Commit graph

2647 commits

Author SHA1 Message Date
Stian Thorgersen
9ef1f1b73c KEYCLOAK-3482 2018-02-22 09:42:45 -03:00
Erlend Hamnaberg
208ecbc3f7 KEYCLOAK-6676: Fix NPE if the redirect_uri parameter is missing 2018-02-21 19:44:22 +01:00
mposolda
fc463ae50b KEYCLOAK-6617 Offline token logout did not invalidate user session 2018-02-19 08:49:05 +01:00
cgol
86a8addf49 KEYCLOAK-6615 Remove offline session from database on offline token logout
remove offline token from database on offline session logout
2018-02-19 08:49:05 +01:00
stianst
9b63cd35f0 KEYCLOAK-6431 2018-02-13 19:38:46 +01:00
Hynek Mlnarik
84ea3f8cb1 KEYCLOAK-4315 Remove some dead/duplicate classes 2018-02-13 15:41:36 +01:00
Bill Burke
5d5373454c
Merge pull request #4991 from patriot1burke/challenge-support
KEYCLOAK-6355
2018-02-13 09:38:45 -05:00
Bill Burke
87ee15a081 fix 2018-02-12 16:52:55 -05:00
Bill Burke
d6788a0839 finish 2018-02-10 13:38:39 -05:00
stianst
505cf5b251 KEYCLOAK-6519 Theme resource provider 2018-02-09 08:28:59 +01:00
Bill Burke
5ea4ef9e55 change code query params to session_code 2018-02-08 17:37:27 -05:00
Douglas Palmer
e8de4655ac KEYCLOAK-6344 Use POST instead of GET for LDAP connection tests 2018-02-08 21:18:03 +01:00
Jochen Preusche
8325151e16
Extract findLocale to LocaleNegotiator, add tests
* Improve Testability of Locale Negotiation
 * Add test for Locale Negotiation
 * Fix Locale Negotiation for omitted Country Code
2018-02-06 09:50:04 +01:00
Serhii Shymkiv
c2fe500eb8 [KEYCLOAK-4721] Consider Session Language of Realm Also In ReCaptcha 2018-02-02 13:57:03 +01:00
vramik
019c3c9ef9 KEYCLOAK-6146 realm import fails when password policy is specified 2018-02-02 08:30:06 +01:00
Thomas Darimont
77334af34e KEYCLOAK-6222 Check syntax for errors on ScriptBasedOIDCProtocolMapper validation
We now explicitly check for syntax errors
during validation of ScriptBasedOIDCProtocolMappers.
2018-02-02 08:28:27 +01:00
Bill Burke
8f09efab9d
Merge pull request #4949 from patriot1burke/client-storage-spi
KEYCLOAK-6228
2018-02-01 08:59:02 -05:00
Bill Burke
126dd70efc client stat improvement 2018-01-31 13:05:13 -05:00
Bill Burke
a571781240 hynek db changes 2018-01-30 17:00:55 -05:00
Vlastimil Elias
a5f675d693 KEYCLOAK-4937 - convert time units in emails into human-friendly format 2018-01-30 06:38:57 +01:00
Bill Burke
1d8e38f0c6 admin console 2018-01-27 13:05:02 -05:00
Bill Burke
dd4c0d448c Merge remote-tracking branch 'upstream/master' into client-storage-spi 2018-01-27 09:47:41 -05:00
Bill Burke
6b84b9b4b6 done 1st iteration 2018-01-27 09:47:16 -05:00
Takashi Norimatsu
502627f590 KEYCLOAK-5811 Client Authentication by JWS Client Assertion in client secret 2018-01-26 10:59:40 +01:00
gregoirew
13261b52db Use the github /user/emails api endpoint if the github user did not set any public email.
Github can send a null email on the user info endpoint if there is no public email on the user profile.
This commit look for email on the /user/emails endpoint, selecting the primary email.
2018-01-25 20:56:24 +01:00
Bill Burke
ddad1cb8af Merge remote-tracking branch 'upstream/master' into client-storage-spi 2018-01-25 10:08:37 -05:00
Bill Burke
8a17b61f4e initial work 2018-01-25 10:08:26 -05:00
Bill Burke
7c66f76858
Merge pull request #4932 from patriot1burke/per-client-flow
KEYCLOAK-6335
2018-01-25 09:55:11 -05:00
Thomas Darimont
3d12bf7d14 KEYCLOAK-4743 Revise proxy support for HttpClient SPI
Polishing & more tests.
2018-01-25 09:31:32 +01:00
Thomas Darimont
851d0192ad KEYCLOAK-4743 Add proxy support to HttpClient SPI
We now provide a configurable way for dynamic proxy route selection
for the default HttpClient based on regex based targetHostname patterns.

Introduced `ProxyMapping` to describe a regex based mapping
between target hosts and the proxy URL to use.

A `ProxyMapping` can be build from an ordered list of string based
mapping representations, e.g:
```
   ^.*.(google.com|googleapis.com)$;http://localhost:8080
```
If the targetHost does not match a configured proxy mapping,
no proxy is used.

This can be configured via standalone.xml / jboss-cli, e.g.:
```
   echo SETUP: Configure proxy routes for HttpClient SPI
   /subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:add(enabled=true)
   /subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:write-attribute(name=properties.proxy-mappings,value=["^.*.(google.com|googleapis.com)$;http://www-proxy1:8080","^.*.facebook.com$;http://www-proxy2:8080"])
```
The new `ProxyMappingWareRoutePlanner` uses a configured `ProxyMapping`
to decide which proxy to use for a given request based on the target host
denoted by the HTTP request to execute.

I verified this manually with the BurpProxy Suite.
2018-01-25 09:31:32 +01:00
mposolda
6369c26671 KEYCLOAK-6286 Adding 'Exclude Session State From Authentication Response' switch to fix backwards compatibility with Keycloak 2.X adapters 2018-01-24 11:35:13 +01:00
Bill Burke
7b2e72d395 Merge remote-tracking branch 'upstream/master' into per-client-flow 2018-01-23 12:10:11 -05:00
Bill Burke
a9297df89c KEYCLOAK-6335 2018-01-23 12:09:49 -05:00
Hynek Mlnarik
4ba72e2d2d KEYCLOAK-5976 Fix client setting in brokered IdP-initiated scenario 2018-01-23 09:34:11 +01:00
stianst
f762173eb0 KEYCLOAK-3370 Add option to override theme in client template and client 2018-01-18 09:14:13 +01:00
stianst
35ada9d636 KEYCLOAK-6289 Add ThemeSelectorSPI 2018-01-18 09:14:13 +01:00
Thomas Darimont
bae4d4c673 KEYCLOAK-5791 Allow multi-valued ScriptBasedOIDCProtocolMapper
We now support multi-valued attribute values for the
`ScriptBasedOIDCProtocolMapper`.
Previously the `ScriptBasedOIDCProtocolMapper` only supported
single valued output. If a script returned a list of
output values then only the first value was emitted to the token.

By default multi-valued is set to `false` / `off`.
2018-01-11 08:52:24 +01:00
stianst
d8c0cc447f KEYCLOAK-6090 Add missing cors headers with invalid username/password and resource owner grant 2018-01-02 15:15:15 +01:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Marko Strukelj
23d0afbfd8 KEYCLOAK-6058 Partial import should ignore built-in clients 2017-12-21 13:52:58 +01:00
stianst
f0c5752ef9 KEYCLOAK-5443 Fix update user account when both email as username and edit username are enabled 2017-12-20 14:40:03 +01:00
Bruno Oliveira
811cd3a04a KEYCLOAK-6011 2017-12-20 13:37:11 +01:00
stianst
e96c6a4bcb KEYCLOAK-6068 Fix preflight request on admin endpoints 2017-12-20 10:19:34 +01:00
stianst
465675ac28 KEYCLOAK-5019 Fixes for password managers 2017-12-19 16:13:16 +01:00
mposolda
5a66f577eb KEYCLOAK-5982 Fix NPEs when client 'account' was renamed/removed 2017-12-18 21:47:17 +01:00
stianst
27b5e1aae2 KEYCLOAK-6050 Fix export doesn't export internal realm rep 2017-12-18 13:15:42 +01:00
stianst
b303acaaba KEYCLOAK-2120 Added manual setup page for OTP 2017-12-18 11:20:20 +01:00
Bill Burke
118e998570
Merge pull request #4834 from pedroigor/KEYCLOAK-5806
[KEYCLOAK-5806] - Create policy button to associated policies
2017-12-16 23:44:35 -05:00
Bill Burke
80be4c9dbc fix more 2017-12-16 07:12:32 -05:00
pedroigor
5d7ba39e0c [KEYCLOAK-5806] - Create policy component to permission pages 2017-12-15 23:41:52 -02:00
Bill Burke
7cb39c2dfc KEYCLOAK-5420 2017-12-15 12:16:24 -05:00
Hynek Mlnarik
e4a91c0706 KEYCLOAK-6042 Encode user ID before storing in auth session 2017-12-15 15:16:26 +01:00
stianst
a8943fb323 KEYCLOAK-6043 Use same urls for get and posts in account 2017-12-15 08:31:04 +01:00
Bruno Oliveira
1a541889f4 [KEYCLOAK-6015] replyTo can be empty string in DB 2017-12-15 07:01:15 +01:00
stianst
b672229efc KEYCLOAK-6032 Fix error page when internationalization is enabled 2017-12-15 06:32:00 +01:00
Vlastimil Elias
7e20a65989 KEYCLOAK-6040 AuthenticationSessionModel pushing into
EmailTemplateProvider
2017-12-14 15:51:04 +01:00
Hynek Mlnarik
2a2e6c839b KEYCLOAK-5635 2017-12-13 21:07:46 +01:00
Hynek Mlnarik
7174c0b4ec KEYCLOAK-6025 Simplify easy access to current session in action token handlers 2017-12-12 17:53:44 +01:00
stianst
f939818252 KEYCLOAK-5907 Use client manager to delete clients in client registration services 2017-12-12 14:25:05 +01:00
mposolda
63efee6e15 KEYCLOAK-5938 Authentication sessions: Support for logins of multiple tabs of same client 2017-12-12 08:01:02 +01:00
stianst
867de9de50 KEYCLOAK-6010 Add CORS headers to keycloak.js 2017-12-11 14:24:12 +01:00
k-tamura
d7a90817f2 KEYCLOAK-6009 Fix incorrect String.format usage 2017-12-10 20:56:36 +01:00
Bill Burke
c9b218db71
Merge pull request #4823 from patriot1burke/master
KEYCLOAK-5724
2017-12-08 20:03:05 -05:00
Bill Burke
ce9f4bf97a KEYCLOAK-5724 2017-12-08 10:25:30 -05:00
Bill Burke
5d5a200413
Merge pull request #4818 from patriot1burke/master
KEYCLOAK-5926
2017-12-08 09:59:32 -05:00
Hynek Mlnarik
00fb36437d KEYCLOAK-5861 Remove AUTH_SESSION_ID when END_AFTER_REQUIRED_ACTIONS set 2017-12-08 09:52:14 +01:00
Hynek Mlnarik
4a012b73ea KEYCLOAK-4998 Fix NPE in AttributeToRoleMapper 2017-12-08 09:21:21 +01:00
Bill Burke
49ba71fd8f add logic for sync 2017-12-07 20:03:10 -05:00
Bill Burke
0dee393071 KEYCLOAK-5926 2017-12-07 19:49:10 -05:00
stianst
c055ffb083 KEYCLOAK-4215 Consider session expiration when setting token timeouts 2017-12-07 10:45:02 +01:00
stianst
cccddebfd0 KEYCLOAK-5984 Fix error message in client initiated 2017-12-06 19:46:11 +01:00
mposolda
8a0fa521c4 KEYCLOAK-5915 Support for sticky sessions managed by loadbalancer. Support for KeyAffinityService 2017-12-06 13:06:54 +01:00
Bill Burke
f669fdf0df
Merge pull request #4797 from stianst/KEYCLOAK-5734
KEYCLOAK-5734
2017-12-05 17:31:36 -05:00
stianst
94ce97b972 KEYCLOAK-5734 2017-12-05 21:22:47 +01:00
stianst
c3d9f4704e KEYCLOAK-5946 Make sure wildcard origin is never returned 2017-12-04 19:55:34 +01:00
stianst
4541acc628 KEYCLOAK-5176 Strip headers from PEM when uploading to client 2017-12-04 19:54:15 +01:00
mposolda
ff6fcd30d9 KEYCLOAK-4478 OIDC auth response lacks session_state in some cases 2017-12-04 16:13:22 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
mposolda
7b03eed9c8 KEYCLOAK-5797 Refactoring authenticationSessions to support login in multiple browser tabs with different clients 2017-11-30 12:56:45 +01:00
Peter Nalyvayko
b8e5fd2b99 KC-4335: working on adding a reverse proxy support to allow X.509 client certificate authentication when running keycloak behind a reverse proxy
KC-4335: reverse proxy => a swtich to change a type of reverse proxy when running the X509 integration tests; changes to the names of the reverse proxy providers

KC-4335: updated the migration scripts to add x509 spi to standalone and domain configurations; removed the HAproxy and apache x509 spi configuration
2017-11-30 11:00:32 +01:00
pedroigor
17748d5ba8 [KEYCLOAK-5660] - Adding UserQueryProvider.getUsersCount(realm, includeServiceAccount) method 2017-11-30 10:45:54 +01:00
Marko Strukelj
c5d9301951 KEYCLOAK-4920 NPE when exporting configuration without alias 2017-11-30 10:40:25 +01:00
Bruno Oliveira
6a528a3ee6 [KEYCLOAK-2645] Reset password page says 'You need to change your password to activate your account.' 2017-11-30 10:37:21 +01:00
stianst
2be78a0239 KEYCLOAK-5924 Add error handler for uncaught errors 2017-11-30 10:33:13 +01:00
Bruno Oliveira
af66c5dbd2 [KEYCLOAK-5483] X.509 Auth - log in attempt is not sometimes logged in the Login Events 2017-11-29 20:08:22 +01:00
Pedro Igor
d22c58ee30
Merge pull request #4760 from pedroigor/KEYCLOAK-5900
[KEYCLOAK-5900] - Returning error response when resource does not exist
2017-11-29 10:38:44 -02:00
pedroigor
c5b06f23e9 [KEYCLOAK-5900] - Returning error response when resource does not exist 2017-11-28 19:46:18 -02:00
pedroigor
bf73375a5c [KEYCLOAK-5901] - Changing response to return a 400 in case scope is invalid 2017-11-28 19:32:41 -02:00
stianst
36314c51d6 KEYCLOAK-5856 Fix infinite loop 2017-11-28 07:54:49 +01:00
pedroigor
e3c9fa25a3 [KEYCLOAK-5770] - Global Saml Logout doesn't create logout event 2017-11-23 21:08:07 +01:00
Bill Burke
2117db5e6d
Merge pull request #4730 from patriot1burke/master
KEYCLOAK-4715
2017-11-22 12:45:23 -05:00
mposolda
bd1072d2eb KEYCLOAK-5747 Ensure refreshToken doesn't need to send request to the other DC. Other fixes and polishing 2017-11-22 11:55:12 +01:00
Bill Burke
8993ca08ad KEYCLOAK-4715 2017-11-21 17:46:48 -05:00
Bill Burke
06762ba13d KEYCLOAK-5878 2017-11-20 17:03:28 -05:00
Marek Posolda
8e53ccf5ab
Merge pull request #4706 from stianst/KEYCLOAK-5383
KEYCLOAK-5383 Fix creating password in LDAP through admin create user…
2017-11-20 09:17:45 +01:00
Bill Burke
7c0c48da01
Merge pull request #4717 from patriot1burke/master
KEYCLOAK-5715
2017-11-17 12:59:36 -05:00
Bill Burke
ff5010cdd0
Merge pull request #4663 from mstruk/KEYCLOAK-5702
KEYCLOAK-5702 kcadm delete realm fails with nullpointer
2017-11-17 11:57:58 -05:00
Bill Burke
c66ff60c58 KEYCLOAK-5715 2017-11-17 11:34:32 -05:00
Stian Thorgersen
86fb18395e KEYCLOAK-5383 Fix creating password in LDAP through admin create user endpoint 2017-11-15 21:20:00 +01:00
Pedro Igor
1bd2f0e98f
Merge pull request #4674 from thomasdarimont/issue/fix-npe-in-userpermissions
KEYCLOAK-5841 Fix NPE in deletePermissionSetup in UserPermissions
2017-11-15 10:22:44 -02:00
Pedro Igor
eebf0b0499
Merge pull request #4690 from pedroigor/KEYCLOAK-5824
[KEYCLOAK-5824] - Keycloak throws "Error while evaluating permissions" exception often
2017-11-14 18:35:56 -02:00
Pedro Igor
b0ccce397a [KEYCLOAK-5824] - Fixing logging of error mesages 2017-11-14 11:28:21 -02:00
Stian Thorgersen
89f4b87038 KEYCLOAK-5567 Set correct status code on login error pages 2017-11-14 12:33:29 +01:00
Bruno Oliveira
03d0488335 [KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-13 19:57:04 -02:00
Stian Thorgersen
925d5e1dea KEYCLOAK-3173 enable logout offline refresh token using OIDC logout endpoint 2017-11-13 18:23:39 +01:00
Stian Thorgersen
51c7917853 KEYCLOAK-5772 Missing produces type on welcome resource post 2017-11-13 16:38:42 +01:00
Stian Thorgersen
d02ffd33b3 KEYCLOAK-5721 Moved state checker from separate cookie to claim on identity cookie 2017-11-13 14:11:28 +01:00
Thomas Darimont
a5b73a365d KEYCLOAK-5841 Fix NPE in deletePermissionSetup in UserPermissions
Previously a call to `UserPermissions#deletePermissionSetup`
always resulted in a NPE if the usersResource was null.

We now only try to delete the resourceStore information if
the given usersResource is not null.
2017-11-13 13:35:40 +01:00
Stian Thorgersen
90900b1a1f KEYCLOAK-5825 Clear state checker for welcome on form submit 2017-11-10 13:40:29 +01:00
Stian Thorgersen
4295f4ec31 KEYCLOAK-1886 Added cors headers to errors in token endpoint 2017-11-10 12:01:21 +01:00
Marko Strukelj
7035a4647d KEYCLOAK-5702 kcadm delete realm fails with nullpointer 2017-11-09 20:57:49 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Xiaojian Liu
19eed51582 KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
9ff22f596d KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
e1af9f133f KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Bruno Oliveira
26e253f4a5 [KEYCLOAK-5284] 2017-11-09 13:45:06 +01:00
mposolda
701b7acd80 KEYCLOAK-5371 More stable cross-dc tests 2017-11-08 10:03:04 +01:00
Stian Thorgersen
b1a05dfce2
KEYCLOAK-5664 (#4604) 2017-11-07 10:09:34 +01:00
Hynek Mlnarik
fe2f65daac KEYCLOAK-5581 Fix SAML identity broker context serialization 2017-11-03 21:09:18 +01:00
Pedro Igor
3716fa44ac [KEYCLOAK-5728] - Permission Claims support 2017-10-27 12:40:30 -02:00
Pedro Igor
57d3c44bb7 [KEYCLOAK-4901] - New policy mgmt rest api should return specific representations for a policy type 2017-10-26 15:26:40 -02:00
Pedro Igor
a70cab502c [KEYCLOAK-4901] - Reviewing methods on provider spis 2017-10-26 13:39:57 -02:00
Hynek Mlnařík
248da4687a Merge pull request #4610 from hmlnarik/KEYCLOAK-5745-Extract-client-sessions-from-user-sessions
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 13:09:06 +02:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
Bruno Oliveira da Silva
375e01a074 KEYCLOAK-5278 (#4606) 2017-10-25 15:27:24 +02:00
Stian Thorgersen
f0bbcbf0fd KEYCLOAK-5487 (#4603) 2017-10-24 10:49:08 +02:00
Stan Silvert
9083e5fe5c KEYCLOAK-5298: Enable autoescaping in Freemarker (#4561)
* KEYCLOAK-5298: Enable autoescaping in Freemarker

* Fix several of the failing tests.

* Fix broken tests in integration-deprecated

* Fix last failing test.
2017-10-23 12:03:00 -04:00
Stian Thorgersen
9b75b603e3 KEYCLOAK-5234 (#4585) 2017-10-23 16:13:22 +02:00
Stian Thorgersen
d9ffc4fa21 KEYCLOAK-5225 (#4577)
KEYCLOAK-5225 fix test

Fix
2017-10-19 08:23:16 +02:00
Stian Thorgersen
fea4c54adc KEYCLOAK-5280 (#4576) 2017-10-19 08:02:23 +02:00
Bill Burke
649bca7618 KEYCLOAK-4328 2017-10-18 09:37:17 -04:00
Hynek Mlnarik
056ba75a72 KEYCLOAK-5656 Use standard infinispan remote-store 2017-10-16 21:49:42 +02:00
Bruno Oliveira da Silva
b6ab2852c2 Remove unused imports (#4558) 2017-10-16 14:23:42 +02:00
Bill Burke
31dccc9a5e Merge pull request #4509 from TeliaSoneraNorge/KEYCLOAK-5032
KEYCLOAK-5032 Forward request parameters to another IdP
2017-10-13 18:47:05 -04:00
Bill Burke
46d3ed7832 Merge remote-tracking branch 'upstream/master' 2017-10-13 17:00:57 -04:00
Bill Burke
d9af93850c KEYCLOAK-5683, KEYCLOAK-5684, KEYCLOAK-5682, KEYCLOAK-5612, KEYCLOAK-5611 2017-10-13 16:51:56 -04:00
mposolda
26f11078dc KEYCLOAK-5371 Use managed executors on Wildfly 2017-10-11 11:09:53 +02:00
mposolda
f5ff24ccdb KEYCLOAK-5371 Fix SessionExpirationCrossDCTest, Added ExecutorsProvider. Debug support for cache-servers in tests 2017-10-10 22:30:44 +02:00
Bill Burke
b0464f1751 Merge remote-tracking branch 'upstream/master' 2017-10-10 09:10:04 -04:00
Bill Burke
5bd4ea30ad rev 2017-10-10 09:09:51 -04:00
Marek Posolda
d336667972 Merge pull request #4527 from Hitachi/master
OIDC Financial API Read Only Profile : scope MUST be returned in the response from Token Endpoint
2017-10-10 11:37:45 +02:00
Carl Kristian Eriksen
50dd07217d KEYCLOAK-5032 Forward request parameters to another IdP
Forwarding of prompt and acr_values, if provided in the authorization request.
If prompt is set in the configuration for the identity provider, the configuration overrules the request parameter.
2017-10-09 16:15:27 +02:00
Marek Posolda
c6483f8b1e Merge pull request #4523 from abustya/master
KEYCLOAK-5616 Processing of claims parameter
2017-10-09 11:14:23 +02:00
Bill Burke
c8516c2349 support social external exchange 2017-10-06 16:44:26 -04:00
Vlastimil Eliáš
c9da02912e KEYCLOAK-2671 - FreeMarker form providers refactored for better (#4533)
extensibility
2017-10-05 13:37:32 +02:00
Takashi Norimatsu
6f6a467c7b OIDC Financial API Read Only Profile : scope MUST be returned in the
response from Token Endpoint
2017-10-04 12:59:49 +09:00
Václav Muzikář
da146f13c1 KEYCLOAK-5566 Google IdP doesn't reliably fetch user's full name (#4503) 2017-10-03 20:56:25 +02:00
Áron Bustya
c2ffaa0777 Merge remote-tracking branch 'keycloak/master' 2017-10-03 14:53:40 +02:00
Áron Bustya
632414cc92 process claims parameter
also support parsing from request object
2017-10-03 14:51:46 +02:00
Bruno Oliveira da Silva
da72968085 KEYCLOAK-4401: Wrong message when a temporarily disabled user requests password reset (#4506) 2017-10-03 06:28:34 +02:00
mposolda
4a7013d550 KEYCLOAK-5440 RestartLoginCookie field 'cs' not marked ignorable 2017-10-02 14:19:27 +02:00
Bruno Oliveira da Silva
bb0bccc3c0 [KEYCLOAK-5486] Test email connection feature does not work the second time (#4517) 2017-10-02 13:14:50 +02:00
Marek Posolda
13fe9e7cf8 Merge pull request #4510 from glavoie/KEYCLOAK-3303
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens.
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b Merge pull request #4209 from guitaro/feature/group-search-and-pagination
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Bill Burke
9db6a5e0df Merge pull request #4497 from thomasdarimont/issue/KEYCLOAK-3599-add-script-based-protocol-mapper
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
2017-09-23 20:38:51 -04:00
Thomas Darimont
57c633967a KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
We now use the `ScriptingProvider` API instead of
using the `ScriptEngineManager` because dynamic
`ScriptEngineManager` lookups might fail in some
environments like JBoss EAP.

Refactored `AbstractOIDCProtocolMapper` to provide
a new version of the `setClaim(..)` method which takes a
`KeycloakSession` as additional argument.
The old `setClaim(..)` method is marked as deprecated and
should be scheduled for removal in a later release.
To ensure backwards compatibility we call the old `setClaim(..)`
from the new `setClaim(..,keycloakSession)` method in order
to not break user implementations of OIDC ProtocolMappers.

The existing OIDC ProtocolMappers which override the old
`setClaim(..)` method should be updated to use the new version
`setClaim(..,keycloakSession)`.

This was necessary to be able to lookup a `ScriptingProvider`.
2017-09-22 22:57:07 +02:00
Bill Burke
1599e6db6e KEYCLOAK-5518 2017-09-22 16:38:50 -04:00
Bill Burke
537081ec9d Merge pull request #4494 from patriot1burke/master
KEYCLOAK-5516
2017-09-22 16:38:13 -04:00
Bill Burke
3020a04a8b Merge pull request #4490 from Fiercely/master
Keycloak 2035
2017-09-22 16:13:22 -04:00
Bill Burke
790e2dc69f fix compiler bug 2017-09-22 15:43:13 -04:00
Thomas Darimont
236b2b9273 KEYCLOAK-3599 Add Script based OIDC ProtocolMapper 2017-09-22 21:24:20 +02:00
Bill Burke
eb4f7f3b21 KEYCLOAK-5516 2017-09-22 11:48:30 -04:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Bill Burke
8ace0e68c3 KEYCLOAK-910 KEYCLOAK-5455 2017-09-21 17:15:18 -04:00
Bill Burke
ab58052a4c Merge pull request #4482 from patriot1burke/master
KEYCLOAK-5491 KEYCLOAK-5492 KEYCLOAK-5490
2017-09-19 14:01:40 -04:00
Marek Posolda
fa35249afd Merge pull request #4480 from TeliaSoneraNorge/KEYCLOAK-5494
Fix introspection error for pairwise access tokens
2017-09-18 16:44:24 +02:00
Pedro Igor
e8ef050093 Merge pull request #4471 from pedroigor/KEYCLOAK-5095
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-18 09:32:47 -03:00
Martin Hardselius
6b687c4318 Fix offline validation errors
Refactored token validation method to run user checks only if the user
session is valid.
2017-09-18 11:26:57 +02:00
Bill Burke
f927ee7b4e KEYCLOAK-5491 KEYCLOAK-5492 2017-09-15 16:30:45 -04:00
Bill Burke
3e6adbc904 KEYCLOAK-5490 (#4477) 2017-09-15 11:36:48 +02:00
Martin Hardselius
a4315f4076 Fix introspection error for pairwise access tokens
When access tokens containing a pairwise sub are introspected, user
related checks are using that sub to fetch the UserModel instead of
fetching the user from the UserSession. No corresponding user is found
(or possibly even another user) and the token is reported inactive.

Resolves: KEYCLOAK-5494
2017-09-15 10:31:47 +02:00
Bill Burke
c999a0d8f9 Merge remote-tracking branch 'upstream/master' 2017-09-14 21:17:12 -04:00
Bill Burke
affeadf4f3 KEYCLOAK-5490 2017-09-14 21:16:50 -04:00
Stian Thorgersen
ee35673615 KEYCLOAK-1250 Profile and console loader for new account management console 2017-09-14 19:53:02 +02:00
Levente NAGY
d18aa44fb4 Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination 2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7 KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache 2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f Merge branch 'master' into feature/group-search-and-pagination 2017-09-13 10:27:38 +02:00
Hisanobu Okuda
b7af96aa4d KEYCLOAK-5315 Conditional OTP enforcement does not work (#4399) 2017-09-13 06:58:59 +02:00
Martin Kanis
550e5f752a KEYCLOAK-5146 TokenEndpoint returns wrong methods for preflight requests (#4455) 2017-09-13 06:23:11 +02:00
Pedro Igor
cdb3c159c5 [KEYCLOAK-5095] - RPT should contain the RS as audience 2017-09-12 16:59:20 -03:00
Pedro Igor
90db6654d3 Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00
Levente NAGY
c8c88dd58c KEYCLOAK 2538 - UI group pagination - TU + some code improvement + add mockito dependency 2017-09-12 15:09:08 +02:00
Petter Lysne
7f8b5e032a feat: added PayPal IDP (#4449) 2017-09-12 11:57:59 +02:00
Hynek Mlnarik
24e9cbb292 KEYCLOAK-4899 Replace updates to user session with temporary auth session 2017-09-11 21:43:49 +02:00
Levente NAGY
2c24b39268 KEYCLOAK 2538 - UI group pagination 2017-09-07 19:39:06 +02:00
Gabriel Lavoie
c1664478d9 KEYCLOAK-4858: Slow query performance for client with large data volume
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00
mposolda
fe43c26829 KEYCLOAK-5248 auth_time is not updated when reauthentication is requested with 'login=prompt' 2017-09-05 12:22:30 +02:00
Pedro Igor
fa6d5f0ee2 [KEYCLOAK-4653] - Identity.hasClientRole(String) and Identity.hasRole(String) break role namespaces and should be removed 2017-09-01 16:08:34 -03:00
filipelautert
e055589448 [KEYCLOAK-4778] Fix for Oracle null value when having an empty String as attribute value (#4406)
* Add client.name as a second parameter to the title expressions in login template

* Fixing tooltip.

* pt_BR localization for admin screens.

* Reverting login.ftl

* Added all tooltip messages - even the ones not translated.
Translated around 150 messages todas.

* More translations.

* Fixing wrong edit.

* [KEYCLOAK-4778] Null check on Attribute value. This value can be null when retrieved from an Oracle database.

* [KEYCLOAK-4778] Create unit tests for empty and null values.

* [KEYCLOAK-4778] Move empty and null attributes tests to a separated test method; change tests to empty or null Strings.

* [KEYCLOAK-4778] Check if value is null and set it as empty array. In the former code if null was received it would generate an array with 1 string element ["null"]. Also if we set value as null instead of ArrayList, later when the rest call is executed it will generate the same incorrect array again.

* [KEYCLOAK-4778] Tests clean up.
2017-08-31 06:09:41 +02:00
Wim Vandenhaute
924b4f651a KEYCLOAK-5186 createUser: set federationLink (#4316) 2017-08-31 06:07:43 +02:00
Hynek Mlnařík
e36b94d905 KEYCLOAK-5318 Verify signature on raw query parameters (#4445) 2017-08-31 05:46:26 +02:00
Stian Thorgersen
d3dc26181e KEYCLOAK-3481 (#4441) 2017-08-30 08:00:22 +02:00
Stian Thorgersen
dcfa4aca8c KEYCLOAK-943 Started account rest service. Profile and sessions completed. (#4439) 2017-08-29 20:12:09 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Stian Thorgersen
8cc1d02d46 KEYCLOAK-5342 (#4431) 2017-08-28 14:35:58 +02:00
Hynek Mlnařík
9ee8f72be9 \KEYCLOAK-5335 Destination attr in SAML requests is optional (#4424) 2017-08-28 08:06:48 +02:00
Stian Thorgersen
d58c6ad4e0 [KEYCLOAK-4900] Pass login_hint parameter to idp & review (#4421) 2017-08-25 10:14:38 +02:00
w9n
e173bf33ba auth is already part of the serverBaseUri (#4418) 2017-08-25 08:16:01 +02:00