libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
12896 commits 4 branches 5 tags 480 MiB
Commit graph

3260 commits

Author SHA1 Message Date
Luca Leonardo Scorcia
d6934c64fd Refactor SAML metadata generation to use the SAMLMetadataWriter class 2020-07-09 09:39:35 +02:00
Pedro Igor
9c4da9b3ce [KEYCLOAK-14147] - Request filter refactoring 
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2020-07-07 11:26:12 -03:00
kurisumakise2011
738f24aa38 [KEYCLOAK-14570] Resolve nullpointer issue in controller 
Some ProviderFactory returns null as properties instead of
Collections.emptyList() and it leads to NPE.

Fix it with using Optional.ofNullable(...).orElse(Collections.emptyList())
 2020-07-07 07:46:26 +02:00
Douglas Palmer
7247734a0f [KEYCLOAK-14379] Fix maven build order for app-server-eap6 profile 2020-07-03 22:47:27 +02:00
Douglas Palmer
9369c7cf4d Add filter by name to applications endpoint 2020-07-03 15:35:38 -03:00
Martin Idel
8fe25948f7 KEYCLOAK-13959 Add AdvancedAttribute mapper for SAML to allow regexes 2020-07-03 18:19:35 +02:00
Plamen Kostov
914b226d11 [KEYCLOAK-14282] Create additional filtering for GET /users endpoint for enabled/disabled users 2020-07-03 09:07:42 -03:00
Axel Messinese
f30395d535 KEYCLOAK-12687 Add briefRepresentation queryParams to get roles 'composite' endpoints 2020-07-03 09:41:53 +02:00
Bartosz Siemieńczuk
e2040f5d13 KEYCLOAK-14006 Allow administrator to add additional fields to be fetched with Facebook profile request 2020-07-01 18:27:04 -03:00
Eric Rodrigues Pires
de9a0a0a4a [KEYCLOAK-13044] Fix owner name representations of UMA tickets for client-owned resources 2020-07-01 18:15:22 -03:00
vmuzikar
dc6f7d0547 KEYCLOAK-14635 Saml tests are failing with invalid redirect urls 2020-07-01 13:46:43 +02:00
vmuzikar
001fe9eb11 KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked 
Co-authored-by: mhajas <mhajas@redhat.com>
 2020-06-30 17:11:20 -03:00
Douglas Palmer
5e44bb781b [KEYCLOAK-14344] Cannot revoke offline access for an app if the app doesn't require consent 2020-06-26 14:56:08 -04:00
vramik
c163fce46e KEYCLOAK-14546 Springboot tests fails with compilation error 2020-06-26 15:18:17 -03:00
Martin Idel
05b6ef8327 KEYCLOAK-14536 Migrate UserModel fields to attributes 
- In order to make lastName/firstName/email/username field
  configurable in profile
  we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)

Fix tests with logic changes

- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes

Potential impact on users:

- When subclassing UserModel, consistency issues may occur since one can
  now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
 2020-06-25 14:50:57 +02:00
Erik Jan de Wit
8a31c331f5 KEYCLOAK-14566 dynamic hidden on WelcomeScreen 2020-06-24 11:40:16 -04:00
Pedro Igor
337a751aaa [KEYCLOAK-11330] - Clustering tests for GA 2020-06-24 17:23:45 +02:00
Douglas Palmer
1434f14663 [KEYCLOAK-14346] Base URL for applications is broken 2020-06-23 15:26:07 -03:00
vramik
753c21e9ef KEYCLOAK-14129 0 downtime upgrade test - eap 2020-06-23 19:37:45 +02:00
Erik Jan de Wit
55291bad76 KEYCLOAK-14531 Welcome cards should be driven by content.json 
`content.js` is now `content.json` it's used in freemarker to create the cards
 2020-06-22 11:29:20 -04:00
vramik
1b988cc12e KEYCLOAK-14516 app-server-eap6 tests fails due to compilation error 2020-06-22 13:43:11 +02:00
Hiroyuki Wada
f73b51818b KEYCLOAK-14113 Support for exchanging to SAML 2.0 token 2020-06-19 22:08:42 +02:00
Dirk Weinhardt
08dca9e89f KEYCLOAK-13205 Apply locale resolution strategy to admin console. 2020-06-19 10:27:13 -04:00
Peter Skopek
5f78a09db1 KEYCLOAK-13029 kcadm composite role creation fails 2020-06-18 16:37:02 +02:00
vmuzikar
662f7fbccd KEYCLOAK-14497 Compilation error in UsernameTemplateMapperTest 2020-06-18 09:15:07 -03:00
Martin Bartos
ec9bf6206e [KEYCLOAK-13202] Reset password redirects to account client 2020-06-18 13:08:36 +02:00
Erik Jan de Wit
c20766f2d7 KEYCLOAK-14140 added more test cases 
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
 2020-06-17 13:56:11 -04:00
Thomas Darimont
92ab9c08ae KEYCLOAK-8100 Expose sub claim in OIDC IdentityBroker Mappers 
We now expose the claims "sub" for use in Identity Broker mappers.
Previously claims directly mapped to `JsonWebToken` fields were not
accessible for mappings.
 2020-06-17 12:56:08 -03:00
Pedro Igor
d331091c5e [KEYCLOAK-11330] - Quarkus tests 2020-06-17 17:20:55 +02:00
vmuzikar
d71e81ed5e KEYCLOAK-14235 Support for running broker tests with different hostnames for auth server and IdP 2020-06-17 14:13:00 +02:00
Pedro Igor
a8bad5b9bb [KEYCLOAK-11330] - Quarkus clustering tests 2020-06-16 10:07:24 -03:00
vramik
c403aa49f7 KEYCLOAK-14087 migration from 9.0.3 2020-06-15 14:47:13 +02:00
mhajas
5d1d75db40 KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration 2020-06-15 14:45:57 +02:00
mhajas
5c2385d081 KEYCLOAK-14105 Update mod-auth-mellon tests to work with TLS 2020-06-15 12:56:49 +02:00
Jan Lieskovsky
df7d85b38d [KEYCLOAK-14358] Enable StartTLS LDAP tests 
Thanks to KEYCLOAK-14343 Use Truststore SPI StartTLS bug fix
they will work with Truststore SPI used by auth server Wildfly too

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-06-11 18:07:53 +02:00
Tero Saarni
3c82f523ff [KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS 
Signed-off-by:  Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-06-11 18:07:53 +02:00
Pedro Igor
e16f30d31f [KEYCLOAK-2343] - Allow exact user search by user attributes 
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
 2020-06-10 12:02:50 -03:00
Pedro Igor
8142b9ad7f [KEYCLOAK-11330] - Fixing build when using empty repository 2020-06-10 08:03:18 -03:00
vramik
d63b3ceca4 KEYCLOAK-14141 0 downtime upgrade test 2020-06-10 12:45:34 +02:00
Pedro Igor
6ccde288a3 [KEYCLOAK-11330] - SSL Support 2020-06-09 08:43:52 +02:00
vmuzikar
b192ac4ea7 KEYCLOAK-14233 Support for generating SSL keystore before running testsuite 
Move profile for app server to base
 2020-06-08 10:51:54 -03:00
Erik Jan de Wit
8b0760a6d1 KEYCLOAK-14158 Polished the My Resource page 
empty state

change case

added dropdown menu instead of buttons

now on edit you can add and remove permissions

changed how the actions work

updated success messages

use live region alerts toast alerts

username or email search

labels for the buttons

margin between accecpt and deny button

fixed test and types

changed to bigger distance with split component

changed to use seperate empty state component
 2020-06-08 09:05:30 -04:00
Douglas Palmer
33863ba161 KEYCLOAK-10162 Usage of ObjectInputStream without checking the object types 
Co-authored-by: mposolda <mposolda@gmail.com>
 2020-06-08 13:12:08 +02:00
Stan Silvert
4c7f4a8d9e KEYCLOAK-11268: Change project layout 2020-06-07 12:42:44 -04:00
Yoshiyuki Tabata
f03ee2ec98 KEYCLOAK-14145 OIDC support for Client "offline" session lifespan 2020-06-04 14:24:52 +02:00
Denis
8d6f8d0465 EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows 2020-06-04 08:08:52 +02:00
Alfredo Boullosa
2ddfc94495 KEYCLOAK-14115 Add a refresh to avoid failure 2020-06-03 20:13:08 -04:00
Pedro Igor
357982adf6 [KEYCLOAK-11330] - Initial changes to get testsuite working for Quarkus 2020-06-03 09:57:24 -03:00
Jan Lieskovsky
a121f77ea4 [KEYCLOAK-12305] [Testsuite] Check LDAP federated user (in)valid 
login(s) using various authentication methods, bind credential
types, and connection encryption mechanisms

The tests cover various possible combinations of the following:
* Authentication method: Anonymous or Simple (default),
* Bind credential: Secret (default) or Vault,
* Connection encryption: Plaintext (default), SSL, or startTLS

Also, ignore the StartTLS LDAP tests for now till KEYCLOAK-14343
& KEYCLOAK-14354 are corrected (due these issues they aren't
working with auth server Wildfly). They will be re-enabled later
via KEYCLOAK-14358 once possible

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-06-02 14:44:17 +02:00
Pedro Igor
e8dc10b4a1 [KEYCLOAK-11330] - Properly handling POST formdata and UriInfo 2020-06-02 09:36:40 +02:00
stianst
90b29b0e31 KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy 2020-05-29 13:57:38 +02:00
Benjamin Weimer
4265fdcab2 KEYCLOAK-14318 Client Empty Root URL and relative Base URL is valid 2020-05-29 11:21:28 +02:00
vmuzikar
f8dce7fc3e KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies 2020-05-28 13:37:56 +02:00
Thomas Darimont
e825ec24cb KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow 
Revised tests
 2020-05-27 07:34:05 +02:00
Thomas Darimont
5a337d0376 KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow 
Added missing test
 2020-05-27 07:34:05 +02:00
Torsten Juergeleit
6005503a3d Namespace support to group-ldap-mapper 
Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.

This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.

This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.

A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.

This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.

An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.
 2020-05-26 17:37:29 +02:00
Hynek Mlnarik
7deb89caab KEYCLOAK-10729 Do not serialize SAML signature 2020-05-25 15:38:17 +02:00
vmuzikar
e873c70374 KEYCLOAK-14236 Support for custom Firefox preferences 2020-05-22 09:24:41 -03:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … (#6962) 
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).

* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.

Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
 2020-05-20 21:04:45 +02:00
Denis
8c7b69fc9e KEYCLOAK-13748 Create automated test for scenario with alternative subflow for credential reset 2020-05-20 14:06:53 +02:00
Stan Silvert
13d0491ff3 KEYCLOAK-14038: Re-allow special characters for Roles only 2020-05-20 07:53:23 -04:00
Takashi Norimatsu
c057b994e7 KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support 2020-05-20 09:01:59 +02:00
mhajas
4b8c7dd7d7 KEYCLOAK-14048 Allow clock skew when testing refresh token actual expiration time 2020-05-20 08:12:54 +02:00
Takashi Norimatsu
be0ba79daa KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS 2020-05-19 17:00:41 +02:00
mposolda
12d965abf3 KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP 2020-05-19 16:58:25 +02:00
Martin Kanis
6f43b58ccf KEYCLOAK-14074 filterIdentityProviders compares providerId instead of alias 2020-05-19 09:46:21 +02:00
Thomas Darimont
6211fa90e0 KEYCLOAK-10932 Honor given_name and family_name in OIDC brokering 
Previously firstname and lastname were derived from the name claim.
We now use direct mappings to extract firstname and lastname from
given_name and family_name claims.

Added test to KcOidcFirstBrokerLoginTest

Marked org.keycloak.broker.provider.BrokeredIdentityContext#setName
as deprecated to avoid breaking existing integrations.
 2020-05-19 09:10:43 +02:00
vramik
37e23cb0a2 KEYCLOAK-14062 Add postgres10 2020-05-18 13:36:18 +02:00
Stan Silvert
a827d20a90 KEYCLOAK-11201: Use snowpack instead of SystemJs. 
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2020-05-15 08:58:26 +02:00
Pedro Igor
35f622f48e [KEYCLOAK-11719] - Remove need for servlets/undertow from Quarkus dist 
Co-authored-by: MatthewC <matthewc@backbase.com>
 2020-05-13 09:28:58 +02:00
Álvaro Gómez Giménez
666832d1be KEYCLOAK-13066 Include resourceType in ScopePermissionRepresentation 2020-05-12 17:11:35 -03:00
Sven-Torben Janus
82d3251ab4 Remove *-imports 2020-05-12 20:50:18 +02:00
Sven-Torben Janus
fcb0e450a0 KEYCLOAK-13817 Return local user from LDAPStorageProvider 2020-05-12 20:50:18 +02:00
Yoshiyuki Tabata
f7d00fc2e9 KEYCLOAK-13844 "exp" claim should not be "0" when using offline token 2020-05-12 16:14:37 +02:00
stianst
49db2c13a5 KEYCLOAK-8141 Fix issue where attribute values are duplicated if updates to user are done in parallell 2020-05-12 09:06:44 +02:00
Pedro Igor
44c49d69a7 [KEYCLOAK-13071] - AuthorizationTokenService swallows Exceptions thrown by KeycloakIdentity 2020-05-08 09:21:37 +02:00
Takashi Norimatsu
3716bd96ad KEYCLOAK-14093 Specify Signature Algorithm in Signed JWT with Client Secret 2020-05-07 11:28:39 +02:00
vramik
4a70494285 KEYCLOAK-14086 Outdated wildfly deprecated version 2020-05-07 08:39:18 +02:00
Stan Silvert
deead471a9 KEYCLOAK-12852: Internal query params not removed after AIA 2020-05-06 16:07:21 -03:00
Takashi Norimatsu
0d0617d44a KEYCLOAK-13720 Specify Signature Algorithm in Signed JWT Client Authentication 2020-05-05 17:43:00 +02:00
rmartinc
f0852fd362 KEYCLOAK-13823: "Dir" Full export/import: On import, service account roles and authorization info are not imported 2020-05-05 17:05:56 +02:00
Vanrar68
85feda3beb KEYCLOAK-13998 ConditionalRoleAuthenticator doesn't work with composite roles 2020-05-05 08:39:04 +02:00
Erik Jan de Wit
1f462a2ae2 KEYCLOAK-12916 add name or username in toolbar 
Update testsuite/integration-arquillian/tests/other/base-ui/src/test/java/org/keycloak/testsuite/ui/account2/page/fragment/LoggedInPageHeader.java

Co-Authored-By: Václav Muzikář <vaclav@muzikari.cz>

Moved concatenation to messages_en.properties

fix: renamed loggedInUser to landingLoggedInUser

for the welcome page

moved `loggedInUserName` to WelcomePageScrips
 2020-05-04 14:58:27 -04:00
Martin Bartos
7ebdca48d3 [KEYCLOAK-13572] Doesn't observe After events due to assume check 2020-05-04 17:31:44 +02:00
Michael Riedmann
66c7ec6b08 [KEYCLOAK-13995] added test for clientUpdate with ProtocolMappers 2020-05-04 17:13:57 +02:00
Erik Jan de Wit
435815249b KEYCLOAK-12783 changed to base account url for new console 2020-05-04 07:16:15 -04:00
Hynek Mlnarik
32f13016fa KEYCLOAK-12874 Align Destination field existence check with spec 2020-05-04 09:19:44 +02:00
Erik Jan de Wit
b19b3a40ad KEYCLOAK-14004 fixed the test 2020-04-30 12:47:18 -04:00
Martin Kanis
aa309b96a8 KEYCLOAK-13682 NPE when refreshing token after enabling consent 2020-04-30 08:46:21 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
Yoshiyuki Tabata
874642fe9e KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC 2020-04-28 15:34:25 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00
Yoshiyuki Tabata
b40c12c712 KEYCLOAK-5325 Provide OAuth token revocation capability 2020-04-28 15:25:22 +02:00
Martin Kanis
be28bfee1d KEYCLOAK-13636 Missing wildfly-dist in EAP 7.4.0.CD19 build 2020-04-28 08:55:42 -03:00
Stan Silvert
09b54a9473 KEYCLOAK-12776: Make it easier to change the logo and logo link. 2020-04-27 12:29:38 -04:00
Erik Jan de Wit
ab2d1546b4 fix merge errors 2020-04-27 09:09:31 -04:00
Erik Jan de Wit
e093fa218d Fixed console for test 2020-04-27 09:09:31 -04:00
Erik Jan de Wit
7580be8708 KEYCLOAK-13121 added the basic functionality 2020-04-27 09:09:31 -04:00
Stefan Guilhen
da1138a8d2 [KEYCLOAK-13005] Make sure the master URL is used if the consumer POST or REDIRECT URL is an empty string 
- Fixes issue where admin console sets an empty string when the consumer POST or REDIRECT URL is deleted
 2020-04-27 14:25:03 +02:00
Erik Jan de Wit
db8cb63565 KEYCLOAK-12936 only change the locale in the AccountPage. 2020-04-27 07:04:06 -04:00
Pedro Igor
44b489b571 [KEYCLOAK-13656] - Deny request if requested scope is not associated to resource or any typed resources 2020-04-27 08:39:38 +02:00
Pedro Igor
dacbe22d53 [KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource 2020-04-27 08:38:55 +02:00
Martin Idel
7e8018c7ca KEYCLOAK-11862 Add Sync mode option 
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported

Fix updateBrokeredUser method for all mappers

- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
  Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
  The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
  Bug: delete cannot work - just delete it. Don't fix it in legacy mode

Rework mapper tests

- Fix old tests for Identity Broker:
  Old tests did not work at all:
  They tested that if you take a realm and assign the role,
  this role is then assigned to the user in that realm,
  which has nothing to do with identity brokering
  Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
  Added tests for UsernameTemplateMapper
  Added tests to all RoleMappers
  Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode

Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
 2020-04-24 15:54:32 +02:00
Pedro Igor
8f5e58234e [KEYCLOAK-11317] - IDP review profile allows empty username 2020-04-24 10:52:59 -03:00
Douglas Palmer
d4eeed306b [KEYCLOAK-11764] Upgrade to Wildfly 19 2020-04-24 08:19:43 -03:00
Erik Jan de Wit
3cdfb422ad KEYCLOAK-12173 removed escaping of '&' 2020-04-23 16:10:57 -04:00
Bart Monhemius
9389332675 [KEYCLOAK-13927] Accept only ticketId instead of the PermissionTicketRepresentation for delete in PermissionResource 2020-04-23 15:59:43 -03:00
Bart Monhemius
acc5ab9e44 [KEYCLOAK-13927] Allow deleting permission tickets with the Authz client 2020-04-23 15:59:43 -03:00
Martin Kanis
a04c70531a KEYCLOAK-9623 Disabling logged in user will not allow other user to login after he is thrown out of his session 2020-04-23 14:40:25 +02:00
Takashi Norimatsu
8513760e25 KEYCLOAK-12176 WebAuthn: show the attestation statement format in the admin console 2020-04-23 10:01:19 +02:00
mhajas
1db87acc98 KEYCLOAK-13852 reset time at the end of testTokenConcurrentRefresh test 2020-04-22 15:06:28 +02:00
mposolda
83255e1b08 KEYCLOAK-13922 MigrationModelTest failing in latest master 2020-04-22 14:05:34 +02:00
Thomas Darimont
12e53e6f11 KEYCLOAK-11003 Remove UPDATE_PASSWORD RequiredAction on non-temporary password reset 
We now remove a potentially existing UPDATE_PASSWORD action when
explicitly assigning a non-temporary password.

Adapted tests to use a temporary password when UpdatePassword required actions
were used.
 2020-04-22 10:59:49 +02:00
Thomas Darimont
f9f71039ae KEYCLOAK-13566 ValidateUsername should raise USER_NOT_FOUND event if the user lookup fails 2020-04-21 21:11:11 +02:00
Pedro Igor
cbab159aa8 [KEYCLOAK-8071] - Properly validating requested scopes 2020-04-21 12:23:59 +02:00
mposolda
38195ca789 KEYCLOAK-12842 Not possible to update user with multivalued LDAP RDN 2020-04-21 11:35:41 +02:00
aboullos
2945eb63b7 KEYCLOAK-8836 Add test to check product name on welcome page 
Modify import

KEYCLOAK-8836 Add test to check product name on welcome page
 2020-04-21 11:30:20 +02:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
mposolda
b29810c923 KEYCLOAK-13306 Model fixes for check realm when lookup by ID 
(cherry picked from commit e40a62de31f6f5d326234314a9e285010665f707)
 2020-04-21 08:19:50 +02:00
mposolda
821405e175 KEYCLOAK-10852 Inconsistency when using 'forgot password' after changing email directly in LDAP 2020-04-16 12:28:41 +02:00
Pedro Igor
acfbdf6b0e [KEYCLOAK-13187] - Concurrency issue when refreshing tokens and updating security context state 2020-04-16 12:25:42 +02:00
Pedro Igor
21597b1ff2 [KEYCLOAK-13581] - Fixing client pagination when permission is enabled 2020-04-14 16:57:27 -03:00
mposolda
4f1985826c KEYCLOAK-12934 LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY user roles retrieve strategy role-ldap-mapper option should only be displayed if LDAP provider vendor is Active Directory 2020-04-14 20:01:55 +02:00
Pedro Igor
9eeeb10587 [KEYCLOAK-13589] - Can't add user in admin console when 'Email as username' is enabled 2020-04-14 19:29:48 +02:00
stianst
1f02f87a6e KEYCLOAK-13565 Add support for kc_action to keycloak.js 
Co-authored-by mhajas <mhajas@redhat.com>
 2020-04-14 19:23:56 +02:00
stianst
97b5654690 KEYCLOAK-13285 Enable check identity for email 2020-04-14 19:22:57 +02:00
mhajas
845195780e KEYCLOAK-13758 Exclude some tests for remote runs 2020-04-08 16:38:58 +02:00
Pedro Igor
b60b85ab65 [KEYCLOAK-7450] - Match subject when validating id_token returned from external OP 2020-04-06 13:43:19 +02:00
vramik
52b67f6172 KEYCLOAK-13660 Patch installation is not performed with -Dauth.server.patch.zips 2020-04-02 10:35:07 +02:00
mposolda
6f62c0ed98 KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console 2020-03-27 13:29:55 +01:00
aboullos
4b6e46d1a9 KEYCLOAK-13445 Modify SigningInTest for changes in credential type 2020-03-27 13:29:44 +01:00
mposolda
bf92bd16b0 KEYCLOAK-13383 WebAuthnRegisterAndLoginTest fails with -Dproduct with auth-server-eap 2020-03-26 16:27:23 +01:00
vramik
330d5b2c25 KEYCLOAK-13384 exclude IdentityProviderTest.failCreateInvalidUrl from remote-tests 2020-03-26 14:04:38 +01:00
vramik
780d11e790 KEYCLOAK-13571 KcinitTest fails with -Dproduct due to skipped maven plugin exacution 2020-03-26 14:03:11 +01:00
Pedro Igor
b812159193 [KEYCLOAK-10675] - Deleting an Identity Provider doesn't remove the associated IdP Mapper for that user 2020-03-26 11:41:17 +01:00
Pedro Igor
1b8369c7d5 [KEYCLOAK-13385] - Better message when saving a provider with invalid URLs 2020-03-26 08:46:44 +01:00
mhajas
b2b790cd1d KEYCLOAK-10797 Unignore hawtio on eap6 test 2020-03-24 15:10:40 +01:00
mhajas
8b96882a1c KEYCLOAK-12972 Fix fuse tests 2020-03-24 14:50:54 +01:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
mposolda
5ddd605ee9 KEYCLOAK-13259 2020-03-24 05:32:41 +01:00
mposolda
9474dd6208 KEYCLOAK-12986 BruteForceProtector does not log failures when login failure in PostBroker flow 2020-03-24 05:32:10 +01:00
Martin Kanis
e6e0e6945d KEYCLOAK-12156 LogoutEndpoint does not verify token type of id_token_hint 
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
 2020-03-24 05:31:36 +01:00
Pedro Igor
ec63245ac8 [KEYCLOAK-13386] - SslRequired.EXTERNAL doesn't work for identity broker validations 2020-03-23 12:16:43 -03:00
mposolda
3e82473a90 KEYCLOAK-13369 Not possible to move groups in admin console 2020-03-23 10:17:23 +01:00
mposolda
61fd66e107 KEYCLOAK-13368 TestClassProvider undertow server not stopped after testsuite 2020-03-23 07:10:17 +01:00
Pavel Drozd
6cc897e319
KEYCLOAK-8372 - User Federation tests - fixing for different vendors (#6909) 2020-03-20 11:36:35 +01:00
Dmitry Telegin
3b24465141
KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking (#6828) 
* KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking

* KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow

* KEYCLOAK-12870: remove "already authenticated as different user" check and message

* KEYCLOAK-12870: translations

* KEYCLOAK-12870: fix tests
 2020-03-20 07:41:35 +01:00
Pedro Igor
2eab44d3f3 [KEYCLOAK-13273] - Remove group policy when group is removed 2020-03-20 07:40:18 +01:00
rmartinc
a8e74196d1 KEYCLOAK-4923: Client Service Account Roles are not exported 2020-03-19 11:38:33 -03:00
Aboullos
f8dc7c0329 KEYCLOAK-13007 Add LDAPAccountTest 2020-03-18 10:11:59 -03:00
Stan Silvert
fff8571cfd KEYCLOAK-12768: Prevent reserved characters in URLs 2020-03-18 07:40:24 +01:00
vmuzikar
89f483d578 KEYCLOAK-13257 Fix WelcomeScreenTest.accountSecurityTest 2020-03-17 15:31:05 -03:00
vmuzikar
e4f7eb78b5 KEYCLOAK-13256 Fix WebAuthn in new Account Console tests 2020-03-17 15:31:05 -03:00
Stefan Guilhen
8c627fdb20 [KEYCLOAK-13036] Fix KeycloakElytronCSVaultTest failures on IBM JDK 
- credential store is generated on the fly for the test, avoiding incompatibilities between implementations of keystores
 2020-03-17 17:07:55 +01:00
mposolda
56d1ab19a8 KEYCLOAK-11412 Display more nice error message when creating top level group with same name 2020-03-16 21:03:46 +01:00
mposolda
d7688f6b12 KEYCLOAK-12869 REST sends credential type when no credential exists and credential disabled 2020-03-16 21:02:40 +01:00
Stan Silvert
1f1ed36b71 KEYCLOAK-9782: Do not allow duplicate group name when updating 2020-03-13 10:13:45 -04:00
Sebastian Laskawiec
8774a0f4ba KEYCLOAK-12881 KEYCLOAK-13099 Update FederatedIdentities and Groups on POST 2020-03-12 14:57:02 +01:00
mposolda
72e4690248 KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage 2020-03-11 12:51:56 +01:00
mposolda
803f398dba KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage 2020-03-11 12:51:56 +01:00
Thomas Darimont
cd51ff3474 KEYCLOAK-13186 Remove role information from RefreshTokens 
We now no longer expose role assignment information into the RefreshToken.

Previously RefreshTokens contained information about the realm and
client specific roles which are assigned to a user. Since the role
information is usually either taken from the AccessToken, IDToken or
the User-Info endpoint and the RefreshToken is an internal format which
is opaque to the client, it would be a waste of space to keep that
information in the RefreshToken.

See:
https://lists.jboss.org/pipermail/keycloak-dev/2019-April/011936.html
 2020-03-11 06:28:22 +01:00
rmartinc
ad3b9fc389 KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups 2020-03-11 06:14:29 +01:00
mposolda
bc1146ac2f KEYCLOAK-10029 Offline token migration fix. Always test offline-token migration when run MigrationTest 2020-03-10 20:38:16 +01:00
Pedro Igor
b7a395a3ef [KEYCLOAK-11345] - Test basic features of Keycloak.X with current tetsuite 2020-03-10 15:59:35 +01:00
vramik
83461d033b KEYCLOAK-11808 update testsuite to use current jdbc driver version for migration testing 2020-03-09 15:05:12 +01:00
Sebastian Schuster
99aba33980 KEYCLOAK-13163 Fixed searching for user with fine-grained permissions 2020-03-09 09:56:13 -03:00
vmuzikar
8cfd4d60e6 KEYCLOAK-13069 Fix failing RH-SSO base tests 2020-03-09 13:50:40 +01:00
Phy
8aa5019efe KEYCLOAK-13074 Don't return LDAP group members if under IMPORT mode 
If GroupLDAPStorageMapper is running under IMPORT mode, getGroupMembers should not return users in LDAP, which, according to how UserStorageManager.query works (getting both user federation and Keycloak storage), will cause duplicate users in the list.

A test has been added as well, which will fail before the fix in the mapper.
 2020-03-06 11:44:36 +01:00
stianst
ed97d40939 KEYCLOAK-9851 Removed properties from realm json attributes that are included as fields 2020-03-05 17:59:50 +01:00
mabartos
a1bbab9eb2 KEYCLOAK-12799 Missing Cancel button on The WebAuthn setup screen when using AIA 2020-03-05 15:04:38 +01:00
Pedro Igor
23b4aee445 [KEYCLOAK-13056] - Searching clients with reduced permissions results in 403 2020-03-05 13:39:25 +01:00
Pedro Igor
30b07a1ff5 [KEYCLOAK-13175] - Setting the enforcement mode when fetching lazily fetching resources 2020-03-05 13:31:21 +01:00
stianst
75a772f52b KEYCLOAK-10967 Add JSON body methods for test ldap and smtp connections. Deprecate old form based methods. 2020-03-05 10:07:58 +01:00
Pedro Igor
2f489a41eb [KEYCLOAK-12192] - Missing Input Validation in IDP Authorization URLs 2020-03-05 06:32:35 +01:00
Hynek Mlnarik
0cf0955318 KEYCLOAK-13181 Fix NPE in EAP 6 adapter 2020-03-04 10:19:43 +01:00
Jon Koops
c1bf183998 KEYCLOAK-9346 Add new KeycloakPromise to support native promises 
Co-authored-by: mhajas <mhajas@redhat.com>
 2020-03-04 08:53:35 +01:00
Douglas Palmer
dfb67c3aa4 [KEYCLOAK-12980] Username not updated when "Email as username" is enabled 2020-03-03 10:26:35 +01:00
Pedro Igor
49b1dbba68 [KEYCLOAK-11804] - Block service accounts to authenticate or manage credentials 2020-03-03 06:48:02 +01:00
Hynek Mlnarik
f45f882f0c KEYCLOAK-11903 Test for XSW attacks 2020-03-02 21:26:13 +01:00
mhajas
df11a8a864 KEYCLOAK-12606 Add test 2020-03-02 20:07:52 +01:00
vramik
7c91e36e43 KEYCLOAK-10898 WildFly Adapter CLI based installation scripts 2020-03-02 10:08:45 +01:00
mhajas
d3bebb4746 KEYCLOAK-12884 Add more tests for SameSite 2020-02-28 16:19:44 +01:00
mhajas
9b81c42525 KEYCLOAK-13113 Exclude tests for Tomcat 2020-02-28 13:35:33 +01:00
mabartos
695fb92241 KEYCLOAK-13070 UserConsentWithUserStorageModelTest failing with ModelDuplicateException 2020-02-27 21:25:49 +01:00
Hynek Mlnarik
aecfe251e4 KEYCLOAK-12816 Fix representation to model conversion 2020-02-27 21:11:24 +01:00
Douglas Palmer
85d7216228 [KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import 2020-02-27 09:45:48 -03:00
vramik
f1e54455e7 KEYCLOAK-13111 Move execution of db-allocator-plugin to jpa profile 2020-02-27 11:51:05 +01:00
mhajas
9f3a6de453 KEYCLOAK-13096 Add compile scope hamcrest dependency to springboot tests 2020-02-27 11:18:54 +01:00
mhajas
3db55727ca KEYCLOAK-12979 Fix group-attribute parsing 2020-02-27 10:48:03 +01:00
vramik
e2bd99e9e4 KEYCLOAK-13097 fix UserStorageTest - add cleanup after test 2020-02-27 10:46:38 +01:00
Pedro Igor
a830818a84 [KEYCLOAK-12794] - Missing id token checks in oidc broker 2020-02-27 09:13:29 +01:00
Erik Jan de Wit
8297c0c878 KEYCLOAK-11155 split on first '=' instead of all 2020-02-27 09:12:51 +01:00
Erik Jan de Wit
93a1374558 KEYCLOAK-11129 coalesce possible null values 2020-02-27 09:11:29 +01:00
Pedro Igor
1c71eb93db [KEYCLOAK-11576] - Properly handling redirect_uri parser errors 2020-02-27 08:29:06 +01:00
stianst
950eae090f KEYCLOAK-13054 Unblock temporarily disabled user on password reset, and remove invalid error message 2020-02-27 08:05:46 +01:00
vmuzikar
de8ba75399 KEYCLOAK-12635 KEYCLOAK-12935 KEYCLOAK-13023 UI test fixes 2020-02-26 15:54:44 -03:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn (#6780) 
* KEYCLOAK-12958 Preview feature profile for WebAuthn

* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server

* KEYCLOAK-12958 WebAuthn profile product/project

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2020-02-26 08:45:26 +01:00
mhajas
8436a88075 KEYCLOAK-12962 Enforce 3.6.0 maven version for deploy phase 2020-02-25 16:36:26 +01:00
stianst
9e47022116 KEYCLOAK-8044 Clear theme caches on hot-deploy 2020-02-20 08:50:10 +01:00
stianst
d8d81ee162 KEYCLOAK-12268 Show page not found for /account/log if events are disabled for the realm 2020-02-20 08:49:30 +01:00
stianst
9a3a358b96 KEYCLOAK-11700 Lower-case passwords before checking with password blacklist 2020-02-20 08:33:46 +01:00
stianst
536824beb6 KEYCLOAK-12960 Use Long for time based values in JsonWebToken 2020-02-19 15:46:05 +01:00
mhajas
167f73f54e KEYCLOAK-12969 Don't use GenericFilter in server-authz test application 2020-02-19 11:06:28 -03:00
Stefan Guilhen
7a3998870c [KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs 
- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
 2020-02-18 16:38:19 -03:00
mposolda
eeeaafb5e7 KEYCLOAK-12858 Authenticator is sometimes required even when configured as alternative 2020-02-18 09:05:59 +01:00
Thomas Darimont
67ddd3b0eb KEYCLOAK-12926 Improve Locale based message lookup 
We now consider intermediate Locales when performing a Locale based
ResourceBundle lookup, before using an Locale.ENGLISH fallback.

Co-authored-by: stianst <stianst@gmail.com>
 2020-02-18 08:43:46 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
Adamczyk Błażej
497787d2cd [KEYCLOAK-10696] - fixed missing client role attributes after import 2020-02-17 10:01:19 +01:00
mposolda
a76c496c23 KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users 2020-02-14 20:24:42 +01:00
Douglas Palmer
876086c846 [KEYCLOAK-12161] "Back to Application" link is shown with link to current page 2020-02-14 10:37:32 -03:00
stianst
f0e3122792 KEYCLOAK-12953 Ignore empty realm frontendUrl 2020-02-14 11:33:07 +01:00
stianst
42773592ca KEYCLOAK-9632 Improve handling of user locale 2020-02-14 08:32:20 +01:00
Pedro Igor
7efaf9869a [KEYCLOAK-12864] - OIDCIdentityProvider with Reverse Proxy 2020-02-13 15:01:10 +01:00
Pedro Igor
421ec34557 [KEYCLOAK-8049] - Prevent users from not choosing a group 2020-02-13 10:10:46 +01:00
mabartos
90b35cc13d KEYCLOAK-10420 Broker tests don't work with RH-SSO 2020-02-12 18:33:55 +01:00
mabartos
1bdf77f409 KEYCLOAK-12065 UserSessionInitializerTest is failing 2020-02-12 17:39:28 +01:00
mhajas
c3f0b342bf KEYCLOAK-12964 Fix adapter remote tests execution deciding 2020-02-12 16:04:44 +01:00
mhajas
1bb238d20f KEYCLOAK-12950 Use maven-plugin to configure shrinkwrap resolver 2020-02-12 16:04:44 +01:00
mhajas
f28ca30e6d KEYCLOAK-12963 Exclude testNoPortInDestination test for remote container 2020-02-12 13:18:51 +01:00
Peter Zaoral
b0ffea699e KEYCLOAK-12186 Improve the OTP login form 
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2020-02-12 11:25:02 +01:00
vramik
3d22644bbe KEYCLOAK-12237 Fix WelcomePageTest on Postgresql 2020-02-12 10:43:29 +01:00
Peter Skopek
622a97bd1c KEYCLOAK-12228 Sensitive Data Exposure 
from patch of hiba haddad haddadhiba0@gmail.com
 2020-02-12 09:57:31 +01:00
stianst
3c0cf8463a KEYCLOAK-12821 Check if action is disabled in realm before executing 2020-02-12 09:04:43 +01:00
stianst
6676b9bba0 Fix 2020-02-12 08:23:25 +01:00
stianst
0b8adc7874 KEYCLOAK-12921 Fix NPE in client validation on startup 2020-02-12 08:23:25 +01:00
stianst
dda829710e KEYCLOAK-12829 Require PKCE for admin and account console 2020-02-12 08:22:20 +01:00
Thomas Darimont
7969aed8e0 KEYCLOAK-10931 Trigger UPDATE_PASSWORD event on password update via AccountCredentialResource 2020-02-11 19:51:58 +01:00
Martin Kanis
1d54f2ade3 KEYCLOAK-9563 Improve access token checks for userinfo endpoint 2020-02-11 15:09:21 +01:00
Erik Jan de Wit
41bf0b78be KEYCLOAK-11631 reset to default befor loading new 2020-02-10 12:55:14 -05:00
mhajas
e5935d8069 KEYCLOAK-12764 Fix shrinkwrap issue by updating arquillian bom version 2020-02-08 10:51:48 +01:00
stianst
ecec20ad59 KEYCLOAK-12193 Internal error message returned in error response 2020-02-07 18:10:41 +01:00
Pedro Igor
da0e2aaa12 [KEYCLOAK-12897] - Policy enforcer should just deny when beare is invalid 2020-02-07 15:04:45 +01:00
mabartos
a5d02d62c1 KEYCLOAK-12908 TOTP not accepted in request for Access token 2020-02-07 13:17:05 +01:00
mhajas
3f29c27e16 KEYCLOAK-12906 Describe how to run testsuite against openshift 2020-02-07 12:09:55 +01:00
stianst
5d1fa8719e KEYCLOAK-12190 Fix PartialImportTest for client validation 2020-02-07 11:44:09 +01:00
stianst
7545749632 KEYCLOAK-12190 Add validation for client root and base URLs 2020-02-07 09:09:40 +01:00
Pedro Igor
fc514aa256 [KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering 2020-02-06 13:16:01 +01:00
Pedro Igor
199e5dfa3e [KEYCLOAK-12909] - Keycloak uses embedded cache manager instead of container-managed one 2020-02-06 13:14:36 +01:00
Dmitry Telegin
b6c5acef25 KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID 2020-02-06 08:53:31 +01:00
Axel Messinese
b73553e305 Keycloak-11526 search and pagination for roles 2020-02-05 15:28:25 +01:00
mhajas
66350f415c KEYCLOAK-12849 Exclude SameSite tests in non-SSL test runs 2020-02-05 11:44:07 +01:00
rmartinc
d39dfd8688 KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters 2020-02-05 11:30:28 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability (#6710) 2020-02-05 08:35:47 +01:00
Thomas Darimont
42fdc12bdc
KEYCLOAK-8573 Invalid client credentials should return Unauthorized status (#6725) 2020-02-05 08:27:15 +01:00
vmuzikar
0801cfb01f KEYCLOAK-12105 Add UI tests for Single page to manage credentials 2020-02-04 15:18:52 -03:00
Douglas Palmer
dc97a0af92 [KEYCLOAK-12107] Add tests for Applications page 2020-02-04 09:26:42 -03:00
rmartinc
5b9eb0fe19 KEYCLOAK-10884: Need clock skew for SAML identity provider 2020-02-03 22:00:44 +01:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements (#6709) 
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
  TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
  required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
  the user to provide device name label,

Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages

Add a corresponding testcase

Also address issues pointed out by mposolda's review. Thanks, Marek!

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … (#6668) 2020-02-03 19:23:30 +01:00
vramik
337e8f8fad KEYCLOAK-12240 MigrationModelTest fails in pipeline 2020-02-03 13:14:53 +01:00