Commit graph

15248 commits

Author SHA1 Message Date
Pedro Igor
75d9847672 [KEYCLOAK-9478] - Support multiple CIP providers in the policy enforcer configuration 2019-02-27 19:08:57 -03:00
Pedro Igor
bacc1b538f [KEYCLOAK-8855] - Tests 2019-02-27 15:39:32 -03:00
sakanaou
007c364027 Store rewritten redirect URL in adapter-core 2019-02-27 15:39:32 -03:00
Philipp Nowak
39828b2c94 [KEYCLOAK-9539] Race condition SecurityContextHolder.setAuthentication()
This is an issue with the Spring Security Keycloak Adapter relating to
 the way the Authentication is stored in the SecurityContext, causing a
 race condition in application code using that. It does not seem to
 affect actual Spring Security operation.

We had a pretty strange race condition in our application. When many
 requests were incoming at the same time, occasionally the old
 unauthenticated Authentication provided to
 KeycloakAuthenticationProvider for performing the actual authentication
 would stay the current authentication, as returned by
 SecurityContextHolder.getContext().getAuthentication(). That resulted
 in authenticated users' JavaScript requests occasionally (~1/50 given a
 large request volume) returning a 403 because the 'old' token was still
 in the context, causing Spring Security to see them as unauthenticated.

This PR resolves this issue by replacing the whole context, as suggested
 by a Spring Security contributor in jzheaux/spring-security-oauth2-resource-server#48. By default,
 SecurityContextHolder keeps the actual context object in a ThreadLocal,
 which should be safe from race-conditions. The actual Authentication
 object, however, is kept in a mere field, hence the reason for this PR.

JIRA issue: https://issues.jboss.org/browse/KEYCLOAK-9539
2019-02-27 14:58:10 -03:00
Stefan Guilhen
9c34cc7365 [KEYCLOAK-9371] Fix premature termination of sessions when remember-me is in use 2019-02-27 15:08:50 +01:00
vramik
5d205d16e8 KEYCLOAK-9167 Using kcadm to update an identity-provider instance via a json file does not work without an "internalId" present in the json 2019-02-27 14:56:36 +01:00
Tomas Kyjovsky
49a86865cf KEYCLOAK-8869 JStat monitoring for performance tests 2019-02-27 11:17:39 +01:00
mposolda
362faf3adb KEYCLOAK-6627 Closing admin clients and testing clients in testsuite 2019-02-27 08:57:42 +01:00
Tomas Kyjovsky
195aeaca68 KEYCLOAK-9000 Update stress-testing script 2019-02-26 16:38:40 +01:00
Lars Wilhelmsen
9b1ab0f992 KEYCLOAK-9116: Fixes JWK serialization of ECDSA public key coordinates.
Signed-off-by: Lars Wilhelmsen <lars@sral.org>
2019-02-25 09:53:09 -03:00
Stan Silvert
b64f30c9d7 KEYCLOAK-8522: Remove broker tests covered in new testsuite. 2019-02-25 09:40:39 -03:00
Stan Silvert
05005a1791 KEYCLOAK-8522: Migrate IdpHint tests. Remove unneeded tests. 2019-02-25 09:40:39 -03:00
Stan Silvert
fe5966d224 KEYCLOAK-8602: PatternFly 4 integration 2019-02-25 08:26:54 -03:00
Stan Silvert
ccd6d248f4 KEYCLOAK-8603: Reimplement 'back to application' in react 2019-02-25 08:26:54 -03:00
stianst
8dfd07662c KEYCLOAK-8397 Remove deprecated Keycloak Proxy 2019-02-25 08:23:12 -03:00
Simon Neaves
b5fbc04e5e KEYCLOAK-9376 Add "aud" to DEFAULT_CLAIMS_SUPPORTED
See https://issues.jboss.org/browse/KEYCLOAK-9376?_sscc=t
2019-02-25 10:21:49 +01:00
Hynek Mlnarik
37ef47d6ab KEYCLOAK-9509 Upgrade to Wildfly 15
KEYCLOAK-9584 Update Wildfly Arquillian version

KEYCLOAK-9581: Fix CookiePathTests

KEYCLOAK-9607 CLI sripts and configuration files update

KEYCLOAK-9580 Fix component registration error

KEYCLOAK-9590 Update JDG to newest version

* Infinispan is using whatever version is set in root pom.xml.

KEYCLOAK-9509 Fix Undertow tests

Co-Authored-By: vramik <vramik@redhat.com>
Co-Authored-By: sebastienblanc <scm.blanc@gmail.com>
2019-02-25 08:56:46 +01:00
Pedro Igor
99f8e5f808 [KEYCLOAK-9489] - Fixing fine-grained permission functionality 2019-02-22 09:22:14 -03:00
Pedro Igor
9314f13255 [KEYCLOAK-9093] - False-Positive UMA Policy Evaluation 2019-02-21 21:47:58 -03:00
Pedro Igor
4d5dff1d64 [KEYCLOAK-9474] - Public endpoints are returning 403 with body when enforcement mode is disabled 2019-02-21 16:27:07 -03:00
Stian Thorgersen
366ee083ac
Update pull_request_template.md 2019-02-21 12:30:16 +01:00
Stian Thorgersen
349336c6a6
Update pull_request_template.md 2019-02-21 12:29:32 +01:00
Stian Thorgersen
3a6a470640
Create pull_request_template.md 2019-02-21 12:28:31 +01:00
Stian Thorgersen
3a4e768555
Update CONTRIBUTING.md 2019-02-21 12:28:06 +01:00
Stian Thorgersen
7adde410ac
Update CONTRIBUTING.md 2019-02-21 12:27:40 +01:00
Steven Aerts
d36cb27bd9 KEYCLOAK-9526 admin console auth-url with hostname SPI 2019-02-21 11:55:11 +01:00
Freddy Tuxworth
3c0e8022a9 Added tests for common utilities CollectionUtil & HtmlUtils.
These tests were written using Diffblue Cover.
2019-02-21 11:45:17 +01:00
Gideon Caranzo
4cd617bc42 KEYCLOAK-8977 Added method to return KeycloakSession from RealmCreationEvent 2019-02-21 11:21:54 +01:00
Thibault Nélis
cc79963f81 Fix typo: "credentia" -> "credential" 2019-02-21 11:20:06 +01:00
Guilhem Lucas
b666756b8f KEYCLOAK-9320 Make theme properties available in email templates 2019-02-21 11:19:17 +01:00
stianst
191c9753de Update to repository documentation, including updated contributors guide 2019-02-21 11:17:57 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
mposolda
e4d4159743 KEYCLOAK-9586 Fix cluster tests. Fix cross-dc tests on embedded undertow 2019-02-20 19:11:38 +01:00
Pedro Igor
34d8974e7f [KEYCLOAK-9489] - User not able to log in to admin console when using query-* roles 2019-02-20 18:09:36 +01:00
vmuzikar
7afd068c27 KEYCLOAK-9423 Fix Stack Overflow Social Login test 2019-02-20 16:45:11 +01:00
Stan Silvert
9e16c772bd KEYCLOAK-9387: Add hor scroll & tooltips to role selectors 2019-02-19 21:03:52 +01:00
stianst
22e160136c Initial maintainers file 2019-02-15 08:18:09 +01:00
Hynek Mlnarik
c34c0a3860 KEYCLOAK-9112 KEYCLOAK-9108 Ignore expected exceptions 2019-02-13 15:49:49 +01:00
Hynek Mlnarik
52840533c9 KEYCLOAK-9111 Fix for unhandled exception 2019-02-13 15:49:49 +01:00
Hynek Mlnarik
a74d6ab932 KEYCLOAK-9107 Fix NPE 2019-02-13 15:49:49 +01:00
Hynek Mlnarik
37e6b6ffc6 KEYCLOAK-9113 Add support for inspecting log messages for uncaught errors 2019-02-13 15:49:49 +01:00
Hynek Mlnarik
46c00f383b KEYCLOAK-8245 Generate AuthnRequest in SamlSPFacade 2019-02-13 13:16:34 +01:00
mposolda
adc3017ff9 KEYCLOAK-8688 LDAPSyncTest is failing in some environments 2019-02-13 12:48:48 +01:00
vmuzikar
16827ef64b KEYCLOAK-9531 Fix broken Arquillian tests in the "other" module 2019-02-12 15:09:31 +01:00
Hynek Mlnarik
59430e7cd6 KEYCLOAK-9456 Docker support for testing with MSSQL, Oracle 11g 2019-02-08 19:31:45 +01:00
vmuzikar
191cbca7ad UI and Node.js adapter tests fixes 2019-02-08 08:57:48 -02:00
Sebastian Laskawiec
ee41a0450f KEYCLOAK-8349 KEYCLOAK-8659 Use TLS for all tests in the suite 2019-02-08 08:57:48 -02:00
Pedro Igor
885eec5ef2 [KEYCLOAK-8348] - Containerize database tests 2019-01-30 16:29:03 -02:00
Pedro Igor
277095094c [KEYCLOAK-8849] - Missing @Producer 2019-01-18 14:21:44 -02:00
vramik
08e258c0de KEYCLOAK-9269 fix SAMLAdapterClusterTest for EAP6 2019-01-17 17:27:39 +01:00