libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
8755 commits 4 branches 5 tags 480 MiB
Commit graph

2049 commits

Author SHA1 Message Date
Stian Thorgersen
c6ac3266f0 KEYCLOAK-3641 Clicking an invalid verification link due to re-send removes the email verification key from the session 2016-10-27 16:16:52 +02:00
Stian Thorgersen
ab72b2b141 KEYCLOAK-3331 Reset password leads to 400 bad request when link is opened in a different browser session 2016-10-27 16:04:45 +02:00
Bill Burke
73e3f2a89b REST API for disable cred type 2016-10-26 15:48:45 -04:00
Bill Burke
68e853b4bd Merge remote-tracking branch 'upstream/master' 2016-10-25 13:40:32 -04:00
Bill Burke
b67cb0e97a Merge remote-tracking branch 'upstream/master' 2016-10-25 11:44:22 -04:00
Stian Thorgersen
4b27e66714 KEYCLOAK-3782 Keysize for rsa-generated should be a dropdown 2016-10-25 08:52:02 +02:00
Bill Burke
3e28ac1e46 user spi cache policy 2016-10-24 15:36:37 -04:00
hassaneinaltememyictu
a119a46495 grant the new role from the saml token if it exist 
grant the user with the new role from the saml token if it is a realm role in keycloak
 2016-10-24 17:17:22 +02:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master 
Bump version
 2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Stian Thorgersen
1a4f9e656d Merge pull request #3398 from stianst/KEYCLOAK-3774 
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redir…
 2016-10-21 06:34:43 +02:00
Stian Thorgersen
9801f09a93 KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redirect_uri 2016-10-20 21:31:25 +02:00
Stian Thorgersen
5a00aaefa8 KEYCLOAK-2594 
bind credential being leaked in admin tool JSON response

KEYCLOAK-2972
Keycloak leaks configuration passwords in Admin Event logs
 2016-10-20 19:30:59 +02:00
Stian Thorgersen
1bf24d26a4 Merge pull request #3395 from stianst/master 
KEYCLOAK-3772
 2016-10-20 19:27:03 +02:00
Stian Thorgersen
839c4e8ede KEYCLOAK-3772 
Login with Twitter is not working
 2016-10-20 15:05:07 +02:00
mposolda
072ccb5c61 KEYCLOAK-3770 OIDC registration with id_token grant type should set publicClient flag to true 2016-10-20 14:10:53 +02:00
Stian Thorgersen
dfc09b69a8 Merge pull request #3380 from stianst/KEYCLOAK-3364 
KEYCLOAK-3364 Fix for dns that ends with digit
 2016-10-20 06:24:50 +02:00
Stian Thorgersen
d2e0432afb Merge pull request #3389 from patriot1burke/master 
KEYCLOAK-3651
 2016-10-20 06:24:15 +02:00
Bill Burke
34d80c9083 KEYCLOAK-3651 2016-10-19 20:28:33 -04:00
Bill Burke
9f00f693c6 Merge pull request #3387 from ssilvert/spelling-represenation 
KEYCLOAK-3496: Spelling Error in Admin GUI Documentation
 2016-10-19 19:59:41 -04:00
Stan Silvert
ad59cd618e Merge pull request #3383 from ssilvert/duplicate-fed-provider 
KEYCLOAK-2892: Bad error when create fed provider w/ same name.
 2016-10-19 16:40:58 -04:00
Stan Silvert
ac80f99e8c KEYCLOAK-3496: Spelling Error in Admin GUI Documentation 2016-10-19 16:33:59 -04:00
Bill Burke
cdf7dd3a6c Merge pull request #3372 from patriot1burke/master 
onCreate for Components
 2016-10-19 16:21:20 -04:00
Bill Burke
934ea1c33c KEYCLOAK-3562 2016-10-19 14:01:21 -04:00
Stan Silvert
9d098e9068 KEYCLOAK-2892: Bad error when create fed provider w/ same name. 2016-10-19 13:32:28 -04:00
Stian Thorgersen
ffce2023c0 KEYCLOAK-3364 Fix for dns that ends with digit 2016-10-19 18:41:43 +02:00
mposolda
3779bfb6b4 KEYCLOAK-3666 client registration policies - polishing 2016-10-19 17:45:23 +02:00
mposolda
964cd50f1d KEYCLOAK-3666 Added client reg policies for maxClients and clientDisabled 2016-10-19 17:45:23 +02:00
Stian Thorgersen
36c367a3bc Merge pull request #3369 from stianst/KEYCLOAK-3625 
KEYCLOAK-3625
 2016-10-19 15:56:57 +02:00
Stian Thorgersen
1b24d2edd8 KEYCLOAK-3625 More work on the issue 2016-10-19 14:21:50 +02:00
Stian Thorgersen
bbc1d26b72 Merge pull request #3367 from stianst/KEYCLOAK-3745 
KEYCLOAK-3745 Change attributes in user rep
 2016-10-19 14:01:39 +02:00
Stian Thorgersen
4efe12cb93 KEYCLOAK-3745 Change attributes in user rep 2016-10-19 12:15:13 +02:00
Stian Thorgersen
f2f508ac2e Merge pull request #3357 from stianst/KEYCLOAK-3107 
KEYCLOAK-3017 Expose Location header in cors request to admin endpoint
 2016-10-19 08:45:18 +02:00
Stian Thorgersen
13220e1d38 Merge pull request #3355 from stianst/KEYCLOAK-2699 
KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport
 2016-10-19 07:35:54 +02:00
Stian Thorgersen
116027bd7b Merge pull request #3354 from stianst/KEYCLOAK-2488 
KEYCLOAK-2488 Token introspection returns wrong response for invalid …
 2016-10-19 07:33:25 +02:00
Stian Thorgersen
a33997976f KEYCLOAK-3017 Expose Location header in cors request to admin endpoint 2016-10-18 21:27:46 +02:00
Stian Thorgersen
0a8d1e28f1 KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport 2016-10-18 20:31:51 +02:00
Stian Thorgersen
29538332d9 KEYCLOAK-2488 Token introspection returns wrong response for invalid token 2016-10-18 20:28:14 +02:00
Bill Burke
d941e07169 Merge pull request #3350 from patriot1burke/master 
federated import/export to json
 2016-10-18 14:15:25 -04:00
Stian Thorgersen
e41d11877f Merge pull request #3349 from stianst/KEYCLOAK-2741 
KEYCLOAK-2741
 2016-10-18 19:39:54 +02:00
mposolda
b62e6e2751 KEYCLOAK-3653 CORS headers not sent in certs endpoint 2016-10-18 16:57:06 +02:00
Stian Thorgersen
74dad004e3 KEYCLOAK-2741 
Don't remove KEYCLOAK_REMEMBERME cookie when sso session expires.
 2016-10-18 16:14:36 +02:00
Bill Burke
2199df71bf Merge remote-tracking branch 'upstream/master' 2016-10-18 10:14:00 -04:00
Bill Burke
4182e4d92a federated import/export 2016-10-18 10:13:51 -04:00
Marek Posolda
3986ce2ce0 Merge pull request #3345 from mposolda/master 
KEYCLOAK-3499 Fixes in OIDCProtocolMapper support for includeInUserInfo
 2016-10-18 14:28:29 +02:00
Stian Thorgersen
4b56743788 Merge pull request #3343 from stianst/KEYCLOAK-2884 
KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()
 2016-10-18 14:08:50 +02:00
mposolda
a7287aad36 KEYCLOAK-3499 More fixes for IncludeInUserInfo. Fixing tests and migration 2016-10-18 13:09:30 +02:00
Thomas Darimont
c3b577de11 KEYCLOAK-3499 Revise OIDCProtocolMapper support 
Moved methods `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken` to the `AbstractOIDCProtocolMapper` base class
in order to reduce code duplication.
Previously every mapper implemented at least one or two of those
methods with exactly the same code.
Having those methods in the base class ensures that the code is the
same for all mappers. Since the mentioned methods are declared
on the `OIDCIDTokenMapper`, `OIDCAccessTokenMapper` and `UserInfoTokenMapper`
interfaces `AbstractOIDCProtocolMapper` implementations can now choose
how they should be handled by the `TokenManager`
by implementing the desired set of interfaces `*TokenMapper`-interfaces.

I think this provides a good balance between ease of use, reduced code duplication
and ensured backwards compatiblity.
Existing protocol mapper implementations will still work since they just implement
their own logic for `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken`.

The "claim" information provided by a `ProtocolMapper` to a `*Token` can now
be provided by overriding the `AbstractOIDCProtocolMapper.setClaim` method.

Adapted all eligible ProtocolMapper implementations within the
`org.keycloak.protocol.oidc.mappers` package accordingly.
 2016-10-18 13:09:30 +02:00
Stian Thorgersen
e157a60a23 KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication() 2016-10-18 09:01:24 +02:00
Marek Posolda
2fd680092a Merge pull request #3336 from mposolda/master 
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for …
 2016-10-18 08:33:26 +02:00
mposolda
00879b39b7 KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue 2016-10-17 21:34:21 +02:00
Stian Thorgersen
77499be8d2 KEYCLOAK-3728 
Disable script based authenticator in product profile
 2016-10-17 21:16:51 +02:00
Stian Thorgersen
64339aaca7 Merge pull request #3317 from stianst/KEY-ROTATION 
Updated labels for java keystore provider config
 2016-10-17 19:39:47 +02:00
Stian Thorgersen
2ed6067de0 Merge pull request #3290 from hmlnarik/KEYCLOAK-3655 
KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow
 2016-10-17 19:31:43 +02:00
Stian Thorgersen
d22f45f0d2 Merge pull request #3335 from stianst/KEYCLOAK-3635 
KEYCLOAK-3635 Not possible to filter debug/trace logging
 2016-10-17 18:50:10 +02:00
Stian Thorgersen
b320eb8fc7 KEYCLOAK-3635 Not possible to filter debug/trace logging 2016-10-17 16:12:14 +02:00
Geir Ole Hiåsen Stevning
95f62c6aeb KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent 2016-10-17 13:53:12 +02:00
mposolda
5732b2c58f KEYCLOAK-3716 Unable to start Keycloak on wildfly 2016-10-17 12:22:33 +02:00
mposolda
18e0c0277f KEYCLOAK-3666 Dynamic client registration policies 2016-10-14 20:20:40 +02:00
Bill Burke
1c0abbd722 Merge pull request #3315 from patriot1burke/master 
import and sync spi
 2016-10-14 10:12:42 -04:00
Stian Thorgersen
422805b511 Updated labels for java keystore provider config 2016-10-14 10:36:17 +02:00
Bill Burke
8c8a39c833 sync and import 2016-10-13 20:49:02 -04:00
Bill Burke
0938390654 sync and import 2016-10-13 20:38:49 -04:00
Stian Thorgersen
4e245d428c KEYCLOAK-905 More testing 2016-10-13 20:44:33 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905 
Realm key rotation for OIDC
 2016-10-13 11:19:52 +02:00
Bill Burke
fbaa731dfa import spi 2016-10-11 18:33:59 -04:00
Bill Burke
db05dc6ee4 KEYCLOAK-3671 2016-10-06 15:02:15 -04:00
Bill Burke
fbb65fa072 KEYCLOAK-3671 2016-10-06 14:56:02 -04:00
Bill Burke
74325fe133 initial sync/import spi 2016-10-06 14:48:53 -04:00
Hynek Mlnarik
cfbc9cf14b KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow 2016-10-05 13:57:02 +02:00
Bill Burke
c5600e888d revactor CredentialValidationOutput apis 2016-10-04 17:26:45 -04:00
Bill Burke
4af0976194 remove UserCredValueModel and hold hash providers 2016-10-04 12:34:15 -04:00
mposolda
bc916a1909 KEYCLOAK-3564 Update demo examples with public key rotation 2016-10-04 14:05:01 +02:00
mposolda
0f9798a10d KEYCLOAK-3493 KEYCLOAK-3532 Renamed KeyStorageProvider to PublicKeyStorageProvider 2016-10-03 15:23:50 +02:00
Thomas Darimont
c852d6d817 KEYCLOAK-3642 Favor StreamUtil over IOUTils in ScriptBasedAuthenticatorFactory 
The dependency on commons-io through the use of IOUtils in
ScriptBasedAuthenticatorFactory resulted in
NoClassDefFoundError org/apache/commons/io/IOUtils when building the
keycloak-distribution.

We now use the StreamUtil from keycloak-common to avoid this dependency.
 2016-10-03 13:33:53 +02:00
Bill Burke
d4c3fae546 merge conflicts 2016-09-30 19:19:12 -04:00
Bill Burke
6a4e413bf4 final mongo fixes 2016-09-30 19:08:34 -04:00
mposolda
f9a0abcfc4 KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url. 2016-09-30 21:28:23 +02:00
Stian Thorgersen
5d34b7e682 Merge pull request #3189 from thomasdarimont/issue/KEYCLOAK-3491-revise-scripting-support 
KEYCLOAK-3491 Revise Scripting Support
 2016-09-29 10:12:15 +02:00
Bill Burke
8967ca4066 refactor mongo entities, optimize imports 2016-09-28 15:25:39 -04:00
Stian Thorgersen
34f62eb31d Fixes to [KEYCLOAK-2438] PR 2016-09-28 10:25:37 +02:00
Bruno Oliveira
98d2fe15e8 [KEYCLOAK-2438] - Add display name to social login buttons 
[KEYCLOAK-3291] - Names of social identity providers are wrongly capitalized (eg GitHub vs Github)
 2016-09-26 13:36:28 -03:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
Stian Thorgersen
033d1f564a KEYCLOAK-2756 
Renaming a realm breaks down the Clients
 2016-09-26 10:11:28 +02:00
Bill Burke
27e86e36c4 Merge remote-tracking branch 'upstream/master' 2016-09-23 16:50:16 -04:00
Bill Burke
ff1326fe35 authenticator example updated 2016-09-23 16:50:08 -04:00
Marek Posolda
5fc7149aac Merge pull request #3257 from mposolda/pairwise 
KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring
 2016-09-23 20:58:51 +02:00
Bill Burke
a1bcd0651d fixes 2016-09-23 10:38:49 -04:00
Marek Posolda
22aaa4cb52 Merge pull request #3237 from brat000012001/kc-iss-3505 
KEYCLOAK-3505: updated the oidc user attribute mapper used to map oid…
 2016-09-23 15:38:20 +02:00
mposolda
04f05c0cd1 KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring 2016-09-23 15:29:13 +02:00
Bill Burke
8e65356891 creds 2016-09-22 19:57:39 -04:00
Bill Burke
7209a95dce credential refactoring 2016-09-22 08:34:45 -04:00
Thomas Darimont
8e113384aa KEYCLOAK-3491 Revise Scripting Support 
Refactored the scripting infrastructure and added documentation.
Added tests and an authenticator template in JavaScript for a quickstart.
Increased height of ace code editor to 600px to avoid scrolling.
 2016-09-20 14:33:39 +02:00
Stian Thorgersen
4977527f60 Merge pull request #3239 from stianst/SERVER-PROFILE 
KEYCLOAK-3579 Add ability to define profiles
 2016-09-20 10:39:05 +02:00
Stian Thorgersen
992268a8e6 KEYCLOAK-3579 Add ability to define profiles 2016-09-20 08:41:23 +02:00
Stian Thorgersen
44c47431a1 Merge pull request #3233 from betovieirasilva/master-KEYCLOAK-LoginUsername 
[PULL-REQUEST-3181 & PULL-REQUEST-3233] Username is not displayed on the login screen with that email
 2016-09-16 09:23:26 +02:00
Peter Nalyvayko
0348e427de KEYCLOAK-3505: cosmetic coding style changes 2016-09-15 15:42:09 -04:00
Peter Nalyvayko
b97908fb02 KEYCLOAK-3505: updated the oidc user attribute mapper used to map oidc broker claims to map the claims from userinfo claim set 2016-09-15 11:11:58 -04:00
Gilberto Vieira da Silva
6d5dc673d4 When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field. 
Conflicts:
	services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java

[PULL-REQUEST-3181]
 2016-09-13 18:56:25 -03:00
Gilberto Vieira da Silva
55e07bcde2 Reverted to appli to branch master-KEYCLOAK-LoginUsername 2016-09-13 18:52:16 -03:00
Gilberto Vieira da Silva
cb1b34eee5 When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field. 
Conflicts:
	services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
 2016-09-13 18:21:04 -03:00
Martin Hardselius
04d03452bd KEYCLOAK-3422 support pairwise subject identifier in oidc 2016-09-13 09:18:45 +02:00
mposolda
bf6246f5c1 KEYCLOAK-905 Realm keys rotation support on adapters 2016-09-12 21:24:04 +02:00
Stian Thorgersen
1630b9a20c Merge pull request #3220 from abstractj/KEYCLOAK-3535 
KEYCLOAK-3535 - Check if SSSD is available via DBUS
 2016-09-09 08:15:11 +02:00
Stian Thorgersen
65befb16fd Merge pull request #3219 from pedroigor/KEYCLOAK-3534 
[KEYCLOAK-3534] - Authorization tab appears too soon in admin console
 2016-09-09 08:14:03 +02:00
Stian Thorgersen
e8f99a2109 Merge pull request #3221 from patriot1burke/master 
KEYCLOAK-3423
 2016-09-09 07:45:53 +02:00
Pedro Igor
7af16fc747 [KEYCLOAK-3534] - Authorization tab appears too soon in admin console 2016-09-09 01:03:09 -03:00
Bill Burke
84f5c0926b KEYCLOAK-3423 2016-09-08 16:47:06 -04:00
Bruno Oliveira
11245701d2 Check if SSSD is available via DBUS 2016-09-08 16:01:45 -03:00
Bill Burke
2a5c778af5 Merge pull request #3209 from patriot1burke/master 
KEYCLOAK-3440
 2016-09-08 09:10:54 -04:00
Stian Thorgersen
36bb94afb8 Environment dependent provider 2016-09-08 07:40:19 -03:00
Marek Posolda
76e1160b36 Merge pull request #3210 from mposolda/master 
KEYCLOAK-3537 Username not shown when validation error on Account pro…
 2016-09-08 10:04:38 +02:00
Stian Thorgersen
f726caea9b Merge pull request #3205 from stianst/KEYCLOAK-3342 
KEYCLOAK-3342 Add Identity Provider authenticator
 2016-09-08 08:40:32 +02:00
mposolda
16282aeb7b KEYCLOAK-3537 Username not shown when validation error on Account profile page 2016-09-08 08:36:39 +02:00
Stian Thorgersen
d2c546bdc2 Merge pull request #3201 from pedroigor/KEYCLOAK-3129 
[KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest
 2016-09-08 08:03:40 +02:00
Stian Thorgersen
7c292b1213 KEYCLOAK-3342 Add Identity Provider authenticator 2016-09-08 07:20:35 +02:00
Bill Burke
3b9a6b32e1 Revert "Revert "KEYCLOAK-3440"" 
This reverts commit 01e48dc4b8.
 2016-09-07 23:41:32 -04:00
Bill Burke
01e48dc4b8 Revert "KEYCLOAK-3440" 2016-09-07 23:17:35 -04:00
Bill Burke
3f35234cf5 Merge remote-tracking branch 'upstream/master' 2016-09-07 23:11:38 -04:00
Bill Burke
da135389c7 KEYCLOAK-3440 2016-09-07 23:11:28 -04:00
mposolda
5a015a6518 KEYCLOAK-3494 Input elements backed by user attributes fail to update in themes 2016-09-07 20:08:09 +02:00
Pedro Igor
517413d38e [KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest 2016-09-06 17:32:37 -03:00
Bill Burke
15d31a202f Merge remote-tracking branch 'upstream/master' 2016-09-06 08:56:17 -04:00
Bill Burke
6714c1a136 cred refactor 2016-09-06 08:55:47 -04:00
mposolda
8c5b1e4892 KEYCLOAK-3525 Validation callback when creating/updating protocolMapper 2016-09-06 07:15:27 +02:00
mposolda
03c05bd72b KEYCLOAK-2957 IdpEmailVerificationAuthenticator should setEmailVerified to true after successfuly link user by email verification 2016-09-05 18:04:24 +02:00
mposolda
a24a43c4be KEYCLOAK-3349 Support for 'request' and 'request_uri' parameters 2016-09-02 20:20:38 +02:00
Vaclav Muzikar
1b085d3e13 KEYCLOAK-3421 Validation for URI fragments in redirect_uri 2016-08-31 13:07:33 +02:00
mposolda
02f28a7e8e KEYCLOAK-3416 Add support for signed Userinfo requests 2016-08-30 20:21:04 +02:00
Stian Thorgersen
5a4bb5f3f0 Merge pull request #3168 from stianst/master 
KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer
 2016-08-30 09:47:31 +02:00
mposolda
f4aee129e4 KEYCLOAK-3424 Issuer or token-endpoint as audience in signed JWT 2016-08-29 14:43:35 +02:00
mposolda
a7f9a6e095 KEYCLOAK-3424 Support for import from public key 2016-08-29 14:43:29 +02:00
Stian Thorgersen
4f51b7b34c KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer 2016-08-29 09:21:22 +02:00
Stian Thorgersen
2a29f2a9c6 Merge pull request #3151 from ssilvert/dmr-server-config 
KEYCLOAK-3196: Use WildFly management model for server configuration.
 2016-08-26 13:44:45 +02:00
Marek Posolda
d138b19adb Merge pull request #3142 from vmuzikar/KEYCLOAK-3429 
KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components
 2016-08-24 09:53:29 +02:00
Stan Silvert
3abcf713e5 KEYCLOAK-3196: Test need ability to load keycloak-server.json from 
/META-INF
 2016-08-23 11:27:06 -04:00
Stan Silvert
e4d97485ec KEYCLOAK-3196: Create master cli script for server-subsystem. 2016-08-23 11:27:04 -04:00
Stan Silvert
3493aa4ab7 KEYCLOAK-3196: Use WildFly management model for server configuration. 2016-08-23 11:26:56 -04:00
Stian Thorgersen
c522a20ab9 KEYCLOAK-3447 Manual upgrade of database schema 2016-08-22 10:22:08 +02:00
Pedro Igor
4cd0a8e894 [KEYCLOAK-3377] - Add pagination to authorization UI 2016-08-18 13:29:54 -03:00
Pedro Igor
a8d2b810cf [KEYCLOAK-3144] - Add authorization settings when exporting/importing a realm. 2016-08-15 10:35:28 -03:00
mposolda
2cba13db9c KEYCLOAK-3424 Possibility to import JWK key through admin console 2016-08-12 15:51:14 +02:00
mposolda
3eb9134e02 KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint 2016-08-12 15:51:14 +02:00
Vaclav Muzikar
b7f2e0b5ff KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components 2016-08-12 14:02:17 +02:00
Pedro Igor
27187c11f1 Merge pull request #3138 from pedroigor/KEYCLOAK-3428 
[KEYCLOAK-3428] - Removing scope policies in case the resource does not match
 2016-08-11 14:59:20 -03:00
Pedro Igor
0030df060b [KEYCLOAK-3428] - Removing scope policies in case the resource does not match 2016-08-11 14:58:14 -03:00
Marek Posolda
f6f587e472 Merge pull request #3137 from thomasdarimont/issue/KEYCLOAK-3412-remove-unused-adminEventBuilder-error-method 
KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method
 2016-08-11 17:41:04 +02:00
Thomas Darimont
e0d70a35d6 KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method 
Wasn't used within the Keycloak codebase and wouldn't have worked either
since the OperationType lookup would always fail since there are no
"_ERROR" operation types.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
 2016-08-11 16:10:49 +02:00
mposolda
0520d465c1 KEYCLOAK-3414 Support for client registration from trusted hosts 2016-08-11 15:55:32 +02:00
mposolda
a8fb988e31 KEYCLOAK-3406 OIDC dynamic client registrations specs fixes 2016-08-11 15:54:51 +02:00
mposolda
d52e043322 Set version to 2.2.0-SNAPSHOT 2016-08-10 08:57:18 +02:00
Marek Posolda
26bc07b2c4 Merge pull request #3126 from pedroigor/KEYCLOAK-3398 
[KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand
 2016-08-10 06:50:51 +02:00
Pedro Igor
70eb27ec83 [KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand 2016-08-09 21:56:29 -03:00
Bill Burke
530870f05e realm components import/export 2016-08-09 15:06:29 -04:00
Bill Burke
ff703f935f component export/import 2016-08-09 12:25:04 -04:00
Bill Burke
f838c697d1 Merge remote-tracking branch 'upstream/master' 2016-08-08 16:04:16 -04:00
Bill Burke
83306963e8 jta transaction abstraction 2016-08-08 12:32:36 -04:00
mposolda
65e2f127c9 KEYCLOAK-3400 OIDC request with missing response_type should respond with error 2016-08-08 16:11:50 +02:00
mposolda
9be6777685 KEYCLOAK-2169 KEYCLOAK-3286 Support for at_hash and c_hash 2016-08-08 10:57:44 +02:00
Bill Burke
f14f303dfe Merge remote-tracking branch 'upstream/master' 2016-08-07 11:50:44 -04:00
Bill Burke
33d7d89ad9 provider hot deployment 2016-08-07 11:41:52 -04:00
Marek Posolda
65c49c39f4 Merge pull request #3114 from mposolda/master 
KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected …
 2016-08-05 16:45:56 +02:00
mposolda
e0a59baaf2 KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected unless using the code flow. Started responseType tests 2016-08-05 15:05:26 +02:00
Thomas Darimont
e49afb2d83 KEYCLOAK-3142 - Revised according to codereview 
Liquibase Moved schema evolution configuration from jpa-changelog-2.1.0
to jpa-changelog-2.2.0.
Corrected wrong ResourceType references in tests.
Adapted AdminEvents copy-routines to be aware of resourceType attribute.
Added ResourceType enum to exposed ENUMS of ServerInfoAdminResource.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
 2016-08-05 00:01:03 +02:00
Thomas Darimont
586f6eeece KEYCLOAK-3142 - Capture ResourceType that triggers an AdminEvent 
Introduced new ResourceType enum for AdminEvents which lists
the current supported ResourceTypes for which AdminEvents
can be fired.

Previously it was difficult for custom EventListeners to figure
out which ResourceType triggered an AdminEvent in order
to handle it appropriately, effectively forcing users to parse
the representation.
Having dedicated resource types as a marker on an AdminEvent helps
to ease custom EventListener code.

We now also allow filtering of admin events by ResourceType in the
admin-console.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
 2016-08-04 11:30:02 +02:00
Bill Burke
534ee2e50c Merge remote-tracking branch 'upstream/master' 2016-08-03 19:16:45 -04:00
Bill Burke
70722d0d3d user storage provider jpa example 2016-08-03 19:16:11 -04:00
Bill Burke
7f08717dfb Merge pull request #3105 from patriot1burke/master 
component model
 2016-08-02 09:28:55 -04:00
Bill Burke
e3aec098a2 Merge pull request #3064 from cainj13/oneSamlAttributeStatement 
SamlProtocol should only drop attributes into a single attributeStatement
 2016-08-02 07:14:08 -04:00
Bill Burke
17e75950fe more fixes 2016-08-02 06:56:22 -04:00
Bill Burke
1c75b03e59 props 2016-08-02 06:50:13 -04:00
Bill Burke
1d695237b7 fix 2016-08-02 05:49:50 +02:00
Bill Burke
09693eb108 component model 2016-08-02 05:48:57 +02:00
Pedro Igor
ae1a7542d8 [KEYCLOAK-3385] - Improvements to evaluation tool UI and result 2016-08-01 18:01:24 -03:00
Bill Burke
a8a77add39 fix 2016-08-01 12:07:02 -04:00
Bill Burke
5facec73e4 Merge remote-tracking branch 'upstream/master' 2016-08-01 11:19:09 -04:00
Bill Burke
91a267a0d8 component model 2016-08-01 11:18:58 -04:00
Marek Posolda
0d99b797b6 Merge pull request #3068 from mstruk/KEYCLOAK-2981-m 
KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys
 2016-08-01 11:20:55 +02:00
Marek Posolda
159b752fb0 Merge pull request #3085 from pedroigor/master 
[KEYCLOAK-3376] - Show authorization data when evaluating authorization requests
 2016-08-01 09:09:55 +02:00
Dmitry Telegin
fea277a7f5 KEYCLOAK-3369: Fire RealmPostCreateEvent 2016-08-01 01:00:50 +03:00
Pedro Igor
bd5b434894 [KEYCLOAK-3376] - Show authorization data when evaluating authorization requests 2016-07-29 22:09:17 -03:00
Pedro Igor
3c8ed8e3d8 [KEYCLOAK-3372] - Code cleanup 2016-07-29 05:18:38 -03:00
Pedro Igor
8cfa50f134 [KEYCLOAK-3338] More testing and improvements when importing role policies 2016-07-28 12:31:46 -03:00
Bill Burke
5d9fe09599 Merge pull request #3070 from mstruk/KEYCLOAK-2571 
KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired
 2016-07-28 07:23:32 -04:00
Bill Burke
2219cd363e Merge pull request #3079 from patriot1burke/master 
KEYCLOAK-3268
 2016-07-28 07:22:45 -04:00
Pedro Igor
7e1b97888a [KEYCLOAK-3338] - Adding client roles to role policy and UX improvements 2016-07-27 15:15:14 -03:00
Bill Burke
46b4bb0909 KEYCLOAK-3268 2016-07-27 09:28:48 -04:00
Marko Strukelj
59e0570cdf KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired 2016-07-26 21:32:57 +02:00
Marko Strukelj
94f583e935 KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys 2016-07-25 11:13:21 +02:00
Bill Burke
3973aed57d Merge pull request #2989 from thomasdarimont/issue/KEYCLOAK-3234-allow-restricting-mapper-for-userinfo 
KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint
 2016-07-22 17:54:00 -04:00
Josh Cain
535a0763fc put imports back, new IDE snuck a * in there. 2016-07-22 14:57:07 -05:00
Josh Cain
283581f920 SamlProtocol should only drop attributes into a single attributeStatement element 2016-07-22 14:49:48 -05:00
mposolda
01830fd7f3 KEYCLOAK-3319 More OIDC tests. Minor refactoring 2016-07-22 18:16:58 +02:00
mposolda
9169bcd88d KEYCLOAK-3354 request and request_uri not supported 2016-07-22 13:44:45 +02:00
mposolda
56e011dce4 KEYCLOAK-3318 Adapter support for prompt and max_age. Refactoring to not hardcode OIDC specifics to CookieAuthenticator 2016-07-21 18:19:53 +02:00
Pedro Igor
484d5d6e08 [KEYCLOAK-3313] - UI improvements and messages 2016-07-20 22:11:24 -03:00
mposolda
f4ddfe4a52 KEYCLOAK-3318 Support for prompt=login. More tests for prompt parameter 2016-07-20 21:27:38 +02:00
Bill Burke
6f92bac782 Merge pull request #3000 from tonswieb/master 
KEYCLOAK-3265 Support writing a NameIDType AttributeValue
 2016-07-20 11:23:18 -04:00
Stian Thorgersen
1b517a461e Merge pull request #3041 from stianst/KEYCLOAK-3302 
KEYCLOAK-3302 Allow logout with expired refresh token
 2016-07-19 08:03:52 +02:00
Marek Posolda
a6bdf81e6d Merge pull request #3040 from mposolda/master 
KEYCLOAK-3220 Added test for missing response_type
 2016-07-15 22:19:52 +02:00
Stian Thorgersen
e708c53730 KEYCLOAK-3302 Allow logout with expired refresh token 2016-07-15 12:56:31 +02:00
Stian Thorgersen
1ce17c459d Merge pull request #3039 from stianst/KEYCLOAK-3192 
KEYCLOAK-3192 Ignore disabled required action
 2016-07-15 10:38:49 +02:00
mposolda
fda0a79e27 KEYCLOAK-3237 Add scopes_supported to OIDC WellKnown endpoint 2016-07-15 09:47:09 +02:00
Stian Thorgersen
970c89dd6a KEYCLOAK-3192 Ignore disabled required action 2016-07-15 09:01:44 +02:00
mposolda
13a21e5fda KEYCLOAK-3220 Improve error handling on adapters 2016-07-14 23:56:46 +02:00
mposolda
dcc4ea3aea KEYCLOAK-3237 Change OIDC adapters to use scope=openid as required per specs 2016-07-14 23:56:46 +02:00
Pedro Igor
aacf2e9390 [KEYCLOAK-3137] - Review i18n for AuthZ Services 2016-07-14 13:54:37 -03:00
mposolda
ee3ac3fdaf KEYCLOAK-3223 Basic support for acr claim 2016-07-14 12:36:12 +02:00
Stian Thorgersen
4f1d83b9dc Merge pull request #3030 from stianst/KEYCLOAK-2824-2 
KEYCLOAK-2824 Password Policy SPI
 2016-07-14 10:12:25 +02:00
Stian Thorgersen
ea44b5888b KEYCLOAK-2824 Password Policy SPI 2016-07-14 07:20:30 +02:00
mposolda
abde62f369 KEYCLOAK-3220 redirect to client with error if possible 2016-07-13 20:57:43 +02:00
mposolda
38f89b93ff KEYCLOAK-3281 OIDC 'state' parameter is url-encoded twice when responseMode=form_post 2016-07-13 18:07:57 +02:00
mposolda
d5199501c7 KEYCLOAK-3219 Added claims info to OIDCWellKnownProvider. More tests 2016-07-13 10:17:45 +02:00
Stian Thorgersen
5b0980172d KEYCLOAK-3267 Fix identity broker login with brute force enabled 2016-07-12 15:21:00 +02:00
Stian Thorgersen
f97d0846ed Merge pull request #3010 from wadahiro/KEYCLOAK-3278 
KEYCLOAK-3278 Add support for any encoding property file in theme
 2016-07-12 10:34:34 +02:00
Stian Thorgersen
19e5ddeba5 Merge pull request #3015 from martin-kanis/master 
KEYCLOAK-3096 Remove leading/trailing spaces from username/email
 2016-07-12 10:03:55 +02:00
mposolda
039bb103c2 KEYCLOAK-3295 Kerberos authenticator changed during userFederationProvider update just if it was DISABLED 2016-07-11 15:52:49 +02:00
Martin Kanis
c67d834d39 KEYCLOAK-3096 Remove leading/trailing spaces from login 2016-07-09 18:35:51 +02:00
mposolda
629390dd4a KEYCLOAK-2986 Require either expiration or issuedAt for client authentication with signed JWT 2016-07-08 16:16:38 +02:00
mposolda
3bfd999590 KEYCLOAK-3222 extend WellKnown to return supported types of client authentications. More tests 2016-07-08 15:39:13 +02:00
Pedro Igor
80a67149af Merge pull request #3002 from pedroigor/KEYCLOAK-3249 
[KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE
 2016-07-08 09:16:51 -03:00
mposolda
c10a005997 KEYCLOAK-3290 UserInfoEndpoint error responses don't have correct statuses 2016-07-08 12:15:07 +02:00
mposolda
4dd28c0adf KEYCLOAK-3221 Tokens should be invalidated if an attempt to reuse code is made 2016-07-08 11:04:08 +02:00
Bill Burke
bdc57d57c1 Merge pull request #3008 from patriot1burke/master 
new User Fed SPI initial iteration
 2016-07-07 14:56:38 -04:00
Hiroyuki Wada
930b0d9ad7 KEYCLOAK-3278 Add support for any encoding property file in theme 2016-07-08 02:58:48 +09:00
mposolda
a7c9e71490 KEYCLOAK-3218 Support for max_age OIDC authRequest parameter and support for auth_time in IDToken 2016-07-07 17:04:32 +02:00
Bill Burke
0040d3fc3b Merge remote-tracking branch 'upstream/master' 2016-07-07 10:35:45 -04:00
Bill Burke
7e5a5f79cf fixes for new user fed spi 2016-07-07 10:35:35 -04:00
Marek Posolda
7a161cc8bb Merge pull request #3005 from mposolda/KEYCLOAK-3217 
KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request sec…
 2016-07-07 13:49:43 +02:00
Marek Posolda
c5e8a010dc Merge pull request #3004 from mposolda/KEYCLOAK-3147 
KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter
 2016-07-07 13:49:34 +02:00
mposolda
56e09bf189 KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter 2016-07-07 12:46:36 +02:00
mposolda
7aafbcd5d9 KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request secured with Bearer header 2016-07-07 12:28:25 +02:00
Pedro Igor
5ef65e837c [KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE 2016-07-06 09:39:56 -03:00
Stan Silvert
a231c1b31b RHSSO-296: Required Action "Configure Totp" should be "Configure OTP" 2016-07-05 15:07:52 -04:00
Ton Swieb
fed7339558 KEYCLOAK-3265 Support writing a NameIDType AttributeValue 2016-07-05 14:54:38 +02:00
Stian Thorgersen
7cfee80e58 KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header 2016-07-05 08:26:26 +02:00
Stian Thorgersen
435cdb6180 Merge pull request #2994 from wadahiro/KEYCLOAK-3259 
KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files
 2016-07-04 19:25:03 +02:00
Hiroyuki Wada
00cb0a798a KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files 2016-07-04 19:46:00 +09:00
Stan Silvert
d90a708ceb RHSSO-274: "Undefined" as auth flow execution 2016-07-01 10:25:14 -04:00
Stian Thorgersen
fa312fb3db Merge pull request #2979 from cainj13/localeNpeFix 
make locale retrieval null-safe
 2016-07-01 12:33:36 +02:00
Thomas Darimont
ce7e7ef1d7 KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint 
Client mappers can now be configured to be limited to the
userinfo endpoint. This allows to keep access-tokens lean
while providing extended user information on demand via the
userinfo endpoint.
 2016-07-01 11:35:19 +02:00
Bill Burke
a19469aba5 Merge remote-tracking branch 'upstream/master' 2016-06-30 17:18:17 -04:00
Bill Burke
b224917fc5 bump version 2016-06-30 17:17:53 -04:00
Bill Burke
3f1eecc4be Merge remote-tracking branch 'upstream/master' 2016-06-30 16:47:55 -04:00
Bill Burke
3ba3be877e fixes 2016-06-30 16:47:49 -04:00
Pedro Igor
01f3dddd91 Adding a column to list policies associated with a permission. 2016-06-30 10:26:05 -03:00
Pedro Igor
afa9471c7c [KEYCLOAK-3128] - Admin Client Authorization Endpoints 2016-06-30 10:26:05 -03:00
Bill Burke
a9f6948d74 Merge remote-tracking branch 'upstream/master' 2016-06-29 15:37:32 -04:00
Bill Burke
f51098c50b user fed refactor 2016-06-29 15:37:22 -04:00
Pedro Igor
8b0bf503c3 [KEYCLOAK-3172] - Migrating older versions with authorization services. 2016-06-29 12:07:49 -03:00