Commit graph

80 commits

Author SHA1 Message Date
Takashi Norimatsu
c586c63533 KEYCLOAK-6771 Holder of Key mechanism
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
2018-06-05 08:18:29 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Alex Szczuczko
6a19a8fb7e KEYCLOAK-7362 Disable mvn-golang-wrapper in the product build
com.igormaznitsa:mvn-golang-wrapper is a new plugin used by the testsuite. It
depends on arbitrary internet resources, including github and
storage.googleapis.com. This isn't permissible in a product build, and so PNC
blocks it.

As a short-term solution, I've added a product profile the sets the skip
parameter to true for this plugin. Other approaches, like changing the phase of
the get goals, didn't work.
2018-05-16 16:53:39 -06:00
Tim Taylor
49a03a86fb Force the mvn-golang plugin to use the maven proxy 2018-05-04 15:31:49 -04:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
vmuzikar
5ec50461ee KEYCLOAK-7101 Fix DockerClientTest 2018-04-27 15:02:10 +02:00
Bill Burke
8a5428808e KEYCLOAK-7044 KEYCLOAK-7046 2018-04-03 21:29:31 -04:00
Bill Burke
04a72b9608 bump kcinit version tag 2018-03-31 22:34:37 -04:00
Bill Burke
f5bacb79c1 review changes 2018-03-28 16:45:52 -04:00
Bill Burke
ad5f3fefc5 Merge remote-tracking branch 'upstream/master' into kcinit 2018-03-27 16:38:35 -04:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Bill Burke
67229912e6 use kcinit branch 2018-03-21 13:38:40 -04:00
Bill Burke
681e3d751e golang integration 2018-03-20 16:42:35 -04:00
Bill Burke
4bba11cd94 kcinit 2018-03-16 12:11:57 -04:00
Douglas Palmer
fc52ff65bd [KEYCLOAK-6518] Added explicit guava dependency instead of relying on transitive dependency. 2018-02-06 10:52:48 +01:00
mhajas
2a2f255640 KEYCLOAK-4793 Fix authorization services maven scanner properties in base testsuite for product 2018-01-29 09:18:20 +01:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
vramik
abea430802 KEYCLOAK-4793 2017-12-14 11:30:28 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
vmuzikar
b21d5bbf04 KEYCLOAK-5805 Fix tests in the 'other' module 2017-11-09 07:01:27 +01:00
vramik
cb2bd0fe1a KEYCLOAK-5672 rewrite server-config-migration module to use offline mode 2017-10-16 22:51:59 +02:00
vramik
b0a1550df5 KEYCLOAK-5586 crossdc tests on Wildfly using real database 2017-10-04 12:00:18 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnarik
c7046b6325 KEYCLOAK-4189 Preparation for cross-DC SAML testing 2017-07-25 09:44:36 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
vramik
dfed148921 KEYCLOAK-4189 fixed issue with exlude cross DC tests by default 2017-06-16 11:32:02 +02:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
Pedro Igor
8e877a7f6c [KEYCLOAK-3135] - More tests 2017-04-12 14:34:27 -03:00
Peter Nalyvayko
b2f10359c8 KEYCLOAK-4335: x509 client certificate authentication
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments

x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute

Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received

Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes

Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document

A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README

Changes to the formating of the readme

Added a list of features to readme

Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions

Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master

Removed a superfluous file created when merging x509 and main branches

X509 authentication: removed the PKIX path validation as superflous

Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main

Merge the unit tests from x509 branch

added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured

CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.

changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail

Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)

X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them

X509 fixed a compile error caused by the changes to the user model in master

Integration tests to validate X509 client certificate authentication

Minor tweaks to X509 client auth related integration tests

CRLs to support x509 client cert auth integration tests

X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime

X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class

X509 separated the browser and direct grant x509 authenction integration tests

x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator

x509 removed the dependency on mockito

x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests

index.txt.attr is needed by openssl to run a simple OCSP server

x509: minor grammar fixes

Add OCSP stub responder to integration tests

This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.

Replace printStackTrece with logging

This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.

Remove unused imports

Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.

Parameterized Hashtable variable

Removed unused CertificateFactory variable

Declared serialVersionUID for Serializable class

Removed unused CertificateBuilder class

The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.

Removing unused variable declaration

`response` variable is not used in the test, removed it.

Made sure InputStreams are closed

Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.

Removed deprecated usage of URLEncoder

Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.

Made it more clear how to control OCSP stub responder in the tests

X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job

KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests

KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Hynek Mlnarik
1970e03361 KEYCLOAK-4368 Enable htmlUnit for adapter tests (not examples though) 2017-02-26 16:56:26 +01:00
Tomas Kyjovsky
a5677e87db UserStorageTest migrated to Arquillian testsuite 2017-02-22 13:54:11 +01:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
Pedro Igor
c19360c6f2 [KEYCLOAK-4203] - Removing references to Drools 2017-01-18 12:44:30 -02:00
Vaclav Muzikar
547f5ecfa6 KEYCLOAK-4230 Fix failing Arquillian tests in the "other" module 2017-01-16 10:59:02 +01:00
Pavel Drozd
3d9f11168e KEYCLOAK-4210: Added Fuse admin tests 2017-01-13 01:05:37 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
mposolda
803fde6c1d KEYCLOAK-3124 Possibility test adapter on embedded undertow 2016-11-29 22:08:23 +01:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
mposolda
acbb17a331 KEYCLOAK-3768 Fix executing embedded apacheDS via maven exec plugin 2016-10-20 10:08:33 +02:00
gil
490b7f6ba4 KEYCLOAK-3519 port to apache-ldap-api-1.0.0-M33 2016-10-19 11:29:31 +02:00
Marko Strukelj
c912f941e7 KEYCLOAK-2084 Client Registration CLI 2016-10-18 12:33:02 +02:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
Vlasta Ramik
39fe439573 Database migration testing 2016-09-05 13:39:21 +02:00
mposolda
d52e043322 Set version to 2.2.0-SNAPSHOT 2016-08-10 08:57:18 +02:00