Commit graph

13848 commits

Author SHA1 Message Date
mposolda
006b98ae13 KEYCLOAK-15632 Support nested expressions inside StringPropertyReplacer 2020-09-24 18:41:01 +02:00
mhajas
e4078933f8 KEYCLOAK-14828 Disable DTD for SAML XML parser
(cherry picked from commit 37de7de78b2ae0eebee97fe917642bb849325f86)
2020-09-24 13:35:21 +02:00
Pedro Igor
267be2d416 [KEYCLOAK-14255] - More improvements to CLI 2020-09-23 10:47:11 -03:00
Pedro Igor
76dede0f1e [KEYCLOAK-14221] - Allow to map subject to userinfo response 2020-09-23 14:33:14 +02:00
mposolda
f0a8e78636 KEYCLOAK-15635 Remove quarkus.index-dependency properties from application.properties 2020-09-22 19:30:44 -03:00
vmuzikar
bca73fd04a KEYCLOAK-15158 Javascript adapter init() is throwing a promise error after upgrade to 11 2020-09-22 10:56:46 -03:00
Frode Ingebrigtsen
0a0b7da53e KEYCLOAK-15429 Add CORS origin on permission request with invalid access token 2020-09-22 08:56:21 -03:00
Martin Kanis
053f5bad1f KEYCLOAK-15608 JsonFileImport...MigrationTest fails for map store 2020-09-22 12:29:24 +02:00
Denis
50210c4d9b KEYCLOAK-14161 Regression on custom registration process 2020-09-21 20:23:39 +02:00
mhajas
12bc84322a KEYCLOAK-14974 Map group storage provider 2020-09-21 15:56:32 +02:00
testn
2cd03569d6 KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader 2020-09-21 13:05:03 +02:00
Takashi Norimatsu
bd3840c606 KEYCLOAK-15559 Client Policy - Executor : Missing Help Text of SecureResponseTypeExecutor 2020-09-21 12:40:25 +02:00
vmuzikar
790b549cf9 KEYCLOAK-15262 Logout all sessions after password change 2020-09-18 20:09:40 -03:00
Peter Skopek
1bcb397a2f KEYCLOAK-14953 Unify wildfly component versions related properties already used in keycloak. 2020-09-17 23:27:25 -07:00
Darran Lofthouse
0adb33a59d [KEYCLOAK-14953] Make repository.jboss.org available for building the Galleon feature pack.
Update the EAP versions to match the most recent release.
2020-09-17 23:27:25 -07:00
Darran Lofthouse
64b8bca9d7 [KEYCLOAK-14953] Additional updates to the new Galleon feature pack:
- Adjust feature pack to depend on "wildfly-galleon-pack".
 - Declare dependency from "keycloak-client-oidc" on "undertow" and "ee" layers.
 - Update name of layer to "keycloak-client-oidc".
 - Update the producer to match the group and artifact ID of the maven artifact.
2020-09-17 23:27:25 -07:00
JF Denise
6a5c1defe1 [KEYCLOAK-14953] keycloak oidc/elytron adapter galleon-pack prototype 2020-09-17 23:27:25 -07:00
mhajas
b75ad2fbd8 KEYCLOAK-15259 Avoid using "null" Origin header as a valid value 2020-09-17 23:21:49 -07:00
mhajas
f7e0af438d KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak
(cherry picked from commit 0b49640231abc6e465542bd2608e1c908c079ced)
2020-09-17 23:21:49 -07:00
Martin Kanis
f037dabdc1 KEYCLOAK-15199 Use stream variant method in jpa/RoleAdapter.getFirstAttribute 2020-09-17 13:18:21 +02:00
Pedro Igor
3fd6f0ce10 [KEYCLOAK-14255] - Fixing tests 2020-09-17 10:38:41 +02:00
Luca Leonardo Scorcia
c6608c1561 KEYCLOAK-15383 Translation strings escaped twice in saml-post-form.ftl 2020-09-16 21:31:51 +02:00
Pedro Igor
0978d78a48 [KEYCLOAK-14255] - Initial changes to configuration 2020-09-16 20:03:52 +02:00
Luca Leonardo Scorcia
3973d47bd4 KEYCLOAK-15465 SAML Identity Broker - SP metadata writer always emits AttributeConsumingService isDefault attribute
The isDefault attribute is defined as optional, yet if it set to null Keycloak incorrectly emits the value isDefault="null".
2020-09-16 16:44:19 +02:00
Luca Leonardo Scorcia
10077b1efe KEYCLOAK-15485 Add option to enable SAML SP metadata signature 2020-09-16 16:40:45 +02:00
Mark Wolfe
3723d78e3c KEYCLOAK-15460 Fix missing event types in SAML endpoint
A change was done in 32f13016fa which isn't setting the type for events and causing an internal error.
2020-09-16 16:36:19 +02:00
Martin Kanis
5d5e56dde3 KEYCLOAK-15199 Complement methods for accessing roles with Stream variants 2020-09-16 16:29:51 +02:00
Benjamin Weimer
f874e9a43c KEYCLOAK-9874 include realm and client roles in user info response 2020-09-16 10:01:02 +02:00
Joaquim Fellmann
be4780243b KEYCLOAK-15483 Replace badly displayed HTML message with simple text message for french locale (align with en, de, pt, po, tr, nl locales) 2020-09-15 17:09:53 -04:00
Takashi Norimatsu
b670734eec KEYCLOAK-14205 FAPI-RW Client Policy - Executor : Enforce Response Type of OIDC Hybrid Flow 2020-09-14 20:58:25 +02:00
Hynek Mlnarik
a05066d567 KEYCLOAK-15477 Fix permission evaluation logic 2020-09-14 20:53:46 +02:00
Konstantinos Georgilakis
f4f58ab707 KEYCLOAK-15540 correct SAMLAttributeConsumingServiceParser 2020-09-14 16:01:46 +02:00
mposolda
4123b7a91e KEYCLOAK-11678 Remove dummy resource. Adding keycloak-services and liquibase to jandex indexing 2020-09-14 09:27:34 -03:00
vmuzikar
a9a719b88c KEYCLOAK-15270 Account REST API doesn't verify audience 2020-09-14 08:43:09 -03:00
Dmitry Telegin
b62d68a591 KEYCLOAK-14952 - Unit test failure in keycloak-saml-core on Java 11 2020-09-14 11:17:57 +02:00
mhajas
3186f1b5a9 KEYCLOAK-15514 Update AbstractStorageManager to check capability interface types 2020-09-11 14:42:48 +02:00
vmuzikar
cb5c893d87 Add tests for KEYCLOAK-15481 2020-09-11 07:03:24 -04:00
Stan Silvert
952e8fecee KEYCLOAK-15481: Display forbidden screen 2020-09-11 07:03:24 -04:00
Miquel Simon
2572b1464b KEYCLOAK-15395. Removed totp/remove (DELETE) and credentials/password (GET, POST) endpoints. 2020-09-10 18:03:03 -03:00
Takashi Norimatsu
af2f18449b KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role 2020-09-10 18:34:19 +02:00
Clement Cureau
b19fe5c01b Finegrain admin as fallback and added some tests 2020-09-10 12:26:55 -03:00
Clement Cureau
73378df52e [KEYCLOAK-11621] Allow user creation via group permissions (Admin API)
Problem:
Using fine-grained admin permissions on groups, it is not permitted to create new users
within a group.

Cause:
The POST /{realm}/users API does not check permission for each group part of the new
user representation

Solution:
- Change access logic for POST /{realm}/users to require MANAGE_MEMBERS and
MANAGE_MEMBERSHIP permissions on each of the incoming groups

Tests:
Manual API testing performed:
  1. admin user from master realm:
    - POST /{realm}/users without groups                  => HTTP 201 user created
    - POST /{realm}/users with groups                     => HTTP 201 user created
  2. user with MANAGE_MEMBERS & MANAGE_MEMBERSHIP permissions on group1
    - POST /{realm}/users without groups                  => HTTP 403 user NOT created
    - POST /{realm}/users with group1                     => HTTP 201 user created
    - POST /{realm}/users with group1 & group2            => HTTP 403 user NOT created
    - POST /{realm}/users with group1 & wrong group path  => HTTP 400 user NOT created
  3. user with MANAGE_MEMBERS permission on group1
    - POST /{realm}/users without groups                  => HTTP 403 user NOT created
    - POST /{realm}/users with group1                     => HTTP 403 user NOT created
    - POST /{realm}/users with group1 & group2            => HTTP 403 user NOT created
    - POST /{realm}/users with group1 & wrong group path  => HTTP 400 user NOT created
2020-09-10 12:26:55 -03:00
testn
706299557e KEYCLOAK-15174: ResourceServerAdapter.toEntity checks the wrong type 2020-09-10 12:19:25 -03:00
testn
c288175c03 KEYCLOAK-15208: PermissionTicketAdapter checks for the wrong type 2020-09-10 12:16:48 -03:00
Sebastian Laskawiec
e01159a943 KEYCLOAK-14767 OpenShift Review Endpoint audience fix 2020-09-09 11:57:24 -03:00
Takashi Norimatsu
cbb79f0430 KEYCLOAK-15448 FAPI-RW : Error Response on OIDC private_key_jwt Client Authentication Error (400 error=invalid_client) 2020-09-09 11:14:21 +02:00
mhajas
df52c12ebb KEYCLOAK-15479 Replace enlistAfterCompletion with enlist in MapClientProvider 2020-09-09 08:27:38 +02:00
Benjamin Weimer
b2934e8dd0 KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found 2020-09-08 11:17:20 -03:00
Martin Kanis
4e9bdd44f3 KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak 2020-09-07 13:11:55 +02:00
stianst
76f7fbb984 KEYCLOAK-14548 Add support for cached gzip encoding of resources 2020-09-07 00:58:47 -07:00