3975 commits

Author	SHA1	Message	Date
Takashi Norimatsu	882f5ffea4	KEYCLOAK-15533 Client Policy : Extends Policy Interface to Migrate Client Registration Policies ... Co-authored-by: Hryhorii Hevorkian <hhe@adorsys.com.ua> Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>	2021-03-02 09:26:04 +01:00
i7a7467	b83064b142	KEYCLOAK-16679 Add algorithm settings for client assertion signature in OIDC identity broker	2021-03-01 18:11:25 +01:00
Takashi Norimatsu	c4bf8ecdf0	KEYCLOAK-16880 Client Policy - Condition : Negative Logic Support	2021-03-01 14:27:39 +01:00
mposolda	41dc94fead	KEYCLOAK-14483 Broker state param fix	2021-02-24 19:07:58 -03:00
mposolda	6f409d088a	KEYCLOAK-15239 Reset Password Success Message not shown when Kerberos is Enabled	2021-02-23 16:15:50 -03:00
Pedro Igor	dbc6514bfc	[KEYCLOAK-17206] - Avoid removing attributes when updating user and profile	2021-02-23 08:41:41 +01:00
Juan Manuel Rodriguez Alvarado	6255ebe6b5	[KEYCLOAK-16536] Implement Audit Events for Authorization Services requests	2021-02-22 17:28:59 -03:00
mposolda	ed8d5a257f	KEYCLOAK-16517 Make sure that just real clients with standardFlow or implicitFlow enabled are considered for redirectUri during logout	2021-02-22 14:30:32 +01:00
mposolda	0058011265	KEYCLOAK-16006 User should not be required to re-authenticate after revoking consent to an application	2021-02-22 14:29:42 +01:00
Pedro Igor	1dc0b005fe	[KEYCLOAK-17087] - X509 OCSP Validation Not Checking Intermediate CAs	2021-02-22 13:50:19 +01:00
Lukas Hanusovsky	4a2830bc2e	KEYCLOAK-15849 : auth-remote-server exclude -> removed duplicated annotation, fixed @Test(timeout) bug -> replaced by lambda expression.	2021-02-22 13:40:47 +01:00
Pedro Igor	9356843c6c	[KEYCLOAK-16521] - Fixing secret for non-confidential clients	2021-02-19 08:38:49 +01:00
Torsten Roemer	750f5fdb0a	KEYCLOAK-14577 OIDCIdentityProvider incorrectly sets firstName and lastName in BrokeredIdentityContext	2021-02-18 19:50:27 +01:00
Torsten Roemer	00ee6bb9fa	KEYCLOAK-14577 OIDCIdentityProvider incorrectly sets firstName and lastName in BrokeredIdentityContext	2021-02-18 19:50:27 +01:00
rmartinc	056b52fbbe	KEYCLOAK-16800 userinfo fails with 500 Internal Server Error for service account token	2021-02-18 19:37:52 +01:00
Pedro Igor	431f137c37	[KEYCLOAK-17123] - Avoid validation and updates for read-only attributes during updates	2021-02-17 17:57:46 +01:00
stefvdwel	b97f5eb128	Added PermissionTicket count test.	2021-02-17 09:40:19 -03:00
Pedro Igor	2593c3dbc4	[KEYCLOAK-15893] - Incorrect resource match is returned for some cases when using wildcard in uri	2021-02-17 12:51:26 +01:00
mposolda	80bf0b6bad	KEYCLOAK-16708 Unexpected exceptions during client authentication	2021-02-12 18:27:54 +01:00
Pedro Igor	ca2a761d4b	[KEYCLOAK-16886] - Updating user account removes attributes	2021-02-12 12:01:50 -03:00
Michito Okai	33bb1fda38	KEYCLOAK-16931 Authorization Server Metadata of ... introspection_endpoint_auth_methods_supported and introspection_endpoint_auth_signing_alg_values_supported	2021-02-11 14:53:49 +01:00
Pedro Igor	7a4733acc9	[KEYCLOAK-14034] - Adding tests for matching uris once updated	2021-02-11 09:44:43 -03:00
mposolda	456cdc51f2	KEYCLOAK-15719 CORS headers missing on userinfo error response	2021-02-11 13:37:42 +01:00
diodfr	cb12fed96e	KEYCLOAK-4544 Detect existing user before granting user autolink	2021-02-11 11:06:49 +01:00
Lukas Hanusovsky	223d0ea456	KEYCLOAK-16625 : Testsuite -> auth.server.remote: adding keystore file to a build directory.	2021-02-09 15:22:43 +01:00
Pedro Igor	f6c3ec5d9e	[KEYCLOAK-14366] - Missing check for iss claim in JWT validation on Client Authentication (Token Endpoint)	2021-02-09 13:54:06 +01:00
Pedro Igor	ab9a38ec27	[KEYCLOAK-13115] - Unable to add a role to a user if username query matches multiple acounts	2021-02-09 13:49:25 +01:00
Pedro Igor	eb37a1ed69	[KEYCLOAK-17031] - ClientInvalidationClusterTest failing on Quarkus due to unreliable comparison	2021-02-05 16:09:27 +01:00
mposolda	f4b5942c6c	KEYCLOAK-16755 ClearExpiredUserSessions optimization. Rely on infinispan expiration rather than Keycloak own background task.	2021-02-04 08:49:42 +01:00
Yang Xie	cffe24f815	KECLOAK-16009 Add a method to check if the token request has duplicate parameters	2021-02-03 16:10:41 +01:00
Florian Apolloner	eeec82dea3	KEYCLOAK-16656 Only set execution authenticator for form flows.	2021-01-29 17:19:15 +01:00
Martin Kanis	8432513daa	KEYCLOAK-16908 Refactor UserSessionPersisterProvider	2021-01-29 09:29:00 +01:00
Pedro Igor	922d7da3ae	[KEYCLOAK-16497] - AuthzClient.create() fails when env variables are used in auth-server-url	2021-01-28 12:07:58 -03:00
Hynek Mlnarik	60e4bd622f	KEYCLOAK-16828 Fix HttpClient failures and close HttpResponses	2021-01-28 08:38:34 +01:00
rmartinc	f3a4991b6a	KEYCLOAK-15975 NPE in DefaultThemeManager.loadTheme() if theme directory is absent	2021-01-27 22:05:19 +01:00
Pedro Igor	0c501f8302	[KEYCLOAK-16837] - Authz client still relying on refresh tokens when doing client credentials	2021-01-27 12:23:32 -03:00
mposolda	99a70267d9	KEYCLOAK-16801 Improve performance of ClearExpiredEvents background task	2021-01-27 09:57:46 +01:00
Takashi Norimatsu	b89edabcfc	KEYCLOAK-16889 Client Policy : Refactor Test Class	2021-01-27 09:06:08 +01:00
Martin Kanis	9f580e3ed8	KEYCLOAK-15695 Streamification cleanup	2021-01-20 14:39:53 +01:00
Thomas Darimont	6315fe5d22	KEYCLOAK-16464 Test mapping of enabled and emailVerified user model attribute to LDAP attributes	2021-01-20 09:24:06 +01:00
Takashi Norimatsu	bcf313f321	KEYCLOAK-16858 Client Policy - Improper retainAll operation in Client Scope Condition and other minor bugs	2021-01-20 09:10:21 +01:00
Martin Bartoš	9df7fdbc55	KEYCLOAK-14718 Adding test case for User Client Role Mapper	2021-01-19 17:49:36 +01:00
Michal Hajas	ba8e2fef6b	KEYCLOAK-15524 Cleanup user related interfaces	2021-01-18 16:56:10 +01:00
mposolda	dae4a3eaf2	KEYCLOAK-16468 Support for deny list of metadata attributes not updateable by account REST and admin REST ... (cherry picked from commit 79db549c9d561b8d5efe3596370190c4da47e4e1) (cherry picked from commit bf4401cddd5d3b0033820b1cb4904bd1c8b56db9)	2021-01-18 13:17:51 +01:00
mposolda	eac3329d22	KEYCLOAK-14019 Improvements for request_uri parameter ... (cherry picked from commit da38b36297a5bd9890f7df031696b516268d6cff)	2021-01-18 13:05:09 +01:00
Pedro Igor	c631013031	[KEYCLOAK-16515] - Scope permissions not added to result if previous permission is granted	2021-01-14 17:08:05 +01:00
Takashi Norimatsu	5f445ec18e	KEYCLOAK-14200 Client Policy - Executor : Enforce Holder-of-Key Token ... Co-authored-by: Hryhorii Hevorkian <hhe@adorsys.com.ua>	2021-01-12 11:21:41 +01:00
Takashi Norimatsu	f423c0dc51	KEYCLOAK-16249 Client Policy - Condition : Client - Any Client	2021-01-08 17:29:50 +01:00
vramik	1402d021de	KEYCLOAK-14846 Default roles processing	2021-01-08 13:55:48 +01:00
Takashi Norimatsu	05dfac75ca	KEYCLOAK-14202 Client Policy - Executor : Enforce secure signature algorithm for Signed JWT client authentication ... Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>	2021-01-06 08:58:20 +01:00
Thomas Darimont	1a7600e356	KEYCLOAK-13923 Support PKCE for OIDC based Identity Providers (#7381) ... * KEYCLOAK-13923 - Support PKCE for Identity Provider We now support usage of PKCE for OIDC based Identity Providers. * KEYCLOAK-13923 Warn if PKCE information cannot be found code-to-token request in OIDCIdentityProvider * KEYCLOAK-13923 Pull up PKCE handling from OIDC to OAuth IdentityProvider infrastructure * KEYCLOAK-13923 Adding test for PKCE support for OAuth Identity providers * KEYCLOAK-13923 Use URI from KeycloakContext instead of HttpRequest Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2021-01-05 10:59:59 -03:00
mposolda	d4a36d0d9c	KEYCLOAK-16350 invalid_scope error response should be displayed for openid-connect/auth	2021-01-05 12:55:53 +01:00
vramik	dfa27b9f0f	KEYCLOAK-14856 fix migration, add ssl for migration server	2021-01-05 11:05:18 +01:00
keycloak-bot	75be33ccad	Set version to 13.0.0-SNAPSHOT	2020-12-16 17:31:55 +01:00
Stefan Guilhen	d6422e415c	[KEYCLOAK-16508] Complement methods for accessing user sessions with Stream variants	2020-12-15 19:52:31 +01:00
Takashi Norimatsu	edabbc9449	KEYCLOAK-14203 Client Policy - Executor : Enforce HTTPS URIs	2020-12-15 09:31:20 +01:00
Martin Bartoš	24f1a9c5c4	KEYCLOAK-16583 Ignore tests which directly use WebAuthn Chrome testing feature	2020-12-14 16:39:32 +01:00
Martin Bartoš	cfc035ee42	KEYCLOAK-15066 Internal Server error when calling random idp endpoint	2020-12-14 16:37:53 +01:00
Cédric Couralet	f4abc86a66	KEYCLOAK-16112 don't remove username attribute	2020-12-14 15:46:25 +01:00
Takashi Norimatsu	200b53ed1e	KEYCLOAK-14192 Client Policy - Condition : Author of a client - User Role	2020-12-14 15:37:05 +01:00
Michal Hajas	8e376aef51	KEYCLOAK-15847 Add MapUserProvider	2020-12-10 08:57:53 +01:00
Martin Kanis	3ddedc49f5	KEYCLOAK-11417 Internal server error on front channel logout with expired session	2020-12-09 14:45:04 +01:00
Martin Bartoš	873a69305f	KEYCLOAK-15264 Import realm using directory provider twice with IGNORE_EXISTING will cause NPE for clientId	2020-12-08 11:28:07 +01:00
Hynek Mlnarik	8c0c542f09	KEYCLOAK-16489 Add ability to run model tests with LDAP	2020-12-07 20:54:06 +01:00
Martin Kanis	f6be378eca	KEYCLOAK-14556 Authentication session map store	2020-12-07 20:48:59 +01:00
Stefan Guilhen	edef93cd49	[KEYCLOAK-16232] Streamify the UserCredentialStore and UserCredentialManager interfaces	2020-12-07 19:48:35 +01:00
Stefan Guilhen	73d0bb34c4	[KEYCLOAK-16232] Replace usages of deprecated collection-based methods with the respective stream variants	2020-12-07 19:48:35 +01:00
Takashi Norimatsu	7da5a71314	KEYCLOAK-14191 Client Policy - Condition : Author of a client - User Group	2020-12-03 17:52:06 +01:00
Ian	be4c99dfe5	KEYCLOAK-15287 Ability to add custom claims to the AccessTokenResponse	2020-12-03 17:28:03 +01:00
Peter Zaoral	c8a2f82a50	KEYCLOAK-14138 Upgrade OTP login screen ... * edited related css and ftl theme resources * added tile component * fixed IE11 compatibility * fixed affected tests Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2020-12-03 16:00:36 +01:00
Takashi Norimatsu	a51e0cc484	KEYCLOAK-14197 Client Policy - Condition : Client - Client Host	2020-12-02 09:05:42 +01:00
vramik	cd9e01af90	KEYCLOAK-16502 Migration of DELETE_ACCOUNT role	2020-12-01 13:10:20 +01:00
Peter Zaoral	ad940a861a	KEYCLOAK-14137 Upgrade Authentication selector screen ... * edited related css and ftl theme resources * added IE11 compatibility support * fixed affected tests Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2020-11-27 08:40:06 +01:00
Jan Lieskovsky	833bf98643	[KEYCLOAK-15692] Upgrade to Wildfly "21.0.1.Final" ... Base fixes: * [KEYCLOAK-15780] Upgrade Keycloak to Wildfly 21.0.0.Beta1 / Wildfly Core 13.0.0.Beta6 * [KEYCLOAK-16031] Upgrade Keycloak to Wildfly 21.0.0.Final / Wildfly Core 13.0.1.Final * [KEYCLOAK-16442] Upgrade Keycloak to Wildfly 21.0.1.Final / Wildfly Core 13.0.3.Final Other (dependent) fixes: * [KEYCLOAK-15408] Deprecate former Wildfly and Wildfly Core versions in Arquillian's testsuite pom.xml file as part of the upgrade script * [KEYCLOAK-15442] Update the version of 'jboss-parent' as part of the Wildfly upgrade script if necessary * [KEYCLOAK-15474] Add --verbose and --force options to the Wildfly upgrade automated script * [KEYCLOAK-15649] Update "urn:jboss:domain:infinispan:10.0" version as part of the Wildfly upgrade automated script * [KEYCLOAK-15652] Wildfly upgrade automated script - Align Python artifact version comparsion algorithm with the Maven / Java one Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2020-11-26 09:25:29 +01:00
Hynek Mlnarik	5c2122d36f	KEYCLOAK-16444 Initialize JAXP components consistently	2020-11-25 14:20:19 +01:00
zak905	4f330f4a57	KEYCLOAK-953: add allowing user to delete his own account feature	2020-11-24 15:50:07 +01:00
Stan Silvert	0afd55f32c	KEYCLOAK-14547: Make New Account Console the default.	2020-11-23 20:56:05 +01:00
Takashi Norimatsu	5dd5b5bedf	KEYCLOAK-16392 Client Policy - Condition : NPE without any initial configuration	2020-11-23 12:07:28 +01:00
st	a7666d4ccf	KEYCLOAK-11699 add support for 127.0.0.1 for native app	2020-11-20 11:03:29 +01:00
Douglas Palmer	43e075afa5	[KEYCLOAK-14352] JavaScript injection vulnerability of Realm registration REST API	2020-11-18 10:48:11 -03:00
Martin Bartos	ab347df5ee	KEYCLOAK-14915 Upgrade registration screen to PF4	2020-11-18 10:54:17 +01:00
Takashi Norimatsu	9ce2e9b1f7	KEYCLOAK-14193 Client Policy - Condition : Client - Client Access Type	2020-11-18 09:49:22 +01:00
Hynek Mlnarik	29e3d89f3a	KEYCLOAK-16297 Fix HttpClient stale connections	2020-11-16 14:59:00 +01:00
Martin Bartoš	59aa31084e	KEYCLOAK-16143 Login form expected, but registraion form is displayed	2020-11-13 21:36:51 +01:00
Michal Hajas	a766a1dd16	KEYCLOAK-16074 Fix check3pCookiesSupported message callback	2020-11-13 16:01:50 -03:00
Takashi Norimatsu	21c7af1c53	KEYCLOAK-14207 Client Policy - Executor : Enforce more secure client signature algorithm when client registration	2020-11-13 09:24:59 +01:00
Takashi Norimatsu	244a1b2382	KEYCLOAK-14196 Client Policy - Condition : Client - Client Scope	2020-11-12 08:40:28 +01:00
vmuzikar	01be601dbd	KEYCLOAK-14306 OIDC redirect_uri allows dangerous schemes resulting in potential XSS ... (cherry picked from commit e86bec81744707f270230b5da40e02a7aba17830) Conflicts: testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java services/src/main/java/org/keycloak/validation/DefaultClientValidationProvider.java	2020-11-12 08:21:54 +01:00
Takashi Norimatsu	e35a4bcefc	KEYCLOAK-14206 Client Policy - Executor : Enforce more secure state and nonce treatment for preventing CSRF	2020-11-11 21:11:34 +01:00
Hynek Mlnarik	030a077e99	KEYCLOAK-16157 Fix Unexpected I/O error message	2020-11-11 11:12:52 +01:00
Pedro Igor	852c4a57ff	[KEYCLOAK-14468] - Scope permission sometimes not removed when removing scopes	2020-11-11 08:44:28 +01:00
niwde	c69f92831b	[KEYCLOAK-16215] Typo in EventConfigTest	2020-11-10 13:54:39 -03:00
Martin Kanis	d9029b06b9	KEYCLOAK-15889 Streamification of ProtocolMappers	2020-11-10 16:40:34 +01:00
Takashi Norimatsu	a0b1710735	KEYCLOAK-14198 Client Policy - Condition : Client - Client IP	2020-11-10 15:37:26 +01:00
Stefan Guilhen	aa46735173	[KEYCLOAK-15200] Complement methods for accessing users with Stream variants	2020-11-10 15:13:11 +01:00
Takashi Norimatsu	a63814da67	KEYCLOAK-14201 Client Policy - Executor : Enforce Proof Key for Code Exchange (PKCE)	2020-11-09 08:18:05 +01:00
Thomas Darimont	de20830412	KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens. ... Co-authored-by: mposolda <mposolda@gmail.com>	2020-11-06 09:15:34 +01:00
vmuzikar	2df62369c3	KEYCLOAK-15295 User can manage resources with just "view-profile" role using new Account Console ... (cherry picked from commit 1b063825755d9f5aa13e612757e8ef7299430761)	2020-11-06 08:55:57 +01:00
stianst	6b2e1cbc5f	KEYCLOAK-16167 Enable Account REST API by default	2020-11-06 08:06:03 +01:00
Takashi Norimatsu	6dc136dfc0	KEYCLOAK-14199 Client Policy - Executor : Enforce more secure client authentication method when client registration	2020-11-05 20:42:49 +01:00
Martin Bartos	7522d5ac74	KEYCLOAK-15841 Upgrade rest of the minor forms to PF4	2020-11-05 17:58:41 +01:00
Hynek Mlnarik	7b8575fa1a	KEYCLOAK-16090 Work around LDAPUserLoginTest false failures	2020-11-03 08:38:54 +01:00
Christoph Leistert	e131de9574	KEYCLOAK-14855 Added realm-specific localization texts which affect texts in every part of the UI (admin console / login page / personal info page / email templates). Also new API endpoints and a new UI screen to manage the realm-specific localization texts were introduced. ... Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>	2020-10-30 08:02:43 -03:00
vramik	785f2e78bc	KEYCLOAK-14977 create MapRoleProvider	2020-10-30 08:15:22 +01:00
Johannes Knutsen	23c575c236	KEYCLOAK-15399: Wrong token type in token response. bearer vs Bearer	2020-10-28 10:38:22 -03:00
Pedro Igor	24f90ca6cb	[KEYCLOAK-15406] - Grant access when evaluating user-managed permission for the owner	2020-10-28 09:59:24 -03:00
Martin Bartos	a8df7d88a1	[KEYCLOAK-14139] Upgrade login screen to PF4	2020-10-27 20:24:07 +01:00
Hynek Mlnarik	267f1797d4	KEYCLOAK-15735 Fix LDAPSamlIdPInitiatedVaryingLetterCaseTest failures on few DBs	2020-10-23 15:15:03 +02:00
Hynek Mlnarik	e80538c60c	KEYCLOAK-15921 Fix auth server URL	2020-10-23 15:14:01 +02:00
Pedro Igor	b95ca30ec2	[KEYCLOAK-14255] - Minor fixes and improvements	2020-10-23 10:39:21 +02:00
Daniel Fesenmeyer	de8d2eafa3	KEYCLOAK-14781 Extend Admin REST API with search by federated identity ... - Add parameters idpAlias and idpUserId to the resource /{realm}/users and allow it to be combined with the other search parameters like username, email and so on - Add attribute "federatedIdentities" to UserEntity to allow joining on this field - extend integration test "UserTest"	2020-10-22 08:51:26 +02:00
Sven-Torben Janus	850d3e7fef	KEYCLOAK-15511 OTP registration during login with LDAP read-only ... When LDAP user federation is configured in read-only mode, it is not possible to set required actions for users from LDAP. Keycloak credential model allows for registering OTP devices when LDAP ist configured with "Import Users" flag enabled. Registering OTP devices needs to be done via the account management console and works as expecetd. However, it fails, if a user has to register aN OTP device during login (i.e. within the authentication flow), because the OTP Form Authenticator tries to enforce OTP registration via setting the corresponding required action for the user. That fails, because the user is read-only. To work around this, the required action is set on the authentication session instead.	2020-10-21 17:00:11 +02:00
mposolda	7891daef73	KEYCLOAK-15998 Keycloak OIDC adapter broken when Keycloak server is on http	2020-10-21 08:36:08 +02:00
mhajas	4556e858ad	KEYCLOAK-15522 Use AbstractStorageManager in UserStorageManager	2020-10-15 20:41:13 +02:00
Sven-Torben Janus	eb002c7ecd	KEYCLOAK-3365 Extend test case	2020-10-15 08:43:31 +02:00
Sven-Torben Janus	5918094840	KEYCLOAK-3365 Add test case	2020-10-15 08:43:31 +02:00
mhajas	d266165f63	KEYCLOAK-14871 Whitelist RefreshableKeycloakSecurityContext for KeycloakPrincipal serialization	2020-10-14 16:00:39 +02:00
Martin Kanis	086f7b4696	KEYCLOAK-15450 Complement methods for accessing realms with Stream variants	2020-10-14 08:16:49 +02:00
Hynek Mlnarik	4541a1b250	KEYCLOAK-15907 Fix new host in SAML adapter cannot restore session	2020-10-12 13:23:03 +02:00
testn	269a72d672	KEYCLOAK-15184: Use static inner class where possible	2020-10-09 23:37:08 +02:00
Luca Leonardo Scorcia	f274ec447b	KEYCLOAK-15697 Make the Service Provider Entity ID user configurable	2020-10-09 22:04:02 +02:00
mposolda	ff05072c16	KEYCLOAK-15770 Skip creating session for docker protocol authentication	2020-10-09 07:53:26 +02:00
mposolda	d269af1b70	KEYCLOAK-15830 Remove authentication session after failed directGrant authentication	2020-10-07 18:13:21 +02:00
vmuzikar	bb7ce62cd5	KEYCLOAK-15332 Missing CORS headers in some endpoints in Account REST API	2020-10-07 09:07:55 -03:00
mhajas	540516c6a9	KEYCLOAK-15734 Exclude tests with testingClient in remote environment	2020-10-06 20:26:24 +02:00
dashaylan	65ecfc960a	Combine UserInfo KcOidcBrokerConfiguration with OidcUserInfoClaimToRoleMapperTest	2020-10-06 08:44:02 +02:00
dashaylan	787d44be78	Reduce code duplication and test count	2020-10-06 08:44:02 +02:00
dashaylan	0d6da99844	Add UserInfo check fix and associated tests.	2020-10-06 08:44:02 +02:00
Markus Till	72f73f153a	UserProfile M1	2020-10-05 09:59:44 -03:00
Michito Okai	eac3341241	KEYCLOAK-15779 Authorization Server Metadata for the URL of the ... authorization server's JWK Set [JWK] document	2020-10-02 11:18:31 +02:00
Thomas Darimont	12576e339d	KEYCLOAK-15146 Add support for searching users by emailVerified status ... We now allow to search for users by their emailVerified status. This enables users to easily find users and deal with incomplete user accounts.	2020-09-29 08:28:59 -03:00
vmuzikar	fbe18e67c3	KEYCLOAK-15721 KeycloakPromise sometimes doesn't work	2020-09-28 15:57:46 -03:00
Takashi Norimatsu	6596811d5d	KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level	2020-09-25 08:31:14 +02:00
mhajas	e4078933f8	KEYCLOAK-14828 Disable DTD for SAML XML parser ... (cherry picked from commit 37de7de78b2ae0eebee97fe917642bb849325f86)	2020-09-24 13:35:21 +02:00
Pedro Igor	76dede0f1e	[KEYCLOAK-14221] - Allow to map subject to userinfo response	2020-09-23 14:33:14 +02:00
vmuzikar	bca73fd04a	KEYCLOAK-15158 Javascript adapter init() is throwing a promise error after upgrade to 11	2020-09-22 10:56:46 -03:00
Frode Ingebrigtsen	0a0b7da53e	KEYCLOAK-15429 Add CORS origin on permission request with invalid access token	2020-09-22 08:56:21 -03:00
Denis	50210c4d9b	KEYCLOAK-14161 Regression on custom registration process	2020-09-21 20:23:39 +02:00
mhajas	12bc84322a	KEYCLOAK-14974 Map group storage provider	2020-09-21 15:56:32 +02:00
testn	2cd03569d6	KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader	2020-09-21 13:05:03 +02:00
vmuzikar	790b549cf9	KEYCLOAK-15262 Logout all sessions after password change	2020-09-18 20:09:40 -03:00
mhajas	b75ad2fbd8	KEYCLOAK-15259 Avoid using "null" Origin header as a valid value	2020-09-17 23:21:49 -07:00
mhajas	f7e0af438d	KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak ... (cherry picked from commit 0b49640231abc6e465542bd2608e1c908c079ced)	2020-09-17 23:21:49 -07:00
Pedro Igor	0978d78a48	[KEYCLOAK-14255] - Initial changes to configuration	2020-09-16 20:03:52 +02:00
Luca Leonardo Scorcia	10077b1efe	KEYCLOAK-15485 Add option to enable SAML SP metadata signature	2020-09-16 16:40:45 +02:00
Martin Kanis	5d5e56dde3	KEYCLOAK-15199 Complement methods for accessing roles with Stream variants	2020-09-16 16:29:51 +02:00
Benjamin Weimer	f874e9a43c	KEYCLOAK-9874 include realm and client roles in user info response	2020-09-16 10:01:02 +02:00
Takashi Norimatsu	b670734eec	KEYCLOAK-14205 FAPI-RW Client Policy - Executor : Enforce Response Type of OIDC Hybrid Flow	2020-09-14 20:58:25 +02:00
Hynek Mlnarik	a05066d567	KEYCLOAK-15477 Fix permission evaluation logic	2020-09-14 20:53:46 +02:00
vmuzikar	a9a719b88c	KEYCLOAK-15270 Account REST API doesn't verify audience	2020-09-14 08:43:09 -03:00
Miquel Simon	2572b1464b	KEYCLOAK-15395. Removed totp/remove (DELETE) and credentials/password (GET, POST) endpoints.	2020-09-10 18:03:03 -03:00
Takashi Norimatsu	af2f18449b	KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role	2020-09-10 18:34:19 +02:00
Clement Cureau	b19fe5c01b	Finegrain admin as fallback and added some tests	2020-09-10 12:26:55 -03:00
Sebastian Laskawiec	e01159a943	KEYCLOAK-14767 OpenShift Review Endpoint audience fix	2020-09-09 11:57:24 -03:00
Takashi Norimatsu	cbb79f0430	KEYCLOAK-15448 FAPI-RW : Error Response on OIDC private_key_jwt Client Authentication Error (400 error=invalid_client)	2020-09-09 11:14:21 +02:00
Benjamin Weimer	b2934e8dd0	KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found	2020-09-08 11:17:20 -03:00
Martin Kanis	4e9bdd44f3	KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak	2020-09-07 13:11:55 +02:00
stianst	76f7fbb984	KEYCLOAK-14548 Add support for cached gzip encoding of resources	2020-09-07 00:58:47 -07:00
Martin Bartos	e34ff6cd9c	[KEYCLOAK-14326] Identity Provider force sync is not working	2020-09-07 09:42:40 +02:00
Takashi Norimatsu	1d8230d438	KEYCLOAK-14190 Client Policy - Condition : The way of creating/updating a client	2020-09-04 09:54:55 +02:00
Luca Leonardo Scorcia	67b2d5ffdd	KEYCLOAK-14961 SAML Client: Add ability to request specific AuthnContexts to remote IdPs	2020-09-03 21:25:36 +02:00
Hynek Mlnarik	1c4a2db8e1	KEYCLOAK-14510 Properly close Response object	2020-09-03 11:23:05 +02:00
Konstantinos Georgilakis	1fa93db1b4	KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing	2020-09-02 20:43:09 +02:00
Takashi Norimatsu	b93a6ed19f	KEYCLOAK-14919 Dynamic registration - Scope ignored	2020-09-02 13:59:22 +02:00
Takashi Norimatsu	107a429238	KEYCLOAK-15236 FAPI-RW : Error Response on OAuth 2.0 Mutual TLS Client Authentication Error (400 error=invalid_client)	2020-09-02 09:31:20 +02:00
mhajas	3928a49c77	KEYCLOAK-14816 Reset brute-force-detection data for the user after a successful password grant type flow	2020-09-01 21:45:17 +02:00
Hynek Mlnarik	583fa07bc4	KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking	2020-09-01 20:40:38 +02:00
testn	0362d3a430	KEYCLOAK-15113: Move away from deprecated Promise.success()/error()	2020-09-01 14:26:44 -04:00
mhajas	bdccfef513	KEYCLOAK-14973 Create GroupStorageManager	2020-09-01 10:21:39 +02:00
Martin Bartos	9c847ab176	[KEYCLOAK-14432] Unhandled NPE in identity broker auth response	2020-08-31 14:14:42 +02:00
Martin Kanis	d59a74c364	KEYCLOAK-15102 Complement methods for accessing groups with Stream variants	2020-08-28 20:56:10 +02:00
Thomas Darimont	df94cefbc1	KEYCLOAK-12729 Revise password policy not-email tests ... - Added missing cleanup to RegisterTest - Revised test-setup for AccountFormServiceTest	2020-08-21 14:55:07 +02:00
Thomas Darimont	0f967b7acb	KEYCLOAK-12729 Add password policy not-email ... Added test cases and initial translations	2020-08-21 14:55:07 +02:00
mposolda	bd48d7914d	KEYCLOAK-15139 Backwards compatibility for LDAP Read-only mode with IMPORT_USERS enabled	2020-08-20 14:05:21 +02:00
Hynek Mlnarik	6231b7c904	KEYCLOAK-15207 Fix map storage test failures	2020-08-20 07:53:54 +02:00
Pedro Igor	cb57c58b4b	[KEYCLOAK-14730] - Consent not working when using federation storage and client is displayed on consent screen	2020-08-19 10:08:21 +02:00
mhajas	ae39760a62	KEYCLOAK-14972 Add independent GroupProvider interface	2020-08-13 21:13:12 +02:00
Benjamin Weimer	fdcfa6e13e	KEYCLOAK-15156 backchannel logout offline session handling	2020-08-13 08:09:59 -03:00
David Hellwig	ddc2c25951	KEYCLOAK-2940 - draft - Backchannel Logout (#7272) ... * KEYCLOAK-2940 Backchannel Logout Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com> Co-authored-by: David Hellwig <hed4be@bosch.com>	2020-08-12 09:07:58 -03:00
Sebastian Paetzold	4ff34c1be9	KEYCLOAK-14890 Improve null handling in case of missing NameId	2020-08-06 10:45:22 -03:00
vmuzikar	b68d06f91c	KEYCLOAK-13127 Update Account Console to Account REST API v1	2020-08-04 18:43:23 -03:00
vramik	6b00633c47	KEYCLOAK-14812 Create RoleStorageManager	2020-07-31 15:11:25 -03:00
vramik	bfa21c912c	KEYCLOAK-14811 Create RoleProvider and make it independent of ClientProvider and RealmProvider	2020-07-31 15:11:25 -03:00
rmartinc	32bf50e037	KEYCLOAK-14336: LDAP group membership is not visible under "Users in Role" tab for users imported from LDAP	2020-07-30 16:19:22 +02:00
Dillon Sellars	25bb2e3ba2	KEYCLOAK-14529 Signed and Encrypted ID Token Support : RSA-OAEP-256 Key Management Algorithm	2020-07-30 15:20:51 +02:00
vramik	7f979ffbcf	KEYCLOAK-14889 Create test for clientStorageProviderTimeout	2020-07-30 08:42:51 -03:00
Yoshiyuki Tabata	cd76ed0d74	KEYCLOAK-14289 OAuth Authorization Server Metadata for Token Revocation	2020-07-29 11:41:56 +02:00
Martin Idel	97400827d2	KEYCLOAK-14870: Fix bug where user is incorrectly imported ... Bug: SerializedBrokeredIdentityContext was changed to mirror UserModel changes. However, when creating the user in LDAP, the username must be provided first (everything else can be handled via attributes).	2020-07-29 11:33:41 +02:00
Takashi Norimatsu	0191f91850	KEYCLOAK-14380 Support Requesting Claims using the claims Request Parameter	2020-07-29 09:53:28 +02:00
mposolda	c4fca5895f	KEYCLOAK-14892 NullPointerException when group mappings for LDAP users are accessed	2020-07-28 14:45:06 +02:00
Martin Idel	330a3d8ff5	KEYCLOAK-14904 Fix AccountRestService ... - custom attributes in UserModel are removed during update - this can break caching (doesn't break if user is written to database) - also ensure that we don't accidentally change username and/or firstName/lastName through attributes	2020-07-28 10:03:14 +02:00
Martin Idel	bf411d7567	KEYCLOAK-14869: Fix nullpointer exception in FullNameLDAPStorageMapper ... Setting an attribute should be possible with a list containing no elements or a null list This can happen e.g. when creating users via idps using a UserAttributeStatementMapper. Fix this unprotected access in other classes too	2020-07-28 09:54:37 +02:00
Lorent Lempereur	e82fe7d9e3	KEYCLOAK-13950 SAML2 Identity Provider - Send Subject in SAML requests	2020-07-24 21:41:57 +02:00
mhajas	74988a3f21	KEYCLOAK-14826 Fix non-ssl auth-server tests failures	2020-07-23 14:20:19 +02:00
keycloak-bot	afff0a5109	Set version to 12.0.0-SNAPSHOT	2020-07-22 14:36:15 +02:00
Hynek Mlnarik	8fae2997c9	KEYCLOAK-14553 Improve logging	2020-07-22 00:08:15 +02:00
Hynek Mlnarik	c566b46e8f	KEYCLOAK-14549 Make ClientProvider independent of RealmProvider ... Co-Authored-By: vramik <vramik@redhat.com>	2020-07-22 00:08:15 +02:00
Hynek Mlnarik	ac0011ab6f	KEYCLOAK-14553 Client map store ... Co-Authored-By: vramik <vramik@redhat.com>	2020-07-22 00:08:15 +02:00
Martin Kanis	c5d5423cd3	KEYCLOAK-12265 Move KerberosEmbeddedServer to testsuite	2020-07-21 18:27:09 +02:00
vmuzikar	316f9f46e2	KEYCLOAK-14825 Make adapter tests running with FF to test cookies	2020-07-21 10:25:19 -03:00
Luca Leonardo Scorcia	9204402514	KEYCLOAK-14820 Import the NameIDPolicyFormat attribute from SAML IDP metadata descriptors	2020-07-21 12:23:25 +02:00
Takashi Norimatsu	e0fbfa722e	KEYCLOAK-14189 Client Policy : Basics	2020-07-21 07:50:08 +02:00
Douglas Palmer	6d5495141d	[KEYCLOAK-14611] Incorrect error message shown on duplicated email registration	2020-07-20 18:17:54 -03:00
Jan Lieskovsky	969b09f530	[KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final" ... Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com> Co-authored-by: Marek Posolda <mposolda@redhat.com>	2020-07-20 22:15:08 +02:00
Luca Leonardo Scorcia	46bf139cb4	KEYCLOAK-14741 Minor SAML specs compliance improvements	2020-07-20 21:08:12 +02:00
mhajas	93149d6b47	KEYCLOAK-14234 Adjust Adapter testsuite to work with app/auth.server.host including TLS configured	2020-07-20 11:22:16 +02:00
Thomas Vitale	4cd5ace800	KEYCLOAK-9321 Remove invalid token_introspection_endpoint ... The discovery document is advertizing both token_introspection_endpoint and introspection_endpoint. The former has been removed as it is not defined by OAuth2/OIDC.	2020-07-17 11:41:28 +02:00
Erik Jan de Wit	ace64c1f0c	KEYCLOAK-12249 added test to test that time is localized	2020-07-15 14:57:38 -04:00
Pedro Igor	582046bbfe	[KEYCLOAK-13141] - Fixing filter	2020-07-15 11:00:55 -03:00
Luca Leonardo Scorcia	f8a4f66d6c	KEYCLOAK-13698 - SAML Client - Add certificate info to signature ... Adds the X509Data tag to the XML Document signature in AuthnRequests	2020-07-10 23:06:37 +02:00
vmuzikar	7087c081f0	KEYCLOAK-14023 Instagram User Endpoint change ... Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>	2020-07-10 17:36:51 -03:00
Pedro Igor	1db1deb066	[KEYCLOAK-13141] - Supporting re-augmentation	2020-07-10 11:04:46 -03:00
Pavel Drozd	48e4432e9d	KEYCLOAK-14508 - Exclude SessionNotOnOrAfterTest from remote tests	2020-07-10 14:22:11 +02:00
Luca Leonardo Scorcia	d6934c64fd	Refactor SAML metadata generation to use the SAMLMetadataWriter class	2020-07-09 09:39:35 +02:00
Pedro Igor	9c4da9b3ce	[KEYCLOAK-14147] - Request filter refactoring ... Co-authored-by: Stian Thorgersen <stian@redhat.com> Co-authored-by: Martin Kanis <mkanis@redhat.com>	2020-07-07 11:26:12 -03:00
kurisumakise2011	738f24aa38	[KEYCLOAK-14570] Resolve nullpointer issue in controller ... Some ProviderFactory returns null as properties instead of Collections.emptyList() and it leads to NPE. Fix it with using Optional.ofNullable(...).orElse(Collections.emptyList())	2020-07-07 07:46:26 +02:00
Douglas Palmer	9369c7cf4d	Add filter by name to applications endpoint	2020-07-03 15:35:38 -03:00
Martin Idel	8fe25948f7	KEYCLOAK-13959 Add AdvancedAttribute mapper for SAML to allow regexes	2020-07-03 18:19:35 +02:00
Plamen Kostov	914b226d11	[KEYCLOAK-14282] Create additional filtering for GET /users endpoint for enabled/disabled users	2020-07-03 09:07:42 -03:00
Axel Messinese	f30395d535	KEYCLOAK-12687 Add briefRepresentation queryParams to get roles 'composite' endpoints	2020-07-03 09:41:53 +02:00
Bartosz Siemieńczuk	e2040f5d13	KEYCLOAK-14006 Allow administrator to add additional fields to be fetched with Facebook profile request	2020-07-01 18:27:04 -03:00
Eric Rodrigues Pires	de9a0a0a4a	[KEYCLOAK-13044] Fix owner name representations of UMA tickets for client-owned resources	2020-07-01 18:15:22 -03:00
vmuzikar	dc6f7d0547	KEYCLOAK-14635 Saml tests are failing with invalid redirect urls	2020-07-01 13:46:43 +02:00
vmuzikar	001fe9eb11	KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked ... Co-authored-by: mhajas <mhajas@redhat.com>	2020-06-30 17:11:20 -03:00
Douglas Palmer	5e44bb781b	[KEYCLOAK-14344] Cannot revoke offline access for an app if the app doesn't require consent	2020-06-26 14:56:08 -04:00
Martin Idel	05b6ef8327	KEYCLOAK-14536 Migrate UserModel fields to attributes ... - In order to make lastName/firstName/email/username field configurable in profile we need to store it as an attribute - Keep database as is for now (no impact on performance, schema) - Keep field names and getters and setters (no impact on FTL files) Fix tests with logic changes - PolicyEvaluationTest: We need to take new user attributes into account - UserTest: We need to take into account new user attributes Potential impact on users: - When subclassing UserModel, consistency issues may occur since one can now set e.g. username via setSingleAttribute also - When using PolicyEvaluations, the number of attributes has changed	2020-06-25 14:50:57 +02:00
Pedro Igor	337a751aaa	[KEYCLOAK-11330] - Clustering tests for GA	2020-06-24 17:23:45 +02:00
Douglas Palmer	1434f14663	[KEYCLOAK-14346] Base URL for applications is broken	2020-06-23 15:26:07 -03:00
vramik	1b988cc12e	KEYCLOAK-14516 app-server-eap6 tests fails due to compilation error	2020-06-22 13:43:11 +02:00
Hiroyuki Wada	f73b51818b	KEYCLOAK-14113 Support for exchanging to SAML 2.0 token	2020-06-19 22:08:42 +02:00
Dirk Weinhardt	08dca9e89f	KEYCLOAK-13205 Apply locale resolution strategy to admin console.	2020-06-19 10:27:13 -04:00
Peter Skopek	5f78a09db1	KEYCLOAK-13029 kcadm composite role creation fails	2020-06-18 16:37:02 +02:00
vmuzikar	662f7fbccd	KEYCLOAK-14497 Compilation error in UsernameTemplateMapperTest	2020-06-18 09:15:07 -03:00
Martin Bartos	ec9bf6206e	[KEYCLOAK-13202] Reset password redirects to account client	2020-06-18 13:08:36 +02:00
Erik Jan de Wit	c20766f2d7	KEYCLOAK-14140 added more test cases ... Co-authored-by: vmuzikar <vmuzikar@redhat.com>	2020-06-17 13:56:11 -04:00
Thomas Darimont	92ab9c08ae	KEYCLOAK-8100 Expose sub claim in OIDC IdentityBroker Mappers ... We now expose the claims "sub" for use in Identity Broker mappers. Previously claims directly mapped to `JsonWebToken` fields were not accessible for mappings.	2020-06-17 12:56:08 -03:00
Pedro Igor	d331091c5e	[KEYCLOAK-11330] - Quarkus tests	2020-06-17 17:20:55 +02:00
vmuzikar	d71e81ed5e	KEYCLOAK-14235 Support for running broker tests with different hostnames for auth server and IdP	2020-06-17 14:13:00 +02:00
Pedro Igor	a8bad5b9bb	[KEYCLOAK-11330] - Quarkus clustering tests	2020-06-16 10:07:24 -03:00
vramik	c403aa49f7	KEYCLOAK-14087 migration from 9.0.3	2020-06-15 14:47:13 +02:00
mhajas	5d1d75db40	KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration	2020-06-15 14:45:57 +02:00
Jan Lieskovsky	df7d85b38d	[KEYCLOAK-14358] Enable StartTLS LDAP tests ... Thanks to KEYCLOAK-14343 Use Truststore SPI StartTLS bug fix they will work with Truststore SPI used by auth server Wildfly too Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2020-06-11 18:07:53 +02:00
Tero Saarni	3c82f523ff	[KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS ... Signed-off-by: Tero Saarni <tero.saarni@est.tech> Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>	2020-06-11 18:07:53 +02:00
Pedro Igor	e16f30d31f	[KEYCLOAK-2343] - Allow exact user search by user attributes ... Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>	2020-06-10 12:02:50 -03:00
vramik	d63b3ceca4	KEYCLOAK-14141 0 downtime upgrade test	2020-06-10 12:45:34 +02:00
Pedro Igor	6ccde288a3	[KEYCLOAK-11330] - SSL Support	2020-06-09 08:43:52 +02:00
vmuzikar	b192ac4ea7	KEYCLOAK-14233 Support for generating SSL keystore before running testsuite ... Move profile for app server to base	2020-06-08 10:51:54 -03:00
Douglas Palmer	33863ba161	KEYCLOAK-10162 Usage of ObjectInputStream without checking the object types ... Co-authored-by: mposolda <mposolda@gmail.com>	2020-06-08 13:12:08 +02:00
Yoshiyuki Tabata	f03ee2ec98	KEYCLOAK-14145 OIDC support for Client "offline" session lifespan	2020-06-04 14:24:52 +02:00
Denis	8d6f8d0465	EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows	2020-06-04 08:08:52 +02:00
Alfredo Boullosa	2ddfc94495	KEYCLOAK-14115 Add a refresh to avoid failure	2020-06-03 20:13:08 -04:00
Pedro Igor	357982adf6	[KEYCLOAK-11330] - Initial changes to get testsuite working for Quarkus	2020-06-03 09:57:24 -03:00
Jan Lieskovsky	a121f77ea4	[KEYCLOAK-12305] [Testsuite] Check LDAP federated user (in)valid ... login(s) using various authentication methods, bind credential types, and connection encryption mechanisms The tests cover various possible combinations of the following: * Authentication method: Anonymous or Simple (default), * Bind credential: Secret (default) or Vault, * Connection encryption: Plaintext (default), SSL, or startTLS Also, ignore the StartTLS LDAP tests for now till KEYCLOAK-14343 & KEYCLOAK-14354 are corrected (due these issues they aren't working with auth server Wildfly). They will be re-enabled later via KEYCLOAK-14358 once possible Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2020-06-02 14:44:17 +02:00
Pedro Igor	e8dc10b4a1	[KEYCLOAK-11330] - Properly handling POST formdata and UriInfo	2020-06-02 09:36:40 +02:00
stianst	90b29b0e31	KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy	2020-05-29 13:57:38 +02:00
Benjamin Weimer	4265fdcab2	KEYCLOAK-14318 Client Empty Root URL and relative Base URL is valid	2020-05-29 11:21:28 +02:00
vmuzikar	f8dce7fc3e	KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies	2020-05-28 13:37:56 +02:00
Thomas Darimont	e825ec24cb	KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow ... Revised tests	2020-05-27 07:34:05 +02:00
Thomas Darimont	5a337d0376	KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow ... Added missing test	2020-05-27 07:34:05 +02:00
Torsten Juergeleit	6005503a3d	Namespace support to group-ldap-mapper ... Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups. This approach has some limitations: - If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper. - If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted. - There’s no way to inherit roles from a parent KC group. This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group. A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups. This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace. An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.	2020-05-26 17:37:29 +02:00
Hynek Mlnarik	7deb89caab	KEYCLOAK-10729 Do not serialize SAML signature	2020-05-25 15:38:17 +02:00
vmuzikar	e873c70374	KEYCLOAK-14236 Support for custom Firefox preferences	2020-05-22 09:24:41 -03:00
cachescrubber	3382682115	KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … (#6962) ... * KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062). * KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration. Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de> Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de> Co-authored-by: mposolda <mposolda@gmail.com>	2020-05-20 21:04:45 +02:00
Denis	8c7b69fc9e	KEYCLOAK-13748 Create automated test for scenario with alternative subflow for credential reset	2020-05-20 14:06:53 +02:00
Stan Silvert	13d0491ff3	KEYCLOAK-14038: Re-allow special characters for Roles only	2020-05-20 07:53:23 -04:00
Takashi Norimatsu	c057b994e7	KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support	2020-05-20 09:01:59 +02:00
mhajas	4b8c7dd7d7	KEYCLOAK-14048 Allow clock skew when testing refresh token actual expiration time	2020-05-20 08:12:54 +02:00
Takashi Norimatsu	be0ba79daa	KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS	2020-05-19 17:00:41 +02:00
mposolda	12d965abf3	KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP	2020-05-19 16:58:25 +02:00
Martin Kanis	6f43b58ccf	KEYCLOAK-14074 filterIdentityProviders compares providerId instead of alias	2020-05-19 09:46:21 +02:00
Thomas Darimont	6211fa90e0	KEYCLOAK-10932 Honor given_name and family_name in OIDC brokering ... Previously firstname and lastname were derived from the name claim. We now use direct mappings to extract firstname and lastname from given_name and family_name claims. Added test to KcOidcFirstBrokerLoginTest Marked org.keycloak.broker.provider.BrokeredIdentityContext#setName as deprecated to avoid breaking existing integrations.	2020-05-19 09:10:43 +02:00
Álvaro Gómez Giménez	666832d1be	KEYCLOAK-13066 Include resourceType in ScopePermissionRepresentation	2020-05-12 17:11:35 -03:00
Sven-Torben Janus	82d3251ab4	Remove *-imports	2020-05-12 20:50:18 +02:00
Sven-Torben Janus	fcb0e450a0	KEYCLOAK-13817 Return local user from LDAPStorageProvider	2020-05-12 20:50:18 +02:00
Yoshiyuki Tabata	f7d00fc2e9	KEYCLOAK-13844 "exp" claim should not be "0" when using offline token	2020-05-12 16:14:37 +02:00
stianst	49db2c13a5	KEYCLOAK-8141 Fix issue where attribute values are duplicated if updates to user are done in parallell	2020-05-12 09:06:44 +02:00
Pedro Igor	44c49d69a7	[KEYCLOAK-13071] - AuthorizationTokenService swallows Exceptions thrown by KeycloakIdentity	2020-05-08 09:21:37 +02:00
Takashi Norimatsu	3716bd96ad	KEYCLOAK-14093 Specify Signature Algorithm in Signed JWT with Client Secret	2020-05-07 11:28:39 +02:00
Takashi Norimatsu	0d0617d44a	KEYCLOAK-13720 Specify Signature Algorithm in Signed JWT Client Authentication	2020-05-05 17:43:00 +02:00
rmartinc	f0852fd362	KEYCLOAK-13823: "Dir" Full export/import: On import, service account roles and authorization info are not imported	2020-05-05 17:05:56 +02:00
Vanrar68	85feda3beb	KEYCLOAK-13998 ConditionalRoleAuthenticator doesn't work with composite roles	2020-05-05 08:39:04 +02:00
Martin Bartos	7ebdca48d3	[KEYCLOAK-13572] Doesn't observe After events due to assume check	2020-05-04 17:31:44 +02:00
Michael Riedmann	66c7ec6b08	[KEYCLOAK-13995] added test for clientUpdate with ProtocolMappers	2020-05-04 17:13:57 +02:00
Erik Jan de Wit	435815249b	KEYCLOAK-12783 changed to base account url for new console	2020-05-04 07:16:15 -04:00
Hynek Mlnarik	32f13016fa	KEYCLOAK-12874 Align Destination field existence check with spec	2020-05-04 09:19:44 +02:00
Martin Kanis	aa309b96a8	KEYCLOAK-13682 NPE when refreshing token after enabling consent	2020-04-30 08:46:21 +02:00
keycloak-bot	ae20b7d3cd	Set version to 11.0.0-SNAPSHOT	2020-04-29 12:57:55 +02:00
Yoshiyuki Tabata	874642fe9e	KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC	2020-04-28 15:34:25 +02:00
stianst	5b017e930d	KEYCLOAK-13128 Security Headers SPI and response filter	2020-04-28 15:28:24 +02:00
Yoshiyuki Tabata	b40c12c712	KEYCLOAK-5325 Provide OAuth token revocation capability	2020-04-28 15:25:22 +02:00
Erik Jan de Wit	ab2d1546b4	fix merge errors	2020-04-27 09:09:31 -04:00
Erik Jan de Wit	7580be8708	KEYCLOAK-13121 added the basic functionality	2020-04-27 09:09:31 -04:00
Stefan Guilhen	da1138a8d2	[KEYCLOAK-13005] Make sure the master URL is used if the consumer POST or REDIRECT URL is an empty string ... - Fixes issue where admin console sets an empty string when the consumer POST or REDIRECT URL is deleted	2020-04-27 14:25:03 +02:00
Pedro Igor	44b489b571	[KEYCLOAK-13656] - Deny request if requested scope is not associated to resource or any typed resources	2020-04-27 08:39:38 +02:00
Pedro Igor	dacbe22d53	[KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource	2020-04-27 08:38:55 +02:00
Martin Idel	7e8018c7ca	KEYCLOAK-11862 Add Sync mode option ... - Store in config map in database and model - Expose the field in the OIDC-IDP - Write logic for import, force and legacy mode - Show how mappers can be updated keeping correct legacy mode - Show how mappers that work correctly don't have to be modified - Log an error if sync mode is not supported Fix updateBrokeredUser method for all mappers - Allow updating of username (UsernameTemplateMapper) - Delete UserAttributeStatementMapper: mapper isn't even registered Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513 The mapper won't work as specified and it's not easy to tests here - Fixup json mapper - Fix ExternalKeycloakRoleToRoleMapper: Bug: delete cannot work - just delete it. Don't fix it in legacy mode Rework mapper tests - Fix old tests for Identity Broker: Old tests did not work at all: They tested that if you take a realm and assign the role, this role is then assigned to the user in that realm, which has nothing to do with identity brokering Simplify logic in OidcClaimToRoleMapperTests - Add SyncMode tests to most mappers Added tests for UsernameTemplateMapper Added tests to all RoleMappers Add test for json attribute mapper (Github as example) - Extract common test setup(s) - Extend admin console tests for sync mode Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>	2020-04-24 15:54:32 +02:00
Pedro Igor	8f5e58234e	[KEYCLOAK-11317] - IDP review profile allows empty username	2020-04-24 10:52:59 -03:00
Douglas Palmer	d4eeed306b	[KEYCLOAK-11764] Upgrade to Wildfly 19	2020-04-24 08:19:43 -03:00
Bart Monhemius	9389332675	[KEYCLOAK-13927] Accept only ticketId instead of the PermissionTicketRepresentation for delete in PermissionResource	2020-04-23 15:59:43 -03:00
Bart Monhemius	acc5ab9e44	[KEYCLOAK-13927] Allow deleting permission tickets with the Authz client	2020-04-23 15:59:43 -03:00
Martin Kanis	a04c70531a	KEYCLOAK-9623 Disabling logged in user will not allow other user to login after he is thrown out of his session	2020-04-23 14:40:25 +02:00
Takashi Norimatsu	8513760e25	KEYCLOAK-12176 WebAuthn: show the attestation statement format in the admin console	2020-04-23 10:01:19 +02:00
mhajas	1db87acc98	KEYCLOAK-13852 reset time at the end of testTokenConcurrentRefresh test	2020-04-22 15:06:28 +02:00
mposolda	83255e1b08	KEYCLOAK-13922 MigrationModelTest failing in latest master	2020-04-22 14:05:34 +02:00
Thomas Darimont	12e53e6f11	KEYCLOAK-11003 Remove UPDATE_PASSWORD RequiredAction on non-temporary password reset ... We now remove a potentially existing UPDATE_PASSWORD action when explicitly assigning a non-temporary password. Adapted tests to use a temporary password when UpdatePassword required actions were used.	2020-04-22 10:59:49 +02:00
Thomas Darimont	f9f71039ae	KEYCLOAK-13566 ValidateUsername should raise USER_NOT_FOUND event if the user lookup fails	2020-04-21 21:11:11 +02:00
Pedro Igor	cbab159aa8	[KEYCLOAK-8071] - Properly validating requested scopes	2020-04-21 12:23:59 +02:00
mposolda	38195ca789	KEYCLOAK-12842 Not possible to update user with multivalued LDAP RDN	2020-04-21 11:35:41 +02:00
aboullos	2945eb63b7	KEYCLOAK-8836 Add test to check product name on welcome page ... Modify import KEYCLOAK-8836 Add test to check product name on welcome page	2020-04-21 11:30:20 +02:00
keycloak-bot	33314ae3ca	Set version to 10.0.0-SNAPSHOT	2020-04-21 09:19:32 +02:00
mposolda	b29810c923	KEYCLOAK-13306 Model fixes for check realm when lookup by ID ... (cherry picked from commit e40a62de31f6f5d326234314a9e285010665f707)	2020-04-21 08:19:50 +02:00
mposolda	821405e175	KEYCLOAK-10852 Inconsistency when using 'forgot password' after changing email directly in LDAP	2020-04-16 12:28:41 +02:00
Pedro Igor	acfbdf6b0e	[KEYCLOAK-13187] - Concurrency issue when refreshing tokens and updating security context state	2020-04-16 12:25:42 +02:00
Pedro Igor	21597b1ff2	[KEYCLOAK-13581] - Fixing client pagination when permission is enabled	2020-04-14 16:57:27 -03:00
mposolda	4f1985826c	KEYCLOAK-12934 LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY user roles retrieve strategy role-ldap-mapper option should only be displayed if LDAP provider vendor is Active Directory	2020-04-14 20:01:55 +02:00
stianst	1f02f87a6e	KEYCLOAK-13565 Add support for kc_action to keycloak.js ... Co-authored-by mhajas <mhajas@redhat.com>	2020-04-14 19:23:56 +02:00
stianst	97b5654690	KEYCLOAK-13285 Enable check identity for email	2020-04-14 19:22:57 +02:00
mhajas	845195780e	KEYCLOAK-13758 Exclude some tests for remote runs	2020-04-08 16:38:58 +02:00
Pedro Igor	b60b85ab65	[KEYCLOAK-7450] - Match subject when validating id_token returned from external OP	2020-04-06 13:43:19 +02:00
mposolda	6f62c0ed98	KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console	2020-03-27 13:29:55 +01:00
mposolda	bf92bd16b0	KEYCLOAK-13383 WebAuthnRegisterAndLoginTest fails with -Dproduct with auth-server-eap	2020-03-26 16:27:23 +01:00
vramik	330d5b2c25	KEYCLOAK-13384 exclude IdentityProviderTest.failCreateInvalidUrl from remote-tests	2020-03-26 14:04:38 +01:00
vramik	780d11e790	KEYCLOAK-13571 KcinitTest fails with -Dproduct due to skipped maven plugin exacution	2020-03-26 14:03:11 +01:00
Pedro Igor	b812159193	[KEYCLOAK-10675] - Deleting an Identity Provider doesn't remove the associated IdP Mapper for that user	2020-03-26 11:41:17 +01:00
Pedro Igor	1b8369c7d5	[KEYCLOAK-13385] - Better message when saving a provider with invalid URLs	2020-03-26 08:46:44 +01:00
mhajas	b2b790cd1d	KEYCLOAK-10797 Unignore hawtio on eap6 test	2020-03-24 15:10:40 +01:00
mhajas	8b96882a1c	KEYCLOAK-12972 Fix fuse tests	2020-03-24 14:50:54 +01:00
keycloak-bot	f6a592b15a	Set version to 9.0.4-SNAPSHOT	2020-03-24 08:31:18 +01:00
mposolda	5ddd605ee9	KEYCLOAK-13259	2020-03-24 05:32:41 +01:00
mposolda	9474dd6208	KEYCLOAK-12986 BruteForceProtector does not log failures when login failure in PostBroker flow	2020-03-24 05:32:10 +01:00
Martin Kanis	e6e0e6945d	KEYCLOAK-12156 LogoutEndpoint does not verify token type of id_token_hint ... Co-authored-by: Martin Kanis <mkanis@redhat.com> Co-authored-by: Marek Posolda <mposolda@redhat.com>	2020-03-24 05:31:36 +01:00
Pedro Igor	ec63245ac8	[KEYCLOAK-13386] - SslRequired.EXTERNAL doesn't work for identity broker validations	2020-03-23 12:16:43 -03:00
mposolda	3e82473a90	KEYCLOAK-13369 Not possible to move groups in admin console	2020-03-23 10:17:23 +01:00
mposolda	61fd66e107	KEYCLOAK-13368 TestClassProvider undertow server not stopped after testsuite	2020-03-23 07:10:17 +01:00
Pavel Drozd	6cc897e319	KEYCLOAK-8372 - User Federation tests - fixing for different vendors (#6909)	2020-03-20 11:36:35 +01:00
Dmitry Telegin	3b24465141	KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking (#6828) ... * KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking * KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow * KEYCLOAK-12870: remove "already authenticated as different user" check and message * KEYCLOAK-12870: translations * KEYCLOAK-12870: fix tests	2020-03-20 07:41:35 +01:00
Pedro Igor	2eab44d3f3	[KEYCLOAK-13273] - Remove group policy when group is removed	2020-03-20 07:40:18 +01:00
rmartinc	a8e74196d1	KEYCLOAK-4923: Client Service Account Roles are not exported	2020-03-19 11:38:33 -03:00
Aboullos	f8dc7c0329	KEYCLOAK-13007 Add LDAPAccountTest	2020-03-18 10:11:59 -03:00
Stan Silvert	fff8571cfd	KEYCLOAK-12768: Prevent reserved characters in URLs	2020-03-18 07:40:24 +01:00
Stefan Guilhen	8c627fdb20	[KEYCLOAK-13036] Fix KeycloakElytronCSVaultTest failures on IBM JDK ... - credential store is generated on the fly for the test, avoiding incompatibilities between implementations of keystores	2020-03-17 17:07:55 +01:00
mposolda	56d1ab19a8	KEYCLOAK-11412 Display more nice error message when creating top level group with same name	2020-03-16 21:03:46 +01:00
mposolda	d7688f6b12	KEYCLOAK-12869 REST sends credential type when no credential exists and credential disabled	2020-03-16 21:02:40 +01:00
Stan Silvert	1f1ed36b71	KEYCLOAK-9782: Do not allow duplicate group name when updating	2020-03-13 10:13:45 -04:00
Sebastian Laskawiec	8774a0f4ba	KEYCLOAK-12881 KEYCLOAK-13099 Update FederatedIdentities and Groups on POST	2020-03-12 14:57:02 +01:00
mposolda	72e4690248	KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage	2020-03-11 12:51:56 +01:00
mposolda	803f398dba	KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage	2020-03-11 12:51:56 +01:00
Thomas Darimont	cd51ff3474	KEYCLOAK-13186 Remove role information from RefreshTokens ... We now no longer expose role assignment information into the RefreshToken. Previously RefreshTokens contained information about the realm and client specific roles which are assigned to a user. Since the role information is usually either taken from the AccessToken, IDToken or the User-Info endpoint and the RefreshToken is an internal format which is opaque to the client, it would be a waste of space to keep that information in the RefreshToken. See: https://lists.jboss.org/pipermail/keycloak-dev/2019-April/011936.html	2020-03-11 06:28:22 +01:00
rmartinc	ad3b9fc389	KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups	2020-03-11 06:14:29 +01:00
mposolda	bc1146ac2f	KEYCLOAK-10029 Offline token migration fix. Always test offline-token migration when run MigrationTest	2020-03-10 20:38:16 +01:00
Pedro Igor	b7a395a3ef	[KEYCLOAK-11345] - Test basic features of Keycloak.X with current tetsuite	2020-03-10 15:59:35 +01:00
Sebastian Schuster	99aba33980	KEYCLOAK-13163 Fixed searching for user with fine-grained permissions	2020-03-09 09:56:13 -03:00
vmuzikar	8cfd4d60e6	KEYCLOAK-13069 Fix failing RH-SSO base tests	2020-03-09 13:50:40 +01:00
Phy	8aa5019efe	KEYCLOAK-13074 Don't return LDAP group members if under IMPORT mode ... If GroupLDAPStorageMapper is running under IMPORT mode, getGroupMembers should not return users in LDAP, which, according to how UserStorageManager.query works (getting both user federation and Keycloak storage), will cause duplicate users in the list. A test has been added as well, which will fail before the fix in the mapper.	2020-03-06 11:44:36 +01:00
stianst	ed97d40939	KEYCLOAK-9851 Removed properties from realm json attributes that are included as fields	2020-03-05 17:59:50 +01:00
mabartos	a1bbab9eb2	KEYCLOAK-12799 Missing Cancel button on The WebAuthn setup screen when using AIA	2020-03-05 15:04:38 +01:00
Pedro Igor	23b4aee445	[KEYCLOAK-13056] - Searching clients with reduced permissions results in 403	2020-03-05 13:39:25 +01:00
Pedro Igor	30b07a1ff5	[KEYCLOAK-13175] - Setting the enforcement mode when fetching lazily fetching resources	2020-03-05 13:31:21 +01:00
stianst	75a772f52b	KEYCLOAK-10967 Add JSON body methods for test ldap and smtp connections. Deprecate old form based methods.	2020-03-05 10:07:58 +01:00
Pedro Igor	2f489a41eb	[KEYCLOAK-12192] - Missing Input Validation in IDP Authorization URLs	2020-03-05 06:32:35 +01:00
Hynek Mlnarik	0cf0955318	KEYCLOAK-13181 Fix NPE in EAP 6 adapter	2020-03-04 10:19:43 +01:00
Jon Koops	c1bf183998	KEYCLOAK-9346 Add new KeycloakPromise to support native promises ... Co-authored-by: mhajas <mhajas@redhat.com>	2020-03-04 08:53:35 +01:00
Douglas Palmer	dfb67c3aa4	[KEYCLOAK-12980] Username not updated when "Email as username" is enabled	2020-03-03 10:26:35 +01:00
Pedro Igor	49b1dbba68	[KEYCLOAK-11804] - Block service accounts to authenticate or manage credentials	2020-03-03 06:48:02 +01:00
Hynek Mlnarik	f45f882f0c	KEYCLOAK-11903 Test for XSW attacks	2020-03-02 21:26:13 +01:00
mhajas	df11a8a864	KEYCLOAK-12606 Add test	2020-03-02 20:07:52 +01:00
vramik	7c91e36e43	KEYCLOAK-10898 WildFly Adapter CLI based installation scripts	2020-03-02 10:08:45 +01:00
mhajas	d3bebb4746	KEYCLOAK-12884 Add more tests for SameSite	2020-02-28 16:19:44 +01:00
mhajas	9b81c42525	KEYCLOAK-13113 Exclude tests for Tomcat	2020-02-28 13:35:33 +01:00
mabartos	695fb92241	KEYCLOAK-13070 UserConsentWithUserStorageModelTest failing with ModelDuplicateException	2020-02-27 21:25:49 +01:00
Hynek Mlnarik	aecfe251e4	KEYCLOAK-12816 Fix representation to model conversion	2020-02-27 21:11:24 +01:00
Douglas Palmer	85d7216228	[KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import	2020-02-27 09:45:48 -03:00
vramik	f1e54455e7	KEYCLOAK-13111 Move execution of db-allocator-plugin to jpa profile	2020-02-27 11:51:05 +01:00
mhajas	3db55727ca	KEYCLOAK-12979 Fix group-attribute parsing	2020-02-27 10:48:03 +01:00
vramik	e2bd99e9e4	KEYCLOAK-13097 fix UserStorageTest - add cleanup after test	2020-02-27 10:46:38 +01:00
Pedro Igor	a830818a84	[KEYCLOAK-12794] - Missing id token checks in oidc broker	2020-02-27 09:13:29 +01:00
Erik Jan de Wit	8297c0c878	KEYCLOAK-11155 split on first '=' instead of all	2020-02-27 09:12:51 +01:00
Erik Jan de Wit	93a1374558	KEYCLOAK-11129 coalesce possible null values	2020-02-27 09:11:29 +01:00
Pedro Igor	1c71eb93db	[KEYCLOAK-11576] - Properly handling redirect_uri parser errors	2020-02-27 08:29:06 +01:00
stianst	950eae090f	KEYCLOAK-13054 Unblock temporarily disabled user on password reset, and remove invalid error message	2020-02-27 08:05:46 +01:00
vmuzikar	de8ba75399	KEYCLOAK-12635 KEYCLOAK-12935 KEYCLOAK-13023 UI test fixes	2020-02-26 15:54:44 -03:00
Martin Bartoš	eaaff6e555	KEYCLOAK-12958 Preview feature profile for WebAuthn (#6780) ... * KEYCLOAK-12958 Preview feature profile for WebAuthn * KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server * KEYCLOAK-12958 WebAuthn profile product/project Co-authored-by: Marek Posolda <mposolda@gmail.com>	2020-02-26 08:45:26 +01:00
stianst	9e47022116	KEYCLOAK-8044 Clear theme caches on hot-deploy	2020-02-20 08:50:10 +01:00
stianst	d8d81ee162	KEYCLOAK-12268 Show page not found for /account/log if events are disabled for the realm	2020-02-20 08:49:30 +01:00
stianst	9a3a358b96	KEYCLOAK-11700 Lower-case passwords before checking with password blacklist	2020-02-20 08:33:46 +01:00
stianst	536824beb6	KEYCLOAK-12960 Use Long for time based values in JsonWebToken	2020-02-19 15:46:05 +01:00
Stefan Guilhen	7a3998870c	[KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs ... - no longer compare them to the server absolutePath; instead use the base URI to build the validation URL	2020-02-18 16:38:19 -03:00
mposolda	eeeaafb5e7	KEYCLOAK-12858 Authenticator is sometimes required even when configured as alternative	2020-02-18 09:05:59 +01:00
Thomas Darimont	67ddd3b0eb	KEYCLOAK-12926 Improve Locale based message lookup ... We now consider intermediate Locales when performing a Locale based ResourceBundle lookup, before using an Locale.ENGLISH fallback. Co-authored-by: stianst <stianst@gmail.com>	2020-02-18 08:43:46 +01:00
keycloak-bot	d352d3fa8e	Set version to 9.0.1-SNAPSHOT	2020-02-17 20:38:54 +01:00
Adamczyk Błażej	497787d2cd	[KEYCLOAK-10696] - fixed missing client role attributes after import	2020-02-17 10:01:19 +01:00
mposolda	a76c496c23	KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users	2020-02-14 20:24:42 +01:00
Douglas Palmer	876086c846	[KEYCLOAK-12161] "Back to Application" link is shown with link to current page	2020-02-14 10:37:32 -03:00
stianst	f0e3122792	KEYCLOAK-12953 Ignore empty realm frontendUrl	2020-02-14 11:33:07 +01:00
stianst	42773592ca	KEYCLOAK-9632 Improve handling of user locale	2020-02-14 08:32:20 +01:00
Pedro Igor	7efaf9869a	[KEYCLOAK-12864] - OIDCIdentityProvider with Reverse Proxy	2020-02-13 15:01:10 +01:00
mabartos	90b35cc13d	KEYCLOAK-10420 Broker tests don't work with RH-SSO	2020-02-12 18:33:55 +01:00
mabartos	1bdf77f409	KEYCLOAK-12065 UserSessionInitializerTest is failing	2020-02-12 17:39:28 +01:00
mhajas	c3f0b342bf	KEYCLOAK-12964 Fix adapter remote tests execution deciding	2020-02-12 16:04:44 +01:00
mhajas	1bb238d20f	KEYCLOAK-12950 Use maven-plugin to configure shrinkwrap resolver	2020-02-12 16:04:44 +01:00
mhajas	f28ca30e6d	KEYCLOAK-12963 Exclude testNoPortInDestination test for remote container	2020-02-12 13:18:51 +01:00
Peter Zaoral	b0ffea699e	KEYCLOAK-12186 Improve the OTP login form ... -created and implemented login form design, where OTP device can be selected -implemented selectable-card-view logic in jQuery -edited related css and ftl theme resources -fixed affected BrowserFlow tests Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2020-02-12 11:25:02 +01:00
vramik	3d22644bbe	KEYCLOAK-12237 Fix WelcomePageTest on Postgresql	2020-02-12 10:43:29 +01:00
Peter Skopek	622a97bd1c	KEYCLOAK-12228 Sensitive Data Exposure ... from patch of hiba haddad haddadhiba0@gmail.com	2020-02-12 09:57:31 +01:00
stianst	3c0cf8463a	KEYCLOAK-12821 Check if action is disabled in realm before executing	2020-02-12 09:04:43 +01:00
stianst	6676b9bba0	Fix	2020-02-12 08:23:25 +01:00
stianst	0b8adc7874	KEYCLOAK-12921 Fix NPE in client validation on startup	2020-02-12 08:23:25 +01:00
stianst	dda829710e	KEYCLOAK-12829 Require PKCE for admin and account console	2020-02-12 08:22:20 +01:00
Thomas Darimont	7969aed8e0	KEYCLOAK-10931 Trigger UPDATE_PASSWORD event on password update via AccountCredentialResource	2020-02-11 19:51:58 +01:00
Martin Kanis	1d54f2ade3	KEYCLOAK-9563 Improve access token checks for userinfo endpoint	2020-02-11 15:09:21 +01:00
mhajas	e5935d8069	KEYCLOAK-12764 Fix shrinkwrap issue by updating arquillian bom version	2020-02-08 10:51:48 +01:00
stianst	ecec20ad59	KEYCLOAK-12193 Internal error message returned in error response	2020-02-07 18:10:41 +01:00
Pedro Igor	da0e2aaa12	[KEYCLOAK-12897] - Policy enforcer should just deny when beare is invalid	2020-02-07 15:04:45 +01:00
mabartos	a5d02d62c1	KEYCLOAK-12908 TOTP not accepted in request for Access token	2020-02-07 13:17:05 +01:00
stianst	5d1fa8719e	KEYCLOAK-12190 Fix PartialImportTest for client validation	2020-02-07 11:44:09 +01:00
stianst	7545749632	KEYCLOAK-12190 Add validation for client root and base URLs	2020-02-07 09:09:40 +01:00
Pedro Igor	fc514aa256	[KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering	2020-02-06 13:16:01 +01:00
Pedro Igor	199e5dfa3e	[KEYCLOAK-12909] - Keycloak uses embedded cache manager instead of container-managed one	2020-02-06 13:14:36 +01:00
Dmitry Telegin	b6c5acef25	KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID	2020-02-06 08:53:31 +01:00
Axel Messinese	b73553e305	Keycloak-11526 search and pagination for roles	2020-02-05 15:28:25 +01:00
mhajas	66350f415c	KEYCLOAK-12849 Exclude SameSite tests in non-SSL test runs	2020-02-05 11:44:07 +01:00
rmartinc	d39dfd8688	KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters	2020-02-05 11:30:28 +01:00
Martin Bartoš	b0c4913587	KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability (#6710)	2020-02-05 08:35:47 +01:00
Thomas Darimont	42fdc12bdc	KEYCLOAK-8573 Invalid client credentials should return Unauthorized status (#6725)	2020-02-05 08:27:15 +01:00
vmuzikar	0801cfb01f	KEYCLOAK-12105 Add UI tests for Single page to manage credentials	2020-02-04 15:18:52 -03:00
rmartinc	5b9eb0fe19	KEYCLOAK-10884: Need clock skew for SAML identity provider	2020-02-03 22:00:44 +01:00
Jan Lieskovsky	b532570747	[KEYCLOAK-12168] Various setup TOTP screen usability improvements (#6709) ... On both the TOTP account and TOTP login screens perform the following: * Make the "Device name" label optional if user registers the first TOTP credential. Make it mandatory otherwise, * Denote the "Authenticator code" with asterisk, so it's clear it's required field (always), * Add sentence to Step 3 of configuring TOTP credential explaining the user to provide device name label, Also perform other CSS & locale / messages file changes, so the UX is identical when creating OTP credentials on both of these pages Add a corresponding testcase Also address issues pointed out by mposolda's review. Thanks, Marek! Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2020-02-03 19:34:28 +01:00
Marek Posolda	154bce5693	KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … (#6668)	2020-02-03 19:23:30 +01:00
vramik	337e8f8fad	KEYCLOAK-12240 MigrationModelTest fails in pipeline	2020-02-03 13:14:53 +01:00
Leon Graser	01a42f417f	Search and Filter for the count endpoint	2020-02-03 09:36:30 +01:00
Pedro Igor	ed2d392a3d	[KEYCLOAK-9666] - Entitlement request with service account results in server error	2020-02-03 08:57:56 +01:00
Pedro Igor	658a083a0c	[KEYCLOAK-9600] - Find by name in authz client returning wrong resource	2020-02-03 08:57:20 +01:00
Jan Lieskovsky	00a36e5f7b	[KEYCLOAK-12865] Stabilize distribution profile (#6712) ... Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2020-02-01 13:31:54 +01:00
rmartinc	1989483401	KEYCLOAK-12001: Audience support for SAML clients	2020-01-31 15:56:40 +01:00
Marek Posolda	d8e450719b	KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… (#6690) ... * KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata	2020-01-31 14:28:23 +01:00
Bart Monhemius	52fd2b4aa4	KEYCLOAK-12698: Allow setting lifespan on executeActionsEmail	2020-01-31 09:27:07 +01:00
Pedro Igor	c37ca235ab	[KEYCLOAK-11352] - Can't request permissions by name by a non-owner resource service, although the audience is set	2020-01-30 11:36:21 +01:00
Pedro Igor	2a82ed6eea	[KEYCLOAK-9402] - 401 response when enforcement mode is DISABLED	2020-01-30 11:09:32 +01:00
Pedro Igor	873c62bbef	[KEYCLOAK-12569] - User cannot be deleted if he has owned resources / permission tickets ... Co-authored-by: mhajas <mhajas@redhat.com>	2020-01-30 11:08:28 +01:00
Pedro Igor	c821dcf820	[KEYCLOAK-12438] - Scope-based policies falsely give a permit with an empty scope list	2020-01-29 14:02:44 +01:00
Marek Posolda	d46620569a	KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless (#6649)	2020-01-29 09:33:45 +01:00
Takashi Norimatsu	993ba3179c	KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT (#6633)	2020-01-28 14:55:48 +01:00
Stian Thorgersen	87cab778eb	KEYCLOAK-11996 Authorization Endpoint does not return an error when a request includes a parameter more than once (#6696) ... Co-authored-by: stianst <stianst@gmail.com> Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2020-01-24 12:10:56 +01:00
Denis Richtárik	24c6e2ba08	KEYCLOAK-12742 Authentication -> WebAuthn Policy: Unable to delete the Acceptable AAGUIDS via the provided minus (-) button, once set (#6695)	2020-01-24 11:55:20 +01:00
Leon Graser	f1ddd5016f	KEYCLOAK-11821 Add account api roles to the client on creation ... Co-authored-by: stianst <stianst@gmail.com>	2020-01-23 13:10:04 -06:00
Martin Kanis	1fbee8134b	KEYCLOAK-12697 Remove mvel2 from parent pom and licenses	2020-01-23 13:04:31 -06:00
Benjamin Weimer	dd9ad305ca	KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with ... following features * Regex support for claim values. * Support for multiple claims.	2020-01-23 07:17:22 -06:00
mposolda	f0d95da52d	KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt	2020-01-23 05:43:29 -06:00
Denis Richtárik	8d312d748b	KEYCLOAK-12163 Old account console: UI not updated after removing of TOTP (#6688)	2020-01-22 12:26:28 +01:00
vmuzikar	03306b87e8	KEYCLOAK-12125 Introduce SameSite attribute in cookies ... Co-authored-by: mhajas <mhajas@redhat.com> Co-authored-by: Peter Skopek <pskopek@redhat.com>	2020-01-17 08:36:53 -03:00
vmuzikar	475ec6f3e4	Add tests for 'Always Display in Console'	2020-01-17 08:35:01 -03:00
Stan Silvert	568b1586a6	KEYCLOAK-12526: Add 'Always Display in Console' to admin console	2020-01-17 08:35:01 -03:00
Martin Bartos RH	d3f6937a23	[KEYCLOAK-12426] Add username to the login form + ability to reset login	2020-01-17 09:40:13 +01:00
mposolda	85dc1b3653	KEYCLOAK-12426 Add username to the login form + ability to reset login - NOT DESIGN YET	2020-01-17 09:40:13 +01:00
Tomas Kyjovsky	05c428f6e7	KEYCLOAK-12295 After password reset, the new password has low priority (#6653)	2020-01-16 09:11:25 +01:00
Martin Bartoš	5aab03d915	[KEYCLOAK-12184] Remove BACK button from login forms (#6657)	2020-01-15 12:25:37 +01:00
Axel Messinese	789e8c70ce	KEYCLOAK-12630 full representation param for get groups by user endpoint	2020-01-15 10:14:52 +01:00
Axel Messinese	72aff51fca	KEYCLOAK-12670 inconsistent param name full to briefRepresentation	2020-01-15 08:32:57 +01:00
Marek Posolda	8d49409de1	KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector (#6591)	2020-01-14 21:54:45 +01:00
k-tamura	221aad9877	KEYCLOAK-11511 Improve exception handling of REST user creation	2020-01-14 13:34:34 +01:00
vramik	3b1bdb216a	KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem	2020-01-14 13:17:13 +01:00
mhajas	a79d6289de	KEYCLOAK-11416 Fix nil AttributeValue handling	2020-01-10 12:47:09 +01:00
vramik	a2b3747d0e	KEYCLOAK-7014 - Correctly handle null-values in UserAttributes	2020-01-10 12:44:52 +01:00
Pedro Igor	03bbf77b35	[KEYCLOAK-12511] - Mapper not visible in client's mapper list	2020-01-09 10:25:06 +01:00
mposolda	fea7b4e031	KEYCLOAK-12424 SPNEGO / Kerberos sends multiple 401 responses with WWW-Authenticate: Negotiate header when kerberos token is invalid	2020-01-09 10:21:24 +01:00
Thomas Darimont	062cbf4e0a	KEYCLOAK-9925 Use Client WebOrigins in UserInfoEndpoint ... We now use the allowed WebOrigins configured for the client for which the user info is requested. Previously, Web Origins defined on the Client were not being recognized by the /userinfo endpoint unless you apply the "Allowed Web Origins" protocol mapper. This was an inconsistency with how the Web Origins work compared with the /token endpoint.	2020-01-09 10:10:59 +01:00
Pedro Igor	dae212c035	[KEYCLOAK-12312] - Partial import of realm breaking access to client's service account roles	2020-01-09 10:06:32 +01:00
Pedro Igor	c596647241	[KEYCLOAK-11712] - Request body not buffered when using body CIP in Undertow	2020-01-09 10:02:18 +01:00
Pedro Igor	709cbfd4b7	[KEYCLOAK-10705] - Return full resource representation when querying policies by id	2020-01-09 10:00:24 +01:00
vramik	419d9c6351	KEYCLOAK-11597 Remote testing changes + possibility to exclude tests for specific auth server ... Co-Authored-By: <mhajas@redhat.com>	2020-01-06 14:29:36 +01:00
Thomas Darimont	1a7aeb9b20	KEYCLOAK-8249 Improve extraction of Bearer tokens from Authorization headers (#6624) ... We now provide a simple way to extract the Bearer token string from Authorization header with a null fallback. This allows us to have more fine grained error handling for the various endpoints.	2020-01-06 13:58:52 +01:00
mhajas	28b01bc34d	KEYCLOAK-12609 Fix integer overflow for SAML XMLTimeUtil add method parameters	2020-01-06 13:53:16 +01:00
Yoshiyuki Tabata	e96725127f	KEYCLOAK-12165 Fix UserSessionProviderTest to work correctly (#6513)	2020-01-02 17:57:14 +01:00
Marek Posolda	fa453e9c0c	KEYCLOAK-12278 Default first broker login flow is broken after migration (#6556)	2020-01-02 17:53:56 +01:00
Pedro Igor	56d53b191a	[KEYCLOAK-8779] - Fixing PartialImportTest	2019-12-28 06:24:19 -03:00
rmartinc	401d36b446	KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts	2019-12-27 15:59:38 -03:00
Thomas Darimont	0219d62f09	KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens ... As required by the OIDC spec (1) we now return a proper WWW-Authenticate response header if the given token is invalid. 1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError	2019-12-23 07:42:06 -03:00
Pedro Igor	946088d48d	[KEYCLOAK-12109] - Resolving authz discovery url using KeycloakUriBuilder	2019-12-19 14:18:21 +01:00
Pedro Igor	3bd193acd7	[KEYCLOAK-12412] - Policy enforcer should consider charset when comparing the content-type of the request	2019-12-19 14:14:33 +01:00
Stefan Guilhen	9f69386a53	[KEYCLOAK-11707] Add support for Elytron credential store vault ... - Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store - Introduces an abstract provider and factory that unifies code that is common to the existing implementations - Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm and key names when constructing the vault entry id - Introduces a keyResolvers property to the existing implementation via superclass that allows for the configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats are tried in the order they were declared when retrieving a secret from the vault - Adds more tests for the files-plaintext provider using the new key resolvers - Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is needed because the new provider is available only as a Wildfly extension	2019-12-18 11:54:06 +01:00
harture	26458125cb	[KEYCLOAK-12254] Fix re-evaluation of conditional flow (#6558)	2019-12-18 08:45:11 +01:00
Douglas Palmer	106e6e15a9	[KEYCLOAK-11859] Added option to always display a client in the accounts console	2019-12-17 17:12:49 -03:00
vramik	c3d80651bf	KEYCLOAK-12473 Add possibility to specify length of event detail when storing to database	2019-12-17 17:15:50 +01:00
vmuzikar	4f7b56d227	KEYCLOAK-12106 UI tests for Device Activity page	2019-12-16 14:26:58 -03:00
Douglas Palmer	af0594b58d	[KEYCLOAK-12463] Fixed missing consents	2019-12-12 17:27:54 -03:00
Douglas Palmer	f9fa5b551d	[KEYCLOAK-5628] Added application endpoint	2019-12-11 13:06:04 -03:00
Martin Bartoš	2cf6483cdf	[KEYCLOAK-12044] Fix messages in the UsernameForm (#6548)	2019-12-11 10:59:46 +01:00
mposolda	0f3e0f4d4e	KEYCLOAK-12432 Compilation error in latest master in LDAPHardcodedAttributeTest	2019-12-10 18:01:11 -03:00
Cédric Couralet	bde94f2f08	KEYCLOAK-11770 add an hardcoded attribute mapper (#6396) ... Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>	2019-12-10 12:57:46 +01:00
Denis Richtárik	48bddc37ae	KEYCLOAK-12011 Remove cancel button from OTP form (#6511) ... * KEYCLOAK-12011 Remove cancel button from OTP form * Remove back button	2019-12-09 19:23:26 +01:00
stianst	30e024a3c9	KEYCLOAK-12167 Remove need for Arquillian deployment to load test classes	2019-12-06 12:46:08 +01:00
Yoshiyuki Tabata	b2664c7ef9	KEYCLOAK-12094 "client-session-stats" not search null client information (#6554)	2019-12-06 10:37:25 +01:00
Martin Bartoš	e405ce6e97	[KEYCLOAK-11824] Fix bug with only one value of the authentication model execution requirement (#6570)	2019-12-05 18:28:00 +01:00
Cristian Schuszter	5c7ce775cf	KEYCLOAK-11472 Pagination support for clients ... Co-authored-by: stianst <stianst@gmail.com>	2019-12-05 08:17:17 +01:00
vmuzikar	072cd9f93f	KEYCLOAK-12329 Fix linking accounts in the new Account Console	2019-12-03 18:49:40 -03:00
Martin Kanis	73d1a26040	KEYCLOAK-11773 Front-channel logout with identity brokering does not work after browser restart	2019-12-03 08:17:54 +01:00
vmuzikar	f426643225	KEYCLOAK-11744 KEYCLOAK-11271 New Account Console testsuite	2019-11-28 08:32:48 -03:00
Jan Lieskovsky	9a5fda5ec9	[KEYCLOAK-11748] Add multiple OTP tokens configured Direct Access Grant test (#6546) ... Add a Direct Access Grant test to verify, when the user has multiple OTP authenticators configured, they can properly login using the 1-th one of them (IOW the 1-th OTP token is the preferred credential) Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2019-11-28 09:34:53 +01:00
harture	129c689855	[KEYCLOAK-12253] Fix conditional authenticators are evaluated even if they are disabled (#6553)	2019-11-28 09:30:31 +01:00
Martin Kanis	685d49c693	KEYCLOAK-11967 Violation of UNIQUE KEY constraint SIBLING_NAMES (#6485)	2019-11-26 16:00:50 +01:00
rmartinc	82ef5b7927	KEYCLOAK-12000: Allow overriding time lifespans on a SAML client	2019-11-26 10:02:34 +01:00
Pedro Igor	cee884e4a7	[KEYCLOAK-8406] - Remove Drools/Rules Policy	2019-11-22 15:38:51 +01:00
Yoshiyuki Tabata	0a9d058b81	KEYCLOAK-12150 change error response from invalid_request to unsupported_grant_type	2019-11-22 11:11:07 +01:00
Yoshiyuki Tabata	a36cfee84b	KEYCLOAK-12149 change error response from invalid_grant to unauthorized_client	2019-11-22 11:10:16 +01:00
Yoshiyuki Tabata	4117710379	KEYCLOAK-12019 change error response from unsupported_response_type to unauthorized_client	2019-11-22 11:03:02 +01:00
Martin Kanis	50ec24557e	KEYCLOAK-12117 X509BrowserLoginTest failing in pipeline	2019-11-21 11:35:10 +01:00
stianst	3731e36ece	KEYCLOAK-12069 Add account-console client for new account console	2019-11-20 08:48:40 -05:00
Ramon Spahr	0f00e23f96	KEYCLOAK-10977 Allow disabling Kerberos athentication with LDAP federation provider (#6422)	2019-11-18 14:12:26 +01:00
keycloak-bot	76aa199fee	Set version to 9.0.0-SNAPSHOT	2019-11-15 20:43:21 +01:00
Stefan Guilhen	9a7c1a91a5	KEYCLOAK-10780 Stop creating placeholder e-mails for service accounts (#228)	2019-11-15 15:08:29 +01:00
k-tamura	43e2370f21	KEYCLOAK-11772 Fix temporary credential property to work correctly	2019-11-15 08:48:12 +01:00
stianst	3a36569e20	KEYCLOAK-9129 Don't expose Keycloak version in resource paths	2019-11-15 08:21:28 +01:00
AlistairDoswald	4553234f64	KEYCLOAK-11745 Multi-factor authentication (#6459) ... Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch> Co-authored-by: Francis PEROT <francis.perot@elca.ch> Co-authored-by: rpo <harture414@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com> Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com> Co-authored-by: Denis <drichtar@redhat.com> Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>	2019-11-14 14:45:05 +01:00
Andy Munro	e7e49c13d5	KEYCLOAK-11413 Update UI messages ... Co-authored-by: stianst <stianst@gmail.com> Made a couple more spelling corrections.	2019-11-14 12:31:05 +01:00
Martin Kanis	25511d4dbf	KEYCLOAK-9651 Wrong ECDSA signature R and S encoding	2019-11-13 15:32:51 +01:00
sarveshtamba	0525fb43b9	Update pom.xml	2019-11-11 11:16:07 -03:00
stianst	b8881b8ea0	KEYCLOAK-11728 New default hostname provider ... Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>	2019-11-11 12:25:44 +01:00
Patrick Teubner	b3d87b52c2	KEYCLOAK-11888 Fix inconsistent pagination of groups by ordering the results of 'getTopLevelGroupIds' query	2019-11-11 09:22:51 +01:00
stianst	062841a059	KEYCLOAK-11898 Refactor AIA implementation	2019-11-08 16:03:07 -03:00
Martin Bartoš	bf8184221a	KEYCLOAK-11838: Fixed unstable RefreshTokenTest (#6455)	2019-11-08 08:53:23 +01:00
mhajas	b74f69c5ac	KEYCLOAK-11779 Make feature controller which takes care of enabling/disabling features including restarting container if needed	2019-11-07 09:35:11 +01:00
vmuzikar	b13fa2d16a	KEYCLOAK-11602 Add token exchange test to OpenShift 3 social login test	2019-11-06 06:49:10 -03:00
vmuzikar	bf5cca52a4	KEYCLOAK-11675 Fix unstable Google Social Login test	2019-11-06 06:49:10 -03:00
Stan Silvert	041229f9ca	KEYCLOAK-7429: Linked Accounts REST API	2019-11-05 16:03:21 -05:00
Peter Skopek	d0386dab85	KEYCLOAK-8785 remove k_version endpoint (#6428)	2019-11-05 11:35:55 +01:00
Douglas Palmer	a32c8c5190	[KEYCLOAK-11185] Fixed build with JDK 11	2019-11-04 10:56:07 -03:00
Martin Bartoš	e3d755fe9d	KEYCLOAK-11729: ExtendingThemeTest is failing with auth-server-wildfly (#6410)	2019-11-04 11:27:03 +01:00
Benjamin Bentmann	d6f56e58c1	KEYCLOAK-11806 Fix SAML adapter to not fail upon receiving a login response without the optional Destination attribute	2019-10-29 23:12:15 +01:00
pkokush	ff551c5545	KEYCLOAK-10307: check password history length in password verification (#6058)	2019-10-24 21:33:21 +02:00
Takashi Norimatsu	1905260eac	KEYCLOAK-11251 ES256 or PS256 support for Client Authentication by Signed JWT (#6414)	2019-10-24 17:58:54 +02:00
Hynek Mlnarik	783545572a	KEYCLOAK-11684 Add support to display passwords in password fields ... Add UI tests for KEYCLOAK-11684 Co-authored-by: stianst <stianst@gmail.com> Co-authored-by: vmuzikar <vmuzikar@redhat.com>	2019-10-23 15:30:11 +02:00
mposolda	0cb8730df8	KEYCLOAK-11474 Fix LDAPGroupMapper tests with MySQL and MariaDB	2019-10-23 14:55:33 +02:00
Hynek Mlnarik	f0685cc246	KEYCLOAK-11739 Ensure unique / PK constraint in JPA is on par with Liquibase	2019-10-23 14:53:17 +02:00
Pedro Igor	bb4ff55229	[KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server ... Conflicts: testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java (cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)	2019-10-22 10:34:24 +02:00
Pedro Igor	bad9e29c15	[KEYCLOAK-10870] - Deprecate support for JavaScript policy support from UMA policy endpoint ... Conflicts: testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java (cherry picked from commit 13923a7683cb666d2842bc61429c23409c1493b6)	2019-10-22 10:34:24 +02:00
Jan Lieskovsky	f2e5f9dedd	[KEYCLOAK-11717] Drop the public key credential related elements (#6407) ... from the Edit Account screen of the Account console Add a testcase for it Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2019-10-21 19:54:39 +02:00
Martin Kanis	37304fdd7d	KEYCLOAK-10728 Upgrade to WildFly 18 Final	2019-10-21 14:06:44 +02:00
Martin Reinhardt	5ad05c9317	[KEYCLOAK-6376] Directly create group	2019-10-21 10:41:04 +02:00
Martin Reinhardt	21a62a2670	[KEYCLOAK-6376] Reorganize imports and revert pom changes	2019-10-21 10:41:04 +02:00
Martin Reinhardt	28748ebf3f	[KEYCLOAK-6376] Fix NPE and test setup	2019-10-21 10:41:04 +02:00
Martin Reinhardt	f18c8b9da5	[KEYCLOAK-6376] Switching to arquillian end2end tests	2019-10-21 10:41:04 +02:00
k-tamura	4a8065ec6b	Add test method pointed out on review	2019-10-21 10:36:16 +02:00
Kohei Tamura	59ba874e1d	KEYCLOAK-10945 Avoid lockout when clicking login twice	2019-10-21 10:36:16 +02:00
Pedro Igor	6acb87bd7a	[KEYCLOAK-10822] - Prevent access to users from another realm	2019-10-21 10:32:50 +02:00
Martin Bartoš	ad9641722f	KEYCLOAK-11613 Chrome Testing API (#6385)	2019-10-18 10:50:28 +02:00
stianst	31ed01a6de	KEYCLOAK-11754 Prevent AbstractKeycloakTest from inititating backchannel logout on cleanup	2019-10-17 12:56:31 +02:00
mhajas	9cb2f1afdc	KEYCLOAK-11530 Do not enable/disable vault before/after test method but before/after class	2019-10-17 09:55:06 +02:00
Pedro Igor	17785dac08	[KEYCLOAK-10714] - Add filtering support in My Resources endpoint by name	2019-10-16 16:26:55 +02:00
Tomas Kyjovsky	c2273e8f49	KEYCLOAK-11547 (#6341) ... - Fixing `X509OCSPResponderTest.loginOKOnOCSPResponderRevocationCheckWithoutCA` test case on Windows	2019-10-15 15:56:29 +02:00
mposolda	f0a506a143	KEYCLOAK-11691 Broker tests re-structure	2019-10-14 11:38:09 +02:00
mhajas	2f44c58a0d	KEYCLOAK-11495 Change name of PlaintextVaultProvider to FilesPlaintextVaultProvider	2019-10-09 14:48:00 +02:00
Hisanobu Okuda	75a44696a2	KEYCLOAK-10636 Large Login timeout causes login failure ... KEYCLOAK-10637 Large Login Action timeout causes login failure	2019-10-07 13:27:20 +02:00
Cédric Couralet	5f006b283a	KEYCLOAK-8316 Add an option to ldap provider to trust emails on import ... Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>	2019-10-04 16:28:02 +02:00
Axel Messinese	f3607fd74d	KEYCLOAK-10712 get groups full representation endpoint	2019-10-03 11:26:30 +02:00
Takashi Norimatsu	66de87a211	KEYCLOAK-11253 Advertise acr claim in claims_supported Server Metadata	2019-10-03 11:25:45 +02:00
Vincent Letarouilly	6b36e57593	KEYCLOAK-6698 - Add substitution of system properties and environment variables in theme.properties file	2019-10-01 16:34:54 +02:00
Takashi Norimatsu	6c9cf346c6	KEYCLOAK-11252 Implement Server Metadata of OAuth 2.0 Mutual TLS Client Authentication	2019-10-01 15:27:59 +02:00
Takashi Norimatsu	7c75546eac	KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase ... * KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase	2019-10-01 15:17:38 +02:00
mhajas	f852ef157d	KEYCLOAK-11470 Fix rebase issue	2019-10-01 08:20:55 +02:00
mhajas	6f097bdf89	KEYCLOAK-11470 Remove Assertj from testsuite ... There is no reason to use more types of assertions and we already heavily use hamcrest	2019-09-30 13:16:01 +02:00
vramik	b1697a5e71	KEYCLOAK-11069 auth-server-remote tests	2019-09-30 10:29:51 +02:00
Mathieu CLAUDEL	2fb507e170	KEYCLOAK-10802 add support of SAMLv2 ForceAuthn	2019-09-27 09:55:54 +02:00
vmuzikar	1cdc5e1969	KEYCLOAK-11514 Add option to download specific WebDriver binaries versions	2019-09-26 09:54:30 -03:00
Benjamin Weimer	2b1acb99a2	KEYCLAOK-9999 fix client import (#6136)	2019-09-23 13:08:24 +02:00
mhajas	f810e85526	KEYCLOAK-11316 Fix Photoz instabilities on windows ... Error message: Cannot read property 'token_endpoint' of undefined	2019-09-20 13:12:09 +02:00
Hisanobu Okuda	da49dbce2b	KEYCLOAK-10770 user-storage/{id}/sync should return 400 instead of 404	2019-09-20 11:17:09 +02:00
mhajas	37b7b595a5	KEYCLOAK-11410 Do not throw exception in PlaintextVaultProvider if unconfigured	2019-09-19 14:56:19 +02:00
rradillen	b71198af9f	[KEYCLOAK-8575] oidc idp basic auth (#6268) ... * [KEYCLOAK-8575] Allow to choose between basic auth and form auth for oidc idp * uncomment ui and add tests * move basic auth to abstract identity provider (except for getting refresh tokens) * removed duplications	2019-09-19 14:36:16 +02:00
rmartinc	7f54a57271	KEYCLOAK-10757: Replaying assertion with signature in SAML adapters	2019-09-18 16:49:00 +02:00
madgaet	c35718cb87	[KEYCLOAK-9809] Support private_key_jwt authentication for external IdP	2019-09-17 16:04:23 +02:00
Jan Lieskovsky	63e9eec52d	[KEYCLOAK-11415] Switch the 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE' setting reliably ... Use own, separate context when trying to switch 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE' group mapper config setting to 'false' (or back), across the various tests from LDAPGroupMapperSyncTest suite. This makes the test results deterministic again (prevents 'test02_syncWithGroupInheritance()' and 'test03_syncWithDropNonExistingGroups()' tests randomly to fail depending if attempt to reset the 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE' back to 'true' in previous 'test01_syncNoPreserveGroupInheritance()' test succeeded, or not) Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2019-09-16 20:42:46 +02:00
Jan Lieskovsky	7ab854fecf	[KEYCLOAK-8253] When syncing flat (all groups being the top-level ones) structure ... of LDAP groups from federation provider to Keycloak, perform the search if the currently processed group already exists in Keycloak in log(N) time Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2019-09-12 20:14:18 +02:00
Jan Lieskovsky	cfb225b499	[KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization ... (in the direction from LDAP provider to Keycloak) from exponential to linear time in the case of syncing flat LDAP groups structure Add a corresponding test (intentionally configured as to be ignored by CI/CD due to higher demand on time, required fo the test completion) Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>	2019-09-12 09:54:13 +02:00
Cédric Couralet	9c37da0ee9	KEYCLOAK-8818 Support message bundle in theme resources	2019-09-11 08:03:16 +02:00
mhajas	2703388946	KEYCLOAK-11245 Adapt LDAPConnectionTestManager to use newly introduced LDAPContextManager	2019-09-10 22:51:19 +02:00
mhajas	9c2525ec1a	KEYCLOAK-11245 Use transcription object for LDAP bindCredential	2019-09-09 19:39:53 +02:00
Martin Kanis	4235422798	KEYCLOAK-11246 Use the transcription object for SMTP password	2019-09-09 13:27:11 +02:00
Hynek Mlnarik	9eb2e1d845	KEYCLOAK-11028 Use pessimistic locks to prevent DB deadlock when deleting objects	2019-09-09 10:57:49 +02:00
Stefan Guilhen	60205845a8	[KEYCLOAK-7264] Add a RoleMappingsProvider SPI to allow for the configuration of custom role mappers in the SAML adapters. ... - Provides a default implementation based on mappings loaded from a properties file. - Role mappers can also be configured in the keycloak-saml susbsytem.	2019-09-09 05:24:25 -03:00
rmartinc	a726e625e9	KEYCLOAK-10782: Credentials tab on clients can only be displayed with view-realm	2019-09-06 16:45:08 -03:00
Martin Kanis	b1be6c2bdd	KEYCLOAK-11247 Use the transcription object for Identity providers password	2019-09-06 15:29:11 +02:00
Pedro Igor	a1d8850373	[KEYCLOAK-7416] - Device Activity	2019-09-05 11:43:27 -03:00
Sebastian Laskawiec	69d6613ab6	KEYCLOAK-10169 OpenShift 4 Identity Provider	2019-09-05 16:33:59 +02:00
vmuzikar	2f9d875840	KEYCLOAK-11286 Fix tests in "other" module	2019-09-05 16:29:09 +02:00
vramik	ca6fbac599	KEYCLOAK-11150 testsuite dependency with auth-server-remote	2019-09-05 08:34:22 +02:00
Stefan Guilhen	bb9c811a65	[KEYCLOAK-10935] Add a vault transcriber implementation that can be obtained from the session. ... - automatically parses ${vault.<KEY>} expressions to obtain the key that contains the secret in the vault. - enchances the capabilities of the VaultProvider by offering methods to convert the raw secrets into other types.	2019-09-04 22:34:08 +02:00
mposolda	3a19db0c9d	KEYCLOAK-10921 Fix unstable RefreshTokenTest	2019-09-04 05:54:26 -03:00
Martin Bartos RH	a0ba6e593e	[KEYCLOAK-11024] RulesPolicyManagementTest failing with auth-server-undertow in universal pipeline	2019-09-02 11:58:30 +02:00
Niko Köbler	49e9cd759b	KEYCLOAK-10734 Let the check-sso feature do the check in hidden iframe	2019-08-20 15:41:09 -03:00
Pedro Igor	e12c245355	[KEYCLOAK-10779] - CSRF check to My Resources ... (cherry picked from commit dbaba6f1b8c043da4a37c906dc0d1700956a0869)	2019-08-20 06:35:00 -03:00
Hynek Mlnarik	97811fdd51	KEYCLOAK-10786 Check signature presence in SAML broker ... (cherry picked from commit ba9f73aaff22eb34c7dec16f4b76d36d855d569b)	2019-08-20 06:35:00 -03:00
Leon Graser	0ce10a3249	[KEYCLOAK-10653] Manage Consent via the Account API	2019-08-20 06:24:44 -03:00
Pedro Igor	3f2a38936c	[KEYCLOAK-11154] - Unstable Photoz Adapter Tests	2019-08-19 16:04:24 -03:00
mhajas	78ee5adfe8	KEYCLOAK-10034 Replace pause with waitForPageToLoad	2019-08-19 10:18:15 +02:00
Nemanja Hiršl	411ea331f6	KEYCLOAK-10785 X.509 Authenticator - Update user identity source mappers ... Update user identity sources and the way how X.509 certificates are mapped to the user to: 1. Include "Serial number + Issuer DN" as described in RFC 5280 2. Include "Certificate's SHA256-Thumbprint" 3. Exclude "Issuer DN" 4. Exclude "Issuer Email" Add an option to represent serial number in hexadecimal format. Documentation PR created: https://github.com/keycloak/keycloak-documentation/pull/714 KEYCLOAK-10785 - Documentation for new user identity source mappers	2019-08-16 11:35:50 -03:00
Takashi Norimatsu	8225157a1c	KEYCLOAK-6768 Signed and Encrypted ID Token Support	2019-08-15 15:57:35 +02:00
mposolda	67df6d03af	KEYCLOAK-10449 KEYCLOAK-10550 Fix manual DB migration test with MSSQL	2019-08-15 14:19:27 +02:00
Martin Bartos RH	925864530a	KEYCLOAK-10457 Merge preview features test: SocialLoginTest	2019-08-14 22:09:59 +02:00
Peter Skopek	71eed3af06	KEYCLOAK-10792 MigrationTest fails in pipeline: fix log file checker to start from the right position after server restart	2019-08-12 15:41:56 +02:00
Martin Bartos RH	9d67e92117	[KEYCLOAK-10465] Merge preview features test: OpenShiftTokenReviewEndpoint	2019-08-06 12:57:33 +02:00
Hynek Mlnarik	9bca5c9968	KEYCLOAK-10964 Remove realm reimport in SAMLServletAdapterTest	2019-08-05 09:35:04 +02:00
Martin Bartos RH	da85cff53b	[KEYCLOAK-10458] Merge preview features test: RulesPolicyManagement	2019-08-01 14:34:51 +02:00
Sebastian Laskawiec	041208bd25	KEYCLOAK-10033 Prevent connections going stale ... See https://stackoverflow.com/questions/10558791/apache-httpclient-interim-error-nohttpresponseexception	2019-07-30 18:13:10 +02:00
Martin Bartos RH	b18d88a37b	[KEYCLOAK-10066] Merge Preview Features Test: OpenshiftClientStorage	2019-07-30 14:20:54 +02:00
Pedro Igor	8b203d48ce	[KEYCLOAK-10949] - Proper error messages when failing to authenticate the request	2019-07-29 17:01:42 -03:00
Pedro Igor	967d21dbb5	[KEYCLOAK-10713] - Pagination to resources rest api	2019-07-29 16:19:22 -03:00
Stan Silvert	bc818367a1	KEYCLOAK-10854: App-initiated actions Phase I	2019-07-26 14:56:29 -03:00
Stan Silvert	6c79bdee41	KEYCLOAK-10854: App initiated actions phase I	2019-07-26 14:56:29 -03:00
mhajas	57a8fcb669	KEYCLOAK-10776 Add session expiration to Keycloak saml login response	2019-07-24 13:35:07 +02:00
mhajas	4b18c6a117	KEYCLOAK-7207 Check session expiration for SAML session	2019-07-24 13:35:07 +02:00
mhajas	bf33cb0cf9	KEYCLOAK-9102 Add tests for Saml RelayState	2019-07-24 12:28:00 +02:00
keycloak-bot	17e9832dc6	Set version to 8.0.0-SNAPSHOT	2019-07-19 19:05:03 +02:00
Leon Graser	e1cb17586f	display users in roles	2019-07-19 09:52:13 -04:00
Hynek Mlnarik	67f8622d13	KEYCLOAK-8318 Workaround Elytron's double encoding of the query parameters ... Co-Authored-By: mhajas <mhajas@redhat.com>	2019-07-19 14:37:38 +02:00
mhajas	282569df23	KEYCLOAK-10797 Ignore test until the issue is resolved	2019-07-19 13:37:20 +02:00
Hynek Mlnarik	3d4283fac9	KEYCLOAK-9987 Upgrade to Wildfly17 ... Co-Authored-By: hmlnarik <hmlnarik@redhat.com>	2019-07-16 08:05:46 +02:00
Pedro Igor	5f5cb6cb7b	[KEYCLOAK-10808] - Do not show authorization tab when client is not confidential	2019-07-15 10:07:31 -03:00
Steeve Beroard	fc9a0e1766	[KEYCLOAK-8104] Keycloak SAML Adapter does not support clockSkew configuration ... Co-Authored-By: vramik <vramik@redhat.com>	2019-07-15 13:08:52 +02:00
rmartinc	6d6db1f3e5	KEYCLOAK-10345: OCSP validation fails if there is no intermediate CA in the client certificate	2019-07-12 15:16:00 +02:00
mposolda	77e9f16ad3	KEYCLOAK-10813 ComponentsTest.testConcurrencyWithChildren failed with oracle due timeout	2019-07-12 10:42:37 +02:00
mposolda	c003dabf6c	KEYCLOAK-10753 Possibility for JavascriptExecutor to use the timeout from pageload.timeout property instead of hardcoded	2019-07-12 10:42:37 +02:00
mposolda	91b41b1a2e	KEYCLOAK-10793 Possibility to increase server startup timeout	2019-07-12 10:42:37 +02:00
Takashi Norimatsu	2e850b6d4a	KEYCLOAK-10747 Explicit Proof Key for Code Exchange Activation Settings	2019-07-12 08:33:20 +02:00
Martin Kanis	efdf0f1bd8	KEYCLOAK-6839 You took too long to login after SSO idle	2019-07-10 10:15:26 +02:00
vramik	5a5325672b	KEYCLOAK-10718 Refactor fuse adapter test	2019-07-09 08:56:35 +02:00
mposolda	5f9feee3f8	KEYCLOAK-9846 Verifying signatures on CRL during X509 authentication	2019-07-08 20:20:38 +02:00
Tomasz Prętki	0376e7241a	KEYCLOAK-10251 New Claim JSON Type - JSON	2019-07-08 11:59:57 +02:00
Hynek Mlnarik	ca4e14fbfa	KEYCLOAK-7852 Use original NameId value in logout requests	2019-07-04 19:30:21 +02:00
mposolda	5b40691deb	KEYCLOAK-10355 Avoid LastSessionRefreshUnitTest to trigger scheduled tasks	2019-07-04 09:53:19 +02:00
Sebastian Laskawiec	b5d8f70cc7	KEYCLOAK-8224 Client not found error message	2019-07-03 18:34:56 +02:00
Asier Aguado	bed22b9b8d	[KEYCLOAK-10710] Make social providers compatible with OIDC UsernameTemplateMappers	2019-07-03 15:01:46 +02:00
rmartinc	bd5dec1830	KEYCLOAK-10112: Issues in loading offline session in a cluster environment during startup	2019-07-03 13:17:45 +02:00
Pedro Igor	0cdd23763c	[KEYCLOAK-10443] - Define a global decision strategy for resource servers	2019-07-02 09:14:37 -03:00
Peter Skopek	aca8c89d3e	KEYCLOAK-10075 fix drop all tables for postgres and mssql	2019-06-27 14:03:13 +02:00
mposolda	a46bf708c0	KEYCLOAK-9947 KEYCLOAK-10451 Better support for DB manual migration test with DB provided by docker or dballocator plugin	2019-06-27 13:52:17 +02:00
Jeroen ter Voorde	7654793713	[KEYCLOAK-10419] Remove user and group resource at the end of the GroupTest.	2019-06-21 11:31:01 +02:00
Jeroen ter Voorde	7518692c0d	[KEYCLOAK-10419] Added briefRepresentation parameter support to the admin client interface ... And added a aquillian test for it.	2019-06-21 11:31:01 +02:00
mhajas	b3d3d5b59d	KEYCLOAK-10361 Fix instabilities on windows	2019-06-14 09:05:02 +02:00
Pedro Igor	fdc0943a92	[KEYCLOAK-8060] - My Resources REST API	2019-06-11 14:23:26 -03:00
Martin Bartos RH	6393dbad8d	KEYCLOAK-10582 Fixed bug with disabling Token Exchange feature	2019-06-11 08:27:23 +02:00
Martin Bartos RH	1b7b8244d0	KEYCLOAK-10459 Merge preview features test: FineGrainAdminUnit	2019-06-06 11:21:27 +02:00
Pedro Igor	61eb94c674	[KEYCLOAK-8915] - Support resource type in authorization requests	2019-06-04 21:02:54 -03:00
Martin Bartos RH	ccd90d5fdc	KEYCLOAK-10065 Merge preview features test: BrokerLinkAndTokenExchangeTest	2019-06-03 15:48:51 +02:00
Thomas Darimont	2825619243	KEYCLOAK-1033 Add PKCE support for JS Adapter ... This adds support for the "S256" code_challenge_method to the JS Adapter. Note that the method "plain" was deliberately left out as is not recommended to be used in new applications. Note that this PR includes two libraries: - [base64-js]{@link https://github.com/beatgammit/base64-js} - [js-sha256]{@link https://github.com/emn178/js-sha256} `base64-js` is needed for cross-browser support for decoding the Uint8ArrayBuffer returned by `crypto.getRandomValues` to a PKCE compatible base64 string. `js-sha256` library is required because the `crypto.subtle.digest` support is not available for all browsers. The PKCE codeVerifier is stored in the callbackStore of the JS Adapter. Note: This PR is based on #5255 which got messed up during a rebase.	2019-05-29 15:40:16 +02:00
mposolda	be2e1c333e	KEYCLOAK-10400 KEYCLOAK-10299 DBAllocator plugin fixes. Updated oracle version to 12cR1RAC	2019-05-29 15:05:15 +02:00
skyfalke	0007bad6f3	KEYCLOAK-10393 Fix permission ticket pagination in Authz Client ... KEYCLOAK-10393 Ensure idempotency of find method of permission ticket store	2019-05-29 09:43:54 -03:00
Stefan Guilhen	40ec46b79b	[KEYCLOAK-8043] Allow prompt=none query parameter to be propagated to default IdP	2019-05-29 09:22:46 +02:00
Pedro Igor	e9ea1f0e36	[KEYCLOAK-10279] - Do not limit results when fetching resources	2019-05-28 15:35:29 -03:00
mhajas	45c024db74	KEYCLOAK-10358 Fix ConsoleProtectionTest auth-server url	2019-05-27 12:41:29 +02:00
mposolda	a980629e66	KEYCLOAK-10295 Tweaks for MariaDB testing in docker container	2019-05-24 12:52:55 +02:00
Réda Housni Alaoui	72d6ac518c	User password cache is not refreshed after updating the user with hashed credential	2019-05-23 14:16:40 +02:00
mhajas	3c96dfb041	KEYCLOAK-9895 Fix wrongly called assertCurrent method	2019-05-23 10:41:10 +02:00
vramik	ac6d877954	KEYCLOAK-10283 Update FuseAdapterTest to check login page directly	2019-05-21 14:26:37 +02:00
mposolda	4ced3b0aee	KEYCLOAK-10246 Fix MultipleRealmsTest on undertow	2019-05-20 20:33:23 +02:00
vramik	d64f716a20	KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title	2019-05-20 09:51:04 +02:00
Tomohiro Nagai	d593ac3e6f	KEYCLOAK-9711 REQUIRED authentictor in ALTERNATIVE subflow throws AuthenticationFlowException when the authentictor returns ATTEMPTED.	2019-05-15 12:45:50 +02:00
Hynek Mlnarik	b8aa1916d8	KEYCLOAK-10195 Fix role lookup to address roles with dots	2019-05-14 13:00:04 +02:00
Stefan Guilhen	f1acdc000e	[KEYCLOAK-10168] Handle microprofile-jwt client scope migration	2019-05-06 15:14:27 -03:00
mposolda	859bfc06ad	KEYCLOAK-10150 surefire.memory.settings is ignored when running testsuite	2019-04-30 14:11:33 +02:00
Jan Lieskovsky	9eb400262f	KEYCLOAK-6055 Include X.509 certificate data in audit logs ... Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com> Co-authored-by: mposolda <mposolda@gmail.com>	2019-04-30 11:31:04 +02:00
Sebastian Loesch	96250c9685	[KEYCLOAK-9573] Allow AdminEvents for custom resource types	2019-04-26 09:57:28 +01:00
mposolda	39a5978273	KEYCLOAK-5473 X509 Add missing tests for User Identity Sources	2019-04-25 09:11:41 +02:00
Hynek Mlnarik	65326ce16a	KEYCLOAK-9629 Update cookie type	2019-04-24 07:18:41 +01:00
Sebastian Loesch	43393220bf	Add X.509 authenticator option for canonical DN ... Because the current distinguished name determination is security provider dependent, a new authenticator option is added to use the canonical format of the distinguished name, as descriped in javax.security.auth.x500.X500Principal.getName(String format).	2019-04-23 21:04:18 +02:00
mposolda	7a671052a3	KEYCLOAK-9988 Fix unstable UserSessionPersisterOfflineTest.testExpired. Adding ResetTimeOffsetEvent	2019-04-23 20:58:37 +02:00
mhajas	3f08238c2d	KEYCLOAK-6641 Stabilize SpringBoot tests	2019-04-23 20:43:16 +02:00
keycloak-bot	49d4e935cb	Set version to 7.0.0-SNAPSHOT	2019-04-17 09:48:07 +01:00
Martin Bartos RH	0e2a781bb8	KEYCLOAK-10064 Merge preview features test: AccountRestServiceTest	2019-04-16 14:40:44 +02:00
Martin Bartos RH	a6e53b3f1c	KEYCLOAK-10063 Merge preview features test: ClientTokenExchangeTest	2019-04-16 12:49:54 +02:00
vramik	e2d69632e9	KEYCLOAK-10004 refactor fuse adapter tests	2019-04-16 10:11:27 +02:00
mposolda	a8af51c7bb	KEYCLOAK-9988 Fix unstable UserSessionProviderOfflineTest.testExpired	2019-04-12 17:16:53 +02:00
Bekh-Ivanov George	ebcfeb20a3	[KEYCLOAK-10020] - Add ability to request user-managed (ticket) permissions by name	2019-04-12 08:44:57 -03:00
Pedro Igor	c8970c95d5	[KEYCLOAK-10015] - CIP not properly resolving objects from JSON request body	2019-04-11 18:19:43 -03:00
Peter Skopek	3a105cf9e9	KEYCLOAK-8347 migrate Welcome page test to base testsuite	2019-04-11 21:52:52 +02:00
Hynek Mlnarik	a63efd872d	KEYCLOAK-9822 Fix deadlock in OIDC adapter upon logout	2019-04-09 21:03:02 +02:00
Takashi Norimatsu	9b3e297cd0	KEYCLOAK-9756 PS256 algorithm support for token signing and validation	2019-04-09 20:52:02 +02:00
fisache	b4973ad7b5	[KEYCLOAK-9769] service account can't authorize when group policy exists in resource server	2019-04-09 15:23:50 -03:00
vramik	2aeda71e16	KEYCLOAK-6152 fix WAS adapter tests	2019-04-09 19:34:50 +02:00
mhajas	ccc8e06f9a	KEYCLOAK-9895 Fix stability of Hawtio EAP6Fuse test	2019-04-08 08:30:31 +02:00
Stefan Guilhen	2fa2437555	KEYCLOAK-5613 Add built-in optional client scope for MicroProfile-JWT	2019-04-02 08:40:19 -03:00
vramik	5b8b463fc0	KEYCLOAK-9814 ExportImportTest NPE	2019-04-02 13:17:58 +02:00
vramik	35fa4b878b	KEYCLOAK-9712 KEYCLOAK-9911 moved Javascript adater tests and LoginModulesTest outsite of adapter package	2019-03-28 10:08:23 +01:00
rmartinc	a9a4e9daae	KEYCLOAK-9884: "user-attribute-ldap-mapper" is not propagating the change of "username" (uid) attribute.	2019-03-27 19:07:51 +01:00
mhajas	c6bd293d25	KEYCLOAK-9893 Use SSL in EAP6, add / to url for EAP6 deployment	2019-03-27 14:02:03 +01:00
Hisanobu Okuda	b44c86bd26	KEYCLOAK-9833 Large SSO Session Idle/SSO Session Max causes login failure	2019-03-27 11:42:40 +01:00
mhajas	0d0eec8790	KEYCLOAK-9869 Fix stability of cluster tests on EAP6	2019-03-27 08:03:20 +01:00
Hynek Mlnarik	c3cebcae85	KEYCLOAK-9865 Update documentation in testsuite	2019-03-22 14:12:14 +01:00
vramik	b7c5ca8b38	KEYCLOAK-8535 Inconsistent SAML Logout endpoint handling	2019-03-22 14:09:31 +01:00
mposolda	db271f7150	KEYCLOAK-9572 Support for multiple CRLs with X509 authentication	2019-03-20 15:00:44 +01:00
Hynek Mlnarik	1c906c834b	KEYCLOAK-3373 Remove SAML IdP descriptor from client installation and publicize it in realm endpoint instead	2019-03-19 11:37:15 +01:00
fisache	a868b8b22a	[KEYCLOAK-9772] Permissions are duplicated ... - when resource server is current user	2019-03-18 16:37:54 -03:00
vramik	5808ad2de0	KEYCLOAK-9708 Enable SmallRye Health and Metrics extensions	2019-03-18 10:57:28 +01:00
mposolda	a48698caa3	KEYCLOAK-6056 Map user by Subject Alternative Name (otherName) when authenticating user with X509	2019-03-15 23:11:47 +01:00
vramik	cf35a4648b	KEYCLOAK-9780 Replace XSLT transformations by ant/CLI scripts	2019-03-15 22:18:09 +01:00
Grzegorz Grzybek	79c4d797db	KEYCLOAK-9646 Fix itests for Fuse 7.3 ... Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>	2019-03-15 12:58:17 +01:00
Axel Messinese	e18fb56389	KEYCLOAK-4978 Add endpoint to get groups by role	2019-03-15 06:00:17 +01:00
Martin Bartos RH	a3c175a21e	KEYCLOAK-9348 UserStorageConsentTest fails with some databases	2019-03-15 05:58:59 +01:00
Martin Bartos RH	d0b7700c04	KEYCLOAK-8379 Migrate ModelClass: AuthenticationSessionProviderTest	2019-03-15 05:58:19 +01:00
Pedro Igor	93965512c5	[KEYCLOAK-8522] - Migrate broker tests from old to new testsuite	2019-03-15 05:57:24 +01:00
rmartinc	2602c222cd	KEYCLOAK-4640: LDAP memberships are being replaced instead of being added or deleted	2019-03-14 18:40:15 +01:00
Sebastian Laskawiec	996389d61b	KEYCLOAK-9512 Run x509 tests by default	2019-03-14 15:38:14 +01:00
Corey McGregor	be77fd9459	KEYCLOAK-2339 Adding impersonator details to user session notes and supporting built-in protocol mappers.	2019-03-08 09:14:42 +01:00
rmartinc	231db059b2	KEYCLOAK-8996: Provide a way to set a responder certificate in OCSP/X509 Authenticator	2019-03-07 07:57:20 +01:00
keycloak-bot	e843d84f6e	Set version to 6.0.0-SNAPSHOT	2019-03-06 15:54:08 +01:00
mhajas	8a750c7fca	KEYCLOAK-6750 Adapt Tomcat adapter tests to new structure	2019-03-06 08:57:46 +01:00
Sebastian Laskawiec	406097a508	KEYCLOAK-6749 Jetty App Server	2019-03-05 15:21:48 +01:00
vramik	2e7eb92f43	KEYCLOAK-8699 replace hostnames with nip.io ones to include cors tests by default	2019-03-05 12:00:01 +01:00
Martin Bartos RH	bec5d676e7	[KEYCLOAK-7907] Migrate model package from old testsuite	2019-03-05 09:39:17 +01:00
mposolda	89d0c51e13	KEYCLOAK-3159 Migrate federation package from old testsuite	2019-03-04 13:37:12 +01:00
Gilles	f295a2e303	[KEYCLOAK-3723] Fixed updated of protocol mappers within client updates in clients-registrations resource	2019-03-04 11:57:59 +01:00
Pedro Igor	6aa9096361	[KEYCLOAK-9451] - Policy evaluation fails when not evaluated against a particual resource	2019-02-28 10:38:09 -03:00
vramik	fab52ebc51	KEYCLOAK-9611 Add support to the testsuite for migration from 4.8.3.Final	2019-02-28 13:53:30 +01:00
Pedro Igor	75d9847672	[KEYCLOAK-9478] - Support multiple CIP providers in the policy enforcer configuration	2019-02-27 19:08:57 -03:00
Pedro Igor	bacc1b538f	[KEYCLOAK-8855] - Tests	2019-02-27 15:39:32 -03:00
Stefan Guilhen	9c34cc7365	[KEYCLOAK-9371] Fix premature termination of sessions when remember-me is in use	2019-02-27 15:08:50 +01:00
vramik	5d205d16e8	KEYCLOAK-9167 Using kcadm to update an identity-provider instance via a json file does not work without an "internalId" present in the json	2019-02-27 14:56:36 +01:00
mposolda	362faf3adb	KEYCLOAK-6627 Closing admin clients and testing clients in testsuite	2019-02-27 08:57:42 +01:00
Stan Silvert	05005a1791	KEYCLOAK-8522: Migrate IdpHint tests. Remove unneeded tests.	2019-02-25 09:40:39 -03:00
Hynek Mlnarik	37ef47d6ab	KEYCLOAK-9509 Upgrade to Wildfly 15 ... KEYCLOAK-9584 Update Wildfly Arquillian version KEYCLOAK-9581: Fix CookiePathTests KEYCLOAK-9607 CLI sripts and configuration files update KEYCLOAK-9580 Fix component registration error KEYCLOAK-9590 Update JDG to newest version * Infinispan is using whatever version is set in root pom.xml. KEYCLOAK-9509 Fix Undertow tests Co-Authored-By: vramik <vramik@redhat.com> Co-Authored-By: sebastienblanc <scm.blanc@gmail.com>	2019-02-25 08:56:46 +01:00
Pedro Igor	99f8e5f808	[KEYCLOAK-9489] - Fixing fine-grained permission functionality	2019-02-22 09:22:14 -03:00
Pedro Igor	9314f13255	[KEYCLOAK-9093] - False-Positive UMA Policy Evaluation	2019-02-21 21:47:58 -03:00
Pedro Igor	4d5dff1d64	[KEYCLOAK-9474] - Public endpoints are returning 403 with body when enforcement mode is disabled	2019-02-21 16:27:07 -03:00
stianst	e06c705ca8	Set version 5.0.0	2019-02-21 09:35:14 +01:00
mposolda	e4d4159743	KEYCLOAK-9586 Fix cluster tests. Fix cross-dc tests on embedded undertow	2019-02-20 19:11:38 +01:00
Pedro Igor	34d8974e7f	[KEYCLOAK-9489] - User not able to log in to admin console when using query-* roles	2019-02-20 18:09:36 +01:00
vmuzikar	7afd068c27	KEYCLOAK-9423 Fix Stack Overflow Social Login test	2019-02-20 16:45:11 +01:00
Stan Silvert	9e16c772bd	KEYCLOAK-9387: Add hor scroll & tooltips to role selectors	2019-02-19 21:03:52 +01:00
Hynek Mlnarik	c34c0a3860	KEYCLOAK-9112 KEYCLOAK-9108 Ignore expected exceptions	2019-02-13 15:49:49 +01:00
Hynek Mlnarik	a74d6ab932	KEYCLOAK-9107 Fix NPE	2019-02-13 15:49:49 +01:00
Hynek Mlnarik	37e6b6ffc6	KEYCLOAK-9113 Add support for inspecting log messages for uncaught errors	2019-02-13 15:49:49 +01:00
vmuzikar	16827ef64b	KEYCLOAK-9531 Fix broken Arquillian tests in the "other" module	2019-02-12 15:09:31 +01:00
Hynek Mlnarik	59430e7cd6	KEYCLOAK-9456 Docker support for testing with MSSQL, Oracle 11g	2019-02-08 19:31:45 +01:00
vmuzikar	191cbca7ad	UI and Node.js adapter tests fixes	2019-02-08 08:57:48 -02:00
Sebastian Laskawiec	ee41a0450f	KEYCLOAK-8349 KEYCLOAK-8659 Use TLS for all tests in the suite	2019-02-08 08:57:48 -02:00
Pedro Igor	885eec5ef2	[KEYCLOAK-8348] - Containerize database tests	2019-01-30 16:29:03 -02:00
Pedro Igor	e01c9ddd60	[KEYCLOAK-8849] - Fixing request entitlements call	2019-01-16 12:25:18 -02:00
Pedro Igor	31e8e73e48	[KEYCLOAK-8849] - Using custom polling http client	2019-01-16 12:25:18 -02:00
vmuzikar	1199376e37	KEYCLOAK-9273 Log test browser version	2019-01-15 13:00:38 +01:00
vramik	c4a46a5591	KEYCLOAK-7677 KEYCLOAK-7723 fix version collision of httpclient ... Co-authored-by: Pedro Igor <psilva@redhat.com>	2019-01-10 17:45:41 -02:00
stianst	7c9f15778a	Set version to 4.8.3.Final	2019-01-09 20:39:30 +01:00
vramik	0602a88fcc	KEYCLOAK-9262 Skip SAMLFilterServletAdapterTest for jdk7	2019-01-09 16:36:19 +01:00
Pedro Igor	382f6b0c2c	[KEYCLOAK-9185] - Update LinkedIn broker to LinkedIn API v2	2019-01-09 15:29:40 +01:00
mposolda	692127519b	KEYCLOAK-8724 Stabilize BruteForceCrossDCTest.testBruteForceConcurrentUpdate	2019-01-09 12:20:33 +01:00
vramik	b2a7d42310	KEYCLOAK-9193 CorsExampleAdapterTest fails on Windows	2019-01-04 09:20:28 +01:00
stianst	7c4890152c	Set version to 4.8.2	2019-01-03 14:43:22 +01:00
stianst	07ccbdc3db	KEYCLOAK-9182	2019-01-03 14:28:35 +01:00
Sebastian Laskawiec	602b7207ab	KEYCLOAK-9008 CookieStoreRootContextTest stabilization	2018-12-19 10:11:44 +01:00
mposolda	061693a8c9	KEYCLOAK-9089 IllegalArgumentException when trying to use ES256 as OIDC access token signature	2018-12-14 21:01:03 +01:00
mhajas	26c8af5369	KEYCLOAK-8533 Add tests for native promises	2018-12-13 13:57:58 +01:00
mposolda	1237986fd0	KEYCLOAK-8838 Incorrect resource_access in accessToken when clientId contains dots	2018-12-13 10:31:27 +01:00
rmartinc	3c44e6c377	KEYCLOAK-9068: IDP-initiated-flow is not working with REDIRECT binding	2018-12-13 06:28:38 -02:00
mhajas	81d4908c1d	KEYCLOAK-9058 Fix issue with cyclic object on firefox	2018-12-13 08:33:14 +01:00
mposolda	c51c492996	KEYCLOAK-9050 Change LoginProtocol.authenticated to read most of the values from authenticationSession	2018-12-12 13:30:03 +01:00
Stan Silvert	3ed77825a2	KEYCLOAK-8495: Account REST Svc doesn't require acct roles	2018-12-12 12:07:29 +01:00
mposolda	a7f57c7e23	KEYCLOAK-9021	2018-12-12 07:09:14 +01:00
Hynek Mlnarik	dad12635f6	KEYCLOAK-9014 Fix displayed applications	2018-12-10 09:59:46 +01:00
Pedro Igor	8204509b0c	[KEYCLOAK-8980] - ElytronAccount not serializable	2018-12-10 08:55:00 +01:00
mposolda	88141320ac	KEYCLOAK-9002 StackOverflowError when reading LDAP-backed users via REST API	2018-12-07 12:25:05 +01:00
vramik	6616e4a011	KEYCLOAK-8660 fix package name of Album class	2018-12-06 19:13:38 +01:00
Pedro Igor	0c39eda8d2	[KECLOAK-8237] - Openshift Client Storage	2018-12-06 10:57:53 -02:00
Martin Bartos RH	99a5656f0f	[KEYCLOAK-8389] Migrate ModelClass: UserSessionInitializerTest	2018-12-06 12:43:11 +01:00
vmuzikar	3e48fa1dbc	KEYCLOAK-9023 Add support for Java 11 to the testsuite	2018-12-06 11:47:00 +01:00
Pedro Igor	e798c3bca2	[KEYCLOAK-8901] - Identity Provider : UserInfo response as JWT Token not supported	2018-12-05 09:28:12 -02:00
Hynek Mlnarik	00e0ba8633	KEYCLOAK-8940 Stabilize SessionsPreloadCrossDCTest.loginFailuresPreloadTest	2018-12-04 14:27:57 +01:00
Pavel Drozd	bba081d3a8	KEYCLOAK-8982 - Fix Servlet Filter tests for WLS & WAS	2018-12-04 13:58:25 +01:00
stianst	b674c0d4d9	Prepare for 4.8.0.Final	2018-12-04 13:54:25 +01:00
vramik	4b50fdb404	KEYCLOAK-8955 adapter installation fails on windows - edit logging	2018-12-04 13:50:55 +01:00
Pedro Igor	ed0b5d4df1	[KEYCLOAK-8857] - Provide utility to create AuthzClient from InputStream	2018-12-03 11:14:43 -02:00
vramik	1b8dc04459	KEYCLOAK-8817 skip EntitlementAPITest.testOfflineRequestingPartyToken for auth-server-undertow	2018-11-29 13:38:26 +01:00
Pedro Igor	4355c89b9d	[KEYCLOAK-7365] - No need to check roles when refreshing tokens	2018-11-29 08:51:25 -02:00
rmartinc	1b37394276	KEYCLOAK-7242: LDAPS not working with truststore SPI and connection timeout	2018-11-29 11:21:46 +01:00
Hynek Mlnarik	ded82fff3d	KEYCLOAK-8941 Fix order of stopping test servers	2018-11-29 11:16:34 +01:00
Sebastian Laskawiec	4fbbaf18aa	KEYCLOAK-8830 Stabilize ExportImportTest	2018-11-29 10:33:00 +01:00
Tomasz Prętki	2b9b1ba45f	[KEYCLOAK-8823] - PathMatcher doesn't prefer overloaded templated resources	2018-11-28 11:39:11 -02:00
vmuzikar	7d75377813	KEYCLOAK-8944 Fix ProfileAssume for backward adapter compat. testing	2018-11-27 13:58:41 +01:00
Stefan Guilhen	311e848460	KEYCLOAK-8504 Ensure the authenticationFlowBindingOverrides client configuration references a valid authentication flow id when a realm is imported	2018-11-23 22:09:14 +01:00
Pedro Igor	91637120ee	[KEYCLOAK-5052] - LDAP group names containing / in the name violates SIBILING_NAME constraint in db	2018-11-23 08:48:08 -02:00
Hynek Mlnarik	d90a5d1367	KEYCLOAK-8594 Fix missing option to Base64 encoder	2018-11-22 21:48:00 +01:00
Hynek Mlnarik	d395043fc7	KEYCLOAK-8707 Fix client template to scope migration	2018-11-22 15:07:47 +01:00
mposolda	6e93ca36af	KEYCLOAK-8519 OIDCScopeTest.testClientDisplayedOnConsentScreenWithEmptyConsentText failing on Oracle	2018-11-22 09:30:01 +01:00
vramik	2d727fc54c	KEYCLOAK-8909 fix KcOidcBrokerLogoutTest for product	2018-11-22 09:28:37 +01:00
mposolda	6db1f60e27	KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs	2018-11-21 21:51:32 +01:00
Stefan Guilhen	8af1ca8fc3	KEYCLOAK-8414 use the clientId when the ClientScopeModel is an instance of ClientModel	2018-11-20 15:08:10 +01:00
vramik	55f90ff09f	KEYCLOAK-8837 Adapt TS to be able to test migration from 7.2.5.GA (instead from 7.2.0.GA)	2018-11-19 18:06:33 +01:00
Stian Thorgersen	f3bf1456ab	KEYCLOAK-8781 Mark OpenShift integration as preview. Fix issue in Profile where preview features was not enabled in preview mode. (#5738)	2018-11-19 17:32:21 +01:00
Hynek Mlnarik	548950ed8e	KEYCLOAK-8756 Consider also required actions of AuthenticationSession	2018-11-19 16:04:43 +01:00
Marek Posolda	f67d6f9660	KEYCLOAK-8482 Access token should never contain azp as an audience (#5719)	2018-11-19 14:38:41 +01:00
Stian Thorgersen	3756cf629b	KEYCLOAK-7081 Fixes for manual/qr mode switches on login config otp page (#5717)	2018-11-19 14:32:28 +01:00
Takashi Norimatsu	0793234c19	KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603) ... * KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 also support client signed signature verification by refactored token verification mechanism * KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 incorporate feedbacks and refactor client public key loading mechanism * KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 unsigned request object not allowed * KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 revert to re-support "none"	2018-11-19 14:28:32 +01:00
Hynek Mlnarik	461dae20de	KEYCLOAK-8731 Ensure password history is kept in line with password policy	2018-11-19 12:48:51 +01:00
mposolda	0533782d90	KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB	2018-11-16 14:23:28 +01:00
Leon Graser	85f11873c3	KEYCLOAK-8613 Group Membership Pagination	2018-11-15 17:54:07 +01:00
Thomas Darimont	cf57a1bc4b	KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me ... Previously remember-me sessions where tied to the SSO max session timeout which could lead to unexpected early session timeouts. We now allow SSO timeouts to be configured separately for sessions with enabled remember-me. This enables users to opt-in for longer session timeouts. SSO session timeouts for remember-me can now be configured in the tokens tab in the realm admin console. This new configuration is optional and will tipically host values larger than the regular max SSO timeouts. If no value is specified for remember-me timeouts then the regular max SSO timeouts will be used. Work based on PR https://github.com/keycloak/keycloak/pull/3161 by Thomas Darimont <thomas.darimont@gmail.com>	2018-11-15 06:11:22 +01:00
vmuzikar	8c650f9f6a	KEYCLOAK-8793 Fix backward compatibility testing for adapters	2018-11-14 22:35:47 +01:00
vmuzikar	6cee8b126b	KEYCLOAK-8792 Stabilize and fix Admin Console UI tests for RH-SSO	2018-11-14 22:32:11 +01:00
stianst	ecd476fb10	Prepare for 4.7.0.Final	2018-11-14 20:10:59 +01:00
Hynek Mlnarik	c3778e66db	KEYCLOAK-8260 Improve SAML conditions handling	2018-11-14 20:09:22 +01:00
Martin Kanis	6a23eb19f5	KEYCLOAK-8166	2018-11-14 20:09:22 +01:00
Martin Kanis	72b23c1357	KEYCLOAK-8160	2018-11-14 20:09:22 +01:00
Martin Kanis	0cb6053699	KEYCLOAK-8125	2018-11-14 20:09:22 +01:00
vramik	6564cebc0f	KEYCLOAK-7707	2018-11-14 20:09:22 +01:00
Bruno Oliveira da Silva	a957e118e6	Redirect URLs are not normalized	2018-11-14 20:09:22 +01:00
mposolda	0897d969b1	KEYCLOAK-7340	2018-11-14 20:09:22 +01:00
mposolda	1b5a83c4f1	KEYCLOAK-6980 Check if client_assertion was already used during signed JWT client authentication	2018-11-14 20:09:22 +01:00
Martin Bartos RH	f090b39e85	[KEYCLOAK-8411] Migrate ModelClass: ClientModelTest	2018-11-14 19:15:45 +01:00
mhajas	602a6e201d	KEYCLOAK-8660 Workaround photoz tests on EAP6	2018-11-13 15:57:46 +01:00
Hynek Mlnarik	7703d81389	KEYCLOAK-7421 Support SAML cluster logout for Elytron SAML adapter	2018-11-09 21:06:50 +01:00
Pedro Igor	cd96d6cc35	[KEYCLOAK-8694] - Mark Drools policy as tech preview	2018-11-09 11:08:49 -02:00
mhajas	6d04247947	KEYCLOAK-8047 Make Photoz tests great: run them on undertow + make them ... stable	2018-11-09 12:45:38 +01:00
vramik	560d76b7ee	KEYCLOAK-6748 undertow saml adapter tests	2018-11-06 21:17:07 +01:00
Pedro Igor	bce2aee144	[KEYCLOAK-8646] - Error deleting policies when admin events are enabled	2018-11-06 11:27:32 -02:00
rmartinc	cbe59f03b7	KEYCLOAK-8708: Provide aggregation of group attributes for mappers	2018-11-06 13:42:38 +01:00
Torbjørn Skyberg Knutsen	36b0d8b80e	KEYCLOAK-7166 Added the possibility of not logging out of remote idp on browser logout, by passing a query param containing the id of the identity provider	2018-11-06 13:39:19 +01:00
scranen	5880efe775	KEYCLOAK-4342 Make naming consistent	2018-11-06 10:28:06 -02:00
scranen	0c6b20e862	[KEYCLOAK-4342] Make adapter state cookie path configurable	2018-11-06 10:28:06 -02:00
Pedro Igor	327991bd73	[KEYCLOAK-8716] - Issue with caching resolved roles in KeycloakSession	2018-11-06 10:27:04 -02:00
vramik	b2aa324ee4	KEYCLOAK-8631 skip AddUserTest on app-server-undertow	2018-10-31 18:08:42 +01:00
vramik	76e4253a21	KEYCLOAK-8670 remove support for migration.mode=import as there are separate tests	2018-10-31 18:07:20 +01:00
mposolda	ffcd8e09e7	KEYCLOAK-8175 Possibility of clientScope not being used if user doesn't have a role	2018-10-31 18:04:41 +01:00
mposolda	cfeb56e18a	KEYCLOAK-8641 Remove aud from the authorization tickets	2018-10-31 13:31:26 +01:00
mposolda	9652748ba9	KEYCLOAK-8484 Remove audience client scope template	2018-10-31 11:11:02 +01:00
Pedro Igor	f6943296c7	[KEYCLOAK-8489] - RPT request: Authorized Party's protocol mappers are being applied instead of the Audience's ones	2018-10-26 09:40:32 -03:00
vramik	4d2300f17e	KEYCLOAK-8664 KEYCLOAK-8665 KEYCLOAK-8666 fix assertions in testsuite	2018-10-25 21:42:01 +02:00
vramik	f449b8b454	KEYCLOAK-8637 Add support for OIDC multitenancy adapter test for jboss based containers	2018-10-25 20:45:45 +02:00
Graser Leon	9ef4c7fffd	KEYCLOAK-8377 Role Attributes	2018-10-24 22:04:28 +02:00
Pedro Igor	460cdf4508	[KEYCLOAK-8617] - Permission cache not handling decisions from negative policies correctly	2018-10-24 15:03:22 -03:00
mposolda	c36b577566	KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken	2018-10-23 13:52:09 +02:00
Pedro Igor	6f8f8e6a28	[KEYCLOAK-8449] - Option to automatically map HTTP verbs to scopes when configuring the policy enforcer	2018-10-23 08:40:54 -03:00
vramik	7a96911a83	KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade ... Co-authored-by: Marek Posolda <mposolda@redhat.com>	2018-10-17 20:01:07 +02:00
MICHEL Arnault (UA 2118)	ab8789739f	[KEYCLOAK-8580] Add Nginx certificate lookup provider	2018-10-16 07:53:18 +02:00
mposolda	60a8267576	KEYCLOAK-8530 KEYCLOAK-8531 Fix MigrationTest and migration from 2.5.5.Final and 3.4.3.Final	2018-10-15 16:38:24 +02:00
stianst	5f0424fb11	KEYCLOAK-8310 Change scheme option to alwaysHttps option	2018-10-15 14:00:00 +02:00
vmuzikar	393ff50b8d	KEYCLOAK-6757 Fix Microsoft Social Login test	2018-10-15 12:57:31 +02:00
Stefan Guilhen	68a54abb09	KEYCLOAK-6757 Update MicrosoftIdentityProvider to use the Microsoft Graph endpoints	2018-10-15 12:46:15 +02:00
Martin Bartos RH	102628dc59	[KEYCLOAK-4935] Migrate AddUserTest from old testsuite	2018-10-15 08:14:34 +02:00
stianst	11374a2707	KEYCLOAK-8556 Improvements to profile	2018-10-12 12:26:37 +02:00
mposolda	4483677cdd	KEYCLOAK-8529 Fix most of adapter tests on EAP6	2018-10-12 12:01:33 +02:00
mposolda	f254675a5e	KEYCLOAK-8568 DemoServletsAdapterTest.testVersion is unstable on travis	2018-10-12 09:27:37 +02:00
Leon Graser	066bef744f	KEYCLOAK-6658 Fine Grain Permissions via Java Client ... Signed-off-by: Leon Graser <leon.graser@bosch-si.com>	2018-10-11 09:44:57 -03:00
Moritz Becker	fbe3445c48	fix KEYCLOAK-8513 remove data dependency between testUpdateProfile and testGetProfile in org.keycloak.testsuite.account.AccountRestServiceTest	2018-10-11 08:08:51 +02:00
mposolda	5b51c000af	KEYCLOAK-8481 Don't include empty resource_access in access token	2018-10-11 08:04:07 +02:00
rmartinc	0a6f43c1a1	KEYCLOAK-8490: Direct grants returns invalid credentials when user has pending actions	2018-10-10 20:18:20 +02:00
Pedro Igor	79ca722b49	[KEYCLOAK-7605] - Make sure Evaluation API is read-only	2018-10-09 08:09:29 -03:00
mposolda	3ca386f223	KEYCLOAK-8148 Duplication of listed roles assigned through groups in userinfo endpoint	2018-10-08 22:18:06 +02:00
Pedro Igor	8e57cee30f	[KEYCLOAK-8445] - Owner not granted with permissions when using only scope-based permissions	2018-10-08 09:57:21 -03:00
Hynek Mlnarik	531ee3a1be	KEYCLOAK-8494 Use c3p0 connection pool in testsuite	2018-10-08 14:24:56 +02:00
Mark True	28b6e4dd5b	cleaning up to do PR	2018-10-08 09:16:53 +02:00
Moritz Becker	f17b5f0f49	fix KEYCLOAK-7572 consistently perform duplicate user checks during account update only if email changes ... Fix test	2018-10-05 09:35:05 +02:00
stianst	86a2f28561	KEYCLOAK-8310 Add support to set fixed scheme on fixed hostname provider	2018-10-05 09:34:17 +02:00
mposolda	0d9b1e73b8	KEYCLOAK-7855 Cannot reset Client Consent Screen Text	2018-10-04 21:00:48 +02:00
Hynek Mlnarik	211774ccbc	KEYCLOAK-7810 Fix NPE in Elytron SAML adapter	2018-10-04 14:38:45 +02:00
mposolda	2a4cee6044	KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers	2018-10-04 12:00:38 +02:00
Stan Silvert	dba513c921	KEYCLOAK-8419: Make most act mgt APIs only active in preview mode	2018-10-02 16:32:56 -04:00
Pedro Igor	b4b3527df7	[KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups	2018-10-02 15:44:23 -03:00
Martin Kanis	efe6a38648	KEYCLOAK-6718 Auth Flow does not Check Client Protocol	2018-09-26 21:00:02 +02:00
stianst	c3fc9e9815	Set version to 4.6.0.Final-SNAPSHOT	2018-09-26 20:58:41 +02:00
Pedro Igor	43f5983613	[KEYCLOAK-8289] - Remove authorization services from product preview profile	2018-09-26 18:27:27 +02:00
vramik	723ba42264	KEYCLOAK-8425 fix NPE during adapter cluster tests	2018-09-26 12:43:21 +02:00
Pedro Igor	df311b60b4	[KEYCLOAK-8168] - PEP is resolving claims twice under certain circumstances	2018-09-25 11:47:50 -03:00
Takashi Norimatsu	340c8e8426	KEYCLOAK-8327 Token Introspect Test for Refresh Token Mistake	2018-09-21 11:38:04 +02:00
mposolda	3777dc45d0	KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch	2018-09-21 11:17:05 +02:00
Douglas Palmer	b748e269ec	[KEYCLOAK-7435] Added code to delete a specific session and tests for session deletion	2018-09-20 15:57:58 +02:00
vmuzikar	4268dd1777	KEYCLOAK-7742,KEYCLOAK-6332 Switch Admin Console UI tests to GeckoDriver	2018-09-20 10:32:59 +02:00
vramik	24b7d080af	KEYCLOAK-8268 unify fuse70 and fuse71 modules into fuse7x module	2018-09-20 10:27:17 +02:00
Pedro Igor	6b0bc0b3be	[KEYCLOAK-8308] - Deprecate token_introspection_endpoint claim from OIDC discovery document	2018-09-19 09:46:50 -03:00
Hynek Mlnarik	2bf6d75e57	KEYCLOAK-8010 Improve handling of Conditions SAML tag	2018-09-19 14:00:28 +02:00
Pedro Igor	044d153c37	[KEYCLOAK-8273] - Failed to evaluate permissions when in permissive mode and using UMA tickets	2018-09-18 18:59:15 -03:00
Pedro Igor	609c521c17	[KEYCLOAK-8281] - Deletion of client with token exchange policy leads to breaking errors	2018-09-18 18:58:45 -03:00
Pedro Igor	aaf78297c9	[KEYCLOAK-7987] - Can't set authorization enabled when using kcreg	2018-09-18 10:00:16 -03:00
Pedro Igor	64f8fe4987	[KEYCLOAK-8070] - wrong expose headers when enable cors and policyenforcer	2018-09-17 17:02:15 -03:00
mposolda	99a16dcc1f	KEYCLOAK-6638 Support for adding audiences to tokens	2018-09-13 21:40:16 +02:00
wyvie	01051016f5	[KEYCLOAK-8185] add clear method to exportimport resource	2018-09-13 11:54:28 +02:00
slominskir	c4a651bcac	KEYCLOAK-7270 - Support for automatically linking brokered identities	2018-09-12 18:50:35 +02:00
vmuzikar	62c1ffcb52	KEYCLOAK-8189 Fix broken Google Social Login test	2018-09-12 16:40:28 +02:00
stianst	26f257a6ac	KEYCLOAK-8264 Update OpenShift Token Review endpoint to support additional algorithms and to update session last refresh on token introspection	2018-09-11 19:57:38 +02:00
stianst	12f3d2115d	KEYCLOAK-8263 Add option to client to override access token timeout	2018-09-11 12:40:51 +02:00
stianst	24e60747b6	KEYCLOAK-7560 Refactor token signature SPI PR ... Also incorporates: KEYCLOAK-6770 ES256/384/512 providers KEYCLOAK-4622 Use HS256 for refresh tokens KEYCLOAK-4623 Use HS256 for client reg tokens	2018-09-11 08:14:10 +02:00
Takashi Norimatsu	5b6036525c	KEYCLOAK-7560 Refactor Token Sign and Verify by Token Signature SPI	2018-09-11 08:14:10 +02:00
vramik	bd4098191b	KEYCLOAK-7604-rename-ids-saml-clients	2018-09-10 21:17:00 +02:00
Pedro Igor	0561d73ae2	[KEYCLOAK-6285] - HTTP Challenge Authentication Flow	2018-09-10 19:02:49 +02:00
stianst	bf758809ba	KEYCLOAK-6229 OpenShift Token Review interface	2018-09-07 08:21:28 +02:00
stianst	1fb4ca4525	Set version to 4.5.0.Final	2018-09-06 20:08:02 +02:00
vmuzikar	bd8510f4da	KEYCLOAK-7925 Initial tests for the new Account Console	2018-09-06 09:59:28 +02:00
Hynek Mlnarik	812e76c39b	KEYCLOAK-8163 Improve SAML validations	2018-09-05 15:47:03 +02:00
vramik	8761819b24	KEYCLOAK-8176 fix export issue for required action	2018-09-05 08:40:31 +02:00
Pedro Igor	47066e1b89	[KEYCLOAK-8012] - Fix offline session support in authorization services	2018-09-04 15:07:49 -03:00
Pedro Igor	6a0a1031a1	[KEYCLOAK-7754] - Fixing compat issues with UMA spec in RPT Introspection Provider	2018-09-04 11:41:09 -03:00
Pedro Igor	33efcc6b93	[KEYCLOAK-8142] - Fixing regression when setting path enforcement mode to disabled	2018-09-04 10:32:06 -03:00
Hynek Mlnarik	9f839f001f	KEYCLOAK-8218 Do not clear SAML REDIRECT query parameters	2018-09-04 11:16:06 +02:00
Hynek Mlnarik	5fe1905e4b	KEYCLOAK-6803 Prevent duplicating required actions in JPA user storage	2018-09-03 19:42:18 +02:00
mposolda	f0ba8f6591	KEYCLOAK-8139 Added wildfly-deprecated module for adapters testing. Remove wildfly9 and wildfly10	2018-09-03 08:56:09 +02:00
Johannes Knutsen	c0b5c12dee	KEYCLOAK-8147: Add support for Content-Security-Policy-Report-Only response headers	2018-08-31 10:38:56 +02:00
vramik	214a8e1fed	KEYCLOAK-8176 fix requiredActionsPriority test	2018-08-31 10:25:28 +02:00
vramik	f89637bd8f	KEYCLOAK-8178 fix AdminEventTest	2018-08-30 15:16:33 +02:00
Hynek Mlnarik	bee3894cdf	KEYCLOAK-8150 Improve loading user list	2018-08-30 13:03:49 +02:00
vramik	df76afb513	KEYCLOAK-8167 fix ExportImportTest on undertow	2018-08-29 15:18:24 +02:00
vramik	c266e90a77	KEYCLOAK-6746 ability to skip adapter test	2018-08-29 14:40:44 +02:00
mposolda	b70468341e	KEYCLOAK-7470 Ability to order client scopes	2018-08-29 14:37:27 +02:00
mhajas	21b71e83dd	KEYCLOAK-7161 Stabilize authz tests as they are running on undertow -> in Travis	2018-08-29 13:13:06 +02:00
mhajas	ccba07a5c0	KEYCLOAK-7213 Make example tests running on app-server-undertow	2018-08-29 13:13:06 +02:00
Pavel Drozd	d37eb5d10b	KEYCLOAK-8138 Fixed tests for product profile	2018-08-29 10:31:10 +02:00
mposolda	31270e2f52	KEYCLOAK-7437 Support for prompt=consent	2018-08-29 08:35:29 +02:00
Johannes Knutsen	56c97407d4	KEYCLOAK-8152: Allow passing the current locale to OAuth2 identity providers	2018-08-28 15:52:23 +02:00
mposolda	e4d05a7852	KEYCLOAK-8127 Added support for app-server-eap71. Make sure ConsoleProtectionTest is executed just for app-server-eap71	2018-08-27 12:52:53 +02:00
mposolda	6fc99cd749	KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2 ... Co-authored-by: Douglas Palmer <dpalmer@redhat.com> Co-authored-by: stianst <stianst@gmail.com> Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>	2018-08-27 12:52:53 +02:00
vramik	01b0b6b345	KEYCLOAK-7975 fix updating execution with Oracle DB	2018-08-24 15:04:48 +02:00
vramik	9e072cb174	KEYCLOAK-8119 Migration tests doesn't reflect if authorization features is enabled or not	2018-08-24 14:38:36 +02:00
Pedro Igor	3c2339ba33	[KEYCLOAK-4902] - Only set effect if result exists and removing ignore from tests	2018-08-24 09:34:39 -03:00
mhajas	694966b613	KEYCLOAK-8120 Fix NullPointerException in ClaimInformationPointProviderTest	2018-08-24 09:00:35 +02:00
Martin Kanis	248654a75e	KEYCLOAK-6706 E-mail verification won't let user back into the app	2018-08-21 16:30:15 +02:00
Gregor Tudan	b606a25684	KEYCLOAK-7991: add pagination params to the RoleResource	2018-08-21 08:19:33 +02:00
rmartinc	1b88eaf817	KEYCLOAK-8080 Audit the realm event configuration change	2018-08-20 21:01:38 +02:00
Corentin Dupont	b80701589c	[KEYCLOAK-7804] - Option to return resource body	2018-08-20 13:07:29 -03:00
Martin Kanis	d04791243c	KEYCLOAK-7970-KEYCLOAK-7222 Add clientId to action tokens	2018-08-20 15:25:24 +02:00
Wolfgang Zenker	c5f861a522	Make cli usable on FreeBSD	2018-08-20 09:08:02 +02:00
Pedro Igor	625f613128	[KEYCLOAK-4902] - Using streams to process requested permissions and limit support for scope responses	2018-08-17 11:00:53 -03:00
stianst	e406e8f1f0	KEYCLOAK-8069 Simplify config for fixed hostname provider	2018-08-17 14:47:14 +02:00
Hynek Mlnarik	645a72482b	KEYCLOAK-8048 Fix testsuite compilation issue	2018-08-14 13:56:45 +02:00
Hiroyuki Wada	730377a843	KEYCLOAK-7528 Set Cache-Control and Pragma header in token endpoint	2018-08-14 11:41:12 +02:00
Stefan Guilhen	f36e45cb10	[KEYCLOAK-4902] - Using streams to process scopes and cache improvements	2018-08-14 06:29:10 -03:00
Steffen Kreutz	ed72097862	KEYCLOAK-5289 Add support for Google's hd parameter	2018-08-14 11:08:57 +02:00
Stefan Guilhen	0b95cdacb8	[KEYCLOAK-7885] Add user policy support to the policy API	2018-08-13 22:09:17 -03:00
vmuzikar	79774d2f07	KEYCLOAK-8035 Fix failing GitLab Social Login test	2018-08-13 08:46:06 -04:00
Sebastian Laskawiec	3449401ae2	KEYCLOAK-7635: Subject DN validation for x509ClientAuthenticator	2018-08-13 09:36:02 +02:00
sebastienblanc	02b2a8aab0	KEYCLOAK-7635 : Authenticate clients with x509 certificate	2018-08-13 09:36:02 +02:00
mposolda	575851d45c	KEYCLOAK-6038 Kerberos cross-realm trust test	2018-08-10 13:31:36 +02:00
Stefan Guilhen	060b3b8d0f	[KEYCLOAK-4902] - Using streams when fetching resources	2018-08-09 16:28:31 -03:00
Pedro Igor	905fd3ae00	[KEYCLOAK-8003] - Migration to 4.2.1 extracting RESOURCE_URIs fails with fine-grained admin permissions	2018-08-08 11:00:25 +02:00
Hynek Mlnarik	fb58214fcc	KEYCLOAK-7994 Move examples to test-apps	2018-08-08 08:55:38 +02:00
Pedro Igor	80e5227bcd	[KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests	2018-08-07 10:53:40 -03:00
vmuzikar	65f51b7b83	KEYCLOAK-6736 Base UI tests for mobile and desktop browsers	2018-08-07 13:53:31 +02:00
mposolda	27719565ae	KEYCLOAK-4298 Migrate LDAP tests to the new testsuite	2018-08-06 12:08:19 +02:00
wyvie	b5d56e2f3b	[KEYCLOAK-7838] made tests ordered so they don't fail because of order	2018-08-03 20:52:54 +02:00
Hynek Mlnarik	f6a4ba98de	KEYCLOAK-7986 Fix realm definition	2018-08-02 15:32:42 +02:00
mposolda	959cd035ba	Set version to 4.3.0.Final-SNAPSHOT	2018-08-01 22:40:05 +02:00
ssilvert@win.redhat.com	e7e15652cf	KEYCLOAK-7479: Sanitize	2018-08-01 14:22:39 -04:00
mposolda	29da7d3d90	KEYCLOAK-7562 Fix ClientInitiatedAccountLinkTest#testErrorConditions	2018-08-01 13:33:23 +02:00
stianst	f99299ee39	KEYCLOAK-7967 Introduce Hostname SPI	2018-08-01 11:57:45 +02:00
Takashi Norimatsu	665bcaebbb	KEYCLOAK-7959 OAuth 2.0 Certificate Bound Access Tokens in Rev Proxy	2018-07-31 21:53:46 +02:00
Hiroyuki Wada	398f7d950f	KEYCLOAK-7910 Store credentials when updating user via Admin REST API	2018-07-31 15:36:21 +02:00
mhajas	9b0930a289	KEYCLOAK-7792 Add tests for fragment in redirect URL	2018-07-31 10:24:58 +02:00
Takashi Mogi	959e7b1b01	KEYCLOAK-7201 OIDC Identity Brokering with Client parameter forward ... Forward "custom" (non-standard) query parameters to external IDP	2018-07-31 10:18:29 +02:00
ssilvert@win.redhat.com	40cc826586	Fix test side effect.	2018-07-30 13:15:02 -04:00
ssilvert@win.redhat.com	6c593bab5a	Check credential confirmation on server side.	2018-07-30 13:15:02 -04:00
vramik	ecd3fcc0af	KEYCLOAK-7924 Speed-up crossdc tests ... Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>	2018-07-27 20:53:58 +02:00
vramik	38017d3cec	KEYCLOAK-4407 Ability to restart arquillian containers from test ... Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com> KEYCLOAK-4407 Fix connection error if underlying container restarts (63b9da857a8174a0b5e65e70c47ef2e2842f4d4e)	2018-07-27 20:53:58 +02:00
Hynek Mlnarik	f43519a16e	KEYCLOAK-6708 Fix NPE when email not set for email NameIDFormat	2018-07-27 11:10:35 +02:00
fisache	771d7f1724	[KEYCLOAK-7872] Fix. Remove Identity Provider Mapper when remove identity provider	2018-07-26 08:45:26 +02:00
ssilvert@win.redhat.com	0844aa8d68	KEYCLOAK-7857: Fix notifications	2018-07-25 08:59:25 -04:00
vramik	9c1a411c6e	KEYCLOAK-7310 Add migration test from 3.4.x to 4.x	2018-07-25 13:48:02 +02:00
vramik	524ab44160	KEYCLOAK-6866 Error 404 after changing locale while authenticating using X.509	2018-07-24 17:24:32 +02:00
mhajas	a6e4f4f9aa	KEYCLOAK-7922 Use Time.currentTimeMillis() instead of System.currentTimeMillis() in PathCache	2018-07-24 08:52:48 -03:00
Daniil Filippov	af72c1374a	KEYCLOAK-7823 Fix HTTP status returned during SPNEGO auth	2018-07-24 10:38:42 +02:00
Hiroyuki Wada	7c0ca9aad2	KEYCLOAK-6313 Add required action's priority for customizing the execution order	2018-07-23 22:21:04 +02:00
Hynek Mlnarik	b43392bac8	KEYCLOAK-6577 KEYCLOAK-5609 Support dot in claim names by escaping with backslash	2018-07-23 14:46:25 +02:00
Peter Zaoral	c4b375c1fc	KEYCLOAK-7802 Fix broken HoKTest ... Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2018-07-23 12:30:54 +02:00
Pedro Igor	acc5f5c6d1	[KEYCLOAK-7864] - Authorization claim not set in refresh token when issuing a new refresh token	2018-07-19 09:56:59 -03:00
Pedro Igor	8b6979ac18	[KEYCLOAK-7849] - Improvements to RPT upgrade	2018-07-18 16:40:55 -03:00
Martin Kanis	34407957b9	KEYCLOAK-6314 Internal server error after T&C rejection	2018-07-18 15:05:22 +02:00
vramik	54fcbf12b0	KEYCLOAK-7666 - adapter tests - eap6-fuse6 provider	2018-07-18 13:46:56 +02:00
vramik	8e20986335	KEYCLOAK-7876 Improve stability of fuse7 hawtio test	2018-07-18 10:51:32 +02:00
wyvie	8e221ea597	[KEYCLOAK-7835] BrokerLinkAndTokenExchangeTest turned off ... Until TOKEN_ECHANGE is enabled (means currently turned off for prod profile)	2018-07-16 10:27:56 +02:00
mhajas	432ea277a7	KEYCLOAK-7816 Assume preview profile in authz tests	2018-07-13 12:53:46 -03:00
Pedro Igor	90bfa2bff5	[KEYCLOAK-7781] - More validations to authorization requests	2018-07-13 09:18:05 -03:00
stianst	f022bc1269	[KEYCLOAK-5629] Add credential endpoints to account service	2018-07-12 13:00:25 -04:00
mhajas	5aebc74f8c	KEYCLOAK-7269 Setting more uris for Authorization Resource	2018-07-11 17:48:34 -03:00
vmuzikar	0432a566dd	KEYCLOAK-7805 Fix PayPal and Bitbucket Social Login tests	2018-07-11 10:19:24 +02:00
rmartinc	4a82979792	KEYCLOAK-1925: SAML adapter multitenant support	2018-07-10 13:21:11 +02:00
Sebastian Laskawiec	3918dbed59	KEYCLOAK-2886 Turn off clustered tests from IDE	2018-07-10 12:37:21 +02:00
mposolda	d0a824dde4	Updating version to 4.2.0.Final-SNAPSHOT	2018-07-05 07:42:48 -04:00
vmuzikar	64b391cc1b	KEYCLOAK-7761 Fix Instagram Social Login test	2018-07-04 09:00:54 +02:00
ssilvert@win.redhat.com	d55ccf5312	KEYCLOAK-7015: Not allowing two users to have empty string emails addrs.	2018-07-03 11:04:36 -04:00
Pedro Igor	871be4ad87	[KEYCLOAK-7764] - Error when processing resource-less permissions	2018-07-03 10:35:11 -03:00
Pedro Igor	6f3c59e086	[KEYCLOAK-7062] - Groups claim should be optional	2018-07-03 10:03:20 -03:00
vramik	742a280f5d	KEYCLOAK-5556 support for POST for AuthorizationEndpoint	2018-07-03 10:38:10 +02:00
vmuzikar	d99dca2db3	KEYCLOAK-7743 Fix broken X.509 tests	2018-07-02 12:42:50 +02:00
vmuzikar	3355399b4e	KEYCLOAK-7741 Fix broken test modules	2018-06-29 10:17:06 -03:00
Pedro Igor	dcadc61220	[KEYCLOAK-7670] - PEP not returning correct status code when authorization header is not set	2018-06-29 09:39:55 -03:00
stianst	3c5027de3c	KEYCLOAK-7701 Refactor key providers to support additional algorithms	2018-06-29 14:14:25 +02:00
vramik	c97e7e720e	KEYCLOAK-7550 - adapter tests - Fuse7.1 provider	2018-06-28 16:24:02 +02:00
Pedro Igor	f10c47955f	[KEYCLOAK-7427] - Fix to support writing to response when doing programmatic logouts	2018-06-28 11:08:28 -03:00
vramik	591093f867	KEYCLOAK-7730 - revert OSGiApplicationArchiveProcessor moved into fuse app servers	2018-06-28 10:22:25 -03:00
vramik	9039b44f4d	KEYCLOAK-7718 DemoFilterServletAdapterTest test not configured correctly	2018-06-28 09:33:52 -03:00
stianst	5f0c86a49f	KEYCLOAK-6663 Add test to check custom uri scheme in redirect URI	2018-06-28 11:14:05 +02:00
vramik	8ac7bda52c	KEYCLOAK-7589 - adapter tests - Fuse7.0 provider	2018-06-28 08:45:02 +02:00
stianst	0d9ccba566	Some work on deprecated testsuite migration	2018-06-27 08:16:14 +02:00
vramik	39cbf4e9ab	KEYCLOAK-7588 - adapter tests - Fuse6.3 provider	2018-06-26 16:47:01 +02:00
Takashi Norimatsu	2fb022e501	KEYCLOAK-7688 Offline Session Max for Offline Token	2018-06-26 08:25:06 +02:00
vramik	b478472b35	KEYCLOAK-7478 Add key query param to change locale url	2018-06-26 08:19:25 +02:00
vramik	8fdadcc596	KEYCLOAK-7475 adapter tests - add Wildfly10 and Wildfly9 providers	2018-06-25 14:31:11 +02:00
vramik	d9f79fae79	KEYCLOAK-7510 Add Support for server specific ArchiveProcessor	2018-06-22 11:38:57 +02:00
Hynek Mlnarik	530a710dce	KEYCLOAK-7412 Tests for Fuse 7.0	2018-06-22 08:59:44 +02:00
Hynek Mlnarik	6b968796ce	KEYCLOAK-7667 Fix namespace handling when decrypting assertion	2018-06-21 13:09:18 +02:00
Hiroyuki Wada	c2012a595b	KEYCLOAK-7650 Don't display disabled identity providers	2018-06-19 08:55:24 -04:00
vramik	2fcfa5cf71	KEYCLOAK-7094 Support redirect to external logout page for saml filter adapter	2018-06-19 13:23:18 +02:00
stianst	e1a0e581b9	Update to 4.1.0.Final-SNAPSHOT	2018-06-14 14:22:28 +02:00
vramik	ccb09fbf45	KEYCLOAK-7616 fix NPE for UserStorageConsentTest	2018-06-13 15:53:41 +02:00
vramik	5f1f3dff5e	KEYCLOAK-7094 Support redirect to external logout page for elytron adapter	2018-06-13 12:50:38 +02:00
Pedro Igor	dd93de75d9	[KEYCLOAK-7579] - Fixing test to use client scopes instead of old scope param required (#5259)	2018-06-12 15:44:03 -03:00
vramik	f19a324030	KEYCLOAK-7587 Some system properties are not included	2018-06-12 11:42:10 +02:00
vramik	9cf965a157	Ignore non-related failing ClientInitiatedAccountLinkTest#testErrorConditions	2018-06-11 13:46:59 +02:00
vramik	9e42be09d7	KEYCLOAK-7517 - adapter tests - EAP6 provider	2018-06-11 13:46:59 +02:00
vramik	a5c0cbc3b4	KEYCLOAK-7473 app-server-eap provider	2018-06-11 13:46:59 +02:00
vramik	bb5dc4c473	KEYCLOAK-6745 Adapter tests - remove abstract adapter test classes	2018-06-11 13:46:59 +02:00
vramik	132386f64d	KEYCLOAK-6541 app server wildfly provider	2018-06-11 13:46:59 +02:00
vramik	b0c89d739b	KEYCLOAK-6541 app server undertow support	2018-06-11 13:46:59 +02:00
vramik	6a07a7ed2c	KEYCLOAK-6541 base changes	2018-06-11 13:46:59 +02:00
Marek Posolda	49407c2e4f	KEYCLOAK-6630 Client scopes initial support (#5076) ... * KEYCLOAK-6630 KEYCLOAK-349 Client Scopes Co-authored-by: vramik <vramik@redhat.com> * KEYCLOAK-6630 Change some clientTemplate occurences to clientScope	2018-06-08 15:38:38 +02:00
Pedro Igor	aa128d6c07	Merge pull request #5240 from pedroigor/KEYCLOAK-7353 ... [KEYCLOAK-7353] Support Policy Management in Protection API	2018-06-07 11:05:49 -03:00
Ola Bergefall	c8c76cc03f	KEYCLOAK-7316: Default back to false if isPassive is missing in request.	2018-06-07 08:50:32 +02:00
Federico M. Facca	5a9bfea419	[KEYCLOAK-7353] Support Policy Management in Protection API ... See https://issues.jboss.org/browse/KEYCLOAK-7353	2018-06-06 19:36:42 -03:00
vramik	dffe70e40a	KEYCLOAK-7518 DeploymentArchiveProcessor assumes that every archive contains jboss-deployment-structure.xml file	2018-06-06 21:15:39 +02:00
Hynek Mlnarik	7ff18ca14b	KEYCLOAK-7331 Fix NPE when SAML Issuer not set in AuthnRequest	2018-06-06 16:21:18 +02:00
Hynek Mlnarik	5a241392cf	KEYCLOAK-7094 Support redirect to external logout page	2018-06-05 14:51:18 +02:00
Takashi Norimatsu	c586c63533	KEYCLOAK-6771 Holder of Key mechanism ... OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens	2018-06-05 08:18:29 +02:00
Pedro Igor	f8919f8baa	Merge pull request #5211 from pedroigor/KEYCLOAK-7367 ... [KEYCLOAK-7367] - User-Managed Policy Provider	2018-06-04 09:35:13 -03:00
Pavel Drozd	6c3e6bc90c	KEYCLOAK-7476 - sshLoginTest - changed command result	2018-06-01 10:35:38 +02:00
Jared Blashka	65c39763eb	KEYCLOAK-7356 Code to Token flow fails if initial redirect_uri contains a session_state parameter	2018-05-31 08:53:11 +02:00
Martin Kanis	f429469fc8	KEYCLOAK-5270 Realm cookie path for IE<=11 users (#5106)	2018-05-31 08:44:34 +02:00
Takashi Norimatsu	eb97151476	KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange	2018-05-28 22:15:43 +02:00
Pedro Igor	2b6597e9f1	[KEYCLOAK-7367] - User-Managed Policy Provider	2018-05-25 16:18:15 -03:00
Stian Thorgersen	dbf5c395b0	Bump version to 4.0.0.Final (#5224)	2018-05-24 19:02:30 +02:00
Pedro Igor	08c22416a2	Merge pull request #5208 from ASzc/KEYCLOAK-7362 ... KEYCLOAK-7362 Disable mvn-golang-wrapper in the product build	2018-05-18 13:51:17 -03:00
Pedro Igor	21d139c6c2	Merge pull request #5173 from pedroigor/KEYCLOAK-7148 ... [KEYCLOAK-7148] - Associate sub resources to a parent resource	2018-05-17 16:51:55 -03:00
vramik	39b6bf62ba	KEYCLOAK-6991 fixed ExportImportTest not to affect other tests (PermissionsTest, RealmTest) on auth-server-undertow	2018-05-17 11:07:29 +02:00
Alex Szczuczko	6a19a8fb7e	KEYCLOAK-7362 Disable mvn-golang-wrapper in the product build ... com.igormaznitsa:mvn-golang-wrapper is a new plugin used by the testsuite. It depends on arbitrary internet resources, including github and storage.googleapis.com. This isn't permissible in a product build, and so PNC blocks it. As a short-term solution, I've added a product profile the sets the skip parameter to true for this plugin. Other approaches, like changing the phase of the get goals, didn't work.	2018-05-16 16:53:39 -06:00
Bill Burke	e5a6dbd77a	Merge pull request #5192 from ttaylor249/master ... Force the mvn-golang plugin to use the maven proxy	2018-05-16 09:47:01 -04:00
Pedro Igor	1634bef28a	Merge pull request #5194 from pedroigor/KEYCLOAK-7322 ... [KEYCLOAK-7322] - NPE when removing group from representation	2018-05-15 06:05:54 -03:00
pedroigor	88f21eae87	[KEYCLOAK-7322] - NPW when removing group from representation	2018-05-08 14:03:33 -03:00
Bill Burke	1258923a0d	Merge pull request #5188 from patriot1burke/keycloak-7304 ... KEYCLOAK-7304	2018-05-08 07:31:05 -04:00
mhajas	3ced81a2c2	KEYCLOAK-7315 Fix issues in JavascriptAdapter tests (#5193) ... more in issue KEYCLOAK-7315	2018-05-07 14:47:56 -04:00
Tim Taylor	49a03a86fb	Force the mvn-golang plugin to use the maven proxy	2018-05-04 15:31:49 -04:00
Pedro Igor	e84acd9898	Merge pull request #5177 from pedroigor/KEYCLOAK-7206 ... [KEYCLOAK-7206] - Search by user id on admin console	2018-05-04 09:11:49 -03:00
Bill Burke	fdc6fc59b8	KEYCLOAK-7304	2018-05-03 12:14:30 -04:00
pedroigor	7ebcc69cb9	[KEYCLOAK-7148] - Associate sub resources to a parent resource	2018-05-02 13:04:11 -03:00
Stian Thorgersen	90e5c7f3eb	Bump version to 4.0.0.Beta3-SNAPSHOT (#5185)	2018-05-02 14:32:20 +02:00
Martin Kanis	9505925363	Revert "KEYCLOAK-5270 Realm cookie path for IE<=11 users (#5106)" (#5183) ... This reverts commit a67da7bc59.	2018-05-02 09:31:42 +02:00
mhajas	6e123bcea2	KEYCLOAK-6847 Fix OIDC adapter tests	2018-05-02 09:28:26 +02:00
pedroigor	ddceaaf3d5	[KEYCLOAK-7206] - Search by user id on admin console	2018-04-30 11:44:33 -03:00
vmuzikar	5ec50461ee	KEYCLOAK-7101 Fix DockerClientTest	2018-04-27 15:02:10 +02:00
Pedro Igor	e960642399	Merge pull request #5144 from pedroigor/KEYCLOAK-4903 ... [KEYCLOAK-4903] - Pushed Claims	2018-04-26 15:59:13 -03:00
pedroigor	035ebc881a	[KEYCLOAK-4903] - Claim Information point Provider SPI and configuration	2018-04-25 10:16:41 -03:00
vramik	8b5fd2b4ac	KEYCLOAK-7091 fuse7 testsuite	2018-04-25 14:35:56 +02:00
pedroigor	e813fcd9c8	[KEYCLOAK-4903] - Pushing claims when obtaining a permission ticket	2018-04-24 19:47:28 -03:00
mposolda	634e7170e3	KEYCLOAK-7158 RestartLoginCookie throws error when KC_RESTART cookie created by Keycloak 1.9	2018-04-23 21:56:13 +02:00
Stan Silvert	b6a0303a4c	KEYCLOAK-7196: Add kc_locale to keycloak.js (#5165) ... * KEYCLOAK-7196: Add kc_locale to keycloak.js * Update keycloak.d.ts	2018-04-23 11:45:32 -04:00
pedroigor	c3d297dd05	[KEYCLOAK-7162] - Expose WWW-Authenticate Header when using CORS	2018-04-23 08:46:54 +02:00
mhajas	a1e7351072	KEYCLOAK-6815 Use htmlunit as default browser for adapter tests	2018-04-19 15:01:14 +02:00
Martin Kanis	7efa45126c	KEYCLOAK-6991 NPE when importing realm from file	2018-04-19 14:26:50 +02:00
wyvie	4ddff9ee16	[KEYCLOAK-7017] fixed ActionTokenCrossDCTest failures ... Test was failing because of change of login page design. Element which contained title headers was moved from header title to another element. Was not fixed upon initial commit (ca15db) because test's only turned on by profile.	2018-04-17 16:14:10 +02:00
Vlastimil Eliáš	c1311e4619	KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn OAuth2 endpoint (#5125) ... * KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn OAuth2 endpoint * KEYCLOAK-6849 - LinkedIn social login provider test updated * KEYCLOAK-6849 - LinkedIn social login provider test updated to conditionally handle consent page when shown only * Simplify the LinkedIn app authorization This reverts commit c12359e7a13d9ff231fe2e25cddba66ad679a9cd.	2018-04-13 08:09:27 +02:00
vramik	9a94004fc9	KEYCLOAK-7137 Polish testsuite a bit	2018-04-12 16:46:59 +02:00
mhajas	b78f0aa9db	KEYCLOAK-6806 Wait for query error to appear in query response mode test (#5130)	2018-04-10 09:58:23 +02:00
Hugo Guerrero	fac3118b0a	KEYCLOAK-6448 - implement instagram social broker (#4963) ... * KEYCLOAK-6448 - implement instagram social broker * Instagram SocialLogin Tests	2018-04-09 17:30:27 +02:00
Martin Kanis	a67da7bc59	KEYCLOAK-5270 Realm cookie path for IE<=11 users (#5106)	2018-04-06 09:26:29 +02:00
wyvie	943bd9e48e	[KEYCLOAK-6808] fix for the WildflyConsoleProtectionTest ... Access Control is not an 'a' tag, but rather 'span' Also two tests do not behave correctly with a same Before annotated initialization, so reduce number of tests to one, which calls the other one	2018-04-06 07:28:29 +02:00
Pedro Igor	e1f5245145	Merge pull request #5120 from pedroigor/KEYCLOAK-7029 ... [KEYCLOAK-7029] - Configuration of cache policies for cached resources/path	2018-04-05 09:33:23 -03:00
wyvie	b3513e3203	[KEYCLOAK-6872] fixed account link test	2018-04-05 10:53:00 +02:00
Bill Burke	ffd9d957f4	Merge pull request #5123 from patriot1burke/kcadm-token ... KEYCLOAK-7044 KEYCLOAK-7046	2018-04-04 17:22:17 -04:00
Stefan Guilhen	87abe5e648	[KEYCLOAK-6853] Make TimePolicyProvider use the kc.date.time_date contextual attribute when evaluating policies	2018-04-04 14:37:03 -03:00
mhajas	b3b81d6a76	KEYCLOAK-6806 timeSkew tolerance in tests (#5110)	2018-04-04 11:19:18 +02:00
Bill Burke	8a5428808e	KEYCLOAK-7044 KEYCLOAK-7046	2018-04-03 21:29:31 -04:00
pedroigor	a939c45d58	[KEYCLOAK-7029] - Configuration of cache policies for cached resources/path	2018-04-03 16:44:27 -03:00
Bill Burke	0b2fe75828	Merge pull request #5115 from patriot1burke/kcinit-browser ... KEYCLOAK-7004 KEYCLOAK-7003 KEYCLOAK-6999 KEYCLOAK-7033	2018-04-03 10:31:30 -04:00
pedroigor	5c52da80c6	[KEYCLOAK-7028] - Propagating AuthorizationContext when enforcement-mode is disable for a path	2018-04-02 11:10:43 -03:00
Bill Burke	04a72b9608	bump kcinit version tag	2018-03-31 22:34:37 -04:00
Bill Burke	4078e84fb6	server driven success page	2018-03-31 10:16:44 -04:00
Bill Burke	06f32a47ec	fake browser tests	2018-03-30 08:24:30 -04:00
Bill Burke	f4a5e49b63	initial	2018-03-29 17:14:36 -04:00
Pedro Igor	5cae1bb134	Merge pull request #5093 from pedroigor/KEYCLOAK-4102 ... [KEYCLOAK-4102] - Support lazy load paths	2018-03-29 09:16:34 -03:00
Bill Burke	8d3dc790df	Merge pull request #5087 from patriot1burke/kcinit ... KEYCLOAK-6813	2018-03-28 17:35:33 -04:00
Bill Burke	f5bacb79c1	review changes	2018-03-28 16:45:52 -04:00
pedroigor	4a425c2674	[KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config	2018-03-28 09:23:59 -03:00
Bill Burke	c38b6d585e	KEYCLOAK-528 (#5103)	2018-03-28 11:15:37 +02:00
Bill Burke	ad5f3fefc5	Merge remote-tracking branch 'upstream/master' into kcinit	2018-03-27 16:38:35 -04:00
Pedro Igor	ffeb0420bf	Merge pull request #5079 from pedroigor/KEYCLOAK-6529 ... [KEYCLOAK-6529] - Resource Attributes	2018-03-27 09:30:38 -03:00
mhajas	a63bb44ba2	KEYCLOAK-3164 Migrate SAML ECP tests to integration-arquillian	2018-03-27 12:07:07 +02:00
stianst	07fea02146	Bump versions to 4.0.0.Beta2-SNAPSHOT	2018-03-26 18:17:38 +02:00
Pavel Drozd	92aba77cc1	Merge pull request #5094 from vmuzikar/fix-stackoverflow ... KEYCLOAK-6510 Fix StackOverflow social login test	2018-03-26 08:22:32 +02:00
Bill Burke	67229912e6	use kcinit branch	2018-03-21 13:38:40 -04:00
Bill Burke	39f93dfa33	fix providers test	2018-03-21 10:01:40 -04:00
June Zhang	ca15db81bb	KEYCLOAK-6262 Incorporate new visual design from PatternFly (#4983) ... * KEYCLOAK-6262 Incorporate new visual design from PatternFly Update the username or email Fix narrow/wide in template.ftl minor style update Add the Realm HTML name and image Config OTP and Update Password Not display the locale selector if there is less than 1 locale. Fix margins/paddings on config otp screens Fix title Upgraded to PatternFly 3.41.6 Added RCUE and updated RH-SSO login theme Refine the RCUE padding issue Fix tests Fix Keycloak background Fix * fix the overflowing issue * Fix Console UI Tests to reflect the new login page * Fix the different style of the IdP buttons Fix the IE placeholder issue - add label * Removed placeholder on login and reset pass. Fixed Keycloak background on wide screens. * fixed the stackoverflow issues fixed the width in the tablets	2018-03-21 10:47:33 +01:00
Bill Burke	f000cedcbb	Merge remote-tracking branch 'upstream/master' into kcinit	2018-03-20 16:49:43 -04:00
Bill Burke	681e3d751e	golang integration	2018-03-20 16:42:35 -04:00
Bill Burke	8926837a3e	tests	2018-03-19 16:47:13 -04:00
Stefan Guilhen	35b9fe043c	[KEYCLOAK-6543] Remove the authz examples from the Keycloak codebase.	2018-03-19 17:00:02 -03:00
Áron Bustya	82ba2b1b0d	remove changes from standard OIDC client registration, move constants	2018-03-19 19:31:22 +01:00
Áron Bustya	57f57f5c75	set request object mandatory for client, restrict delivery mode ... handle new attribute in client representation add to UI	2018-03-19 19:31:22 +01:00
pedroigor	08896ee9c9	[KEYCLOAK-6529] - Resource Attributes	2018-03-19 13:21:39 -03:00
Pedro Igor	917ba90f2c	Merge pull request #5077 from pedroigor/KEYCLOAK-6628 ... [KEYCLOAK-6628] - Expose methods to query roles, groups, and attributes of users in Evaluation API	2018-03-19 08:54:12 -03:00
Bill Burke	4bba11cd94	kcinit	2018-03-16 12:11:57 -04:00
mhajas	3826f6fae2	KEYCLOAK-3161 KEYCLOAK-3165 Migrate SAML tests from old testsuite to integration-arquillian	2018-03-15 18:15:44 +01:00
pedroigor	711bf244ed	[KEYCLOAK-6628] - Expose methods to query roles, groups, and attributes of users in Evaluation API	2018-03-15 14:02:15 -03:00
Douglas Palmer	fed1b62c5d	[KEYCLOAK-6301] Remove service account when it is disabled from the client	2018-03-14 15:09:42 +01:00
Takashi Norimatsu	e72756d01a	KEYCLOAK-6700 Financial API Read and Write API Security Profile : state hash value (s_hash) to protect state parameter	2018-03-13 16:40:34 +01:00
Pedro Igor	871ecf83fb	Merge pull request #5071 from vramik/KEYCLOAK-6644-stabilize-PhotozExampleAdapterTest ... KEYCLOAK-6644 PhotozExampleAdapterTest is not stable	2018-03-13 09:03:57 -03:00
vmuzikar	daaa35bc37	KEYCLOAK-6831 Fix Microsoft Social Login test	2018-03-13 10:19:27 +01:00
vramik	9d10ccef70	KEYCLOAK-6644 PhotozExampleAdapterTest is not stable	2018-03-13 09:53:17 +01:00
Pedro Igor	2aa71d1737	Merge pull request #5051 from pedroigor/KEYCLOAK-6787 ... [KEYCLOAK-6787] - Wrong validation of resources with same name and different owners	2018-03-12 11:41:49 -03:00
Pedro Igor	b9b1102b74	Merge pull request #5004 from pedroigor/KEYCLOAK-6623 ... [KEYCLOAK-6623] - Policy enforcer gets confused with similar paths ending with wildcards	2018-03-12 09:59:05 -03:00
Pedro Igor	f824582aac	Merge pull request #5009 from pedroigor/KEYCLOAK-6116 ... [KEYCLOAK-6116] - Get email attribute from 'subject alternative name' using X509 certificate	2018-03-12 09:58:02 -03:00
pedroigor	199f289ee3	[KEYCLOAK-6623] - Adding test	2018-03-09 16:39:33 -03:00
Hynek Mlnarik	190771ddf1	KEYCLOAK-6783 Add authentication into cross-dc testing	2018-03-09 15:08:55 +01:00
pedroigor	62b70b561e	[KEYCLOAK-6116] - Removing references to phantomjs.cli.args	2018-03-09 10:56:35 -03:00
pedroigor	1f13427dee	[KEYCLOAK-6116] - Enabling tests for both jboss servers	2018-03-09 10:56:35 -03:00
pedroigor	6aee573e2e	[KEYCLOAK-6116] - Tests for X509 Subject Alternative Name Extension	2018-03-09 10:56:35 -03:00
vmuzikar	d66c33a8b9	KEYCLOAK-6793 Support custom Chrome binary in Arquillian testsuite	2018-03-07 10:38:12 +01:00
wyvie	c27ffbda8b	[KEYCLOAK-6643] server version now retreived from server info web page	2018-03-06 10:49:09 +01:00
vmuzikar	502fc62967	KEYCLOAK-6797 Fix Social Login test	2018-03-06 10:19:10 +01:00
Bill Burke	4b6b45cf43	KEYCLOAK-6026	2018-03-05 11:57:05 -05:00
Pedro Igor	1b06194455	Merge pull request #5050 from TeliaSoneraNorge/KEYCLOAK-6659 ... Add pairwise sub support to authorization services	2018-03-02 14:44:28 -03:00
Martin Hardselius	8549bd70b7	Add pairwise sub support to authorization services ... Identity token verification will now fetch the user from the session state instead of relying on the sub provided in the token. Also done in KeycloakIdentity. Resolves: KEYCLOAK-6659	2018-03-02 13:08:27 +01:00
vramik	569f26776e	KEYCLOAK-5060 KEYCLOAK-3157 migrated Adapter package from old testsuite	2018-03-02 10:56:26 +01:00
pedroigor	1e1de85685	[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners	2018-03-01 16:50:05 -03:00
pedroigor	b0200d462d	[KEYCLOAK-6621] - Removing unnecessary code to process scopes from typed resources	2018-02-28 16:33:45 -03:00
vmuzikar	028e78f46b	KEYCLOAK-6772 Fix SessionsPreloadCrossDCTest	2018-02-28 20:14:50 +01:00
Hynek Mlnarik	9ca7b22cec	KEYCLOAK-6777 Fix AccountPageTest	2018-02-28 16:28:48 +01:00
Hynek Mlnarik	1b45ab2601	KEYCLOAK-6773 XML vulnerability test	2018-02-28 15:05:07 +01:00
Pedro Igor	91bdc4bde2	[KEYCLOAK-3169] - UMA 2.0 (#4368) ... * [KEYCLOAK-3169] - UMA 2.0 Support * [KEYCLOAK-3169] - Changes to account service and more tests * [KEYCLOAK-3169] - Code cleanup and tests * [KEYCLOAK-3169] - Changes to account service and tests * [KEYCLOAK-3169] - Changes to account service and tests * [KEYCLOAK-3169] - More tests * [KEYCLOAK-3169] - Changes to adapter configuration * [KEYCLOAK-3169] - Reviewing UMA specs and more tests * [KEYCLOAK-3169] - Reviewing UMA specs and more tests * [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring * [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests * [KEYCLOAK-3169] - Changes to account my resources and policy enforcers * [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console * [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console * [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests * [KEYCLOAK-3169] - Removing more UMA 1.0 related code * [KEYCLOAK-3169] - Only submit requests if ticket exists * [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated * [KEYCLOAK-3169] - Removing unused code * [KEYCLOAK-3169] - Removing unused code * [KEYCLOAK-3169] - 403 response in case ticket is not created * [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent * [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients	2018-02-28 08:53:10 +01:00
mhajas	e52380915b	KEYCLOAK-4817 Fix instability	2018-02-27 14:35:52 +01:00
vmuzikar	08bf19d4aa	KEYCLOAK-6694 Revamp OpenShift Social Login test	2018-02-27 12:28:42 +01:00
Hynek Mlnarik	1f20c03afa	KEYCLOAK-6470 Refactor SAML adapter parsers	2018-02-27 09:37:29 +01:00
vmuzikar	d70e4740fc	KEYCLOAK-6693 Support external truststore in testsuite	2018-02-27 07:45:21 +01:00
Bill Burke	aa089980ce	Merge pull request #4942 from mstruk/KEYCLOAK-5807 ... KEYCLOAK-5807 Intermittent failures in UserStorageTest	2018-02-26 12:14:38 -05:00
mhajas	fe1c447d9a	KEYCLOAK-6546 Run filter test on WebLogic and WebSphere	2018-02-26 15:47:13 +01:00
Hynek Mlnarik	bde9210fa3	KEYCLOAK-6692 Fix LogoutTest on Oracle	2018-02-26 15:45:55 +01:00
mhajas	e2ad59a74d	KEYCLOAK-4816 KEYCLOAK-4817 Move javascript tests to base testsuite and (#4964) ... * KEYCLOAK-4816 KEYCLOAK-4817 Move javascript tests to base testsuite and use JavascriptExecutor * Use PhantomJS 2.1.1 instead of 1.9.8 in Travis CI	2018-02-26 10:49:05 +01:00
Hynek Mlnarik	e7cdb8ad54	KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers	2018-02-23 08:16:14 +01:00
pedroigor	8112c5d3f2	[KEYCLOAK-6492] - Migrate authorization package from old testsuite	2018-02-22 09:05:40 +01:00
Erlend Hamnaberg	208ecbc3f7	KEYCLOAK-6676: Fix NPE if the redirect_uri parameter is missing	2018-02-21 19:44:22 +01:00
pedroigor	61d5425fdf	[KEYCLOAK-6321] - Tests	2018-02-21 19:41:44 +01:00
Bruno Oliveira	f351db608e	[KEYCLOAK-6334] Minor typo: "read only" should be "read-only"	2018-02-20 20:18:16 +01:00
mposolda	fc463ae50b	KEYCLOAK-6617 Offline token logout did not invalidate user session	2018-02-19 08:49:05 +01:00
cgol	86a8addf49	KEYCLOAK-6615 Remove offline session from database on offline token logout ... remove offline token from database on offline session logout	2018-02-19 08:49:05 +01:00
stianst	9b63cd35f0	KEYCLOAK-6431	2018-02-13 19:38:46 +01:00
Bill Burke	5d5373454c	Merge pull request #4991 from patriot1burke/challenge-support ... KEYCLOAK-6355	2018-02-13 09:38:45 -05:00
Bill Burke	d6788a0839	finish	2018-02-10 13:38:39 -05:00
mhajas	2b65adc15f	KEYCLOAK-6309 Fix tests ... Add trustore to war even if ssl is not enabled because HttpClient is configured with truststore	2018-02-09 10:24:58 +01:00
Bruno Oliveira	b91998a0d8	[KEYCLOAK-6111] 'Override User-Initiated Action Lifespan' admin GUI can break realm configuration	2018-02-09 06:36:23 -02:00
stianst	505cf5b251	KEYCLOAK-6519 Theme resource provider	2018-02-09 08:28:59 +01:00
Hynek Mlnarik	c07b60d527	KEYCLOAK-6474 Fix NPE on SAML logout	2018-02-07 08:05:36 +01:00
Douglas Palmer	fc52ff65bd	[KEYCLOAK-6518] Added explicit guava dependency instead of relying on transitive dependency.	2018-02-06 10:52:48 +01:00
Hynek Mlnarik	b3766576d7	KEYCLOAK-6146 Simplify test via RealmCreator	2018-02-06 09:28:07 +01:00
vmuzikar	c8c86d2bad	KEYCLOAK-6510 Fix StackOverflow social login test	2018-02-05 17:16:33 +01:00
Marko Strukelj	62a9d4ea91	KEYCLOAK-5807 Under daily eviction policy user entries not returned from cache when they should	2018-02-02 19:27:23 +01:00
vmuzikar	340afb2a50	KEYCLOAK-6450 Stabilize WelcomePageTest	2018-02-02 13:08:52 +01:00
vmuzikar	46ebff2163	KEYCLOAK-6331 Fix and stabilize Console UI tests	2018-02-02 11:58:47 +01:00
Pavel Drozd	9382439a05	Merge pull request #4944 from mhajas/KEYCLOAK-4751 ... KEYCLOAK-4751 Fix tests on EAP6 and add test for EAP7	2018-02-02 11:13:07 +01:00
vramik	019c3c9ef9	KEYCLOAK-6146 realm import fails when password policy is specified	2018-02-02 08:30:06 +01:00
Thomas Darimont	77334af34e	KEYCLOAK-6222 Check syntax for errors on ScriptBasedOIDCProtocolMapper validation ... We now explicitly check for syntax errors during validation of ScriptBasedOIDCProtocolMappers.	2018-02-02 08:28:27 +01:00
Bill Burke	8f09efab9d	Merge pull request #4949 from patriot1burke/client-storage-spi ... KEYCLOAK-6228	2018-02-01 08:59:02 -05:00
mhajas	c34db4cf01	KEYCLOAK-6309 Configure HTTPClient in keycloak-saml.xml	2018-02-01 09:59:08 +01:00
Bill Burke	126dd70efc	client stat improvement	2018-01-31 13:05:13 -05:00
Vlastimil Elias	a5f675d693	KEYCLOAK-4937 - convert time units in emails into human-friendly format	2018-01-30 06:38:57 +01:00
Bill Burke	4a044fe867	add ofline token test	2018-01-29 17:08:13 -05:00
Bill Burke	0fc7fa557d	fix caching	2018-01-29 16:26:51 -05:00
Bill Burke	79f9de9de4	Merge remote-tracking branch 'upstream/master' into client-storage-spi	2018-01-29 12:28:26 -05:00
Bill Burke	4bf23cc83a	caching	2018-01-29 12:28:17 -05:00
mhajas	2a2f255640	KEYCLOAK-4793 Fix authorization services maven scanner properties in base testsuite for product	2018-01-29 09:18:20 +01:00
Bill Burke	1d8e38f0c6	admin console	2018-01-27 13:05:02 -05:00
Bill Burke	dd4c0d448c	Merge remote-tracking branch 'upstream/master' into client-storage-spi	2018-01-27 09:47:41 -05:00
Bill Burke	6b84b9b4b6	done 1st iteration	2018-01-27 09:47:16 -05:00
mhajas	8ac7d1deca	KEYCLOAK-4751 Fix tests on EAP6 and add test for EAP7	2018-01-26 11:25:33 +01:00
Takashi Norimatsu	502627f590	KEYCLOAK-5811 Client Authentication by JWS Client Assertion in client secret	2018-01-26 10:59:40 +01:00
vmuzikar	806b554fb2	Social login test for GitHub with private email	2018-01-25 20:56:24 +01:00
vramik	b0fbe5c8ba	KEYCLOAK-6300 List of group members is not sorted alphabetically	2018-01-25 20:21:03 +01:00
Bill Burke	7c66f76858	Merge pull request #4932 from patriot1burke/per-client-flow ... KEYCLOAK-6335	2018-01-25 09:55:11 -05:00
Douglas Palmer	42759be6ff	[KEYCLOAK-6143] Remove Hmac prefix from algorithms in the OTP manual config pages	2018-01-25 07:10:30 +01:00
Douglas Palmer	0f1644e612	[KEYCLOAK-6142] Updated OTP manual config pages to reflect HOTP	2018-01-25 07:09:24 +01:00
Bill Burke	4bfb62d7f4	marek suggested fixes	2018-01-24 09:32:38 -05:00
mposolda	6369c26671	KEYCLOAK-6286 Adding 'Exclude Session State From Authentication Response' switch to fix backwards compatibility with Keycloak 2.X adapters	2018-01-24 11:35:13 +01:00
Thomas Recloux	71e0b00600	KEYCLOAK-5857 Supports PBKDF2 hashes with different key size ... The original use case is to support imported credentials with a different key size without implementing a totally new PasswordHashProvider	2018-01-24 09:02:37 +01:00
Bill Burke	be65c14a6a	fix provider test	2018-01-23 13:03:45 -05:00
Bill Burke	7b2e72d395	Merge remote-tracking branch 'upstream/master' into per-client-flow	2018-01-23 12:10:11 -05:00
Bill Burke	a9297df89c	KEYCLOAK-6335	2018-01-23 12:09:49 -05:00
Hynek Mlnarik	4ba72e2d2d	KEYCLOAK-5976 Fix client setting in brokered IdP-initiated scenario	2018-01-23 09:34:11 +01:00
stianst	f762173eb0	KEYCLOAK-3370 Add option to override theme in client template and client	2018-01-18 09:14:13 +01:00
Thomas Darimont	bae4d4c673	KEYCLOAK-5791 Allow multi-valued ScriptBasedOIDCProtocolMapper ... We now support multi-valued attribute values for the `ScriptBasedOIDCProtocolMapper`. Previously the `ScriptBasedOIDCProtocolMapper` only supported single valued output. If a script returned a list of output values then only the first value was emitted to the token. By default multi-valued is set to `false` / `off`.	2018-01-11 08:52:24 +01:00
mhajas	a77be7eb7b	KEYCLOAK-5503 Remove redirecting to error page for AutodetectBearerOnly client	2018-01-09 16:34:18 +01:00
Hynek Mlnarik	b5fc6045fd	KEYCLOAK-6106 Put dotless ids first in identity broker state	2018-01-02 21:31:49 +01:00
stianst	d8c0cc447f	KEYCLOAK-6090 Add missing cors headers with invalid username/password and resource owner grant	2018-01-02 15:15:15 +01:00
stianst	0bedbb4dd3	Bump version to 4.0.0.CR1-SNAPSHOT	2017-12-21 15:06:00 +01:00
Marko Strukelj	23d0afbfd8	KEYCLOAK-6058 Partial import should ignore built-in clients	2017-12-21 13:52:58 +01:00
stianst	f0c5752ef9	KEYCLOAK-5443 Fix update user account when both email as username and edit username are enabled	2017-12-20 14:40:03 +01:00
Martin Kanis	351dbffaf2	KEYCLOAK-5172 Set oidc as default protocol to clients	2017-12-20 13:38:12 +01:00
Bruno Oliveira	811cd3a04a	KEYCLOAK-6011	2017-12-20 13:37:11 +01:00
stianst	e96c6a4bcb	KEYCLOAK-6068 Fix preflight request on admin endpoints	2017-12-20 10:19:34 +01:00
mposolda	5a66f577eb	KEYCLOAK-5982 Fix NPEs when client 'account' was renamed/removed	2017-12-18 21:47:17 +01:00
stianst	27b5e1aae2	KEYCLOAK-6050 Fix export doesn't export internal realm rep	2017-12-18 13:15:42 +01:00
stianst	b303acaaba	KEYCLOAK-2120 Added manual setup page for OTP	2017-12-18 11:20:20 +01:00
Bill Burke	b5ae7e836d	smaller times	2017-12-16 13:18:41 -05:00
Bill Burke	a27097e9ef	reset defaults	2017-12-16 11:28:15 -05:00
Bill Burke	003f27e9bd	fix more	2017-12-16 08:31:33 -05:00
Bill Burke	76cccc3f2b	fix more	2017-12-16 08:29:58 -05:00
Bill Burke	80be4c9dbc	fix more	2017-12-16 07:12:32 -05:00
Bill Burke	1eec2747ef	fix stupidity	2017-12-15 15:31:14 -05:00
Bill Burke	7cb39c2dfc	KEYCLOAK-5420	2017-12-15 12:16:24 -05:00
Pavel Drozd	1b14f9e73e	Merge pull request #4847 from vramik/KEYCLOAK-4793 ... KEYCLOAK-4793 moved profile a lever lower due to migration test	2017-12-15 14:52:04 +01:00
stianst	a8943fb323	KEYCLOAK-6043 Use same urls for get and posts in account	2017-12-15 08:31:04 +01:00
Bruno Oliveira	1a541889f4	[KEYCLOAK-6015] replyTo can be empty string in DB	2017-12-15 07:01:15 +01:00
stianst	b672229efc	KEYCLOAK-6032 Fix error page when internationalization is enabled	2017-12-15 06:32:00 +01:00
vramik	abea430802	KEYCLOAK-4793	2017-12-14 11:30:28 +01:00
Hynek Mlnarik	2a2e6c839b	KEYCLOAK-5635	2017-12-13 21:07:46 +01:00
stianst	f939818252	KEYCLOAK-5907 Use client manager to delete clients in client registration services	2017-12-12 14:25:05 +01:00
mposolda	b8416dfa3e	KEYCLOAK-5981 Test Impersonation works when authenticationSession exists	2017-12-12 09:43:34 +01:00
mposolda	63efee6e15	KEYCLOAK-5938 Authentication sessions: Support for logins of multiple tabs of same client	2017-12-12 08:01:02 +01:00
Pavel Drozd	047fdb55a2	Merge pull request #4803 from mhajas/KEYCLOAK-5896 ... KEYCLOAK-5896 Run localization test only in community	2017-12-12 00:09:02 +01:00
Pavel Drozd	be36f5358c	Merge pull request #4802 from mhajas/KEYCLOAK-5986 ... KEYCLOAK-5986 Fix token javacsript tests	2017-12-12 00:07:16 +01:00
stianst	dac6c6bd7e	KEYCLOAK-6000 Fix output in execute actions email	2017-12-11 14:24:37 +01:00
Bill Burke	c9b218db71	Merge pull request #4823 from patriot1burke/master ... KEYCLOAK-5724	2017-12-08 20:03:05 -05:00
Bill Burke	7c031505e2	add test	2017-12-08 17:38:00 -05:00
Hynek Mlnarik	00fb36437d	KEYCLOAK-5861 Remove AUTH_SESSION_ID when END_AFTER_REQUIRED_ACTIONS set	2017-12-08 09:52:14 +01:00
Hynek Mlnarik	4a012b73ea	KEYCLOAK-4998 Fix NPE in AttributeToRoleMapper	2017-12-08 09:21:21 +01:00
Pavel Drozd	e567dcb888	Merge pull request #4809 from vramik/KEYCLOAK-4641 ... KEYCLOAK-4641 migrate remaining Adapter tests from old testsuite	2017-12-07 11:06:47 +01:00
stianst	c055ffb083	KEYCLOAK-4215 Consider session expiration when setting token timeouts	2017-12-07 10:45:02 +01:00
stianst	cccddebfd0	KEYCLOAK-5984 Fix error message in client initiated	2017-12-06 19:46:11 +01:00
vramik	5a8ff72cb6	KEYCLOAK-4641 migrate remaining Adapter tests from old testsuite	2017-12-06 15:12:37 +01:00
mposolda	8a0fa521c4	KEYCLOAK-5915 Support for sticky sessions managed by loadbalancer. Support for KeyAffinityService	2017-12-06 13:06:54 +01:00
mhajas	09348b2aff	KEYCLOAK-5896 Run localization test only in community	2017-12-06 10:09:46 +01:00
mhajas	896e216f99	KEYCLOAK-5986 Fix token javacsript tests	2017-12-06 10:08:32 +01:00
mposolda	6c34b4c418	KEYCLOAK-5914 Periodic clean of detached client sessions	2017-12-05 08:25:30 +01:00
stianst	c3d9f4704e	KEYCLOAK-5946 Make sure wildcard origin is never returned	2017-12-04 19:55:34 +01:00
stianst	4541acc628	KEYCLOAK-5176 Strip headers from PEM when uploading to client	2017-12-04 19:54:15 +01:00
mposolda	ff6fcd30d9	KEYCLOAK-4478 OIDC auth response lacks session_state in some cases	2017-12-04 16:13:22 +01:00
stianst	37de8e9f69	Bump version to 3.4.2.Final-SNAPSHOT	2017-12-01 09:34:48 +01:00
mposolda	7b03eed9c8	KEYCLOAK-5797 Refactoring authenticationSessions to support login in multiple browser tabs with different clients	2017-11-30 12:56:45 +01:00
Peter Nalyvayko	b8e5fd2b99	KC-4335: working on adding a reverse proxy support to allow X.509 client certificate authentication when running keycloak behind a reverse proxy ... KC-4335: reverse proxy => a swtich to change a type of reverse proxy when running the X509 integration tests; changes to the names of the reverse proxy providers KC-4335: updated the migration scripts to add x509 spi to standalone and domain configurations; removed the HAproxy and apache x509 spi configuration	2017-11-30 11:00:32 +01:00
pedroigor	674fb31a2c	[KEYCLOAK-5660] - Rest API User count returns wrong value	2017-11-30 10:45:54 +01:00
Bruno Oliveira	6a528a3ee6	[KEYCLOAK-2645] Reset password page says 'You need to change your password to activate your account.'	2017-11-30 10:37:21 +01:00
stianst	2be78a0239	KEYCLOAK-5924 Add error handler for uncaught errors	2017-11-30 10:33:13 +01:00
Pavel Drozd	4408cdb5c7	Merge pull request #4756 from tkyjovsk/KEYCLOAK-5922 ... KEYCLOAK-5922 Cluster tests don't work with non-undertow server	2017-11-30 09:24:39 +01:00
Bruno Oliveira	af66c5dbd2	[KEYCLOAK-5483] X.509 Auth - log in attempt is not sometimes logged in the Login Events	2017-11-29 20:08:22 +01:00
Tomas Kyjovsky	4240295af9	KEYCLOAK-5922 Cluster tests don't work with non-undertow server	2017-11-28 17:35:13 +01:00
Bill Burke	0a8995efc7	Merge pull request #4747 from mstruk/KEYCLOAK-5741 ... KEYCLOAK-5741 [Admin CLI] Fix instructions in build-in help	2017-11-28 08:57:29 -05:00
Bill Burke	c398f6619f	Merge pull request #4748 from mstruk/KEYCLOAK-5762 ... KEYCLOAK-5762 [Client Registration CLI] Fix instructions in built-in help	2017-11-28 08:57:15 -05:00
Stian Thorgersen	cf485c3fc9	KEYCLOAK-5308 Fix updating protocol mappers on Oracle	2017-11-27 19:46:12 +01:00
Stian Thorgersen	5666bfe88b	KEYCLOAK-4962 Fix updating mappers for identity providers on Oracle	2017-11-27 19:46:12 +01:00
Marko Strukelj	c35c6e6ab7	KEYCLOAK-5762 [Client Registration CLI] Fix instructions in built-in help	2017-11-27 17:00:48 +01:00
Marko Strukelj	0e2332196d	KEYCLOAK-5741 [Admin CLI] Fix instructions in build-in help	2017-11-27 16:12:00 +01:00
Pavel Drozd	a8bcdfb401	Merge pull request #4735 from vmuzikar/fix-ui ... KEYCLOAK-5816, KEYCLOAK-5815 UI tests fixes	2017-11-27 15:12:35 +01:00
Bruno Oliveira	9d35891e7d	[KEYCLOAK-5467] X.509 Auth - missing internationalization support	2017-11-27 13:44:38 +01:00
Bruno Oliveira	00677a6b92	[KEYCLOAK-5898] X.509 Auth - add tests for CRL with direct grant	2017-11-27 13:43:37 +01:00
Bruno Oliveira	697caaa805	[KEYCLOAK-4683] Add key usage tests for X.509 Authentication ... These tests cover the scenarios already available at our certificates: * Key Usage with the flag critical * Extended Key Usage without the flag critical	2017-11-27 13:42:57 +01:00
Marek Posolda	dd6502013e	Merge pull request #4734 from rmartinc/ui_locales ... KEYCLOAK-5896: Parameter "ui_locales" not redirected to login page in java adapters	2017-11-24 10:59:26 +01:00
rmartinc	ecbf6e5386	KEYCLOAK-5896: adding a test for the ui_locales change.	2017-11-24 08:21:37 +01:00
pedroigor	2721e6a5e4	[KEYCLOAK-5770] - Logout event test	2017-11-23 21:08:07 +01:00
mposolda	6d91ab674b	KEYCLOAK-5895 CrossDC: NotSerializableException when opening sessions tab in admin console	2017-11-23 20:03:12 +01:00
vmuzikar	6f4ab8870e	KEYCLOAK-5816, KEYCLOAK-5815 UI tests fixes	2017-11-23 13:51:38 +01:00
Pavel Drozd	94ba85c210	Merge pull request #4720 from vramik/KEYCLOAK-5872 ... KEYCLOAK-5872 add preview assumption to InvalidationCrossDCTest.authz…	2017-11-23 07:42:31 +01:00
Bill Burke	2117db5e6d	Merge pull request #4730 from patriot1burke/master ... KEYCLOAK-4715	2017-11-22 12:45:23 -05:00
Bill Burke	116bfb05c2	fix	2017-11-22 11:55:10 -05:00
Bill Burke	aee6d16f58	fix more stupidity	2017-11-22 10:22:47 -05:00
Bill Burke	ae29e36e1f	fix my stupidity	2017-11-22 08:19:30 -05:00
mposolda	bd1072d2eb	KEYCLOAK-5747 Ensure refreshToken doesn't need to send request to the other DC. Other fixes and polishing	2017-11-22 11:55:12 +01:00
Bill Burke	75d517a1e8	cleanup test	2017-11-21 21:49:51 -05:00
Bill Burke	8993ca08ad	KEYCLOAK-4715	2017-11-21 17:46:48 -05:00
vmuzikar	7fd237b40b	KEYCLOAK-5879 Fix SocialLoginTest with -Pauth-server-wildfly	2017-11-21 11:12:21 +01:00
Bill Burke	06762ba13d	KEYCLOAK-5878	2017-11-20 17:03:28 -05:00
vramik	37b625fd99	KEYCLOAK-5872 add preview assumption to InvalidationCrossDCTest.authzResourceInvalidationTest	2017-11-20 11:30:44 +01:00
Bruno Oliveira	641069d4fd	[KEYCLOAK-5866] MigrationTest fails for extracting realm keys	2017-11-16 19:44:09 +01:00
Bruno Oliveira	07aa718cb9	[KEYCLOAK-5379] MigrationTest fails for migration to 3.3.0	2017-11-16 07:22:57 +01:00
Pedro Igor	f96c3312e2	[KEYCLOAK-5841] - Test	2017-11-16 07:03:08 +01:00
Hynek Mlnařík	393fae74b3	Merge pull request #4693 from hmlnarik/KEYCLOAK-5349-JS-client-breaks-login-session ... KEYCLOAK-5349 User session count in IdP-initiated flow tests	2017-11-15 12:35:19 +01:00
Hynek Mlnarik	a2f6c16764	KEYCLOAK-5349 User session count in IdP-initiated flow tests	2017-11-15 11:41:45 +01:00
Pedro Igor	63a01b1e1f	Merge pull request #4689 from pedroigor/KEYCLOAK-5844 ... [KEYCLOAK-5844] - Refreshing PAT instead of obtaining a new one every time	2017-11-14 18:25:24 -02:00
Pedro Igor	fdb618219f	[KEYCLOAK-5844] - Refreshing PAT instead of obtaining a new one every time	2017-11-14 11:24:45 -02:00
Stian Thorgersen	89f4b87038	KEYCLOAK-5567 Set correct status code on login error pages	2017-11-14 12:33:29 +01:00
Bruno Oliveira	03d0488335	[KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link ... Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>	2017-11-13 19:57:04 -02:00
Stian Thorgersen	925d5e1dea	KEYCLOAK-3173 enable logout offline refresh token using OIDC logout endpoint	2017-11-13 18:23:39 +01:00
Stian Thorgersen	d30bf938ee	KEYCLOAK-5821 Fix basic auth tests with embedded Undertow	2017-11-13 16:34:25 +01:00
Pavel Drozd	af97a84108	Merge pull request #4635 from vmuzikar/fix-x509 ... KEYCLOAK-5720 Fix X.509 tests	2017-11-13 11:56:16 +01:00
Stian Thorgersen	4295f4ec31	KEYCLOAK-1886 Added cors headers to errors in token endpoint	2017-11-10 12:01:21 +01:00
mposolda	b033ce0669	KEYCLOAK-5371 SessionExpirationCrossDCTest - improve stability. Remove checks for counts of sent messages	2017-11-09 22:18:47 +01:00
mposolda	a98f085be6	KEYCLOAK-5618 Fix SessionsPreloadCrossDCTest. Update HOW-TO-RUN docs. Ensure it's executed in travis.	2017-11-09 17:39:04 +01:00
Stian Thorgersen	128ff12f8f	Bump versions	2017-11-09 15:37:21 +01:00
Marko Strukelj	dae0fafc8a	KEYCLOAK-5040 ProfileAssume needs to use server info endpoint	2017-11-09 14:19:06 +01:00
Bruno Oliveira	26e253f4a5	[KEYCLOAK-5284]	2017-11-09 13:45:06 +01:00
Marko Strukelj	2854a2006e	KEYCLOAK-5810 ClientTokenExchangeTest failures with -Pproduct profile	2017-11-09 13:44:10 +01:00
vmuzikar	2c2a332f80	KEYCLOAK-5332 Fix GitLab social test	2017-11-09 07:19:01 +01:00
vmuzikar	b21d5bbf04	KEYCLOAK-5805 Fix tests in the 'other' module	2017-11-09 07:01:27 +01:00
mposolda	62a1c187a2	KEYCLOAK-5716 KEYCLOAK-5738 Avoid infinispan deadlock. Ensure code-to-token works correctly in cross-dc	2017-11-07 09:01:59 +01:00
Hynek Mlnarik	fe2f65daac	KEYCLOAK-5581 Fix SAML identity broker context serialization	2017-11-03 21:09:18 +01:00
vmuzikar	ef8adc15f4	KEYCLOAK-5720 Fix X.509 tests	2017-11-03 17:09:46 +01:00
Pedro Igor	3716fa44ac	[KEYCLOAK-5728] - Permission Claims support	2017-10-27 12:40:30 -02:00
Hynek Mlnařík	248da4687a	Merge pull request #4610 from hmlnarik/KEYCLOAK-5745-Extract-client-sessions-from-user-sessions ... KEYCLOAK-5745 Separate user and client sessions in infinispan	2017-10-26 13:09:06 +02:00
Hynek Mlnarik	75c354fd94	KEYCLOAK-5745 Separate user and client sessions in infinispan	2017-10-26 10:39:41 +02:00
Bill Burke	903a4dd849	Merge pull request #4612 from patriot1burke/master ... KEYCLOAK-5273	2017-10-25 13:54:32 -04:00
Bill Burke	de6eab6d5d	fix	2017-10-25 13:00:58 -04:00
Bill Burke	8c1a3253fb	KEYCLOAK-5273	2017-10-25 10:31:11 -04:00
Bruno Oliveira da Silva	375e01a074	KEYCLOAK-5278 (#4606)	2017-10-25 15:27:24 +02:00
Bill Burke	50ccb5e5f6	Merge pull request #4591 from abstractj/KEYCLOAK-5717 ... KEYCLOAK-5717	2017-10-24 17:38:28 -04:00
Pedro Igor	1840cc54e4	Merge pull request #4601 from pedroigor/KEYCLOAK-5726 ... [KEYCLOAK-5726] - Support define enforcement mode for scopes on the adapter config	2017-10-24 12:51:52 -02:00
Pedro Igor	80e9b08bb6	[KEYCLOAK-5726] - Tests for scopes-enforcement-mode ALL and ANY	2017-10-24 11:37:41 -02:00
Bruno Oliveira	4d762159ef	KEYCLOAK-5717	2017-10-24 10:55:02 -02:00
Hynek Mlnařík	8e0cc2a5ea	Merge pull request #4605 from mposolda/master ... KEYCLOAK-5710 Change cache-server to use backups based caches	2017-10-24 14:40:01 +02:00
Pedro Igor	a6e1413d58	[KEYCLOAK-5726] - Support define enforcement mode for scopes on the adapter configuration	2017-10-24 10:39:54 -02:00
Pavel Drozd	a4ec32ba66	Merge pull request #4602 from vramik/KEYCLOAK-5244 ... KEYCLOAK-5244 fix PasswordPolicyTest.testBlacklistPasswordPolicyWithT…	2017-10-24 14:17:35 +02:00
mposolda	9a19e95b60	KEYCLOAK-5710 Change cache-server to use backups based caches	2017-10-24 11:52:08 +02:00
Stan Silvert	9083e5fe5c	KEYCLOAK-5298: Enable autoescaping in Freemarker (#4561) ... * KEYCLOAK-5298: Enable autoescaping in Freemarker * Fix several of the failing tests. * Fix broken tests in integration-deprecated * Fix last failing test.	2017-10-23 12:03:00 -04:00
Stian Thorgersen	9b75b603e3	KEYCLOAK-5234 (#4585)	2017-10-23 16:13:22 +02:00