Yoshiyuki Tabata
ad2f010976
KEYCLOAK-14145 OIDC support for Client "offline" session lifespan
2020-06-04 14:27:04 +02:00
Yoshiyuki Tabata
f03ee2ec98
KEYCLOAK-14145 OIDC support for Client "offline" session lifespan
2020-06-04 14:24:52 +02:00
Pedro Igor
82cfb8e821
[KEYCLOAK-11330] - Data and conf directory on distribution
2020-06-04 08:29:59 -03:00
Denis
8d6f8d0465
EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows
2020-06-04 08:08:52 +02:00
Alfredo Boullosa
2ddfc94495
KEYCLOAK-14115 Add a refresh to avoid failure
2020-06-03 20:13:08 -04:00
Pedro Igor
357982adf6
[KEYCLOAK-11330] - Initial changes to get testsuite working for Quarkus
2020-06-03 09:57:24 -03:00
Thomas Darimont
ddeaa6b3c4
KEYCLOAK-14359 Close InputStream in org.keycloak.common.Version
2020-06-03 14:54:05 +02:00
Peter Skopek
465e00ccbf
KEYCLOAK-14374 Add synchronization for 9.0.x branch
2020-06-03 14:43:19 +02:00
Pedro Igor
0870041b0b
[KEYCLOAK-14335] - Not initializing entity associations and removing bi-directional ones
...
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2020-06-02 11:31:10 -03:00
Jan Lieskovsky
a121f77ea4
[KEYCLOAK-12305] [Testsuite] Check LDAP federated user (in)valid
...
login(s) using various authentication methods, bind credential
types, and connection encryption mechanisms
The tests cover various possible combinations of the following:
* Authentication method: Anonymous or Simple (default),
* Bind credential: Secret (default) or Vault,
* Connection encryption: Plaintext (default), SSL, or startTLS
Also, ignore the StartTLS LDAP tests for now till KEYCLOAK-14343
& KEYCLOAK-14354 are corrected (due these issues they aren't
working with auth server Wildfly). They will be re-enabled later
via KEYCLOAK-14358 once possible
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-02 14:44:17 +02:00
Peter Skopek
01032b9bb5
KEYCLOAK-12273 add variable exclusions to avoid test failures
2020-06-02 11:22:18 +02:00
Andy Munro
0ddeec4e1e
KEYCLOAK-12273 update to the description of services and endpoints as suggested by Sebastian. Otherwise, I am done.
...
However, I still need input from Sebastian on technical accuracy.
2020-06-02 11:22:18 +02:00
Sebastian Laskawiec
8c12072a8c
KEYCLOAK-12273 Operator documentation
2020-06-02 11:22:18 +02:00
Pedro Igor
e8dc10b4a1
[KEYCLOAK-11330] - Properly handling POST formdata and UriInfo
2020-06-02 09:36:40 +02:00
stianst
90b29b0e31
KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy
2020-05-29 13:57:38 +02:00
Benjamin Weimer
4265fdcab2
KEYCLOAK-14318 Client Empty Root URL and relative Base URL is valid
2020-05-29 11:21:28 +02:00
Takashi Norimatsu
067ff33d26
KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support
2020-05-29 08:44:03 +02:00
Lars Uffmann
941daa4e0f
KEYCLOAK-10927 change parenthetical comments to "such as..."
2020-05-29 08:41:59 +02:00
Lars Uffmann
86f9e12e8e
KEYCLOAK-10927 update documentation
2020-05-29 08:41:59 +02:00
mposolda
7f8c4c89d3
KEYCLOAK-14270 Improve documentation for fullName LDAP mapper about fallback to username
2020-05-28 21:37:51 +02:00
Thomas Darimont
ac2bf88e5a
KEYCLOAK-13958 Document updating and regenerating a client secret with kcadm.sh
2020-05-28 20:36:32 +02:00
vmuzikar
f8dce7fc3e
KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies
2020-05-28 13:37:56 +02:00
Pedro Igor
ee83f8c16f
[KEYCLOAK-11679] - Creating keys right after master realm creation
2020-05-28 10:55:25 +02:00
Pedro Igor
b6060c52b7
[KEYCLOAK-11679] - Avoid reflection when handlign startup event
2020-05-27 08:17:12 +02:00
Thomas Darimont
e825ec24cb
KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow
...
Revised tests
2020-05-27 07:34:05 +02:00
Thomas Darimont
5a337d0376
KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow
...
Added missing test
2020-05-27 07:34:05 +02:00
Youssef El Houti
086bdd1700
add optional field at_hash to idToken when using Authorization Code flow since it improves performance and allows to follow the recommandation in RFC for clients to use hash for access_token validation
2020-05-27 07:34:05 +02:00
Pedro Igor
bc901d0025
[KEYCLOAK-14299] - Do not create keys during startup but on-demand
2020-05-26 15:13:26 -03:00
Torsten Juergeleit
6005503a3d
Namespace support to group-ldap-mapper
...
Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.
This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.
This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.
A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.
This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.
An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.
2020-05-26 17:37:29 +02:00
Andy Munro
c82e2796b8
KEYCLOAK-13978 Duplicate groups note
2020-05-26 17:08:21 +02:00
Pedro Igor
f15821fe69
[KEYCLOAK-11679] - Server startup on Quarkus
2020-05-26 08:34:07 -03:00
Hynek Mlnarik
7deb89caab
KEYCLOAK-10729 Do not serialize SAML signature
2020-05-25 15:38:17 +02:00
vmuzikar
e873c70374
KEYCLOAK-14236 Support for custom Firefox preferences
2020-05-22 09:24:41 -03:00
Stan Silvert
6a96576296
KEYCLOAK-14267: Update readme for New Account Console
2020-05-20 16:33:15 -04:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … ( #6962 )
...
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).
* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.
Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
2020-05-20 21:04:45 +02:00
Pedro Igor
cc776204f0
[KEYCLOAK-14264] - Temporary multi-database support
2020-05-20 16:38:28 +02:00
Denis
fd59bff36d
KEYCLOAK-14265 Typos in Authentication part of Keycloak Documentation
2020-05-20 16:34:42 +02:00
Denis
8c7b69fc9e
KEYCLOAK-13748 Create automated test for scenario with alternative subflow for credential reset
2020-05-20 14:06:53 +02:00
Stan Silvert
13d0491ff3
KEYCLOAK-14038: Re-allow special characters for Roles only
2020-05-20 07:53:23 -04:00
Takashi Norimatsu
c057b994e7
KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support
2020-05-20 09:01:59 +02:00
Pedro Igor
54db691b26
[KEYCLOAK-11784] - Quarkus Keycloak Application
2020-05-20 08:25:25 +02:00
mhajas
4b8c7dd7d7
KEYCLOAK-14048 Allow clock skew when testing refresh token actual expiration time
2020-05-20 08:12:54 +02:00
Tomas Kyjovsky
aa27bb5911
KEYCLOAK-14225 Performance testsuite DataLoader broken
...
- removing hardcoded `jackson.version` from performance testsuite pom
- moving `jackson.annotations.version` from performance testsuite pom to the root pom
2020-05-19 18:00:05 -03:00
mposolda
8797e5c4e5
KEYCLOAK-14244 Compilation error in latest master in LDAPStorageProvider
2020-05-19 21:34:53 +02:00
Takashi Norimatsu
be0ba79daa
KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS
2020-05-19 17:00:41 +02:00
mposolda
12d965abf3
KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP
2020-05-19 16:58:25 +02:00
mposolda
a891a567a5
KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP
2020-05-19 16:57:43 +02:00
Pedro Igor
68024396f1
[KEYCLOAK-11784] - Quarkus Extension
...
Co-authored-by: stianst <stianst@gmail.com>
2020-05-19 14:57:15 +02:00
Jared Jennings
91aaed6370
Update token-exchange.adoc
...
Token Exchange is no longer a draft, but an accepted RFC. Updated link to RFC.
2020-05-19 13:19:24 +02:00
Martin Kanis
6f43b58ccf
KEYCLOAK-14074 filterIdentityProviders compares providerId instead of alias
2020-05-19 09:46:21 +02:00