Commit graph

279 commits

Author SHA1 Message Date
Stian Thorgersen
e3a8bed5b2 Merge pull request #3853 from pedroigor/RHSSO-767
[RHSSO-767] - Wrong implementation of Request.getRelativePath causing failures on Tomcat-like adapters
2017-02-13 10:26:34 +01:00
Pedro Igor
9416ee7224 [RHSSO-767] - Wrong implementation of Request.getRelativePath causing failures on Tomcat-like adapters 2017-02-09 21:27:28 -02:00
mposolda
72a5d03f34 KEYCLOAK-4385 Added BundleBasedKeycloakConfigResolver 2017-02-06 21:24:20 +01:00
Takashi Norimatsu
fe5fe4c968 KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
7636 - Client Side Implementation
2017-02-03 12:02:54 +09:00
Agile Developer
d60c3b7c0c missing import 2017-02-03 00:47:41 +01:00
Agile Developer
cde3e87ad9 verifySSL() - debug info
DEBUG report like this:

SSL Verification: 
		passed: true, request is secure: true, 
		SSL is required for: EXTERNAL, 
		SSL is required for remote addr 192.168.100.123: false
2017-02-02 21:18:14 +01:00
Stian Thorgersen
9aa2dacec9 KEYCLOAK-4366 Issues when keycloak.js is initialized with token 2017-02-02 10:57:03 +01:00
Stian Thorgersen
ee62c52543 KEYCLOAK-4338 KEYCLOAK-4331 Fixes to session iframe 2017-02-02 08:12:29 +01:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
Stian Thorgersen
d1e491d57d KEYCLOAK-4286 Add deprecated support for old keycloak.js 2017-01-25 15:59:43 +01:00
Stian Thorgersen
94ffeda62a Merge pull request #3773 from hmlnarik/KEYCLOAK-4181-SAML-Response-without-any-assertion-leads-to-an-exception
KEYCLOAK-4181 Fix handling of SAML error code in broker
2017-01-24 10:33:05 +01:00
Pedro Igor
13e92cdb35 [KEYCLOAK-3261] - Properly handle apps deployed at the ROOT context 2017-01-23 21:27:43 -02:00
Slawomir Dabek
cc788cf44e KEYCLOAK-4222 Remove slash from state parameter 2017-01-19 20:11:18 +01:00
Hynek Mlnarik
350b9550c3 KEYCLOAK-4264 2017-01-19 16:30:01 +01:00
Bill Burke
41630d6962 Merge pull request #3727 from hmlnarik/KEYCLOAK-4141
KEYCLOAK-4141
2017-01-12 08:49:29 -05:00
Stian Thorgersen
139e12fa5f KEYCLOAK-4179 Fixed logic to init with token to prevent issues with timeSkew 2017-01-10 09:09:50 +01:00
Hynek Mlnarik
4df70c517d KEYCLOAK-4141 2017-01-10 09:02:36 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Stian Thorgersen
b6b3c04400 Merge pull request #3663 from sldab/autodetect-bearer-only
KEYCLOAK-2962 Autodetect bearer-only clients
2016-12-20 14:05:25 +01:00
Pedro Igor
18b94a2153 [KEYCLOAK-4034] - More logging. 2016-12-20 00:04:59 -02:00
Pedro Igor
0b3e867362 [KEYCLOAK-4034] - Minor changes to policy enforcer 2016-12-19 23:44:51 -02:00
Slawomir Dabek
b6d29ccd30 KEYCLOAK-2962 Autodetect bearrer-only clients
Suport more headers
2016-12-19 17:13:14 +01:00
Bill Burke
1c0e23db66 Merge pull request #3647 from tkyjovsk/fix-module-names
fixed module names
2016-12-16 08:41:01 -05:00
Hynek Mlnarik
7d51df4eed KEYCLOAK-3971 Explicitly set encoding for SAML message processing 2016-12-15 14:04:34 +01:00
Tomas Kyjovsky
e5d744f7d5 fixed module names 2016-12-14 17:02:07 +01:00
Stian Thorgersen
c11f65720b Merge pull request #3639 from hmlnarik/KEYCLOAK-4062-Provide-GUI-for-KeyName-format-in-identity-broker-and-client
KEYCLOAK-4062 - GUI changes for KeyName format + few tests
2016-12-13 11:33:16 +01:00
Hynek Mlnarik
5006fe2292 KEYCLOAK-4062 - GUI changes for KeyName format + few tests 2016-12-12 22:29:01 +01:00
mposolda
8c99a13387 Minor synchronize update 2016-12-12 13:09:19 +01:00
mhajas
081958e282 KEYCLOAK-4051 Use debug instead of debugf 2016-12-08 09:42:52 +01:00
Bill Burke
7271fdaaaa KEYCLOAK-3509 2016-12-06 18:52:37 -05:00
Bill Burke
e3d0f8f6e5 Merge pull request #3548 from sebastienblanc/KEYCLOAK-3725
KEYCLOAK-3725: return Unauthorized when accessing bearer only in inte…
2016-12-03 13:46:52 -05:00
danren
87b243ed59 Fix for KEYCLOAK-3961 2016-12-02 13:30:53 +01:00
mposolda
74967737ee KEYCLOAK-3824 Ensure sending notBefore invalidates JWKPublicKeyLocator 2016-12-01 17:07:50 +01:00
mposolda
a38544796f KEYCLOAK-3823 KEYCLOAK-3824 Added public-key-cache-ttl for OIDC adapters. Invalidate cache when notBefore sent 2016-12-01 12:25:07 +01:00
Stian Thorgersen
c9cf7f6564 Merge pull request #3549 from RamonGebben/patch-1
KEYCLOAK-3993: Removed compare bug in `checkState` function
2016-12-01 07:57:29 +01:00
Stian Thorgersen
ba406d5747 Merge pull request #3332 from ebondu/master
fix bug https://issues.jboss.org/browse/KEYCLOAK-3474
2016-12-01 07:51:07 +01:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
Ramon Gebben
e5ce080fd3 Update with PR feedback 2016-11-29 09:49:58 +01:00
sebastienblanc
df93244373 keep orignal API 2016-11-26 09:30:27 +01:00
sebastienblanc
0f447fadd4 KEYCLOAK-3725: return Unauthorized when accessing bearer only in interactive mode 2016-11-25 11:59:52 +01:00
Ramon Gebben
79825dfa1d Removed compare bug in checkState function 2016-11-25 11:45:40 +01:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
Pedro Igor
9b2ef96b22 [KEYCLOAK-3830] - Allow to configure enforcement-mode to a path definition 2016-11-17 20:50:28 -02:00
Pedro Igor
44ee53b0d8 [KEYCLOAK-3830] - Only enforce permissions when there is a KeycloakSecurityContext. 2016-11-17 20:50:17 -02:00
Stian Thorgersen
65136fabdd Merge pull request #3486 from hmlnarik/KEYCLOAK-3488
KEYCLOAK-3488 Fix typo in SamlPrincipal
2016-11-16 12:21:50 +01:00
Hynek Mlnarik
43002f7a8a KEYCLOAK-3488 Fix typo 2016-11-09 15:11:45 +01:00
Hynek Mlnarik
025cf5ebaf KEYCLOAK-3870 Schema for keycloak-saml.xml
Updated schema schema for keycloak-saml.xml (added documentation, set
up enumeration instead of free string where applicable per documentation)
and updated existing keycloak-saml.xml files with schema reference.
2016-11-09 10:45:43 +01:00
Stian Thorgersen
292777259e Merge pull request #3472 from hmlnarik/KEYCLOAK-1881-saml-key-rotation
Keycloak 1881 - SAML key/cert rotation for IdP
2016-11-08 07:56:25 +01:00
Stian Thorgersen
ef48594d85 Merge pull request #3470 from sebastienblanc/KEYCLOAK-3548
KEYCLOAK-3548 : Send 401 when no keycloak.json for EAP6/AS7 Adapter
2016-11-08 07:37:00 +01:00
Stian Thorgersen
5b54375490 Merge pull request #3468 from sebastienblanc/KEYCLOAK-3514
KEYCLOAK-3514 : fix servlet logout on bearer-only client
2016-11-08 07:35:44 +01:00
Hynek Mlnarik
570d71c07b KEYCLOAK-1881 Update client adapter configuration
Client adapter configuration was updated to support for customization
of HttpClient used for key retrieval similarly to OIDC. Further, it is
now possible to specify several static public keys for signature
verification in saml-client.xml.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
10deac0b06 KEYCLOAK-1881 KeyLocator implementation for SAML descriptor 2016-11-04 21:53:43 +01:00
Hynek Mlnarik
057cc37b60 KEYCLOAK-1881 Clone OIDC adapter HttpClient tools to SAML adapter
and
KEYCLOAK-1881 Extract httpclient configuration from AdapterConfig
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
sebastien blanc
76c37de1e8 KEYCLOAK-3545: Send 401 if no kc configuration in EAP6/AS7 2016-11-03 15:39:02 +01:00
sebastien blanc
d98c375495 KEYCLOAK-3514 : Don't call logout for bearer-only client 2016-11-02 11:39:37 +01:00
Pedro Igor
44977207e3 Merge pull request #3402 from brewers/feature/js-entitlement-request
KEYCLOAK-3777: Add client api for requesting entitlements with permission requests
2016-11-02 07:15:02 -02:00
Stian Thorgersen
3ea555bae6 Merge pull request #3443 from stianst/KEYCLOAK-3606
KEYCLOAK-3606
2016-10-28 11:51:21 +02:00
Stian Thorgersen
5f58c96258 KEYCLOAK-3606
keycloak.js calls localStorage.key(localStorage.length) indirectly
2016-10-28 10:05:57 +02:00
Stian Thorgersen
4cc44bc174 Merge pull request #3420 from bdalenoord/master
KEYCLOAK-3807: Calling 'setHandler' is forbidden
2016-10-28 06:45:47 +02:00
Stian Thorgersen
3e5f490882 Merge pull request #3424 from sebastienblanc/KEYCLOAK-3669
KEYCLOAK-3669: Fix Tomcat Adapter for 8.5.5
2016-10-28 06:45:01 +02:00
sebastien blanc
621d234adc renaming fields to align with json names 2016-10-27 16:16:30 +02:00
sebastien blanc
1c2f49ab4e KEYCLOAK-3669: Fix Tomcat Adapter for 8.5.5 2016-10-25 16:27:41 +02:00
Bas Dalenoord
859c5cbe1e KEYCLOAK-3807: Use 'setSecurityHandler';
'insertHandler' is a method introduced in Jetty 9, Jetty 8 should
however be supported so 'setSecurityHandler' does the same thing but
works for both 8.x and 9.x;
2016-10-25 13:59:07 +02:00
Bas Dalenoord
f3df185bb5 KEYCLOAK-3807: Calling 'setHandler' is forbidden
Use 'insertHandler' as suggested in the 'setHandler's log warning.
2016-10-25 09:14:03 +02:00
Matej Lazar
036407fd90 Fix type in exception message. 2016-10-21 12:59:59 +02:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Stian Thorgersen
1a4f9e656d Merge pull request #3398 from stianst/KEYCLOAK-3774
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redir…
2016-10-21 06:34:43 +02:00
Stian Thorgersen
9801f09a93 KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redirect_uri 2016-10-20 21:31:25 +02:00
Cherian Mathew
94d4afa11c Refactor entitlement request argument name 2016-10-20 17:24:41 +02:00
Cherian Mathew
d7d91cfbc0 Add client api for requesting entitlements with permission requests 2016-10-20 17:09:41 +02:00
Pulkit Gupta
8e9db1be96 fixed null pointer exception when principal is null 2016-10-20 13:39:04 +05:30
Marek Posolda
9f5acccc4f Merge pull request #3384 from mposolda/master
KEYCLOAK-3753 Deploying app secured with OIDC to EAP6 results with Error
2016-10-20 08:32:58 +02:00
Stian Thorgersen
e39d28517c Merge pull request #3381 from raehalme/KEYCLOAK-3755-master
KEYCLOAK-3755: isBearerTokenRequest and isBasicAuthRequest are now case-insensitive
2016-10-20 07:12:27 +02:00
Bill Burke
06c08a9cff Merge pull request #3249 from gautric/master
KEYCLOAK-3602 - NPE into SAML DeploymentBuilder build
2016-10-19 20:08:16 -04:00
mposolda
7f825eb415 KEYCLOAK-3753 Deploying app secured with OIDC to EAP6 results with Error 2016-10-19 21:45:35 +02:00
Stian Thorgersen
af5e8f7b09 Merge pull request #3376 from stianst/KEYCLOAK-1862
KEYCLOAK-1862
2016-10-19 19:27:29 +02:00
Pedro Igor
7dee39bbaa Merge pull request #3302 from brewers/master
KEYCLOAK-3703 Fix entitlement function call in authorization
2016-10-19 14:47:32 -02:00
Thomas Raehalme
e8ce9704c1 isBearerTokenRequest and isBasicAuthRequest is now case-insensitive. 2016-10-19 19:41:59 +03:00
Stian Thorgersen
61fa152e62 Merge pull request #3277 from ahus1/KEYCLOAK-2977-spring-cloud-rebinder-fix
KEYCLOAK-2977: fix re-binding problem with spring-cloud
2016-10-19 17:32:40 +02:00
Stian Thorgersen
7f04dd20b3 KEYCLOAK-1862 2016-10-19 17:28:22 +02:00
Stian Thorgersen
bd8e435164 KEYCLOAK-3625 Fix url 2016-10-19 17:07:01 +02:00
Alexander Schwartz
c2692cc0ac KEYCLOAK-2977: fix re-binding problem with spring-cloud 2016-10-19 16:07:28 +02:00
Stian Thorgersen
1b24d2edd8 KEYCLOAK-3625 More work on the issue 2016-10-19 14:21:50 +02:00
sebastien blanc
32df5225cf add check on list size 2016-10-19 14:21:41 +02:00
sebastien blanc
116f5f5795 KEYCLOAK-3625: conform to oidc specs 2016-10-19 14:21:41 +02:00
emilienbondu
0d3a50411e Move licence at the top of the file. 2016-10-19 09:57:07 +02:00
Stian Thorgersen
9193142bb9 Merge pull request #3305 from sebastienblanc/KEYCLOAK-3683
KEYCLOAK-3683: Remove trustore and trustore-password check
2016-10-17 19:39:02 +02:00
Stian Thorgersen
144898c0d2 Merge pull request #3262 from vramik/KEYCLOAK-3615
KEYCLOAK-3615 Resolve warnings while building the effective model
2016-10-17 19:09:30 +02:00
emilienbondu
3bed84d712 fix bug https://issues.jboss.org/browse/KEYCLOAK-3474 2016-10-17 14:42:46 +02:00
Hynek Mlnarik
4a19d4cdc1 KEYCLOAK-3664 Fix for NPE in subsystem when secure-deployment is undefined for a particular deployment 2016-10-17 09:19:44 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
sebastienblanc
f5a5fc3458 KEYCLOAK-3683: Remove trustore and trustore-password check 2016-10-11 15:19:31 +02:00
Cherian Mathew
ac245d3c4b Fix entitlement function call in authorization 2016-10-09 11:19:02 +02:00
mposolda
a60dd48300 KEYCLOAK-3646 Missing attributes in AS7 adapter subsystem 2016-10-04 08:30:35 +02:00
mposolda
d71fadabeb KEYCLOAK-3634 Allow adapter subsystem to just inject dependencies 2016-10-03 17:38:41 +02:00
mposolda
7447ca7b58 KEYCLOAK-3564 Added token-minimum-time-to-live and min-time-between-jwks-requests to adapter subsystem 2016-10-03 16:06:45 +02:00
Bill Burke
d4c3fae546 merge conflicts 2016-09-30 19:19:12 -04:00