Andrei Arlou
b6a3fba6e3
KEYCLOAK-12568 Remove unused method from org.keycloak.saml.processing.core.saml.v2.factories.JBossSAMLAuthnResponseFactory
2020-01-14 13:21:29 +01:00
root
4cbe478129
Fix KEYCLOAK-10838, use bytesRead to make sure the output stream does not get padded with null bytes.
2020-01-14 13:20:10 +01:00
vramik
3b1bdb216a
KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem
2020-01-14 13:17:13 +01:00
Martin Kanis
e1f8e5d08c
KEYCLOAK-12462 Align to EAP 7.3.0.GA
2020-01-13 14:58:59 +01:00
mhajas
a79d6289de
KEYCLOAK-11416 Fix nil AttributeValue handling
2020-01-10 12:47:09 +01:00
vramik
a2b3747d0e
KEYCLOAK-7014 - Correctly handle null-values in UserAttributes
2020-01-10 12:44:52 +01:00
Martin Kanis
39fff1c538
KEYCLOAK-12513 Cannot instantiate WebAuthnCredentialProviderFactory with Jackson 2.10.0
2020-01-10 11:34:24 +01:00
Viswa Teja Nariboina
5082ed2fcb
[ KEYCLOAK-12606 ] Passing email in login_hint query parameter during Identity brokering fails when an account already exists
2020-01-09 10:40:42 +01:00
Pedro Igor
03bbf77b35
[KEYCLOAK-12511] - Mapper not visible in client's mapper list
2020-01-09 10:25:06 +01:00
mposolda
fea7b4e031
KEYCLOAK-12424 SPNEGO / Kerberos sends multiple 401 responses with WWW-Authenticate: Negotiate header when kerberos token is invalid
2020-01-09 10:21:24 +01:00
Tom Billiet
0f8d988d58
[KEYCLOAK-12299] JWKS parsing: fallback to RS256 for RSA keys without alg field
2020-01-09 10:12:34 +01:00
Thomas Darimont
062cbf4e0a
KEYCLOAK-9925 Use Client WebOrigins in UserInfoEndpoint
...
We now use the allowed WebOrigins configured for the client
for which the user info is requested.
Previously, Web Origins defined on the Client were not being recognized
by the /userinfo endpoint unless you apply the "Allowed Web Origins"
protocol mapper.
This was an inconsistency with how the Web Origins work compared
with the /token endpoint.
2020-01-09 10:10:59 +01:00
Bodo Graumann
65b674a131
KEYCLOAK-10818 Add hint about +, * in client CORS
...
The '+' in the allowed CORS origins does not replicate a '*' wildcard
from the Valid Redirect URIs. This information is now available in the
tooltip.
Also translated changed message into german.
2020-01-09 10:09:02 +01:00
Pedro Igor
dae212c035
[KEYCLOAK-12312] - Partial import of realm breaking access to client's service account roles
2020-01-09 10:06:32 +01:00
Pedro Igor
c596647241
[KEYCLOAK-11712] - Request body not buffered when using body CIP in Undertow
2020-01-09 10:02:18 +01:00
Pedro Igor
709cbfd4b7
[KEYCLOAK-10705] - Return full resource representation when querying policies by id
2020-01-09 10:00:24 +01:00
Pedro Igor
9fd7ab81f0
[KEYCLOAK-10407] - Avoiding redundant calls on identity.getid
2020-01-09 09:56:48 +01:00
stianst
80187b54ff
KEYCLOAK-10974 Add quotes in kcreg.bat to allow installation dir with spaces
2020-01-09 09:45:40 +01:00
Manfred Duchrow
f926529767
KEYCLOAK-12616 Vault unit test always failes on Windows
2020-01-07 20:55:50 +01:00
vmuzikar
8e0e972957
KEYCLOAK-12626 Fix compilation errors in Admin Console tests
2020-01-07 11:56:14 -05:00
Hynek Mlnarik
f7379086e0
KEYCLOAK-12619 Improve mapped byte buffer cleanup
2020-01-07 16:07:43 +01:00
Bruno Oliveira da Silva
c0aa0891cd
[KEYCLOAK-12533] Applications UI has erroneous "Remove Access" button
2020-01-06 10:49:52 -03:00
Thomas Darimont
54b69bd1dc
KEYCLOAK-10190 Fix NPE on missing clientSession in TokenEndpoint.codeToToken
...
In certain scenarios, e.g. when an auth code from another realm login is
used to perform the code to token exchange, it can happen that the
ClientSession is null which triggered an NPE when the userSession field is accessed.
Added null check for clientSession in TokenEndpoint.codeToToken to prevent an NPE.
2020-01-06 14:45:20 +01:00
vramik
419d9c6351
KEYCLOAK-11597 Remote testing changes + possibility to exclude tests for specific auth server
...
Co-Authored-By: <mhajas@redhat.com>
2020-01-06 14:29:36 +01:00
Thomas Darimont
1a7aeb9b20
KEYCLOAK-8249 Improve extraction of Bearer tokens from Authorization headers ( #6624 )
...
We now provide a simple way to extract the Bearer token string from
Authorization header with a null fallback.
This allows us to have more fine grained error handling for the
various endpoints.
2020-01-06 13:58:52 +01:00
mhajas
28b01bc34d
KEYCLOAK-12609 Fix integer overflow for SAML XMLTimeUtil add method parameters
2020-01-06 13:53:16 +01:00
Yoshiyuki Tabata
e96725127f
KEYCLOAK-12165 Fix UserSessionProviderTest to work correctly ( #6513 )
2020-01-02 17:57:14 +01:00
Marek Posolda
fa453e9c0c
KEYCLOAK-12278 Default first broker login flow is broken after migration ( #6556 )
2020-01-02 17:53:56 +01:00
Pedro Igor
56d53b191a
[KEYCLOAK-8779] - Fixing PartialImportTest
2019-12-28 06:24:19 -03:00
rmartinc
401d36b446
KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts
2019-12-27 15:59:38 -03:00
Michael Thirion
44ab3f46b7
[KEYCLOAK-6008] - Spring Boot does not honour wildcard auth-role ( #6579 )
2019-12-24 19:06:55 -03:00
Asbjørn Dyhrberg Thegler
1162455f32
KEYCLOAK-10894 Adds a ready indicating promise
...
This is non-intrusive and backwards compatible. With this change it is possible
to `await keycloakAuthorization.ready` to make sure the component has been
properly initialized.
2019-12-24 18:33:20 -03:00
Thomas Darimont
0219d62f09
KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens
...
As required by the OIDC spec (1) we now return a proper WWW-Authenticate
response header if the given token is invalid.
1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError
2019-12-23 07:42:06 -03:00
Andrei Arlou
23b794aa51
KEYCLOAK-12313 Remove unused method from org.keycloak.saml.common.util.DocumentUtil
2019-12-20 15:03:42 +01:00
Pedro Igor
e316e2a2f0
[KEYCLOAK-8616] - Process requests only if a deployment can be resolved
2019-12-20 13:33:12 +01:00
Andrei Arlou
eed4847469
KEYCLOAK-12311 Fix minor warnings with collections in packages: forms, keys, partialimport, protocol from module "services"
2019-12-20 13:31:38 +01:00
Philipp Nanz
7409f6991f
KEYCLOAK-12166 Argument 'customJacksonProvider' not being passed on
2019-12-20 09:06:55 +01:00
Peter Skopek
7a14661fce
KEYCLOAK-6115 Login fails if federated user is read-only and has selected a locale on the login screen
2019-12-19 14:36:50 +01:00
Pedro Igor
946088d48d
[KEYCLOAK-12109] - Resolving authz discovery url using KeycloakUriBuilder
2019-12-19 14:18:21 +01:00
Pedro Igor
3bd193acd7
[KEYCLOAK-12412] - Policy enforcer should consider charset when comparing the content-type of the request
2019-12-19 14:14:33 +01:00
Andrei Arlou
aceb123242
KEYCLOAK-12417 Fix minor warnings in tests from module "services"
2019-12-19 10:51:37 +01:00
Andrei Arlou
697eaa4f36
KEYCLOAK-12309 Fix warnings with collections in packages:
...
authentification, authorization, broker, email, events, exportimport from module "services"
2019-12-18 14:02:27 +01:00
Tero Saarni
1ac76fde59
KEYCLOAK-12242 KEYCLOAK-12280
...
(cherry picked from commit 6f47d7fc2ccab4f31e373774c983501e83dffa4b)
2019-12-18 13:29:21 +01:00
Andrei Arlou
bb156fb2fd
KEYCLOAK-12317 Fix minor warnings with modificators in packages: authentication, authorization, keys, partialimport, protocol from module "services"
2019-12-18 13:26:27 +01:00
Andrei Arlou
c61cc1a493
KEYCLOAK-12316 Simplify conditions in packages: authentication, broker, credential, protocol from module "services"
2019-12-18 13:22:36 +01:00
Stefan Guilhen
9f69386a53
[KEYCLOAK-11707] Add support for Elytron credential store vault
...
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
- Introduces an abstract provider and factory that unifies code that is common to the existing implementations
- Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
and key names when constructing the vault entry id
- Introduces a keyResolvers property to the existing implementation via superclass that allows for the
configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
are tried in the order they were declared when retrieving a secret from the vault
- Adds more tests for the files-plaintext provider using the new key resolvers
- Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb
[KEYCLOAK-12254] Fix re-evaluation of conditional flow ( #6558 )
2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9
[KEYCLOAK-11859] Added option to always display a client in the accounts console
2019-12-17 17:12:49 -03:00
Bruno Oliveira da Silva
caf08da2af
[KEYCLOAK-10962] Application screen for the new account console
2019-12-17 17:09:45 -03:00
vramik
c3d80651bf
KEYCLOAK-12473 Add possibility to specify length of event detail when storing to database
2019-12-17 17:15:50 +01:00