Commit graph

775 commits

Author SHA1 Message Date
Hynek Mlnarik
8c0c542f09 KEYCLOAK-16489 Add ability to run model tests with LDAP 2020-12-07 20:54:06 +01:00
Stefan Guilhen
edef93cd49 [KEYCLOAK-16232] Streamify the UserCredentialStore and UserCredentialManager interfaces 2020-12-07 19:48:35 +01:00
Stefan Guilhen
73d0bb34c4 [KEYCLOAK-16232] Replace usages of deprecated collection-based methods with the respective stream variants 2020-12-07 19:48:35 +01:00
Jan Lieskovsky
833bf98643 [KEYCLOAK-15692] Upgrade to Wildfly "21.0.1.Final"
Base fixes:
* [KEYCLOAK-15780]      Upgrade Keycloak to Wildfly 21.0.0.Beta1 / Wildfly Core 13.0.0.Beta6
* [KEYCLOAK-16031]      Upgrade Keycloak to Wildfly 21.0.0.Final / Wildfly Core 13.0.1.Final
* [KEYCLOAK-16442]      Upgrade Keycloak to Wildfly 21.0.1.Final / Wildfly Core 13.0.3.Final

Other (dependent) fixes:
* [KEYCLOAK-15408]      Deprecate former Wildfly and Wildfly Core versions in Arquillian's
                        testsuite pom.xml file as part of the upgrade script
* [KEYCLOAK-15442]      Update the version of 'jboss-parent' as part of the Wildfly upgrade
                        script if necessary
* [KEYCLOAK-15474]      Add --verbose and --force options to the Wildfly upgrade automated script
* [KEYCLOAK-15649]      Update "urn:jboss:domain:infinispan:10.0" version as part of the Wildfly
                        upgrade automated script
* [KEYCLOAK-15652]      Wildfly upgrade automated script - Align Python artifact version
                        comparsion algorithm with the Maven / Java one

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-11-26 09:25:29 +01:00
Hynek Mlnarik
5c2122d36f KEYCLOAK-16444 Initialize JAXP components consistently 2020-11-25 14:20:19 +01:00
Hynek Mlnarik
363df6cab4 KEYCLOAK-16405 Tests for storage logical layer 2020-11-25 12:16:48 +01:00
Stefan Guilhen
84df008bc2 [KEYCLOAK-16341] Make the new stream-based methods in server-spi user interfaces default instead of the collection-based versions.
- this ensures that providing implementation for the collection-based methods is enough, which preserves
   backwards compatibility with older custom implementations.
 - alternative interfaces now allow new implementations to focus on the stream variants of the query methods.
2020-11-18 21:07:51 +01:00
Pedro Igor
56574afbeb [KEYCLOAK-11330] - Fixing client and realm tests 2020-11-13 13:53:31 +01:00
Pedro Igor
7ad1c350a3 [KEYCLOAK-16245] - Update Quarkus 1.10.0.CR1 2020-11-12 13:21:08 -03:00
Martin Kanis
d9029b06b9 KEYCLOAK-15889 Streamification of ProtocolMappers 2020-11-10 16:40:34 +01:00
Stefan Guilhen
aa46735173 [KEYCLOAK-15200] Complement methods for accessing users with Stream variants 2020-11-10 15:13:11 +01:00
Takashi Norimatsu
a63814da67 KEYCLOAK-14201 Client Policy - Executor : Enforce Proof Key for Code Exchange (PKCE) 2020-11-09 08:18:05 +01:00
Takashi Norimatsu
6dc136dfc0 KEYCLOAK-14199 Client Policy - Executor : Enforce more secure client authentication method when client registration 2020-11-05 20:42:49 +01:00
Pedro Igor
2b9ee02adc [KEYCLOAK-11698] - Change context path of Keycloak to / for Keycloak.X 2020-11-02 15:25:11 -03:00
vramik
785f2e78bc KEYCLOAK-14977 create MapRoleProvider 2020-10-30 08:15:22 +01:00
Pedro Igor
b95ca30ec2 [KEYCLOAK-14255] - Minor fixes and improvements 2020-10-23 10:39:21 +02:00
stianst
da6f7d697f KEYCLOAK-11786 Include Keycloak.X preview dist in distribution 2020-10-23 08:46:13 +02:00
mhajas
4556e858ad KEYCLOAK-15522 Use AbstractStorageManager in UserStorageManager 2020-10-15 20:41:13 +02:00
Martin Kanis
086f7b4696 KEYCLOAK-15450 Complement methods for accessing realms with Stream variants 2020-10-14 08:16:49 +02:00
Hynek Mlnarik
ec39569970 KEYCLOAK-15928 Fix EAP 6 configuration directory 2020-10-13 17:12:29 +02:00
testn
269a72d672 KEYCLOAK-15184: Use static inner class where possible 2020-10-09 23:37:08 +02:00
mposolda
ff05072c16 KEYCLOAK-15770 Skip creating session for docker protocol authentication 2020-10-09 07:53:26 +02:00
Takashi Norimatsu
6596811d5d KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level 2020-09-25 08:31:14 +02:00
vmuzikar
bca73fd04a KEYCLOAK-15158 Javascript adapter init() is throwing a promise error after upgrade to 11 2020-09-22 10:56:46 -03:00
testn
2cd03569d6 KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader 2020-09-21 13:05:03 +02:00
Pedro Igor
0978d78a48 [KEYCLOAK-14255] - Initial changes to configuration 2020-09-16 20:03:52 +02:00
Martin Kanis
5d5e56dde3 KEYCLOAK-15199 Complement methods for accessing roles with Stream variants 2020-09-16 16:29:51 +02:00
vmuzikar
a9a719b88c KEYCLOAK-15270 Account REST API doesn't verify audience 2020-09-14 08:43:09 -03:00
Takashi Norimatsu
af2f18449b KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role 2020-09-10 18:34:19 +02:00
Martin Kanis
4e9bdd44f3 KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak 2020-09-07 13:11:55 +02:00
stianst
76f7fbb984 KEYCLOAK-14548 Add support for cached gzip encoding of resources 2020-09-07 00:58:47 -07:00
Takashi Norimatsu
1d8230d438 KEYCLOAK-14190 Client Policy - Condition : The way of creating/updating a client 2020-09-04 09:54:55 +02:00
Hynek Mlnarik
583fa07bc4 KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking 2020-09-01 20:40:38 +02:00
mhajas
bdccfef513 KEYCLOAK-14973 Create GroupStorageManager 2020-09-01 10:21:39 +02:00
Martin Kanis
d59a74c364 KEYCLOAK-15102 Complement methods for accessing groups with Stream variants 2020-08-28 20:56:10 +02:00
vramik
6b00633c47 KEYCLOAK-14812 Create RoleStorageManager 2020-07-31 15:11:25 -03:00
rmartinc
32bf50e037 KEYCLOAK-14336: LDAP group membership is not visible under "Users in Role" tab for users imported from LDAP 2020-07-30 16:19:22 +02:00
Dillon Sellars
25bb2e3ba2 KEYCLOAK-14529 Signed and Encrypted ID Token Support : RSA-OAEP-256 Key Management Algorithm 2020-07-30 15:20:51 +02:00
vramik
7f979ffbcf KEYCLOAK-14889 Create test for clientStorageProviderTimeout 2020-07-30 08:42:51 -03:00
Martin Kanis
feef5b4db2 KEYCLOAK-14220 Complement methods for accessing clients with Stream variants 2020-07-27 10:38:39 +02:00
Pedro Igor
d5348066cb [KEYCLOAK-14639] - Update ISPN schemas and how to run guide 2020-07-23 14:53:05 -03:00
keycloak-bot
afff0a5109 Set version to 12.0.0-SNAPSHOT 2020-07-22 14:36:15 +02:00
Hynek Mlnarik
c566b46e8f KEYCLOAK-14549 Make ClientProvider independent of RealmProvider
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Takashi Norimatsu
e0fbfa722e KEYCLOAK-14189 Client Policy : Basics 2020-07-21 07:50:08 +02:00
Jan Lieskovsky
969b09f530 [KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final"
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-07-20 22:15:08 +02:00
mhajas
93149d6b47 KEYCLOAK-14234 Adjust Adapter testsuite to work with app/auth.server.host including TLS configured 2020-07-20 11:22:16 +02:00
vmuzikar
7087c081f0 KEYCLOAK-14023 Instagram User Endpoint change
Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>
2020-07-10 17:36:51 -03:00
Pedro Igor
1db1deb066 [KEYCLOAK-13141] - Supporting re-augmentation 2020-07-10 11:04:46 -03:00
Pedro Igor
9c4da9b3ce [KEYCLOAK-14147] - Request filter refactoring
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2020-07-07 11:26:12 -03:00
Douglas Palmer
7247734a0f [KEYCLOAK-14379] Fix maven build order for app-server-eap6 profile 2020-07-03 22:47:27 +02:00
vmuzikar
001fe9eb11 KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked
Co-authored-by: mhajas <mhajas@redhat.com>
2020-06-30 17:11:20 -03:00
Martin Idel
05b6ef8327 KEYCLOAK-14536 Migrate UserModel fields to attributes
- In order to make lastName/firstName/email/username field
  configurable in profile
  we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)

Fix tests with logic changes

- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes

Potential impact on users:

- When subclassing UserModel, consistency issues may occur since one can
  now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Pedro Igor
337a751aaa [KEYCLOAK-11330] - Clustering tests for GA 2020-06-24 17:23:45 +02:00
vramik
753c21e9ef KEYCLOAK-14129 0 downtime upgrade test - eap 2020-06-23 19:37:45 +02:00
Pedro Igor
d331091c5e [KEYCLOAK-11330] - Quarkus tests 2020-06-17 17:20:55 +02:00
Pedro Igor
a8bad5b9bb [KEYCLOAK-11330] - Quarkus clustering tests 2020-06-16 10:07:24 -03:00
mhajas
5d1d75db40 KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration 2020-06-15 14:45:57 +02:00
Pedro Igor
e16f30d31f [KEYCLOAK-2343] - Allow exact user search by user attributes
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2020-06-10 12:02:50 -03:00
Pedro Igor
8142b9ad7f [KEYCLOAK-11330] - Fixing build when using empty repository 2020-06-10 08:03:18 -03:00
vramik
d63b3ceca4 KEYCLOAK-14141 0 downtime upgrade test 2020-06-10 12:45:34 +02:00
Pedro Igor
6ccde288a3 [KEYCLOAK-11330] - SSL Support 2020-06-09 08:43:52 +02:00
vmuzikar
f8dce7fc3e KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies 2020-05-28 13:37:56 +02:00
Torsten Juergeleit
6005503a3d Namespace support to group-ldap-mapper
Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.

This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.

This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.

A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.

This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.

An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.
2020-05-26 17:37:29 +02:00
Pedro Igor
35f622f48e [KEYCLOAK-11719] - Remove need for servlets/undertow from Quarkus dist
Co-authored-by: MatthewC <matthewc@backbase.com>
2020-05-13 09:28:58 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00
Martin Kanis
be28bfee1d KEYCLOAK-13636 Missing wildfly-dist in EAP 7.4.0.CD19 build 2020-04-28 08:55:42 -03:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
mposolda
821405e175 KEYCLOAK-10852 Inconsistency when using 'forgot password' after changing email directly in LDAP 2020-04-16 12:28:41 +02:00
vramik
52b67f6172 KEYCLOAK-13660 Patch installation is not performed with -Dauth.server.patch.zips 2020-04-02 10:35:07 +02:00
mposolda
6f62c0ed98 KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console 2020-03-27 13:29:55 +01:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
Stefan Guilhen
8c627fdb20 [KEYCLOAK-13036] Fix KeycloakElytronCSVaultTest failures on IBM JDK
- credential store is generated on the fly for the test, avoiding incompatibilities between implementations of keystores
2020-03-17 17:07:55 +01:00
mposolda
72e4690248 KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage 2020-03-11 12:51:56 +01:00
mposolda
803f398dba KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage 2020-03-11 12:51:56 +01:00
Pedro Igor
b7a395a3ef [KEYCLOAK-11345] - Test basic features of Keycloak.X with current tetsuite 2020-03-10 15:59:35 +01:00
vramik
83461d033b KEYCLOAK-11808 update testsuite to use current jdbc driver version for migration testing 2020-03-09 15:05:12 +01:00
Sebastian Schuster
99aba33980 KEYCLOAK-13163 Fixed searching for user with fine-grained permissions 2020-03-09 09:56:13 -03:00
vramik
e2bd99e9e4 KEYCLOAK-13097 fix UserStorageTest - add cleanup after test 2020-02-27 10:46:38 +01:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn (#6780)
* KEYCLOAK-12958 Preview feature profile for WebAuthn

* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server

* KEYCLOAK-12958 WebAuthn profile product/project

Co-authored-by: Marek Posolda <mposolda@gmail.com>
2020-02-26 08:45:26 +01:00
Thomas Darimont
67ddd3b0eb KEYCLOAK-12926 Improve Locale based message lookup
We now consider intermediate Locales when performing a Locale based
ResourceBundle lookup, before using an Locale.ENGLISH fallback.

Co-authored-by: stianst <stianst@gmail.com>
2020-02-18 08:43:46 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
mposolda
a76c496c23 KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users 2020-02-14 20:24:42 +01:00
Pedro Igor
7efaf9869a [KEYCLOAK-12864] - OIDCIdentityProvider with Reverse Proxy 2020-02-13 15:01:10 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … (#6668) 2020-02-03 19:23:30 +01:00
vmuzikar
03306b87e8 KEYCLOAK-12125 Introduce SameSite attribute in cookies
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
Martin Kanis
e1f8e5d08c KEYCLOAK-12462 Align to EAP 7.3.0.GA 2020-01-13 14:58:59 +01:00
vramik
419d9c6351 KEYCLOAK-11597 Remote testing changes + possibility to exclude tests for specific auth server
Co-Authored-By: <mhajas@redhat.com>
2020-01-06 14:29:36 +01:00
Stefan Guilhen
9f69386a53 [KEYCLOAK-11707] Add support for Elytron credential store vault
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
 - Introduces an abstract provider and factory that unifies code that is common to the existing implementations
 - Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
   and key names when constructing the vault entry id
 - Introduces a keyResolvers property to the existing implementation via superclass that allows for the
   configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
   are tried in the order they were declared when retrieving a secret from the vault
 - Adds more tests for the files-plaintext provider using the new key resolvers
 - Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
   needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb [KEYCLOAK-12254] Fix re-evaluation of conditional flow (#6558) 2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9 [KEYCLOAK-11859] Added option to always display a client in the accounts console 2019-12-17 17:12:49 -03:00
vramik
c3d80651bf KEYCLOAK-12473 Add possibility to specify length of event detail when storing to database 2019-12-17 17:15:50 +01:00
Dmitry Telegin
e2144d6aec KEYCLOAK-12175 - Platform SPI 2019-12-09 09:55:04 +01:00
stianst
30e024a3c9 KEYCLOAK-12167 Remove need for Arquillian deployment to load test classes 2019-12-06 12:46:08 +01:00
Cristian Schuszter
5c7ce775cf KEYCLOAK-11472 Pagination support for clients
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
Martin Kanis
685d49c693 KEYCLOAK-11967 Violation of UNIQUE KEY constraint SIBLING_NAMES (#6485) 2019-11-26 16:00:50 +01:00
Dmitry Telegin
79074aa380 KEYCLOAK-12162 Modularize config backends (#6499)
* KEYCLOAK-12162 - Modularize configuration backends

* - Use JsonSerialization
- simplify backend selection (no fallbacks)

* Remove unused org.wildfly.core:wildfly-controller dependency
2019-11-22 15:23:04 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459)
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Martin Kanis
25511d4dbf KEYCLOAK-9651 Wrong ECDSA signature R and S encoding 2019-11-13 15:32:51 +01:00
mhajas
b74f69c5ac KEYCLOAK-11779 Make feature controller which takes care of enabling/disabling features including restarting container if needed 2019-11-07 09:35:11 +01:00
Martin Bartoš
e3d755fe9d KEYCLOAK-11729: ExtendingThemeTest is failing with auth-server-wildfly (#6410) 2019-11-04 11:27:03 +01:00
Takashi Norimatsu
1905260eac KEYCLOAK-11251 ES256 or PS256 support for Client Authentication by Signed JWT (#6414) 2019-10-24 17:58:54 +02:00
vramik
5c56a8493b KEYCLOAK-11568 Some properties are not propagated if specified via command line 2019-10-10 10:25:48 -03:00
Pedro Igor
f0fb48fb76 [KEYCLOAK-11326] - Refactoring to support different versions of resteasy 2019-10-09 12:01:34 +02:00
Pedro Igor
a2e98b57f4 [KEYCLOAK-11326] - Refactoring to use types from JAX-RS API 2019-10-09 12:01:34 +02:00
vramik
b1697a5e71 KEYCLOAK-11069 auth-server-remote tests 2019-09-30 10:29:51 +02:00
mhajas
37b7b595a5 KEYCLOAK-11410 Do not throw exception in PlaintextVaultProvider if unconfigured 2019-09-19 14:56:19 +02:00
Cédric Couralet
9c37da0ee9 KEYCLOAK-8818 Support message bundle in theme resources 2019-09-11 08:03:16 +02:00
mhajas
2703388946 KEYCLOAK-11245 Adapt LDAPConnectionTestManager to use newly introduced LDAPContextManager 2019-09-10 22:51:19 +02:00
mhajas
9c2525ec1a KEYCLOAK-11245 Use transcription object for LDAP bindCredential 2019-09-09 19:39:53 +02:00
Martin Kanis
4235422798 KEYCLOAK-11246 Use the transcription object for SMTP password 2019-09-09 13:27:11 +02:00
Hynek Mlnarik
9eb2e1d845 KEYCLOAK-11028 Use pessimistic locks to prevent DB deadlock when deleting objects 2019-09-09 10:57:49 +02:00
Martin Kanis
b1be6c2bdd KEYCLOAK-11247 Use the transcription object for Identity providers password 2019-09-06 15:29:11 +02:00
Pedro Igor
a1d8850373 [KEYCLOAK-7416] - Device Activity 2019-09-05 11:43:27 -03:00
Stefan Guilhen
bb9c811a65 [KEYCLOAK-10935] Add a vault transcriber implementation that can be obtained from the session.
- automatically parses ${vault.<KEY>} expressions to obtain the key that contains the secret in the vault.
 - enchances the capabilities of the VaultProvider by offering methods to convert the raw secrets into other types.
2019-09-04 22:34:08 +02:00
Niko Köbler
49e9cd759b KEYCLOAK-10734 Let the check-sso feature do the check in hidden iframe 2019-08-20 15:41:09 -03:00
Takashi Norimatsu
8225157a1c KEYCLOAK-6768 Signed and Encrypted ID Token Support 2019-08-15 15:57:35 +02:00
Martin Bartos RH
b18d88a37b [KEYCLOAK-10066] Merge Preview Features Test: OpenshiftClientStorage 2019-07-30 14:20:54 +02:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Hynek Mlnarik
3d4283fac9 KEYCLOAK-9987 Upgrade to Wildfly17
Co-Authored-By: hmlnarik <hmlnarik@redhat.com>
2019-07-16 08:05:46 +02:00
Steeve Beroard
fc9a0e1766 [KEYCLOAK-8104] Keycloak SAML Adapter does not support clockSkew configuration
Co-Authored-By: vramik <vramik@redhat.com>
2019-07-15 13:08:52 +02:00
rmartinc
6d6db1f3e5 KEYCLOAK-10345: OCSP validation fails if there is no intermediate CA in the client certificate 2019-07-12 15:16:00 +02:00
mposolda
5f9feee3f8 KEYCLOAK-9846 Verifying signatures on CRL during X509 authentication 2019-07-08 20:20:38 +02:00
vramik
d245287320 KEYCLOAK-9598 Apache Tomcat adapter 2019-06-14 10:09:13 +02:00
mposolda
a980629e66 KEYCLOAK-10295 Tweaks for MariaDB testing in docker container 2019-05-24 12:52:55 +02:00
mposolda
c77c061b47 KEYCLOAK-10291 Tweaks for MySQL docker testing. 2019-05-21 20:13:20 +02:00
vmuzikar
39b2136acb KEYCLOAK-10337 Default value for product.unpacked.folder.name 2019-05-21 09:52:24 -03:00
vramik
1928fa3fb9 KEYCLOAK-10268 adapt configure.xml for windows 2019-05-20 12:38:12 +02:00
Sebastian Loesch
96250c9685 [KEYCLOAK-9573] Allow AdminEvents for custom resource types 2019-04-26 09:57:28 +01:00
Tomas Kyjovsky
6ffe14c8e1 KEYCLOAK-10117 Testsuite module "App Server - EAP" doesn't build with default parameters 2019-04-24 14:29:51 +02:00
mposolda
7a671052a3 KEYCLOAK-9988 Fix unstable UserSessionPersisterOfflineTest.testExpired. Adding ResetTimeOffsetEvent 2019-04-23 20:58:37 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
Martin Bartos RH
a6e53b3f1c KEYCLOAK-10063 Merge preview features test: ClientTokenExchangeTest 2019-04-16 12:49:54 +02:00
Sebastian Laskawiec
0042726dd8 KEYCLOAK-9601 KEYCLOAK-9602 Jetty 8.1 and 9.1 removal
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-04-16 11:21:29 +02:00
vramik
e2d69632e9 KEYCLOAK-10004 refactor fuse adapter tests 2019-04-16 10:11:27 +02:00
Takashi Norimatsu
9b3e297cd0 KEYCLOAK-9756 PS256 algorithm support for token signing and validation 2019-04-09 20:52:02 +02:00
Sebastian Laskawiec
2e7f717e50 KEYCLOAK-9536 DB Allocator Plugin 2019-04-08 09:06:19 +02:00
mhajas
c6bd293d25 KEYCLOAK-9893 Use SSL in EAP6, add / to url for EAP6 deployment 2019-03-27 14:02:03 +01:00
mposolda
db271f7150 KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-20 15:00:44 +01:00
vramik
3cc405b1c5 KEYCLOAK-8542 Remove resteasy workaround - KeycloakStringEntityFilter 2019-03-16 13:53:54 +01:00
mposolda
a48698caa3 KEYCLOAK-6056 Map user by Subject Alternative Name (otherName) when authenticating user with X509 2019-03-15 23:11:47 +01:00
vramik
cf35a4648b KEYCLOAK-9780 Replace XSLT transformations by ant/CLI scripts 2019-03-15 22:18:09 +01:00
Grzegorz Grzybek
79c4d797db KEYCLOAK-9646 Fix itests for Fuse 7.3
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2019-03-15 12:58:17 +01:00
rmartinc
2602c222cd KEYCLOAK-4640: LDAP memberships are being replaced instead of being added or deleted 2019-03-14 18:40:15 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
mhajas
8a750c7fca KEYCLOAK-6750 Adapt Tomcat adapter tests to new structure 2019-03-06 08:57:46 +01:00
Sebastian Laskawiec
406097a508 KEYCLOAK-6749 Jetty App Server 2019-03-05 15:21:48 +01:00
vramik
845275ef0f KEYCLOAK-9624 support for legacy driver for migration tests 2019-03-05 09:30:31 +01:00
mposolda
89d0c51e13 KEYCLOAK-3159 Migrate federation package from old testsuite 2019-03-04 13:37:12 +01:00
Hynek Mlnarik
37ef47d6ab KEYCLOAK-9509 Upgrade to Wildfly 15
KEYCLOAK-9584 Update Wildfly Arquillian version

KEYCLOAK-9581: Fix CookiePathTests

KEYCLOAK-9607 CLI sripts and configuration files update

KEYCLOAK-9580 Fix component registration error

KEYCLOAK-9590 Update JDG to newest version

* Infinispan is using whatever version is set in root pom.xml.

KEYCLOAK-9509 Fix Undertow tests

Co-Authored-By: vramik <vramik@redhat.com>
Co-Authored-By: sebastienblanc <scm.blanc@gmail.com>
2019-02-25 08:56:46 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
mposolda
e4d4159743 KEYCLOAK-9586 Fix cluster tests. Fix cross-dc tests on embedded undertow 2019-02-20 19:11:38 +01:00
Sebastian Laskawiec
ee41a0450f KEYCLOAK-8349 KEYCLOAK-8659 Use TLS for all tests in the suite 2019-02-08 08:57:48 -02:00
vramik
08e258c0de KEYCLOAK-9269 fix SAMLAdapterClusterTest for EAP6 2019-01-17 17:27:39 +01:00
vramik
c4a46a5591 KEYCLOAK-7677 KEYCLOAK-7723 fix version collision of httpclient
Co-authored-by: Pedro Igor <psilva@redhat.com>
2019-01-10 17:45:41 -02:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
vramik
59bbd82a1a KEYCLOAK-9018 add namespaces to add-hawtio.xsl to fix EAP6Fuse6HawtioAdapterTest 2018-12-06 19:14:46 +01:00
vmuzikar
3e48fa1dbc KEYCLOAK-9023 Add support for Java 11 to the testsuite 2018-12-06 11:47:00 +01:00
vmuzikar
f52d7bef76 KEYCLOAK-9025 Respect app.server.java.home while installing adapters 2018-12-06 11:46:39 +01:00
Hynek Mlnarik
00e0ba8633 KEYCLOAK-8940 Stabilize SessionsPreloadCrossDCTest.loginFailuresPreloadTest 2018-12-04 14:27:57 +01:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
vramik
4b50fdb404 KEYCLOAK-8955 adapter installation fails on windows - edit logging 2018-12-04 13:50:55 +01:00
vramik
1c46b8936f KEYCLOAK-8994 Update eap71.version in testsuite 2018-12-04 08:59:04 +01:00
vramik
5ad929b9ee KEYCLOAK-8955 adapter installation fails on windows - eap7 2018-11-29 10:18:58 +01:00
Pedro Igor
91637120ee [KEYCLOAK-5052] - LDAP group names containing / in the name violates SIBILING_NAME constraint in db 2018-11-23 08:48:08 -02:00
vramik
abd6e560ac KEYCLOAK-8914 add missing dependency - keycloak-saml-servlet-filter-adapter 2018-11-22 11:29:22 +01:00
vramik
55f90ff09f KEYCLOAK-8837 Adapt TS to be able to test migration from 7.2.5.GA (instead from 7.2.0.GA) 2018-11-19 18:06:33 +01:00
Takashi Norimatsu
0793234c19 KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603)
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

also support client signed signature verification by refactored token
verification mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

incorporate feedbacks and refactor client public key loading mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

unsigned request object not allowed

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

revert to re-support "none"
2018-11-19 14:28:32 +01:00
mposolda
0533782d90 KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB 2018-11-16 14:23:28 +01:00
vramik
22d8fb17f5 KEYCLOAK-8771 add jboss-jsp-api_2.3_spec dependency to app-server-undertow 2018-11-14 22:34:14 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
mposolda
0897d969b1 KEYCLOAK-7340 2018-11-14 20:09:22 +01:00
Hynek Mlnarik
7703d81389 KEYCLOAK-7421 Support SAML cluster logout for Elytron SAML adapter 2018-11-09 21:06:50 +01:00
mhajas
6d04247947 KEYCLOAK-8047 Make Photoz tests great: run them on undertow + make them
stable
2018-11-09 12:45:38 +01:00
vramik
560d76b7ee KEYCLOAK-6748 undertow saml adapter tests 2018-11-06 21:17:07 +01:00
scranen
0c6b20e862 [KEYCLOAK-4342] Make adapter state cookie path configurable 2018-11-06 10:28:06 -02:00
mposolda
9652748ba9 KEYCLOAK-8484 Remove audience client scope template 2018-10-31 11:11:02 +01:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
mposolda
4483677cdd KEYCLOAK-8529 Fix most of adapter tests on EAP6 2018-10-12 12:01:33 +02:00
Mark True
28b6e4dd5b cleaning up to do PR 2018-10-08 09:16:53 +02:00
mposolda
2a4cee6044 KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers 2018-10-04 12:00:38 +02:00
Pedro Igor
b4b3527df7 [KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups 2018-10-02 15:44:23 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
vramik
24b7d080af KEYCLOAK-8268 unify fuse70 and fuse71 modules into fuse7x module 2018-09-20 10:27:17 +02:00
wyvie
01051016f5 [KEYCLOAK-8185] add clear method to exportimport resource 2018-09-13 11:54:28 +02:00
stianst
bf758809ba KEYCLOAK-6229 OpenShift Token Review interface 2018-09-07 08:21:28 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
mposolda
f0ba8f6591 KEYCLOAK-8139 Added wildfly-deprecated module for adapters testing. Remove wildfly9 and wildfly10 2018-09-03 08:56:09 +02:00
mhajas
ccba07a5c0 KEYCLOAK-7213 Make example tests running on app-server-undertow 2018-08-29 13:13:06 +02:00
mposolda
e4d05a7852 KEYCLOAK-8127 Added support for app-server-eap71. Make sure ConsoleProtectionTest is executed just for app-server-eap71 2018-08-27 12:52:53 +02:00
mposolda
6fc99cd749 KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
mposolda
575851d45c KEYCLOAK-6038 Kerberos cross-realm trust test 2018-08-10 13:31:36 +02:00
Martin Kanis
ee8c35a48e KEYCLOAK-6119 Create CI job for Postgres with schema 2018-08-08 08:57:11 +02:00
Hynek Mlnarik
fb58214fcc KEYCLOAK-7994 Move examples to test-apps 2018-08-08 08:55:38 +02:00
mposolda
27719565ae KEYCLOAK-4298 Migrate LDAP tests to the new testsuite 2018-08-06 12:08:19 +02:00
Hynek Mlnarik
65030e2c73 KEYCLOAK-7993 Fix failing Fuse 7 tests 2018-08-06 08:22:30 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
Hynek Mlnarik
26bf7f251d KEYCLOAK-7888 Update Fuse adapter examples to new CXF registration 2018-07-19 15:22:42 +02:00
vramik
54fcbf12b0 KEYCLOAK-7666 - adapter tests - eap6-fuse6 provider 2018-07-18 13:46:56 +02:00
vramik
401a347f6f KEYCLOAK-7817 Update eap6.version in testsuite 2018-07-11 15:28:33 +02:00
rmartinc
4a82979792 KEYCLOAK-1925: SAML adapter multitenant support 2018-07-10 13:21:11 +02:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
vramik
8a37395760 KEYCLOAK-7722 Move eap6 specific config files to its module 2018-07-04 08:56:24 +02:00
vramik
c97e7e720e KEYCLOAK-7550 - adapter tests - Fuse7.1 provider 2018-06-28 16:24:02 +02:00
vramik
591093f867 KEYCLOAK-7730 - revert OSGiApplicationArchiveProcessor moved into fuse app servers 2018-06-28 10:22:25 -03:00
vramik
9039b44f4d KEYCLOAK-7718 DemoFilterServletAdapterTest test not configured correctly 2018-06-28 09:33:52 -03:00
vramik
8ac7bda52c KEYCLOAK-7589 - adapter tests - Fuse7.0 provider 2018-06-28 08:45:02 +02:00
vramik
39cbf4e9ab KEYCLOAK-7588 - adapter tests - Fuse6.3 provider 2018-06-26 16:47:01 +02:00
vramik
8fdadcc596 KEYCLOAK-7475 adapter tests - add Wildfly10 and Wildfly9 providers 2018-06-25 14:31:11 +02:00
vramik
d9f79fae79 KEYCLOAK-7510 Add Support for server specific ArchiveProcessor 2018-06-22 11:38:57 +02:00
Hynek Mlnarik
530a710dce KEYCLOAK-7412 Tests for Fuse 7.0 2018-06-22 08:59:44 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
vramik
f19a324030 KEYCLOAK-7587 Some system properties are not included 2018-06-12 11:42:10 +02:00
vramik
9e42be09d7 KEYCLOAK-7517 - adapter tests - EAP6 provider 2018-06-11 13:46:59 +02:00
vramik
7d466be94e KEYCLOAK-6541 rename AppServerContainerSPI to AppServerContainerProvider 2018-06-11 13:46:59 +02:00
vramik
a5c0cbc3b4 KEYCLOAK-7473 app-server-eap provider 2018-06-11 13:46:59 +02:00
vramik
bb5dc4c473 KEYCLOAK-6745 Adapter tests - remove abstract adapter test classes 2018-06-11 13:46:59 +02:00
vramik
132386f64d KEYCLOAK-6541 app server wildfly provider 2018-06-11 13:46:59 +02:00
vramik
b0c89d739b KEYCLOAK-6541 app server undertow support 2018-06-11 13:46:59 +02:00
vramik
6a07a7ed2c KEYCLOAK-6541 base changes 2018-06-11 13:46:59 +02:00
vramik
f293ab86c3 KEYCLOAK-7267 change a way how to install adapters in testsuite from online to offline scripts 2018-06-11 13:46:59 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076)
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Vlasta Ramik
4d1474afe0 KEYCLOAK-7549 Update artifactId according to latest Fuse7 build (#5253) 2018-06-08 15:15:34 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353
[KEYCLOAK-7353] Support Policy Management in Protection API
2018-06-07 11:05:49 -03:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Tomas Kyjovsky
1b4d9a6147 KEYCLOAK-7440 Modcluster configuration for functional cluster test is broken 2018-06-06 20:40:50 +02:00
Takashi Norimatsu
c586c63533 KEYCLOAK-6771 Holder of Key mechanism
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
2018-06-05 08:18:29 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
vramik
99119562bb KEYCLOAK-7312 removed as7, wf8 test modules 2018-05-14 09:10:05 +02:00
mhajas
3ced81a2c2 KEYCLOAK-7315 Fix issues in JavascriptAdapter tests (#5193)
more in issue KEYCLOAK-7315
2018-05-07 14:47:56 -04:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
vramik
81918713dd KEYCLOAK-6744 Adapter tests - set container based on property 2018-05-02 13:52:59 +02:00
vramik
8b5fd2b4ac KEYCLOAK-7091 fuse7 testsuite 2018-04-25 14:35:56 +02:00
mhajas
9ed221b168 KEYCLOAK-6873 Fix jboss cli script for removing elytron subsystem 2018-04-06 17:07:17 +02:00
mhajas
70b3f6bd92 KEYCLOAK-6840 Remove untracked file and unpack js adapter directly to testsuite provider target directory (#5133) 2018-04-06 11:47:10 +02:00
mhajas
5022015e4a KEYCLOAK-6836 Fix adding log level for adapters on EAP6 (#5132) 2018-04-06 11:46:03 +02:00
Bill Burke
06f32a47ec fake browser tests 2018-03-30 08:24:30 -04:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Pedro Igor
f824582aac
Merge pull request #5009 from pedroigor/KEYCLOAK-6116
[KEYCLOAK-6116] - Get email attribute from 'subject alternative name' using X509 certificate
2018-03-12 09:58:02 -03:00
Hynek Mlnarik
190771ddf1 KEYCLOAK-6783 Add authentication into cross-dc testing 2018-03-09 15:08:55 +01:00
pedroigor
1f13427dee [KEYCLOAK-6116] - Enabling tests for both jboss servers 2018-03-09 10:56:35 -03:00
pedroigor
6aee573e2e [KEYCLOAK-6116] - Tests for X509 Subject Alternative Name Extension 2018-03-09 10:56:35 -03:00
pedroigor
c5c285abc3 [KEYCLOAK-6116] - Adding a OpenSSL CA Authority for testing 2018-03-09 10:56:35 -03:00
vramik
569f26776e KEYCLOAK-5060 KEYCLOAK-3157 migrated Adapter package from old testsuite 2018-03-02 10:56:26 +01:00
vmuzikar
d70e4740fc KEYCLOAK-6693 Support external truststore in testsuite 2018-02-27 07:45:21 +01:00
mhajas
e2ad59a74d KEYCLOAK-4816 KEYCLOAK-4817 Move javascript tests to base testsuite and (#4964)
* KEYCLOAK-4816 KEYCLOAK-4817 Move javascript tests to base testsuite and
use JavascriptExecutor

* Use PhantomJS 2.1.1 instead of 1.9.8 in Travis CI
2018-02-26 10:49:05 +01:00
stianst
505cf5b251 KEYCLOAK-6519 Theme resource provider 2018-02-09 08:28:59 +01:00
Bill Burke
a571781240 hynek db changes 2018-01-30 17:00:55 -05:00
Bill Burke
4a044fe867 add ofline token test 2018-01-29 17:08:13 -05:00
Bill Burke
79f9de9de4 Merge remote-tracking branch 'upstream/master' into client-storage-spi 2018-01-29 12:28:26 -05:00
Bill Burke
1d8e38f0c6 admin console 2018-01-27 13:05:02 -05:00
Bill Burke
6b84b9b4b6 done 1st iteration 2018-01-27 09:47:16 -05:00
mhajas
f0511c5f51 KEYCLOAK-6392 Install elytron adapter on windows 2018-01-26 11:21:53 +01:00
Bill Burke
a9297df89c KEYCLOAK-6335 2018-01-23 12:09:49 -05:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Hynek Mlnarik
2a2e6c839b KEYCLOAK-5635 2017-12-13 21:07:46 +01:00
mposolda
b8416dfa3e KEYCLOAK-5981 Test Impersonation works when authenticationSession exists 2017-12-12 09:43:34 +01:00
mhajas
10219c1157 KEYCLOAK-6005 Fail build when adapters installation fails 2017-12-08 13:32:44 +01:00
mposolda
6c34b4c418 KEYCLOAK-5914 Periodic clean of detached client sessions 2017-12-05 08:25:30 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
vramik
6bb04617a6 KEYCLOAK-5802 fix install-adapters.sh script for wildfly10 and below 2017-11-30 12:58:11 +01:00
Martin Kanis
603052c594 KEYCLOAK-5883 Deploy testsuite during product build 2017-11-30 10:50:06 +01:00
stianst
2be78a0239 KEYCLOAK-5924 Add error handler for uncaught errors 2017-11-30 10:33:13 +01:00
Pavel Drozd
4408cdb5c7
Merge pull request #4756 from tkyjovsk/KEYCLOAK-5922
KEYCLOAK-5922 Cluster tests don't work with non-undertow server
2017-11-30 09:24:39 +01:00
Hynek Mlnarik
9cae8b79e4 KEYCLOAK-5908 Fix relay configuration 2017-11-29 22:22:35 +01:00
Tomas Kyjovsky
4240295af9 KEYCLOAK-5922 Cluster tests don't work with non-undertow server 2017-11-28 17:35:13 +01:00
vramik
02220558e6 KEYCLOAK-5705 add missing dependency to module.xml for mssql migration server 2017-11-22 14:09:01 +01:00
mposolda
bd1072d2eb KEYCLOAK-5747 Ensure refreshToken doesn't need to send request to the other DC. Other fixes and polishing 2017-11-22 11:55:12 +01:00
vramik
afd906b9a9 KEYCLOAK-5705 add missing dependency to module.xml for mssql in eap module 2017-11-21 21:51:19 +01:00
vramik
c083c1c4cf KEYCLOAK-5873 set DB_CLOSE_ON_EXIT to false when crossdc tests are run on in memory H2 2017-11-21 21:46:59 +01:00
mposolda
a98f085be6 KEYCLOAK-5618 Fix SessionsPreloadCrossDCTest. Update HOW-TO-RUN docs. Ensure it's executed in travis. 2017-11-09 17:39:04 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
mposolda
62a1c187a2 KEYCLOAK-5716 KEYCLOAK-5738 Avoid infinispan deadlock. Ensure code-to-token works correctly in cross-dc 2017-11-07 09:01:59 +01:00
Pedro Igor
081ad09ed8 Merge pull request #4619 from pedroigor/KEYCLOAK-4901
[KEYCLOAK-4901] - Reviewing methods on provider spi
2017-10-26 15:33:09 -03:00
Pedro Igor
a70cab502c [KEYCLOAK-4901] - Reviewing methods on provider spis 2017-10-26 13:39:57 -02:00
Tomas Kyjovsky
a45a2acc4c KEYCLOAK-5691 Galera cluster, full testsuite 2017-10-26 15:27:57 +02:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
mposolda
9a19e95b60 KEYCLOAK-5710 Change cache-server to use backups based caches 2017-10-24 11:52:08 +02:00
Stan Silvert
9083e5fe5c KEYCLOAK-5298: Enable autoescaping in Freemarker (#4561)
* KEYCLOAK-5298: Enable autoescaping in Freemarker

* Fix several of the failing tests.

* Fix broken tests in integration-deprecated

* Fix last failing test.
2017-10-23 12:03:00 -04:00
vramik
25d785df02 KEYCLOAK-5705 add missing dependency to module.xml for mssql 2017-10-20 12:56:51 +02:00
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
Hynek Mlnarik
056ba75a72 KEYCLOAK-5656 Use standard infinispan remote-store 2017-10-16 21:49:42 +02:00
mposolda
1874820008 KEYCLOAK-5371 Fix ConcurrentLoginCrossDCTest.concurrentLoginWithRandomDcFailures 2017-10-11 13:02:55 +02:00
Hynek Mlnarik
fe972ce12b KEYCLOAK-5656 Remove remoteServers configuration option 2017-10-09 11:58:28 +02:00
Hynek Mlnarik
6cbfbeca0b KEYCLOAK-5656 Remove KeycloakTcpTransportFactory 2017-10-06 13:20:17 +02:00
mposolda
bca4c35708 KEYCLOAK-5371 Fix ActionTokenCrossDCTest and BruteForceCrossDCTest 2017-10-04 13:25:45 +02:00
Hynek Mlnařík
9aa4c3cf22 Merge pull request #4530 from vramik/KEYCLOAK-5586
KEYCLOAK-5586 crossdc tests on Wildfly using real database
2017-10-04 13:10:08 +02:00
vramik
b0a1550df5 KEYCLOAK-5586 crossdc tests on Wildfly using real database 2017-10-04 12:00:18 +02:00
Pavel Drozd
8e5db87b50 Merge pull request #4505 from mhajas/KEYCLOAK-5568
KEYCLOAK-5568 Run ConsoleProtection tests only with elytron
2017-10-04 08:02:31 +02:00
vramik
f806d4a5d6 KEYCLOAK-5586 Add support for testing cross dc tests on jboss-based containers 2017-10-03 14:01:45 +02:00
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
mhajas
efb43682a9 KEYCLOAK-5568 Run ConsoleProtection tests only with elytron 2017-09-27 17:45:20 +02:00
Antonio Howcroft Ferreira
a551195ddf KEYCLOAK-2035 update with feedback from PR by bburke 2017-09-22 15:05:49 +01:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
mhajas
330cb022eb KEYCLOAK-5320 Configure SSL using creaper 2017-09-08 13:19:48 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnarik
794c508b10 KEYCLOAK-4995 Support for distributed SAML logout in cross DC 2017-08-28 13:15:11 +02:00
mposolda
05c8c74c96 KEYCLOAK-5294 Updated README for cross-dc setup on Wildfly 2017-08-25 17:53:45 +02:00