libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
12242 commits 4 branches 5 tags 480 MiB
Commit graph

2926 commits

Author SHA1 Message Date
Hynek Mlnarik
aecfe251e4 KEYCLOAK-12816 Fix representation to model conversion 2020-02-27 21:11:24 +01:00
Douglas Palmer
85d7216228 [KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import 2020-02-27 09:45:48 -03:00
vramik
f1e54455e7 KEYCLOAK-13111 Move execution of db-allocator-plugin to jpa profile 2020-02-27 11:51:05 +01:00
mhajas
9f3a6de453 KEYCLOAK-13096 Add compile scope hamcrest dependency to springboot tests 2020-02-27 11:18:54 +01:00
mhajas
3db55727ca KEYCLOAK-12979 Fix group-attribute parsing 2020-02-27 10:48:03 +01:00
vramik
e2bd99e9e4 KEYCLOAK-13097 fix UserStorageTest - add cleanup after test 2020-02-27 10:46:38 +01:00
Pedro Igor
a830818a84 [KEYCLOAK-12794] - Missing id token checks in oidc broker 2020-02-27 09:13:29 +01:00
Erik Jan de Wit
8297c0c878 KEYCLOAK-11155 split on first '=' instead of all 2020-02-27 09:12:51 +01:00
Erik Jan de Wit
93a1374558 KEYCLOAK-11129 coalesce possible null values 2020-02-27 09:11:29 +01:00
Pedro Igor
1c71eb93db [KEYCLOAK-11576] - Properly handling redirect_uri parser errors 2020-02-27 08:29:06 +01:00
stianst
950eae090f KEYCLOAK-13054 Unblock temporarily disabled user on password reset, and remove invalid error message 2020-02-27 08:05:46 +01:00
vmuzikar
de8ba75399 KEYCLOAK-12635 KEYCLOAK-12935 KEYCLOAK-13023 UI test fixes 2020-02-26 15:54:44 -03:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn (#6780) 
* KEYCLOAK-12958 Preview feature profile for WebAuthn

* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server

* KEYCLOAK-12958 WebAuthn profile product/project

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2020-02-26 08:45:26 +01:00
mhajas
8436a88075 KEYCLOAK-12962 Enforce 3.6.0 maven version for deploy phase 2020-02-25 16:36:26 +01:00
stianst
9e47022116 KEYCLOAK-8044 Clear theme caches on hot-deploy 2020-02-20 08:50:10 +01:00
stianst
d8d81ee162 KEYCLOAK-12268 Show page not found for /account/log if events are disabled for the realm 2020-02-20 08:49:30 +01:00
stianst
9a3a358b96 KEYCLOAK-11700 Lower-case passwords before checking with password blacklist 2020-02-20 08:33:46 +01:00
stianst
536824beb6 KEYCLOAK-12960 Use Long for time based values in JsonWebToken 2020-02-19 15:46:05 +01:00
mhajas
167f73f54e KEYCLOAK-12969 Don't use GenericFilter in server-authz test application 2020-02-19 11:06:28 -03:00
Stefan Guilhen
7a3998870c [KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs 
- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
 2020-02-18 16:38:19 -03:00
mposolda
eeeaafb5e7 KEYCLOAK-12858 Authenticator is sometimes required even when configured as alternative 2020-02-18 09:05:59 +01:00
Thomas Darimont
67ddd3b0eb KEYCLOAK-12926 Improve Locale based message lookup 
We now consider intermediate Locales when performing a Locale based
ResourceBundle lookup, before using an Locale.ENGLISH fallback.

Co-authored-by: stianst <stianst@gmail.com>
 2020-02-18 08:43:46 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
Adamczyk Błażej
497787d2cd [KEYCLOAK-10696] - fixed missing client role attributes after import 2020-02-17 10:01:19 +01:00
mposolda
a76c496c23 KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users 2020-02-14 20:24:42 +01:00
Douglas Palmer
876086c846 [KEYCLOAK-12161] "Back to Application" link is shown with link to current page 2020-02-14 10:37:32 -03:00
stianst
f0e3122792 KEYCLOAK-12953 Ignore empty realm frontendUrl 2020-02-14 11:33:07 +01:00
stianst
42773592ca KEYCLOAK-9632 Improve handling of user locale 2020-02-14 08:32:20 +01:00
Pedro Igor
7efaf9869a [KEYCLOAK-12864] - OIDCIdentityProvider with Reverse Proxy 2020-02-13 15:01:10 +01:00
Pedro Igor
421ec34557 [KEYCLOAK-8049] - Prevent users from not choosing a group 2020-02-13 10:10:46 +01:00
mabartos
90b35cc13d KEYCLOAK-10420 Broker tests don't work with RH-SSO 2020-02-12 18:33:55 +01:00
mabartos
1bdf77f409 KEYCLOAK-12065 UserSessionInitializerTest is failing 2020-02-12 17:39:28 +01:00
mhajas
c3f0b342bf KEYCLOAK-12964 Fix adapter remote tests execution deciding 2020-02-12 16:04:44 +01:00
mhajas
1bb238d20f KEYCLOAK-12950 Use maven-plugin to configure shrinkwrap resolver 2020-02-12 16:04:44 +01:00
mhajas
f28ca30e6d KEYCLOAK-12963 Exclude testNoPortInDestination test for remote container 2020-02-12 13:18:51 +01:00
Peter Zaoral
b0ffea699e KEYCLOAK-12186 Improve the OTP login form 
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2020-02-12 11:25:02 +01:00
vramik
3d22644bbe KEYCLOAK-12237 Fix WelcomePageTest on Postgresql 2020-02-12 10:43:29 +01:00
Peter Skopek
622a97bd1c KEYCLOAK-12228 Sensitive Data Exposure 
from patch of hiba haddad haddadhiba0@gmail.com
 2020-02-12 09:57:31 +01:00
stianst
3c0cf8463a KEYCLOAK-12821 Check if action is disabled in realm before executing 2020-02-12 09:04:43 +01:00
stianst
6676b9bba0 Fix 2020-02-12 08:23:25 +01:00
stianst
0b8adc7874 KEYCLOAK-12921 Fix NPE in client validation on startup 2020-02-12 08:23:25 +01:00
stianst
dda829710e KEYCLOAK-12829 Require PKCE for admin and account console 2020-02-12 08:22:20 +01:00
Thomas Darimont
7969aed8e0 KEYCLOAK-10931 Trigger UPDATE_PASSWORD event on password update via AccountCredentialResource 2020-02-11 19:51:58 +01:00
Martin Kanis
1d54f2ade3 KEYCLOAK-9563 Improve access token checks for userinfo endpoint 2020-02-11 15:09:21 +01:00
Erik Jan de Wit
41bf0b78be KEYCLOAK-11631 reset to default befor loading new 2020-02-10 12:55:14 -05:00
mhajas
e5935d8069 KEYCLOAK-12764 Fix shrinkwrap issue by updating arquillian bom version 2020-02-08 10:51:48 +01:00
stianst
ecec20ad59 KEYCLOAK-12193 Internal error message returned in error response 2020-02-07 18:10:41 +01:00
Pedro Igor
da0e2aaa12 [KEYCLOAK-12897] - Policy enforcer should just deny when beare is invalid 2020-02-07 15:04:45 +01:00
mabartos
a5d02d62c1 KEYCLOAK-12908 TOTP not accepted in request for Access token 2020-02-07 13:17:05 +01:00
mhajas
3f29c27e16 KEYCLOAK-12906 Describe how to run testsuite against openshift 2020-02-07 12:09:55 +01:00
stianst
5d1fa8719e KEYCLOAK-12190 Fix PartialImportTest for client validation 2020-02-07 11:44:09 +01:00
stianst
7545749632 KEYCLOAK-12190 Add validation for client root and base URLs 2020-02-07 09:09:40 +01:00
Pedro Igor
fc514aa256 [KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering 2020-02-06 13:16:01 +01:00
Pedro Igor
199e5dfa3e [KEYCLOAK-12909] - Keycloak uses embedded cache manager instead of container-managed one 2020-02-06 13:14:36 +01:00
Dmitry Telegin
b6c5acef25 KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID 2020-02-06 08:53:31 +01:00
Axel Messinese
b73553e305 Keycloak-11526 search and pagination for roles 2020-02-05 15:28:25 +01:00
mhajas
66350f415c KEYCLOAK-12849 Exclude SameSite tests in non-SSL test runs 2020-02-05 11:44:07 +01:00
rmartinc
d39dfd8688 KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters 2020-02-05 11:30:28 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability (#6710) 2020-02-05 08:35:47 +01:00
Thomas Darimont
42fdc12bdc
KEYCLOAK-8573 Invalid client credentials should return Unauthorized status (#6725) 2020-02-05 08:27:15 +01:00
vmuzikar
0801cfb01f KEYCLOAK-12105 Add UI tests for Single page to manage credentials 2020-02-04 15:18:52 -03:00
Douglas Palmer
dc97a0af92 [KEYCLOAK-12107] Add tests for Applications page 2020-02-04 09:26:42 -03:00
rmartinc
5b9eb0fe19 KEYCLOAK-10884: Need clock skew for SAML identity provider 2020-02-03 22:00:44 +01:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements (#6709) 
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
  TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
  required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
  the user to provide device name label,

Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages

Add a corresponding testcase

Also address issues pointed out by mposolda's review. Thanks, Marek!

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … (#6668) 2020-02-03 19:23:30 +01:00
vramik
337e8f8fad KEYCLOAK-12240 MigrationModelTest fails in pipeline 2020-02-03 13:14:53 +01:00
Leon Graser
01a42f417f Search and Filter for the count endpoint 2020-02-03 09:36:30 +01:00
Pedro Igor
ed2d392a3d [KEYCLOAK-9666] - Entitlement request with service account results in server error 2020-02-03 08:57:56 +01:00
Pedro Igor
658a083a0c [KEYCLOAK-9600] - Find by name in authz client returning wrong resource 2020-02-03 08:57:20 +01:00
Jan Lieskovsky
00a36e5f7b
[KEYCLOAK-12865] Stabilize distribution profile (#6712) 
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-02-01 13:31:54 +01:00
rmartinc
1989483401 KEYCLOAK-12001: Audience support for SAML clients 2020-01-31 15:56:40 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… (#6690) 
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
 2020-01-31 14:28:23 +01:00
Bart Monhemius
52fd2b4aa4 KEYCLOAK-12698: Allow setting lifespan on executeActionsEmail 2020-01-31 09:27:07 +01:00
Pedro Igor
c37ca235ab [KEYCLOAK-11352] - Can't request permissions by name by a non-owner resource service, although the audience is set 2020-01-30 11:36:21 +01:00
Pedro Igor
2a82ed6eea [KEYCLOAK-9402] - 401 response when enforcement mode is DISABLED 2020-01-30 11:09:32 +01:00
Pedro Igor
873c62bbef [KEYCLOAK-12569] - User cannot be deleted if he has owned resources / permission tickets 
Co-authored-by: mhajas <mhajas@redhat.com>
 2020-01-30 11:08:28 +01:00
Pedro Igor
c821dcf820 [KEYCLOAK-12438] - Scope-based policies falsely give a permit with an empty scope list 2020-01-29 14:02:44 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless (#6649) 2020-01-29 09:33:45 +01:00
Takashi Norimatsu
993ba3179c KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT (#6633) 2020-01-28 14:55:48 +01:00
Erik Jan de Wit
3beef2a4c0 KEYCLOAK-8098 use html5 email validation 2020-01-27 15:16:05 -05:00
Stian Thorgersen
87cab778eb KEYCLOAK-11996 Authorization Endpoint does not return an error when a request includes a parameter more than once (#6696) 
Co-authored-by: stianst <stianst@gmail.com>

Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2020-01-24 12:10:56 +01:00
Denis Richtárik
24c6e2ba08 KEYCLOAK-12742 Authentication -> WebAuthn Policy: Unable to delete the Acceptable AAGUIDS via the provided minus (-) button, once set (#6695) 2020-01-24 11:55:20 +01:00
Leon Graser
f1ddd5016f KEYCLOAK-11821 Add account api roles to the client on creation 
Co-authored-by: stianst <stianst@gmail.com>
 2020-01-23 13:10:04 -06:00
Martin Kanis
1fbee8134b KEYCLOAK-12697 Remove mvel2 from parent pom and licenses 2020-01-23 13:04:31 -06:00
Benjamin Weimer
dd9ad305ca KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with 
following features

    * Regex support for claim values.
    * Support for multiple claims.
 2020-01-23 07:17:22 -06:00
mposolda
f0d95da52d KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt 2020-01-23 05:43:29 -06:00
vramik
47d6d65bbb KEYCLOAK-12724 - workaround hibernate bug - set explicitly dialect for oracle version greater than 12 2020-01-22 18:34:11 +01:00
Denis Richtárik
8d312d748b KEYCLOAK-12163 Old account console: UI not updated after removing of TOTP (#6688) 2020-01-22 12:26:28 +01:00
vmuzikar
03306b87e8 KEYCLOAK-12125 Introduce SameSite attribute in cookies 
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
 2020-01-17 08:36:53 -03:00
vmuzikar
475ec6f3e4 Add tests for 'Always Display in Console' 2020-01-17 08:35:01 -03:00
Stan Silvert
568b1586a6 KEYCLOAK-12526: Add 'Always Display in Console' to admin console 2020-01-17 08:35:01 -03:00
Martin Bartos RH
d3f6937a23 [KEYCLOAK-12426] Add username to the login form + ability to reset login 2020-01-17 09:40:13 +01:00
mposolda
85dc1b3653 KEYCLOAK-12426 Add username to the login form + ability to reset login - NOT DESIGN YET 2020-01-17 09:40:13 +01:00
Tomas Kyjovsky
05c428f6e7 KEYCLOAK-12295 After password reset, the new password has low priority (#6653) 2020-01-16 09:11:25 +01:00
Martin Bartoš
5aab03d915 [KEYCLOAK-12184] Remove BACK button from login forms (#6657) 2020-01-15 12:25:37 +01:00
Axel Messinese
789e8c70ce KEYCLOAK-12630 full representation param for get groups by user endpoint 2020-01-15 10:14:52 +01:00
Axel Messinese
72aff51fca KEYCLOAK-12670 inconsistent param name full to briefRepresentation 2020-01-15 08:32:57 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector (#6591) 2020-01-14 21:54:45 +01:00
k-tamura
221aad9877 KEYCLOAK-11511 Improve exception handling of REST user creation 2020-01-14 13:34:34 +01:00
vramik
3b1bdb216a KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem 2020-01-14 13:17:13 +01:00