Commit graph

634 commits

Author SHA1 Message Date
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
Cédric Couralet
656fc5d7c0 KEYCLOAK-4052 - add an option to validate Password Policy for ldap user storage 2017-10-13 13:54:50 +02:00
Gaetan Collaud
06ad4caa1b KEYCLOAK-5505 put tabindex in login page 2017-10-10 16:56:03 +02:00
Stan Silvert
9131e7e73c KEYCLOAK-4248: Remove revocation tab for SAML clients. 2017-10-04 14:03:39 -04:00
Herbert Mühlburger
f0f7321c38 Fix spelling error in admin message properties (#4525)
* fix spelling error in admin message properties

* fix typo in admin messages
2017-10-03 20:58:17 +02:00
Bill Burke
817d6cc8c7 minor ui fix 2017-10-02 11:02:19 -04:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens.
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b Merge pull request #4209 from guitaro/feature/group-search-and-pagination
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Bill Burke
3020a04a8b Merge pull request #4490 from Fiercely/master
Keycloak 2035
2017-09-22 16:13:22 -04:00
Thomas Darimont
236b2b9273 KEYCLOAK-3599 Add Script based OIDC ProtocolMapper 2017-09-22 21:24:20 +02:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Stan Silvert
7124d93a24 Merge pull request #4487 from ssilvert/kc1250-big-commit
KEYCLOAK-5502: Fix install of node and yarn for account2 profile.
2017-09-19 10:39:38 -04:00
Stan Silvert
9d66d55ac1 KEYCLOAK-5502: Fix install of node and yarn for account2 profile. 2017-09-19 09:53:22 -04:00
Stan Silvert
657c68475d Merge pull request #4486 from ssilvert/kc1250-big-commit
KEYCLOAK-1250: Initial commit for new account mgt.
2017-09-18 16:51:18 -04:00
Stan Silvert
c8a4fc2c57 KEYCLOAK-1250: Initial commit for new account mgt. 2017-09-18 15:32:43 -04:00
Bill Burke
3e6adbc904 KEYCLOAK-5490 (#4477) 2017-09-15 11:36:48 +02:00
Stian Thorgersen
ee35673615 KEYCLOAK-1250 Profile and console loader for new account management console 2017-09-14 19:53:02 +02:00
Levente NAGY
d18aa44fb4 Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination 2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7 KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache 2017-09-13 16:45:45 +02:00
Stan Silvert
56e0a52197 Merge pull request #4436 from tuxetuxe/master
Do not show empty page size selectors in events lists
2017-09-13 10:22:56 -04:00
Léventé NAGY
503ce3a47f Merge branch 'master' into feature/group-search-and-pagination 2017-09-13 10:27:38 +02:00
Petter Lysne
7f8b5e032a feat: added PayPal IDP (#4449) 2017-09-12 11:57:59 +02:00
Levente NAGY
db56d82dbd KEYCLOAK 2538 - UI group pagination - fix duplicate result for search + sort result 2017-09-12 11:45:37 +02:00
Levente NAGY
2c24b39268 KEYCLOAK 2538 - UI group pagination 2017-09-07 19:39:06 +02:00
Stan Silvert
1fb8846a7a KEYCLOAK-5391: Add node_modules back to repository for commons theme (#4457) 2017-09-05 14:27:19 -04:00
Stian Thorgersen
dcfa4aca8c KEYCLOAK-943 Started account rest service. Profile and sessions completed. (#4439) 2017-08-29 20:12:09 +02:00
Luis Santos
944332a84a Do not show empty page size selectors in events lists 2017-08-29 11:30:53 +03:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Pedro Igor
36c5490250 Merge pull request #4426 from pedroigor/master
[KEYCLOAK-5323] - Fixing filter when searching/selecting clients
2017-08-25 17:07:38 -03:00
Pedro Igor
9a7d56097a [KEYCLOAK-5323] - Fixing filter when searching/selecting clients 2017-08-25 14:06:28 -03:00
Stian Thorgersen
d58c6ad4e0 [KEYCLOAK-4900] Pass login_hint parameter to idp & review (#4421) 2017-08-25 10:14:38 +02:00
Bill Burke
6696c44dc0 Merge remote-tracking branch 'upstream/master' 2017-08-24 15:19:48 -04:00
Bill Burke
7a57723c01 more token exchange 2017-08-24 15:19:38 -04:00
Pedro Igor
16305418f0 [KEYCLOAK-4915] - Unable to update resource permission without changing applied policies 2017-08-23 15:13:24 -03:00
Stan Silvert
245f6c0c84 KEYCLOAK-5232: 'undefined' in allowed protocol mappers field (#4398) 2017-08-23 09:56:28 -04:00
Stan Silvert
010dd5709c KEYCLOAK-5286: js error on save in client/mappers/details screen (#4409) 2017-08-23 09:55:49 -04:00
Stan Silvert
eb5a5023c6 KEYCLOAK-5266: Component numberOfPages in clients view is missing (#4411) 2017-08-23 09:55:19 -04:00
Edwin de Jong
5f97f23c12 KEYCLOAK-5307 Dutch locale (#4340)
- Thanks to Jacob van Lingen to provide the initial translation for
login messages
2017-08-17 11:26:41 +02:00
Stian Thorgersen
31f82243fc KEYCLOAK-5281 (#4390) 2017-08-17 08:47:25 +02:00
Bill Burke
45eac1093d show permissions 2017-08-09 10:39:59 -04:00
Bill Burke
ed5e880931 Merge remote-tracking branch 'upstream/master' 2017-08-07 12:02:50 -04:00
Bill Burke
c9b7504e3f KEYCLOAK-5190 2017-08-07 12:02:18 -04:00
Bill Burke
3fce14d9ce Merge pull request #4369 from patriot1burke/master
KEYCLOAK-5249
2017-08-03 09:57:55 -04:00
Bill Burke
5423e0534b Merge pull request #4330 from stoffus/master
Swedish translation fixes
2017-08-02 19:49:03 -04:00
Bill Burke
3b5ca2bac0 Merge pull request #4366 from hmlnarik/KEYCLOAK-4694-null
KEYCLOAK-4694
2017-08-02 19:47:34 -04:00
Bill Burke
cf0ee31bc5 KEYCLOAK-5249 2017-08-02 19:42:35 -04:00
Hynek Mlnarik
4583a45e78 KEYCLOAK-4694 2017-08-01 09:57:12 +02:00
Pedro Igor
d105aa92e2 [KEYCLOAK-5240] - Escaping values in templates 2017-07-28 17:46:52 -03:00
Stan Silvert
4b9ea5cbe0 KEYCLOAK-5127: Fix packaging of node_modules (#4347) 2017-07-24 09:12:43 -04:00
Christopher Svensson
81d0ae1160 Merge remote-tracking branch 'upstream/master' 2017-07-24 07:28:21 +02:00
Stan Silvert
c8068b688d KEYCLOAK-5127: Exclude node_modules from git (#4334)
* KEYCLOAK-5127: Exclude node_modules from git

* Add readme file.
2017-07-21 15:12:34 -04:00
Christopher Svensson
c6f922412f Corrected Swedish translation 2017-07-19 14:44:39 +02:00
Christopher Svensson
9d1ccaeefa Added locale_sv translation to fix language dropdown 2017-07-19 14:02:33 +02:00
Bill Burke
11ff5a05e9 KEYCLOAK-5205 2017-07-18 11:03:01 -04:00
Bill Burke
a7940c6ffa KEYCLOAK-5194 2017-07-14 18:29:48 -04:00
mposolda
936efe872a KEYCLOAK-5061 Process correct initial flow when action expired 2017-07-10 22:52:54 +02:00
Marek Posolda
2b427dfcd2 Merge pull request #4309 from mposolda/master
KEYCLOAK-5061 Better error messages when action expired
2017-07-10 21:29:03 +02:00
mposolda
7be2c55f61 KEYCLOAK-5061 Better error messages when action expired 2017-07-10 19:50:28 +02:00
Stan Silvert
7dbb439cf3 KEYCLOAK-5075: Allow Origin Missing in Direct Access Grants 2017-07-10 13:45:02 -04:00
Stan Silvert
1721ccc85e KEYCLOAK-5144: Supported locales undefined (#4304)
* KEYCLOAK-5144: Supported locales are undefined

* KEYCLOAK-5144: Supported locales are undefined.

* KEYCLOAK-5144: Supported locales are undefined

* KEYCLOAK-5144: Supported locales are undefined
2017-07-09 20:48:49 -04:00
Pedro Igor
0aeba74185 [KEYCLOAK-5158] - Revert changes that made delete on lists and scope permission stop working 2017-07-06 18:22:13 -03:00
Martin@qingcloud
d84ab4f90b KEYCLOAK-5086:add Chinese translation into messages. (#4251)
* add Chinese translation into messages.

* convert messages from unicode to utf-8
2017-07-06 08:13:49 +02:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Stan Silvert
32b16717a7 KEYCLOAK-4234: Link to app in acct mgt doesn't use root url (#4285)
* KEYCLOAK-4234: Link to app in acct mgt not use root url

* Add tests.
2017-07-04 07:01:58 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Stian Thorgersen
fdb80d4319 Fix console tests (#4277) 2017-06-30 08:49:18 +02:00
Stian Thorgersen
f0f1b85582 KEYCLOAK-5116 (#4276)
Authz tab not showing
2017-06-30 08:48:28 +02:00
Stan Silvert
6874cdc3b2 KEYCLOAK-4997 KEYCLOAK-4866 KEYCLOAK-4895 Upgrade to latest AngularJS, (#4275)
jquery, and others.
2017-06-30 05:55:47 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Stian Thorgersen
55d0ad3a50 Merge pull request #4234 from samuelMangot/master
Email - I18n - added missing german text
2017-06-28 08:20:50 +02:00
Stian Thorgersen
d90235d1bd Merge pull request #4245 from hokuda/email-messages-japanese
fix email messages in Japanese
2017-06-28 08:20:21 +02:00
Samuel Mangot
f5545eabdc Email - I18n - fixed another grammar error 2017-06-27 20:30:30 +02:00
Samuel Mangot
3db8f97248 Email - I18n - removed remaining " and fixe grammar error 2017-06-27 18:04:41 +02:00
Samuel Mangot
48421cbc43 Email - I18n - removed "" around text placeholder 2017-06-27 16:55:10 +02:00
Stian Thorgersen
56c5996aff Merge pull request #4259 from stianst/abstractj-KEYCLOAK-4444
KEYCLOAK-4444
2017-06-27 10:44:30 +02:00
Bruno Oliveira
361ab1c988 [KEYCLOAK-4444] Allow sending test email 2017-06-27 08:38:36 +02:00
Stian Thorgersen
c1c1a81a4e Merge pull request #4138 from ASzc/KEYCLOAK-4752
KEYCLOAK-4752
2017-06-27 08:34:00 +02:00
Bill Burke
28b3ef9aa9 admin console work 2017-06-26 11:40:32 -04:00
Bill Burke
d08ddade2e merge 2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc removal 2017-06-21 17:42:57 -04:00
Bill Burke
8c82201add Merge pull request #4224 from pedroigor/KEYCLOAK-3168
[KEYCLOAK-3168] - Group-Based Access Control
2017-06-21 17:03:34 -04:00
Hisanobu Okuda
eebd3feb28 fix email messages in Japanese 2017-06-21 21:42:14 +09:00
Bill Burke
a994af9010 remove scope 2017-06-16 11:26:43 -04:00
Samuel Mangot
a785f9fd11 Email - I18n - added missing german text 2017-06-16 09:55:54 +02:00
Pedro Igor
d4a85d6abc [KEYCLOAK-5054] - Checking name availability only in cases name is filled 2017-06-14 18:10:51 -03:00
Pedro Igor
169280b6a1 [KEYCLOAK-3168] - Group-Based Access Control 2017-06-13 19:05:44 -03:00
Bill Burke
94528976d4 console work 2017-06-07 16:29:43 -04:00
Bill Burke
536a57a514 ui for permission reference 2017-06-05 19:52:51 -04:00
Bill Burke
b9f7a43a72 group permissions 2017-06-01 20:16:35 -04:00
Alex Szczuczko
bed6f96fc6 KEYCLOAK-4752 Change required actions UI to uncheck and disable the default checkbox when the enable checkbox is not checked. The API will continue to silently drop actions that are not enabled for the realm. 2017-06-01 08:25:51 -06:00
Pedro Igor
81f1a5b145 Merge pull request #4183 from pedroigor/stan-ui-fixes
[KEYCLOAK-4915] - Fixes to evaluation tool UI
2017-05-24 09:32:42 -03:00
Marek Posolda
79af4dfd18 Merge pull request #4127 from sbryzak/KEYCLOAK-4886
KEYCLOAK-4886
2017-05-24 10:47:09 +02:00
Pedro Igor
829bcf5eaf Fix to evaluation tool 2017-05-23 17:50:06 -03:00
Stian Thorgersen
130452f6c3 Merge pull request #4085 from mstruk/RHSSO-402
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-23 13:29:32 +02:00
Pedro Igor
8d40ee17f1 Merge pull request #4166 from pedroigor/stan-ui-fixes
[EYCLOAK-4915] - Review AuthZ UIs
2017-05-22 10:10:09 -03:00
Pedro Igor
7ae117707b Fixing validation of required fields 2017-05-19 19:45:47 -03:00
Pedro Igor
d1d590b45c Delete action on lists 2017-05-19 19:45:47 -03:00
Pedro Igor
62ffab7239 Exporting a client is updating policy config 2017-05-19 19:45:47 -03:00
Bill Burke
ab763e7c5b fixes after merge 2017-05-19 15:54:36 -04:00
Bill Burke
f114895cd2 for merge 2017-05-19 11:29:26 -04:00