Steeve Beroard
fc9a0e1766
[KEYCLOAK-8104] Keycloak SAML Adapter does not support clockSkew configuration
...
Co-Authored-By: vramik <vramik@redhat.com>
2019-07-15 13:08:52 +02:00
Hynek Mlnarik
ca4e14fbfa
KEYCLOAK-7852 Use original NameId value in logout requests
2019-07-04 19:30:21 +02:00
Vlasta Ramik
cc8cfd4269
KEYCLOAK-10751 Fix SAML undertow adapter not sending challenge
...
Co-Authored-By: mhajas <mhajas@redhat.com>
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2019-07-04 10:04:51 +02:00
vramik
d245287320
KEYCLOAK-9598 Apache Tomcat adapter
2019-06-14 10:09:13 +02:00
Sebastian Laskawiec
e739344556
KEYCLOAK-9640 Unify surefire versions
2019-06-13 13:26:49 +02:00
vramik
3bbab225c8
KEYCLOAK-9596 Remove Apache Tomcat 6.0.x adapter
2019-05-28 12:00:19 +02:00
keycloak-bot
49d4e935cb
Set version to 7.0.0-SNAPSHOT
2019-04-17 09:48:07 +01:00
Sebastian Laskawiec
0042726dd8
KEYCLOAK-9601 KEYCLOAK-9602 Jetty 8.1 and 9.1 removal
...
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-04-16 11:21:29 +02:00
Martin Ball
21e2fa8784
KEYCLOAK-4249 - Make IDP URL in keycloak-saml.xml configurable
...
Added the metadata url as an attribute on the IDP in the keycloak saml configuration which then propagates through to the DefaultSamlDeployment where it is used on the construction of the SamlDescriptorPublicKeyLocator thereby allowing support for ADFS or other IDP which uses a path that is different to the Keycloak IDP.
To make this work when testing with ADFS a change was made to SamlDescriptorIDPKeysExtractor because it would not extract keys from metadata which contained the EntityDescriptor as the root element. The solution was to change the xpath expression in SamlDescriptorIDPKeysExtractor so that it does not require a wrapping EntitiesDescriptor but instead loads all EntityDescriptors located in the document. This allows it to handle a single EntityDescriptor or multiple descriptors wrapped in an EntitiesDescriptor in the same xpath expression. A unit test SamlDescriptorIDPKeysExtractorTest has been added which validates that keys can be loaded in both scenarios.
2019-03-27 08:04:53 +01:00
keycloak-bot
e843d84f6e
Set version to 6.0.0-SNAPSHOT
2019-03-06 15:54:08 +01:00
mhajas
8a750c7fca
KEYCLOAK-6750 Adapt Tomcat adapter tests to new structure
2019-03-06 08:57:46 +01:00
stianst
e06c705ca8
Set version 5.0.0
2019-02-21 09:35:14 +01:00
stianst
7c9f15778a
Set version to 4.8.3.Final
2019-01-09 20:39:30 +01:00
stianst
7c4890152c
Set version to 4.8.2
2019-01-03 14:43:22 +01:00
stianst
b674c0d4d9
Prepare for 4.8.0.Final
2018-12-04 13:54:25 +01:00
stianst
ecd476fb10
Prepare for 4.7.0.Final
2018-11-14 20:10:59 +01:00
Hynek Mlnarik
7703d81389
KEYCLOAK-7421 Support SAML cluster logout for Elytron SAML adapter
2018-11-09 21:06:50 +01:00
vramik
560d76b7ee
KEYCLOAK-6748 undertow saml adapter tests
2018-11-06 21:17:07 +01:00
vramik
7a96911a83
KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
...
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
vramik
623d985e7f
KEYCLOAK-8454 KeycloakHttpServerAuthenticationMechanism uses wrong status code when logout page not set
2018-10-17 19:03:24 +02:00
Hynek Mlnarik
211774ccbc
KEYCLOAK-7810 Fix NPE in Elytron SAML adapter
2018-10-04 14:38:45 +02:00
stianst
c3fc9e9815
Set version to 4.6.0.Final-SNAPSHOT
2018-09-26 20:58:41 +02:00
Hynek Mlnarik
2bf6d75e57
KEYCLOAK-8010 Improve handling of Conditions SAML tag
2018-09-19 14:00:28 +02:00
stianst
1fb4ca4525
Set version to 4.5.0.Final
2018-09-06 20:08:02 +02:00
Hynek Mlnarik
812e76c39b
KEYCLOAK-8163 Improve SAML validations
2018-09-05 15:47:03 +02:00
Hynek Mlnarik
a8a9631d4f
KEYCLOAK-6832 Unify Destination attribute handling
2018-08-09 10:30:30 +02:00
mposolda
959cd035ba
Set version to 4.3.0.Final-SNAPSHOT
2018-08-01 22:40:05 +02:00
rmartinc
4a82979792
KEYCLOAK-1925: SAML adapter multitenant support
2018-07-10 13:21:11 +02:00
mposolda
d0a824dde4
Updating version to 4.2.0.Final-SNAPSHOT
2018-07-05 07:42:48 -04:00
Pedro Igor
23db2b852b
[KEYCLOAK-7679] - Wildfly adapter must be disabled when using Elytron
2018-06-28 11:08:28 -03:00
Hynek Mlnarik
6b968796ce
KEYCLOAK-7667 Fix namespace handling when decrypting assertion
2018-06-21 13:09:18 +02:00
vramik
2fcfa5cf71
KEYCLOAK-7094 Support redirect to external logout page for saml filter adapter
2018-06-19 13:23:18 +02:00
stianst
e1a0e581b9
Update to 4.1.0.Final-SNAPSHOT
2018-06-14 14:22:28 +02:00
vramik
5f1f3dff5e
KEYCLOAK-7094 Support redirect to external logout page for elytron adapter
2018-06-13 12:50:38 +02:00
Vlasta Ramik
182c975e01
KEYCLOAK-7597 fix logger classes ( #5263 )
2018-06-12 11:02:04 -03:00
Hynek Mlnarik
5a241392cf
KEYCLOAK-7094 Support redirect to external logout page
2018-06-05 14:51:18 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final ( #5224 )
2018-05-24 19:02:30 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT ( #5185 )
2018-05-02 14:32:20 +02:00
pedroigor
b249a48dcf
[KEYCLOAK-7147] - Support obtaining a buffered input stream in HttpFacade.Request
2018-04-25 10:16:41 -03:00
stianst
07fea02146
Bump versions to 4.0.0.Beta2-SNAPSHOT
2018-03-26 18:17:38 +02:00
Hynek Mlnarik
1f20c03afa
KEYCLOAK-6470 Refactor SAML adapter parsers
2018-02-27 09:37:29 +01:00
Hynek Mlnarik
e7cdb8ad54
KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers
2018-02-23 08:16:14 +01:00
stianst
0bedbb4dd3
Bump version to 4.0.0.CR1-SNAPSHOT
2017-12-21 15:06:00 +01:00
Hynek Mlnarik
626004e782
KEYCLOAK-6066 Be less strict when handling cookies
2017-12-19 21:39:41 +01:00
stianst
37de8e9f69
Bump version to 3.4.2.Final-SNAPSHOT
2017-12-01 09:34:48 +01:00
David De Vreese
9485a63157
KEYCLOAK-5183 Support for AssertionConsumerServiceUrl in Saml Adapter subsystem
...
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-20 15:59:47 +01:00
Stian Thorgersen
128ff12f8f
Bump versions
2017-11-09 15:37:21 +01:00
Pedro Igor
476dd1cef5
[KEYCLOAK-4439] - Fixing saml adapter
2017-11-08 19:01:54 -02:00
Pedro Igor
a8ba3eb7f9
[KEYCLOAK-4439] - Fixing elytron adapter for standalone apps
2017-11-08 14:09:34 -02:00
Pedro Igor
4c71e2ec17
[KEYCLOAK-4439] - Changes for Wildfly 11.0.0.CR1 ( #4504 )
...
* [KEYCLOAK-4439] - Changes for Wildfly 11.0.0.CR1
* [KEYCLOAK-5463] - Fixing servlet filter when using elytron adapters
2017-09-28 11:46:17 +02:00
Jasper Siepkes
458c2f2682
Clarify request URI mismatch error message in SAML adapter.
...
Show expected URI and received URI in error message. Also makes the logging behavior of 'handleSamlResponse' the same as 'handleSamlRequest' since that method already shows the expected and received URI.
2017-09-11 19:52:49 +02:00
Stian Thorgersen
463661b051
Set version to 3.4.0.CR1-SNAPSHOT
2017-08-28 15:46:22 +02:00
Hynek Mlnarik
794c508b10
KEYCLOAK-4995 Support for distributed SAML logout in cross DC
2017-08-28 13:15:11 +02:00
Pedro Igor
d3e559453b
[KEYCLOAK-5015] - Updating Elytron Adapters
2017-08-22 18:01:19 -03:00
Marek Posolda
1b83928652
Merge pull request #4354 from hmlnarik/KEYCLOAK-5241-Tomcat-Adapter-8-x-does-not-work-with-Tomcat-8-5-8
...
KEYCLOAK-5241 Tomcat SAML Adapter (Fix for Tomcat 8.5.8)
2017-07-27 14:27:19 +02:00
Hynek Mlnarik
96bdd32bd0
KEYCLOAK-5241 Tomcat SAML Adapter Tomcat 8.5.8
2017-07-27 10:20:49 +02:00
Hynek Mlnarik
d8b77895db
KEYCLOAK-4788 Fix reversed arguments and String comparison
2017-07-27 08:25:22 +02:00
Marek Posolda
dd6a7b23c3
Merge pull request #4350 from hmlnarik/KEYCLOAK-4446-Failed-to-process-response-when-reject-consent-with-turned-on-encryption
...
KEYCLOAK-4446 Do not encrypt SAML status messages
2017-07-26 15:31:54 +02:00
Hynek Mlnarik
3c537f5f28
KEYCLOAK-4446 Do not encrypt SAML status messages
...
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
2017-07-26 11:22:56 +02:00
Hynek Mlnarik
8d81a4a2e4
KEYCLOAK-5236
2017-07-26 11:22:05 +02:00
Pedro Igor
5456514499
[KEYCLOAK-5015] - Pushing keycloak context to exchange scope
2017-07-19 16:39:38 -03:00
Stian Thorgersen
454c5f4d83
Set version to 3.3.0.CR1-SNAPSHOT
2017-06-30 09:47:11 +02:00
hmlnarik
b4ad69b841
KEYCLOAK-5115 ( #4272 )
2017-06-29 15:50:50 +02:00
Frederik Libert
63d2d0f7ed
KEYCLOAK-4897 SAML Adapter fails to validate signature on assertion
2017-06-19 18:26:17 +02:00
Hisanobu Okuda
9135ba7c40
KEYCLOAK-4980 SAML adapter should return 401 when unauthenticated Ajax client accesses
2017-06-08 23:36:25 +09:00
Frederik Libert
71f0db0837
KEYCLOAK-4897
...
SAML Adapter fails to validate signature on encrypted assertion.
2017-05-17 15:47:04 +02:00
Stian Thorgersen
87dedb56e5
Set version to 3.2.0.CR1-SNAPSHOT
2017-04-27 14:23:03 +02:00
Hynek Mlnarik
d7615d6a68
KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter
2017-04-26 11:59:37 +02:00
Stian Thorgersen
0180d54dd9
KEYCLOAK-4668 Exclude modules in product profile
2017-03-28 10:04:20 +02:00
Bill Burke
e5a2642e62
Merge pull request #3978 from pedroigor/KEYCLOAK-3573
...
[KEYCLOAK-3573] - Elytron SAML and OIDC Adapters
2017-03-25 19:24:42 -04:00
Pedro Igor
30d7a5b01f
[KEYCLOAK-3573] - Elytron SAML and OIDC Adapters
2017-03-24 11:32:08 -03:00
Stian Thorgersen
5d028205bf
KEYCLOAK-4659 Changes to adapters for product profile
2017-03-24 12:07:21 +01:00
Stian Thorgersen
a87ee04024
Bump to 3.1.0.CR1-SNAPSHOT
2017-03-16 14:21:40 +01:00
David Klassen
32d3f760ec
KEYCLOAK-4421: Change http url to https
...
Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-14 10:18:40 +01:00
Bill Burke
0ff4223184
Merge pull request #3922 from hmlnarik/KEYCLOAK-4288-SAML-logouts-are-not-invalidating-the-sessions-for-all-the-logged-in-applications
...
KEYCLOAK-4288 Invalidate sessions in cluster for SAML logouts
2017-03-09 19:13:37 -05:00
Rene Ploetz
e770a05db0
KEYCLOAK-4537 Jetty 9.4 implementation (OIDC/SAML)
2017-03-06 23:01:24 +01:00
Hynek Mlnarik
3a0c2be885
KEYCLOAK-4288 AS 7 / EAP 6
2017-03-01 15:17:39 +01:00
Hynek Mlnarik
04da679628
KEYCLOAK-4288 Wildfly
2017-03-01 15:17:39 +01:00
Hynek Mlnarik
43be3fc409
KEYCLOAK-4288 Use SessionListener to keep track of local HTTP-SSO session mappings
2017-03-01 15:17:39 +01:00
Hynek Mlnarik
567393a102
KEYCLOAK-4288 Fix SAML logout session for Tomcat/EAP6
...
When logging out via application (via ?GLO=true query parameter),
CatalineSamlSessionStore does not expire session, while it does that
in logging by SAML session index.
This causes distributed sessions being invalidated only on node hanling
the request, but remains active in other nodes of the cluster. Then the
session can be resurrected on next cache replication back even to the
node where the logout was performed. This behaviour is fixed here.
2017-03-01 15:17:39 +01:00
Stian Thorgersen
aa59c2f95f
KEYCLOAK-4394 Use JBoss logging
2017-02-15 09:05:42 +01:00
Stian Thorgersen
6f22f88d85
Bump version to 3.0.0.CR1
2017-01-26 06:18:11 +01:00
Hynek Mlnarik
350b9550c3
KEYCLOAK-4264
2017-01-19 16:30:01 +01:00
Hynek Mlnarik
4df70c517d
KEYCLOAK-4141
2017-01-10 09:02:36 +01:00
Stian Thorgersen
e805ffd945
Bump version to 2.5.1.Final-SNAPSHOT
2016-12-22 08:22:18 +01:00
Hynek Mlnarik
7d51df4eed
KEYCLOAK-3971 Explicitly set encoding for SAML message processing
2016-12-15 14:04:34 +01:00
Hynek Mlnarik
5006fe2292
KEYCLOAK-4062 - GUI changes for KeyName format + few tests
2016-12-12 22:29:01 +01:00
Stian Thorgersen
b771b84f56
Bump to 2.5.0.Final-SNAPSHOT
2016-11-30 15:44:51 +01:00
Stian Thorgersen
6ec82865d3
Bump version to 2.4.1.Final-SNAPSHOT
2016-11-22 14:56:21 +01:00
Stian Thorgersen
65136fabdd
Merge pull request #3486 from hmlnarik/KEYCLOAK-3488
...
KEYCLOAK-3488 Fix typo in SamlPrincipal
2016-11-16 12:21:50 +01:00
Hynek Mlnarik
43002f7a8a
KEYCLOAK-3488 Fix typo
2016-11-09 15:11:45 +01:00
Hynek Mlnarik
025cf5ebaf
KEYCLOAK-3870 Schema for keycloak-saml.xml
...
Updated schema schema for keycloak-saml.xml (added documentation, set
up enumeration instead of free string where applicable per documentation)
and updated existing keycloak-saml.xml files with schema reference.
2016-11-09 10:45:43 +01:00
Hynek Mlnarik
570d71c07b
KEYCLOAK-1881 Update client adapter configuration
...
Client adapter configuration was updated to support for customization
of HttpClient used for key retrieval similarly to OIDC. Further, it is
now possible to specify several static public keys for signature
verification in saml-client.xml.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f
KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
...
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
10deac0b06
KEYCLOAK-1881 KeyLocator implementation for SAML descriptor
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
057cc37b60
KEYCLOAK-1881 Clone OIDC adapter HttpClient tools to SAML adapter
...
and
KEYCLOAK-1881 Extract httpclient configuration from AdapterConfig
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af
KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
...
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
Stian Thorgersen
4d47f758fc
Merge pull request #3405 from stianst/master
...
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb
Bump version
2016-10-21 07:03:15 +02:00
Pulkit Gupta
8e9db1be96
fixed null pointer exception when principal is null
2016-10-20 13:39:04 +05:30