Toni Ristola
22d64368a6
KEYCLOAK-8191 Fixed DI that was not working
2018-10-09 08:22:43 -03:00
Pedro Igor
79ca722b49
[KEYCLOAK-7605] - Make sure Evaluation API is read-only
2018-10-09 08:09:29 -03:00
Moritz Becker
f17b5f0f49
fix KEYCLOAK-7572 consistently perform duplicate user checks during account update only if email changes
...
Fix test
2018-10-05 09:35:05 +02:00
stianst
86a2f28561
KEYCLOAK-8310 Add support to set fixed scheme on fixed hostname provider
2018-10-05 09:34:17 +02:00
gbtec-igormartens
c41bcddd8d
Update UserResource.java
...
In my opinion, the old documentation does not match the actual behaviour of the resetPassword method.
2018-10-04 12:54:49 +02:00
mposolda
2a4cee6044
KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers
2018-10-04 12:00:38 +02:00
Stan Silvert
dba513c921
KEYCLOAK-8419: Make most act mgt APIs only active in preview mode
2018-10-02 16:32:56 -04:00
Pedro Igor
b4b3527df7
[KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups
2018-10-02 15:44:23 -03:00
mposolda
4b9b189016
KEYCLOAK-8008 Ensure InputStream are closed
2018-10-01 16:06:32 +02:00
Martin Kanis
efe6a38648
KEYCLOAK-6718 Auth Flow does not Check Client Protocol
2018-09-26 21:00:02 +02:00
stianst
c3fc9e9815
Set version to 4.6.0.Final-SNAPSHOT
2018-09-26 20:58:41 +02:00
Pedro Igor
43f5983613
[KEYCLOAK-8289] - Remove authorization services from product preview profile
2018-09-26 18:27:27 +02:00
mposolda
3777dc45d0
KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch
2018-09-21 11:17:05 +02:00
Douglas Palmer
b748e269ec
[KEYCLOAK-7435] Added code to delete a specific session and tests for session deletion
2018-09-20 15:57:58 +02:00
Pedro Igor
6b0bc0b3be
[KEYCLOAK-8308] - Deprecate token_introspection_endpoint claim from OIDC discovery document
2018-09-19 09:46:50 -03:00
Rafael Weingärtner
3dd6f9cb85
Enable "DockerComposeYamlInstallationProviderTest" to run on Windows
2018-09-19 11:22:57 +02:00
Pedro Igor
aaf78297c9
[KEYCLOAK-7987] - Can't set authorization enabled when using kcreg
2018-09-18 10:00:16 -03:00
mposolda
99a16dcc1f
KEYCLOAK-6638 Support for adding audiences to tokens
2018-09-13 21:40:16 +02:00
slominskir
c4a651bcac
KEYCLOAK-7270 - Support for automatically linking brokered identities
2018-09-12 18:50:35 +02:00
Johannes Knutsen
d4a5c81034
KEYCLOAK-8146: Extract LocaleSelectorSPI to allow custom overrides of locale selection
2018-09-11 20:35:48 +02:00
stianst
26f257a6ac
KEYCLOAK-8264 Update OpenShift Token Review endpoint to support additional algorithms and to update session last refresh on token introspection
2018-09-11 19:57:38 +02:00
stianst
12f3d2115d
KEYCLOAK-8263 Add option to client to override access token timeout
2018-09-11 12:40:51 +02:00
stianst
24e60747b6
KEYCLOAK-7560 Refactor token signature SPI PR
...
Also incorporates:
KEYCLOAK-6770 ES256/384/512 providers
KEYCLOAK-4622 Use HS256 for refresh tokens
KEYCLOAK-4623 Use HS256 for client reg tokens
2018-09-11 08:14:10 +02:00
Takashi Norimatsu
5b6036525c
KEYCLOAK-7560 Refactor Token Sign and Verify by Token Signature SPI
2018-09-11 08:14:10 +02:00
Pedro Igor
0561d73ae2
[KEYCLOAK-6285] - HTTP Challenge Authentication Flow
2018-09-10 19:02:49 +02:00
stianst
bf758809ba
KEYCLOAK-6229 OpenShift Token Review interface
2018-09-07 08:21:28 +02:00
stianst
1fb4ca4525
Set version to 4.5.0.Final
2018-09-06 20:08:02 +02:00
stianst
c56e171f3a
KEYCLOAK-7608 Check if themes dir is null in FolderThemeProvider
2018-09-06 08:52:17 +02:00
Hynek Mlnarik
812e76c39b
KEYCLOAK-8163 Improve SAML validations
2018-09-05 15:47:03 +02:00
Pedro Igor
47066e1b89
[KEYCLOAK-8012] - Fix offline session support in authorization services
2018-09-04 15:07:49 -03:00
Pedro Igor
6a0a1031a1
[KEYCLOAK-7754] - Fixing compat issues with UMA spec in RPT Introspection Provider
2018-09-04 11:41:09 -03:00
June Zhang
237318dfd3
KEYCLOAK-7751 Auth welcome page
2018-09-04 07:55:08 +02:00
Hynek Mlnarik
54b5ec206e
KEYCLOAK-8183 Improve authz caching for negative cases
2018-08-31 18:31:55 +02:00
Hynek Mlnarik
bee3894cdf
KEYCLOAK-8150 Improve loading user list
2018-08-30 13:03:49 +02:00
mposolda
b70468341e
KEYCLOAK-7470 Ability to order client scopes
2018-08-29 14:37:27 +02:00
Jani
42553cdc44
[KEYCLOAK-7695] Restore token_type and expires_in for implicit flow
...
As KEYCLOAK-6585 concerns only hybrid flow, this commit restores the behavior for implicit flow.
This commit partially reverts #5041 (061049e41a6b0e6fb45c75f05748023ad7ab7d92).
2018-08-29 13:00:57 +02:00
AlistairDoswald
36837ae4b6
Added a ScriptMapper for SAML for KEYCLOAK-5520
...
Added mapper, tests and entry in the ProtocolMapper file.
This code is adapted from the following module: https://github.com/cloudtrust/keycloak-client-mappers
2018-08-29 09:39:30 +02:00
mposolda
31270e2f52
KEYCLOAK-7437 Support for prompt=consent
2018-08-29 08:35:29 +02:00
Johannes Knutsen
56c97407d4
KEYCLOAK-8152: Allow passing the current locale to OAuth2 identity providers
2018-08-28 15:52:23 +02:00
mposolda
6fc99cd749
KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
...
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
Martin Kanis
59082e0b5f
KEYCLOAK-7943 NPE when SAML User Property mapper is empty
2018-08-24 14:39:24 +02:00
Pedro Igor
9882341ecf
[KEYCLOAK-7725] - CORS should be set based on client making the request
2018-08-24 09:35:38 -03:00
Martin Kanis
248654a75e
KEYCLOAK-6706 E-mail verification won't let user back into the app
2018-08-21 16:30:15 +02:00
rmartinc
1b88eaf817
KEYCLOAK-8080 Audit the realm event configuration change
2018-08-20 21:01:38 +02:00
Corentin Dupont
b80701589c
[KEYCLOAK-7804] - Option to return resource body
2018-08-20 13:07:29 -03:00
Martin Kanis
d04791243c
KEYCLOAK-7970-KEYCLOAK-7222 Add clientId to action tokens
2018-08-20 15:25:24 +02:00
Pedro Igor
625f613128
[KEYCLOAK-4902] - Using streams to process requested permissions and limit support for scope responses
2018-08-17 11:00:53 -03:00
stianst
e406e8f1f0
KEYCLOAK-8069 Simplify config for fixed hostname provider
2018-08-17 14:47:14 +02:00
Hiroyuki Wada
730377a843
KEYCLOAK-7528 Set Cache-Control and Pragma header in token endpoint
2018-08-14 11:41:12 +02:00
Stefan Guilhen
f36e45cb10
[KEYCLOAK-4902] - Using streams to process scopes and cache improvements
2018-08-14 06:29:10 -03:00
Steffen Kreutz
ed72097862
KEYCLOAK-5289 Add support for Google's hd parameter
2018-08-14 11:08:57 +02:00
Stefan Guilhen
1912a8acf4
[KEYCLOAK-7885] Fix javadoc/log message typos
2018-08-13 22:09:17 -03:00
Sebastian Laskawiec
3449401ae2
KEYCLOAK-7635: Subject DN validation for x509ClientAuthenticator
2018-08-13 09:36:02 +02:00
sebastienblanc
02b2a8aab0
KEYCLOAK-7635 : Authenticate clients with x509 certificate
2018-08-13 09:36:02 +02:00
Stefan Guilhen
060b3b8d0f
[KEYCLOAK-4902] - Using streams when fetching resources
2018-08-09 16:28:31 -03:00
Hynek Mlnarik
a8a9631d4f
KEYCLOAK-6832 Unify Destination attribute handling
2018-08-09 10:30:30 +02:00
Pedro Igor
80e5227bcd
[KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests
2018-08-07 10:53:40 -03:00
Richard Kolkovich
72750b9882
KEYCLOAK-7954 treat empty string as null for skipping token verification
2018-08-07 11:13:15 +02:00
mposolda
959cd035ba
Set version to 4.3.0.Final-SNAPSHOT
2018-08-01 22:40:05 +02:00
ssilvert@win.redhat.com
e7e15652cf
KEYCLOAK-7479: Sanitize
2018-08-01 14:22:39 -04:00
Hynek Mlnarik
f57cc3a9c0
KEYCLOAK-5257 Clarify usage of TokenVerifier
2018-08-01 13:38:31 +02:00
mposolda
29da7d3d90
KEYCLOAK-7562 Fix ClientInitiatedAccountLinkTest#testErrorConditions
2018-08-01 13:33:23 +02:00
stianst
f99299ee39
KEYCLOAK-7967 Introduce Hostname SPI
2018-08-01 11:57:45 +02:00
stianst
ae47b7fa80
KEYCLOAK-7967 Remove injection of UriInfo
2018-08-01 11:57:45 +02:00
Takashi Norimatsu
665bcaebbb
KEYCLOAK-7959 OAuth 2.0 Certificate Bound Access Tokens in Rev Proxy
2018-07-31 21:53:46 +02:00
Hiroyuki Wada
398f7d950f
KEYCLOAK-7910 Store credentials when updating user via Admin REST API
2018-07-31 15:36:21 +02:00
Takashi Mogi
959e7b1b01
KEYCLOAK-7201 OIDC Identity Brokering with Client parameter forward
...
Forward "custom" (non-standard) query parameters to external IDP
2018-07-31 10:18:29 +02:00
ssilvert@win.redhat.com
6c593bab5a
Check credential confirmation on server side.
2018-07-30 13:15:02 -04:00
Hynek Mlnarik
f43519a16e
KEYCLOAK-6708 Fix NPE when email not set for email NameIDFormat
2018-07-27 11:10:35 +02:00
fisache
771d7f1724
[KEYCLOAK-7872] Fix. Remove Identity Provider Mapper when remove identity provider
2018-07-26 08:45:26 +02:00
ssilvert@win.redhat.com
0844aa8d68
KEYCLOAK-7857: Fix notifications
2018-07-25 08:59:25 -04:00
ssilvert@win.redhat.com
d73c4288ae
KEYCLOAK-7294: Password page - Angular
2018-07-25 08:59:25 -04:00
vramik
524ab44160
KEYCLOAK-6866 Error 404 after changing locale while authenticating using X.509
2018-07-24 17:24:32 +02:00
Daniil Filippov
af72c1374a
KEYCLOAK-7823 Fix HTTP status returned during SPNEGO auth
2018-07-24 10:38:42 +02:00
Hiroyuki Wada
7c0ca9aad2
KEYCLOAK-6313 Add required action's priority for customizing the execution order
2018-07-23 22:21:04 +02:00
Hynek Mlnarik
b43392bac8
KEYCLOAK-6577 KEYCLOAK-5609 Support dot in claim names by escaping with backslash
2018-07-23 14:46:25 +02:00
Pedro Igor
acc5f5c6d1
[KEYCLOAK-7864] - Authorization claim not set in refresh token when issuing a new refresh token
2018-07-19 09:56:59 -03:00
Pedro Igor
8b6979ac18
[KEYCLOAK-7849] - Improvements to RPT upgrade
2018-07-18 16:40:55 -03:00
Martin Kanis
34407957b9
KEYCLOAK-6314 Internal server error after T&C rejection
2018-07-18 15:05:22 +02:00
ssilvert@win.redhat.com
3e158c0321
KEYCLOAK-7846: Turn off disallowed features
2018-07-17 12:44:06 -04:00
Pedro Igor
90bfa2bff5
[KEYCLOAK-7781] - More validations to authorization requests
2018-07-13 09:18:05 -03:00
stianst
f022bc1269
[KEYCLOAK-5629] Add credential endpoints to account service
2018-07-12 13:00:25 -04:00
mhajas
5aebc74f8c
KEYCLOAK-7269 Setting more uris for Authorization Resource
2018-07-11 17:48:34 -03:00
mposolda
d0a824dde4
Updating version to 4.2.0.Final-SNAPSHOT
2018-07-05 07:42:48 -04:00
mposolda
8c66f520af
KEYCLOAK-7745 JTA error if offline sessions can't be preloaded at startup within 5 minutes
2018-07-04 10:22:13 +02:00
Pedro Igor
dafd567e68
[KEYCLOAK-7763] - NPE when enabling authorization to security-admin-console
2018-07-03 13:18:53 -03:00
ssilvert@win.redhat.com
d55ccf5312
KEYCLOAK-7015: Not allowing two users to have empty string emails addrs.
2018-07-03 11:04:36 -04:00
Pedro Igor
871be4ad87
[KEYCLOAK-7764] - Error when processing resource-less permissions
2018-07-03 10:35:11 -03:00
vramik
742a280f5d
KEYCLOAK-5556 support for POST for AuthorizationEndpoint
2018-07-03 10:38:10 +02:00
wyvie
1450a7fad4
[KEYCLOAK-7569] support for authentication flow update
...
Added support for the PUT method of the authentication flow endpoint in
the admin API.
Now it's possible to run the 'update' method for authentication/flows in
kcadm.sh.
2018-07-03 10:31:23 +02:00
stianst
3c5027de3c
KEYCLOAK-7701 Refactor key providers to support additional algorithms
2018-06-29 14:14:25 +02:00
Johannes Knutsen
fc3ca33033
Set hardcoded user session attribute after IDP first login flow
2018-06-26 10:31:55 +02:00
Takashi Norimatsu
2fb022e501
KEYCLOAK-7688 Offline Session Max for Offline Token
2018-06-26 08:25:06 +02:00
vramik
b478472b35
KEYCLOAK-7478 Add key query param to change locale url
2018-06-26 08:19:25 +02:00
Hynek Mlnarik
6b968796ce
KEYCLOAK-7667 Fix namespace handling when decrypting assertion
2018-06-21 13:09:18 +02:00
Hiroyuki Wada
c2012a595b
KEYCLOAK-7650 Don't display disabled identity providers
2018-06-19 08:55:24 -04:00
stianst
e1a0e581b9
Update to 4.1.0.Final-SNAPSHOT
2018-06-14 14:22:28 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support ( #5076 )
...
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes
Co-authored-by: vramik <vramik@redhat.com>
* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353
...
[KEYCLOAK-7353] Support Policy Management in Protection API
2018-06-07 11:05:49 -03:00
Ola Bergefall
c8c76cc03f
KEYCLOAK-7316: Default back to false if isPassive is missing in request.
2018-06-07 08:50:32 +02:00
Federico M. Facca
5a9bfea419
[KEYCLOAK-7353] Support Policy Management in Protection API
...
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Hynek Mlnarik
7ff18ca14b
KEYCLOAK-7331 Fix NPE when SAML Issuer not set in AuthnRequest
2018-06-06 16:21:18 +02:00
Takashi Norimatsu
c586c63533
KEYCLOAK-6771 Holder of Key mechanism
...
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
2018-06-05 08:18:29 +02:00
Pedro Igor
f8919f8baa
Merge pull request #5211 from pedroigor/KEYCLOAK-7367
...
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-06-04 09:35:13 -03:00
Jared Blashka
65c39763eb
KEYCLOAK-7356 Code to Token flow fails if initial redirect_uri contains a session_state parameter
2018-05-31 08:53:11 +02:00
Martin Kanis
f429469fc8
KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )
2018-05-31 08:44:34 +02:00
Takashi Norimatsu
eb97151476
KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
2018-05-28 22:15:43 +02:00
Pedro Igor
2b6597e9f1
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-05-25 16:18:15 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final ( #5224 )
2018-05-24 19:02:30 +02:00
Pedro Igor
e5d997a6c0
Merge pull request #5203 from martel-innovate/separate-ticket-permission-and-uma-permission-API
...
[KEYCLOAK-7354] - Split ticket management and permission endpoint
2018-05-17 15:22:55 -03:00
Federico M. Facca
76076cdb3c
[KEYCLOAK-7354] split ticket management and permission endpoint
...
see (https://issues.jboss.org/browse/KEYCLOAK-7354 )
* created new endpoint for ticket management /permission/ticket
* removed unused class
* support for direct creation of ticket by resource owner
* fix DELETE ticket
2018-05-16 15:10:39 +02:00
Timo Knapp
487539542a
KEYCLOAK-7325: Fix Issue regarding HTTP 500 Server Error for resource_set Endpoint in ProtectionService ( #5196 )
...
* KEYCLOAK-7325: Fix Issue regarding HTTP 500 Server Error for resource_set Endpoint in ProctectionService
2018-05-15 14:57:33 -03:00
Federico M. Facca
5cbe595fe3
This commit implement feature KEYCLOAK-7337
...
* return requester
when returnNames=true
* return requesterName
* return owernName
2018-05-11 21:08:16 +02:00
Pedro Igor
e84acd9898
Merge pull request #5177 from pedroigor/KEYCLOAK-7206
...
[KEYCLOAK-7206] - Search by user id on admin console
2018-05-04 09:11:49 -03:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT ( #5185 )
2018-05-02 14:32:20 +02:00
Martin Kanis
9505925363
Revert "KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )" ( #5183 )
...
This reverts commit a67da7bc59
.
2018-05-02 09:31:42 +02:00
pedroigor
ddceaaf3d5
[KEYCLOAK-7206] - Search by user id on admin console
2018-04-30 11:44:33 -03:00
Pedro Igor
e960642399
Merge pull request #5144 from pedroigor/KEYCLOAK-4903
...
[KEYCLOAK-4903] - Pushed Claims
2018-04-26 15:59:13 -03:00
Stan Silvert
35154db50f
KEYCLOAK-7123: l10n dropdowns ( #5170 )
...
* KEYCLOAK-7196: Add kc_locale to keycloak.js
* KEYCLOAK-7123: Localization dropdowns
* Update keycloak-service to latest keycloak.js
2018-04-25 15:04:12 -04:00
pedroigor
035ebc881a
[KEYCLOAK-4903] - Claim Information point Provider SPI and configuration
2018-04-25 10:16:41 -03:00
pedroigor
e813fcd9c8
[KEYCLOAK-4903] - Pushing claims when obtaining a permission ticket
2018-04-24 19:47:28 -03:00
mposolda
634e7170e3
KEYCLOAK-7158 RestartLoginCookie throws error when KC_RESTART cookie created by Keycloak 1.9
2018-04-23 21:56:13 +02:00
Martin Kanis
7efa45126c
KEYCLOAK-6991 NPE when importing realm from file
2018-04-19 14:26:50 +02:00
Oskars
3bef6d5066
KEYCLOAK-4538 Configurable clock skew when validating tokens ( #5014 )
...
* [master]: fix type for checkLoginIframeInterval
* [master]: KEYCLOAK-4538 Feature to tolerate a configurable amount of seconds of clock skew when validating tokens
* [master]: KEYCLOAK-4538 Fix unit test scenarios for token clock skew
* [master]: KEYCLOAK-4538 Reverted wildcard imports
* [master]: fix unit test to use longer intervals to make test less fragile.
2018-04-16 11:09:25 +02:00
Vlastimil Eliáš
c1311e4619
KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn OAuth2 endpoint ( #5125 )
...
* KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn
OAuth2 endpoint
* KEYCLOAK-6849 - LinkedIn social login provider test updated
* KEYCLOAK-6849 - LinkedIn social login provider test updated to
conditionally handle consent page when shown only
* Simplify the LinkedIn app authorization
This reverts commit c12359e7a13d9ff231fe2e25cddba66ad679a9cd.
2018-04-13 08:09:27 +02:00
Stan Silvert
095fec95e5
KEYCLOAK-7022 Fix l10n on Welcome page ( #5143 )
2018-04-11 12:05:07 -04:00
Hugo Guerrero
fac3118b0a
KEYCLOAK-6448 - implement instagram social broker ( #4963 )
...
* KEYCLOAK-6448 - implement instagram social broker
* Instagram SocialLogin Tests
2018-04-09 17:30:27 +02:00
Martin Kanis
a67da7bc59
KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )
2018-04-06 09:26:29 +02:00
Bill Burke
ffd9d957f4
Merge pull request #5123 from patriot1burke/kcadm-token
...
KEYCLOAK-7044 KEYCLOAK-7046
2018-04-04 17:22:17 -04:00
Stefan Guilhen
87abe5e648
[KEYCLOAK-6853] Make TimePolicyProvider use the kc.date.time_date contextual attribute when evaluating policies
2018-04-04 14:37:03 -03:00
Stan Silvert
701c318b60
KEYCLOAK-7047: Fix RegistrationEmailAsUsername and EditUserNameAllowed ( #5122 )
...
on personal info page.
2018-04-04 09:31:38 -04:00
Bill Burke
8a5428808e
KEYCLOAK-7044 KEYCLOAK-7046
2018-04-03 21:29:31 -04:00
Bill Burke
4078e84fb6
server driven success page
2018-03-31 10:16:44 -04:00
Bill Burke
f4a5e49b63
initial
2018-03-29 17:14:36 -04:00
Pedro Igor
5cae1bb134
Merge pull request #5093 from pedroigor/KEYCLOAK-4102
...
[KEYCLOAK-4102] - Support lazy load paths
2018-03-29 09:16:34 -03:00
Bill Burke
8d3dc790df
Merge pull request #5087 from patriot1burke/kcinit
...
KEYCLOAK-6813
2018-03-28 17:35:33 -04:00
Bill Burke
f5bacb79c1
review changes
2018-03-28 16:45:52 -04:00
pedroigor
4a425c2674
[KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config
2018-03-28 09:23:59 -03:00
Bill Burke
c38b6d585e
KEYCLOAK-528 ( #5103 )
2018-03-28 11:15:37 +02:00
Bill Burke
ad5f3fefc5
Merge remote-tracking branch 'upstream/master' into kcinit
2018-03-27 16:38:35 -04:00
Stan Silvert
80feb67fc2
KEYCLOAK-6494: Address load time of new acct mgt console ( #5100 )
...
* Optimize loading. min bundles, stop double-loading, rxjs-system instead of
plain rxjs, clean up 404's
* Create module loading hierarchy. Allows for lazy loading.
* Upgrade NG, remove jquery, load keycloak.js only from auth/js
* Delay systemjs loading. Load home page instead of account.
* KEYCLOAK-6496: Cleanup and polish code after optimizations.
* Fix message bundle to be back the way it was.
* Remove unused png's. Remove comments in index.ftl. Remove javaMessages.
2018-03-27 12:42:13 -04:00
pedroigor
e9e376419d
[KEYCLOAK-4102] - Removing create-resources configuration option
2018-03-27 09:51:13 -03:00
Pedro Igor
ffeb0420bf
Merge pull request #5079 from pedroigor/KEYCLOAK-6529
...
[KEYCLOAK-6529] - Resource Attributes
2018-03-27 09:30:38 -03:00
stianst
07fea02146
Bump versions to 4.0.0.Beta2-SNAPSHOT
2018-03-26 18:17:38 +02:00
wyvie
d40e9bd3c1
[KEYCLOAK-6814] check if HMAC exists during session restart
2018-03-26 10:05:39 +02:00
Bill Burke
f000cedcbb
Merge remote-tracking branch 'upstream/master' into kcinit
2018-03-20 16:49:43 -04:00
Jérôme Blanchard
f11c24e359
[KEYCLOAK-6147] Include Nonce in OIDC authentication
2018-03-20 10:51:44 +01:00
Bill Burke
8926837a3e
tests
2018-03-19 16:47:13 -04:00
Áron Bustya
82ba2b1b0d
remove changes from standard OIDC client registration, move constants
2018-03-19 19:31:22 +01:00
Áron Bustya
57f57f5c75
set request object mandatory for client, restrict delivery mode
...
handle new attribute in client representation
add to UI
2018-03-19 19:31:22 +01:00
pedroigor
08896ee9c9
[KEYCLOAK-6529] - Resource Attributes
2018-03-19 13:21:39 -03:00
Bill Burke
4bba11cd94
kcinit
2018-03-16 12:11:57 -04:00
Alex Szczuczko
e4781b8aa3
KEYCLOAK-6828 Drop jcenter repository from services/pom.xml
...
swagger2markup-maven-plugin depends transitively on markdown_to_asciidoc, which
is inexplicably not in Central. This causes issues during productisation, as
it's reasonably assumed that all third party artifacts will be in Central.
Stian has already asked the community project to get their artifacts in Central
( bodiam/markdown-to-asciidoc#26 ), and they haven't done anything in almost a
year. So, I've added the artifacts under my own namespace, and changed the pom
to use those instead. The artifacts are unchanged from the ones on jcenter,
except the pom was expanded slightly to meet the minimum requirements of
Central.
I'm making this change now, as I hit the problem when trying to set up
continuous productization builds from master.
2018-03-16 08:36:04 +01:00
Douglas Palmer
fed1b62c5d
[KEYCLOAK-6301] Remove service account when it is disabled from the client
2018-03-14 15:09:42 +01:00
Takashi Norimatsu
5b1e65c23e
KEYCLOAK-6700 Financial API Read and Write API Security Profile : state
...
hash value (s_hash) to protect state parameter
2018-03-13 16:40:34 +01:00
Takashi Norimatsu
e72756d01a
KEYCLOAK-6700 Financial API Read and Write API Security Profile : state hash value (s_hash) to protect state parameter
2018-03-13 16:40:34 +01:00
Pedro Igor
2aa71d1737
Merge pull request #5051 from pedroigor/KEYCLOAK-6787
...
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-12 11:41:49 -03:00
pedroigor
0a4fd79b22
[KEYCLOAK-6116] - Get email attribute from 'subject alternative name' using X509 certificate
2018-03-09 10:56:35 -03:00
Martin Hardselius
8549bd70b7
Add pairwise sub support to authorization services
...
Identity token verification will now fetch the user from the session
state instead of relying on the sub provided in the token. Also done in
KeycloakIdentity.
Resolves: KEYCLOAK-6659
2018-03-02 13:08:27 +01:00
pedroigor
1e1de85685
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-01 16:50:05 -03:00
pedroigor
cb531056a6
[KEYCLOAK-6621] - Fixing cache and queries of policies with type scope
2018-02-28 16:33:45 -03:00
Pedro Igor
91bdc4bde2
[KEYCLOAK-3169] - UMA 2.0 ( #4368 )
...
* [KEYCLOAK-3169] - UMA 2.0 Support
* [KEYCLOAK-3169] - Changes to account service and more tests
* [KEYCLOAK-3169] - Code cleanup and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - More tests
* [KEYCLOAK-3169] - Changes to adapter configuration
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring
* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests
* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers
* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console
* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console
* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests
* [KEYCLOAK-3169] - Removing more UMA 1.0 related code
* [KEYCLOAK-3169] - Only submit requests if ticket exists
* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - 403 response in case ticket is not created
* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent
* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
wyvie
f8022a5c2f
[KEYCLOAK-6585] hybrid flow: removed token_type and expires_in paramters from oidc auth response
2018-02-27 15:31:12 +01:00
vmuzikar
a2cc7bd4b9
KEYCLOAK-6709 Fix OpenShift IdP doesn't fetch user's full name
2018-02-27 12:28:42 +01:00
wyvie
52acd959e0
[KEYCLOAK-6584] removed not-before-policy parameter from authorization response
2018-02-26 17:41:18 +01:00
Josh Cain
24132c8f5b
Return location for execution and flow creation in admin interface. Also allow for retrieval of execution by ID
2018-02-26 17:00:17 +01:00
Hynek Mlnarik
e7cdb8ad54
KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers
2018-02-23 08:16:14 +01:00
Stian Thorgersen
9ef1f1b73c
KEYCLOAK-3482
2018-02-22 09:42:45 -03:00
Erlend Hamnaberg
208ecbc3f7
KEYCLOAK-6676: Fix NPE if the redirect_uri parameter is missing
2018-02-21 19:44:22 +01:00
mposolda
fc463ae50b
KEYCLOAK-6617 Offline token logout did not invalidate user session
2018-02-19 08:49:05 +01:00
cgol
86a8addf49
KEYCLOAK-6615 Remove offline session from database on offline token logout
...
remove offline token from database on offline session logout
2018-02-19 08:49:05 +01:00
stianst
9b63cd35f0
KEYCLOAK-6431
2018-02-13 19:38:46 +01:00
Hynek Mlnarik
84ea3f8cb1
KEYCLOAK-4315 Remove some dead/duplicate classes
2018-02-13 15:41:36 +01:00
Bill Burke
5d5373454c
Merge pull request #4991 from patriot1burke/challenge-support
...
KEYCLOAK-6355
2018-02-13 09:38:45 -05:00
Bill Burke
87ee15a081
fix
2018-02-12 16:52:55 -05:00
Bill Burke
d6788a0839
finish
2018-02-10 13:38:39 -05:00
stianst
505cf5b251
KEYCLOAK-6519 Theme resource provider
2018-02-09 08:28:59 +01:00
Bill Burke
5ea4ef9e55
change code query params to session_code
2018-02-08 17:37:27 -05:00
Douglas Palmer
e8de4655ac
KEYCLOAK-6344 Use POST instead of GET for LDAP connection tests
2018-02-08 21:18:03 +01:00
Jochen Preusche
8325151e16
Extract findLocale
to LocaleNegotiator
, add tests
...
* Improve Testability of Locale Negotiation
* Add test for Locale Negotiation
* Fix Locale Negotiation for omitted Country Code
2018-02-06 09:50:04 +01:00
Serhii Shymkiv
c2fe500eb8
[KEYCLOAK-4721] Consider Session Language of Realm Also In ReCaptcha
2018-02-02 13:57:03 +01:00
vramik
019c3c9ef9
KEYCLOAK-6146 realm import fails when password policy is specified
2018-02-02 08:30:06 +01:00
Thomas Darimont
77334af34e
KEYCLOAK-6222 Check syntax for errors on ScriptBasedOIDCProtocolMapper validation
...
We now explicitly check for syntax errors
during validation of ScriptBasedOIDCProtocolMappers.
2018-02-02 08:28:27 +01:00
Bill Burke
8f09efab9d
Merge pull request #4949 from patriot1burke/client-storage-spi
...
KEYCLOAK-6228
2018-02-01 08:59:02 -05:00
Bill Burke
126dd70efc
client stat improvement
2018-01-31 13:05:13 -05:00
Bill Burke
a571781240
hynek db changes
2018-01-30 17:00:55 -05:00
Vlastimil Elias
a5f675d693
KEYCLOAK-4937 - convert time units in emails into human-friendly format
2018-01-30 06:38:57 +01:00
Bill Burke
1d8e38f0c6
admin console
2018-01-27 13:05:02 -05:00
Bill Burke
dd4c0d448c
Merge remote-tracking branch 'upstream/master' into client-storage-spi
2018-01-27 09:47:41 -05:00
Bill Burke
6b84b9b4b6
done 1st iteration
2018-01-27 09:47:16 -05:00
Takashi Norimatsu
502627f590
KEYCLOAK-5811 Client Authentication by JWS Client Assertion in client secret
2018-01-26 10:59:40 +01:00
gregoirew
13261b52db
Use the github /user/emails api endpoint if the github user did not set any public email.
...
Github can send a null email on the user info endpoint if there is no public email on the user profile.
This commit look for email on the /user/emails endpoint, selecting the primary email.
2018-01-25 20:56:24 +01:00
Bill Burke
ddad1cb8af
Merge remote-tracking branch 'upstream/master' into client-storage-spi
2018-01-25 10:08:37 -05:00
Bill Burke
8a17b61f4e
initial work
2018-01-25 10:08:26 -05:00
Bill Burke
7c66f76858
Merge pull request #4932 from patriot1burke/per-client-flow
...
KEYCLOAK-6335
2018-01-25 09:55:11 -05:00
Thomas Darimont
3d12bf7d14
KEYCLOAK-4743 Revise proxy support for HttpClient SPI
...
Polishing & more tests.
2018-01-25 09:31:32 +01:00
Thomas Darimont
851d0192ad
KEYCLOAK-4743 Add proxy support to HttpClient SPI
...
We now provide a configurable way for dynamic proxy route selection
for the default HttpClient based on regex based targetHostname patterns.
Introduced `ProxyMapping` to describe a regex based mapping
between target hosts and the proxy URL to use.
A `ProxyMapping` can be build from an ordered list of string based
mapping representations, e.g:
```
^.*.(google.com|googleapis.com)$;http://localhost:8080
```
If the targetHost does not match a configured proxy mapping,
no proxy is used.
This can be configured via standalone.xml / jboss-cli, e.g.:
```
echo SETUP: Configure proxy routes for HttpClient SPI
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:add(enabled=true)
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:write-attribute(name=properties.proxy-mappings,value=["^.*.(google.com|googleapis.com)$;http://www-proxy1:8080 ","^.*.facebook.com$;http://www-proxy2:8080 "])
```
The new `ProxyMappingWareRoutePlanner` uses a configured `ProxyMapping`
to decide which proxy to use for a given request based on the target host
denoted by the HTTP request to execute.
I verified this manually with the BurpProxy Suite.
2018-01-25 09:31:32 +01:00
mposolda
6369c26671
KEYCLOAK-6286 Adding 'Exclude Session State From Authentication Response' switch to fix backwards compatibility with Keycloak 2.X adapters
2018-01-24 11:35:13 +01:00
Bill Burke
7b2e72d395
Merge remote-tracking branch 'upstream/master' into per-client-flow
2018-01-23 12:10:11 -05:00
Bill Burke
a9297df89c
KEYCLOAK-6335
2018-01-23 12:09:49 -05:00
Hynek Mlnarik
4ba72e2d2d
KEYCLOAK-5976 Fix client setting in brokered IdP-initiated scenario
2018-01-23 09:34:11 +01:00
stianst
f762173eb0
KEYCLOAK-3370 Add option to override theme in client template and client
2018-01-18 09:14:13 +01:00
stianst
35ada9d636
KEYCLOAK-6289 Add ThemeSelectorSPI
2018-01-18 09:14:13 +01:00
Thomas Darimont
bae4d4c673
KEYCLOAK-5791 Allow multi-valued ScriptBasedOIDCProtocolMapper
...
We now support multi-valued attribute values for the
`ScriptBasedOIDCProtocolMapper`.
Previously the `ScriptBasedOIDCProtocolMapper` only supported
single valued output. If a script returned a list of
output values then only the first value was emitted to the token.
By default multi-valued is set to `false` / `off`.
2018-01-11 08:52:24 +01:00
stianst
d8c0cc447f
KEYCLOAK-6090 Add missing cors headers with invalid username/password and resource owner grant
2018-01-02 15:15:15 +01:00
stianst
0bedbb4dd3
Bump version to 4.0.0.CR1-SNAPSHOT
2017-12-21 15:06:00 +01:00
Marko Strukelj
23d0afbfd8
KEYCLOAK-6058 Partial import should ignore built-in clients
2017-12-21 13:52:58 +01:00
stianst
f0c5752ef9
KEYCLOAK-5443 Fix update user account when both email as username and edit username are enabled
2017-12-20 14:40:03 +01:00
Bruno Oliveira
811cd3a04a
KEYCLOAK-6011
2017-12-20 13:37:11 +01:00
stianst
e96c6a4bcb
KEYCLOAK-6068 Fix preflight request on admin endpoints
2017-12-20 10:19:34 +01:00
stianst
465675ac28
KEYCLOAK-5019 Fixes for password managers
2017-12-19 16:13:16 +01:00
mposolda
5a66f577eb
KEYCLOAK-5982 Fix NPEs when client 'account' was renamed/removed
2017-12-18 21:47:17 +01:00
stianst
27b5e1aae2
KEYCLOAK-6050 Fix export doesn't export internal realm rep
2017-12-18 13:15:42 +01:00
stianst
b303acaaba
KEYCLOAK-2120 Added manual setup page for OTP
2017-12-18 11:20:20 +01:00
Bill Burke
118e998570
Merge pull request #4834 from pedroigor/KEYCLOAK-5806
...
[KEYCLOAK-5806] - Create policy button to associated policies
2017-12-16 23:44:35 -05:00
Bill Burke
80be4c9dbc
fix more
2017-12-16 07:12:32 -05:00
pedroigor
5d7ba39e0c
[KEYCLOAK-5806] - Create policy component to permission pages
2017-12-15 23:41:52 -02:00
Bill Burke
7cb39c2dfc
KEYCLOAK-5420
2017-12-15 12:16:24 -05:00
Hynek Mlnarik
e4a91c0706
KEYCLOAK-6042 Encode user ID before storing in auth session
2017-12-15 15:16:26 +01:00
stianst
a8943fb323
KEYCLOAK-6043 Use same urls for get and posts in account
2017-12-15 08:31:04 +01:00
Bruno Oliveira
1a541889f4
[KEYCLOAK-6015] replyTo can be empty string in DB
2017-12-15 07:01:15 +01:00
stianst
b672229efc
KEYCLOAK-6032 Fix error page when internationalization is enabled
2017-12-15 06:32:00 +01:00
Vlastimil Elias
7e20a65989
KEYCLOAK-6040 AuthenticationSessionModel pushing into
...
EmailTemplateProvider
2017-12-14 15:51:04 +01:00
Hynek Mlnarik
2a2e6c839b
KEYCLOAK-5635
2017-12-13 21:07:46 +01:00
Hynek Mlnarik
7174c0b4ec
KEYCLOAK-6025 Simplify easy access to current session in action token handlers
2017-12-12 17:53:44 +01:00
stianst
f939818252
KEYCLOAK-5907 Use client manager to delete clients in client registration services
2017-12-12 14:25:05 +01:00
mposolda
63efee6e15
KEYCLOAK-5938 Authentication sessions: Support for logins of multiple tabs of same client
2017-12-12 08:01:02 +01:00
stianst
867de9de50
KEYCLOAK-6010 Add CORS headers to keycloak.js
2017-12-11 14:24:12 +01:00
k-tamura
d7a90817f2
KEYCLOAK-6009 Fix incorrect String.format usage
2017-12-10 20:56:36 +01:00
Bill Burke
c9b218db71
Merge pull request #4823 from patriot1burke/master
...
KEYCLOAK-5724
2017-12-08 20:03:05 -05:00
Bill Burke
ce9f4bf97a
KEYCLOAK-5724
2017-12-08 10:25:30 -05:00
Bill Burke
5d5a200413
Merge pull request #4818 from patriot1burke/master
...
KEYCLOAK-5926
2017-12-08 09:59:32 -05:00
Hynek Mlnarik
00fb36437d
KEYCLOAK-5861 Remove AUTH_SESSION_ID when END_AFTER_REQUIRED_ACTIONS set
2017-12-08 09:52:14 +01:00
Hynek Mlnarik
4a012b73ea
KEYCLOAK-4998 Fix NPE in AttributeToRoleMapper
2017-12-08 09:21:21 +01:00
Bill Burke
49ba71fd8f
add logic for sync
2017-12-07 20:03:10 -05:00
Bill Burke
0dee393071
KEYCLOAK-5926
2017-12-07 19:49:10 -05:00
stianst
c055ffb083
KEYCLOAK-4215 Consider session expiration when setting token timeouts
2017-12-07 10:45:02 +01:00
stianst
cccddebfd0
KEYCLOAK-5984 Fix error message in client initiated
2017-12-06 19:46:11 +01:00
mposolda
8a0fa521c4
KEYCLOAK-5915 Support for sticky sessions managed by loadbalancer. Support for KeyAffinityService
2017-12-06 13:06:54 +01:00
Bill Burke
f669fdf0df
Merge pull request #4797 from stianst/KEYCLOAK-5734
...
KEYCLOAK-5734
2017-12-05 17:31:36 -05:00
stianst
94ce97b972
KEYCLOAK-5734
2017-12-05 21:22:47 +01:00
stianst
c3d9f4704e
KEYCLOAK-5946 Make sure wildcard origin is never returned
2017-12-04 19:55:34 +01:00
stianst
4541acc628
KEYCLOAK-5176 Strip headers from PEM when uploading to client
2017-12-04 19:54:15 +01:00
mposolda
ff6fcd30d9
KEYCLOAK-4478 OIDC auth response lacks session_state in some cases
2017-12-04 16:13:22 +01:00
stianst
37de8e9f69
Bump version to 3.4.2.Final-SNAPSHOT
2017-12-01 09:34:48 +01:00
mposolda
7b03eed9c8
KEYCLOAK-5797 Refactoring authenticationSessions to support login in multiple browser tabs with different clients
2017-11-30 12:56:45 +01:00
Peter Nalyvayko
b8e5fd2b99
KC-4335: working on adding a reverse proxy support to allow X.509 client certificate authentication when running keycloak behind a reverse proxy
...
KC-4335: reverse proxy => a swtich to change a type of reverse proxy when running the X509 integration tests; changes to the names of the reverse proxy providers
KC-4335: updated the migration scripts to add x509 spi to standalone and domain configurations; removed the HAproxy and apache x509 spi configuration
2017-11-30 11:00:32 +01:00
pedroigor
17748d5ba8
[KEYCLOAK-5660] - Adding UserQueryProvider.getUsersCount(realm, includeServiceAccount) method
2017-11-30 10:45:54 +01:00
Marko Strukelj
c5d9301951
KEYCLOAK-4920 NPE when exporting configuration without alias
2017-11-30 10:40:25 +01:00
Bruno Oliveira
6a528a3ee6
[KEYCLOAK-2645] Reset password page says 'You need to change your password to activate your account.'
2017-11-30 10:37:21 +01:00
stianst
2be78a0239
KEYCLOAK-5924 Add error handler for uncaught errors
2017-11-30 10:33:13 +01:00
Bruno Oliveira
af66c5dbd2
[KEYCLOAK-5483] X.509 Auth - log in attempt is not sometimes logged in the Login Events
2017-11-29 20:08:22 +01:00
Pedro Igor
d22c58ee30
Merge pull request #4760 from pedroigor/KEYCLOAK-5900
...
[KEYCLOAK-5900] - Returning error response when resource does not exist
2017-11-29 10:38:44 -02:00
pedroigor
c5b06f23e9
[KEYCLOAK-5900] - Returning error response when resource does not exist
2017-11-28 19:46:18 -02:00
pedroigor
bf73375a5c
[KEYCLOAK-5901] - Changing response to return a 400 in case scope is invalid
2017-11-28 19:32:41 -02:00
stianst
36314c51d6
KEYCLOAK-5856 Fix infinite loop
2017-11-28 07:54:49 +01:00
pedroigor
e3c9fa25a3
[KEYCLOAK-5770] - Global Saml Logout doesn't create logout event
2017-11-23 21:08:07 +01:00
Bill Burke
2117db5e6d
Merge pull request #4730 from patriot1burke/master
...
KEYCLOAK-4715
2017-11-22 12:45:23 -05:00
mposolda
bd1072d2eb
KEYCLOAK-5747 Ensure refreshToken doesn't need to send request to the other DC. Other fixes and polishing
2017-11-22 11:55:12 +01:00
Bill Burke
8993ca08ad
KEYCLOAK-4715
2017-11-21 17:46:48 -05:00
Bill Burke
06762ba13d
KEYCLOAK-5878
2017-11-20 17:03:28 -05:00
Marek Posolda
8e53ccf5ab
Merge pull request #4706 from stianst/KEYCLOAK-5383
...
KEYCLOAK-5383 Fix creating password in LDAP through admin create user…
2017-11-20 09:17:45 +01:00
Bill Burke
7c0c48da01
Merge pull request #4717 from patriot1burke/master
...
KEYCLOAK-5715
2017-11-17 12:59:36 -05:00
Bill Burke
ff5010cdd0
Merge pull request #4663 from mstruk/KEYCLOAK-5702
...
KEYCLOAK-5702 kcadm delete realm fails with nullpointer
2017-11-17 11:57:58 -05:00
Bill Burke
c66ff60c58
KEYCLOAK-5715
2017-11-17 11:34:32 -05:00
Stian Thorgersen
86fb18395e
KEYCLOAK-5383 Fix creating password in LDAP through admin create user endpoint
2017-11-15 21:20:00 +01:00
Pedro Igor
1bd2f0e98f
Merge pull request #4674 from thomasdarimont/issue/fix-npe-in-userpermissions
...
KEYCLOAK-5841 Fix NPE in deletePermissionSetup in UserPermissions
2017-11-15 10:22:44 -02:00
Pedro Igor
eebf0b0499
Merge pull request #4690 from pedroigor/KEYCLOAK-5824
...
[KEYCLOAK-5824] - Keycloak throws "Error while evaluating permissions" exception often
2017-11-14 18:35:56 -02:00
Pedro Igor
b0ccce397a
[KEYCLOAK-5824] - Fixing logging of error mesages
2017-11-14 11:28:21 -02:00
Stian Thorgersen
89f4b87038
KEYCLOAK-5567 Set correct status code on login error pages
2017-11-14 12:33:29 +01:00
Bruno Oliveira
03d0488335
[KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-13 19:57:04 -02:00
Stian Thorgersen
925d5e1dea
KEYCLOAK-3173 enable logout offline refresh token using OIDC logout endpoint
2017-11-13 18:23:39 +01:00
Stian Thorgersen
51c7917853
KEYCLOAK-5772 Missing produces type on welcome resource post
2017-11-13 16:38:42 +01:00
Stian Thorgersen
d02ffd33b3
KEYCLOAK-5721 Moved state checker from separate cookie to claim on identity cookie
2017-11-13 14:11:28 +01:00
Thomas Darimont
a5b73a365d
KEYCLOAK-5841 Fix NPE in deletePermissionSetup in UserPermissions
...
Previously a call to `UserPermissions#deletePermissionSetup`
always resulted in a NPE if the usersResource was null.
We now only try to delete the resourceStore information if
the given usersResource is not null.
2017-11-13 13:35:40 +01:00
Stian Thorgersen
90900b1a1f
KEYCLOAK-5825 Clear state checker for welcome on form submit
2017-11-10 13:40:29 +01:00
Stian Thorgersen
4295f4ec31
KEYCLOAK-1886 Added cors headers to errors in token endpoint
2017-11-10 12:01:21 +01:00
Marko Strukelj
7035a4647d
KEYCLOAK-5702 kcadm delete realm fails with nullpointer
2017-11-09 20:57:49 +01:00
Stian Thorgersen
128ff12f8f
Bump versions
2017-11-09 15:37:21 +01:00
Xiaojian Liu
19eed51582
KEYCLOAK-5352 Basic Auth fails if password contains a ':'
2017-11-09 13:56:02 +01:00
Xiaojian Liu
9ff22f596d
KEYCLOAK-5352 Basic Auth fails if password contains a ':'
2017-11-09 13:56:02 +01:00
Xiaojian Liu
e1af9f133f
KEYCLOAK-5352 Basic Auth fails if password contains a ':'
2017-11-09 13:56:02 +01:00
Bruno Oliveira
26e253f4a5
[KEYCLOAK-5284]
2017-11-09 13:45:06 +01:00
mposolda
701b7acd80
KEYCLOAK-5371 More stable cross-dc tests
2017-11-08 10:03:04 +01:00
Stian Thorgersen
b1a05dfce2
KEYCLOAK-5664 ( #4604 )
2017-11-07 10:09:34 +01:00
Hynek Mlnarik
fe2f65daac
KEYCLOAK-5581 Fix SAML identity broker context serialization
2017-11-03 21:09:18 +01:00
Pedro Igor
3716fa44ac
[KEYCLOAK-5728] - Permission Claims support
2017-10-27 12:40:30 -02:00
Pedro Igor
57d3c44bb7
[KEYCLOAK-4901] - New policy mgmt rest api should return specific representations for a policy type
2017-10-26 15:26:40 -02:00
Pedro Igor
a70cab502c
[KEYCLOAK-4901] - Reviewing methods on provider spis
2017-10-26 13:39:57 -02:00
Hynek Mlnařík
248da4687a
Merge pull request #4610 from hmlnarik/KEYCLOAK-5745-Extract-client-sessions-from-user-sessions
...
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 13:09:06 +02:00
Hynek Mlnarik
75c354fd94
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 10:39:41 +02:00
Bruno Oliveira da Silva
375e01a074
KEYCLOAK-5278 ( #4606 )
2017-10-25 15:27:24 +02:00
Stian Thorgersen
f0bbcbf0fd
KEYCLOAK-5487 ( #4603 )
2017-10-24 10:49:08 +02:00
Stan Silvert
9083e5fe5c
KEYCLOAK-5298: Enable autoescaping in Freemarker ( #4561 )
...
* KEYCLOAK-5298: Enable autoescaping in Freemarker
* Fix several of the failing tests.
* Fix broken tests in integration-deprecated
* Fix last failing test.
2017-10-23 12:03:00 -04:00
Stian Thorgersen
9b75b603e3
KEYCLOAK-5234 ( #4585 )
2017-10-23 16:13:22 +02:00
Stian Thorgersen
d9ffc4fa21
KEYCLOAK-5225 ( #4577 )
...
KEYCLOAK-5225 fix test
Fix
2017-10-19 08:23:16 +02:00
Stian Thorgersen
fea4c54adc
KEYCLOAK-5280 ( #4576 )
2017-10-19 08:02:23 +02:00
Bill Burke
649bca7618
KEYCLOAK-4328
2017-10-18 09:37:17 -04:00
Hynek Mlnarik
056ba75a72
KEYCLOAK-5656 Use standard infinispan remote-store
2017-10-16 21:49:42 +02:00
Bruno Oliveira da Silva
b6ab2852c2
Remove unused imports ( #4558 )
2017-10-16 14:23:42 +02:00
Bill Burke
31dccc9a5e
Merge pull request #4509 from TeliaSoneraNorge/KEYCLOAK-5032
...
KEYCLOAK-5032 Forward request parameters to another IdP
2017-10-13 18:47:05 -04:00
Bill Burke
46d3ed7832
Merge remote-tracking branch 'upstream/master'
2017-10-13 17:00:57 -04:00
Bill Burke
d9af93850c
KEYCLOAK-5683, KEYCLOAK-5684, KEYCLOAK-5682, KEYCLOAK-5612, KEYCLOAK-5611
2017-10-13 16:51:56 -04:00
mposolda
26f11078dc
KEYCLOAK-5371 Use managed executors on Wildfly
2017-10-11 11:09:53 +02:00
mposolda
f5ff24ccdb
KEYCLOAK-5371 Fix SessionExpirationCrossDCTest, Added ExecutorsProvider. Debug support for cache-servers in tests
2017-10-10 22:30:44 +02:00
Bill Burke
b0464f1751
Merge remote-tracking branch 'upstream/master'
2017-10-10 09:10:04 -04:00
Bill Burke
5bd4ea30ad
rev
2017-10-10 09:09:51 -04:00
Marek Posolda
d336667972
Merge pull request #4527 from Hitachi/master
...
OIDC Financial API Read Only Profile : scope MUST be returned in the response from Token Endpoint
2017-10-10 11:37:45 +02:00
Carl Kristian Eriksen
50dd07217d
KEYCLOAK-5032 Forward request parameters to another IdP
...
Forwarding of prompt and acr_values, if provided in the authorization request.
If prompt is set in the configuration for the identity provider, the configuration overrules the request parameter.
2017-10-09 16:15:27 +02:00
Marek Posolda
c6483f8b1e
Merge pull request #4523 from abustya/master
...
KEYCLOAK-5616 Processing of claims parameter
2017-10-09 11:14:23 +02:00
Bill Burke
c8516c2349
support social external exchange
2017-10-06 16:44:26 -04:00
Vlastimil Eliáš
c9da02912e
KEYCLOAK-2671 - FreeMarker form providers refactored for better ( #4533 )
...
extensibility
2017-10-05 13:37:32 +02:00
Takashi Norimatsu
6f6a467c7b
OIDC Financial API Read Only Profile : scope MUST be returned in the
...
response from Token Endpoint
2017-10-04 12:59:49 +09:00
Václav Muzikář
da146f13c1
KEYCLOAK-5566 Google IdP doesn't reliably fetch user's full name ( #4503 )
2017-10-03 20:56:25 +02:00
Áron Bustya
c2ffaa0777
Merge remote-tracking branch 'keycloak/master'
2017-10-03 14:53:40 +02:00
Áron Bustya
632414cc92
process claims parameter
...
also support parsing from request object
2017-10-03 14:51:46 +02:00
Bruno Oliveira da Silva
da72968085
KEYCLOAK-4401: Wrong message when a temporarily disabled user requests password reset ( #4506 )
2017-10-03 06:28:34 +02:00
mposolda
4a7013d550
KEYCLOAK-5440 RestartLoginCookie field 'cs' not marked ignorable
2017-10-02 14:19:27 +02:00
Bruno Oliveira da Silva
bb0bccc3c0
[KEYCLOAK-5486] Test email connection feature does not work the second time ( #4517 )
2017-10-02 13:14:50 +02:00
Marek Posolda
13fe9e7cf8
Merge pull request #4510 from glavoie/KEYCLOAK-3303
...
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93
KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT
2017-09-29 13:20:22 +02:00
Gabriel Lavoie
134daeac7f
KEYCLOAK-3303: Allow reuse of refresh tokens.
...
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b
Merge pull request #4209 from guitaro/feature/group-search-and-pagination
...
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Bill Burke
9db6a5e0df
Merge pull request #4497 from thomasdarimont/issue/KEYCLOAK-3599-add-script-based-protocol-mapper
...
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
2017-09-23 20:38:51 -04:00
Thomas Darimont
57c633967a
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
...
We now use the `ScriptingProvider` API instead of
using the `ScriptEngineManager` because dynamic
`ScriptEngineManager` lookups might fail in some
environments like JBoss EAP.
Refactored `AbstractOIDCProtocolMapper` to provide
a new version of the `setClaim(..)` method which takes a
`KeycloakSession` as additional argument.
The old `setClaim(..)` method is marked as deprecated and
should be scheduled for removal in a later release.
To ensure backwards compatibility we call the old `setClaim(..)`
from the new `setClaim(..,keycloakSession)` method in order
to not break user implementations of OIDC ProtocolMappers.
The existing OIDC ProtocolMappers which override the old
`setClaim(..)` method should be updated to use the new version
`setClaim(..,keycloakSession)`.
This was necessary to be able to lookup a `ScriptingProvider`.
2017-09-22 22:57:07 +02:00
Bill Burke
1599e6db6e
KEYCLOAK-5518
2017-09-22 16:38:50 -04:00
Bill Burke
537081ec9d
Merge pull request #4494 from patriot1burke/master
...
KEYCLOAK-5516
2017-09-22 16:38:13 -04:00
Bill Burke
3020a04a8b
Merge pull request #4490 from Fiercely/master
...
Keycloak 2035
2017-09-22 16:13:22 -04:00
Bill Burke
790e2dc69f
fix compiler bug
2017-09-22 15:43:13 -04:00
Thomas Darimont
236b2b9273
KEYCLOAK-3599 Add Script based OIDC ProtocolMapper
2017-09-22 21:24:20 +02:00
Bill Burke
eb4f7f3b21
KEYCLOAK-5516
2017-09-22 11:48:30 -04:00
howcroft
e78bf5f876
Keycloak 2035
...
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Bill Burke
8ace0e68c3
KEYCLOAK-910 KEYCLOAK-5455
2017-09-21 17:15:18 -04:00
Bill Burke
ab58052a4c
Merge pull request #4482 from patriot1burke/master
...
KEYCLOAK-5491 KEYCLOAK-5492 KEYCLOAK-5490
2017-09-19 14:01:40 -04:00
Marek Posolda
fa35249afd
Merge pull request #4480 from TeliaSoneraNorge/KEYCLOAK-5494
...
Fix introspection error for pairwise access tokens
2017-09-18 16:44:24 +02:00
Pedro Igor
e8ef050093
Merge pull request #4471 from pedroigor/KEYCLOAK-5095
...
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-18 09:32:47 -03:00
Martin Hardselius
6b687c4318
Fix offline validation errors
...
Refactored token validation method to run user checks only if the user
session is valid.
2017-09-18 11:26:57 +02:00
Bill Burke
f927ee7b4e
KEYCLOAK-5491 KEYCLOAK-5492
2017-09-15 16:30:45 -04:00
Bill Burke
3e6adbc904
KEYCLOAK-5490 ( #4477 )
2017-09-15 11:36:48 +02:00
Martin Hardselius
a4315f4076
Fix introspection error for pairwise access tokens
...
When access tokens containing a pairwise sub are introspected, user
related checks are using that sub to fetch the UserModel instead of
fetching the user from the UserSession. No corresponding user is found
(or possibly even another user) and the token is reported inactive.
Resolves: KEYCLOAK-5494
2017-09-15 10:31:47 +02:00
Bill Burke
c999a0d8f9
Merge remote-tracking branch 'upstream/master'
2017-09-14 21:17:12 -04:00
Bill Burke
affeadf4f3
KEYCLOAK-5490
2017-09-14 21:16:50 -04:00
Stian Thorgersen
ee35673615
KEYCLOAK-1250 Profile and console loader for new account management console
2017-09-14 19:53:02 +02:00
Levente NAGY
d18aa44fb4
Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination
2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7
KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache
2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f
Merge branch 'master' into feature/group-search-and-pagination
2017-09-13 10:27:38 +02:00
Hisanobu Okuda
b7af96aa4d
KEYCLOAK-5315 Conditional OTP enforcement does not work ( #4399 )
2017-09-13 06:58:59 +02:00
Martin Kanis
550e5f752a
KEYCLOAK-5146 TokenEndpoint returns wrong methods for preflight requests ( #4455 )
2017-09-13 06:23:11 +02:00
Pedro Igor
cdb3c159c5
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-12 16:59:20 -03:00
Pedro Igor
90db6654d3
Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
...
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00