Hynek Mlnarik
8ae1b1740d
KEYCLOAK-1881 Client installers
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
4f9e35c0a1
KEYCLOAK-1881 Support for multiple certificates in broker (hardcoded at the moment)
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
67bb9aef3d
KEYCLOAK-1881 Add switch to enable/disable generation of <Extensions>
...
Some SP clients might be confused by using a standard SAML protocol tag
<Extensions> which is used for signed REDIRECT binding messages to
specify signing key ID. To enable the interoperability, generation of
the tag is disabled by default and can be enabled for individual
clients.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f
KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
...
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
d5c3bde0af
KEYCLOAK-1881 Make SAML descriptor endpoint return all certificates
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af
KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
...
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
Pedro Igor
706c1e2660
[KEYCLOAK-3704] - Registering UserSinchronizer to remove resources when the owner is removed
2016-11-02 21:40:58 -02:00
Pedro Igor
95d2130405
[KEYCLOAK-3704] - Checkign if owner is a valid user
2016-11-02 21:01:24 -02:00
Stan Silvert
a5e5f4cf9c
KEYCLOAK-3817: More detailed errors when loading keys from JKS
2016-11-01 13:54:34 -04:00
Bill Burke
ccaac40863
Merge pull request #3437 from patriot1burke/master
...
disable credential type REST and admin ui
2016-10-28 11:33:16 -04:00
Stian Thorgersen
f4a77c3d06
Merge pull request #3444 from stianst/KEYCLOAK-3225
...
KEYCLOAK-3225
2016-10-28 11:51:35 +02:00
Stian Thorgersen
b6b567f948
Merge pull request #3441 from stianst/KEYCLOAK-3733
...
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 10:36:24 +02:00
Stian Thorgersen
479295cfd2
KEYCLOAK-3225
...
Modifying user's Identity Provider Links requires manage-realm client role
2016-10-28 10:25:41 +02:00
Stian Thorgersen
a78cfa4b2c
Merge pull request #3440 from stianst/KEYCLOAK-3667
...
KEYCLOAK-3667
2016-10-28 10:13:06 +02:00
Stian Thorgersen
c6caeb3bec
Merge pull request #3439 from stianst/KEYCLOAK-3828
...
KEYCLOAK-3828
2016-10-28 10:12:51 +02:00
Stian Thorgersen
a9d47287ee
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 09:15:05 +02:00
Stian Thorgersen
3d46b4c425
KEYCLOAK-3667
2016-10-28 08:43:24 +02:00
Stian Thorgersen
db428dad1d
KEYCLOAK-3828
...
Component uses wrong role
2016-10-28 07:56:44 +02:00
Stian Thorgersen
e958bd254a
Merge pull request #3435 from stianst/KEYCLOAK-3331
...
KEYCLOAK-3331 Reset password leads to 400 bad request when link is op…
2016-10-28 06:40:48 +02:00
Stian Thorgersen
0c6b47b9f2
Merge pull request #3433 from stianst/KEYCLOAK-3641
...
KEYCLOAK-3641 Clicking an invalid verification link due to re-send re…
2016-10-28 06:40:27 +02:00
Bill Burke
91da6a47d7
disable cred types ui
2016-10-27 16:17:02 -04:00
Stian Thorgersen
c6ac3266f0
KEYCLOAK-3641 Clicking an invalid verification link due to re-send removes the email verification key from the session
2016-10-27 16:16:52 +02:00
Stian Thorgersen
ab72b2b141
KEYCLOAK-3331 Reset password leads to 400 bad request when link is opened in a different browser session
2016-10-27 16:04:45 +02:00
Bill Burke
73e3f2a89b
REST API for disable cred type
2016-10-26 15:48:45 -04:00
Bill Burke
68e853b4bd
Merge remote-tracking branch 'upstream/master'
2016-10-25 13:40:32 -04:00
Bill Burke
b67cb0e97a
Merge remote-tracking branch 'upstream/master'
2016-10-25 11:44:22 -04:00
Stian Thorgersen
4b27e66714
KEYCLOAK-3782 Keysize for rsa-generated should be a dropdown
2016-10-25 08:52:02 +02:00
Bill Burke
3e28ac1e46
user spi cache policy
2016-10-24 15:36:37 -04:00
Stian Thorgersen
4d47f758fc
Merge pull request #3405 from stianst/master
...
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb
Bump version
2016-10-21 07:03:15 +02:00
Stian Thorgersen
1a4f9e656d
Merge pull request #3398 from stianst/KEYCLOAK-3774
...
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redir…
2016-10-21 06:34:43 +02:00
Stian Thorgersen
9801f09a93
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redirect_uri
2016-10-20 21:31:25 +02:00
Stian Thorgersen
5a00aaefa8
KEYCLOAK-2594
...
bind credential being leaked in admin tool JSON response
KEYCLOAK-2972
Keycloak leaks configuration passwords in Admin Event logs
2016-10-20 19:30:59 +02:00
Stian Thorgersen
1bf24d26a4
Merge pull request #3395 from stianst/master
...
KEYCLOAK-3772
2016-10-20 19:27:03 +02:00
Stian Thorgersen
839c4e8ede
KEYCLOAK-3772
...
Login with Twitter is not working
2016-10-20 15:05:07 +02:00
mposolda
072ccb5c61
KEYCLOAK-3770 OIDC registration with id_token grant type should set publicClient flag to true
2016-10-20 14:10:53 +02:00
Stian Thorgersen
dfc09b69a8
Merge pull request #3380 from stianst/KEYCLOAK-3364
...
KEYCLOAK-3364 Fix for dns that ends with digit
2016-10-20 06:24:50 +02:00
Stian Thorgersen
d2e0432afb
Merge pull request #3389 from patriot1burke/master
...
KEYCLOAK-3651
2016-10-20 06:24:15 +02:00
Bill Burke
34d80c9083
KEYCLOAK-3651
2016-10-19 20:28:33 -04:00
Bill Burke
9f00f693c6
Merge pull request #3387 from ssilvert/spelling-represenation
...
KEYCLOAK-3496: Spelling Error in Admin GUI Documentation
2016-10-19 19:59:41 -04:00
Stan Silvert
ad59cd618e
Merge pull request #3383 from ssilvert/duplicate-fed-provider
...
KEYCLOAK-2892: Bad error when create fed provider w/ same name.
2016-10-19 16:40:58 -04:00
Stan Silvert
ac80f99e8c
KEYCLOAK-3496: Spelling Error in Admin GUI Documentation
2016-10-19 16:33:59 -04:00
Bill Burke
cdf7dd3a6c
Merge pull request #3372 from patriot1burke/master
...
onCreate for Components
2016-10-19 16:21:20 -04:00
Bill Burke
934ea1c33c
KEYCLOAK-3562
2016-10-19 14:01:21 -04:00
Stan Silvert
9d098e9068
KEYCLOAK-2892: Bad error when create fed provider w/ same name.
2016-10-19 13:32:28 -04:00
Stian Thorgersen
ffce2023c0
KEYCLOAK-3364 Fix for dns that ends with digit
2016-10-19 18:41:43 +02:00
mposolda
3779bfb6b4
KEYCLOAK-3666 client registration policies - polishing
2016-10-19 17:45:23 +02:00
mposolda
964cd50f1d
KEYCLOAK-3666 Added client reg policies for maxClients and clientDisabled
2016-10-19 17:45:23 +02:00
Stian Thorgersen
36c367a3bc
Merge pull request #3369 from stianst/KEYCLOAK-3625
...
KEYCLOAK-3625
2016-10-19 15:56:57 +02:00
Stian Thorgersen
1b24d2edd8
KEYCLOAK-3625 More work on the issue
2016-10-19 14:21:50 +02:00
Stian Thorgersen
bbc1d26b72
Merge pull request #3367 from stianst/KEYCLOAK-3745
...
KEYCLOAK-3745 Change attributes in user rep
2016-10-19 14:01:39 +02:00
Stian Thorgersen
4efe12cb93
KEYCLOAK-3745 Change attributes in user rep
2016-10-19 12:15:13 +02:00
Stian Thorgersen
f2f508ac2e
Merge pull request #3357 from stianst/KEYCLOAK-3107
...
KEYCLOAK-3017 Expose Location header in cors request to admin endpoint
2016-10-19 08:45:18 +02:00
Stian Thorgersen
13220e1d38
Merge pull request #3355 from stianst/KEYCLOAK-2699
...
KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport
2016-10-19 07:35:54 +02:00
Stian Thorgersen
116027bd7b
Merge pull request #3354 from stianst/KEYCLOAK-2488
...
KEYCLOAK-2488 Token introspection returns wrong response for invalid …
2016-10-19 07:33:25 +02:00
Stian Thorgersen
a33997976f
KEYCLOAK-3017 Expose Location header in cors request to admin endpoint
2016-10-18 21:27:46 +02:00
Stian Thorgersen
0a8d1e28f1
KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport
2016-10-18 20:31:51 +02:00
Stian Thorgersen
29538332d9
KEYCLOAK-2488 Token introspection returns wrong response for invalid token
2016-10-18 20:28:14 +02:00
Bill Burke
d941e07169
Merge pull request #3350 from patriot1burke/master
...
federated import/export to json
2016-10-18 14:15:25 -04:00
Stian Thorgersen
e41d11877f
Merge pull request #3349 from stianst/KEYCLOAK-2741
...
KEYCLOAK-2741
2016-10-18 19:39:54 +02:00
mposolda
b62e6e2751
KEYCLOAK-3653 CORS headers not sent in certs endpoint
2016-10-18 16:57:06 +02:00
Stian Thorgersen
74dad004e3
KEYCLOAK-2741
...
Don't remove KEYCLOAK_REMEMBERME cookie when sso session expires.
2016-10-18 16:14:36 +02:00
Bill Burke
2199df71bf
Merge remote-tracking branch 'upstream/master'
2016-10-18 10:14:00 -04:00
Bill Burke
4182e4d92a
federated import/export
2016-10-18 10:13:51 -04:00
Marek Posolda
3986ce2ce0
Merge pull request #3345 from mposolda/master
...
KEYCLOAK-3499 Fixes in OIDCProtocolMapper support for includeInUserInfo
2016-10-18 14:28:29 +02:00
Stian Thorgersen
4b56743788
Merge pull request #3343 from stianst/KEYCLOAK-2884
...
KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()
2016-10-18 14:08:50 +02:00
mposolda
a7287aad36
KEYCLOAK-3499 More fixes for IncludeInUserInfo. Fixing tests and migration
2016-10-18 13:09:30 +02:00
Thomas Darimont
c3b577de11
KEYCLOAK-3499 Revise OIDCProtocolMapper support
...
Moved methods `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken` to the `AbstractOIDCProtocolMapper` base class
in order to reduce code duplication.
Previously every mapper implemented at least one or two of those
methods with exactly the same code.
Having those methods in the base class ensures that the code is the
same for all mappers. Since the mentioned methods are declared
on the `OIDCIDTokenMapper`, `OIDCAccessTokenMapper` and `UserInfoTokenMapper`
interfaces `AbstractOIDCProtocolMapper` implementations can now choose
how they should be handled by the `TokenManager`
by implementing the desired set of interfaces `*TokenMapper`-interfaces.
I think this provides a good balance between ease of use, reduced code duplication
and ensured backwards compatiblity.
Existing protocol mapper implementations will still work since they just implement
their own logic for `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken`.
The "claim" information provided by a `ProtocolMapper` to a `*Token` can now
be provided by overriding the `AbstractOIDCProtocolMapper.setClaim` method.
Adapted all eligible ProtocolMapper implementations within the
`org.keycloak.protocol.oidc.mappers` package accordingly.
2016-10-18 13:09:30 +02:00
Stian Thorgersen
e157a60a23
KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()
2016-10-18 09:01:24 +02:00
Marek Posolda
2fd680092a
Merge pull request #3336 from mposolda/master
...
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for …
2016-10-18 08:33:26 +02:00
mposolda
00879b39b7
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue
2016-10-17 21:34:21 +02:00
Stian Thorgersen
77499be8d2
KEYCLOAK-3728
...
Disable script based authenticator in product profile
2016-10-17 21:16:51 +02:00
Stian Thorgersen
64339aaca7
Merge pull request #3317 from stianst/KEY-ROTATION
...
Updated labels for java keystore provider config
2016-10-17 19:39:47 +02:00
Stian Thorgersen
2ed6067de0
Merge pull request #3290 from hmlnarik/KEYCLOAK-3655
...
KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow
2016-10-17 19:31:43 +02:00
Stian Thorgersen
d22f45f0d2
Merge pull request #3335 from stianst/KEYCLOAK-3635
...
KEYCLOAK-3635 Not possible to filter debug/trace logging
2016-10-17 18:50:10 +02:00
Stian Thorgersen
b320eb8fc7
KEYCLOAK-3635 Not possible to filter debug/trace logging
2016-10-17 16:12:14 +02:00
Geir Ole Hiåsen Stevning
95f62c6aeb
KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent
2016-10-17 13:53:12 +02:00
mposolda
5732b2c58f
KEYCLOAK-3716 Unable to start Keycloak on wildfly
2016-10-17 12:22:33 +02:00
mposolda
18e0c0277f
KEYCLOAK-3666 Dynamic client registration policies
2016-10-14 20:20:40 +02:00
Bill Burke
1c0abbd722
Merge pull request #3315 from patriot1burke/master
...
import and sync spi
2016-10-14 10:12:42 -04:00
Stian Thorgersen
422805b511
Updated labels for java keystore provider config
2016-10-14 10:36:17 +02:00
Bill Burke
8c8a39c833
sync and import
2016-10-13 20:49:02 -04:00
Bill Burke
0938390654
sync and import
2016-10-13 20:38:49 -04:00
Stian Thorgersen
4e245d428c
KEYCLOAK-905 More testing
2016-10-13 20:44:33 +02:00
Stian Thorgersen
d2cae0f8c3
KEYCLOAK-905
...
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Bill Burke
fbaa731dfa
import spi
2016-10-11 18:33:59 -04:00
Bill Burke
db05dc6ee4
KEYCLOAK-3671
2016-10-06 15:02:15 -04:00
Bill Burke
fbb65fa072
KEYCLOAK-3671
2016-10-06 14:56:02 -04:00
Bill Burke
74325fe133
initial sync/import spi
2016-10-06 14:48:53 -04:00
Hynek Mlnarik
cfbc9cf14b
KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow
2016-10-05 13:57:02 +02:00
Bill Burke
c5600e888d
revactor CredentialValidationOutput apis
2016-10-04 17:26:45 -04:00
Bill Burke
4af0976194
remove UserCredValueModel and hold hash providers
2016-10-04 12:34:15 -04:00
mposolda
bc916a1909
KEYCLOAK-3564 Update demo examples with public key rotation
2016-10-04 14:05:01 +02:00
mposolda
0f9798a10d
KEYCLOAK-3493 KEYCLOAK-3532 Renamed KeyStorageProvider to PublicKeyStorageProvider
2016-10-03 15:23:50 +02:00
Thomas Darimont
c852d6d817
KEYCLOAK-3642 Favor StreamUtil over IOUTils in ScriptBasedAuthenticatorFactory
...
The dependency on commons-io through the use of IOUtils in
ScriptBasedAuthenticatorFactory resulted in
NoClassDefFoundError org/apache/commons/io/IOUtils when building the
keycloak-distribution.
We now use the StreamUtil from keycloak-common to avoid this dependency.
2016-10-03 13:33:53 +02:00
Bill Burke
d4c3fae546
merge conflicts
2016-09-30 19:19:12 -04:00
Bill Burke
6a4e413bf4
final mongo fixes
2016-09-30 19:08:34 -04:00
mposolda
f9a0abcfc4
KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url.
2016-09-30 21:28:23 +02:00
Stian Thorgersen
5d34b7e682
Merge pull request #3189 from thomasdarimont/issue/KEYCLOAK-3491-revise-scripting-support
...
KEYCLOAK-3491 Revise Scripting Support
2016-09-29 10:12:15 +02:00
Bill Burke
8967ca4066
refactor mongo entities, optimize imports
2016-09-28 15:25:39 -04:00