Commit graph

12270 commits

Author SHA1 Message Date
Stian Thorgersen
87cab778eb KEYCLOAK-11996 Authorization Endpoint does not return an error when a request includes a parameter more than once (#6696)
Co-authored-by: stianst <stianst@gmail.com>

Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2020-01-24 12:10:56 +01:00
Denis Richtárik
24c6e2ba08 KEYCLOAK-12742 Authentication -> WebAuthn Policy: Unable to delete the Acceptable AAGUIDS via the provided minus (-) button, once set (#6695) 2020-01-24 11:55:20 +01:00
Thomas Darimont
303861f7e8 KEYCLOAK-10003 Fix handling of request parameters for SMTP Connection Test
We now transfer the SMTP connection configuration via HTTP POST
request body parameters instead of URL parameters.
The improves handling of SMTP connection configuration values with
special characters. As a side effect sensitive information like SMTP
credentials are now longer exposed via URL parameters.

Previously the SMTP connection test send the connection parameters
as encoded URL parameters in combination with parameters in the request body.
However the server side endpoint did only look at the URL parameters.

Certain values, e.g. passwords with + or ; could lead to broken URL parameters.
2020-01-23 13:19:31 -06:00
Leon Graser
f1ddd5016f KEYCLOAK-11821 Add account api roles to the client on creation
Co-authored-by: stianst <stianst@gmail.com>
2020-01-23 13:10:04 -06:00
Martin Kanis
1fbee8134b KEYCLOAK-12697 Remove mvel2 from parent pom and licenses 2020-01-23 13:04:31 -06:00
Benjamin Weimer
dd9ad305ca KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with
following features

    * Regex support for claim values.
    * Support for multiple claims.
2020-01-23 07:17:22 -06:00
Stan Silvert
210fd92d23 KEYCLOAK-11550: Signing In page 2020-01-23 07:35:09 -05:00
Domenico Briganti
812b69af13 KEYCLOAK-9837 Not hide exception in email templating - clean code 2020-01-23 05:45:25 -06:00
Domenico Briganti
f07e08ef28 KEYCLOAK-9837 Not hide exception in email templating - Throws always an Exception 2020-01-23 05:45:25 -06:00
Domenico Briganti
476da4f276 KEYCLOAK-9837 Not hide exception in email templating 2020-01-23 05:45:25 -06:00
Peter Skopek
530b99c933 KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt
- do not swallow exception when decoding salt
2020-01-23 05:43:29 -06:00
Peter Skopek
b8a8f88764 KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt
- do not swallow exception when decoding salt
2020-01-23 05:43:29 -06:00
mposolda
f0d95da52d KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt 2020-01-23 05:43:29 -06:00
Captain-P-Goldfish
b90a0307ea Add certificate timestamp validation (#6330)
KEYCLOAK-11818 Add certificate timestamp validation
2020-01-22 20:53:06 +01:00
Vlasta Ramik
d6c5f79f2c KEYCLOAK-12236 NumberFormatException when starting container (#6689) 2020-01-22 20:44:23 +01:00
vramik
47d6d65bbb KEYCLOAK-12724 - workaround hibernate bug - set explicitly dialect for oracle version greater than 12 2020-01-22 18:34:11 +01:00
Denis Richtárik
8d312d748b KEYCLOAK-12163 Old account console: UI not updated after removing of TOTP (#6688) 2020-01-22 12:26:28 +01:00
Tomas Kyjovsky
36eba64f07 KEYCLOAK-12674 Performance degradation after upgrade to Keycloak 8 (#6685) 2020-01-21 19:43:25 +01:00
Tobias Oort
910324e4eb minor changes (punctuation, caps) 2020-01-20 06:51:08 -06:00
Tobias Oort
632925cc06 [i18n nl] Updated totpStep1 - removed a-href tags
A tags are not rendered as-is - they are escaped. This fixes html output as plaintext in the dutch translation.
2020-01-20 06:51:08 -06:00
Martin Kanis
89fc0e1fcc KEYCLOAK-12462 Align to EAP 7.3.0.CR3 2020-01-17 14:11:38 +01:00
vmuzikar
03306b87e8 KEYCLOAK-12125 Introduce SameSite attribute in cookies
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
Stan Silvert
922c9260a4 KEYCLOAK-12526: Fix when switch is displayed 2020-01-17 08:35:01 -03:00
vmuzikar
475ec6f3e4 Add tests for 'Always Display in Console' 2020-01-17 08:35:01 -03:00
Stan Silvert
568b1586a6 KEYCLOAK-12526: Add 'Always Display in Console' to admin console 2020-01-17 08:35:01 -03:00
Niko Köbler
648c6f811c KEYCLOAK-12705 add null checks for migration tasks to check wether the clients to migrate are available (#6666) 2020-01-17 10:10:16 +01:00
Martin Bartos RH
d3f6937a23 [KEYCLOAK-12426] Add username to the login form + ability to reset login 2020-01-17 09:40:13 +01:00
mposolda
85dc1b3653 KEYCLOAK-12426 Add username to the login form + ability to reset login - NOT DESIGN YET 2020-01-17 09:40:13 +01:00
Alex Szczuczko
3ac4992808 KEYCLOAK-12478 Remove all html and css files under keycloak-preview 2020-01-16 15:26:13 -05:00
Tomas Kyjovsky
05c428f6e7 KEYCLOAK-12295 After password reset, the new password has low priority (#6653) 2020-01-16 09:11:25 +01:00
k-tamura
562dc3ff8c KEYCLOAK-10659 Proxy authentication support for proxy-mappings 2020-01-15 13:29:54 +01:00
Martin Bartoš
5aab03d915 [KEYCLOAK-12184] Remove BACK button from login forms (#6657) 2020-01-15 12:25:37 +01:00
Axel Messinese
789e8c70ce KEYCLOAK-12630 full representation param for get groups by user endpoint 2020-01-15 10:14:52 +01:00
Axel Messinese
72aff51fca KEYCLOAK-12670 inconsistent param name full to briefRepresentation 2020-01-15 08:32:57 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector (#6591) 2020-01-14 21:54:45 +01:00
k-tamura
221aad9877 KEYCLOAK-11511 Improve exception handling of REST user creation 2020-01-14 13:34:34 +01:00
Andrei Arlou
b6a3fba6e3 KEYCLOAK-12568 Remove unused method from org.keycloak.saml.processing.core.saml.v2.factories.JBossSAMLAuthnResponseFactory 2020-01-14 13:21:29 +01:00
root
4cbe478129 Fix KEYCLOAK-10838, use bytesRead to make sure the output stream does not get padded with null bytes. 2020-01-14 13:20:10 +01:00
vramik
3b1bdb216a KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem 2020-01-14 13:17:13 +01:00
Martin Kanis
e1f8e5d08c KEYCLOAK-12462 Align to EAP 7.3.0.GA 2020-01-13 14:58:59 +01:00
mhajas
a79d6289de KEYCLOAK-11416 Fix nil AttributeValue handling 2020-01-10 12:47:09 +01:00
vramik
a2b3747d0e KEYCLOAK-7014 - Correctly handle null-values in UserAttributes 2020-01-10 12:44:52 +01:00
Martin Kanis
39fff1c538 KEYCLOAK-12513 Cannot instantiate WebAuthnCredentialProviderFactory with Jackson 2.10.0 2020-01-10 11:34:24 +01:00
Viswa Teja Nariboina
5082ed2fcb [ KEYCLOAK-12606 ] Passing email in login_hint query parameter during Identity brokering fails when an account already exists 2020-01-09 10:40:42 +01:00
Pedro Igor
03bbf77b35 [KEYCLOAK-12511] - Mapper not visible in client's mapper list 2020-01-09 10:25:06 +01:00
mposolda
fea7b4e031 KEYCLOAK-12424 SPNEGO / Kerberos sends multiple 401 responses with WWW-Authenticate: Negotiate header when kerberos token is invalid 2020-01-09 10:21:24 +01:00
Tom Billiet
0f8d988d58 [KEYCLOAK-12299] JWKS parsing: fallback to RS256 for RSA keys without alg field 2020-01-09 10:12:34 +01:00
Thomas Darimont
062cbf4e0a KEYCLOAK-9925 Use Client WebOrigins in UserInfoEndpoint
We now use the allowed WebOrigins configured for the client
for which the user info is requested.

Previously, Web Origins defined on the Client were not being recognized
by the /userinfo endpoint unless you apply the "Allowed Web Origins"
protocol mapper.
This was an inconsistency with how the Web Origins work compared
with the /token endpoint.
2020-01-09 10:10:59 +01:00
Bodo Graumann
65b674a131 KEYCLOAK-10818 Add hint about +, * in client CORS
The '+' in the allowed CORS origins does not replicate a '*' wildcard
from the Valid Redirect URIs. This information is now available in the
tooltip.

Also translated changed message into german.
2020-01-09 10:09:02 +01:00
Pedro Igor
dae212c035 [KEYCLOAK-12312] - Partial import of realm breaking access to client's service account roles 2020-01-09 10:06:32 +01:00