701 NullPointerException when trying to get access token from offline token	2016-12-02 16:35:21 +01:00
Stian Thorgersen	8842d88058	Merge pull request #3562 from ssilvert/overwrite-client-role-fails KEYCLOAK-3042: NPE when trying to overwrite client role	2016-12-02 14:06:27 +01:00
Stian Thorgersen	209f8155d1	KEYCLOAK-3835 Remove redirect on flow and return not modified if page is refreshed	2016-12-02 06:29:59 +01:00
Manuel Palacio	bfec073457	KEYCLOAK-3648	2016-12-01 19:34:33 +01:00
l-robinson	c72ceadfce	KEYCLOAK-4004 Pass the client name in the ReferrerBean instead of the referrer parameter	2016-12-01 17:17:57 +10:30
Stian Thorgersen	433f373f60	KEYCLOAK-3889 Add produces to server info endpoint	2016-11-30 15:46:01 +01:00
mposolda	d0a96d463d	KEYCLOAK-3831 Improve AddressMapper configurability. Support for 'formatted' subclaim	2016-11-30 13:04:45 +01:00
Bill Burke	9e50a45b4c	UserBulkUpdateProvider interface	2016-11-29 18:43:22 -05:00
Stan Silvert	83063a5740	KEYCLOAK-3042: NPE when trying to overwrite client role	2016-11-29 15:43:48 -05:00
Bill Burke	7efa3a3ddf	Merge remote-tracking branch 'upstream/master'	2016-11-29 11:34:04 -05:00
Marek Posolda	80c4b2aa31	Merge pull request #3556 from mposolda/master KEYCLOAK-3822 Changing signature validation settings of an external I…	2016-11-28 22:37:44 +01:00
Bill Burke	63458a7de7	Merge pull request #3559 from patriot1burke/master KEYCLOAK-3980	2016-11-28 13:36:52 -05:00
Bill Burke	f6a080729a	javadoc	2016-11-28 12:25:54 -05:00
Bill Burke	1dacddb7e3	KEYCLOAK-3980	2016-11-28 12:20:40 -05:00
mposolda	69ce1e05f0	KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected	2016-11-28 15:27:25 +01:00
Hynek Mlnarik	65b269cd54	KEYCLOAK-3731 Provide functionality for IdP-initiated SSO for broker A SAML brokered IdP can send unsolicited login response to the broker. This commit adds a new GET/POST endpoint under [broker SAML endpoint]/clients/{client_id}. Broken will respond to submission to this new endpoint by looking up a SAML client with URL name equal to client_id, and if found, it performs IdP-initiated SSO to that client.	2016-11-28 13:54:04 +01:00
mposolda	7c6032cc84	KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite	2016-11-25 17:45:37 +01:00
Bill Burke	ccbd8e8c70	remove User Fed SPI	2016-11-23 16:06:44 -05:00
Bill Burke	d5925b8ccf	remove realm UserFed SPI methods	2016-11-23 08:31:20 -05:00
mposolda	d8c8afe070	KEYCLOAK-3943 Admin console issues when updating LDAP Storage provider	2016-11-21 14:22:45 +01:00
mposolda	da52a5c9cf	KEYCLOAK-3930 KEYCLOAK-3931 LDAP and Mongo fixes	2016-11-18 20:02:02 +01:00
Stian Thorgersen	7043ecc21b	KEYCLOAK-3881 Fix login status iframe with * origin	2016-11-18 12:50:52 +01:00
Marek Posolda	3e71aeddf3	Merge pull request #3479 from hmlnarik/KEYCLOAK-3469-UserRealmRoleMapper KEYCLOAK-3469 Make role mappers account for user groups	2016-11-18 09:21:56 +01:00
Marek Posolda	b434c2b9cf	Merge pull request #3510 from ssilvert/delete-subflows KEYCLOAK-3681: Delete top flow doesn't remove all subflows	2016-11-18 08:50:13 +01:00
mposolda	a27be0cee7	KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches.	2016-11-16 22:29:23 +01:00
Stan Silvert	55556fc63c	KEYCLOAK-3681: Delete top flow doesn't remove all subflows	2016-11-16 12:43:11 -05:00
Stian Thorgersen	26b1541f4a	Merge pull request #3476 from abstractj/KEYCLOAK-3875 [KEYCLOAK-3875] - Conditional OTP Forms not working as expected	2016-11-16 12:44:50 +01:00
Stian Thorgersen	1c3a475d1e	Merge pull request #3485 from hmlnarik/KEYCLOAK-3071 KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import	2016-11-16 12:38:45 +01:00
Bill Burke	cc0eb47814	merge	2016-11-14 15:09:41 -05:00
Bill Burke	c280634bfa	fix tests	2016-11-14 15:06:17 -05:00
Hynek Mlnarik	750e942267	KEYCLOAK-3469 Make role mappers account for user groups	2016-11-14 11:38:00 +01:00
Bruno Oliveira	39f40bc005	[KEYCLOAK-3875] - Conditional OTP Forms not working as expected	2016-11-11 15:16:08 -02:00
Stian Thorgersen	a86b5988b5	Merge pull request #3484 from hmlnarik/KEYCLOAK-3658 KEYCLOAK-3658 Fixed typo in condition	2016-11-11 09:41:48 +01:00
Stian Thorgersen	088f0ea630	Merge pull request #3490 from stianst/KEYCLOAK-3086 [KEYCLOAK-3086] - NPE when accessing Account with invalid clientId s…	2016-11-11 09:35:45 +01:00
Bruno Oliveira	675faee593	[KEYCLOAK-3086] - NPE when accessing Account with invalid clientId set as ?referrer, and additional referrer_uri set	2016-11-10 13:49:40 +01:00
Stian Thorgersen	7e33f4a7d1	KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private	2016-11-10 13:28:42 +01:00
Bill Burke	94076a3b24	admin console ui	2016-11-09 17:34:07 -05:00
Hynek Mlnarik	8816b55843	KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import	2016-11-09 14:13:53 +01:00
Hynek Mlnarik	9c724b616d	KEYCLOAK-3658 Fixed typo in condition	2016-11-09 11:27:33 +01:00
Vlasta Ramik	6f1b8e1fee	remove KEYCLOAK_REMEMBERME when user logs in without rememberme checked + tests	2016-11-09 10:33:46 +01:00
Bill Burke	4880c0443c	ldap port admin console	2016-11-08 12:30:20 -05:00
Stian Thorgersen	292777259e	Merge pull request #3472 from hmlnarik/KEYCLOAK-1881-saml-key-rotation Keycloak 1881 - SAML key/cert rotation for IdP	2016-11-08 07:56:25 +01:00
Stian Thorgersen	db4f3561a5	Merge pull request #3454 from ssilvert/keystore-error-messages KEYCLOAK-3817: More detailed errors when loading keys from JKS	2016-11-08 07:33:43 +01:00
Bill Burke	5a86623c88	merge	2016-11-06 08:52:10 -05:00
Bill Burke	14dc0ff92f	Merge remote-tracking branch 'upstream/master'	2016-11-05 20:05:01 -04:00
Bill Burke	4302b440ee	ldap port	2016-11-05 20:04:53 -04:00
Bill Burke	c75dcb90c2	ldap port	2016-11-04 21:25:47 -04:00
Hynek Mlnarik	8ae1b1740d	KEYCLOAK-1881 Client installers	2016-11-04 21:53:43 +01:00
Hynek Mlnarik	4f9e35c0a1	KEYCLOAK-1881 Support for multiple certificates in broker (hardcoded at the moment)	2016-11-04 21:53:43 +01:00
Hynek Mlnarik	67bb9aef3d	KEYCLOAK-1881 Add switch to enable/disable generation of <Extensions> Some SP clients might be confused by using a standard SAML protocol tag <Extensions> which is used for signed REDIRECT binding messages to specify signing key ID. To enable the interoperability, generation of the tag is disabled by default and can be enabled for individual clients.	2016-11-04 21:53:43 +01:00
Hynek Mlnarik	1ae268ec6f	KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation Contrary to POST binding, signature of SAML protocol message sent using REDIRECT binding is contained in query parameters and not in the message. This renders <dsig:KeyName> key ID hint unusable. This commit adds <Extensions> element in SAML protocol message containing key ID so that key ID is present in the SAML protocol message.	2016-11-04 21:53:43 +01:00
Hynek Mlnarik	d5c3bde0af	KEYCLOAK-1881 Make SAML descriptor endpoint return all certificates	2016-11-04 21:53:43 +01:00
Hynek Mlnarik	5d840500af	KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message Changes of SAML assertion creation/parsing that are required to allow for validation of rotating realm key: signed SAML assertions and signed SAML protocol message now contain signing key ID in XML <dsig:KeyName> element.	2016-11-04 21:53:43 +01:00
Pedro Igor	706c1e2660	[KEYCLOAK-3704] - Registering UserSinchronizer to remove resources when the owner is removed	2016-11-02 21:40:58 -02:00
Pedro Igor	95d2130405	[KEYCLOAK-3704] - Checkign if owner is a valid user	2016-11-02 21:01:24 -02:00
Stan Silvert	facdd586a3	KEYCLOAK-2720: Should not allow two groups with the same path.	2016-11-01 16:08:30 -04:00
Stan Silvert	a5e5f4cf9c	KEYCLOAK-3817: More detailed errors when loading keys from JKS	2016-11-01 13:54:34 -04:00
Bill Burke	ccaac40863	Merge pull request #3437 from patriot1burke/master disable credential type REST and admin ui	2016-10-28 11:33:16 -04:00
Stian Thorgersen	f4a77c3d06	Merge pull request #3444 from stianst/KEYCLOAK-3225 KEYCLOAK-3225	2016-10-28 11:51:35 +02:00
Stian Thorgersen	b6b567f948	Merge pull request #3441 from stianst/KEYCLOAK-3733 KEYCLOAK-3733 Set default max results for paginated endpoints	2016-10-28 10:36:24 +02:00
Stian Thorgersen	479295cfd2	KEYCLOAK-3225 Modifying user's Identity Provider Links requires manage-realm client role	2016-10-28 10:25:41 +02:00
Stian Thorgersen	a78cfa4b2c	Merge pull request #3440 from stianst/KEYCLOAK-3667 KEYCLOAK-3667	2016-10-28 10:13:06 +02:00
Stian Thorgersen	c6caeb3bec	Merge pull request #3439 from stianst/KEYCLOAK-3828 KEYCLOAK-3828	2016-10-28 10:12:51 +02:00
Stian Thorgersen	a9d47287ee	KEYCLOAK-3733 Set default max results for paginated endpoints	2016-10-28 09:15:05 +02:00
Stian Thorgersen	3d46b4c425	KEYCLOAK-3667	2016-10-28 08:43:24 +02:00
Stian Thorgersen	db428dad1d	KEYCLOAK-3828 Component uses wrong role	2016-10-28 07:56:44 +02:00
Stian Thorgersen	e958bd254a	Merge pull request #3435 from stianst/KEYCLOAK-3331 KEYCLOAK-3331 Reset password leads to 400 bad request when link is op…	2016-10-28 06:40:48 +02:00
Stian Thorgersen	0c6b47b9f2	Merge pull request #3433 from stianst/KEYCLOAK-3641 KEYCLOAK-3641 Clicking an invalid verification link due to re-send re…	2016-10-28 06:40:27 +02:00
Bill Burke	91da6a47d7	disable cred types ui	2016-10-27 16:17:02 -04:00
Stian Thorgersen	c6ac3266f0	KEYCLOAK-3641 Clicking an invalid verification link due to re-send removes the email verification key from the session	2016-10-27 16:16:52 +02:00
Stian Thorgersen	ab72b2b141	KEYCLOAK-3331 Reset password leads to 400 bad request when link is opened in a different browser session	2016-10-27 16:04:45 +02:00
Bill Burke	73e3f2a89b	REST API for disable cred type	2016-10-26 15:48:45 -04:00
Bill Burke	68e853b4bd	Merge remote-tracking branch 'upstream/master'	2016-10-25 13:40:32 -04:00
Bill Burke	b67cb0e97a	Merge remote-tracking branch 'upstream/master'	2016-10-25 11:44:22 -04:00
Stian Thorgersen	4b27e66714	KEYCLOAK-3782 Keysize for rsa-generated should be a dropdown	2016-10-25 08:52:02 +02:00
Bill Burke	3e28ac1e46	user spi cache policy	2016-10-24 15:36:37 -04:00
hassaneinaltememyictu	a119a46495	grant the new role from the saml token if it exist grant the user with the new role from the saml token if it is a realm role in keycloak	2016-10-24 17:17:22 +02:00
Stian Thorgersen	1a4f9e656d	Merge pull request #3398 from stianst/KEYCLOAK-3774 KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redir…	2016-10-21 06:34:43 +02:00
Stian Thorgersen	9801f09a93	KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redirect_uri	2016-10-20 21:31:25 +02:00
Stian Thorgersen	5a00aaefa8	KEYCLOAK-2594 bind credential being leaked in admin tool JSON response KEYCLOAK-2972 Keycloak leaks configuration passwords in Admin Event logs	2016-10-20 19:30:59 +02:00
Stian Thorgersen	1bf24d26a4	Merge pull request #3395 from stianst/master KEYCLOAK-3772	2016-10-20 19:27:03 +02:00
Stian Thorgersen	839c4e8ede	KEYCLOAK-3772 Login with Twitter is not working	2016-10-20 15:05:07 +02:00
mposolda	072ccb5c61	KEYCLOAK-3770 OIDC registration with id_token grant type should set publicClient flag to true	2016-10-20 14:10:53 +02:00
Stian Thorgersen	dfc09b69a8	Merge pull request #3380 from stianst/KEYCLOAK-3364 KEYCLOAK-3364 Fix for dns that ends with digit	2016-10-20 06:24:50 +02:00
Stian Thorgersen	d2e0432afb	Merge pull request #3389 from patriot1burke/master KEYCLOAK-3651	2016-10-20 06:24:15 +02:00
Bill Burke	34d80c9083	KEYCLOAK-3651	2016-10-19 20:28:33 -04:00
Bill Burke	9f00f693c6	Merge pull request #3387 from ssilvert/spelling-represenation KEYCLOAK-3496: Spelling Error in Admin GUI Documentation	2016-10-19 19:59:41 -04:00
Stan Silvert	ad59cd618e	Merge pull request #3383 from ssilvert/duplicate-fed-provider KEYCLOAK-2892: Bad error when create fed provider w/ same name.	2016-10-19 16:40:58 -04:00
Stan Silvert	ac80f99e8c	KEYCLOAK-3496: Spelling Error in Admin GUI Documentation	2016-10-19 16:33:59 -04:00
Bill Burke	cdf7dd3a6c	Merge pull request #3372 from patriot1burke/master onCreate for Components	2016-10-19 16:21:20 -04:00
Bill Burke	934ea1c33c	KEYCLOAK-3562	2016-10-19 14:01:21 -04:00
Stan Silvert	9d098e9068	KEYCLOAK-2892: Bad error when create fed provider w/ same name.	2016-10-19 13:32:28 -04:00
Stian Thorgersen	ffce2023c0	KEYCLOAK-3364 Fix for dns that ends with digit	2016-10-19 18:41:43 +02:00
mposolda	3779bfb6b4	KEYCLOAK-3666 client registration policies - polishing	2016-10-19 17:45:23 +02:00
mposolda	964cd50f1d	KEYCLOAK-3666 Added client reg policies for maxClients and clientDisabled	2016-10-19 17:45:23 +02:00
Stian Thorgersen	36c367a3bc	Merge pull request #3369 from stianst/KEYCLOAK-3625 KEYCLOAK-3625	2016-10-19 15:56:57 +02:00
Stian Thorgersen	1b24d2edd8	KEYCLOAK-3625 More work on the issue	2016-10-19 14:21:50 +02:00
Stian Thorgersen	bbc1d26b72	Merge pull request #3367 from stianst/KEYCLOAK-3745 KEYCLOAK-3745 Change attributes in user rep	2016-10-19 14:01:39 +02:00
Stian Thorgersen	4efe12cb93	KEYCLOAK-3745 Change attributes in user rep	2016-10-19 12:15:13 +02:00
Stian Thorgersen	f2f508ac2e	Merge pull request #3357 from stianst/KEYCLOAK-3107 KEYCLOAK-3017 Expose Location header in cors request to admin endpoint	2016-10-19 08:45:18 +02:00
Stian Thorgersen	13220e1d38	Merge pull request #3355 from stianst/KEYCLOAK-2699 KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport	2016-10-19 07:35:54 +02:00
Stian Thorgersen	116027bd7b	Merge pull request #3354 from stianst/KEYCLOAK-2488 KEYCLOAK-2488 Token introspection returns wrong response for invalid …	2016-10-19 07:33:25 +02:00
Stian Thorgersen	a33997976f	KEYCLOAK-3017 Expose Location header in cors request to admin endpoint	2016-10-18 21:27:46 +02:00
Stian Thorgersen	0a8d1e28f1	KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport	2016-10-18 20:31:51 +02:00
Stian Thorgersen	29538332d9	KEYCLOAK-2488 Token introspection returns wrong response for invalid token	2016-10-18 20:28:14 +02:00
Bill Burke	d941e07169	Merge pull request #3350 from patriot1burke/master federated import/export to json	2016-10-18 14:15:25 -04:00
Stian Thorgersen	e41d11877f	Merge pull request #3349 from stianst/KEYCLOAK-2741 KEYCLOAK-2741	2016-10-18 19:39:54 +02:00
mposolda	b62e6e2751	KEYCLOAK-3653 CORS headers not sent in certs endpoint	2016-10-18 16:57:06 +02:00
Stian Thorgersen	74dad004e3	KEYCLOAK-2741 Don't remove KEYCLOAK_REMEMBERME cookie when sso session expires.	2016-10-18 16:14:36 +02:00
Bill Burke	2199df71bf	Merge remote-tracking branch 'upstream/master'	2016-10-18 10:14:00 -04:00
Bill Burke	4182e4d92a	federated import/export	2016-10-18 10:13:51 -04:00
Marek Posolda	3986ce2ce0	Merge pull request #3345 from mposolda/master KEYCLOAK-3499 Fixes in OIDCProtocolMapper support for includeInUserInfo	2016-10-18 14:28:29 +02:00
Stian Thorgersen	4b56743788	Merge pull request #3343 from stianst/KEYCLOAK-2884 KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()	2016-10-18 14:08:50 +02:00
mposolda	a7287aad36	KEYCLOAK-3499 More fixes for IncludeInUserInfo. Fixing tests and migration	2016-10-18 13:09:30 +02:00
Thomas Darimont	c3b577de11	KEYCLOAK-3499 Revise OIDCProtocolMapper support Moved methods `transformUserInfoToken`, `transformAccessToken`, `transformIDToken` to the `AbstractOIDCProtocolMapper` base class in order to reduce code duplication. Previously every mapper implemented at least one or two of those methods with exactly the same code. Having those methods in the base class ensures that the code is the same for all mappers. Since the mentioned methods are declared on the `OIDCIDTokenMapper`, `OIDCAccessTokenMapper` and `UserInfoTokenMapper` interfaces `AbstractOIDCProtocolMapper` implementations can now choose how they should be handled by the `TokenManager` by implementing the desired set of interfaces `TokenMapper`-interfaces. I think this provides a good balance between ease of use, reduced code duplication and ensured backwards compatiblity. Existing protocol mapper implementations will still work since they just implement their own logic for `transformUserInfoToken`, `transformAccessToken`, `transformIDToken`. The "claim" information provided by a `ProtocolMapper` to a `Token` can now be provided by overriding the `AbstractOIDCProtocolMapper.setClaim` method. Adapted all eligible ProtocolMapper implementations within the `org.keycloak.protocol.oidc.mappers` package accordingly.	2016-10-18 13:09:30 +02:00
Stian Thorgersen	e157a60a23	KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()	2016-10-18 09:01:24 +02:00
Marek Posolda	2fd680092a	Merge pull request #3336 from mposolda/master KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for …	2016-10-18 08:33:26 +02:00
mposolda	00879b39b7	KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue	2016-10-17 21:34:21 +02:00
Stian Thorgersen	77499be8d2	KEYCLOAK-3728 Disable script based authenticator in product profile	2016-10-17 21:16:51 +02:00
Stian Thorgersen	64339aaca7	Merge pull request #3317 from stianst/KEY-ROTATION Updated labels for java keystore provider config	2016-10-17 19:39:47 +02:00
Stian Thorgersen	2ed6067de0	Merge pull request #3290 from hmlnarik/KEYCLOAK-3655 KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow	2016-10-17 19:31:43 +02:00
Stian Thorgersen	d22f45f0d2	Merge pull request #3335 from stianst/KEYCLOAK-3635 KEYCLOAK-3635 Not possible to filter debug/trace logging	2016-10-17 18:50:10 +02:00
Stian Thorgersen	b320eb8fc7	KEYCLOAK-3635 Not possible to filter debug/trace logging	2016-10-17 16:12:14 +02:00
Geir Ole Hiåsen Stevning	95f62c6aeb	KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent	2016-10-17 13:53:12 +02:00
mposolda	5732b2c58f	KEYCLOAK-3716 Unable to start Keycloak on wildfly	2016-10-17 12:22:33 +02:00
mposolda	18e0c0277f	KEYCLOAK-3666 Dynamic client registration policies	2016-10-14 20:20:40 +02:00
Bill Burke	1c0abbd722	Merge pull request #3315 from patriot1burke/master import and sync spi	2016-10-14 10:12:42 -04:00
Stian Thorgersen	422805b511	Updated labels for java keystore provider config	2016-10-14 10:36:17 +02:00
Bill Burke	8c8a39c833	sync and import	2016-10-13 20:49:02 -04:00
Bill Burke	0938390654	sync and import	2016-10-13 20:38:49 -04:00
Stian Thorgersen	4e245d428c	KEYCLOAK-905 More testing	2016-10-13 20:44:33 +02:00
Stian Thorgersen	d2cae0f8c3	KEYCLOAK-905 Realm key rotation for OIDC	2016-10-13 11:19:52 +02:00
Bill Burke	fbaa731dfa	import spi	2016-10-11 18:33:59 -04:00
Bill Burke	db05dc6ee4	KEYCLOAK-3671	2016-10-06 15:02:15 -04:00
Bill Burke	fbb65fa072	KEYCLOAK-3671	2016-10-06 14:56:02 -04:00
Bill Burke	74325fe133	initial sync/import spi	2016-10-06 14:48:53 -04:00
Hynek Mlnarik	cfbc9cf14b	KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow	2016-10-05 13:57:02 +02:00
Bill Burke	c5600e888d	revactor CredentialValidationOutput apis	2016-10-04 17:26:45 -04:00
Bill Burke	4af0976194	remove UserCredValueModel and hold hash providers	2016-10-04 12:34:15 -04:00
mposolda	bc916a1909	KEYCLOAK-3564 Update demo examples with public key rotation	2016-10-04 14:05:01 +02:00
mposolda	0f9798a10d	KEYCLOAK-3493 KEYCLOAK-3532 Renamed KeyStorageProvider to PublicKeyStorageProvider	2016-10-03 15:23:50 +02:00
Thomas Darimont	c852d6d817	KEYCLOAK-3642 Favor StreamUtil over IOUTils in ScriptBasedAuthenticatorFactory The dependency on commons-io through the use of IOUtils in ScriptBasedAuthenticatorFactory resulted in NoClassDefFoundError org/apache/commons/io/IOUtils when building the keycloak-distribution. We now use the StreamUtil from keycloak-common to avoid this dependency.	2016-10-03 13:33:53 +02:00
Bill Burke	d4c3fae546	merge conflicts	2016-09-30 19:19:12 -04:00
Bill Burke	6a4e413bf4	final mongo fixes	2016-09-30 19:08:34 -04:00
mposolda	f9a0abcfc4	KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url.	2016-09-30 21:28:23 +02:00
Stian Thorgersen	5d34b7e682	Merge pull request #3189 from thomasdarimont/issue/KEYCLOAK-3491-revise-scripting-support KEYCLOAK-3491 Revise Scripting Support	2016-09-29 10:12:15 +02:00
Bill Burke	8967ca4066	refactor mongo entities, optimize imports	2016-09-28 15:25:39 -04:00
Stian Thorgersen	34f62eb31d	Fixes to [KEYCLOAK-2438] PR	2016-09-28 10:25:37 +02:00
Bruno Oliveira	98d2fe15e8	[KEYCLOAK-2438] - Add display name to social login buttons [KEYCLOAK-3291] - Names of social identity providers are wrongly capitalized (eg GitHub vs Github)	2016-09-26 13:36:28 -03:00
Stian Thorgersen	033d1f564a	KEYCLOAK-2756 Renaming a realm breaks down the Clients	2016-09-26 10:11:28 +02:00
Bill Burke	27e86e36c4	Merge remote-tracking branch 'upstream/master'	2016-09-23 16:50:16 -04:00
Bill Burke	ff1326fe35	authenticator example updated	2016-09-23 16:50:08 -04:00
Marek Posolda	5fc7149aac	Merge pull request #3257 from mposolda/pairwise KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring	2016-09-23 20:58:51 +02:00
Bill Burke	a1bcd0651d	fixes	2016-09-23 10:38:49 -04:00
Marek Posolda	22aaa4cb52	Merge pull request #3237 from brat000012001/kc-iss-3505 KEYCLOAK-3505: updated the oidc user attribute mapper used to map oid…	2016-09-23 15:38:20 +02:00
mposolda	04f05c0cd1	KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring	2016-09-23 15:29:13 +02:00
Bill Burke	8e65356891	creds	2016-09-22 19:57:39 -04:00
Bill Burke	7209a95dce	credential refactoring	2016-09-22 08:34:45 -04:00
Thomas Darimont	8e113384aa	KEYCLOAK-3491 Revise Scripting Support Refactored the scripting infrastructure and added documentation. Added tests and an authenticator template in JavaScript for a quickstart. Increased height of ace code editor to 600px to avoid scrolling.	2016-09-20 14:33:39 +02:00
Stian Thorgersen	4977527f60	Merge pull request #3239 from stianst/SERVER-PROFILE KEYCLOAK-3579 Add ability to define profiles	2016-09-20 10:39:05 +02:00
Stian Thorgersen	992268a8e6	KEYCLOAK-3579 Add ability to define profiles	2016-09-20 08:41:23 +02:00
Stian Thorgersen	44c47431a1	Merge pull request #3233 from betovieirasilva/master-KEYCLOAK-LoginUsername [PULL-REQUEST-3181 & PULL-REQUEST-3233] Username is not displayed on the login screen with that email	2016-09-16 09:23:26 +02:00
Peter Nalyvayko	0348e427de	KEYCLOAK-3505: cosmetic coding style changes	2016-09-15 15:42:09 -04:00
Peter Nalyvayko	b97908fb02	KEYCLOAK-3505: updated the oidc user attribute mapper used to map oidc broker claims to map the claims from userinfo claim set	2016-09-15 11:11:58 -04:00
Gilberto Vieira da Silva	6d5dc673d4	When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field. Conflicts: services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java [PULL-REQUEST-3181]	2016-09-13 18:56:25 -03:00
Gilberto Vieira da Silva	55e07bcde2	Reverted to appli to branch master-KEYCLOAK-LoginUsername	2016-09-13 18:52:16 -03:00
Gilberto Vieira da Silva	cb1b34eee5	When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field. Conflicts: services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java	2016-09-13 18:21:04 -03:00
Martin Hardselius	04d03452bd	KEYCLOAK-3422 support pairwise subject identifier in oidc	2016-09-13 09:18:45 +02:00
mposolda	bf6246f5c1	KEYCLOAK-905 Realm keys rotation support on adapters	2016-09-12 21:24:04 +02:00
Stian Thorgersen	1630b9a20c	Merge pull request #3220 from abstractj/KEYCLOAK-3535 KEYCLOAK-3535 - Check if SSSD is available via DBUS	2016-09-09 08:15:11 +02:00
Stian Thorgersen	65befb16fd	Merge pull request #3219 from pedroigor/KEYCLOAK-3534 [KEYCLOAK-3534] - Authorization tab appears too soon in admin console	2016-09-09 08:14:03 +02:00
Stian Thorgersen	e8f99a2109	Merge pull request #3221 from patriot1burke/master KEYCLOAK-3423	2016-09-09 07:45:53 +02:00
Pedro Igor	7af16fc747	[KEYCLOAK-3534] - Authorization tab appears too soon in admin console	2016-09-09 01:03:09 -03:00
Bill Burke	84f5c0926b	KEYCLOAK-3423	2016-09-08 16:47:06 -04:00
Bruno Oliveira	11245701d2	Check if SSSD is available via DBUS	2016-09-08 16:01:45 -03:00
Bill Burke	2a5c778af5	Merge pull request #3209 from patriot1burke/master KEYCLOAK-3440	2016-09-08 09:10:54 -04:00
Stian Thorgersen	36bb94afb8	Environment dependent provider	2016-09-08 07:40:19 -03:00
Marek Posolda	76e1160b36	Merge pull request #3210 from mposolda/master KEYCLOAK-3537 Username not shown when validation error on Account pro…	2016-09-08 10:04:38 +02:00
Stian Thorgersen	f726caea9b	Merge pull request #3205 from stianst/KEYCLOAK-3342 KEYCLOAK-3342 Add Identity Provider authenticator	2016-09-08 08:40:32 +02:00
mposolda	16282aeb7b	KEYCLOAK-3537 Username not shown when validation error on Account profile page	2016-09-08 08:36:39 +02:00
Stian Thorgersen	d2c546bdc2	Merge pull request #3201 from pedroigor/KEYCLOAK-3129 [KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest	2016-09-08 08:03:40 +02:00
Stian Thorgersen	7c292b1213	KEYCLOAK-3342 Add Identity Provider authenticator	2016-09-08 07:20:35 +02:00
Bill Burke	3b9a6b32e1	Revert "Revert "KEYCLOAK-3440"" This reverts commit `01e48dc4b8`.	2016-09-07 23:41:32 -04:00
Bill Burke	01e48dc4b8	Revert "KEYCLOAK-3440"	2016-09-07 23:17:35 -04:00
Bill Burke	3f35234cf5	Merge remote-tracking branch 'upstream/master'	2016-09-07 23:11:38 -04:00
Bill Burke	da135389c7	KEYCLOAK-3440	2016-09-07 23:11:28 -04:00
mposolda	5a015a6518	KEYCLOAK-3494 Input elements backed by user attributes fail to update in themes	2016-09-07 20:08:09 +02:00
Pedro Igor	517413d38e	[KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest	2016-09-06 17:32:37 -03:00
Bill Burke	15d31a202f	Merge remote-tracking branch 'upstream/master'	2016-09-06 08:56:17 -04:00
Bill Burke	6714c1a136	cred refactor	2016-09-06 08:55:47 -04:00
mposolda	8c5b1e4892	KEYCLOAK-3525 Validation callback when creating/updating protocolMapper	2016-09-06 07:15:27 +02:00
mposolda	03c05bd72b	KEYCLOAK-2957 IdpEmailVerificationAuthenticator should setEmailVerified to true after successfuly link user by email verification	2016-09-05 18:04:24 +02:00
mposolda	a24a43c4be	KEYCLOAK-3349 Support for 'request' and 'request_uri' parameters	2016-09-02 20:20:38 +02:00
Vaclav Muzikar	1b085d3e13	KEYCLOAK-3421 Validation for URI fragments in redirect_uri	2016-08-31 13:07:33 +02:00
mposolda	02f28a7e8e	KEYCLOAK-3416 Add support for signed Userinfo requests	2016-08-30 20:21:04 +02:00
Stian Thorgersen	5a4bb5f3f0	Merge pull request #3168 from stianst/master KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer	2016-08-30 09:47:31 +02:00
mposolda	f4aee129e4	KEYCLOAK-3424 Issuer or token-endpoint as audience in signed JWT	2016-08-29 14:43:35 +02:00
mposolda	a7f9a6e095	KEYCLOAK-3424 Support for import from public key	2016-08-29 14:43:29 +02:00
Stian Thorgersen	4f51b7b34c	KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer	2016-08-29 09:21:22 +02:00
Stian Thorgersen	2a29f2a9c6	Merge pull request #3151 from ssilvert/dmr-server-config KEYCLOAK-3196: Use WildFly management model for server configuration.	2016-08-26 13:44:45 +02:00
Marek Posolda	d138b19adb	Merge pull request #3142 from vmuzikar/KEYCLOAK-3429 KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components	2016-08-24 09:53:29 +02:00
Stan Silvert	3abcf713e5	KEYCLOAK-3196: Test need ability to load keycloak-server.json from /META-INF	2016-08-23 11:27:06 -04:00
Stan Silvert	e4d97485ec	KEYCLOAK-3196: Create master cli script for server-subsystem.	2016-08-23 11:27:04 -04:00
Stan Silvert	3493aa4ab7	KEYCLOAK-3196: Use WildFly management model for server configuration.	2016-08-23 11:26:56 -04:00
Stian Thorgersen	c522a20ab9	KEYCLOAK-3447 Manual upgrade of database schema	2016-08-22 10:22:08 +02:00
Pedro Igor	4cd0a8e894	[KEYCLOAK-3377] - Add pagination to authorization UI	2016-08-18 13:29:54 -03:00
Pedro Igor	a8d2b810cf	[KEYCLOAK-3144] - Add authorization settings when exporting/importing a realm.	2016-08-15 10:35:28 -03:00
mposolda	2cba13db9c	KEYCLOAK-3424 Possibility to import JWK key through admin console	2016-08-12 15:51:14 +02:00
mposolda	3eb9134e02	KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint	2016-08-12 15:51:14 +02:00
Vaclav Muzikar	b7f2e0b5ff	KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components	2016-08-12 14:02:17 +02:00
Pedro Igor	27187c11f1	Merge pull request #3138 from pedroigor/KEYCLOAK-3428 [KEYCLOAK-3428] - Removing scope policies in case the resource does not match	2016-08-11 14:59:20 -03:00
Pedro Igor	0030df060b	[KEYCLOAK-3428] - Removing scope policies in case the resource does not match	2016-08-11 14:58:14 -03:00
Marek Posolda	f6f587e472	Merge pull request #3137 from thomasdarimont/issue/KEYCLOAK-3412-remove-unused-adminEventBuilder-error-method KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method	2016-08-11 17:41:04 +02:00
Thomas Darimont	e0d70a35d6	KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method Wasn't used within the Keycloak codebase and wouldn't have worked either since the OperationType lookup would always fail since there are no "_ERROR" operation types. Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>	2016-08-11 16:10:49 +02:00
mposolda	0520d465c1	KEYCLOAK-3414 Support for client registration from trusted hosts	2016-08-11 15:55:32 +02:00
mposolda	a8fb988e31	KEYCLOAK-3406 OIDC dynamic client registrations specs fixes	2016-08-11 15:54:51 +02:00
Marek Posolda	26bc07b2c4	Merge pull request #3126 from pedroigor/KEYCLOAK-3398 [KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand	2016-08-10 06:50:51 +02:00
Pedro Igor	70eb27ec83	[KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand	2016-08-09 21:56:29 -03:00
Bill Burke	530870f05e	realm components import/export	2016-08-09 15:06:29 -04:00
Bill Burke	ff703f935f	component export/import	2016-08-09 12:25:04 -04:00
Bill Burke	f838c697d1	Merge remote-tracking branch 'upstream/master'	2016-08-08 16:04:16 -04:00
Bill Burke	83306963e8	jta transaction abstraction	2016-08-08 12:32:36 -04:00
mposolda	65e2f127c9	KEYCLOAK-3400 OIDC request with missing response_type should respond with error	2016-08-08 16:11:50 +02:00
mposolda	9be6777685	KEYCLOAK-2169 KEYCLOAK-3286 Support for at_hash and c_hash	2016-08-08 10:57:44 +02:00
Bill Burke	f14f303dfe	Merge remote-tracking branch 'upstream/master'	2016-08-07 11:50:44 -04:00
Bill Burke	33d7d89ad9	provider hot deployment	2016-08-07 11:41:52 -04:00
Marek Posolda	65c49c39f4	Merge pull request #3114 from mposolda/master KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected …	2016-08-05 16:45:56 +02:00
mposolda	e0a59baaf2	KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected unless using the code flow. Started responseType tests	2016-08-05 15:05:26 +02:00
Thomas Darimont	e49afb2d83	KEYCLOAK-3142 - Revised according to codereview Liquibase Moved schema evolution configuration from jpa-changelog-2.1.0 to jpa-changelog-2.2.0. Corrected wrong ResourceType references in tests. Adapted AdminEvents copy-routines to be aware of resourceType attribute. Added ResourceType enum to exposed ENUMS of ServerInfoAdminResource. Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>	2016-08-05 00:01:03 +02:00
Thomas Darimont	586f6eeece	KEYCLOAK-3142 - Capture ResourceType that triggers an AdminEvent Introduced new ResourceType enum for AdminEvents which lists the current supported ResourceTypes for which AdminEvents can be fired. Previously it was difficult for custom EventListeners to figure out which ResourceType triggered an AdminEvent in order to handle it appropriately, effectively forcing users to parse the representation. Having dedicated resource types as a marker on an AdminEvent helps to ease custom EventListener code. We now also allow filtering of admin events by ResourceType in the admin-console. Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>	2016-08-04 11:30:02 +02:00
Bill Burke	534ee2e50c	Merge remote-tracking branch 'upstream/master'	2016-08-03 19:16:45 -04:00
Bill Burke	70722d0d3d	user storage provider jpa example	2016-08-03 19:16:11 -04:00
Bill Burke	7f08717dfb	Merge pull request #3105 from patriot1burke/master component model	2016-08-02 09:28:55 -04:00
Bill Burke	e3aec098a2	Merge pull request #3064 from cainj13/oneSamlAttributeStatement SamlProtocol should only drop attributes into a single attributeStatement	2016-08-02 07:14:08 -04:00
Bill Burke	17e75950fe	more fixes	2016-08-02 06:56:22 -04:00
Bill Burke	1c75b03e59	props	2016-08-02 06:50:13 -04:00
Bill Burke	1d695237b7	fix	2016-08-02 05:49:50 +02:00
Bill Burke	09693eb108	component model	2016-08-02 05:48:57 +02:00
Pedro Igor	ae1a7542d8	[KEYCLOAK-3385] - Improvements to evaluation tool UI and result	2016-08-01 18:01:24 -03:00
Bill Burke	a8a77add39	fix	2016-08-01 12:07:02 -04:00
Bill Burke	5facec73e4	Merge remote-tracking branch 'upstream/master'	2016-08-01 11:19:09 -04:00
Bill Burke	91a267a0d8	component model	2016-08-01 11:18:58 -04:00
Marek Posolda	0d99b797b6	Merge pull request #3068 from mstruk/KEYCLOAK-2981-m KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys	2016-08-01 11:20:55 +02:00
Marek Posolda	159b752fb0	Merge pull request #3085 from pedroigor/master [KEYCLOAK-3376] - Show authorization data when evaluating authorization requests	2016-08-01 09:09:55 +02:00
Dmitry Telegin	fea277a7f5	KEYCLOAK-3369: Fire RealmPostCreateEvent	2016-08-01 01:00:50 +03:00
Pedro Igor	bd5b434894	[KEYCLOAK-3376] - Show authorization data when evaluating authorization requests	2016-07-29 22:09:17 -03:00
Pedro Igor	3c8ed8e3d8	[KEYCLOAK-3372] - Code cleanup	2016-07-29 05:18:38 -03:00
Pedro Igor	8cfa50f134	[KEYCLOAK-3338] More testing and improvements when importing role policies	2016-07-28 12:31:46 -03:00
Bill Burke	5d9fe09599	Merge pull request #3070 from mstruk/KEYCLOAK-2571 KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired	2016-07-28 07:23:32 -04:00
Bill Burke	2219cd363e	Merge pull request #3079 from patriot1burke/master KEYCLOAK-3268	2016-07-28 07:22:45 -04:00
Pedro Igor	7e1b97888a	[KEYCLOAK-3338] - Adding client roles to role policy and UX improvements	2016-07-27 15:15:14 -03:00
Bill Burke	46b4bb0909	KEYCLOAK-3268	2016-07-27 09:28:48 -04:00
Marko Strukelj	59e0570cdf	KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired	2016-07-26 21:32:57 +02:00
Marko Strukelj	94f583e935	KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys	2016-07-25 11:13:21 +02:00
Bill Burke	3973aed57d	Merge pull request #2989 from thomasdarimont/issue/KEYCLOAK-3234-allow-restricting-mapper-for-userinfo KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint	2016-07-22 17:54:00 -04:00
Josh Cain	535a0763fc	put imports back, new IDE snuck a * in there.	2016-07-22 14:57:07 -05:00
Josh Cain	283581f920	SamlProtocol should only drop attributes into a single attributeStatement element	2016-07-22 14:49:48 -05:00
mposolda	01830fd7f3	KEYCLOAK-3319 More OIDC tests. Minor refactoring	2016-07-22 18:16:58 +02:00
mposolda	9169bcd88d	KEYCLOAK-3354 request and request_uri not supported	2016-07-22 13:44:45 +02:00
mposolda	56e011dce4	KEYCLOAK-3318 Adapter support for prompt and max_age. Refactoring to not hardcode OIDC specifics to CookieAuthenticator	2016-07-21 18:19:53 +02:00
Pedro Igor	484d5d6e08	[KEYCLOAK-3313] - UI improvements and messages	2016-07-20 22:11:24 -03:00
mposolda	f4ddfe4a52	KEYCLOAK-3318 Support for prompt=login. More tests for prompt parameter	2016-07-20 21:27:38 +02:00
Bill Burke	6f92bac782	Merge pull request #3000 from tonswieb/master KEYCLOAK-3265 Support writing a NameIDType AttributeValue	2016-07-20 11:23:18 -04:00
Stian Thorgersen	1b517a461e	Merge pull request #3041 from stianst/KEYCLOAK-3302 KEYCLOAK-3302 Allow logout with expired refresh token	2016-07-19 08:03:52 +02:00
Marek Posolda	a6bdf81e6d	Merge pull request #3040 from mposolda/master KEYCLOAK-3220 Added test for missing response_type	2016-07-15 22:19:52 +02:00
Stian Thorgersen	e708c53730	KEYCLOAK-3302 Allow logout with expired refresh token	2016-07-15 12:56:31 +02:00
Stian Thorgersen	1ce17c459d	Merge pull request #3039 from stianst/KEYCLOAK-3192 KEYCLOAK-3192 Ignore disabled required action	2016-07-15 10:38:49 +02:00
mposolda	fda0a79e27	KEYCLOAK-3237 Add scopes_supported to OIDC WellKnown endpoint	2016-07-15 09:47:09 +02:00
Stian Thorgersen	970c89dd6a	KEYCLOAK-3192 Ignore disabled required action	2016-07-15 09:01:44 +02:00
mposolda	13a21e5fda	KEYCLOAK-3220 Improve error handling on adapters	2016-07-14 23:56:46 +02:00
mposolda	dcc4ea3aea	KEYCLOAK-3237 Change OIDC adapters to use scope=openid as required per specs	2016-07-14 23:56:46 +02:00
Pedro Igor	aacf2e9390	[KEYCLOAK-3137] - Review i18n for AuthZ Services	2016-07-14 13:54:37 -03:00
mposolda	ee3ac3fdaf	KEYCLOAK-3223 Basic support for acr claim	2016-07-14 12:36:12 +02:00
Stian Thorgersen	4f1d83b9dc	Merge pull request #3030 from stianst/KEYCLOAK-2824-2 KEYCLOAK-2824 Password Policy SPI	2016-07-14 10:12:25 +02:00
Stian Thorgersen	ea44b5888b	KEYCLOAK-2824 Password Policy SPI	2016-07-14 07:20:30 +02:00
mposolda	abde62f369	KEYCLOAK-3220 redirect to client with error if possible	2016-07-13 20:57:43 +02:00
mposolda	38f89b93ff	KEYCLOAK-3281 OIDC 'state' parameter is url-encoded twice when responseMode=form_post	2016-07-13 18:07:57 +02:00
mposolda	d5199501c7	KEYCLOAK-3219 Added claims info to OIDCWellKnownProvider. More tests	2016-07-13 10:17:45 +02:00
Stian Thorgersen	5b0980172d	KEYCLOAK-3267 Fix identity broker login with brute force enabled	2016-07-12 15:21:00 +02:00
Stian Thorgersen	f97d0846ed	Merge pull request #3010 from wadahiro/KEYCLOAK-3278 KEYCLOAK-3278 Add support for any encoding property file in theme	2016-07-12 10:34:34 +02:00
Stian Thorgersen	19e5ddeba5	Merge pull request #3015 from martin-kanis/master KEYCLOAK-3096 Remove leading/trailing spaces from username/email	2016-07-12 10:03:55 +02:00
mposolda	039bb103c2	KEYCLOAK-3295 Kerberos authenticator changed during userFederationProvider update just if it was DISABLED	2016-07-11 15:52:49 +02:00
Martin Kanis	c67d834d39	KEYCLOAK-3096 Remove leading/trailing spaces from login	2016-07-09 18:35:51 +02:00
mposolda	629390dd4a	KEYCLOAK-2986 Require either expiration or issuedAt for client authentication with signed JWT	2016-07-08 16:16:38 +02:00
mposolda	3bfd999590	KEYCLOAK-3222 extend WellKnown to return supported types of client authentications. More tests	2016-07-08 15:39:13 +02:00
Pedro Igor	80a67149af	Merge pull request #3002 from pedroigor/KEYCLOAK-3249 [KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE	2016-07-08 09:16:51 -03:00
mposolda	c10a005997	KEYCLOAK-3290 UserInfoEndpoint error responses don't have correct statuses	2016-07-08 12:15:07 +02:00
mposolda	4dd28c0adf	KEYCLOAK-3221 Tokens should be invalidated if an attempt to reuse code is made	2016-07-08 11:04:08 +02:00
Bill Burke	bdc57d57c1	Merge pull request #3008 from patriot1burke/master new User Fed SPI initial iteration	2016-07-07 14:56:38 -04:00
Hiroyuki Wada	930b0d9ad7	KEYCLOAK-3278 Add support for any encoding property file in theme	2016-07-08 02:58:48 +09:00
mposolda	a7c9e71490	KEYCLOAK-3218 Support for max_age OIDC authRequest parameter and support for auth_time in IDToken	2016-07-07 17:04:32 +02:00
Bill Burke	0040d3fc3b	Merge remote-tracking branch 'upstream/master'	2016-07-07 10:35:45 -04:00
Bill Burke	7e5a5f79cf	fixes for new user fed spi	2016-07-07 10:35:35 -04:00
Marek Posolda	7a161cc8bb	Merge pull request #3005 from mposolda/KEYCLOAK-3217 KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request sec…	2016-07-07 13:49:43 +02:00
Marek Posolda	c5e8a010dc	Merge pull request #3004 from mposolda/KEYCLOAK-3147 KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter	2016-07-07 13:49:34 +02:00
mposolda	56e09bf189	KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter	2016-07-07 12:46:36 +02:00
mposolda	7aafbcd5d9	KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request secured with Bearer header	2016-07-07 12:28:25 +02:00
Pedro Igor	5ef65e837c	[KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE	2016-07-06 09:39:56 -03:00
Stan Silvert	a231c1b31b	RHSSO-296: Required Action "Configure Totp" should be "Configure OTP"	2016-07-05 15:07:52 -04:00
Ton Swieb	fed7339558	KEYCLOAK-3265 Support writing a NameIDType AttributeValue	2016-07-05 14:54:38 +02:00
Stian Thorgersen	7cfee80e58	KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header	2016-07-05 08:26:26 +02:00
Stian Thorgersen	435cdb6180	Merge pull request #2994 from wadahiro/KEYCLOAK-3259 KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files	2016-07-04 19:25:03 +02:00
Hiroyuki Wada	00cb0a798a	KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files	2016-07-04 19:46:00 +09:00
Stan Silvert	d90a708ceb	RHSSO-274: "Undefined" as auth flow execution	2016-07-01 10:25:14 -04:00
Stian Thorgersen	fa312fb3db	Merge pull request #2979 from cainj13/localeNpeFix make locale retrieval null-safe	2016-07-01 12:33:36 +02:00
Thomas Darimont	ce7e7ef1d7	KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint Client mappers can now be configured to be limited to the userinfo endpoint. This allows to keep access-tokens lean while providing extended user information on demand via the userinfo endpoint.	2016-07-01 11:35:19 +02:00
Bill Burke	3f1eecc4be	Merge remote-tracking branch 'upstream/master'	2016-06-30 16:47:55 -04:00
Bill Burke	3ba3be877e	fixes	2016-06-30 16:47:49 -04:00
Pedro Igor	01f3dddd91	Adding a column to list policies associated with a permission.	2016-06-30 10:26:05 -03:00
Pedro Igor	afa9471c7c	[KEYCLOAK-3128] - Admin Client Authorization Endpoints	2016-06-30 10:26:05 -03:00
Bill Burke	a9f6948d74	Merge remote-tracking branch 'upstream/master'	2016-06-29 15:37:32 -04:00
Bill Burke	f51098c50b	user fed refactor	2016-06-29 15:37:22 -04:00
Pedro Igor	8b0bf503c3	[KEYCLOAK-3172] - Migrating older versions with authorization services.	2016-06-29 12:07:49 -03:00
Josh Cain	ec402f759b	make locale retrieval null-safe	2016-06-28 13:25:48 -05:00
Stian Thorgersen	2e2f34d94e	Merge pull request #2957 from pedroigor/authz-changes Changes to authz examples and some minor improvements	2016-06-23 07:49:47 +02:00
Pedro Igor	074a312fe5	Renaming authorization attributes.	2016-06-22 17:20:50 -03:00
Pedro Igor	f48288865b	[KEYCLOAK-3156] - Missing CORS when responding with denies	2016-06-22 14:39:07 -03:00
Pedro Igor	905421a292	[KEYCLOAK-3152] - Keycloak Authorization JS Adapter	2016-06-22 14:28:02 -03:00
mposolda	f7a2ad021e	KEYCLOAK-3141 Fix DB2 and some other DB issues	2016-06-22 17:06:55 +02:00
mposolda	5c731b4d14	KEYCLOAK-3149 DB update triggered before DBLock is retrieved	2016-06-21 17:14:25 +02:00
Pedro Igor	8402cedd82	Merge pull request #2946 from pedroigor/KEYCLOAK-3130 [KEYCLOAK-3130] - Permission checks to authorization admin endpoints	2016-06-21 10:50:29 -03:00
Erik Mulder	f4ead484de	KEYCLOAK-2474 Possibility to add custom SPI and extend the data model	2016-06-20 10:56:33 +02:00
Pedro Igor	dd279dd0fd	[KEYCLOAK-3130] - Permission checks to authorization admin endpoints	2016-06-17 15:27:42 -03:00
Stian Thorgersen	3c0f7e2ee2	Merge pull request #2617 from pedroigor/KEYCLOAK-2753 [KEYCLOAK-2753] - Fine-grained Authorization Services	2016-06-17 13:40:15 +02:00
Pedro Igor	086c29112a	[KEYCLOAK-2753] - Fine-grained Authorization Services	2016-06-17 02:07:34 -03:00
Stian Thorgersen	e538394e60	KEYCLOAK-3091 Change brute force to use userId	2016-06-13 15:30:13 +02:00
mposolda	1510ac5eb4	KEYCLOAK-3105 Can't access single realm with the admin user from master realm	2016-06-13 12:09:11 +02:00
Stian Thorgersen	1c694b4795	Merge pull request #2921 from thomasdarimont/issue/KEYCLOAK-3054-fix-npe-on-unknown-protocol-adjustment KEYCLOAK-3054: Use string format for log message	2016-06-08 07:08:05 +02:00
Stian Thorgersen	819c42dad2	Merge pull request #2918 from chameleon82/issue/KEYCLOAK-3089-email-subject-internationalization KEYCLOAK-3089 Change email subject encoding to utf-8/base64	2016-06-08 07:07:37 +02:00
Некрасов Александр Сергеевич	7bdccc21b2	KEYCLOAK-3089 Change email subject encoding to utf-8	2016-06-08 09:10:39 +06:00
Thomas Darimont	a9f461bfd1	KEYCLOAK-3054: Use string format for log message Need to use log.debugf(..) to correctly resolve the %s placeholder.	2016-06-07 21:56:04 +02:00
Thomas Darimont	67a63a806e	KEYCLOAK-3054: Fix potential NPE in RealmsResource Prior to PR .well-known Endpoint threw NPE with if unknown Protocol was provided.	2016-06-07 08:29:23 +02:00
Некрасов Александр Сергеевич	5474496867	KEYCLOAK-3089 Change email subject encoding to utf-8/base64	2016-06-07 09:11:46 +06:00
Bill Burke	4c9a0b45d4	Merge pull request #2229 from thomasdarimont/issue/KEYCLOAK-2489-script-based-authenticator-definitions KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.	2016-06-05 11:12:05 -04:00
Bill Burke	b3f3449e39	Merge pull request #2810 from thomasdarimont/issue/KEYCLOAK-2974-handle-ModelException-in-UsersResource KEYCLOAK-2974: Handle ModelException in UsersResource	2016-06-05 11:06:32 -04:00
Thomas Darimont	a2d1c8313d	KEYCLOAK-3081: Add client mapper to map user roles to token Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token. Each protocol mapper supports to use a prefix string that is prepended to each role name. The client role protocol mapper can specify from which client the roles should be considered. Composite Roles are resolved recursively. Background: Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures. In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure (e.g. comma separated list) as a top-level (ID/Access) Token attribute that can easily be matched with a regex. In order to differentiate between client specific roles and realm roles it is possible to configure both separately to be able to use the same role names with different contexts rendered as separate token attributes.	2016-06-03 15:52:58 +02:00
Stian Thorgersen	8fab2f0718	KEYCLOAK-3066 Uploaded Realm Certificate is not validated	2016-06-01 15:12:21 +02:00
Stian Thorgersen	2343e517c9	Merge pull request #2891 from pedroigor/KEYCLOAK-2894 [KEYCLOAK-2894] - Fixing saml signature validation	2016-05-26 16:57:13 +02:00
Pedro Igor	60f954a497	[KEYCLOAK-2894] - Fixing saml signature validation	2016-05-26 10:48:30 -03:00
mposolda	882dbc3f25	KEYCLOAK-3006 Fix admin event inconsistencies related to roles (points 1,3,4,15,16 from JIRA)	2016-05-25 23:18:01 +02:00
mposolda	022be3aee5	KEYCLOAK-3006 Fix admin event inconsistencies (points 2,5-14 from JIRA)	2016-05-25 23:17:47 +02:00
Thomas Darimont	5f73c338d8	KEYCLOAK-2947: Include group representation for GroupMembership changes in AdminEvents We now include the full group representation in AdminEvents for Group Membership changes. This enables EventListener to propagate potential role / attribute chnages based on the removal / addition of the group.	2016-05-25 23:17:35 +02:00
mposolda	f58936025f	KEYCLOAK-3003 Support for admin events in AuthenticationManagementResource	2016-05-25 23:17:24 +02:00
Stian Thorgersen	fa3a2aafec	KEYCLOAK-3034 NullPointerException when log in via Twitter	2016-05-25 08:10:55 +02:00
Stian Thorgersen	477c0872b0	KEYCLOAK-3020 Increase default password hashing intervals to 20K	2016-05-23 11:20:31 +02:00
Stian Thorgersen	d43b230b93	KEYCLOAK-2880 Refactor PermissionTest to not require Java8	2016-05-09 07:25:03 +02:00
mposolda	bea2678e85	KEYCLOAK-2862 AuthenticationManagementResource tests	2016-05-06 20:19:58 +02:00
Thomas Darimont	146a26e714	KEYCLOAK-2974: Handle ModelException in UsersResource We now handle ModelExceptions thrown while creating and updating a new User by rolling back the transaction and presenting an error message with a HTTP 409 (conflict) code. Previously only ModelDuplicateExceptions were handled and ModelExceptions, e.g. due to a failed database operation lead to a HTTP 500 server error.	2016-05-06 20:17:22 +02:00
Stian Thorgersen	0ca117b8e9	KEYCLOAK-2865 Extend coverage of client admin endpoints	2016-05-06 08:08:52 +02:00
Stian Thorgersen	1cc4cc30a6	KEYCLOAK-2549 Re-create master admin client if master realm is overwritten on import	2016-05-05 07:19:32 +02:00
Stian Thorgersen	2355db57da	KEYCLOAK-2880 Permissions tests for admin endpoints	2016-05-04 08:25:05 +02:00
Thomas Darimont	c8d47926b8	KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions. This is a POC for script based authenticator support. Introduced a ScriptBasedAuthenticator that is bootstraped via a ScriptBasedAuthenticatorFactory can be execute a configured script against a provided execution context. Added an alias property to the AuthFlowExecutionRepresentation in order to be able to differentiate multiple instances of an Authenticator within the same AuthFlow. For convenience editing the AngularJS bindings for the ACE editor were added for fancy script editing - this needs to be cut down a bit wrt to themes and supported scripts - e.g. we probably don't expect users to write authenticator scripts in Cobol... Removed currently not needed ACE sytax highlighting and themes. Scripting is now available to all keycloak components that have access to the KeycloakSession. Introduced new Scripting SPI for configurable scripting providers.	2016-04-27 14:37:13 +02:00
Thomas Darimont	27ef919d07	KEYCLOAK-2924: Fire AdminEvents on user group membership changes. We now fire AdminEvents if a user joins or leaves a group. This information can be used to deduce potential role changes in custom event listeners.	2016-04-27 11:17:23 +02:00
mposolda	c7335fa242	KEYCLOAK-2903 Fix WelcomeResource to not allow requests forwarded from proxy/loadbalancer	2016-04-26 12:03:43 +02:00
Marek Posolda	5f16f0ede8	Merge pull request #2732 from mposolda/master KEYCLOAK-2900	2016-04-25 15:00:09 +02:00
mposolda	fa8b272e76	KEYCLOAK-2900	2016-04-25 13:20:29 +02:00
Bruno Oliveira	1cc4ca2e71	RHSSO-130: AccessTokenTest migration	2016-04-22 16:30:57 -03:00
mposolda	e0aedfb93d	KEYCLOAK-2878 UserFederation mapper testing	2016-04-22 14:03:42 +02:00
mposolda	f6a718f10a	KEYCLOAK-2878 Testing of UserFederation admin REST endpoints	2016-04-21 23:11:14 +02:00
Stian Thorgersen	756cc0dca0	KEYCLOAK-2866 KEYCLOAK-2874 Test role mapping resource	2016-04-21 14:21:27 +02:00
Stian Thorgersen	4f5b71d81a	KEYCLOAK-2872 Test RoleByIdResource	2016-04-21 07:09:25 +02:00
Stian Thorgersen	b6257e66b3	Merge pull request #2679 from pedroigor/KEYCLOAK-2835 [KEYCLOAK-2835] - Adding SOAP binding to the list of supported SingleSignOnService.	2016-04-20 20:13:49 +02:00
mposolda	a341889d2c	KEYCLOAK-2842 Not possible to add new execution under registration flow	2016-04-20 18:39:11 +02:00
Pedro Igor	81e4f4b351	[KEYCLOAK-2835] - Adding SOAP binding to the list of supported SingleSignOnService.	2016-04-20 08:48:59 -03:00
mposolda	afc8179cf8	KEYCLOAK-2846 export/import of clientTemplate scopes	2016-04-20 13:30:01 +02:00
mposolda	919a3791ea	KEYCLOAK-2844 Unexpected error when trying to remove clientTemplate in use	2016-04-20 13:25:13 +02:00
Stian Thorgersen	04d76b0052	KEYCLOAK-2491 Fix permissions in admin console to match permissions in admin endpoints	2016-04-20 09:57:57 +02:00
Stian Thorgersen	f71273a1f9	KEYCLOAK-2832 Authentication failure logs at ERROR level	2016-04-20 07:32:07 +02:00
Stian Thorgersen	5606160e70	KEYCLOAK-2828 Refactor contribution and add tests	2016-04-19 13:09:00 +02:00
Thomas Raehalme	cd1094c3ad	KEYCLOAK-2828: LoginStatusIframeEndpoint now sets the P3P header. IE requires a P3P header to be present in <iframe /> response. Otherwise cookies are forbidden. The value of the header does not seem to matter.	2016-04-19 10:24:28 +02:00
Bill Burke	600f429abb	KEYCLOAK-2740	2016-04-15 16:49:06 -04:00
Stian Thorgersen	6a428c8ee7	KEYCLOAK-2810 Added robots.txt and robots meta header	2016-04-13 11:22:57 +02:00
Bill Burke	515ed226be	Merge remote-tracking branch 'upstream/master'	2016-04-12 15:19:58 -04:00
Bill Burke	cca91dd175	public/private	2016-04-12 15:19:46 -04:00
Stian Thorgersen	1c2eafeb80	KEYCLOAK-2807 Fix server info providers page	2016-04-12 15:38:52 +02:00
Stian Thorgersen	538e49117f	KEYCLOAK-2799 Show error for identity brokering login if user is disabled	2016-04-12 13:14:42 +02:00
Stian Thorgersen	fcf7b28b8f	Merge pull request #2583 from stianst/KEYCLOAK-2803 KEYCLOAK-2803 Fix failure to add execution to client flow	2016-04-12 13:05:05 +02:00
Stian Thorgersen	350a9cd997	KEYCLOAK-2803 Fix failure to add execution to client flow	2016-04-12 08:04:15 +02:00
Stian Thorgersen	bd2238dbb8	KEYCLOAK-2770 Close mail transport after sending message	2016-04-12 07:06:52 +02:00
mposolda	e4f75409c9	KEYCLOAK-2802 NPE during identity broker cancelled from account mgmt	2016-04-11 23:31:24 +02:00
mposolda	98ad9b7e7c	KEYCLOAK-2801 Redirected to login theme error page after failed social linking from account management	2016-04-11 23:30:18 +02:00
mposolda	3e9ba71baa	KEYCLOAK-2769 Better error handling of expired code in IdentityBrokerService	2016-04-11 18:20:26 +02:00
mposolda	ee9c87877f	KEYCLOAK-2769 Fix NPE during 'Identity Broker cancelled' and instead show keycloak 'we are sorry' page	2016-04-08 19:07:06 +02:00
mposolda	90fc721315	KEYCLOAK-2614 Refactor database lock to use 'SELECT FOR UPDATE' pessimistic locking	2016-04-08 12:20:54 +02:00
Stian Thorgersen	8ea057a122	KEYCLOAK-2683 Remove QRCodeResource and embed QR code in image	2016-04-08 09:00:57 +02:00
Stian Thorgersen	c1a8e692d0	Merge pull request #2538 from stianst/KEYCLOAK-2751 KEYCLOAK-2751	2016-04-07 16:27:11 +02:00
Stian Thorgersen	b6d861fea6	KEYCLOAK-2751 Separate HTTP status codes for REST API errors	2016-04-07 15:39:12 +02:00
Guus der Kinderen	be578684b9	KEYCLOAK-2767: Should return a primitive if possible. A JSON primitive is valid JSON. There is no need to construct a JSON object just for the sake of being JSON complient. This keeps things nice and simple.	2016-04-07 13:19:29 +02:00
Stian Thorgersen	2694e003c4	KEYCLOAK-2759 Fix error message when renaming realm to name that exists	2016-04-07 06:00:31 +02:00
Stian Thorgersen	8de8446cb5	Merge pull request #2520 from stianst/KEYCLOAK-2756 KEYCLOAK-2756	2016-04-06 19:25:53 +02:00
Stian Thorgersen	6ccf3549ad	KEYCLOAK-2756 Renaming a realm breaks down the Clients	2016-04-06 15:18:49 +02:00
mposolda	72371e5d76	KEYCLOAK-1982 Some builtin objects might be missing when import JSON exported from old versions	2016-04-06 11:43:58 +02:00
Stian Thorgersen	0c829cd605	KEYCLOAK-2262 Refactor realm resource provider, remove admin resource provider and added example	2016-04-06 10:24:30 +02:00
Pedro Igor	e876a3c988	[KEYCLOAK-2262] - New SPIs to extend both Realm and Admin RESTful APIs	2016-04-06 09:43:24 +02:00
Stian Thorgersen	a4335c3eb8	Merge pull request #2502 from velias/KEYCLOAK-2670-master KEYCLOAK-2670 for master - client app is able to push additional HTTP GET	2016-04-05 11:20:06 +02:00
Stian Thorgersen	3e9ae7aa82	Merge pull request #2498 from stianst/KEYCLOAK-2722 KEYCLOAK-2722 Check user session in token introspection endpoint	2016-04-05 11:18:32 +02:00
Vlastimil Elias	21a2a47172	KEYCLOAK-2670 - client app is able to push additional HTTP GET parameters in initial OpenID auth request for use in Auth flows	2016-04-05 10:41:28 +02:00
Stian Thorgersen	55c5e9a381	KEYCLOAK-2722 Check user session in token introspection endpoint	2016-04-05 09:31:39 +02:00
Stian Thorgersen	48551d362a	KEYCLOAK-2704 User count missing in REST admin endpoint	2016-04-05 07:48:20 +02:00
Stian Thorgersen	ff73e1a36a	KEYCLOAK-2651 No CSRF protection or general security headers on welcome page	2016-04-04 09:07:21 +02:00
mposolda	a4d9aaf916	KEYCLOAK-2613 Add version to RealmRepresentation in JSON exports	2016-04-01 16:04:58 +02:00
mposolda	f83b67cdf5	KEYCLOAK-2413 Very slow export/import of realms with large users count	2016-04-01 16:04:48 +02:00
Bill Burke	d1552cd6e8	resolve conflict	2016-03-30 18:23:40 -04:00
Bill Burke	545fb8b849	KEYCLOAK-2716	2016-03-30 18:15:11 -04:00

... 8 9 10 11 12 ...

2396 commits