Pedro Igor
cb57c58b4b
[KEYCLOAK-14730] - Consent not working when using federation storage and client is displayed on consent screen
2020-08-19 10:08:21 +02:00
mhajas
ae39760a62
KEYCLOAK-14972 Add independent GroupProvider interface
2020-08-13 21:13:12 +02:00
Benjamin Weimer
fdcfa6e13e
KEYCLOAK-15156 backchannel logout offline session handling
2020-08-13 08:09:59 -03:00
David Hellwig
ddc2c25951
KEYCLOAK-2940 - draft - Backchannel Logout ( #7272 )
...
* KEYCLOAK-2940 Backchannel Logout
Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com>
Co-authored-by: David Hellwig <hed4be@bosch.com>
2020-08-12 09:07:58 -03:00
Sebastian Paetzold
4ff34c1be9
KEYCLOAK-14890 Improve null handling in case of missing NameId
2020-08-06 10:45:22 -03:00
vmuzikar
b68d06f91c
KEYCLOAK-13127 Update Account Console to Account REST API v1
2020-08-04 18:43:23 -03:00
vramik
6b00633c47
KEYCLOAK-14812 Create RoleStorageManager
2020-07-31 15:11:25 -03:00
vramik
bfa21c912c
KEYCLOAK-14811 Create RoleProvider and make it independent of ClientProvider and RealmProvider
2020-07-31 15:11:25 -03:00
rmartinc
32bf50e037
KEYCLOAK-14336: LDAP group membership is not visible under "Users in Role" tab for users imported from LDAP
2020-07-30 16:19:22 +02:00
Dillon Sellars
25bb2e3ba2
KEYCLOAK-14529 Signed and Encrypted ID Token Support : RSA-OAEP-256 Key Management Algorithm
2020-07-30 15:20:51 +02:00
vramik
7f979ffbcf
KEYCLOAK-14889 Create test for clientStorageProviderTimeout
2020-07-30 08:42:51 -03:00
Yoshiyuki Tabata
cd76ed0d74
KEYCLOAK-14289 OAuth Authorization Server Metadata for Token Revocation
2020-07-29 11:41:56 +02:00
Martin Idel
97400827d2
KEYCLOAK-14870: Fix bug where user is incorrectly imported
...
Bug: SerializedBrokeredIdentityContext was changed to mirror
UserModel changes. However, when creating the user in LDAP,
the username must be provided first (everything else can
be handled via attributes).
2020-07-29 11:33:41 +02:00
Takashi Norimatsu
0191f91850
KEYCLOAK-14380 Support Requesting Claims using the claims Request Parameter
2020-07-29 09:53:28 +02:00
mposolda
c4fca5895f
KEYCLOAK-14892 NullPointerException when group mappings for LDAP users are accessed
2020-07-28 14:45:06 +02:00
Martin Idel
330a3d8ff5
KEYCLOAK-14904 Fix AccountRestService
...
- custom attributes in UserModel are removed during update
- this can break caching (doesn't break if user is written
to database)
- also ensure that we don't accidentally change username
and/or firstName/lastName through attributes
2020-07-28 10:03:14 +02:00
Martin Idel
bf411d7567
KEYCLOAK-14869: Fix nullpointer exception in FullNameLDAPStorageMapper
...
Setting an attribute should be possible with a list
containing no elements or a null list
This can happen e.g. when creating users via idps
using a UserAttributeStatementMapper.
Fix this unprotected access in other classes too
2020-07-28 09:54:37 +02:00
Lorent Lempereur
e82fe7d9e3
KEYCLOAK-13950 SAML2 Identity Provider - Send Subject in SAML requests
2020-07-24 21:41:57 +02:00
mhajas
74988a3f21
KEYCLOAK-14826 Fix non-ssl auth-server tests failures
2020-07-23 14:20:19 +02:00
Hynek Mlnarik
8fae2997c9
KEYCLOAK-14553 Improve logging
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
c566b46e8f
KEYCLOAK-14549 Make ClientProvider independent of RealmProvider
...
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
ac0011ab6f
KEYCLOAK-14553 Client map store
...
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Martin Kanis
c5d5423cd3
KEYCLOAK-12265 Move KerberosEmbeddedServer to testsuite
2020-07-21 18:27:09 +02:00
vmuzikar
316f9f46e2
KEYCLOAK-14825 Make adapter tests running with FF to test cookies
2020-07-21 10:25:19 -03:00
Luca Leonardo Scorcia
9204402514
KEYCLOAK-14820 Import the NameIDPolicyFormat attribute from SAML IDP metadata descriptors
2020-07-21 12:23:25 +02:00
Takashi Norimatsu
e0fbfa722e
KEYCLOAK-14189 Client Policy : Basics
2020-07-21 07:50:08 +02:00
Douglas Palmer
6d5495141d
[KEYCLOAK-14611] Incorrect error message shown on duplicated email registration
2020-07-20 18:17:54 -03:00
Jan Lieskovsky
969b09f530
[KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final"
...
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-07-20 22:15:08 +02:00
Luca Leonardo Scorcia
46bf139cb4
KEYCLOAK-14741 Minor SAML specs compliance improvements
2020-07-20 21:08:12 +02:00
mhajas
93149d6b47
KEYCLOAK-14234 Adjust Adapter testsuite to work with app/auth.server.host including TLS configured
2020-07-20 11:22:16 +02:00
Thomas Vitale
4cd5ace800
KEYCLOAK-9321 Remove invalid token_introspection_endpoint
...
The discovery document is advertizing both token_introspection_endpoint
and introspection_endpoint. The former has been removed as it is not
defined by OAuth2/OIDC.
2020-07-17 11:41:28 +02:00
Luca Leonardo Scorcia
f8a4f66d6c
KEYCLOAK-13698 - SAML Client - Add certificate info to signature
...
Adds the X509Data tag to the XML Document signature in AuthnRequests
2020-07-10 23:06:37 +02:00
vmuzikar
7087c081f0
KEYCLOAK-14023 Instagram User Endpoint change
...
Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>
2020-07-10 17:36:51 -03:00
Pavel Drozd
48e4432e9d
KEYCLOAK-14508 - Exclude SessionNotOnOrAfterTest from remote tests
2020-07-10 14:22:11 +02:00
Luca Leonardo Scorcia
d6934c64fd
Refactor SAML metadata generation to use the SAMLMetadataWriter class
2020-07-09 09:39:35 +02:00
Pedro Igor
9c4da9b3ce
[KEYCLOAK-14147] - Request filter refactoring
...
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2020-07-07 11:26:12 -03:00
kurisumakise2011
738f24aa38
[KEYCLOAK-14570] Resolve nullpointer issue in controller
...
Some ProviderFactory returns null as properties instead of
Collections.emptyList() and it leads to NPE.
Fix it with using Optional.ofNullable(...).orElse(Collections.emptyList())
2020-07-07 07:46:26 +02:00
Douglas Palmer
9369c7cf4d
Add filter by name to applications endpoint
2020-07-03 15:35:38 -03:00
Martin Idel
8fe25948f7
KEYCLOAK-13959 Add AdvancedAttribute mapper for SAML to allow regexes
2020-07-03 18:19:35 +02:00
Plamen Kostov
914b226d11
[KEYCLOAK-14282] Create additional filtering for GET /users endpoint for enabled/disabled users
2020-07-03 09:07:42 -03:00
Axel Messinese
f30395d535
KEYCLOAK-12687 Add briefRepresentation queryParams to get roles 'composite' endpoints
2020-07-03 09:41:53 +02:00
Bartosz Siemieńczuk
e2040f5d13
KEYCLOAK-14006 Allow administrator to add additional fields to be fetched with Facebook profile request
2020-07-01 18:27:04 -03:00
Eric Rodrigues Pires
de9a0a0a4a
[KEYCLOAK-13044] Fix owner name representations of UMA tickets for client-owned resources
2020-07-01 18:15:22 -03:00
vmuzikar
dc6f7d0547
KEYCLOAK-14635 Saml tests are failing with invalid redirect urls
2020-07-01 13:46:43 +02:00
vmuzikar
001fe9eb11
KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked
...
Co-authored-by: mhajas <mhajas@redhat.com>
2020-06-30 17:11:20 -03:00
Douglas Palmer
5e44bb781b
[KEYCLOAK-14344] Cannot revoke offline access for an app if the app doesn't require consent
2020-06-26 14:56:08 -04:00
Martin Idel
05b6ef8327
KEYCLOAK-14536 Migrate UserModel fields to attributes
...
- In order to make lastName/firstName/email/username field
configurable in profile
we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)
Fix tests with logic changes
- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes
Potential impact on users:
- When subclassing UserModel, consistency issues may occur since one can
now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Pedro Igor
337a751aaa
[KEYCLOAK-11330] - Clustering tests for GA
2020-06-24 17:23:45 +02:00
Douglas Palmer
1434f14663
[KEYCLOAK-14346] Base URL for applications is broken
2020-06-23 15:26:07 -03:00
Hiroyuki Wada
f73b51818b
KEYCLOAK-14113 Support for exchanging to SAML 2.0 token
2020-06-19 22:08:42 +02:00
Dirk Weinhardt
08dca9e89f
KEYCLOAK-13205 Apply locale resolution strategy to admin console.
2020-06-19 10:27:13 -04:00
Peter Skopek
5f78a09db1
KEYCLOAK-13029 kcadm composite role creation fails
2020-06-18 16:37:02 +02:00
vmuzikar
662f7fbccd
KEYCLOAK-14497 Compilation error in UsernameTemplateMapperTest
2020-06-18 09:15:07 -03:00
Martin Bartos
ec9bf6206e
[KEYCLOAK-13202] Reset password redirects to account client
2020-06-18 13:08:36 +02:00
Erik Jan de Wit
c20766f2d7
KEYCLOAK-14140 added more test cases
...
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
2020-06-17 13:56:11 -04:00
Thomas Darimont
92ab9c08ae
KEYCLOAK-8100 Expose sub claim in OIDC IdentityBroker Mappers
...
We now expose the claims "sub" for use in Identity Broker mappers.
Previously claims directly mapped to `JsonWebToken` fields were not
accessible for mappings.
2020-06-17 12:56:08 -03:00
Pedro Igor
d331091c5e
[KEYCLOAK-11330] - Quarkus tests
2020-06-17 17:20:55 +02:00
vmuzikar
d71e81ed5e
KEYCLOAK-14235 Support for running broker tests with different hostnames for auth server and IdP
2020-06-17 14:13:00 +02:00
Pedro Igor
a8bad5b9bb
[KEYCLOAK-11330] - Quarkus clustering tests
2020-06-16 10:07:24 -03:00
vramik
c403aa49f7
KEYCLOAK-14087 migration from 9.0.3
2020-06-15 14:47:13 +02:00
mhajas
5d1d75db40
KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration
2020-06-15 14:45:57 +02:00
Jan Lieskovsky
df7d85b38d
[KEYCLOAK-14358] Enable StartTLS LDAP tests
...
Thanks to KEYCLOAK-14343 Use Truststore SPI StartTLS bug fix
they will work with Truststore SPI used by auth server Wildfly too
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00
Tero Saarni
3c82f523ff
[KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00
Pedro Igor
e16f30d31f
[KEYCLOAK-2343] - Allow exact user search by user attributes
...
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2020-06-10 12:02:50 -03:00
vramik
d63b3ceca4
KEYCLOAK-14141 0 downtime upgrade test
2020-06-10 12:45:34 +02:00
Pedro Igor
6ccde288a3
[KEYCLOAK-11330] - SSL Support
2020-06-09 08:43:52 +02:00
Douglas Palmer
33863ba161
KEYCLOAK-10162 Usage of ObjectInputStream without checking the object types
...
Co-authored-by: mposolda <mposolda@gmail.com>
2020-06-08 13:12:08 +02:00
Yoshiyuki Tabata
f03ee2ec98
KEYCLOAK-14145 OIDC support for Client "offline" session lifespan
2020-06-04 14:24:52 +02:00
Denis
8d6f8d0465
EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows
2020-06-04 08:08:52 +02:00
Pedro Igor
357982adf6
[KEYCLOAK-11330] - Initial changes to get testsuite working for Quarkus
2020-06-03 09:57:24 -03:00
Jan Lieskovsky
a121f77ea4
[KEYCLOAK-12305] [Testsuite] Check LDAP federated user (in)valid
...
login(s) using various authentication methods, bind credential
types, and connection encryption mechanisms
The tests cover various possible combinations of the following:
* Authentication method: Anonymous or Simple (default),
* Bind credential: Secret (default) or Vault,
* Connection encryption: Plaintext (default), SSL, or startTLS
Also, ignore the StartTLS LDAP tests for now till KEYCLOAK-14343
& KEYCLOAK-14354 are corrected (due these issues they aren't
working with auth server Wildfly). They will be re-enabled later
via KEYCLOAK-14358 once possible
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-02 14:44:17 +02:00
Pedro Igor
e8dc10b4a1
[KEYCLOAK-11330] - Properly handling POST formdata and UriInfo
2020-06-02 09:36:40 +02:00
stianst
90b29b0e31
KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy
2020-05-29 13:57:38 +02:00
Benjamin Weimer
4265fdcab2
KEYCLOAK-14318 Client Empty Root URL and relative Base URL is valid
2020-05-29 11:21:28 +02:00
vmuzikar
f8dce7fc3e
KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies
2020-05-28 13:37:56 +02:00
Thomas Darimont
e825ec24cb
KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow
...
Revised tests
2020-05-27 07:34:05 +02:00
Thomas Darimont
5a337d0376
KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow
...
Added missing test
2020-05-27 07:34:05 +02:00
Torsten Juergeleit
6005503a3d
Namespace support to group-ldap-mapper
...
Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.
This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.
This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.
A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.
This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.
An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.
2020-05-26 17:37:29 +02:00
Hynek Mlnarik
7deb89caab
KEYCLOAK-10729 Do not serialize SAML signature
2020-05-25 15:38:17 +02:00
vmuzikar
e873c70374
KEYCLOAK-14236 Support for custom Firefox preferences
2020-05-22 09:24:41 -03:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … ( #6962 )
...
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).
* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.
Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
2020-05-20 21:04:45 +02:00
Denis
8c7b69fc9e
KEYCLOAK-13748 Create automated test for scenario with alternative subflow for credential reset
2020-05-20 14:06:53 +02:00
Stan Silvert
13d0491ff3
KEYCLOAK-14038: Re-allow special characters for Roles only
2020-05-20 07:53:23 -04:00
Takashi Norimatsu
c057b994e7
KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support
2020-05-20 09:01:59 +02:00
mhajas
4b8c7dd7d7
KEYCLOAK-14048 Allow clock skew when testing refresh token actual expiration time
2020-05-20 08:12:54 +02:00
Takashi Norimatsu
be0ba79daa
KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS
2020-05-19 17:00:41 +02:00
mposolda
12d965abf3
KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP
2020-05-19 16:58:25 +02:00
Martin Kanis
6f43b58ccf
KEYCLOAK-14074 filterIdentityProviders compares providerId instead of alias
2020-05-19 09:46:21 +02:00
Thomas Darimont
6211fa90e0
KEYCLOAK-10932 Honor given_name and family_name in OIDC brokering
...
Previously firstname and lastname were derived from the name claim.
We now use direct mappings to extract firstname and lastname from
given_name and family_name claims.
Added test to KcOidcFirstBrokerLoginTest
Marked org.keycloak.broker.provider.BrokeredIdentityContext#setName
as deprecated to avoid breaking existing integrations.
2020-05-19 09:10:43 +02:00
Álvaro Gómez Giménez
666832d1be
KEYCLOAK-13066 Include resourceType in ScopePermissionRepresentation
2020-05-12 17:11:35 -03:00
Sven-Torben Janus
82d3251ab4
Remove *-imports
2020-05-12 20:50:18 +02:00
Sven-Torben Janus
fcb0e450a0
KEYCLOAK-13817 Return local user from LDAPStorageProvider
2020-05-12 20:50:18 +02:00
Yoshiyuki Tabata
f7d00fc2e9
KEYCLOAK-13844 "exp" claim should not be "0" when using offline token
2020-05-12 16:14:37 +02:00
stianst
49db2c13a5
KEYCLOAK-8141 Fix issue where attribute values are duplicated if updates to user are done in parallell
2020-05-12 09:06:44 +02:00
Pedro Igor
44c49d69a7
[KEYCLOAK-13071] - AuthorizationTokenService swallows Exceptions thrown by KeycloakIdentity
2020-05-08 09:21:37 +02:00
Takashi Norimatsu
3716bd96ad
KEYCLOAK-14093 Specify Signature Algorithm in Signed JWT with Client Secret
2020-05-07 11:28:39 +02:00
Takashi Norimatsu
0d0617d44a
KEYCLOAK-13720 Specify Signature Algorithm in Signed JWT Client Authentication
2020-05-05 17:43:00 +02:00
rmartinc
f0852fd362
KEYCLOAK-13823: "Dir" Full export/import: On import, service account roles and authorization info are not imported
2020-05-05 17:05:56 +02:00
Vanrar68
85feda3beb
KEYCLOAK-13998 ConditionalRoleAuthenticator doesn't work with composite roles
2020-05-05 08:39:04 +02:00
Martin Bartos
7ebdca48d3
[KEYCLOAK-13572] Doesn't observe After events due to assume check
2020-05-04 17:31:44 +02:00
Michael Riedmann
66c7ec6b08
[KEYCLOAK-13995] added test for clientUpdate with ProtocolMappers
2020-05-04 17:13:57 +02:00
Erik Jan de Wit
435815249b
KEYCLOAK-12783 changed to base account url for new console
2020-05-04 07:16:15 -04:00
Hynek Mlnarik
32f13016fa
KEYCLOAK-12874 Align Destination field existence check with spec
2020-05-04 09:19:44 +02:00
Martin Kanis
aa309b96a8
KEYCLOAK-13682 NPE when refreshing token after enabling consent
2020-04-30 08:46:21 +02:00
Yoshiyuki Tabata
874642fe9e
KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC
2020-04-28 15:34:25 +02:00
stianst
5b017e930d
KEYCLOAK-13128 Security Headers SPI and response filter
2020-04-28 15:28:24 +02:00
Yoshiyuki Tabata
b40c12c712
KEYCLOAK-5325 Provide OAuth token revocation capability
2020-04-28 15:25:22 +02:00
Erik Jan de Wit
ab2d1546b4
fix merge errors
2020-04-27 09:09:31 -04:00
Erik Jan de Wit
7580be8708
KEYCLOAK-13121 added the basic functionality
2020-04-27 09:09:31 -04:00
Stefan Guilhen
da1138a8d2
[KEYCLOAK-13005] Make sure the master URL is used if the consumer POST or REDIRECT URL is an empty string
...
- Fixes issue where admin console sets an empty string when the consumer POST or REDIRECT URL is deleted
2020-04-27 14:25:03 +02:00
Pedro Igor
44b489b571
[KEYCLOAK-13656] - Deny request if requested scope is not associated to resource or any typed resources
2020-04-27 08:39:38 +02:00
Pedro Igor
dacbe22d53
[KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource
2020-04-27 08:38:55 +02:00
Martin Idel
7e8018c7ca
KEYCLOAK-11862 Add Sync mode option
...
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported
Fix updateBrokeredUser method for all mappers
- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
Bug: delete cannot work - just delete it. Don't fix it in legacy mode
Rework mapper tests
- Fix old tests for Identity Broker:
Old tests did not work at all:
They tested that if you take a realm and assign the role,
this role is then assigned to the user in that realm,
which has nothing to do with identity brokering
Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
Added tests for UsernameTemplateMapper
Added tests to all RoleMappers
Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode
Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
2020-04-24 15:54:32 +02:00
Pedro Igor
8f5e58234e
[KEYCLOAK-11317] - IDP review profile allows empty username
2020-04-24 10:52:59 -03:00
Douglas Palmer
d4eeed306b
[KEYCLOAK-11764] Upgrade to Wildfly 19
2020-04-24 08:19:43 -03:00
Bart Monhemius
9389332675
[KEYCLOAK-13927] Accept only ticketId instead of the PermissionTicketRepresentation for delete in PermissionResource
2020-04-23 15:59:43 -03:00
Bart Monhemius
acc5ab9e44
[KEYCLOAK-13927] Allow deleting permission tickets with the Authz client
2020-04-23 15:59:43 -03:00
Martin Kanis
a04c70531a
KEYCLOAK-9623 Disabling logged in user will not allow other user to login after he is thrown out of his session
2020-04-23 14:40:25 +02:00
Takashi Norimatsu
8513760e25
KEYCLOAK-12176 WebAuthn: show the attestation statement format in the admin console
2020-04-23 10:01:19 +02:00
mhajas
1db87acc98
KEYCLOAK-13852 reset time at the end of testTokenConcurrentRefresh test
2020-04-22 15:06:28 +02:00
mposolda
83255e1b08
KEYCLOAK-13922 MigrationModelTest failing in latest master
2020-04-22 14:05:34 +02:00
Thomas Darimont
12e53e6f11
KEYCLOAK-11003 Remove UPDATE_PASSWORD RequiredAction on non-temporary password reset
...
We now remove a potentially existing UPDATE_PASSWORD action when
explicitly assigning a non-temporary password.
Adapted tests to use a temporary password when UpdatePassword required actions
were used.
2020-04-22 10:59:49 +02:00
Thomas Darimont
f9f71039ae
KEYCLOAK-13566 ValidateUsername should raise USER_NOT_FOUND event if the user lookup fails
2020-04-21 21:11:11 +02:00
Pedro Igor
cbab159aa8
[KEYCLOAK-8071] - Properly validating requested scopes
2020-04-21 12:23:59 +02:00
mposolda
38195ca789
KEYCLOAK-12842 Not possible to update user with multivalued LDAP RDN
2020-04-21 11:35:41 +02:00
aboullos
2945eb63b7
KEYCLOAK-8836 Add test to check product name on welcome page
...
Modify import
KEYCLOAK-8836 Add test to check product name on welcome page
2020-04-21 11:30:20 +02:00
mposolda
b29810c923
KEYCLOAK-13306 Model fixes for check realm when lookup by ID
...
(cherry picked from commit e40a62de31f6f5d326234314a9e285010665f707)
2020-04-21 08:19:50 +02:00
mposolda
821405e175
KEYCLOAK-10852 Inconsistency when using 'forgot password' after changing email directly in LDAP
2020-04-16 12:28:41 +02:00
Pedro Igor
acfbdf6b0e
[KEYCLOAK-13187] - Concurrency issue when refreshing tokens and updating security context state
2020-04-16 12:25:42 +02:00
Pedro Igor
21597b1ff2
[KEYCLOAK-13581] - Fixing client pagination when permission is enabled
2020-04-14 16:57:27 -03:00
mposolda
4f1985826c
KEYCLOAK-12934 LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY user roles retrieve strategy role-ldap-mapper option should only be displayed if LDAP provider vendor is Active Directory
2020-04-14 20:01:55 +02:00
stianst
1f02f87a6e
KEYCLOAK-13565 Add support for kc_action to keycloak.js
...
Co-authored-by mhajas <mhajas@redhat.com>
2020-04-14 19:23:56 +02:00
stianst
97b5654690
KEYCLOAK-13285 Enable check identity for email
2020-04-14 19:22:57 +02:00
mhajas
845195780e
KEYCLOAK-13758 Exclude some tests for remote runs
2020-04-08 16:38:58 +02:00
Pedro Igor
b60b85ab65
[KEYCLOAK-7450] - Match subject when validating id_token returned from external OP
2020-04-06 13:43:19 +02:00
mposolda
6f62c0ed98
KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console
2020-03-27 13:29:55 +01:00
mposolda
bf92bd16b0
KEYCLOAK-13383 WebAuthnRegisterAndLoginTest fails with -Dproduct with auth-server-eap
2020-03-26 16:27:23 +01:00
vramik
330d5b2c25
KEYCLOAK-13384 exclude IdentityProviderTest.failCreateInvalidUrl from remote-tests
2020-03-26 14:04:38 +01:00
vramik
780d11e790
KEYCLOAK-13571 KcinitTest fails with -Dproduct due to skipped maven plugin exacution
2020-03-26 14:03:11 +01:00
Pedro Igor
b812159193
[KEYCLOAK-10675] - Deleting an Identity Provider doesn't remove the associated IdP Mapper for that user
2020-03-26 11:41:17 +01:00
Pedro Igor
1b8369c7d5
[KEYCLOAK-13385] - Better message when saving a provider with invalid URLs
2020-03-26 08:46:44 +01:00
mhajas
b2b790cd1d
KEYCLOAK-10797 Unignore hawtio on eap6 test
2020-03-24 15:10:40 +01:00
mhajas
8b96882a1c
KEYCLOAK-12972 Fix fuse tests
2020-03-24 14:50:54 +01:00
mposolda
5ddd605ee9
KEYCLOAK-13259
2020-03-24 05:32:41 +01:00
mposolda
9474dd6208
KEYCLOAK-12986 BruteForceProtector does not log failures when login failure in PostBroker flow
2020-03-24 05:32:10 +01:00
Martin Kanis
e6e0e6945d
KEYCLOAK-12156 LogoutEndpoint does not verify token type of id_token_hint
...
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-03-24 05:31:36 +01:00
Pedro Igor
ec63245ac8
[KEYCLOAK-13386] - SslRequired.EXTERNAL doesn't work for identity broker validations
2020-03-23 12:16:43 -03:00
mposolda
3e82473a90
KEYCLOAK-13369 Not possible to move groups in admin console
2020-03-23 10:17:23 +01:00
Pavel Drozd
6cc897e319
KEYCLOAK-8372 - User Federation tests - fixing for different vendors ( #6909 )
2020-03-20 11:36:35 +01:00
Dmitry Telegin
3b24465141
KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking ( #6828 )
...
* KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking
* KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow
* KEYCLOAK-12870: remove "already authenticated as different user" check and message
* KEYCLOAK-12870: translations
* KEYCLOAK-12870: fix tests
2020-03-20 07:41:35 +01:00