libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions
9592 commits 4 branches 9 tags 483 MiB
Commit graph

394 commits

Author SHA1 Message Date
Hynek Mlnarik
9ca72dc5c6 KEYCLOAK-4189 Improve logging and concurrency/cross-DC testing 2017-08-08 10:11:51 +02:00
Bill Burke
8f542618f7 KEYCLOAK-4748 2017-07-31 10:36:04 -04:00
Bill Burke
486a0c9528 remove restriction 2017-07-28 16:25:32 -04:00
Bill Burke
6b991b850e change role name 2017-07-28 16:20:23 -04:00
Bill Burke
852e9274d4 Merge remote-tracking branch 'upstream/master' 2017-07-28 16:15:53 -04:00
Bill Burke
db9b1bcb21 token exchange 2017-07-28 16:15:39 -04:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
Hynek Mlnarik
ab05216730 KEYCLOAK-4775 Added encryption certificate to SAML metadata 2017-07-27 08:18:10 +02:00
Hynek Mlnarik
3c537f5f28 KEYCLOAK-4446 Do not encrypt SAML status messages 
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
 2017-07-26 11:22:56 +02:00
Hynek Mlnarik
c7046b6325 KEYCLOAK-4189 Preparation for cross-DC SAML testing 2017-07-25 09:44:36 +02:00
mposolda
936efe872a KEYCLOAK-5061 Process correct initial flow when action expired 2017-07-10 22:52:54 +02:00
Marek Posolda
48eaebf1c3 Merge pull request #4293 from TeliaSoneraNorge/KEYCLOAK-5139 
KEYCLOAK-5139 refresh token does not work with pairwise subject ident…
 2017-07-10 11:21:34 +02:00
Martin Hardselius
8cb8678525 KEYCLOAK-5139 refresh token does not work with pairwise subject identifiers 2017-07-05 12:32:43 +02:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Sebastien Blanc
500a21685f KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters (#4255) 
* add rewrite rule config property

* add subsystem support for redirect rewrite

* update deployment unit test

* add license headers

* Optimize rewrite method
 2017-06-29 12:50:42 +02:00
Stian Thorgersen
5e225c2bd5 Merge pull request #4266 from CoreFiling/FullNameMapper 
Fallback to using username in FullNameMapper
 2017-06-29 07:28:42 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Jay Anslow
bdc9e8d2c3 Omit empty name claim in FullNameMapper 
If a user has no first or last name, don't add the `name` claim.
 2017-06-28 09:40:57 +01:00
Stian Thorgersen
ce4506f367 Merge pull request #4261 from hmlnarik/KEYCLOAK-4377-null 
KEYCLOAK-4377
 2017-06-28 08:21:20 +02:00
Hynek Mlnarik
a3ccac2012 KEYCLOAK-4377 2017-06-27 14:34:47 +02:00
Stian Thorgersen
4be0e36306 Merge pull request #4208 from ASzc/KEYCLOAK-4758 
KEYCLOAK-4758
 2017-06-27 11:35:43 +02:00
Bill Burke
f1132ffabe Merge pull request #4175 from mrezai/fix-pkce-s256-code-challenge 
KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
 2017-06-21 17:04:31 -04:00
mposolda
32cf8b7cad KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid' 2017-06-20 17:17:43 +02:00
Martin Hardselius
60942346f3 KEYCLOAK-4924: pairwise clients get duplicate subs in tokens 2017-06-14 10:47:40 +02:00
Pedro Igor
f12cef2c86 [KEYCLOAK-4904] - Authorization Audit - Part 1 2017-06-09 13:31:06 -03:00
Alex Szczuczko
5d88c2b8be KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam. 2017-06-05 16:24:38 -06:00
mposolda
5560175888 KEYCLOAK-4626 Changed javadoc. Remove unused ClientSessionModel class 2017-05-25 18:51:05 +02:00
mposolda
2b59db71a8 KEYCLOAK-3316 Remove the IDToken if scope=openid is not used 2017-05-24 09:23:14 +02:00
Mohammad Rezai
acd78ee407 KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation 2017-05-23 16:15:44 +04:30
Hynek Mlnarik
f47283f61a KEYCLOAK-4813 Destination validation counts on port being not specified 2017-05-23 12:52:48 +02:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
19a41c8704 KEYCLOAK-4627 Refactor TokenVerifier to support more than just access token checks. Action tokens implementation with reset e-mail action converted to AT 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
mposolda
e4aba9e471 KEYCLOAK-4829 Access token from offline token falsely reported as inactive by token introspection 2017-05-11 21:17:04 +02:00
Bill Burke
e1b6ba13cc Merge pull request #3893 from anderius/feature/KEYCLOAK-3056-verify-signature 
[WIP] Saml broker: Added wantAssertionsSigned and wantAssertionsEncrypted
 2017-05-05 09:04:41 -04:00
Marc Heide
d5c643eaf9 KEYCLOAK-4521: consider offline sessions if no active user session was found for user info endpoint 2017-05-04 15:25:09 +02:00
Hynek Mlnarik
e8a65017fa KEYCLOAK-4779 Fix NPE 2017-04-24 23:09:27 +02:00
Stian Thorgersen
8919015f74 KEYCLOAK-4287 Remove deprecated session iframe endpoint 2017-04-19 15:01:15 +02:00
Takashi Norimatsu
ef3aef9381 Merge branch 'master' into master 2017-03-28 16:21:40 +09:00
Mark Pardijs
c78c0b73d3 KEYCLOAK-4360: Add OneTimeUse condition to SAMLResponse 
Add OneTimeUse Condition to SAMLResponse when configured in client settings
 2017-03-09 13:01:05 +01:00
Thomas Darimont
1dea38bdbb KEYCLOAK-4205 Allow to return json arrays in Client and Realm Role Mappers 
Previously the ClientRoleMapper and RealmRoleMapper returned
roles as a comma delimited String in OIDC tokens which
needed to be parsed by client applications.
We now support to generate the role information as JSON
arrays by setting "multi valued" to "true" in the
client role mapper or realm role mappers respectively
which makes it easier for clients to consume.

The default setting for "multi valued" is "false" to
remain backwards compatible.

An example AccessToken that shows the two modes can be found here:
https://gist.github.com/thomasdarimont/dff0cd691cd6e0b5e33c2eb4c76ae5e8
 2017-03-08 20:56:56 +01:00
Anders Båtstrand
89c6cda2ac Two new configuration options for the Saml broker: 
* wantAssertionsSigned: This will toggle the flag in the SP Metadata Descriptor, and validate the signature if and only if "Validate signature" is selected.
 * wantAssertionsEncrypted: This will simply require that the assertion is encrypted.

 Default behavior is unchanged. The signature validation uses the original XML, and supports therefore an IdP that adds whitespace and line breaks between tags (for example OpenAM).
 2017-02-24 15:08:57 +01:00
Takashi Norimatsu
88bfa563df KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC 
7636 - Server Side Implementation
 2017-02-03 10:38:54 +09:00
Stian Thorgersen
d1e491d57d KEYCLOAK-4286 Add deprecated support for old keycloak.js 2017-01-25 15:59:43 +01:00
Stian Thorgersen
94ffeda62a Merge pull request #3773 from hmlnarik/KEYCLOAK-4181-SAML-Response-without-any-assertion-leads-to-an-exception 
KEYCLOAK-4181 Fix handling of SAML error code in broker
 2017-01-24 10:33:05 +01:00
Marek Posolda
29c0fe564c Merge pull request #3752 from mposolda/master 
KEYCLOAK-4024 Migration of old offline tokens
 2017-01-23 16:25:35 +01:00
Hynek Mlnarik
f289b281a0 KEYCLOAK-4262 2017-01-19 16:00:03 +01:00