Commit graph

12236 commits

Author SHA1 Message Date
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector (#6591) 2020-01-14 21:54:45 +01:00
k-tamura
221aad9877 KEYCLOAK-11511 Improve exception handling of REST user creation 2020-01-14 13:34:34 +01:00
Andrei Arlou
b6a3fba6e3 KEYCLOAK-12568 Remove unused method from org.keycloak.saml.processing.core.saml.v2.factories.JBossSAMLAuthnResponseFactory 2020-01-14 13:21:29 +01:00
root
4cbe478129 Fix KEYCLOAK-10838, use bytesRead to make sure the output stream does not get padded with null bytes. 2020-01-14 13:20:10 +01:00
vramik
3b1bdb216a KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem 2020-01-14 13:17:13 +01:00
Martin Kanis
e1f8e5d08c KEYCLOAK-12462 Align to EAP 7.3.0.GA 2020-01-13 14:58:59 +01:00
mhajas
a79d6289de KEYCLOAK-11416 Fix nil AttributeValue handling 2020-01-10 12:47:09 +01:00
vramik
a2b3747d0e KEYCLOAK-7014 - Correctly handle null-values in UserAttributes 2020-01-10 12:44:52 +01:00
Martin Kanis
39fff1c538 KEYCLOAK-12513 Cannot instantiate WebAuthnCredentialProviderFactory with Jackson 2.10.0 2020-01-10 11:34:24 +01:00
Viswa Teja Nariboina
5082ed2fcb [ KEYCLOAK-12606 ] Passing email in login_hint query parameter during Identity brokering fails when an account already exists 2020-01-09 10:40:42 +01:00
Pedro Igor
03bbf77b35 [KEYCLOAK-12511] - Mapper not visible in client's mapper list 2020-01-09 10:25:06 +01:00
mposolda
fea7b4e031 KEYCLOAK-12424 SPNEGO / Kerberos sends multiple 401 responses with WWW-Authenticate: Negotiate header when kerberos token is invalid 2020-01-09 10:21:24 +01:00
Tom Billiet
0f8d988d58 [KEYCLOAK-12299] JWKS parsing: fallback to RS256 for RSA keys without alg field 2020-01-09 10:12:34 +01:00
Thomas Darimont
062cbf4e0a KEYCLOAK-9925 Use Client WebOrigins in UserInfoEndpoint
We now use the allowed WebOrigins configured for the client
for which the user info is requested.

Previously, Web Origins defined on the Client were not being recognized
by the /userinfo endpoint unless you apply the "Allowed Web Origins"
protocol mapper.
This was an inconsistency with how the Web Origins work compared
with the /token endpoint.
2020-01-09 10:10:59 +01:00
Bodo Graumann
65b674a131 KEYCLOAK-10818 Add hint about +, * in client CORS
The '+' in the allowed CORS origins does not replicate a '*' wildcard
from the Valid Redirect URIs. This information is now available in the
tooltip.

Also translated changed message into german.
2020-01-09 10:09:02 +01:00
Pedro Igor
dae212c035 [KEYCLOAK-12312] - Partial import of realm breaking access to client's service account roles 2020-01-09 10:06:32 +01:00
Pedro Igor
c596647241 [KEYCLOAK-11712] - Request body not buffered when using body CIP in Undertow 2020-01-09 10:02:18 +01:00
Pedro Igor
709cbfd4b7 [KEYCLOAK-10705] - Return full resource representation when querying policies by id 2020-01-09 10:00:24 +01:00
Pedro Igor
9fd7ab81f0 [KEYCLOAK-10407] - Avoiding redundant calls on identity.getid 2020-01-09 09:56:48 +01:00
stianst
80187b54ff KEYCLOAK-10974 Add quotes in kcreg.bat to allow installation dir with spaces 2020-01-09 09:45:40 +01:00
Manfred Duchrow
f926529767 KEYCLOAK-12616 Vault unit test always failes on Windows 2020-01-07 20:55:50 +01:00
vmuzikar
8e0e972957 KEYCLOAK-12626 Fix compilation errors in Admin Console tests 2020-01-07 11:56:14 -05:00
Hynek Mlnarik
f7379086e0 KEYCLOAK-12619 Improve mapped byte buffer cleanup 2020-01-07 16:07:43 +01:00
Bruno Oliveira da Silva
c0aa0891cd [KEYCLOAK-12533] Applications UI has erroneous "Remove Access" button 2020-01-06 10:49:52 -03:00
Thomas Darimont
54b69bd1dc KEYCLOAK-10190 Fix NPE on missing clientSession in TokenEndpoint.codeToToken
In certain scenarios, e.g. when an auth code from another realm login is
used to perform the code to token exchange, it can happen that the
ClientSession is null which triggered an NPE when the userSession field is accessed.

Added null check for clientSession in TokenEndpoint.codeToToken to prevent an NPE.
2020-01-06 14:45:20 +01:00
vramik
419d9c6351 KEYCLOAK-11597 Remote testing changes + possibility to exclude tests for specific auth server
Co-Authored-By: <mhajas@redhat.com>
2020-01-06 14:29:36 +01:00
Thomas Darimont
1a7aeb9b20 KEYCLOAK-8249 Improve extraction of Bearer tokens from Authorization headers (#6624)
We now provide a simple way to extract the Bearer token string from
Authorization header with a null fallback.

This allows us to have more fine grained error handling for the
various endpoints.
2020-01-06 13:58:52 +01:00
mhajas
28b01bc34d KEYCLOAK-12609 Fix integer overflow for SAML XMLTimeUtil add method parameters 2020-01-06 13:53:16 +01:00
Yoshiyuki Tabata
e96725127f KEYCLOAK-12165 Fix UserSessionProviderTest to work correctly (#6513) 2020-01-02 17:57:14 +01:00
Marek Posolda
fa453e9c0c
KEYCLOAK-12278 Default first broker login flow is broken after migration (#6556) 2020-01-02 17:53:56 +01:00
Pedro Igor
56d53b191a [KEYCLOAK-8779] - Fixing PartialImportTest 2019-12-28 06:24:19 -03:00
rmartinc
401d36b446 KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts 2019-12-27 15:59:38 -03:00
Michael Thirion
44ab3f46b7 [KEYCLOAK-6008] - Spring Boot does not honour wildcard auth-role (#6579) 2019-12-24 19:06:55 -03:00
Asbjørn Dyhrberg Thegler
1162455f32 KEYCLOAK-10894 Adds a ready indicating promise
This is non-intrusive and backwards compatible. With this change it is possible
to `await keycloakAuthorization.ready` to make sure the component has been
properly initialized.
2019-12-24 18:33:20 -03:00
Thomas Darimont
0219d62f09 KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens
As required by the OIDC spec (1) we now return a proper WWW-Authenticate
response header if the given token is invalid.

1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError
2019-12-23 07:42:06 -03:00
Andrei Arlou
23b794aa51 KEYCLOAK-12313 Remove unused method from org.keycloak.saml.common.util.DocumentUtil 2019-12-20 15:03:42 +01:00
Pedro Igor
e316e2a2f0 [KEYCLOAK-8616] - Process requests only if a deployment can be resolved 2019-12-20 13:33:12 +01:00
Andrei Arlou
eed4847469 KEYCLOAK-12311 Fix minor warnings with collections in packages: forms, keys, partialimport, protocol from module "services" 2019-12-20 13:31:38 +01:00
Philipp Nanz
7409f6991f KEYCLOAK-12166 Argument 'customJacksonProvider' not being passed on 2019-12-20 09:06:55 +01:00
Peter Skopek
7a14661fce KEYCLOAK-6115 Login fails if federated user is read-only and has selected a locale on the login screen 2019-12-19 14:36:50 +01:00
Pedro Igor
946088d48d [KEYCLOAK-12109] - Resolving authz discovery url using KeycloakUriBuilder 2019-12-19 14:18:21 +01:00
Pedro Igor
3bd193acd7 [KEYCLOAK-12412] - Policy enforcer should consider charset when comparing the content-type of the request 2019-12-19 14:14:33 +01:00
Andrei Arlou
aceb123242 KEYCLOAK-12417 Fix minor warnings in tests from module "services" 2019-12-19 10:51:37 +01:00
Andrei Arlou
697eaa4f36 KEYCLOAK-12309 Fix warnings with collections in packages:
authentification, authorization, broker, email, events, exportimport from module "services"
2019-12-18 14:02:27 +01:00
Tero Saarni
1ac76fde59 KEYCLOAK-12242 KEYCLOAK-12280
(cherry picked from commit 6f47d7fc2ccab4f31e373774c983501e83dffa4b)
2019-12-18 13:29:21 +01:00
Andrei Arlou
bb156fb2fd KEYCLOAK-12317 Fix minor warnings with modificators in packages: authentication, authorization, keys, partialimport, protocol from module "services" 2019-12-18 13:26:27 +01:00
Andrei Arlou
c61cc1a493 KEYCLOAK-12316 Simplify conditions in packages: authentication, broker, credential, protocol from module "services" 2019-12-18 13:22:36 +01:00
Stefan Guilhen
9f69386a53 [KEYCLOAK-11707] Add support for Elytron credential store vault
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
 - Introduces an abstract provider and factory that unifies code that is common to the existing implementations
 - Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
   and key names when constructing the vault entry id
 - Introduces a keyResolvers property to the existing implementation via superclass that allows for the
   configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
   are tried in the order they were declared when retrieving a secret from the vault
 - Adds more tests for the files-plaintext provider using the new key resolvers
 - Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
   needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb [KEYCLOAK-12254] Fix re-evaluation of conditional flow (#6558) 2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9 [KEYCLOAK-11859] Added option to always display a client in the accounts console 2019-12-17 17:12:49 -03:00