Sven-Torben Janus
c883c11e7e
KEYCLOAK-10158 Use PEM cert as X.509 user identity
...
Allows to use the full PEM encoded X.509 certificate from client cert
authentication as a user identity. Also allows to validate that user's
identity against LDAP in PEM (String and binary format). In addition,
a new custom attribute mapper allows to validate against LDAP when
certificate is stored in DER format (binay, Octet-String).
KEYCLOAK-10158 Allow lookup of certs in binary adn DER format from LDAP
2019-07-08 11:58:26 +02:00
Hynek Mlnarik
ca4e14fbfa
KEYCLOAK-7852 Use original NameId value in logout requests
2019-07-04 19:30:21 +02:00
Sebastian Laskawiec
b5d8f70cc7
KEYCLOAK-8224 Client not found error message
2019-07-03 18:34:56 +02:00
Asier Aguado
bed22b9b8d
[KEYCLOAK-10710] Make social providers compatible with OIDC UsernameTemplateMappers
2019-07-03 15:01:46 +02:00
rmartinc
bd5dec1830
KEYCLOAK-10112: Issues in loading offline session in a cluster environment during startup
2019-07-03 13:17:45 +02:00
Axel Messinese
b32d52e62b
KEYCLOAK-10750 Check if role exist on get user/group in role endpoint
2019-07-03 08:46:36 +02:00
Pedro Igor
0cdd23763c
[KEYCLOAK-10443] - Define a global decision strategy for resource servers
2019-07-02 09:14:37 -03:00
Jeroen ter Voorde
7518692c0d
[KEYCLOAK-10419] Added briefRepresentation parameter support to the admin client interface
...
And added a aquillian test for it.
2019-06-21 11:31:01 +02:00
Jeroen ter Voorde
a2099cff39
[KEYCLOAK-10419] Added support for briefRepresentation param on the GroupResource members endpoint.
2019-06-21 11:31:01 +02:00
k-tamura
542333a0dd
KEYCLOAK-10660 Fix internal server error when re-logging in from my resources page
2019-06-18 06:18:36 -03:00
Hisanobu Okuda
1ac51611d3
KEYCLOAK-10664 correct the error message when no SAML request provided
2019-06-18 08:47:35 +02:00
Pedro Igor
fdc0943a92
[KEYCLOAK-8060] - My Resources REST API
2019-06-11 14:23:26 -03:00
Pedro Igor
61eb94c674
[KEYCLOAK-8915] - Support resource type in authorization requests
2019-06-04 21:02:54 -03:00
Stefan Guilhen
40ec46b79b
[KEYCLOAK-8043] Allow prompt=none query parameter to be propagated to default IdP
2019-05-29 09:22:46 +02:00
Pedro Igor
e9ea1f0e36
[KEYCLOAK-10279] - Do not limit results when fetching resources
2019-05-28 15:35:29 -03:00
Ian Duffy
de0ee474dd
Review feedback
2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4
[KEYCLOAK-10230] Support for LDAP with Start TLS
...
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
2019-05-27 21:30:01 +02:00
vramik
d64f716a20
KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title
2019-05-20 09:51:04 +02:00
Sebastian Loesch
76a6e82173
Fix log message
...
Single quotes need to be represented by double single quotes throughout a String.
See: https://docs.oracle.com/javase/7/docs/api/java/text/MessageFormat.html
2019-05-15 15:33:43 +02:00
Kohei Tamura
8bee7ec542
KEYCLOAK-9983 - Fix the P3P header corruption in Japanese and Turkish ( #6006 )
2019-05-15 15:23:45 +02:00
Tomohiro Nagai
d593ac3e6f
KEYCLOAK-9711 REQUIRED authentictor in ALTERNATIVE subflow throws AuthenticationFlowException when the authentictor returns ATTEMPTED.
2019-05-15 12:45:50 +02:00
Hynek Mlnarik
b8aa1916d8
KEYCLOAK-10195 Fix role lookup to address roles with dots
2019-05-14 13:00:04 +02:00
Kohei Tamura
43bda455bc
KEYCLOAK-10106 - Fix typos in default scripts ( #6010 )
2019-05-07 10:20:04 +02:00
Stefan Guilhen
f1acdc000e
[KEYCLOAK-10168] Handle microprofile-jwt client scope migration
2019-05-06 15:14:27 -03:00
Jan Lieskovsky
9eb400262f
KEYCLOAK-6055 Include X.509 certificate data in audit logs
...
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2019-04-30 11:31:04 +02:00
Sebastian Loesch
96250c9685
[KEYCLOAK-9573] Allow AdminEvents for custom resource types
2019-04-26 09:57:28 +01:00
Hynek Mlnarik
65326ce16a
KEYCLOAK-9629 Update cookie type
2019-04-24 07:18:41 +01:00
Sebastian Loesch
43393220bf
Add X.509 authenticator option for canonical DN
...
Because the current distinguished name determination is security provider
dependent, a new authenticator option is added to use the canonical format
of the distinguished name, as descriped in
javax.security.auth.x500.X500Principal.getName(String format).
2019-04-23 21:04:18 +02:00
keycloak-bot
49d4e935cb
Set version to 7.0.0-SNAPSHOT
2019-04-17 09:48:07 +01:00
Bekh-Ivanov George
ebcfeb20a3
[KEYCLOAK-10020] - Add ability to request user-managed (ticket) permissions by name
2019-04-12 08:44:57 -03:00
Takashi Norimatsu
9b3e297cd0
KEYCLOAK-9756 PS256 algorithm support for token signing and validation
2019-04-09 20:52:02 +02:00
Francesco Degrassi
1bf19ada7e
KEYCLOAK-9825: keep existing refresh token on token exchange requiring refresh if new one not provided in response
2019-04-09 15:21:56 -03:00
Francesco Degrassi
5b78063dce
KEYCLOAK-6614: Support requesting refresh tokens from Google using access_type=offline
2019-04-08 15:06:03 -03:00
Stefan Guilhen
2fa2437555
KEYCLOAK-5613 Add built-in optional client scope for MicroProfile-JWT
2019-04-02 08:40:19 -03:00
Hisanobu Okuda
b44c86bd26
KEYCLOAK-9833 Large SSO Session Idle/SSO Session Max causes login failure
2019-03-27 11:42:40 +01:00
vramik
b7c5ca8b38
KEYCLOAK-8535 Inconsistent SAML Logout endpoint handling
2019-03-22 14:09:31 +01:00
Pedro Igor
d2275ca563
[KEYCLOAK-7939] - Startup logs warning instead of error when admin user already exists
2019-03-21 11:44:17 -03:00
mposolda
db271f7150
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication
2019-03-20 15:00:44 +01:00
Hynek Mlnarik
25c07f78bc
KEYCLOAK-9578 Fix typo in SAML attribute name format
2019-03-19 11:45:38 +01:00
Hynek Mlnarik
1c906c834b
KEYCLOAK-3373 Remove SAML IdP descriptor from client installation and publicize it in realm endpoint instead
2019-03-19 11:37:15 +01:00
fisache
a868b8b22a
[KEYCLOAK-9772] Permissions are duplicated
...
- when resource server is current user
2019-03-18 16:37:54 -03:00
stianst
8d42c9193b
KEYCLOAK-9838 Trim username in admin welcome page
2019-03-18 09:20:38 +01:00
vramik
3cc405b1c5
KEYCLOAK-8542 Remove resteasy workaround - KeycloakStringEntityFilter
2019-03-16 13:53:54 +01:00
mposolda
a48698caa3
KEYCLOAK-6056 Map user by Subject Alternative Name (otherName) when authenticating user with X509
2019-03-15 23:11:47 +01:00
Yaser Abouelenein
404ac1d050
KEYCLOAK-8701 changes needed to include x5c property in jwks
2019-03-15 06:01:15 +01:00
Axel Messinese
e18fb56389
KEYCLOAK-4978 Add endpoint to get groups by role
2019-03-15 06:00:17 +01:00
Corey McGregor
be77fd9459
KEYCLOAK-2339 Adding impersonator details to user session notes and supporting built-in protocol mappers.
2019-03-08 09:14:42 +01:00
rmartinc
231db059b2
KEYCLOAK-8996: Provide a way to set a responder certificate in OCSP/X509 Authenticator
2019-03-07 07:57:20 +01:00
keycloak-bot
e843d84f6e
Set version to 6.0.0-SNAPSHOT
2019-03-06 15:54:08 +01:00
Gilles
f295a2e303
[KEYCLOAK-3723] Fixed updated of protocol mappers within client updates in clients-registrations resource
2019-03-04 11:57:59 +01:00