testn
78a1c6cf23
KEYCLOAK-14687: Pbkdf2PasswordHashProviderFactory does not use DEFAULT_ITERATIONS
2020-07-08 14:00:32 +02:00
Eric Rodrigues Pires
de9a0a0a4a
[KEYCLOAK-13044] Fix owner name representations of UMA tickets for client-owned resources
2020-07-01 18:15:22 -03:00
Martin Idel
05b6ef8327
KEYCLOAK-14536 Migrate UserModel fields to attributes
...
- In order to make lastName/firstName/email/username field
configurable in profile
we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)
Fix tests with logic changes
- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes
Potential impact on users:
- When subclassing UserModel, consistency issues may occur since one can
now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Tero Saarni
3c82f523ff
[KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00
Yoshiyuki Tabata
f03ee2ec98
KEYCLOAK-14145 OIDC support for Client "offline" session lifespan
2020-06-04 14:24:52 +02:00
stianst
90b29b0e31
KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy
2020-05-29 13:57:38 +02:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … ( #6962 )
...
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).
* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.
Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
2020-05-20 21:04:45 +02:00
mposolda
12d965abf3
KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP
2020-05-19 16:58:25 +02:00
Thomas Darimont
6211fa90e0
KEYCLOAK-10932 Honor given_name and family_name in OIDC brokering
...
Previously firstname and lastname were derived from the name claim.
We now use direct mappings to extract firstname and lastname from
given_name and family_name claims.
Added test to KcOidcFirstBrokerLoginTest
Marked org.keycloak.broker.provider.BrokeredIdentityContext#setName
as deprecated to avoid breaking existing integrations.
2020-05-19 09:10:43 +02:00
Michael Cooney
3291161954
KEYCLOAK-13818: Addressing performance issues with adding client scopes during realm creation. Removing redundant lookups by passing all scopes that need to be created at once.
2020-05-12 15:59:42 +02:00
mposolda
a878bec60f
KEYCLOAK-14007 Missing RHSSO 7.4 version in MigrationModelManager
2020-04-30 08:38:40 +02:00
keycloak-bot
ae20b7d3cd
Set version to 11.0.0-SNAPSHOT
2020-04-29 12:57:55 +02:00
Yoshiyuki Tabata
874642fe9e
KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC
2020-04-28 15:34:25 +02:00
stianst
5b017e930d
KEYCLOAK-13128 Security Headers SPI and response filter
2020-04-28 15:28:24 +02:00
Pedro Igor
dacbe22d53
[KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource
2020-04-27 08:38:55 +02:00
Martin Idel
7e8018c7ca
KEYCLOAK-11862 Add Sync mode option
...
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported
Fix updateBrokeredUser method for all mappers
- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
Bug: delete cannot work - just delete it. Don't fix it in legacy mode
Rework mapper tests
- Fix old tests for Identity Broker:
Old tests did not work at all:
They tested that if you take a realm and assign the role,
this role is then assigned to the user in that realm,
which has nothing to do with identity brokering
Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
Added tests for UsernameTemplateMapper
Added tests to all RoleMappers
Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode
Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
2020-04-24 15:54:32 +02:00
keycloak-bot
33314ae3ca
Set version to 10.0.0-SNAPSHOT
2020-04-21 09:19:32 +02:00
vramik
307c9be89d
KEYCLOAK-13247 NPE during migration when manage-account role missing
2020-04-16 12:26:39 +02:00
vramik
2b3810606e
KEYCLOAK-13303 NPE importing realm if authenticatorConfig has null alias
2020-04-14 19:24:48 +02:00
keycloak-bot
f6a592b15a
Set version to 9.0.4-SNAPSHOT
2020-03-24 08:31:18 +01:00
Dmitry Telegin
3b24465141
KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking ( #6828 )
...
* KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking
* KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow
* KEYCLOAK-12870: remove "already authenticated as different user" check and message
* KEYCLOAK-12870: translations
* KEYCLOAK-12870: fix tests
2020-03-20 07:41:35 +01:00
Pedro Igor
2eab44d3f3
[KEYCLOAK-13273] - Remove group policy when group is removed
2020-03-20 07:40:18 +01:00
Sebastian Laskawiec
8774a0f4ba
KEYCLOAK-12881 KEYCLOAK-13099 Update FederatedIdentities and Groups on POST
2020-03-12 14:57:02 +01:00
mposolda
72e4690248
KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage
2020-03-11 12:51:56 +01:00
mposolda
803f398dba
KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage
2020-03-11 12:51:56 +01:00
rmartinc
ad3b9fc389
KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups
2020-03-11 06:14:29 +01:00
stianst
ed97d40939
KEYCLOAK-9851 Removed properties from realm json attributes that are included as fields
2020-03-05 17:59:50 +01:00
Pedro Igor
2f489a41eb
[KEYCLOAK-12192] - Missing Input Validation in IDP Authorization URLs
2020-03-05 06:32:35 +01:00
Ronaldo Spido
1e0fcc4883
KEYCLOAK-13119 Fixing migration to Keycloak 2.2.0+ to correctly preserve default identity provider
2020-03-03 06:49:57 +01:00
Hynek Mlnarik
aecfe251e4
KEYCLOAK-12816 Fix representation to model conversion
2020-02-27 21:11:24 +01:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn ( #6780 )
...
* KEYCLOAK-12958 Preview feature profile for WebAuthn
* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server
* KEYCLOAK-12958 WebAuthn profile product/project
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2020-02-26 08:45:26 +01:00
stianst
9a3a358b96
KEYCLOAK-11700 Lower-case passwords before checking with password blacklist
2020-02-20 08:33:46 +01:00
keycloak-bot
d352d3fa8e
Set version to 9.0.1-SNAPSHOT
2020-02-17 20:38:54 +01:00
Adamczyk Błażej
497787d2cd
[KEYCLOAK-10696] - fixed missing client role attributes after import
2020-02-17 10:01:19 +01:00
mposolda
a76c496c23
KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users
2020-02-14 20:24:42 +01:00
stianst
42773592ca
KEYCLOAK-9632 Improve handling of user locale
2020-02-14 08:32:20 +01:00
Peter Zaoral
b0ffea699e
KEYCLOAK-12186 Improve the OTP login form
...
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-02-12 11:25:02 +01:00
Peter Skopek
622a97bd1c
KEYCLOAK-12228 Sensitive Data Exposure
...
from patch of hiba haddad haddadhiba0@gmail.com
2020-02-12 09:57:31 +01:00
stianst
dda829710e
KEYCLOAK-12829 Require PKCE for admin and account console
2020-02-12 08:22:20 +01:00
stianst
7545749632
KEYCLOAK-12190 Add validation for client root and base URLs
2020-02-07 09:09:40 +01:00
Axel Messinese
b73553e305
Keycloak-11526 search and pagination for roles
2020-02-05 15:28:25 +01:00
stianst
986213be23
KEYCLOAK-12877 Fix ModelVersion for testing pipeline
2020-02-05 12:04:01 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability ( #6710 )
2020-02-05 08:35:47 +01:00
Pedro Igor
658a083a0c
[KEYCLOAK-9600] - Find by name in authz client returning wrong resource
2020-02-03 08:57:20 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… ( #6690 )
...
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
2020-01-31 14:28:23 +01:00
Pedro Igor
873c62bbef
[KEYCLOAK-12569] - User cannot be deleted if he has owned resources / permission tickets
...
Co-authored-by: mhajas <mhajas@redhat.com>
2020-01-30 11:08:28 +01:00
Pedro Igor
c821dcf820
[KEYCLOAK-12438] - Scope-based policies falsely give a permit with an empty scope list
2020-01-29 14:02:44 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless ( #6649 )
2020-01-29 09:33:45 +01:00
Leon Graser
f1ddd5016f
KEYCLOAK-11821 Add account api roles to the client on creation
...
Co-authored-by: stianst <stianst@gmail.com>
2020-01-23 13:10:04 -06:00
Domenico Briganti
476da4f276
KEYCLOAK-9837 Not hide exception in email templating
2020-01-23 05:45:25 -06:00
Vlasta Ramik
d6c5f79f2c
KEYCLOAK-12236 NumberFormatException when starting container ( #6689 )
2020-01-22 20:44:23 +01:00
Niko Köbler
648c6f811c
KEYCLOAK-12705 add null checks for migration tasks to check wether the clients to migrate are available ( #6666 )
2020-01-17 10:10:16 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector ( #6591 )
2020-01-14 21:54:45 +01:00
Pedro Igor
709cbfd4b7
[KEYCLOAK-10705] - Return full resource representation when querying policies by id
2020-01-09 10:00:24 +01:00
Marek Posolda
fa453e9c0c
KEYCLOAK-12278 Default first broker login flow is broken after migration ( #6556 )
2020-01-02 17:53:56 +01:00
Douglas Palmer
106e6e15a9
[KEYCLOAK-11859] Added option to always display a client in the accounts console
2019-12-17 17:12:49 -03:00
Dmitry Telegin
56aa14ffab
KEYCLOAK-11347 - MicroProfile-Config
2019-12-10 12:08:22 +01:00
Pedro Igor
53f156ec83
[KEYCLOAK-11328] - Initial Server.x Clustering Configuration
2019-11-29 08:38:41 +01:00
Andrei Arlou
fac9733108
KEYCLOAK-12219 Remove unused imports from classes in module "server-spi-private"
2019-11-26 08:42:45 +01:00
Andrei Arlou
363c789ab9
KEYCLOAK-12216 Fix minor warnings in tests from module "server-spi-private"
2019-11-26 08:35:35 +01:00
Andrei Arlou
c8a00c2422
KEYCLOAK-12220 Fix minor warnings for collections in module "server-spi-private"
2019-11-26 08:33:22 +01:00
Andrei Arlou
04cbea71d0
KEYCLOAK-12218 Remove redundant modificators from module "server-spi-private"
2019-11-26 08:29:30 +01:00
Andrei Arlou
198e2a989f
KEYCLOAK-12217 Use StandartCharsets in module "server-spi-private"
2019-11-26 08:24:33 +01:00
Dmitry Telegin
79074aa380
KEYCLOAK-12162 Modularize config backends ( #6499 )
...
* KEYCLOAK-12162 - Modularize configuration backends
* - Use JsonSerialization
- simplify backend selection (no fallbacks)
* Remove unused org.wildfly.core:wildfly-controller dependency
2019-11-22 15:23:04 +01:00
pastor
286d4778d0
KEYCLOAK-12002. SimpleHttp: considering encoding
2019-11-22 07:05:22 +01:00
stianst
3731e36ece
KEYCLOAK-12069 Add account-console client for new account console
2019-11-20 08:48:40 -05:00
keycloak-bot
76aa199fee
Set version to 9.0.0-SNAPSHOT
2019-11-15 20:43:21 +01:00
stianst
3a36569e20
KEYCLOAK-9129 Don't expose Keycloak version in resource paths
2019-11-15 08:21:28 +01:00
AlistairDoswald
4553234f64
KEYCLOAK-11745 Multi-factor authentication ( #6459 )
...
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
stianst
b8881b8ea0
KEYCLOAK-11728 New default hostname provider
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2019-11-11 12:25:44 +01:00
stianst
062841a059
KEYCLOAK-11898 Refactor AIA implementation
2019-11-08 16:03:07 -03:00
stianst
63abebd993
KEYCLOAK-11627 Require users to re-authenticate before invoking AIA
2019-11-08 16:03:07 -03:00
stianst
1e66660fd0
KEYCLOAK-11896 Remove initiate-action role
2019-11-08 16:03:07 -03:00
pkokush
ff551c5545
KEYCLOAK-10307: check password history length in password verification ( #6058 )
2019-10-24 21:33:21 +02:00
Hynek Mlnarik
783545572a
KEYCLOAK-11684 Add support to display passwords in password fields
...
Add UI tests for KEYCLOAK-11684
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
2019-10-23 15:30:11 +02:00
Pedro Igor
bb4ff55229
[KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server
...
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
2019-10-22 10:34:24 +02:00
Martin Kanis
37304fdd7d
KEYCLOAK-10728 Upgrade to WildFly 18 Final
2019-10-21 14:06:44 +02:00
Pedro Igor
17785dac08
[KEYCLOAK-10714] - Add filtering support in My Resources endpoint by name
2019-10-16 16:26:55 +02:00
Cédric Couralet
5f006b283a
KEYCLOAK-8316 Add an option to ldap provider to trust emails on import
...
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-10-04 16:28:02 +02:00
Axel Messinese
f3607fd74d
KEYCLOAK-10712 get groups full representation endpoint
2019-10-03 11:26:30 +02:00
Takashi Norimatsu
7c75546eac
KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
...
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
Benjamin Weimer
2b1acb99a2
KEYCLAOK-9999 fix client import ( #6136 )
2019-09-23 13:08:24 +02:00
Łukasz Dywicki
76e988ad18
KEYCLOAK-11308 Fallback to imported realm version.
...
In case of missing RH SSO version lets stick with bare Keycloak version.
2019-09-20 11:54:23 +02:00
rradillen
b71198af9f
[KEYCLOAK-8575] oidc idp basic auth ( #6268 )
...
* [KEYCLOAK-8575] Allow to choose between basic auth and form auth for oidc idp
* uncomment ui and add tests
* move basic auth to abstract identity provider (except for getting refresh tokens)
* removed duplications
2019-09-19 14:36:16 +02:00
Captain-P-Goldfish
b45f5980e0
Make password policy identifiers public
...
If a password policy should be modified prgorammatically the constant
key identifiers to set the values should be accessible globally
2019-09-19 12:30:15 +02:00
Sven-Torben Janus
f261c43fab
KEYCLOAK-10942 Support eDirectory GUID
...
Convert eDirectory GUID which is in binary format to a UUID in dashed
string format.
2019-09-18 09:47:18 +02:00
Hynek Mlnarik
6738e063f4
KEYCLOAK-11072 Mark vault SPI as a public SPI
2019-09-10 16:54:47 +02:00
Pedro Igor
a1d8850373
[KEYCLOAK-7416] - Device Activity
2019-09-05 11:43:27 -03:00
Stefan Guilhen
bb9c811a65
[KEYCLOAK-10935] Add a vault transcriber implementation that can be obtained from the session.
...
- automatically parses ${vault.<KEY>} expressions to obtain the key that contains the secret in the vault.
- enchances the capabilities of the VaultProvider by offering methods to convert the raw secrets into other types.
2019-09-04 22:34:08 +02:00
Leon Graser
0ce10a3249
[KEYCLOAK-10653] Manage Consent via the Account API
2019-08-20 06:24:44 -03:00
Tomas Kyjovsky
fe18e93ba4
KEYCLOAK-10904 ExportImportTest unstable
...
- adding an exception for realm-management clients into the client confidentiality check
- fixing some performance test datasets to only enable authz for confidential clients
2019-08-16 16:08:08 -03:00
Takashi Norimatsu
8225157a1c
KEYCLOAK-6768 Signed and Encrypted ID Token Support
2019-08-15 15:57:35 +02:00
Hynek Mlnarik
d2da206d6b
KEYCLOAK-10933 Interfaces for vault SPI
2019-08-13 08:50:29 +02:00
Pedro Igor
967d21dbb5
[KEYCLOAK-10713] - Pagination to resources rest api
2019-07-29 16:19:22 -03:00
Stan Silvert
bc818367a1
KEYCLOAK-10854: App-initiated actions Phase I
2019-07-26 14:56:29 -03:00
Stan Silvert
6c79bdee41
KEYCLOAK-10854: App initiated actions phase I
2019-07-26 14:56:29 -03:00
keycloak-bot
17e9832dc6
Set version to 8.0.0-SNAPSHOT
2019-07-19 19:05:03 +02:00
vramik
74f6e362af
KEYCLOAK-10878 Realm exports may fail with future community releases
2019-07-18 10:50:34 -03:00
Pedro Igor
5f5cb6cb7b
[KEYCLOAK-10808] - Do not show authorization tab when client is not confidential
2019-07-15 10:07:31 -03:00
mposolda
5f9feee3f8
KEYCLOAK-9846 Verifying signatures on CRL during X509 authentication
2019-07-08 20:20:38 +02:00