libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
13333 commits 4 branches 5 tags 480 MiB
Commit graph

602 commits

Author SHA1 Message Date
Markus Till
f0ea7a04bd remove unused getApplications method from user account 2020-10-05 17:02:22 -03:00
Markus Till
c71ce8cd2e refactoring add UserProfileAttributes 2020-10-05 09:59:44 -03:00
Markus Till
695db3e8ef remove unused isCreated Flag in user profile context 2020-10-05 09:59:44 -03:00
Markus Till
802a670cc5 have a factory like approach for profile contexts 2020-10-05 09:59:44 -03:00
Markus Till
21cfa54d4d remove StoredUserProfile interface 2020-10-05 09:59:44 -03:00
Markus Till
72f73f153a UserProfile M1 2020-10-05 09:59:44 -03:00
Martin Kanis
053f5bad1f KEYCLOAK-15608 JsonFileImport...MigrationTest fails for map store 2020-09-22 12:29:24 +02:00
testn
2cd03569d6 KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader 2020-09-21 13:05:03 +02:00
mhajas
f7e0af438d KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak 
(cherry picked from commit 0b49640231abc6e465542bd2608e1c908c079ced)
 2020-09-17 23:21:49 -07:00
Martin Kanis
5d5e56dde3 KEYCLOAK-15199 Complement methods for accessing roles with Stream variants 2020-09-16 16:29:51 +02:00
Martin Kanis
4e9bdd44f3 KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak 2020-09-07 13:11:55 +02:00
Zack Powers
0001a930b4 KEYCLOAK-15068: Fix 15068 by parameterizing ProviderFactory with LoginFormsProvider. 2020-09-01 12:17:17 +02:00
mhajas
bdccfef513 KEYCLOAK-14973 Create GroupStorageManager 2020-09-01 10:21:39 +02:00
Martin Kanis
d59a74c364 KEYCLOAK-15102 Complement methods for accessing groups with Stream variants 2020-08-28 20:56:10 +02:00
Thomas Darimont
300b15e604 KEYCLOAK-15214 Improve SimpleHTTP 
- Added support for configuring socket, connect and request timeouts on request level.
- Added support for HTTP HEAD and HTTP PATCH methods
- Small refactorings
 2020-08-26 10:34:11 +02:00
Martin Kanis
4be99772d8 KEYCLOAK-14967 Closing streams obtained from JPA layer 2020-08-25 21:47:24 +02:00
Thomas Darimont
df94cefbc1 KEYCLOAK-12729 Revise password policy not-email tests 
- Added missing cleanup to RegisterTest
- Revised test-setup for AccountFormServiceTest
 2020-08-21 14:55:07 +02:00
Thomas Darimont
0f967b7acb KEYCLOAK-12729 Add password policy not-email 
Added test cases and initial translations
 2020-08-21 14:55:07 +02:00
Pratik Somanagoudar
f486e97c18 KEYCLOAK-15087 : Reduce get client and get roles calls in realm create 2020-08-20 08:49:51 -03:00
mhajas
ae39760a62 KEYCLOAK-14972 Add independent GroupProvider interface 2020-08-13 21:13:12 +02:00
David Hellwig
ddc2c25951
KEYCLOAK-2940 - draft - Backchannel Logout (#7272) 
* KEYCLOAK-2940 Backchannel Logout

Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com>
Co-authored-by: David Hellwig <hed4be@bosch.com>
 2020-08-12 09:07:58 -03:00
testn
d634ca3885 KEYCLOAK-14978: Optimize addDefaultClientScopes() when there is no default scopes 
This eliminates an extra database call to check whether the scopes already exist
 2020-08-06 10:42:30 -03:00
zak905
8597edba8e KEYCLOAK-14851: make AIA max auth age configurable per AIA 2020-08-04 13:30:37 -04:00
vramik
6b00633c47 KEYCLOAK-14812 Create RoleStorageManager 2020-07-31 15:11:25 -03:00
vramik
bfa21c912c KEYCLOAK-14811 Create RoleProvider and make it independent of ClientProvider and RealmProvider 2020-07-31 15:11:25 -03:00
Martin Idel
97400827d2 KEYCLOAK-14870: Fix bug where user is incorrectly imported 
Bug: SerializedBrokeredIdentityContext was changed to mirror
UserModel changes. However, when creating the user in LDAP,
the username must be provided first (everything else can
be handled via attributes).
 2020-07-29 11:33:41 +02:00
Martin Kanis
feef5b4db2 KEYCLOAK-14220 Complement methods for accessing clients with Stream variants 2020-07-27 10:38:39 +02:00
keycloak-bot
afff0a5109 Set version to 12.0.0-SNAPSHOT 2020-07-22 14:36:15 +02:00
Hynek Mlnarik
8fae2997c9 KEYCLOAK-14553 Improve logging 2020-07-22 00:08:15 +02:00
Hynek Mlnarik
c566b46e8f KEYCLOAK-14549 Make ClientProvider independent of RealmProvider 
Co-Authored-By: vramik <vramik@redhat.com>
 2020-07-22 00:08:15 +02:00
Hynek Mlnarik
ac0011ab6f KEYCLOAK-14553 Client map store 
Co-Authored-By: vramik <vramik@redhat.com>
 2020-07-22 00:08:15 +02:00
Pedro Igor
7501e42969 [KEYCLOAK-14646] - Improving permission resolution and evaluation 2020-07-21 14:22:09 +02:00
Takashi Norimatsu
e0fbfa722e KEYCLOAK-14189 Client Policy : Basics 2020-07-21 07:50:08 +02:00
Jan Lieskovsky
969b09f530 [KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final" 
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
 2020-07-20 22:15:08 +02:00
vmuzikar
7087c081f0 KEYCLOAK-14023 Instagram User Endpoint change 
Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>
 2020-07-10 17:36:51 -03:00
Schlier, Fabian
9a7b91bdc2 KEYCLOAK-14310 Replaced string by constant after review amendment 2020-07-09 09:53:02 +02:00
Schlier, Fabian
ad836d1768 KEYCLOAK-14310 Added fix that considers Content-Type for data encoding and added corresponding test 2020-07-09 09:53:02 +02:00
testn
78a1c6cf23 KEYCLOAK-14687: Pbkdf2PasswordHashProviderFactory does not use DEFAULT_ITERATIONS 2020-07-08 14:00:32 +02:00
Eric Rodrigues Pires
de9a0a0a4a [KEYCLOAK-13044] Fix owner name representations of UMA tickets for client-owned resources 2020-07-01 18:15:22 -03:00
Martin Idel
05b6ef8327 KEYCLOAK-14536 Migrate UserModel fields to attributes 
- In order to make lastName/firstName/email/username field
  configurable in profile
  we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)

Fix tests with logic changes

- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes

Potential impact on users:

- When subclassing UserModel, consistency issues may occur since one can
  now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
 2020-06-25 14:50:57 +02:00
Tero Saarni
3c82f523ff [KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS 
Signed-off-by:  Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-06-11 18:07:53 +02:00
Yoshiyuki Tabata
f03ee2ec98 KEYCLOAK-14145 OIDC support for Client "offline" session lifespan 2020-06-04 14:24:52 +02:00
stianst
90b29b0e31 KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy 2020-05-29 13:57:38 +02:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … (#6962) 
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).

* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.

Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
 2020-05-20 21:04:45 +02:00
mposolda
12d965abf3 KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP 2020-05-19 16:58:25 +02:00
Thomas Darimont
6211fa90e0 KEYCLOAK-10932 Honor given_name and family_name in OIDC brokering 
Previously firstname and lastname were derived from the name claim.
We now use direct mappings to extract firstname and lastname from
given_name and family_name claims.

Added test to KcOidcFirstBrokerLoginTest

Marked org.keycloak.broker.provider.BrokeredIdentityContext#setName
as deprecated to avoid breaking existing integrations.
 2020-05-19 09:10:43 +02:00
Michael Cooney
3291161954 KEYCLOAK-13818: Addressing performance issues with adding client scopes during realm creation. Removing redundant lookups by passing all scopes that need to be created at once. 2020-05-12 15:59:42 +02:00
mposolda
a878bec60f KEYCLOAK-14007 Missing RHSSO 7.4 version in MigrationModelManager 2020-04-30 08:38:40 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
Yoshiyuki Tabata
874642fe9e KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC 2020-04-28 15:34:25 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00
Pedro Igor
dacbe22d53 [KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource 2020-04-27 08:38:55 +02:00
Martin Idel
7e8018c7ca KEYCLOAK-11862 Add Sync mode option 
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported

Fix updateBrokeredUser method for all mappers

- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
  Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
  The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
  Bug: delete cannot work - just delete it. Don't fix it in legacy mode

Rework mapper tests

- Fix old tests for Identity Broker:
  Old tests did not work at all:
  They tested that if you take a realm and assign the role,
  this role is then assigned to the user in that realm,
  which has nothing to do with identity brokering
  Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
  Added tests for UsernameTemplateMapper
  Added tests to all RoleMappers
  Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode

Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
 2020-04-24 15:54:32 +02:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
vramik
307c9be89d KEYCLOAK-13247 NPE during migration when manage-account role missing 2020-04-16 12:26:39 +02:00
vramik
2b3810606e KEYCLOAK-13303 NPE importing realm if authenticatorConfig has null alias 2020-04-14 19:24:48 +02:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
Dmitry Telegin
3b24465141
KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking (#6828) 
* KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking

* KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow

* KEYCLOAK-12870: remove "already authenticated as different user" check and message

* KEYCLOAK-12870: translations

* KEYCLOAK-12870: fix tests
 2020-03-20 07:41:35 +01:00
Pedro Igor
2eab44d3f3 [KEYCLOAK-13273] - Remove group policy when group is removed 2020-03-20 07:40:18 +01:00
Sebastian Laskawiec
8774a0f4ba KEYCLOAK-12881 KEYCLOAK-13099 Update FederatedIdentities and Groups on POST 2020-03-12 14:57:02 +01:00
mposolda
72e4690248 KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage 2020-03-11 12:51:56 +01:00
mposolda
803f398dba KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage 2020-03-11 12:51:56 +01:00
rmartinc
ad3b9fc389 KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups 2020-03-11 06:14:29 +01:00
stianst
ed97d40939 KEYCLOAK-9851 Removed properties from realm json attributes that are included as fields 2020-03-05 17:59:50 +01:00
Pedro Igor
2f489a41eb [KEYCLOAK-12192] - Missing Input Validation in IDP Authorization URLs 2020-03-05 06:32:35 +01:00
Ronaldo Spido
1e0fcc4883 KEYCLOAK-13119 Fixing migration to Keycloak 2.2.0+ to correctly preserve default identity provider 2020-03-03 06:49:57 +01:00
Hynek Mlnarik
aecfe251e4 KEYCLOAK-12816 Fix representation to model conversion 2020-02-27 21:11:24 +01:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn (#6780) 
* KEYCLOAK-12958 Preview feature profile for WebAuthn

* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server

* KEYCLOAK-12958 WebAuthn profile product/project

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2020-02-26 08:45:26 +01:00
stianst
9a3a358b96 KEYCLOAK-11700 Lower-case passwords before checking with password blacklist 2020-02-20 08:33:46 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
Adamczyk Błażej
497787d2cd [KEYCLOAK-10696] - fixed missing client role attributes after import 2020-02-17 10:01:19 +01:00
mposolda
a76c496c23 KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users 2020-02-14 20:24:42 +01:00
stianst
42773592ca KEYCLOAK-9632 Improve handling of user locale 2020-02-14 08:32:20 +01:00
Peter Zaoral
b0ffea699e KEYCLOAK-12186 Improve the OTP login form 
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2020-02-12 11:25:02 +01:00
Peter Skopek
622a97bd1c KEYCLOAK-12228 Sensitive Data Exposure 
from patch of hiba haddad haddadhiba0@gmail.com
 2020-02-12 09:57:31 +01:00
stianst
dda829710e KEYCLOAK-12829 Require PKCE for admin and account console 2020-02-12 08:22:20 +01:00
stianst
7545749632 KEYCLOAK-12190 Add validation for client root and base URLs 2020-02-07 09:09:40 +01:00
Axel Messinese
b73553e305 Keycloak-11526 search and pagination for roles 2020-02-05 15:28:25 +01:00
stianst
986213be23 KEYCLOAK-12877 Fix ModelVersion for testing pipeline 2020-02-05 12:04:01 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability (#6710) 2020-02-05 08:35:47 +01:00
Pedro Igor
658a083a0c [KEYCLOAK-9600] - Find by name in authz client returning wrong resource 2020-02-03 08:57:20 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… (#6690) 
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
 2020-01-31 14:28:23 +01:00
Pedro Igor
873c62bbef [KEYCLOAK-12569] - User cannot be deleted if he has owned resources / permission tickets 
Co-authored-by: mhajas <mhajas@redhat.com>
 2020-01-30 11:08:28 +01:00
Pedro Igor
c821dcf820 [KEYCLOAK-12438] - Scope-based policies falsely give a permit with an empty scope list 2020-01-29 14:02:44 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless (#6649) 2020-01-29 09:33:45 +01:00
Leon Graser
f1ddd5016f KEYCLOAK-11821 Add account api roles to the client on creation 
Co-authored-by: stianst <stianst@gmail.com>
 2020-01-23 13:10:04 -06:00
Domenico Briganti
476da4f276 KEYCLOAK-9837 Not hide exception in email templating 2020-01-23 05:45:25 -06:00
Vlasta Ramik
d6c5f79f2c KEYCLOAK-12236 NumberFormatException when starting container (#6689) 2020-01-22 20:44:23 +01:00
Niko Köbler
648c6f811c KEYCLOAK-12705 add null checks for migration tasks to check wether the clients to migrate are available (#6666) 2020-01-17 10:10:16 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector (#6591) 2020-01-14 21:54:45 +01:00
Pedro Igor
709cbfd4b7 [KEYCLOAK-10705] - Return full resource representation when querying policies by id 2020-01-09 10:00:24 +01:00
Marek Posolda
fa453e9c0c
KEYCLOAK-12278 Default first broker login flow is broken after migration (#6556) 2020-01-02 17:53:56 +01:00
Douglas Palmer
106e6e15a9 [KEYCLOAK-11859] Added option to always display a client in the accounts console 2019-12-17 17:12:49 -03:00
Dmitry Telegin
56aa14ffab KEYCLOAK-11347 - MicroProfile-Config 2019-12-10 12:08:22 +01:00
Pedro Igor
53f156ec83 [KEYCLOAK-11328] - Initial Server.x Clustering Configuration 2019-11-29 08:38:41 +01:00
Andrei Arlou
fac9733108 KEYCLOAK-12219 Remove unused imports from classes in module "server-spi-private" 2019-11-26 08:42:45 +01:00
Andrei Arlou
363c789ab9 KEYCLOAK-12216 Fix minor warnings in tests from module "server-spi-private" 2019-11-26 08:35:35 +01:00
Andrei Arlou
c8a00c2422 KEYCLOAK-12220 Fix minor warnings for collections in module "server-spi-private" 2019-11-26 08:33:22 +01:00
Andrei Arlou
04cbea71d0 KEYCLOAK-12218 Remove redundant modificators from module "server-spi-private" 2019-11-26 08:29:30 +01:00
Andrei Arlou
198e2a989f KEYCLOAK-12217 Use StandartCharsets in module "server-spi-private" 2019-11-26 08:24:33 +01:00
Dmitry Telegin
79074aa380 KEYCLOAK-12162 Modularize config backends (#6499) 
* KEYCLOAK-12162 - Modularize configuration backends

* - Use JsonSerialization
- simplify backend selection (no fallbacks)

* Remove unused org.wildfly.core:wildfly-controller dependency
 2019-11-22 15:23:04 +01:00
pastor
286d4778d0 KEYCLOAK-12002. SimpleHttp: considering encoding 2019-11-22 07:05:22 +01:00
stianst
3731e36ece KEYCLOAK-12069 Add account-console client for new account console 2019-11-20 08:48:40 -05:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
stianst
3a36569e20 KEYCLOAK-9129 Don't expose Keycloak version in resource paths 2019-11-15 08:21:28 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459) 
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
 2019-11-14 14:45:05 +01:00
stianst
b8881b8ea0 KEYCLOAK-11728 New default hostname provider 
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2019-11-11 12:25:44 +01:00
stianst
062841a059 KEYCLOAK-11898 Refactor AIA implementation 2019-11-08 16:03:07 -03:00
stianst
63abebd993 KEYCLOAK-11627 Require users to re-authenticate before invoking AIA 2019-11-08 16:03:07 -03:00
stianst
1e66660fd0 KEYCLOAK-11896 Remove initiate-action role 2019-11-08 16:03:07 -03:00
pkokush
ff551c5545 KEYCLOAK-10307: check password history length in password verification (#6058) 2019-10-24 21:33:21 +02:00
Hynek Mlnarik
783545572a KEYCLOAK-11684 Add support to display passwords in password fields 
Add UI tests for KEYCLOAK-11684

Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
 2019-10-23 15:30:11 +02:00
Pedro Igor
bb4ff55229 [KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server 
Conflicts:
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java

(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
 2019-10-22 10:34:24 +02:00
Martin Kanis
37304fdd7d KEYCLOAK-10728 Upgrade to WildFly 18 Final 2019-10-21 14:06:44 +02:00
Pedro Igor
17785dac08 [KEYCLOAK-10714] - Add filtering support in My Resources endpoint by name 2019-10-16 16:26:55 +02:00
Cédric Couralet
5f006b283a KEYCLOAK-8316 Add an option to ldap provider to trust emails on import 
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
 2019-10-04 16:28:02 +02:00
Axel Messinese
f3607fd74d KEYCLOAK-10712 get groups full representation endpoint 2019-10-03 11:26:30 +02:00
Takashi Norimatsu
7c75546eac KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase 
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
 2019-10-01 15:17:38 +02:00
Benjamin Weimer
2b1acb99a2 KEYCLAOK-9999 fix client import (#6136) 2019-09-23 13:08:24 +02:00
Łukasz Dywicki
76e988ad18 KEYCLOAK-11308 Fallback to imported realm version. 
In case of missing RH SSO version lets stick with bare Keycloak version.
 2019-09-20 11:54:23 +02:00
rradillen
b71198af9f [KEYCLOAK-8575] oidc idp basic auth (#6268) 
* [KEYCLOAK-8575] Allow to choose between basic auth and form auth for oidc idp

* uncomment ui and add tests

* move basic auth to abstract identity provider (except for getting refresh tokens)

* removed duplications
 2019-09-19 14:36:16 +02:00
Captain-P-Goldfish
b45f5980e0 Make password policy identifiers public 
If a password policy should be modified prgorammatically the constant
key identifiers to set the values should be accessible globally
 2019-09-19 12:30:15 +02:00
Sven-Torben Janus
f261c43fab KEYCLOAK-10942 Support eDirectory GUID 
Convert eDirectory GUID which is in binary format to a UUID in dashed
string format.
 2019-09-18 09:47:18 +02:00
Hynek Mlnarik
6738e063f4 KEYCLOAK-11072 Mark vault SPI as a public SPI 2019-09-10 16:54:47 +02:00
Pedro Igor
a1d8850373 [KEYCLOAK-7416] - Device Activity 2019-09-05 11:43:27 -03:00
Stefan Guilhen
bb9c811a65 [KEYCLOAK-10935] Add a vault transcriber implementation that can be obtained from the session. 
- automatically parses ${vault.<KEY>} expressions to obtain the key that contains the secret in the vault.
 - enchances the capabilities of the VaultProvider by offering methods to convert the raw secrets into other types.
 2019-09-04 22:34:08 +02:00
Leon Graser
0ce10a3249 [KEYCLOAK-10653] Manage Consent via the Account API 2019-08-20 06:24:44 -03:00
Tomas Kyjovsky
fe18e93ba4 KEYCLOAK-10904 ExportImportTest unstable 
- adding an exception for realm-management clients into the client confidentiality check
- fixing some performance test datasets to only enable authz for confidential clients
 2019-08-16 16:08:08 -03:00
Takashi Norimatsu
8225157a1c KEYCLOAK-6768 Signed and Encrypted ID Token Support 2019-08-15 15:57:35 +02:00
Hynek Mlnarik
d2da206d6b KEYCLOAK-10933 Interfaces for vault SPI 2019-08-13 08:50:29 +02:00
Pedro Igor
967d21dbb5 [KEYCLOAK-10713] - Pagination to resources rest api 2019-07-29 16:19:22 -03:00
Stan Silvert
bc818367a1 KEYCLOAK-10854: App-initiated actions Phase I 2019-07-26 14:56:29 -03:00
Stan Silvert
6c79bdee41 KEYCLOAK-10854: App initiated actions phase I 2019-07-26 14:56:29 -03:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
vramik
74f6e362af KEYCLOAK-10878 Realm exports may fail with future community releases 2019-07-18 10:50:34 -03:00
Pedro Igor
5f5cb6cb7b [KEYCLOAK-10808] - Do not show authorization tab when client is not confidential 2019-07-15 10:07:31 -03:00
mposolda
5f9feee3f8 KEYCLOAK-9846 Verifying signatures on CRL during X509 authentication 2019-07-08 20:20:38 +02:00
rmartinc
bd5dec1830 KEYCLOAK-10112: Issues in loading offline session in a cluster environment during startup 2019-07-03 13:17:45 +02:00
Pedro Igor
0cdd23763c [KEYCLOAK-10443] - Define a global decision strategy for resource servers 2019-07-02 09:14:37 -03:00
Hisanobu Okuda
1ac51611d3 KEYCLOAK-10664 correct the error message when no SAML request provided 2019-06-18 08:47:35 +02:00
Pedro Igor
fdc0943a92 [KEYCLOAK-8060] - My Resources REST API 2019-06-11 14:23:26 -03:00
Pedro Igor
61eb94c674 [KEYCLOAK-8915] - Support resource type in authorization requests 2019-06-04 21:02:54 -03:00
Ian Duffy
de0ee474dd Review feedback 2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4 [KEYCLOAK-10230] Support for LDAP with Start TLS 
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
 2019-05-27 21:30:01 +02:00
Réda Housni Alaoui
72d6ac518c User password cache is not refreshed after updating the user with hashed credential 2019-05-23 14:16:40 +02:00
vramik
d64f716a20 KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title 2019-05-20 09:51:04 +02:00
Hynek Mlnarik
b8aa1916d8 KEYCLOAK-10195 Fix role lookup to address roles with dots 2019-05-14 13:00:04 +02:00
Stefan Guilhen
f1acdc000e [KEYCLOAK-10168] Handle microprofile-jwt client scope migration 2019-05-06 15:14:27 -03:00
Jan Lieskovsky
9eb400262f KEYCLOAK-6055 Include X.509 certificate data in audit logs 
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2019-04-30 11:31:04 +02:00
Sebastian Loesch
96250c9685 [KEYCLOAK-9573] Allow AdminEvents for custom resource types 2019-04-26 09:57:28 +01:00