Pedro Igor
3716fa44ac
[KEYCLOAK-5728] - Permission Claims support
2017-10-27 12:40:30 -02:00
Pedro Igor
57d3c44bb7
[KEYCLOAK-4901] - New policy mgmt rest api should return specific representations for a policy type
2017-10-26 15:26:40 -02:00
Pedro Igor
a70cab502c
[KEYCLOAK-4901] - Reviewing methods on provider spis
2017-10-26 13:39:57 -02:00
Hynek Mlnařík
248da4687a
Merge pull request #4610 from hmlnarik/KEYCLOAK-5745-Extract-client-sessions-from-user-sessions
...
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 13:09:06 +02:00
Hynek Mlnarik
75c354fd94
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 10:39:41 +02:00
Bruno Oliveira da Silva
375e01a074
KEYCLOAK-5278 ( #4606 )
2017-10-25 15:27:24 +02:00
Stian Thorgersen
f0bbcbf0fd
KEYCLOAK-5487 ( #4603 )
2017-10-24 10:49:08 +02:00
Stan Silvert
9083e5fe5c
KEYCLOAK-5298: Enable autoescaping in Freemarker ( #4561 )
...
* KEYCLOAK-5298: Enable autoescaping in Freemarker
* Fix several of the failing tests.
* Fix broken tests in integration-deprecated
* Fix last failing test.
2017-10-23 12:03:00 -04:00
Stian Thorgersen
9b75b603e3
KEYCLOAK-5234 ( #4585 )
2017-10-23 16:13:22 +02:00
Stian Thorgersen
d9ffc4fa21
KEYCLOAK-5225 ( #4577 )
...
KEYCLOAK-5225 fix test
Fix
2017-10-19 08:23:16 +02:00
Stian Thorgersen
fea4c54adc
KEYCLOAK-5280 ( #4576 )
2017-10-19 08:02:23 +02:00
Bill Burke
649bca7618
KEYCLOAK-4328
2017-10-18 09:37:17 -04:00
Hynek Mlnarik
056ba75a72
KEYCLOAK-5656 Use standard infinispan remote-store
2017-10-16 21:49:42 +02:00
Bruno Oliveira da Silva
b6ab2852c2
Remove unused imports ( #4558 )
2017-10-16 14:23:42 +02:00
Bill Burke
31dccc9a5e
Merge pull request #4509 from TeliaSoneraNorge/KEYCLOAK-5032
...
KEYCLOAK-5032 Forward request parameters to another IdP
2017-10-13 18:47:05 -04:00
Bill Burke
46d3ed7832
Merge remote-tracking branch 'upstream/master'
2017-10-13 17:00:57 -04:00
Bill Burke
d9af93850c
KEYCLOAK-5683, KEYCLOAK-5684, KEYCLOAK-5682, KEYCLOAK-5612, KEYCLOAK-5611
2017-10-13 16:51:56 -04:00
mposolda
26f11078dc
KEYCLOAK-5371 Use managed executors on Wildfly
2017-10-11 11:09:53 +02:00
mposolda
f5ff24ccdb
KEYCLOAK-5371 Fix SessionExpirationCrossDCTest, Added ExecutorsProvider. Debug support for cache-servers in tests
2017-10-10 22:30:44 +02:00
Bill Burke
b0464f1751
Merge remote-tracking branch 'upstream/master'
2017-10-10 09:10:04 -04:00
Bill Burke
5bd4ea30ad
rev
2017-10-10 09:09:51 -04:00
Marek Posolda
d336667972
Merge pull request #4527 from Hitachi/master
...
OIDC Financial API Read Only Profile : scope MUST be returned in the response from Token Endpoint
2017-10-10 11:37:45 +02:00
Carl Kristian Eriksen
50dd07217d
KEYCLOAK-5032 Forward request parameters to another IdP
...
Forwarding of prompt and acr_values, if provided in the authorization request.
If prompt is set in the configuration for the identity provider, the configuration overrules the request parameter.
2017-10-09 16:15:27 +02:00
Marek Posolda
c6483f8b1e
Merge pull request #4523 from abustya/master
...
KEYCLOAK-5616 Processing of claims parameter
2017-10-09 11:14:23 +02:00
Bill Burke
c8516c2349
support social external exchange
2017-10-06 16:44:26 -04:00
Vlastimil Eliáš
c9da02912e
KEYCLOAK-2671 - FreeMarker form providers refactored for better ( #4533 )
...
extensibility
2017-10-05 13:37:32 +02:00
Takashi Norimatsu
6f6a467c7b
OIDC Financial API Read Only Profile : scope MUST be returned in the
...
response from Token Endpoint
2017-10-04 12:59:49 +09:00
Václav Muzikář
da146f13c1
KEYCLOAK-5566 Google IdP doesn't reliably fetch user's full name ( #4503 )
2017-10-03 20:56:25 +02:00
Áron Bustya
c2ffaa0777
Merge remote-tracking branch 'keycloak/master'
2017-10-03 14:53:40 +02:00
Áron Bustya
632414cc92
process claims parameter
...
also support parsing from request object
2017-10-03 14:51:46 +02:00
Bruno Oliveira da Silva
da72968085
KEYCLOAK-4401: Wrong message when a temporarily disabled user requests password reset ( #4506 )
2017-10-03 06:28:34 +02:00
mposolda
4a7013d550
KEYCLOAK-5440 RestartLoginCookie field 'cs' not marked ignorable
2017-10-02 14:19:27 +02:00
Bruno Oliveira da Silva
bb0bccc3c0
[KEYCLOAK-5486] Test email connection feature does not work the second time ( #4517 )
2017-10-02 13:14:50 +02:00
Marek Posolda
13fe9e7cf8
Merge pull request #4510 from glavoie/KEYCLOAK-3303
...
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93
KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT
2017-09-29 13:20:22 +02:00
Gabriel Lavoie
134daeac7f
KEYCLOAK-3303: Allow reuse of refresh tokens.
...
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b
Merge pull request #4209 from guitaro/feature/group-search-and-pagination
...
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Bill Burke
9db6a5e0df
Merge pull request #4497 from thomasdarimont/issue/KEYCLOAK-3599-add-script-based-protocol-mapper
...
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
2017-09-23 20:38:51 -04:00
Thomas Darimont
57c633967a
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
...
We now use the `ScriptingProvider` API instead of
using the `ScriptEngineManager` because dynamic
`ScriptEngineManager` lookups might fail in some
environments like JBoss EAP.
Refactored `AbstractOIDCProtocolMapper` to provide
a new version of the `setClaim(..)` method which takes a
`KeycloakSession` as additional argument.
The old `setClaim(..)` method is marked as deprecated and
should be scheduled for removal in a later release.
To ensure backwards compatibility we call the old `setClaim(..)`
from the new `setClaim(..,keycloakSession)` method in order
to not break user implementations of OIDC ProtocolMappers.
The existing OIDC ProtocolMappers which override the old
`setClaim(..)` method should be updated to use the new version
`setClaim(..,keycloakSession)`.
This was necessary to be able to lookup a `ScriptingProvider`.
2017-09-22 22:57:07 +02:00
Bill Burke
1599e6db6e
KEYCLOAK-5518
2017-09-22 16:38:50 -04:00
Bill Burke
537081ec9d
Merge pull request #4494 from patriot1burke/master
...
KEYCLOAK-5516
2017-09-22 16:38:13 -04:00
Bill Burke
3020a04a8b
Merge pull request #4490 from Fiercely/master
...
Keycloak 2035
2017-09-22 16:13:22 -04:00
Bill Burke
790e2dc69f
fix compiler bug
2017-09-22 15:43:13 -04:00
Thomas Darimont
236b2b9273
KEYCLOAK-3599 Add Script based OIDC ProtocolMapper
2017-09-22 21:24:20 +02:00
Bill Burke
eb4f7f3b21
KEYCLOAK-5516
2017-09-22 11:48:30 -04:00
howcroft
e78bf5f876
Keycloak 2035
...
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Bill Burke
8ace0e68c3
KEYCLOAK-910 KEYCLOAK-5455
2017-09-21 17:15:18 -04:00
Bill Burke
ab58052a4c
Merge pull request #4482 from patriot1burke/master
...
KEYCLOAK-5491 KEYCLOAK-5492 KEYCLOAK-5490
2017-09-19 14:01:40 -04:00
Marek Posolda
fa35249afd
Merge pull request #4480 from TeliaSoneraNorge/KEYCLOAK-5494
...
Fix introspection error for pairwise access tokens
2017-09-18 16:44:24 +02:00
Pedro Igor
e8ef050093
Merge pull request #4471 from pedroigor/KEYCLOAK-5095
...
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-18 09:32:47 -03:00
Martin Hardselius
6b687c4318
Fix offline validation errors
...
Refactored token validation method to run user checks only if the user
session is valid.
2017-09-18 11:26:57 +02:00
Bill Burke
f927ee7b4e
KEYCLOAK-5491 KEYCLOAK-5492
2017-09-15 16:30:45 -04:00
Bill Burke
3e6adbc904
KEYCLOAK-5490 ( #4477 )
2017-09-15 11:36:48 +02:00
Martin Hardselius
a4315f4076
Fix introspection error for pairwise access tokens
...
When access tokens containing a pairwise sub are introspected, user
related checks are using that sub to fetch the UserModel instead of
fetching the user from the UserSession. No corresponding user is found
(or possibly even another user) and the token is reported inactive.
Resolves: KEYCLOAK-5494
2017-09-15 10:31:47 +02:00
Bill Burke
c999a0d8f9
Merge remote-tracking branch 'upstream/master'
2017-09-14 21:17:12 -04:00
Bill Burke
affeadf4f3
KEYCLOAK-5490
2017-09-14 21:16:50 -04:00
Stian Thorgersen
ee35673615
KEYCLOAK-1250 Profile and console loader for new account management console
2017-09-14 19:53:02 +02:00
Levente NAGY
d18aa44fb4
Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination
2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7
KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache
2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f
Merge branch 'master' into feature/group-search-and-pagination
2017-09-13 10:27:38 +02:00
Hisanobu Okuda
b7af96aa4d
KEYCLOAK-5315 Conditional OTP enforcement does not work ( #4399 )
2017-09-13 06:58:59 +02:00
Martin Kanis
550e5f752a
KEYCLOAK-5146 TokenEndpoint returns wrong methods for preflight requests ( #4455 )
2017-09-13 06:23:11 +02:00
Pedro Igor
cdb3c159c5
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-12 16:59:20 -03:00
Pedro Igor
90db6654d3
Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
...
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00
Levente NAGY
c8c88dd58c
KEYCLOAK 2538 - UI group pagination - TU + some code improvement + add mockito dependency
2017-09-12 15:09:08 +02:00
Petter Lysne
7f8b5e032a
feat: added PayPal IDP ( #4449 )
2017-09-12 11:57:59 +02:00
Hynek Mlnarik
24e9cbb292
KEYCLOAK-4899 Replace updates to user session with temporary auth session
2017-09-11 21:43:49 +02:00
Levente NAGY
2c24b39268
KEYCLOAK 2538 - UI group pagination
2017-09-07 19:39:06 +02:00
Gabriel Lavoie
c1664478d9
KEYCLOAK-4858: Slow query performance for client with large data volume
...
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00
mposolda
fe43c26829
KEYCLOAK-5248 auth_time is not updated when reauthentication is requested with 'login=prompt'
2017-09-05 12:22:30 +02:00
Pedro Igor
fa6d5f0ee2
[KEYCLOAK-4653] - Identity.hasClientRole(String) and Identity.hasRole(String) break role namespaces and should be removed
2017-09-01 16:08:34 -03:00
filipelautert
e055589448
[KEYCLOAK-4778] Fix for Oracle null value when having an empty String as attribute value ( #4406 )
...
* Add client.name as a second parameter to the title expressions in login template
* Fixing tooltip.
* pt_BR localization for admin screens.
* Reverting login.ftl
* Added all tooltip messages - even the ones not translated.
Translated around 150 messages todas.
* More translations.
* Fixing wrong edit.
* [KEYCLOAK-4778] Null check on Attribute value. This value can be null when retrieved from an Oracle database.
* [KEYCLOAK-4778] Create unit tests for empty and null values.
* [KEYCLOAK-4778] Move empty and null attributes tests to a separated test method; change tests to empty or null Strings.
* [KEYCLOAK-4778] Check if value is null and set it as empty array. In the former code if null was received it would generate an array with 1 string element ["null"]. Also if we set value as null instead of ArrayList, later when the rest call is executed it will generate the same incorrect array again.
* [KEYCLOAK-4778] Tests clean up.
2017-08-31 06:09:41 +02:00
Wim Vandenhaute
924b4f651a
KEYCLOAK-5186 createUser: set federationLink ( #4316 )
2017-08-31 06:07:43 +02:00
Hynek Mlnařík
e36b94d905
KEYCLOAK-5318 Verify signature on raw query parameters ( #4445 )
2017-08-31 05:46:26 +02:00
Stian Thorgersen
d3dc26181e
KEYCLOAK-3481 ( #4441 )
2017-08-30 08:00:22 +02:00
Stian Thorgersen
dcfa4aca8c
KEYCLOAK-943 Started account rest service. Profile and sessions completed. ( #4439 )
2017-08-29 20:12:09 +02:00
Stian Thorgersen
463661b051
Set version to 3.4.0.CR1-SNAPSHOT
2017-08-28 15:46:22 +02:00
Stian Thorgersen
8cc1d02d46
KEYCLOAK-5342 ( #4431 )
2017-08-28 14:35:58 +02:00
Hynek Mlnařík
9ee8f72be9
\KEYCLOAK-5335 Destination attr in SAML requests is optional ( #4424 )
2017-08-28 08:06:48 +02:00
Stian Thorgersen
d58c6ad4e0
[KEYCLOAK-4900] Pass login_hint parameter to idp & review ( #4421 )
2017-08-25 10:14:38 +02:00
w9n
e173bf33ba
auth is already part of the serverBaseUri ( #4418 )
2017-08-25 08:16:01 +02:00
John Ament
30ea556a7a
KEYCLOAK-5285: Adding protected access. ( #4405 )
...
Allows FreemarkerEmailTemplateProvider to be more extensible.
2017-08-25 07:30:26 +02:00
Bill Burke
6696c44dc0
Merge remote-tracking branch 'upstream/master'
2017-08-24 15:19:48 -04:00
Bill Burke
7a57723c01
more token exchange
2017-08-24 15:19:38 -04:00
mposolda
fe5891fbdb
KEYCLOAK-5293 Add notBefore to user
2017-08-23 08:58:26 +02:00
Stian Thorgersen
20ac70d3fd
KEYCLOAK-5119 ( #4400 )
2017-08-22 08:07:36 +02:00
John Ament
5b179420fd
KEYCLOAK-5274: Check that authenticator config id is null before attempting to fetch it. ( #4404 )
2017-08-22 06:57:49 +02:00
mposolda
a6a6a62dc0
KEYCLOAK-5260 kc_idp_hint was only working first time
2017-08-18 11:09:17 +02:00
mposolda
089514d8a6
KEYCLOAK-4634 Cross-dc support for UserLoginFailures
2017-08-17 10:22:12 +02:00
Bill Burke
16954fc370
fix
2017-08-10 14:58:09 -04:00
Levente NAGY
c8aa708cff
Merge remote-tracking branch 'upstream/master'
2017-08-10 18:14:49 +02:00
Bill Burke
41cdd9db70
KEYCLOAK-5268
2017-08-10 09:36:45 -04:00
Bill Burke
fbeef3e75f
manageMembership not deleted
2017-08-10 09:25:44 -04:00
Bill Burke
45eac1093d
show permissions
2017-08-09 10:39:59 -04:00
Bill Burke
3470b1839d
Merge remote-tracking branch 'upstream/master'
2017-08-09 10:25:25 -04:00
Bill Burke
2fa55550f3
token exchange permissions
2017-08-09 10:04:14 -04:00
mposolda
a72c297d5d
KEYCLOAK-4187 Fix LoginCrossDCTest
2017-08-08 14:02:48 +02:00
Hynek Mlnarik
9ca72dc5c6
KEYCLOAK-4189 Improve logging and concurrency/cross-DC testing
2017-08-08 10:11:51 +02:00
Bill Burke
430fe60533
Merge pull request #4374 from patriot1burke/master
...
KEYCLOAK-5190
2017-08-07 14:19:23 -04:00
Bill Burke
ed5e880931
Merge remote-tracking branch 'upstream/master'
2017-08-07 12:02:50 -04:00
Bill Burke
c9b7504e3f
KEYCLOAK-5190
2017-08-07 12:02:18 -04:00
Bill Burke
3fce14d9ce
Merge pull request #4369 from patriot1burke/master
...
KEYCLOAK-5249
2017-08-03 09:57:55 -04:00
Bill Burke
3b5ca2bac0
Merge pull request #4366 from hmlnarik/KEYCLOAK-4694-null
...
KEYCLOAK-4694
2017-08-02 19:47:34 -04:00
Bill Burke
cf0ee31bc5
KEYCLOAK-5249
2017-08-02 19:42:35 -04:00
Hynek Mlnarik
4583a45e78
KEYCLOAK-4694
2017-08-01 09:57:12 +02:00
Bill Burke
8f542618f7
KEYCLOAK-4748
2017-07-31 10:36:04 -04:00
Bill Burke
486a0c9528
remove restriction
2017-07-28 16:25:32 -04:00
Bill Burke
6b991b850e
change role name
2017-07-28 16:20:23 -04:00
Bill Burke
852e9274d4
Merge remote-tracking branch 'upstream/master'
2017-07-28 16:15:53 -04:00
Bill Burke
db9b1bcb21
token exchange
2017-07-28 16:15:39 -04:00
mposolda
07e2136b3b
KEYCLOAK-4187 Added UserSession support for cross-dc
2017-07-27 22:32:58 +02:00
Hynek Mlnarik
ab05216730
KEYCLOAK-4775 Added encryption certificate to SAML metadata
2017-07-27 08:18:10 +02:00
Hynek Mlnarik
3c537f5f28
KEYCLOAK-4446 Do not encrypt SAML status messages
...
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
2017-07-26 11:22:56 +02:00
Hynek Mlnarik
c7046b6325
KEYCLOAK-4189 Preparation for cross-DC SAML testing
2017-07-25 09:44:36 +02:00
Marek Posolda
79a64657f7
Merge pull request #4331 from hmlnarik/KEYCLOAK-5209-IdpEmailVerificationAuthenticator-should-use-user-action-timeout
...
KEYCLOAK-5209 Make IdpEmailVerificationAuthenticator use user action …
2017-07-21 15:32:40 +02:00
Hynek Mlnarik
a192b6f50a
KEYCLOAK-5209 Make IdpEmailVerificationAuthenticator use user action timeout
2017-07-19 15:25:20 +02:00
Hynek Mlnarik
d52d685161
KEYCLOAK-4818 Fix undeclared namespace error in context serialization
2017-07-19 15:18:53 +02:00
Hynek Mlnarik
c36074c7f3
KEYCLOAK-4187 Minor updates (abstraction)
2017-07-18 15:08:06 +02:00
Bill Burke
27b4f0e25d
Merge pull request #4324 from patriot1burke/master
...
KEYCLOAK-5194
2017-07-15 09:26:51 -04:00
Bill Burke
a7940c6ffa
KEYCLOAK-5194
2017-07-14 18:29:48 -04:00
Bill Burke
1e059e3fa3
Merge pull request #4282 from cargosoft/KEYCLOAK-5131
...
KEYCLOAK-5131 ProviderFactory::postInit not called with hot deployment
2017-07-14 15:53:34 -04:00
Bill Burke
01152144bb
Merge pull request #4321 from hmlnarik/KEYCLOAK-4187-Minor-updates
...
KEYCLOAK-4187 Minor updates in API
2017-07-14 15:48:53 -04:00
Bill Burke
f68754290f
KEYCLOAK-5152
2017-07-14 14:14:38 -04:00
Hynek Mlnarik
ddcbee2bff
KEYCLOAK-4187 Minor updates in API
2017-07-14 15:40:43 +02:00
Bill Burke
b0a33c9765
KEYCLOAK-5155
2017-07-13 14:51:27 -04:00
mposolda
3fca731395
KEYCLOAK-5136 Improve browser refresh button after switch to different flow
2017-07-11 13:03:18 +02:00
mposolda
936efe872a
KEYCLOAK-5061 Process correct initial flow when action expired
2017-07-10 22:52:54 +02:00
mposolda
7be2c55f61
KEYCLOAK-5061 Better error messages when action expired
2017-07-10 19:50:28 +02:00
Marek Posolda
48eaebf1c3
Merge pull request #4293 from TeliaSoneraNorge/KEYCLOAK-5139
...
KEYCLOAK-5139 refresh token does not work with pairwise subject ident…
2017-07-10 11:21:34 +02:00
Pedro Igor
65251748c7
[KEYCLOAK-5148] - Create authorization settings when creating a new client using a config file
2017-07-05 18:19:00 -03:00
Pedro Igor
4b7c61111c
Merge pull request #4288 from pedroigor/KEYCLOAK-5135
...
[KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation
2017-07-05 08:22:23 -03:00
Martin Hardselius
8cb8678525
KEYCLOAK-5139 refresh token does not work with pairwise subject identifiers
2017-07-05 12:32:43 +02:00
Stian Thorgersen
c95aace6e0
KEYCLOAK-5141 Return '*' in Cors requests when '*' is in list of permitted origins. Stop caching well-known information as it can change. ( #4290 )
2017-07-05 09:25:21 +02:00
Stian Thorgersen
9a9f4137e5
KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested ( #4289 )
2017-07-04 21:18:34 +02:00
Pedro Igor
adffe16cb8
[KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation
2017-07-04 10:16:55 -03:00
Stan Silvert
32b16717a7
KEYCLOAK-4234: Link to app in acct mgt doesn't use root url ( #4285 )
...
* KEYCLOAK-4234: Link to app in acct mgt not use root url
* Add tests.
2017-07-04 07:01:58 +02:00
Dmitry Telegin
fba264433a
KEYCLOAK-5131 ProviderFactory::postInit not called with hot deployment
2017-07-03 12:20:29 +03:00
Stian Thorgersen
454c5f4d83
Set version to 3.3.0.CR1-SNAPSHOT
2017-06-30 09:47:11 +02:00
Bill Burke
999dff353c
Merge remote-tracking branch 'upstream/master'
2017-06-29 17:37:45 -04:00
Bill Burke
f5389b0e17
don't clean up properly
2017-06-29 17:36:45 -04:00
Sebastien Blanc
500a21685f
KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters ( #4255 )
...
* add rewrite rule config property
* add subsystem support for redirect rewrite
* update deployment unit test
* add license headers
* Optimize rewrite method
2017-06-29 12:50:42 +02:00
Stian Thorgersen
5e225c2bd5
Merge pull request #4266 from CoreFiling/FullNameMapper
...
Fallback to using username in FullNameMapper
2017-06-29 07:28:42 +02:00
Stian Thorgersen
c9bc321d2a
Merge pull request #4269 from stianst/dockerdockerdocker
...
KEYCLOAK-3592 Docker auth implementation
2017-06-29 07:23:47 +02:00
Stian Thorgersen
74fe9249d5
Merge pull request #4216 from machielg/master
...
KEYCLOAK-5026 Store credentials
2017-06-29 06:52:16 +02:00
Josh Cain
89fcddd605
KEYCLOAK-3592 Docker auth implementation
2017-06-29 06:37:34 +02:00
Stian Thorgersen
e964b156cc
Merge pull request #4264 from stianst/KEYCLOAK-5074
...
KEYCLOAK-5074 Allow updating client secret through client registratio…
2017-06-28 11:40:04 +02:00
Jay Anslow
bdc9e8d2c3
Omit empty name claim in FullNameMapper
...
If a user has no first or last name, don't add the `name` claim.
2017-06-28 09:40:57 +01:00
Stian Thorgersen
ce4506f367
Merge pull request #4261 from hmlnarik/KEYCLOAK-4377-null
...
KEYCLOAK-4377
2017-06-28 08:21:20 +02:00
Stian Thorgersen
1220d7f898
KEYCLOAK-5074 Allow updating client secret through client registration service
2017-06-28 08:11:51 +02:00
Hynek Mlnarik
a3ccac2012
KEYCLOAK-4377
2017-06-27 14:34:47 +02:00
Stian Thorgersen
4be0e36306
Merge pull request #4208 from ASzc/KEYCLOAK-4758
...
KEYCLOAK-4758
2017-06-27 11:35:43 +02:00
Stian Thorgersen
56c5996aff
Merge pull request #4259 from stianst/abstractj-KEYCLOAK-4444
...
KEYCLOAK-4444
2017-06-27 10:44:30 +02:00
Machiel Groeneveld
7849191ec7
Merge branch 'master' into master
2017-06-27 10:27:07 +02:00
Stian Thorgersen
06a318d7d5
KEYCLOAK-4444 Update for fine grained permissions
2017-06-27 08:38:51 +02:00
Bruno Oliveira
361ab1c988
[KEYCLOAK-4444] Allow sending test email
2017-06-27 08:38:36 +02:00
Stian Thorgersen
b4d39ca061
KEYCLOAK-4984 Don't update client registration access token on read
2017-06-27 08:29:03 +02:00
Léventé NAGY
1a50e77a4d
Merge branch 'master' into feature/group-search-and-pagination
2017-06-26 20:36:36 +02:00
Bill Burke
bc05560d4d
Merge remote-tracking branch 'upstream/master'
2017-06-26 11:41:12 -04:00
Bill Burke
28b3ef9aa9
admin console work
2017-06-26 11:40:32 -04:00
Bill Burke
22987bb90b
Merge pull request #4250 from mposolda/RHSSO-1027
...
KEYCLOAK-5085 Easy fix to just handle the exception
2017-06-26 10:04:02 -04:00
Bill Burke
f1807aead4
impersonate
2017-06-25 11:28:37 -04:00
mposolda
756d996a4a
KEYCLOAK-5085 RHSSO-1027 Fix to handle the exception thrown from alternative flow
2017-06-23 19:13:43 +02:00
Bill Burke
3ee86fedc7
Merge remote-tracking branch 'upstream/master'
2017-06-23 09:57:35 -04:00
Bill Burke
e7f781df5a
fix
2017-06-23 09:57:25 -04:00
Hynek Mlnarik
8f9ed32a66
KEYCLOAK-5078 ConcurrencyTest fails intermittently
...
This commit fixes 401 Unauthorized issues
2017-06-23 15:16:23 +02:00
Bill Burke
39dea4b078
restricting admin role mapping
2017-06-22 16:51:46 -04:00
Léventé NAGY
41d8d17062
Merge branch 'master' into feature/group-search-and-pagination
2017-06-22 17:41:30 +02:00
Levente NAGY
124bf43a27
[KEYCLOAK-2538] - groups count for pagination
2017-06-22 17:32:38 +02:00
Stian Thorgersen
6f731dfee9
Merge pull request #4118 from skjolber/feature/KEYCLOAK-3056-verify-signature-2
...
Some adjustments for KEYCLOAK-3056 / PR #3893
2017-06-22 08:44:32 +02:00
Marek Posolda
ab7a0c2252
Merge pull request #4248 from mposolda/client-initial-access-db
...
KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to…
2017-06-22 06:27:25 +02:00
Bill Burke
d08ddade2e
merge
2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc
removal
2017-06-21 17:42:57 -04:00
Bill Burke
2b1613d36b
Merge pull request #4064 from frelibert/KEYCLOAK-4781
...
KEYCLOAK-4781 Support for an AttributeStatement Mapper
2017-06-21 17:06:16 -04:00
Bill Burke
f1132ffabe
Merge pull request #4175 from mrezai/fix-pkce-s256-code-challenge
...
KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
2017-06-21 17:04:31 -04:00
mposolda
fc61a4e89f
KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model
2017-06-21 22:14:20 +02:00
Marek Posolda
eae0360eb1
Merge pull request #4243 from mposolda/KEYCLOAK-3316
...
KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid'
2017-06-20 22:05:23 +02:00
Pedro Igor
93d57c7d00
Merge pull request #4236 from CoreFiling/js-policy-performance
...
[KEYCLOAK-5072] - Improve performance of JSPolicyProvider
2017-06-20 15:11:40 -03:00
mposolda
32cf8b7cad
KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid'
2017-06-20 17:17:43 +02:00
mposolda
f363dbcad0
KEYCLOAK-4327 Switching language on User consent gives error
2017-06-20 09:21:41 +02:00
Bill Burke
57cb46148f
tests
2017-06-19 11:21:59 -04:00
Jay Anslow
7614ff8c6f
Extract EvaluatebleScriptAdapter
...
Precursor for InvocableScriptAdapter, which compiles/evaluates a script without affecting the engine's bindings. This allows the same script to be compiled once and then evaluated multiple times (with the same ScriptEngine).
2017-06-19 15:32:14 +01:00
Bill Burke
a994af9010
remove scope
2017-06-16 11:26:43 -04:00
Pedro Igor
93105a2182
[KEYCLOAK-5056] - @NoCache to scope admin api
2017-06-15 09:49:20 -03:00
Martin Hardselius
60942346f3
KEYCLOAK-4924: pairwise clients get duplicate subs in tokens
2017-06-14 10:47:40 +02:00
Hynek Mlnarik
a0f3a6469f
KEYCLOAK-4189 - Cross DC testing
2017-06-12 11:14:28 +02:00
Pedro Igor
f12cef2c86
[KEYCLOAK-4904] - Authorization Audit - Part 1
2017-06-09 13:31:06 -03:00
Machiel Keizer-Groeneveld
80f8815b9a
KEYCLOAK-5026 Store credentials
...
Credentials are stored with user creation if they are present in the UserRepresentation.
2017-06-09 09:32:33 +02:00
Bill Burke
94528976d4
console work
2017-06-07 16:29:43 -04:00
Levente NAGY
f377a45c4e
[KEYCLOAK-2538] - groups count for pagination limits
2017-06-07 20:52:22 +02:00
Levente NAGY
c4da7637d6
[KEYCLOAK-2538] - groups pagination and group search
2017-06-06 18:32:48 +02:00
Bill Burke
536a57a514
ui for permission reference
2017-06-05 19:52:51 -04:00
Alex Szczuczko
5d88c2b8be
KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam.
2017-06-05 16:24:38 -06:00
Pedro Igor
9be9e30ad6
Merge pull request #4206 from pedroigor/KEYCLOAK-4983
...
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-05 16:19:58 -03:00
Pedro Igor
23887f4031
Fixing tests and more client policy tests
2017-06-05 11:26:33 -03:00
Pedro Igor
3760f2753b
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-02 20:09:33 -03:00
Pedro Igor
d0f505455d
[KEYCLOAK-4991] - Allow clients to limit the number of permission in a RPT when using entitlements
2017-06-02 19:06:40 -03:00
Bill Burke
a41d282e92
client permission tests
2017-06-02 15:49:20 -04:00
Pedro Igor
813af5d757
[KEYCLOAK-4992] - Using query parameter metadata for GET requests
2017-06-02 16:13:04 -03:00
Thomas Skjølberg
241c58dd61
Add unit tests related to signatures, check that a signature is present when want assertion signing.
2017-06-02 15:36:52 +02:00
Bill Burke
b9f7a43a72
group permissions
2017-06-01 20:16:35 -04:00
Pedro Igor
dcd1a68d95
[KEYCLOAK-4992] - Allow clients to exclude resource_set_name from RPT
2017-05-31 19:33:34 -03:00
Pedro Igor
c4a0470a37
[KEYCLOAK-4987] - Remove async support from AuthZ Token Endpoints
2017-05-30 12:48:18 -03:00
Stian Thorgersen
a6e4245185
Merge pull request #4194 from stianst/KEYCLOAK-4888
...
KEYCLOAK-4888
2017-05-30 14:49:22 +02:00
Stian Thorgersen
8c53c5a90e
KEYCLOAK-4888
...
Change default hashing provider for realm
2017-05-30 09:54:05 +02:00
Thomas Darimont
7d0b461683
KEYCLOAK-4975 Use authenticationSession binding name in ScriptBasedAuthenticator
...
We now use authenticationSession instead of clientSession to reflect
the renaming of ClientSessionModel to AuthenticationSessionModel.
Note that this is a breaking change which needs to be mentioned in
the upgrade notes!
2017-05-29 18:14:02 +02:00
Bill Burke
c3ea847b3e
auth changes
2017-05-29 09:53:17 -04:00
mposolda
5560175888
KEYCLOAK-4626 Changed javadoc. Remove unused ClientSessionModel class
2017-05-25 18:51:05 +02:00
Pedro Igor
81f1a5b145
Merge pull request #4183 from pedroigor/stan-ui-fixes
...
[KEYCLOAK-4915] - Fixes to evaluation tool UI
2017-05-24 09:32:42 -03:00
mposolda
2b59db71a8
KEYCLOAK-3316 Remove the IDToken if scope=openid is not used
2017-05-24 09:23:14 +02:00
Pedro Igor
829bcf5eaf
Fix to evaluation tool
2017-05-23 17:50:06 -03:00
Pedro Igor
554e692d8f
Merge pull request #4171 from pedroigor/KEYCLOAK-4913
...
[KEYCLOAK-4913] - Caching more query methods
2017-05-23 17:40:51 -03:00
Stian Thorgersen
c442bcd8d3
Merge pull request #4174 from stianst/KEYCLOAK-4889
...
KEYCLOAK-4889
2017-05-23 14:26:15 +02:00
Stian Thorgersen
1b6405a28f
Merge pull request #4173 from hmlnarik/KEYCLOAK-4941
...
KEYCLOAK-4941
2017-05-23 14:00:43 +02:00
Stian Thorgersen
ef29097679
Merge pull request #4172 from hmlnarik/KEYCLOAK-4813-Destination-Validation-should-ignore-whether-default-port-is-explicitly-specified
...
KEYCLOAK-4813 Destination validation counts on port being not specified
2017-05-23 13:59:36 +02:00
Mohammad Rezai
acd78ee407
KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
2017-05-23 16:15:44 +04:30
Stian Thorgersen
130452f6c3
Merge pull request #4085 from mstruk/RHSSO-402
...
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-23 13:29:32 +02:00
Stian Thorgersen
097a2267f5
KEYCLOAK-4889
...
Improve error messages for password policies
2017-05-23 13:18:06 +02:00
Hynek Mlnarik
f47283f61a
KEYCLOAK-4813 Destination validation counts on port being not specified
2017-05-23 12:52:48 +02:00
Hynek Mlnarik
03b1dff1bd
KEYCLOAK-4941
2017-05-23 11:15:51 +02:00
mposolda
8adde64e2c
KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout
2017-05-23 09:08:58 +02:00
Pedro Igor
37a98fba20
[KEYCLOAK-4913] - Caching more query methods
2017-05-22 19:08:24 -03:00
Pedro Igor
62ffab7239
Exporting a client is updating policy config
2017-05-19 19:45:47 -03:00
Bill Burke
ab763e7c5b
fixes after merge
2017-05-19 15:54:36 -04:00
Bill Burke
f114895cd2
for merge
2017-05-19 11:29:26 -04:00
Bill Burke
2cac8b1bb7
KEYCLOAK-4929
2017-05-18 16:53:31 -04:00
Bill Burke
c291748f43
KEYCLOAK-4929
2017-05-18 16:48:04 -04:00
Marko Strukelj
7d0ca42c6c
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-15 12:13:58 +02:00
Bill Burke
954ef99f22
Merge remote-tracking branch 'upstream/master'
2017-05-12 10:10:29 -04:00
mposolda
7d8796e614
KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes.
2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02
KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token
2017-05-11 22:16:26 +02:00
mposolda
db8b733610
KEYCLOAK-4626 Fix TrustStoreEmailTest and PolicyEvaluationCompositeRoleTest. Distribution update
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01
KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes
2017-05-11 22:16:26 +02:00
mposolda
168153c6e7
KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
47aaa5a636
KEYCLOAK-4627 reset credentials and admin e-mails use action tokens. E-mail verification via action tokens.
2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a
KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
b55b089355
KEYCLOAK-4627 Changes in TokenVerifier to include token in exceptions. Reset credentials uses checks to validate individual token aspects
2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424
KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
19a41c8704
KEYCLOAK-4627 Refactor TokenVerifier to support more than just access token checks. Action tokens implementation with reset e-mail action converted to AT
2017-05-11 22:16:26 +02:00
mposolda
83b29c5080
KEYCLOAK-4626 AuthenticationSessions: start
2017-05-11 22:16:26 +02:00
mposolda
e4aba9e471
KEYCLOAK-4829 Access token from offline token falsely reported as inactive by token introspection
2017-05-11 21:17:04 +02:00
Stian Thorgersen
c3a2b3a6b6
KEYCLOAK-4523 PBKDF2WithHmacSHA256 and PBKDF2WithHmacSHA512 providers
2017-05-11 11:58:22 +02:00
Bill Burke
46ec12c41c
fixes
2017-05-10 14:19:10 -04:00
Bill Burke
a8a8ea4bcd
Merge remote-tracking branch 'upstream/master'
2017-05-08 13:49:03 -04:00
Bill Burke
f760427c5c
fine grain tests
2017-05-08 13:48:51 -04:00
Johannes Knutsen
47a8077426
KEYCLOAK-4862: Expose client description in ClientBean
2017-05-05 15:06:21 +02:00
Bill Burke
e1b6ba13cc
Merge pull request #3893 from anderius/feature/KEYCLOAK-3056-verify-signature
...
[WIP] Saml broker: Added wantAssertionsSigned and wantAssertionsEncrypted
2017-05-05 09:04:41 -04:00
Stian Thorgersen
8da766e02e
Merge pull request #4104 from sjvs/master
...
Fix three lgtm.com alerts: two possible NPEs, one possible int overflow
2017-05-05 13:13:02 +02:00
Marc Heide
d5c643eaf9
KEYCLOAK-4521: consider offline sessions if no active user session was found for user info endpoint
2017-05-04 15:25:09 +02:00
Bill Burke
c3b44e61d4
Merge remote-tracking branch 'upstream/master'
2017-05-01 14:51:07 -04:00
Bas van Schaik
2df1175315
Fix lgtm.com alert: potential NPE due to non-short circuit logic
...
The logical-AND operator '&&' evaluates its operands in order, which is
what is required here. The bitwise-AND operator '&' always evaluates all
operands, which will in some cases result in a NPE in the second
operand.
Details:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/dist-7900299-1490802114895/files/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java#V543
2017-04-28 14:51:51 +01:00
Eriksson Fabian
ca1152c3e5
KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
...
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Stian Thorgersen
87dedb56e5
Set version to 3.2.0.CR1-SNAPSHOT
2017-04-27 14:23:03 +02:00
Bill Burke
c7bdb489ee
Merge remote-tracking branch 'upstream/master'
2017-04-26 18:57:56 -04:00
Pedro Igor
0cad34abbe
Merge pull request #4087 from pedroigor/master
...
Checking realm role directly
2017-04-26 16:51:14 -03:00
Bill Burke
2276f99d54
Merge remote-tracking branch 'upstream/master'
2017-04-26 14:39:45 -04:00
Bill Burke
f67013bcb6
fix
2017-04-26 14:39:41 -04:00
Pedro Igor
4e43518b2a
Checking realm role directly
2017-04-26 15:39:37 -03:00
Johannes Knutsen
0809033924
KEYCLOAK-4780 Ensure Base64 encoded HMAC secret key is decoded before use
2017-04-26 16:04:44 +02:00
Stian Thorgersen
2913ee8e23
Merge pull request #4081 from stianst/KEYCLOAK-4785
...
KEYCLOAK-4785 Use realm name when creating admin console base url
2017-04-26 13:12:31 +02:00
Stian Thorgersen
f68b28db20
KEYCLOAK-4785 Use realm name when creating admin console base url
2017-04-26 12:39:56 +02:00
Pedro Igor
79c9078caa
[KEYCLOAK-4792] - Client credentials provider support and making easier to obtain authz client
2017-04-25 14:51:45 -03:00
Stian Thorgersen
84f5df4814
Merge pull request #4070 from stianst/KEYCLOAK-4671
...
KEYCLOAK-4671 Add server-private-spi to dependency deployer
2017-04-25 10:36:22 +02:00
Stian Thorgersen
54ee055bd8
KEYCLOAK-4671 Add server-private-spi to dependency deployer
2017-04-25 10:16:24 +02:00
Hynek Mlnarik
e8a65017fa
KEYCLOAK-4779 Fix NPE
2017-04-24 23:09:27 +02:00
Bill Burke
12cb295a35
Merge remote-tracking branch 'upstream/master'
2017-04-24 10:05:46 -04:00
Bill Burke
58868ca99f
prototype
2017-04-24 10:05:39 -04:00
Frederik Libert
b84f6d306d
KEYCLOAK-4781 Support for an AttributeStatement Mapper
2017-04-24 11:29:55 +02:00
Stian Thorgersen
f92ad70ff0
KEYCLOAK-4774 redirect_fragment doesn't work in Admin Console
2017-04-21 14:03:05 +02:00
Pedro Igor
df163d86e8
Merge pull request #4052 from pedroigor/KEYCLOAK-4754
...
[KEYCLOAK-4754] - Unable to delete realm when using aggregated policies
2017-04-20 13:23:09 -03:00
Pedro Igor
bf69bc94bb
[KEYCLOAK-4754] - Unable to delete realm when using aggregated policies
2017-04-20 12:10:52 -03:00
Stian Thorgersen
2a8b2aabb9
Merge pull request #4049 from stianst/KEYCLOAK-4738
...
KEYCLOAK-4738 Make sure script engine always uses correct classloader
2017-04-20 10:02:23 +02:00
Stian Thorgersen
1d03eb5f2b
Merge pull request #4045 from stianst/KEYCLOAK-4737
...
KEYCLOAK-4737 Admin Console redirect loop when hostname contains console
2017-04-20 09:29:41 +02:00
Stian Thorgersen
4da07474fa
KEYCLOAK-4738 Make sure script engine always uses correct classloader
2017-04-20 09:28:46 +02:00
Stian Thorgersen
8919015f74
KEYCLOAK-4287 Remove deprecated session iframe endpoint
2017-04-19 15:01:15 +02:00
Stian Thorgersen
0a0d2174e4
KEYCLOAK-4737 Admin Console redirect loop when hostname contains console
2017-04-19 14:43:56 +02:00
Pedro Igor
8e877a7f6c
[KEYCLOAK-3135] - More tests
2017-04-12 14:34:27 -03:00
Pedro Igor
eec712a259
[KEYCLOAK-3135] - Role and user policies apis
2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c
[KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests
2017-04-12 00:52:13 -03:00
Pedro Igor
d60dcb4c62
[KEYCLOAK-3135] - Some more tests and making policy type rest api more generic
2017-04-12 00:52:13 -03:00
Pedro Igor
8e64bc3e4d
Tests for new permission management rest api
2017-04-12 00:52:13 -03:00
Pedro Igor
0b8fc3d6e1
[KEYCLOAK-3135] - Fixing permission test
2017-04-12 00:52:13 -03:00
Pedro Igor
55f747ecd0
[KEYCLOAK-3135] - Part 1: Permission Management API
2017-04-12 00:52:13 -03:00
Bill Burke
9452d37926
Merge remote-tracking branch 'upstream/master'
2017-04-06 18:33:50 -04:00
Bill Burke
2e284bdd9b
fix protocol mappers
2017-04-06 18:33:06 -04:00
Bill Burke
54cd41c955
Revert "KEYCLOAK-4727 KEYCLOAK-4652 - Fixing protocol mappers when evaluating policies using the tool"
2017-04-06 18:24:31 -04:00
Pedro Igor
6a959b32fc
KEYCLOAK-4727 KEYCLOAK-4652 - Fixing protocol mappers when evaluating policies using the tool
2017-04-06 18:43:54 -03:00
Bill Burke
3ce0c57e17
Merge pull request #3831 from Hitachi/master
...
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Bill Burke
0fd11d16ee
Merge pull request #3983 from bartoszmajsak/oso_typo_fix
...
Fixes misspelled config class in Openshift provider
2017-04-06 15:29:44 -04:00
Bill Burke
6ca5b7de03
Merge pull request #3998 from cainj13/fixNullProtocols
...
Fix null protocols for default clients
2017-04-06 15:29:21 -04:00
Bill Burke
13afc0147e
close user/client session later
2017-04-06 15:07:40 -04:00
Bill Burke
201d2c6aac
Merge remote-tracking branch 'upstream/master'
2017-04-06 10:44:43 -04:00
Bill Burke
31074c3c8d
KEYCLOAK-4727 KEYCLOAK-4652
2017-04-06 10:44:33 -04:00
Stian Thorgersen
af4c74f1d9
Merge pull request #3718 from thomasdarimont/issue/KEYCLOAK-4163-improve-support-for-email-addresses
...
KEYCLOAK-4163 Improve support for e-mail addresses
2017-04-06 15:34:30 +02:00
Stian Thorgersen
6201257f76
KEYCLOAK-4549 [RH-SSO] EAP 7.1.0 Alpha16
2017-04-05 11:55:21 +02:00
Josh Cain
0482ec40fd
Fix null protocols in default realm applications
2017-03-31 16:13:38 -05:00
Pedro Igor
838a045239
[KEYCLOAK-4650] - Adding scope filter and fixing cancel buttons
2017-03-29 12:59:41 -03:00
Takashi Norimatsu
ef3aef9381
Merge branch 'master' into master
2017-03-28 16:21:40 +09:00
Stian Thorgersen
6b21b4d87b
KEYCLOAK-4657 Sort out REST API for prod profile
2017-03-27 20:50:13 +02:00
Bartosz Majsak
0197600565
Fixes misspelled config class
2017-03-27 09:38:47 +02:00
Bill Burke
71f0c01d4f
Merge pull request #3980 from patriot1burke/master
...
KEYCLOAK-4664 KEYCLOAK-4665
2017-03-25 20:12:22 -04:00
Bill Burke
8c2e756732
fix
2017-03-25 19:21:50 -04:00
Bill Burke
d8e98d1de6
KEYCLOAK-4665
2017-03-25 12:47:32 -04:00
Bill Burke
dd8a64f30c
KEYCLOAK-4664
2017-03-25 11:21:11 -04:00
Bartosz Majsak
63e8e7f842
Alings SimpleHttp API with new version
2017-03-23 13:51:14 +01:00
Bartosz Majsak
210143738e
Merge branch 'master' into oso_provider
2017-03-23 13:45:07 +01:00
Peter Nalyvayko
b2f10359c8
KEYCLOAK-4335: x509 client certificate authentication
...
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments
x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute
Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received
Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes
Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document
A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README
Changes to the formating of the readme
Added a list of features to readme
Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions
Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master
Removed a superfluous file created when merging x509 and main branches
X509 authentication: removed the PKIX path validation as superflous
Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main
Merge the unit tests from x509 branch
added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured
CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.
changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail
Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)
X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them
X509 fixed a compile error caused by the changes to the user model in master
Integration tests to validate X509 client certificate authentication
Minor tweaks to X509 client auth related integration tests
CRLs to support x509 client cert auth integration tests
X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime
X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class
X509 separated the browser and direct grant x509 authenction integration tests
x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator
x509 removed the dependency on mockito
x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests
index.txt.attr is needed by openssl to run a simple OCSP server
x509: minor grammar fixes
Add OCSP stub responder to integration tests
This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.
Replace printStackTrece with logging
This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.
Remove unused imports
Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.
Parameterized Hashtable variable
Removed unused CertificateFactory variable
Declared serialVersionUID for Serializable class
Removed unused CertificateBuilder class
The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.
Removing unused variable declaration
`response` variable is not used in the test, removed it.
Made sure InputStreams are closed
Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.
Removed deprecated usage of URLEncoder
Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.
Made it more clear how to control OCSP stub responder in the tests
X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job
KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests
KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Stian Thorgersen
a87ee04024
Bump to 3.1.0.CR1-SNAPSHOT
2017-03-16 14:21:40 +01:00
Bartosz Majsak
a250f08b6c
Removes trailing slash from the base url
2017-03-15 22:27:24 +01:00
Stian Thorgersen
feeac69197
Merge pull request #3888 from daklassen/KEYCLOAK-4421
...
KEYCLOAK-4421 Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-15 09:54:21 +01:00
Stian Thorgersen
2aa93d7d55
Merge pull request #3924 from daklassen/KEYCLOAK-2486
...
KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
2017-03-15 09:50:06 +01:00
Thomas Darimont
b782892769
KEYCLOAK-4163 Improve support for e-mail addresses
...
Added support for user friendly email addresses as well as dedicated
reply-to addresses for emails being sent by Keycloak.
Both can be customized via the email settings per realm in
the admin-console.
User friendly email addresses use the format:
"Friendly Name"<email@example.org> and provide way to add a meaning
full name to an e-mail address.
We also allow to specify an optional envelope from bounce address.
If a mail sent to a user could not be delivered the email-provider
will sent a notification to that address.
See: https://en.wikipedia.org/wiki/Bounce_address
Add test for proper email headers in sent messages
2017-03-14 18:22:54 +01:00
Bill Burke
6d51862057
Merge pull request #3897 from anderius/feature/KEYCLOAK-4504-redirect-logout
...
[WIP] Saml broker: Option to specify logout request binding
2017-03-14 11:32:26 -04:00
David Klassen
32d3f760ec
KEYCLOAK-4421: Change http url to https
...
Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-14 10:18:40 +01:00
Pedro Igor
9d1d22565c
Merge pull request #3938 from pedroigor/authz-fixes
...
AuthZ Services Fixes
2017-03-13 15:20:41 -03:00
Pedro Igor
e7e6314146
[KEYCLOAK-4555] - Fixes and improvements to evaluation code
2017-03-13 14:08:54 -03:00
Alexey Kazakov
063f5303dd
KEYCLOAK-4568 Identity broker service may fail to validate client session if there is more then one active session
2017-03-11 12:59:25 -08:00
Mark Pardijs
c78c0b73d3
KEYCLOAK-4360: Add OneTimeUse condition to SAMLResponse
...
Add OneTimeUse Condition to SAMLResponse when configured in client settings
2017-03-09 13:01:05 +01:00
David Klassen
7029ef80f8
KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
...
Update SimpleHTTP to use Apache HTTP client under the covers.
2017-03-09 09:23:09 +01:00
Thomas Darimont
1dea38bdbb
KEYCLOAK-4205 Allow to return json arrays in Client and Realm Role Mappers
...
Previously the ClientRoleMapper and RealmRoleMapper returned
roles as a comma delimited String in OIDC tokens which
needed to be parsed by client applications.
We now support to generate the role information as JSON
arrays by setting "multi valued" to "true" in the
client role mapper or realm role mappers respectively
which makes it easier for clients to consume.
The default setting for "multi valued" is "false" to
remain backwards compatible.
An example AccessToken that shows the two modes can be found here:
https://gist.github.com/thomasdarimont/dff0cd691cd6e0b5e33c2eb4c76ae5e8
2017-03-08 20:56:56 +01:00
Bill Burke
efffcc5f41
Merge pull request #3915 from TeliaSoneraNorge/KEYCLOAK-4524
...
KEYCLOAK-4524
2017-03-08 10:08:04 -05:00
Bill Burke
c6dc59f63e
Merge remote-tracking branch 'upstream/master'
2017-03-03 11:00:32 -05:00
Martin Hardselius
a0a85f62c6
KEYCLOAK-4524 possible to add identity prover mappers with same name into single identity provider
...
- unique name enforcement working
- test added
2017-03-03 16:40:49 +01:00
Bill Burke
3bb29e033b
KEYCLOAK-4501, KEYCLOAK-4511, KEYCLOAK-4513
2017-03-03 09:48:52 -05:00
Bartosz Majsak
1a6bb2fedb
Adds Openshift Identity Provider as part of social brokers
2017-03-02 15:14:57 +01:00
Marek Posolda
cfb8d25ff2
Merge pull request #3900 from KillerDiller/wellknownprovider-four-oh-four
...
KEYCLOAK-4519: Avoid NPE for unknown paths under .../.well-known/.
2017-03-02 12:22:35 +01:00
Marek Posolda
4f4ae44a16
Merge pull request #3896 from thomasdarimont/issue/KEYCLOAK-4505-expose-clientSession-binding-to-ScriptBasedAuthenticator
...
KEYCLOAK-4505 Expose current clientSession binding to ScriptBasedAuthenticator
2017-03-01 12:17:29 +01:00
mposolda
091b376624
KEYCLOAK-1590 Realm import per test class
2017-03-01 09:38:44 +01:00
Anders Båtstrand
8d82390843
KEYCLOAK-4504 New configuration option for SAML Broker:
...
* postBindingLogout: Indicates if POST or redirect should be used for the logout requests.
This applies to both IdP-initiated logout, and Keycloak-initiated logout. If unset (for example when upgrading Keycloak), the setting is initially set to the same as postBindingResponse.
The flag is also set when importing IdP metadata.
2017-02-28 12:08:22 +01:00
Bill Burke
0765b01189
Merge remote-tracking branch 'upstream/master'
2017-02-27 18:46:09 -05:00
Bill Burke
b4f625e1ce
KEYCLOAK-4501
2017-02-27 18:46:00 -05:00
Stefan Paletta
bcbde3fdf0
Avoid NPE for unknown paths under .../.well-known/.
2017-02-27 02:42:02 +01:00
Anders Båtstrand
89c6cda2ac
Two new configuration options for the Saml broker:
...
* wantAssertionsSigned: This will toggle the flag in the SP Metadata Descriptor, and validate the signature if and only if "Validate signature" is selected.
* wantAssertionsEncrypted: This will simply require that the assertion is encrypted.
Default behavior is unchanged. The signature validation uses the original XML, and supports therefore an IdP that adds whitespace and line breaks between tags (for example OpenAM).
2017-02-24 15:08:57 +01:00
Thomas Darimont
18a8ed3e95
KEYCLOAK-4505 Expose current clientSession binding to ScriptBasedAuthenticator.
...
Previously the ScriptBasedAuthenticator did not expose the current
clientSession from the AuthenticationFlowContext.
In order to implement client specific authentications with javascript
one needs information about the current client.
2017-02-24 14:01:10 +01:00
Stian Thorgersen
e2b1c97e26
KEYCLOAK-943 Added initial implementation for update profile
2017-02-24 13:19:29 +01:00
Stian Thorgersen
faf0e98665
Merge pull request #3736 from guusdk/api-documentation
...
Improving the generated REST API documentation
2017-02-20 15:30:32 +01:00
Stian Thorgersen
3653d7ed9a
Merge pull request #3762 from sldab/hide-providers
...
KEYCLOAK-4224 Allow hiding identity providers on login page
2017-02-17 12:04:35 +01:00
Bill Burke
c3e72b11db
KEYCLOAK-4382
2017-02-13 10:51:10 -05:00
Bill Burke
d9633dc20c
Merge remote-tracking branch 'upstream/master'
2017-02-09 09:13:00 -05:00
Stian Thorgersen
44180a68e6
Merge pull request #3845 from frelibert/KEYCLOAK-4378
...
KEYCLOAK-4378 New user attribute is not added after first login from …
2017-02-09 10:02:09 +01:00
Bill Burke
cf5e2a1d20
unlink/remoteimported
2017-02-08 19:48:22 -05:00
Frederik Libert
f3a552ac9d
KEYCLOAK-4378 New user attribute is not added after first login from broker
2017-02-07 15:37:16 +01:00
mposolda
8a16ab52a9
KEYCLOAK-4371 Offline Tokens still useless When SSO Session Max is Reached and normal userSession expired
2017-02-03 11:55:58 +01:00
Takashi Norimatsu
88bfa563df
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
...
7636 - Server Side Implementation
2017-02-03 10:38:54 +09:00
Bill Burke
1d04d56bdb
Merge pull request #3816 from patriot1burke/master
...
KEYCLOAK-4218
2017-02-01 08:55:10 -05:00
Bill Burke
0d308e2b69
KEYCLOAK-4218
2017-01-31 15:15:49 -05:00
Pedro Igor
57c74e3f39
[KEYCLOAK-4341] - Resources are not properly exported when exporting authorization settings
2017-01-31 13:10:25 -02:00
Stian Thorgersen
6f22f88d85
Bump version to 3.0.0.CR1
2017-01-26 06:18:11 +01:00
Stian Thorgersen
d1e491d57d
KEYCLOAK-4286 Add deprecated support for old keycloak.js
2017-01-25 15:59:43 +01:00
mposolda
2de2df3a41
KEYCLOAK-4282 Fix authorization import in DirImportProvider
2017-01-24 21:57:35 +01:00
mposolda
194a63cc71
KEYCLOAK-4282 Import authorization after users are imported
2017-01-24 17:32:34 +01:00