libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions
11333 commits 4 branches 9 tags 483 MiB
Commit graph

451 commits

Author SHA1 Message Date
Simon Neaves
b5fbc04e5e KEYCLOAK-9376 Add "aud" to DEFAULT_CLAIMS_SUPPORTED 
See https://issues.jboss.org/browse/KEYCLOAK-9376?_sscc=t
 2019-02-25 10:21:49 +01:00
stianst
07ccbdc3db KEYCLOAK-9182 2019-01-03 14:28:35 +01:00
mposolda
061693a8c9 KEYCLOAK-9089 IllegalArgumentException when trying to use ES256 as OIDC access token signature 2018-12-14 21:01:03 +01:00
mposolda
1237986fd0 KEYCLOAK-8838 Incorrect resource_access in accessToken when clientId contains dots 2018-12-13 10:31:27 +01:00
mposolda
c51c492996 KEYCLOAK-9050 Change LoginProtocol.authenticated to read most of the values from authenticationSession 2018-12-12 13:30:03 +01:00
mposolda
a7f57c7e23 KEYCLOAK-9021 2018-12-12 07:09:14 +01:00
Pedro Igor
4355c89b9d [KEYCLOAK-7365] - No need to check roles when refreshing tokens 2018-11-29 08:51:25 -02:00
mposolda
6db1f60e27 KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs 2018-11-21 21:51:32 +01:00
Marek Posolda
f67d6f9660 KEYCLOAK-8482 Access token should never contain azp as an audience (#5719) 2018-11-19 14:38:41 +01:00
Takashi Norimatsu
0793234c19 KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603) 
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

also support client signed signature verification by refactored token
verification mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

incorporate feedbacks and refactor client public key loading mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

unsigned request object not allowed

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

revert to re-support "none"
 2018-11-19 14:28:32 +01:00
mposolda
0533782d90 KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB 2018-11-16 14:23:28 +01:00
Thomas Darimont
cf57a1bc4b KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me 
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.

SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.

Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
 2018-11-15 06:11:22 +01:00
vramik
6564cebc0f KEYCLOAK-7707 2018-11-14 20:09:22 +01:00
Bruno Oliveira da Silva
a957e118e6 Redirect URLs are not normalized 2018-11-14 20:09:22 +01:00
mposolda
0897d969b1 KEYCLOAK-7340 2018-11-14 20:09:22 +01:00
rmartinc
cbe59f03b7 KEYCLOAK-8708: Provide aggregation of group attributes for mappers 2018-11-06 13:42:38 +01:00
Torbjørn Skyberg Knutsen
36b0d8b80e KEYCLOAK-7166 Added the possibility of not logging out of remote idp on browser logout, by passing a query param containing the id of the identity provider 2018-11-06 13:39:19 +01:00
Pedro Igor
327991bd73 [KEYCLOAK-8716] - Issue with caching resolved roles in KeycloakSession 2018-11-06 10:27:04 -02:00
mposolda
ffcd8e09e7 KEYCLOAK-8175 Possibility of clientScope not being used if user doesn't have a role 2018-10-31 18:04:41 +01:00
mposolda
9652748ba9 KEYCLOAK-8484 Remove audience client scope template 2018-10-31 11:11:02 +01:00
mposolda
c36b577566 KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken 2018-10-23 13:52:09 +02:00
stianst
aaa33ad883 KEYCLOAK-8509 Improvements to session iframe 2018-10-10 21:01:05 +02:00
rmartinc
0a6f43c1a1 KEYCLOAK-8490: Direct grants returns invalid credentials when user has pending actions 2018-10-10 20:18:20 +02:00
mposolda
2a4cee6044 KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers 2018-10-04 12:00:38 +02:00
mposolda
4b9b189016 KEYCLOAK-8008 Ensure InputStream are closed 2018-10-01 16:06:32 +02:00
Martin Kanis
efe6a38648 KEYCLOAK-6718 Auth Flow does not Check Client Protocol 2018-09-26 21:00:02 +02:00
mposolda
3777dc45d0 KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch 2018-09-21 11:17:05 +02:00
Pedro Igor
6b0bc0b3be [KEYCLOAK-8308] - Deprecate token_introspection_endpoint claim from OIDC discovery document 2018-09-19 09:46:50 -03:00
mposolda
99a16dcc1f KEYCLOAK-6638 Support for adding audiences to tokens 2018-09-13 21:40:16 +02:00
stianst
26f257a6ac KEYCLOAK-8264 Update OpenShift Token Review endpoint to support additional algorithms and to update session last refresh on token introspection 2018-09-11 19:57:38 +02:00
stianst
12f3d2115d KEYCLOAK-8263 Add option to client to override access token timeout 2018-09-11 12:40:51 +02:00
stianst
24e60747b6 KEYCLOAK-7560 Refactor token signature SPI PR 
Also incorporates:
KEYCLOAK-6770 ES256/384/512 providers
KEYCLOAK-4622 Use HS256 for refresh tokens
KEYCLOAK-4623 Use HS256 for client reg tokens
 2018-09-11 08:14:10 +02:00
Takashi Norimatsu
5b6036525c KEYCLOAK-7560 Refactor Token Sign and Verify by Token Signature SPI 2018-09-11 08:14:10 +02:00
stianst
bf758809ba KEYCLOAK-6229 OpenShift Token Review interface 2018-09-07 08:21:28 +02:00
Jani
42553cdc44 [KEYCLOAK-7695] Restore token_type and expires_in for implicit flow 
As KEYCLOAK-6585 concerns only hybrid flow, this commit restores the behavior for implicit flow.

This commit partially reverts #5041 (061049e41a6b0e6fb45c75f05748023ad7ab7d92).
 2018-08-29 13:00:57 +02:00
Martin Kanis
59082e0b5f KEYCLOAK-7943 NPE when SAML User Property mapper is empty 2018-08-24 14:39:24 +02:00
Hiroyuki Wada
730377a843 KEYCLOAK-7528 Set Cache-Control and Pragma header in token endpoint 2018-08-14 11:41:12 +02:00
Pedro Igor
80e5227bcd [KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests 2018-08-07 10:53:40 -03:00
stianst
ae47b7fa80 KEYCLOAK-7967 Remove injection of UriInfo 2018-08-01 11:57:45 +02:00
Takashi Norimatsu
665bcaebbb KEYCLOAK-7959 OAuth 2.0 Certificate Bound Access Tokens in Rev Proxy 2018-07-31 21:53:46 +02:00
Hynek Mlnarik
b43392bac8 KEYCLOAK-6577 KEYCLOAK-5609 Support dot in claim names by escaping with backslash 2018-07-23 14:46:25 +02:00
Pedro Igor
acc5f5c6d1 [KEYCLOAK-7864] - Authorization claim not set in refresh token when issuing a new refresh token 2018-07-19 09:56:59 -03:00
Pedro Igor
8b6979ac18 [KEYCLOAK-7849] - Improvements to RPT upgrade 2018-07-18 16:40:55 -03:00
vramik
742a280f5d KEYCLOAK-5556 support for POST for AuthorizationEndpoint 2018-07-03 10:38:10 +02:00
stianst
3c5027de3c KEYCLOAK-7701 Refactor key providers to support additional algorithms 2018-06-29 14:14:25 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076) 
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
 2018-06-08 15:38:38 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353 
[KEYCLOAK-7353] Support Policy Management in Protection API
 2018-06-07 11:05:49 -03:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API 
See https://issues.jboss.org/browse/KEYCLOAK-7353
 2018-06-06 19:36:42 -03:00
Takashi Norimatsu
c586c63533 KEYCLOAK-6771 Holder of Key mechanism 
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
 2018-06-05 08:18:29 +02:00
Jared Blashka
65c39763eb KEYCLOAK-7356 Code to Token flow fails if initial redirect_uri contains a session_state parameter 2018-05-31 08:53:11 +02:00