Commit graph

360 commits

Author SHA1 Message Date
Ian Duffy
de0ee474dd Review feedback 2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4 [KEYCLOAK-10230] Support for LDAP with Start TLS
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
2019-05-27 21:30:01 +02:00
Réda Housni Alaoui
72d6ac518c User password cache is not refreshed after updating the user with hashed credential 2019-05-23 14:16:40 +02:00
vramik
d64f716a20 KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title 2019-05-20 09:51:04 +02:00
Hynek Mlnarik
b8aa1916d8 KEYCLOAK-10195 Fix role lookup to address roles with dots 2019-05-14 13:00:04 +02:00
Stefan Guilhen
f1acdc000e [KEYCLOAK-10168] Handle microprofile-jwt client scope migration 2019-05-06 15:14:27 -03:00
Jan Lieskovsky
9eb400262f KEYCLOAK-6055 Include X.509 certificate data in audit logs
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2019-04-30 11:31:04 +02:00
Sebastian Loesch
96250c9685 [KEYCLOAK-9573] Allow AdminEvents for custom resource types 2019-04-26 09:57:28 +01:00
mposolda
5b663dbc69 KEYCLOAK-9713 Warning in the log during export/import on current master 2019-04-24 10:56:43 +02:00
mposolda
7a671052a3 KEYCLOAK-9988 Fix unstable UserSessionPersisterOfflineTest.testExpired. Adding ResetTimeOffsetEvent 2019-04-23 20:58:37 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
Bekh-Ivanov George
ebcfeb20a3 [KEYCLOAK-10020] - Add ability to request user-managed (ticket) permissions by name 2019-04-12 08:44:57 -03:00
fisache
b4973ad7b5 [KEYCLOAK-9769] service account can't authorize when group policy exists in resource server 2019-04-09 15:23:50 -03:00
mposolda
db271f7150 KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-20 15:00:44 +01:00
Corey McGregor
be77fd9459 KEYCLOAK-2339 Adding impersonator details to user session notes and supporting built-in protocol mappers. 2019-03-08 09:14:42 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
Gilles
f295a2e303 [KEYCLOAK-3723] Fixed updated of protocol mappers within client updates in clients-registrations resource 2019-03-04 11:57:59 +01:00
Pedro Igor
6aa9096361 [KEYCLOAK-9451] - Policy evaluation fails when not evaluated against a particual resource 2019-02-28 10:38:09 -03:00
Pedro Igor
9314f13255 [KEYCLOAK-9093] - False-Positive UMA Policy Evaluation 2019-02-21 21:47:58 -03:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
Pedro Igor
34d8974e7f [KEYCLOAK-9489] - User not able to log in to admin console when using query-* roles 2019-02-20 18:09:36 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
mposolda
061693a8c9 KEYCLOAK-9089 IllegalArgumentException when trying to use ES256 as OIDC access token signature 2018-12-14 21:01:03 +01:00
mposolda
c51c492996 KEYCLOAK-9050 Change LoginProtocol.authenticated to read most of the values from authenticationSession 2018-12-12 13:30:03 +01:00
Pedro Igor
0c39eda8d2 [KECLOAK-8237] - Openshift Client Storage 2018-12-06 10:57:53 -02:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
Stefan Guilhen
311e848460 KEYCLOAK-8504 Ensure the authenticationFlowBindingOverrides client configuration references a valid authentication flow id when a realm is imported 2018-11-23 22:09:14 +01:00
Pedro Igor
91637120ee [KEYCLOAK-5052] - LDAP group names containing / in the name violates SIBILING_NAME constraint in db 2018-11-23 08:48:08 -02:00
mposolda
6db1f60e27 KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs 2018-11-21 21:51:32 +01:00
Stefan Guilhen
8af1ca8fc3 KEYCLOAK-8414 use the clientId when the ClientScopeModel is an instance of ClientModel 2018-11-20 15:08:10 +01:00
Takashi Norimatsu
0793234c19 KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603)
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

also support client signed signature verification by refactored token
verification mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

incorporate feedbacks and refactor client public key loading mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

unsigned request object not allowed

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

revert to re-support "none"
2018-11-19 14:28:32 +01:00
mposolda
0533782d90 KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB 2018-11-16 14:23:28 +01:00
Leon Graser
85f11873c3 KEYCLOAK-8613 Group Membership Pagination 2018-11-15 17:54:07 +01:00
Thomas Darimont
cf57a1bc4b KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.

SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.

Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
mposolda
1b5a83c4f1 KEYCLOAK-6980 Check if client_assertion was already used during signed JWT client authentication 2018-11-14 20:09:22 +01:00
vramik
560d76b7ee KEYCLOAK-6748 undertow saml adapter tests 2018-11-06 21:17:07 +01:00
rmartinc
cbe59f03b7 KEYCLOAK-8708: Provide aggregation of group attributes for mappers 2018-11-06 13:42:38 +01:00
Graser Leon
9ef4c7fffd KEYCLOAK-8377 Role Attributes 2018-10-24 22:04:28 +02:00
Pedro Igor
460cdf4508 [KEYCLOAK-8617] - Permission cache not handling decisions from negative policies correctly 2018-10-24 15:03:22 -03:00
Pedro Igor
2af9d002b6 [KEYCLOAK-8172] - Evaluation not considering scopes inherited from parent resources 2018-10-24 12:50:27 -03:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
Pedro Igor
79ca722b49 [KEYCLOAK-7605] - Make sure Evaluation API is read-only 2018-10-09 08:09:29 -03:00
mposolda
2a4cee6044 KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers 2018-10-04 12:00:38 +02:00
Pedro Igor
b4b3527df7 [KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups 2018-10-02 15:44:23 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
Pedro Igor
43f5983613 [KEYCLOAK-8289] - Remove authorization services from product preview profile 2018-09-26 18:27:27 +02:00
Douglas Palmer
b748e269ec [KEYCLOAK-7435] Added code to delete a specific session and tests for session deletion 2018-09-20 15:57:58 +02:00
Pedro Igor
044d153c37 [KEYCLOAK-8273] - Failed to evaluate permissions when in permissive mode and using UMA tickets 2018-09-18 18:59:15 -03:00