Pedro Igor
c8970c95d5
[KEYCLOAK-10015] - CIP not properly resolving objects from JSON request body
2019-04-11 18:19:43 -03:00
mhajas
5b47df8979
KEYCLOAK-10013 Do not reject tokens with issuedAt == notBefore
2019-04-11 21:57:11 +02:00
Pedro Igor
ad9f59f9f7
[KEYCLOAK-9353] - Avoids initialization of the policy enforcer during deployment
2019-04-05 16:02:53 -03:00
mposolda
a516a795a2
KEYCLOAK-9836 Deprecate keycloak-servlet-oauth-clien
2019-04-02 10:52:18 -03:00
Pedro Igor
20376c9111
[KEYCLOAK-9353] - Quarkus integration
2019-03-21 11:45:35 -03:00
Grzegorz Grzybek
e01562d7cf
[KEYCLOAK-9646] Increase import range for javax.servlet API to cover EAP 7.2, servlet-api 4.0
...
[KEYCLOAK-9646] Update HOW-TO-RUN.md for Fuse 7.1+ instructions
2019-03-12 15:14:34 +01:00
keycloak-bot
e843d84f6e
Set version to 6.0.0-SNAPSHOT
2019-03-06 15:54:08 +01:00
mhajas
8a750c7fca
KEYCLOAK-6750 Adapt Tomcat adapter tests to new structure
2019-03-06 08:57:46 +01:00
Sebastian Laskawiec
406097a508
KEYCLOAK-6749 Jetty App Server
2019-03-05 15:21:48 +01:00
mposolda
d5b28013d1
KEYCLOAK-8523 Remove jaxrs package from old testsuite and deprecate jaxrs filter
2019-03-04 10:25:01 +01:00
Pedro Igor
75d9847672
[KEYCLOAK-9478] - Support multiple CIP providers in the policy enforcer configuration
2019-02-27 19:08:57 -03:00
sakanaou
007c364027
Store rewritten redirect URL in adapter-core
2019-02-27 15:39:32 -03:00
Philipp Nowak
39828b2c94
[KEYCLOAK-9539] Race condition SecurityContextHolder.setAuthentication()
...
This is an issue with the Spring Security Keycloak Adapter relating to
the way the Authentication is stored in the SecurityContext, causing a
race condition in application code using that. It does not seem to
affect actual Spring Security operation.
We had a pretty strange race condition in our application. When many
requests were incoming at the same time, occasionally the old
unauthenticated Authentication provided to
KeycloakAuthenticationProvider for performing the actual authentication
would stay the current authentication, as returned by
SecurityContextHolder.getContext().getAuthentication(). That resulted
in authenticated users' JavaScript requests occasionally (~1/50 given a
large request volume) returning a 403 because the 'old' token was still
in the context, causing Spring Security to see them as unauthenticated.
This PR resolves this issue by replacing the whole context, as suggested
by a Spring Security contributor in jzheaux/spring-security-oauth2-resource-server#48 . By default,
SecurityContextHolder keeps the actual context object in a ThreadLocal,
which should be safe from race-conditions. The actual Authentication
object, however, is kept in a mere field, hence the reason for this PR.
JIRA issue: https://issues.jboss.org/browse/KEYCLOAK-9539
2019-02-27 14:58:10 -03:00
Pedro Igor
4d5dff1d64
[KEYCLOAK-9474] - Public endpoints are returning 403 with body when enforcement mode is disabled
2019-02-21 16:27:07 -03:00
stianst
e06c705ca8
Set version 5.0.0
2019-02-21 09:35:14 +01:00
Sebastian Laskawiec
ee41a0450f
KEYCLOAK-8349 KEYCLOAK-8659 Use TLS for all tests in the suite
2019-02-08 08:57:48 -02:00
stianst
7c9f15778a
Set version to 4.8.3.Final
2019-01-09 20:39:30 +01:00
stianst
7c4890152c
Set version to 4.8.2
2019-01-03 14:43:22 +01:00
Charles Jourdan
68873c29b7
Fix on type for KeycloakInstance.realmAccess and KeycloakInstance.ressourceAccess
2018-12-13 19:03:47 +01:00
Stephane Nicoll
f739e2e2d8
KEYCLOAK-8155 Use Spring Boot autoconfigure-processor to optimize auto-configurations
2018-12-13 09:01:21 +01:00
Boudewijn van Klingeren
5354e88f60
KEYCLOAK-8243 Change error logging to debug for normal flow outcomes
2018-12-13 08:39:54 +01:00
sebastienblanc
aa89ae96a9
update and align Spring Boot versions
2018-12-11 15:34:47 +01:00
Pedro Igor
8204509b0c
[KEYCLOAK-8980] - ElytronAccount not serializable
2018-12-10 08:55:00 +01:00
Hynek Mlnarik
27f145969f
KEYCLOAK-7936 Prevent registration of the same node
...
The root cause is that NodesRegistrationManagement.tryRegister can be
called from multiple threads on the same node, so it can require
registration of the same node multiple times. Hence once it turns to
tasks that invoke sendRegistrationEvent (called sequentially), the same
check has been added to that method to prevent multiple invocations on
server side, or invocation upon undeployment/termination.
2018-12-05 12:34:17 +01:00
stianst
b674c0d4d9
Prepare for 4.8.0.Final
2018-12-04 13:54:25 +01:00
Hynek Mlnarik
c9cd060417
KEYCLOAK-8824 Fix servlet filter versions
2018-11-22 14:20:46 +01:00
stianst
ecd476fb10
Prepare for 4.7.0.Final
2018-11-14 20:10:59 +01:00
stianst
1ee6fd7130
KEYCLOAK-8619 Fix check-sso when there is no cookie
2018-11-09 10:36:31 -02:00
scranen
5880efe775
KEYCLOAK-4342 Make naming consistent
2018-11-06 10:28:06 -02:00
scranen
e6b9364c39
KEYCLOAK-4342 PR comments
2018-11-06 10:28:06 -02:00
scranen
0c6b20e862
[KEYCLOAK-4342] Make adapter state cookie path configurable
2018-11-06 10:28:06 -02:00
Pedro Igor
234b7a06a1
[KEYCLOAK-7798] - Spring security adapter does not renew expired tokens
2018-11-06 10:26:40 -02:00
BaHwan Han
91c4bfa81c
The Keycloak JS adapter should not mutate browser history state
2018-10-29 20:08:32 +01:00
mposolda
c36b577566
KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken
2018-10-23 13:52:09 +02:00
Pedro Igor
6f8f8e6a28
[KEYCLOAK-8449] - Option to automatically map HTTP verbs to scopes when configuring the policy enforcer
2018-10-23 08:40:54 -03:00
vramik
7a96911a83
KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
...
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
mposolda
4483677cdd
KEYCLOAK-8529 Fix most of adapter tests on EAP6
2018-10-12 12:01:33 +02:00
Tobias Gippert
c71f6e2188
The Keycloak JS adapter should not create a new browser history entry,
...
when it is redirecting the user, unless the user is in the admin console.
2018-10-12 09:42:26 +02:00
stianst
aaa33ad883
KEYCLOAK-8509 Improvements to session iframe
2018-10-10 21:01:05 +02:00
stianst
9be8bef575
KEYCLOAK-7920 Changes to native promises in JS adapter. Native promises have to be explicitly enabled and when they are old success/error functions are no longer supported. Internally we don't use native promises.
2018-10-10 21:00:19 +02:00
Frank Schmager
6b59c2f44c
try to register node during authentication attempt in filter
...
* PreAuthActionsFilter registers deployment during authentication attempt to enable, well,
node registration if filter is used by itself (if no securityConstraints when using spring boot and spring security)
* deregistering node during clean shutdown
* added unit test
2018-10-09 10:30:37 -03:00
sebastienblanc
fd0ab4a626
removing spring factories from core module
2018-10-09 14:17:33 +02:00
Pedro Igor
6fd4a02f95
[KEYCLOAK-8444] - Error when producing KeycloakSpringBootConfigResolver from spring security configuration
2018-10-08 09:29:59 -03:00
Pedro Igor
2da758ac86
[KEYCLOAK-6928] - Selecting first bearer if multiple values exists in authorization header
2018-10-01 09:36:10 -03:00
stianst
c3fc9e9815
Set version to 4.6.0.Final-SNAPSHOT
2018-09-26 20:58:41 +02:00
Pedro Igor
081e9883e6
[KEYCLOAK-7659] - k_version not supporting cors
2018-09-25 11:50:17 -03:00
Pedro Igor
df311b60b4
[KEYCLOAK-8168] - PEP is resolving claims twice under certain circumstances
2018-09-25 11:47:50 -03:00
mposolda
3777dc45d0
KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch
2018-09-21 11:17:05 +02:00
Pedro Igor
adf0a19f9d
[KEYCLOAK-8133] - Can't Sucessfully inject a custom KeycloakSpringBootConfigResolver in the Keycloak Spring Boot Security Adapter
2018-09-20 11:11:12 -03:00
Hynek Mlnarik
0b893d5634
KEYCLOAK-8187 Fix Undertow imports for Fuse
...
Co-Authored-By: wyvie <irum@redhat.com>
2018-09-18 16:54:03 +02:00
Pedro Igor
64f8fe4987
[KEYCLOAK-8070] - wrong expose headers when enable cors and policyenforcer
2018-09-17 17:02:15 -03:00
stianst
1fb4ca4525
Set version to 4.5.0.Final
2018-09-06 20:08:02 +02:00
Pedro Igor
33efcc6b93
[KEYCLOAK-8142] - Fixing regression when setting path enforcement mode to disabled
2018-09-04 10:32:06 -03:00
Dmitry Telegin
bc8763ccf3
KEYCLOAK-7858 - OIDC servlet filter adapter OSGi support
2018-09-04 11:29:45 +02:00
Jani
42553cdc44
[KEYCLOAK-7695] Restore token_type and expires_in for implicit flow
...
As KEYCLOAK-6585 concerns only hybrid flow, this commit restores the behavior for implicit flow.
This commit partially reverts #5041 (061049e41a6b0e6fb45c75f05748023ad7ab7d92).
2018-08-29 13:00:57 +02:00
mposolda
6fc99cd749
KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
...
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
Dan Hooper
0a8fca7ec4
Created common interface for parsed tokens in typescript declaration file
2018-08-23 16:14:17 -04:00
Frank Schmager
3e2e0ac91c
Renamed factory and java doc
2018-08-22 16:39:55 +02:00
Frank Schmager
dda365e002
initial exposing of BasicAuthRequestAuthenticator to make extensible
2018-08-22 16:39:55 +02:00
Grzegorz Grzybek
fdc9882709
[KEYCLOAK-8101] Return just cached deployment to prevent NPE
2018-08-21 09:56:58 +02:00
Alex Szczuczko
a35ed671e6
KEYCLOAK-7480 Make fuse7 tomcat8 adapter community-only
2018-08-20 09:06:45 +02:00
Alex Szczuczko
f0a2f7a675
KEYCLOAK-7480 Make fuse7 adapter's jetty94 conditional on the community profile
...
In commit d70859ef
keycloak-pax-web-jetty94 was added.
org.keycloak:keycloak-jetty94-adapter:jar is a dependency of this module, and
isn't produced outside of the community profile. So, the jetty94 module here
must be consistent with that.
2018-08-20 09:06:45 +02:00
Erin Recachinas
fa8cb004a1
KEYCLOAK-6086 Casting Jetty WebAppContext in Spring Adapter checks validity and unwraps
2018-08-13 11:16:19 +02:00
Pedro Igor
80e5227bcd
[KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests
2018-08-07 10:53:40 -03:00
mposolda
959cd035ba
Set version to 4.3.0.Final-SNAPSHOT
2018-08-01 22:40:05 +02:00
Tair Sabirgaliev
d88568266f
KEYCLOAK-7821 Enable tomcat-specific features: *
(all roles), **
(authenticated user) in authRoles
constraint
2018-07-27 14:24:49 +02:00
mhajas
a6e4f4f9aa
KEYCLOAK-7922 Use Time.currentTimeMillis() instead of System.currentTimeMillis() in PathCache
2018-07-24 08:52:48 -03:00
Hynek Mlnarik
c8bc0d6d7b
KEYCLOAK-7400 Remove dead code
...
This commit can only be merged once the Camel 2.21.2 would be
released, otherwise the code won't compile due to missing dependencies.
See https://issues.apache.org/jira/browse/CAMEL-12514 for details.
2018-07-23 14:46:00 +02:00
Pedro Igor
7c14a6a503
[KEYCLOAK-6547] - AuthenticatedActionsHandler should process responses after identity is established
2018-07-19 10:05:04 -03:00
Grzegorz Grzybek
2cb7ec9432
[KEYCLOAK-7703] HierarchicalPathBasedKeycloakConfigResolver for more fine/coarse grained Keycloak configuration in Karaf
2018-07-19 14:25:52 +02:00
Gregor Tudan
3417b569c0
KEYCLOAK-2606: add support for native browsers on cordova
...
KEYCLOAK-2606 Added cordova native
KEYCLOAK-2606 Some more fixes and tweaks
Fix redirect in example realm
feature(cordova-native): fix universalLinks and kc options
Added 'cordova-native' to typings
Added an option to define a "default" redirectUri in keycloak.js
Added 'login' and 'logout' event to universalLinks configuration in config.xml
Improved 'cordova-native' example to always use a redirectUri and
update state after successfull logout
Setting the 'authenticated' flag for the keycloak instance to 'false'
after a logout redirect
KEYCLOAK-2606: Simplify example for cordova-native
I wanted to make it explicit which options are actually needed, so I didn't want to reuse the keycloak conf
KEYCLOAK-2606: simplify example
The update state after logout shouldn't be necessary as it is set in `keycloak.onAuthLogout = updateState;`
Not sure why it is called after the login promise...
Fixes
2018-07-18 10:51:59 +02:00
Martin Kanis
b520dda3ef
KEYCLOAK-4662 Keycloak adapter missing configuration attribute proxy-url
2018-07-13 14:30:40 +02:00
mhajas
5aebc74f8c
KEYCLOAK-7269 Setting more uris for Authorization Resource
2018-07-11 17:48:34 -03:00
Pedro Igor
55550f2023
[KEYCLOAK-6547] - AuthenticatedActionsHandler should process responses after identity is established
2018-07-11 11:33:31 -03:00
mposolda
d0a824dde4
Updating version to 4.2.0.Final-SNAPSHOT
2018-07-05 07:42:48 -04:00
sebastienblanc
f5d00ddffb
making Spring Boot 2 the default starter
2018-07-03 22:04:16 +02:00
Pedro Igor
dcadc61220
[KEYCLOAK-7670] - PEP not returning correct status code when authorization header is not set
2018-06-29 09:39:55 -03:00
Pedro Igor
f10c47955f
[KEYCLOAK-7427] - Fix to support writing to response when doing programmatic logouts
2018-06-28 11:08:28 -03:00
Pedro Igor
23db2b852b
[KEYCLOAK-7679] - Wildfly adapter must be disabled when using Elytron
2018-06-28 11:08:28 -03:00
Grzegorz Grzybek
3c9d3c2c04
[KEYCLOAK-7681] Review pax-web OSGi dependencies
...
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2018-06-22 13:47:20 +02:00
Grzegorz Grzybek
f90e0fc14c
[KEYCLOAK-7425] Correctly import packages of httpclient and http core, fix Karaf feature
2018-06-21 14:28:47 +02:00
stianst
e1a0e581b9
Update to 4.1.0.Final-SNAPSHOT
2018-06-14 14:22:28 +02:00
Dennis Bayer
c43d8b3d85
Get role list to update directly from the security context rather than from previously created subject info.
...
Roles within groups must be unpacked added separately in order to contain all roles.
2018-06-13 21:03:30 -03:00
Dennis Bayer
6a2a121d4e
Map group members of authenticated subject into subject info.
...
This commit contains a POC for the issue "Roles get lost after security context was propagated back to wildfly-swarm, if using jwt for authentication" (KEYCLOAK-7309).
2018-06-13 21:03:30 -03:00
Hynek Mlnarik
9dc5709ce7
KEYCLOAK-7593 Setters for httpContext
2018-06-13 16:32:39 +02:00
Stefan Guilhen
d897159560
[KEYCLOAK-7598] - Set CIP config when defining paths in policy enforcer config ( #5264 )
2018-06-12 11:24:17 -03:00
Vlasta Ramik
182c975e01
KEYCLOAK-7597 fix logger classes ( #5263 )
2018-06-12 11:02:04 -03:00
Pedro Igor
db60abc604
[KEYCLOAK-7543] - Policy enforcer should not delegate decisions when using UMA ( #5252 )
2018-06-11 08:17:40 -03:00
Lorent Lempereur
f55c93a1e4
Javascript Adapter - Add 'cordovaOptions' to the Typescript definition of KeycloakLoginOptions ( #5250 )
2018-06-11 08:21:04 +02:00
Grzegorz Grzybek
fca6da3a5a
KEYCLOAK-7523 better context path detection in PathBasedKeycloakConfigResolver
2018-06-08 21:32:14 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support ( #5076 )
...
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes
Co-authored-by: vramik <vramik@redhat.com>
* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Federico M. Facca
5a9bfea419
[KEYCLOAK-7353] Support Policy Management in Protection API
...
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final ( #5224 )
2018-05-24 19:02:30 +02:00
Hynek Mlnarik
1e438cdc45
KEYCLOAK-7277 KEYCLOAK-7282 Tomcat 8/Pax Web integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
d70859ef1b
KEYCLOAK-7277 KEYCLOAK-7282 Jetty/Pax Web integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
cace03c3cc
KEYCLOAK-7279 Camel/Undertow integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
b2df872ad4
KEYCLOAK-7278 KEYCLOAK-7280 CXF/Undertow integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
dd65c231f9
KEYCLOAK-7277 KEYCLOAK-7282 Undertow/Pax Web integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
ae690e0679
KEYCLOAK-5522 Base for Fuse 7 adapter
2018-05-23 13:14:07 +02:00
Pedro Igor
dac5d313b3
Merge pull request #5166 from pedroigor/KEYCLOAK-7021
...
[KEYCLOAK-7021] - keycloak-authz.js and keycloak-authz.d.ts do not work with TypeScript
2018-05-17 17:42:51 -03:00