libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
7038 commits 4 branches 5 tags 483 MiB
Commit graph

1546 commits

Author SHA1 Message Date
mposolda
c10a005997 KEYCLOAK-3290 UserInfoEndpoint error responses don't have correct statuses 2016-07-08 12:15:07 +02:00
mposolda
4dd28c0adf KEYCLOAK-3221 Tokens should be invalidated if an attempt to reuse code is made 2016-07-08 11:04:08 +02:00
Bill Burke
bdc57d57c1 Merge pull request #3008 from patriot1burke/master 
new User Fed SPI initial iteration
 2016-07-07 14:56:38 -04:00
mposolda
a7c9e71490 KEYCLOAK-3218 Support for max_age OIDC authRequest parameter and support for auth_time in IDToken 2016-07-07 17:04:32 +02:00
Bill Burke
0040d3fc3b Merge remote-tracking branch 'upstream/master' 2016-07-07 10:35:45 -04:00
Bill Burke
7e5a5f79cf fixes for new user fed spi 2016-07-07 10:35:35 -04:00
Marek Posolda
7a161cc8bb Merge pull request #3005 from mposolda/KEYCLOAK-3217 
KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request sec…
 2016-07-07 13:49:43 +02:00
Marek Posolda
c5e8a010dc Merge pull request #3004 from mposolda/KEYCLOAK-3147 
KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter
 2016-07-07 13:49:34 +02:00
mposolda
56e09bf189 KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter 2016-07-07 12:46:36 +02:00
mposolda
7aafbcd5d9 KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request secured with Bearer header 2016-07-07 12:28:25 +02:00
Stan Silvert
a231c1b31b RHSSO-296: Required Action "Configure Totp" should be "Configure OTP" 2016-07-05 15:07:52 -04:00
Stian Thorgersen
7cfee80e58 KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header 2016-07-05 08:26:26 +02:00
Stian Thorgersen
435cdb6180 Merge pull request #2994 from wadahiro/KEYCLOAK-3259 
KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files
 2016-07-04 19:25:03 +02:00
Hiroyuki Wada
00cb0a798a KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files 2016-07-04 19:46:00 +09:00
Stan Silvert
d90a708ceb RHSSO-274: "Undefined" as auth flow execution 2016-07-01 10:25:14 -04:00
Stian Thorgersen
fa312fb3db Merge pull request #2979 from cainj13/localeNpeFix 
make locale retrieval null-safe
 2016-07-01 12:33:36 +02:00
Bill Burke
3f1eecc4be Merge remote-tracking branch 'upstream/master' 2016-06-30 16:47:55 -04:00
Bill Burke
3ba3be877e fixes 2016-06-30 16:47:49 -04:00
Pedro Igor
01f3dddd91 Adding a column to list policies associated with a permission. 2016-06-30 10:26:05 -03:00
Pedro Igor
afa9471c7c [KEYCLOAK-3128] - Admin Client Authorization Endpoints 2016-06-30 10:26:05 -03:00
Bill Burke
a9f6948d74 Merge remote-tracking branch 'upstream/master' 2016-06-29 15:37:32 -04:00
Bill Burke
f51098c50b user fed refactor 2016-06-29 15:37:22 -04:00
Pedro Igor
8b0bf503c3 [KEYCLOAK-3172] - Migrating older versions with authorization services. 2016-06-29 12:07:49 -03:00
Josh Cain
ec402f759b make locale retrieval null-safe 2016-06-28 13:25:48 -05:00
Stian Thorgersen
2e2f34d94e Merge pull request #2957 from pedroigor/authz-changes 
Changes to authz examples and some minor improvements
 2016-06-23 07:49:47 +02:00
Pedro Igor
074a312fe5 Renaming authorization attributes. 2016-06-22 17:20:50 -03:00
Pedro Igor
f48288865b [KEYCLOAK-3156] - Missing CORS when responding with denies 2016-06-22 14:39:07 -03:00
Pedro Igor
905421a292 [KEYCLOAK-3152] - Keycloak Authorization JS Adapter 2016-06-22 14:28:02 -03:00
mposolda
f7a2ad021e KEYCLOAK-3141 Fix DB2 and some other DB issues 2016-06-22 17:06:55 +02:00
mposolda
5c731b4d14 KEYCLOAK-3149 DB update triggered before DBLock is retrieved 2016-06-21 17:14:25 +02:00
Pedro Igor
8402cedd82 Merge pull request #2946 from pedroigor/KEYCLOAK-3130 
[KEYCLOAK-3130] - Permission checks to authorization admin endpoints
 2016-06-21 10:50:29 -03:00
Erik Mulder
f4ead484de KEYCLOAK-2474 Possibility to add custom SPI and extend the data model 2016-06-20 10:56:33 +02:00
Pedro Igor
dd279dd0fd [KEYCLOAK-3130] - Permission checks to authorization admin endpoints 2016-06-17 15:27:42 -03:00
Stian Thorgersen
3c0f7e2ee2 Merge pull request #2617 from pedroigor/KEYCLOAK-2753 
[KEYCLOAK-2753] - Fine-grained Authorization Services
 2016-06-17 13:40:15 +02:00
Pedro Igor
086c29112a [KEYCLOAK-2753] - Fine-grained Authorization Services 2016-06-17 02:07:34 -03:00
Stian Thorgersen
e538394e60 KEYCLOAK-3091 Change brute force to use userId 2016-06-13 15:30:13 +02:00
mposolda
1510ac5eb4 KEYCLOAK-3105 Can't access single realm with the admin user from master realm 2016-06-13 12:09:11 +02:00
Stian Thorgersen
1c694b4795 Merge pull request #2921 from thomasdarimont/issue/KEYCLOAK-3054-fix-npe-on-unknown-protocol-adjustment 
KEYCLOAK-3054: Use string format for log message
 2016-06-08 07:08:05 +02:00
Stian Thorgersen
819c42dad2 Merge pull request #2918 from chameleon82/issue/KEYCLOAK-3089-email-subject-internationalization 
KEYCLOAK-3089 Change email subject encoding to utf-8/base64
 2016-06-08 07:07:37 +02:00
Некрасов Александр Сергеевич
7bdccc21b2 KEYCLOAK-3089 Change email subject encoding to utf-8 2016-06-08 09:10:39 +06:00
Thomas Darimont
a9f461bfd1 KEYCLOAK-3054: Use string format for log message 
Need to use log.debugf(..) to correctly resolve the %s placeholder.
 2016-06-07 21:56:04 +02:00
Thomas Darimont
67a63a806e KEYCLOAK-3054: Fix potential NPE in RealmsResource 
Prior to PR .well-known Endpoint threw NPE with if unknown
Protocol was provided.
 2016-06-07 08:29:23 +02:00
Некрасов Александр Сергеевич
5474496867 KEYCLOAK-3089 Change email subject encoding to utf-8/base64 2016-06-07 09:11:46 +06:00
Bill Burke
4c9a0b45d4 Merge pull request #2229 from thomasdarimont/issue/KEYCLOAK-2489-script-based-authenticator-definitions 
KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
 2016-06-05 11:12:05 -04:00
Bill Burke
b3f3449e39 Merge pull request #2810 from thomasdarimont/issue/KEYCLOAK-2974-handle-ModelException-in-UsersResource 
KEYCLOAK-2974: Handle ModelException in UsersResource
 2016-06-05 11:06:32 -04:00
Thomas Darimont
a2d1c8313d KEYCLOAK-3081: Add client mapper to map user roles to token 
Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token.
Each protocol mapper supports to use a prefix string that is prepended to each role name.

 The client role protocol mapper can specify from which client the roles should be considered.
 Composite Roles are resolved recursively.

Background:
Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures.
In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure
(e.g. comma separated list) as a top-level  (ID/Access) Token attribute that can easily be matched with a regex.

In order to differentiate between client specific roles and realm roles it is possible to configure
both separately to be able to use the same role names with different contexts rendered as separate token attributes.
 2016-06-03 15:52:58 +02:00
Stian Thorgersen
8fab2f0718 KEYCLOAK-3066 
Uploaded Realm Certificate is not validated
 2016-06-01 15:12:21 +02:00
Stian Thorgersen
2343e517c9 Merge pull request #2891 from pedroigor/KEYCLOAK-2894 
[KEYCLOAK-2894] - Fixing saml signature validation
 2016-05-26 16:57:13 +02:00
Pedro Igor
60f954a497 [KEYCLOAK-2894] - Fixing saml signature validation 2016-05-26 10:48:30 -03:00
mposolda
882dbc3f25 KEYCLOAK-3006 Fix admin event inconsistencies related to roles (points 1,3,4,15,16 from JIRA) 2016-05-25 23:18:01 +02:00