Commit graph

2152 commits

Author SHA1 Message Date
mposolda
32cf8b7cad KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid' 2017-06-20 17:17:43 +02:00
mposolda
f363dbcad0 KEYCLOAK-4327 Switching language on User consent gives error 2017-06-20 09:21:41 +02:00
Bill Burke
57cb46148f tests 2017-06-19 11:21:59 -04:00
Jay Anslow
7614ff8c6f Extract EvaluatebleScriptAdapter
Precursor for InvocableScriptAdapter, which compiles/evaluates a script without affecting the engine's bindings. This allows the same script to be compiled once and then evaluated multiple times (with the same ScriptEngine).
2017-06-19 15:32:14 +01:00
Bill Burke
a994af9010 remove scope 2017-06-16 11:26:43 -04:00
Pedro Igor
93105a2182 [KEYCLOAK-5056] - @NoCache to scope admin api 2017-06-15 09:49:20 -03:00
Martin Hardselius
60942346f3 KEYCLOAK-4924: pairwise clients get duplicate subs in tokens 2017-06-14 10:47:40 +02:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
Pedro Igor
f12cef2c86 [KEYCLOAK-4904] - Authorization Audit - Part 1 2017-06-09 13:31:06 -03:00
Machiel Keizer-Groeneveld
80f8815b9a KEYCLOAK-5026 Store credentials
Credentials are stored with user creation if they are present in the UserRepresentation.
2017-06-09 09:32:33 +02:00
Bill Burke
94528976d4 console work 2017-06-07 16:29:43 -04:00
Bill Burke
536a57a514 ui for permission reference 2017-06-05 19:52:51 -04:00
Alex Szczuczko
5d88c2b8be KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam. 2017-06-05 16:24:38 -06:00
Pedro Igor
9be9e30ad6 Merge pull request #4206 from pedroigor/KEYCLOAK-4983
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-05 16:19:58 -03:00
Pedro Igor
23887f4031 Fixing tests and more client policy tests 2017-06-05 11:26:33 -03:00
Pedro Igor
3760f2753b [KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names 2017-06-02 20:09:33 -03:00
Pedro Igor
d0f505455d [KEYCLOAK-4991] - Allow clients to limit the number of permission in a RPT when using entitlements 2017-06-02 19:06:40 -03:00
Bill Burke
a41d282e92 client permission tests 2017-06-02 15:49:20 -04:00
Pedro Igor
813af5d757 [KEYCLOAK-4992] - Using query parameter metadata for GET requests 2017-06-02 16:13:04 -03:00
Thomas Skjølberg
241c58dd61 Add unit tests related to signatures, check that a signature is present when want assertion signing. 2017-06-02 15:36:52 +02:00
Bill Burke
b9f7a43a72 group permissions 2017-06-01 20:16:35 -04:00
Pedro Igor
dcd1a68d95 [KEYCLOAK-4992] - Allow clients to exclude resource_set_name from RPT 2017-05-31 19:33:34 -03:00
Pedro Igor
c4a0470a37 [KEYCLOAK-4987] - Remove async support from AuthZ Token Endpoints 2017-05-30 12:48:18 -03:00
Stian Thorgersen
a6e4245185 Merge pull request #4194 from stianst/KEYCLOAK-4888
KEYCLOAK-4888
2017-05-30 14:49:22 +02:00
Stian Thorgersen
8c53c5a90e KEYCLOAK-4888
Change default hashing provider for realm
2017-05-30 09:54:05 +02:00
Thomas Darimont
7d0b461683 KEYCLOAK-4975 Use authenticationSession binding name in ScriptBasedAuthenticator
We now use authenticationSession instead of clientSession to reflect
the renaming of ClientSessionModel to AuthenticationSessionModel.

Note that this is a breaking change which needs to be mentioned in
the upgrade notes!
2017-05-29 18:14:02 +02:00
Bill Burke
c3ea847b3e auth changes 2017-05-29 09:53:17 -04:00
mposolda
5560175888 KEYCLOAK-4626 Changed javadoc. Remove unused ClientSessionModel class 2017-05-25 18:51:05 +02:00
Pedro Igor
81f1a5b145 Merge pull request #4183 from pedroigor/stan-ui-fixes
[KEYCLOAK-4915] - Fixes to evaluation tool UI
2017-05-24 09:32:42 -03:00
mposolda
2b59db71a8 KEYCLOAK-3316 Remove the IDToken if scope=openid is not used 2017-05-24 09:23:14 +02:00
Pedro Igor
829bcf5eaf Fix to evaluation tool 2017-05-23 17:50:06 -03:00
Pedro Igor
554e692d8f Merge pull request #4171 from pedroigor/KEYCLOAK-4913
[KEYCLOAK-4913] - Caching more query methods
2017-05-23 17:40:51 -03:00
Stian Thorgersen
c442bcd8d3 Merge pull request #4174 from stianst/KEYCLOAK-4889
KEYCLOAK-4889
2017-05-23 14:26:15 +02:00
Stian Thorgersen
1b6405a28f Merge pull request #4173 from hmlnarik/KEYCLOAK-4941
KEYCLOAK-4941
2017-05-23 14:00:43 +02:00
Stian Thorgersen
ef29097679 Merge pull request #4172 from hmlnarik/KEYCLOAK-4813-Destination-Validation-should-ignore-whether-default-port-is-explicitly-specified
KEYCLOAK-4813 Destination validation counts on port being not specified
2017-05-23 13:59:36 +02:00
Mohammad Rezai
acd78ee407 KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation 2017-05-23 16:15:44 +04:30
Stian Thorgersen
130452f6c3 Merge pull request #4085 from mstruk/RHSSO-402
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-23 13:29:32 +02:00
Stian Thorgersen
097a2267f5 KEYCLOAK-4889
Improve error messages for password policies
2017-05-23 13:18:06 +02:00
Hynek Mlnarik
f47283f61a KEYCLOAK-4813 Destination validation counts on port being not specified 2017-05-23 12:52:48 +02:00
Hynek Mlnarik
03b1dff1bd KEYCLOAK-4941 2017-05-23 11:15:51 +02:00
mposolda
8adde64e2c KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout 2017-05-23 09:08:58 +02:00
Pedro Igor
37a98fba20 [KEYCLOAK-4913] - Caching more query methods 2017-05-22 19:08:24 -03:00
Pedro Igor
62ffab7239 Exporting a client is updating policy config 2017-05-19 19:45:47 -03:00
Bill Burke
ab763e7c5b fixes after merge 2017-05-19 15:54:36 -04:00
Bill Burke
f114895cd2 for merge 2017-05-19 11:29:26 -04:00
Bill Burke
2cac8b1bb7 KEYCLOAK-4929 2017-05-18 16:53:31 -04:00
Bill Burke
c291748f43 KEYCLOAK-4929 2017-05-18 16:48:04 -04:00
Marko Strukelj
7d0ca42c6c RHSSO-402 need a way to dump configuration (including ldap provider config) to a file 2017-05-15 12:13:58 +02:00
Bill Burke
954ef99f22 Merge remote-tracking branch 'upstream/master' 2017-05-12 10:10:29 -04:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
mposolda
db8b733610 KEYCLOAK-4626 Fix TrustStoreEmailTest and PolicyEvaluationCompositeRoleTest. Distribution update 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01 KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes 2017-05-11 22:16:26 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
47aaa5a636 KEYCLOAK-4627 reset credentials and admin e-mails use action tokens. E-mail verification via action tokens. 2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
b55b089355 KEYCLOAK-4627 Changes in TokenVerifier to include token in exceptions. Reset credentials uses checks to validate individual token aspects 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
19a41c8704 KEYCLOAK-4627 Refactor TokenVerifier to support more than just access token checks. Action tokens implementation with reset e-mail action converted to AT 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
mposolda
e4aba9e471 KEYCLOAK-4829 Access token from offline token falsely reported as inactive by token introspection 2017-05-11 21:17:04 +02:00
Stian Thorgersen
c3a2b3a6b6 KEYCLOAK-4523 PBKDF2WithHmacSHA256 and PBKDF2WithHmacSHA512 providers 2017-05-11 11:58:22 +02:00
Bill Burke
46ec12c41c fixes 2017-05-10 14:19:10 -04:00
Bill Burke
a8a8ea4bcd Merge remote-tracking branch 'upstream/master' 2017-05-08 13:49:03 -04:00
Bill Burke
f760427c5c fine grain tests 2017-05-08 13:48:51 -04:00
Johannes Knutsen
47a8077426 KEYCLOAK-4862: Expose client description in ClientBean 2017-05-05 15:06:21 +02:00
Bill Burke
e1b6ba13cc Merge pull request #3893 from anderius/feature/KEYCLOAK-3056-verify-signature
[WIP] Saml broker: Added wantAssertionsSigned and wantAssertionsEncrypted
2017-05-05 09:04:41 -04:00
Stian Thorgersen
8da766e02e Merge pull request #4104 from sjvs/master
Fix three lgtm.com alerts: two possible NPEs, one possible int overflow
2017-05-05 13:13:02 +02:00
Marc Heide
d5c643eaf9 KEYCLOAK-4521: consider offline sessions if no active user session was found for user info endpoint 2017-05-04 15:25:09 +02:00
Bill Burke
c3b44e61d4 Merge remote-tracking branch 'upstream/master' 2017-05-01 14:51:07 -04:00
Bas van Schaik
2df1175315 Fix lgtm.com alert: potential NPE due to non-short circuit logic
The logical-AND operator '&&' evaluates its operands in order, which is
what is required here. The bitwise-AND operator '&' always evaluates all
operands, which will in some cases result in a NPE in the second
operand.

Details:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/dist-7900299-1490802114895/files/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java#V543
2017-04-28 14:51:51 +01:00
Eriksson Fabian
ca1152c3e5 KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Bill Burke
c7bdb489ee Merge remote-tracking branch 'upstream/master' 2017-04-26 18:57:56 -04:00
Pedro Igor
0cad34abbe Merge pull request #4087 from pedroigor/master
Checking realm role directly
2017-04-26 16:51:14 -03:00
Bill Burke
2276f99d54 Merge remote-tracking branch 'upstream/master' 2017-04-26 14:39:45 -04:00
Bill Burke
f67013bcb6 fix 2017-04-26 14:39:41 -04:00
Pedro Igor
4e43518b2a Checking realm role directly 2017-04-26 15:39:37 -03:00
Johannes Knutsen
0809033924 KEYCLOAK-4780 Ensure Base64 encoded HMAC secret key is decoded before use 2017-04-26 16:04:44 +02:00
Stian Thorgersen
2913ee8e23 Merge pull request #4081 from stianst/KEYCLOAK-4785
KEYCLOAK-4785 Use realm name when creating admin console base url
2017-04-26 13:12:31 +02:00
Stian Thorgersen
f68b28db20 KEYCLOAK-4785 Use realm name when creating admin console base url 2017-04-26 12:39:56 +02:00
Pedro Igor
79c9078caa [KEYCLOAK-4792] - Client credentials provider support and making easier to obtain authz client 2017-04-25 14:51:45 -03:00
Stian Thorgersen
84f5df4814 Merge pull request #4070 from stianst/KEYCLOAK-4671
KEYCLOAK-4671 Add server-private-spi to dependency deployer
2017-04-25 10:36:22 +02:00
Stian Thorgersen
54ee055bd8 KEYCLOAK-4671 Add server-private-spi to dependency deployer 2017-04-25 10:16:24 +02:00
Hynek Mlnarik
e8a65017fa KEYCLOAK-4779 Fix NPE 2017-04-24 23:09:27 +02:00
Bill Burke
12cb295a35 Merge remote-tracking branch 'upstream/master' 2017-04-24 10:05:46 -04:00
Bill Burke
58868ca99f prototype 2017-04-24 10:05:39 -04:00
Frederik Libert
b84f6d306d KEYCLOAK-4781 Support for an AttributeStatement Mapper 2017-04-24 11:29:55 +02:00
Stian Thorgersen
f92ad70ff0 KEYCLOAK-4774 redirect_fragment doesn't work in Admin Console 2017-04-21 14:03:05 +02:00
Pedro Igor
df163d86e8 Merge pull request #4052 from pedroigor/KEYCLOAK-4754
[KEYCLOAK-4754] - Unable to delete realm when using aggregated policies
2017-04-20 13:23:09 -03:00
Pedro Igor
bf69bc94bb [KEYCLOAK-4754] - Unable to delete realm when using aggregated policies 2017-04-20 12:10:52 -03:00
Stian Thorgersen
2a8b2aabb9 Merge pull request #4049 from stianst/KEYCLOAK-4738
KEYCLOAK-4738 Make sure script engine always uses correct classloader
2017-04-20 10:02:23 +02:00
Stian Thorgersen
1d03eb5f2b Merge pull request #4045 from stianst/KEYCLOAK-4737
KEYCLOAK-4737 Admin Console redirect loop when hostname contains console
2017-04-20 09:29:41 +02:00
Stian Thorgersen
4da07474fa KEYCLOAK-4738 Make sure script engine always uses correct classloader 2017-04-20 09:28:46 +02:00
Stian Thorgersen
8919015f74 KEYCLOAK-4287 Remove deprecated session iframe endpoint 2017-04-19 15:01:15 +02:00
Stian Thorgersen
0a0d2174e4 KEYCLOAK-4737 Admin Console redirect loop when hostname contains console 2017-04-19 14:43:56 +02:00
Pedro Igor
8e877a7f6c [KEYCLOAK-3135] - More tests 2017-04-12 14:34:27 -03:00
Pedro Igor
eec712a259 [KEYCLOAK-3135] - Role and user policies apis 2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c [KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests 2017-04-12 00:52:13 -03:00
Pedro Igor
d60dcb4c62 [KEYCLOAK-3135] - Some more tests and making policy type rest api more generic 2017-04-12 00:52:13 -03:00
Pedro Igor
8e64bc3e4d Tests for new permission management rest api 2017-04-12 00:52:13 -03:00