Commit graph

734 commits

Author SHA1 Message Date
Helder Alves
541063f2ce KEYCLOAK-14940 refresh expired idtoken 2020-08-03 16:08:21 -03:00
Thomas Darimont
6806dfa4d3 KEYCLOAK-13721 Allow to configure host and port of callbackserver in KeycloakInstalled adapter 2020-07-29 10:00:36 +02:00
Gregor Tudan
5255336be2 Keycloak-14726 - release connections after fetching the OIDC-Config 2020-07-28 12:58:27 -03:00
Dan Manastireanu
1441e5d6f8 fix: Fix regex replacement for underscore and minus in parseToken. Closes #KEYCLOAK-14917 2020-07-28 10:39:45 -03:00
Alex Szczuczko
c7867c4c0d KEYCLOAK-14875 Enable path cache when maxAge is -1, or greater than 0 2020-07-28 10:13:12 -03:00
keycloak-bot
afff0a5109 Set version to 12.0.0-SNAPSHOT 2020-07-22 14:36:15 +02:00
Jan Lieskovsky
969b09f530 [KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final"
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-07-20 22:15:08 +02:00
Jon Koops
098446b070 KEYCLOAK-14652 Align custom adapter example with documentation 2020-07-08 09:32:16 -03:00
Thoralf Rickert-Wendt
541bc5124f switching to required=false 2020-07-06 11:47:41 -03:00
Thoralf Rickert-Wendt
0dd196e02a Fixing issue https://issues.redhat.com/browse/KEYCLOAK-14520 2020-07-06 11:47:41 -03:00
Christian Lutz
6abae8bccc KEYCLOAK-13807 Fix switch parameter order of mapping and url in registerConstraintMapping 2020-07-03 11:35:24 +02:00
vmuzikar
001fe9eb11 KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked
Co-authored-by: mhajas <mhajas@redhat.com>
2020-06-30 17:11:20 -03:00
Simon Legner
3c0ecefacc fix(keycloak.d.ts): class cannot extend interface 2020-06-22 13:22:35 -04:00
Jon Koops
c0744daa5b KEYCLOAK-14496 Use KeycloakAdapter interface for 'adapter' option
Also improves documentation by adding more details and an explicit example on how to use the interface.
2020-06-18 18:09:19 -03:00
Jon Koops
6dde131609 KEYCLOAK-13739 Add missing type definition for register options 2020-06-17 15:26:15 -04:00
Douglas Palmer
33863ba161 KEYCLOAK-10162 Usage of ObjectInputStream without checking the object types
Co-authored-by: mposolda <mposolda@gmail.com>
2020-06-08 13:12:08 +02:00
spurreiter
6332ed42c0 KEYCLOAK-13940 remove duplicated urlsafe decoding 2020-05-08 15:18:56 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
Pedro Igor
2e54ebda76 [KEYCLOAK-13579] - Ignore exceptions when shutting down loopback server 2020-04-29 12:33:35 +02:00
Luke Nadur
74c379c3df [KEYCLOAK-13586] Fix typos related to QueryParamterTokenRequestAuthenticator 2020-04-21 21:14:03 +02:00
Jon Koops
9f3b847817 KEYCLOAK-13714 Add missing type definition for logout options 2020-04-21 11:31:16 +02:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
Pedro Igor
acfbdf6b0e [KEYCLOAK-13187] - Concurrency issue when refreshing tokens and updating security context state 2020-04-16 12:25:42 +02:00
stianst
1f02f87a6e KEYCLOAK-13565 Add support for kc_action to keycloak.js
Co-authored-by mhajas <mhajas@redhat.com>
2020-04-14 19:23:56 +02:00
mhajas
10d92a01a6 KEYCLOAK-13577 Remove property from child class since parents class contains it 2020-03-26 09:55:52 -03:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
Pedro Igor
84d099e48f [KEYCLOAK-11282] - Properly resolve config resolver
Co-authored-by: mhajas <mhajas@redhat.com>
2020-03-17 15:49:00 +01:00
Laure-Emmanuelle Issler
967ff939ec KEYCLOAK-13026 Set path of OAuth_Token_Request_State cookie to / 2020-03-05 16:21:24 +01:00
Pedro Igor
30b07a1ff5 [KEYCLOAK-13175] - Setting the enforcement mode when fetching lazily fetching resources 2020-03-05 13:31:21 +01:00
Jon Koops
c1bf183998 KEYCLOAK-9346 Add new KeycloakPromise to support native promises
Co-authored-by: mhajas <mhajas@redhat.com>
2020-03-04 08:53:35 +01:00
Thomas Kuestermann
8ed355a5fe KEYCLOAK-12749 single worker/IO thread, use OAUTH2 constants 2020-03-03 12:39:19 -03:00
Thomas Kuestermann
22555371d8 KEYCLOAK-12749 fix "invalid state" error due to IE requesting favicon
Internet Explorer occasionally requests a favicon before doing the
actual redirect to localhost. This commit adds Undertow to properly
handle those unwanted requests.
2020-03-03 12:39:19 -03:00
mhajas
8061aa5217 KEYCLOAK-13161 Use iterator instead of for-each loop in ClientCredentialsProviderUtils 2020-02-28 16:22:03 +01:00
Erik Jan de Wit
8297c0c878 KEYCLOAK-11155 split on first '=' instead of all 2020-02-27 09:12:51 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
stianst
42773592ca KEYCLOAK-9632 Improve handling of user locale 2020-02-14 08:32:20 +01:00
Pedro Igor
da0e2aaa12 [KEYCLOAK-12897] - Policy enforcer should just deny when beare is invalid 2020-02-07 15:04:45 +01:00
Sebastian Laskawiec
9b2e7f6e2c KEYCLOAK-12650 Fix NullPointerException when creating HttpClient 2020-02-05 15:52:33 +01:00
mhajas
fc7b769b6e KEYCLOAK-6817 Ignore SniSSLSocketFactory exception for IBM jdk 2020-01-31 09:08:44 +01:00
Pedro Igor
2a82ed6eea [KEYCLOAK-9402] - 401 response when enforcement mode is DISABLED 2020-01-30 11:09:32 +01:00
Takashi Norimatsu
993ba3179c KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT (#6633) 2020-01-28 14:55:48 +01:00
vmuzikar
03306b87e8 KEYCLOAK-12125 Introduce SameSite attribute in cookies
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
Pedro Igor
c596647241 [KEYCLOAK-11712] - Request body not buffered when using body CIP in Undertow 2020-01-09 10:02:18 +01:00
Michael Thirion
44ab3f46b7 [KEYCLOAK-6008] - Spring Boot does not honour wildcard auth-role (#6579) 2019-12-24 19:06:55 -03:00
Asbjørn Dyhrberg Thegler
1162455f32 KEYCLOAK-10894 Adds a ready indicating promise
This is non-intrusive and backwards compatible. With this change it is possible
to `await keycloakAuthorization.ready` to make sure the component has been
properly initialized.
2019-12-24 18:33:20 -03:00
Pedro Igor
e316e2a2f0 [KEYCLOAK-8616] - Process requests only if a deployment can be resolved 2019-12-20 13:33:12 +01:00
Pedro Igor
3bd193acd7 [KEYCLOAK-12412] - Policy enforcer should consider charset when comparing the content-type of the request 2019-12-19 14:14:33 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
scranen
2d3f771b70 Cookie token store not working in Spring Security adapter
Co-authored-by: scranen <scranen@gmail.com>
Co-authored-by: rainerfrey <frey.rainer@gmail.com>
Co-authored-by: pedroigor <pigor.craveiro@gmail.com>
2019-11-13 16:54:45 +01:00
Andrei Arlou
df5cdea1e8 KEYCLOAK-12006 Use diamond operator in module adapters/oidc/as7-eap6 2019-11-13 09:54:10 +01:00
Andrei Arlou
dca8835fbc KEYCLOAK-12008 Fix minor warnings in module adapters/oidc/installed 2019-11-13 09:35:49 +01:00
Andrei Arlou
7f1de02ca0 KEYCLOAK-11994 Fix minor warnings in module in adapters/oidc/adapter-core 2019-11-11 09:49:13 +01:00
Andrei Arlou
066cdb7dec KEYCLOAK-11993 Remove unused import and use diamond operator for collection in module adapters/oidc/adapter-core 2019-11-11 09:42:12 +01:00
Leonid Rozenblyum
a4edb083c3 KEYCLOAK-6752, KEYCLOAK-6565
Fixed missing deployment after deserialization.
Other adapters already have logic for filling in deployment when it's
missing in the context, Spring Security adapter lacked that feature.

The solution is based on an attachment
https://issues.jboss.org/secure/attachment/12431091/FixKeycloakSecurityContextRequestFilter.java
from https://issues.jboss.org/browse/KEYCLOAK-6565
2019-11-08 11:51:27 -03:00
Jon Koops
5281a38cf7 [KEYCLOAK-11771] Add missing type definitions for config 2019-11-08 10:36:04 -03:00
Jon Koops
913056b2b2 [KEYCLOAK-11971] Remove credentials option from configuration 2019-11-08 11:36:18 +01:00
sebastienblanc
263a64ef0a add a legacy shaded adapters jar for spring boot 1 2019-11-07 13:58:20 +01:00
Stian Thorgersen
f14f92ab0b KEYCLOAK-6073 Make adapters use discovery endpoint for URLs instead of hardcoding (#6412) 2019-11-06 10:34:35 +01:00
Peter Skopek
d0386dab85 KEYCLOAK-8785 remove k_version endpoint (#6428) 2019-11-05 11:35:55 +01:00
Douglas Palmer
a32c8c5190 [KEYCLOAK-11185] Fixed build with JDK 11 2019-11-04 10:56:07 -03:00
Leonid Rozenblyum
61561968ed KEYCLOAK-10266 Allows proper handling of Single Sign Out events.
It was incorrectly relying on web application listeners on session
destruction.
While it's used as a Spring Bean (declared in
KeycloakWebSecurityConfigurerAdapter) so it has to use Spring-based
facility.
See also https://lists.jboss.org/pipermail/keycloak-user/2016-March/005479.html
2019-10-30 15:47:45 +01:00
Peter Sönder
68fa37b4cd [KEYCLOAK-11765] Changed to jdk7 compliant code 2019-10-29 13:35:22 +01:00
Peter Sönder
6c83b36360 Do not log when failure.getError is blank/empty
Sometimes the error message is blank, which results in an empty error line getting logged. 
Since the catch always logs "failed to turn code into token" and "status from server: " + failure.getStatus() (on separate lines) this extra blank line is simply noise in the log.
2019-10-29 13:35:22 +01:00
Denis Richtárik
6bf1e8a9a7 KEYCLOAK-9979 Remove keycloak-servlet-oauth-client (#6423) 2019-10-24 17:28:41 +02:00
mhajas
ac71ee9633 KEYCLOAK-11081 Include jetty94 adapter to product build 2019-10-23 15:53:37 +02:00
Martin Reinhardt
21a62a2670 [KEYCLOAK-6376] Reorganize imports and revert pom changes 2019-10-21 10:41:04 +02:00
Martin Reinhardt
eed4449f8d [KEYCLOAK-6376] Fixing Conditional OTP by reusing existing API for role checks 2019-10-21 10:41:04 +02:00
Phil Brown
85ead8b38a KEYCLOAK-11740:
Fix debug message that does not properly handle single quotes
according to java.text.MessageFormat, which in turn causes the
replacement to not be handled.

Signed-off-by: Phil Brown <brownp@stellarscience.com>
2019-10-17 13:02:03 +02:00
stianst
ceeb087dbd KEYCLOAK-8938 TypeError: kc.login(...).success is not a function 2019-10-16 17:57:18 +02:00
stianst
7866a6cff3 Playing with Travis 2019-10-09 10:10:20 +02:00
Jon Koops
bc5b4de79e [KEYCLOAK-11435] Log deprecation warning for usage of non-native Promises 2019-10-03 10:55:22 -04:00
Jon Koops
ff77b549ec [KEYCLOAK-11193] Change 'disableLogging' to 'enableLogging' and default to false 2019-09-24 10:31:02 -03:00
Jon Koops
0b9c6192a3 KEYCLOAK-11193 Allow JavaScript logging to be disabled 2019-09-19 07:09:32 -03:00
Karel Hala
f8e4ccd57a KEYCLOAK-11195 Add module loading to dependencies
Use window global libraries for AMD
2019-09-13 14:47:45 -03:00
jferrer
97fccd6d50 KEYCLOAK-10910 login function now uses promise type specified in init 2019-09-06 15:24:31 -04:00
Jon Koops
c902896ab6 KEYCLOAK-11196 Document the type for the useNonce option 2019-08-30 14:34:20 -04:00
Jon Koops
2d465df94d KEYCLOAK-11194 Remove dead code from JavaScript adapter 2019-08-30 14:32:54 -04:00
Niko Köbler
49e9cd759b KEYCLOAK-10734 Let the check-sso feature do the check in hidden iframe 2019-08-20 15:41:09 -03:00
Martin Kanis
75d2ec8ff6 KEYCLOAK-11012 Unable to install EAP6 adapter 2019-08-16 12:44:50 +02:00
Valeran86
b0d0d3e579 [KEYCLOAK-10849] - KeycloakRole equals only with itself
I use Keycloak Spring Adapter (KSA) to secure existing application. Today I realized that some functions didn't work anymore because of security checking like this:
```
GrantedAuthority adminRole = new MySpecialGrantedAuthority( "superadmin" );
for ( GrantedAuthority role : userRoles ) {
        if ( role.equals( adminRole ) ) {
          return true;
        }
      }
```
In this example, when I use KSA authorization fails.
I believe, that more preferable in `KeycloakRole` use this implementation of `equals` method.
2019-08-16 05:20:03 -03:00
Takashi Norimatsu
8225157a1c KEYCLOAK-6768 Signed and Encrypted ID Token Support 2019-08-15 15:57:35 +02:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Hynek Mlnarik
67f8622d13 KEYCLOAK-8318 Workaround Elytron's double encoding of the query parameters
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-07-19 14:37:38 +02:00
Stefan Guilhen
ceaae7a254 [KEYCLOAK-10384] Add equals and hashCode to KeycloakUndertowAccount, SamlPrincipal and SamlSession to avoid cache misses in the PicketBox JAAS auth manager 2019-07-18 21:08:22 +02:00
kuan
1c5f7c1420 Update KeycloakTokenParsed definition.
To match KeycloakInstance's realm access and resources access.
2019-07-17 15:29:34 -04:00
Hynek Mlnarik
3d4283fac9 KEYCLOAK-9987 Upgrade to Wildfly17
Co-Authored-By: hmlnarik <hmlnarik@redhat.com>
2019-07-16 08:05:46 +02:00
Pedro Igor
9215957bd0 Revert "KeycloakRole equals only with itself"
This reverts commit 2899375614.
2019-07-09 09:05:20 -03:00
Valeran86
2899375614 KeycloakRole equals only with itself
I use Keycloak Spring Adapter (KSA) to secure existing application. Today I realized that some functions didn't work anymore because of security checking like this:
```
GrantedAuthority adminRole = new MySpecialGrantedAuthority( "superadmin" );
for ( GrantedAuthority role : userRoles ) {
        if ( role.equals( adminRole ) ) {
          return true;
        }
      }
```
In this example, when I use KSA authorization fails.
I believe, that more preferable in `KeycloakRole` use this implementation of `equals` method.
2019-07-08 14:33:03 -03:00
Thomas Darimont
53d0db80c3 KEYCLOAK-10313 Only use PKCE if enable-pkce is configured for KeycloakInstalled adapter
Users who want to use PKCE support with the KeycloakInstalled adapter need to set the property
``"enable-pkce": true` in the adapter configuration / `keycloak.json`.
2019-07-03 08:49:55 +02:00
Thomas Darimont
8bd48391ca KEYCLOAK-10313 Add PKCE support to KeycloakInstalled Adpater
This adds PKCE support for Desktop Apps as
a followup to KEYCLOAK-1033 #6047.
2019-07-03 08:49:55 +02:00
vramik
d245287320 KEYCLOAK-9598 Apache Tomcat adapter 2019-06-14 10:09:13 +02:00
mhajas
12d351ae97 KEYCLOAK-10595 Make KeycloakSpringBootConfigResolver Spring bean 2019-06-14 09:41:56 +02:00
Sebastian Laskawiec
e739344556 KEYCLOAK-9640 Unify surefire versions 2019-06-13 13:26:49 +02:00
Nils Christian Ehmke
a58a0e7678 [KEYCLOAK-10334] Keycloak Spring Boot Adapter shares configuration in static field
Signed-off-by: Nils Christian Ehmke <nils-christian.ehmke@bmiag.de>
2019-06-04 07:13:13 -03:00
Pedro Igor
803e44dcb1 [KEYCLOAK-10422] - Code challenge only sent when options object argument is passed to login method 2019-05-29 15:09:01 -03:00
Thomas Darimont
2825619243 KEYCLOAK-1033 Add PKCE support for JS Adapter
This adds support for the "S256" code_challenge_method to the JS Adapter.
Note that the method "plain" was deliberately left out as is not recommended
to be used in new applications.

Note that this PR includes two libraries:
- [base64-js]{@link https://github.com/beatgammit/base64-js}
- [js-sha256]{@link https://github.com/emn178/js-sha256}

`base64-js` is needed for cross-browser support for decoding the
Uint8ArrayBuffer returned by `crypto.getRandomValues` to a PKCE
compatible base64 string.

`js-sha256` library is required because the `crypto.subtle.digest`
support is not available for all browsers.

The PKCE codeVerifier is stored in the callbackStore of the JS Adapter.

Note: This PR is based on #5255 which got messed up during a rebase.
2019-05-29 15:40:16 +02:00
Pedro Igor
e9ea1f0e36 [KEYCLOAK-10279] - Do not limit results when fetching resources 2019-05-28 15:35:29 -03:00
vramik
9a5b85910a KEYCLOAK-9599 Remove Wildfly 8 adapter 2019-05-28 14:28:09 +02:00
vramik
3bbab225c8 KEYCLOAK-9596 Remove Apache Tomcat 6.0.x adapter 2019-05-28 12:00:19 +02:00
Alan Balbo
0a67e0a89e KEYCLOAK-10097 Fix register method in javascript adatper for cordova 2019-05-24 08:49:10 -04:00
Sergio Livi
80932c07a2 KEYCLOAK-10071 check isNaN for minValidity 2019-05-20 09:18:40 -04:00
Jonas Kello
96f13e15ca Add CompatPromise conditional type 2019-05-15 07:42:06 -04:00
mhajas
429863e83b KEYCLOAK-9095 Fix NPE in AuthenticatedActionsHandler 2019-05-02 13:03:06 +02:00
Martin Kanis
e5092bb617 KEYCLOAK-10090 Fix alignment for CD 6 release in PNC 2019-04-18 09:13:02 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
Sebastian Laskawiec
0042726dd8 KEYCLOAK-9601 KEYCLOAK-9602 Jetty 8.1 and 9.1 removal
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-04-16 11:21:29 +02:00
Anders Rønning
3f7d32d1ae KEYCLOAK-10026: Add missing TypeScript definition for init options 2019-04-15 07:46:05 -04:00
Pedro Igor
c8970c95d5 [KEYCLOAK-10015] - CIP not properly resolving objects from JSON request body 2019-04-11 18:19:43 -03:00
mhajas
5b47df8979 KEYCLOAK-10013 Do not reject tokens with issuedAt == notBefore 2019-04-11 21:57:11 +02:00
Pedro Igor
ad9f59f9f7 [KEYCLOAK-9353] - Avoids initialization of the policy enforcer during deployment 2019-04-05 16:02:53 -03:00
mposolda
a516a795a2 KEYCLOAK-9836 Deprecate keycloak-servlet-oauth-clien 2019-04-02 10:52:18 -03:00
Pedro Igor
20376c9111 [KEYCLOAK-9353] - Quarkus integration 2019-03-21 11:45:35 -03:00
Grzegorz Grzybek
e01562d7cf [KEYCLOAK-9646] Increase import range for javax.servlet API to cover EAP 7.2, servlet-api 4.0
[KEYCLOAK-9646] Update HOW-TO-RUN.md for Fuse 7.1+ instructions
2019-03-12 15:14:34 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
mhajas
8a750c7fca KEYCLOAK-6750 Adapt Tomcat adapter tests to new structure 2019-03-06 08:57:46 +01:00
Sebastian Laskawiec
406097a508 KEYCLOAK-6749 Jetty App Server 2019-03-05 15:21:48 +01:00
mposolda
d5b28013d1 KEYCLOAK-8523 Remove jaxrs package from old testsuite and deprecate jaxrs filter 2019-03-04 10:25:01 +01:00
Pedro Igor
75d9847672 [KEYCLOAK-9478] - Support multiple CIP providers in the policy enforcer configuration 2019-02-27 19:08:57 -03:00
sakanaou
007c364027 Store rewritten redirect URL in adapter-core 2019-02-27 15:39:32 -03:00
Philipp Nowak
39828b2c94 [KEYCLOAK-9539] Race condition SecurityContextHolder.setAuthentication()
This is an issue with the Spring Security Keycloak Adapter relating to
 the way the Authentication is stored in the SecurityContext, causing a
 race condition in application code using that. It does not seem to
 affect actual Spring Security operation.

We had a pretty strange race condition in our application. When many
 requests were incoming at the same time, occasionally the old
 unauthenticated Authentication provided to
 KeycloakAuthenticationProvider for performing the actual authentication
 would stay the current authentication, as returned by
 SecurityContextHolder.getContext().getAuthentication(). That resulted
 in authenticated users' JavaScript requests occasionally (~1/50 given a
 large request volume) returning a 403 because the 'old' token was still
 in the context, causing Spring Security to see them as unauthenticated.

This PR resolves this issue by replacing the whole context, as suggested
 by a Spring Security contributor in jzheaux/spring-security-oauth2-resource-server#48. By default,
 SecurityContextHolder keeps the actual context object in a ThreadLocal,
 which should be safe from race-conditions. The actual Authentication
 object, however, is kept in a mere field, hence the reason for this PR.

JIRA issue: https://issues.jboss.org/browse/KEYCLOAK-9539
2019-02-27 14:58:10 -03:00
Pedro Igor
4d5dff1d64 [KEYCLOAK-9474] - Public endpoints are returning 403 with body when enforcement mode is disabled 2019-02-21 16:27:07 -03:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
Sebastian Laskawiec
ee41a0450f KEYCLOAK-8349 KEYCLOAK-8659 Use TLS for all tests in the suite 2019-02-08 08:57:48 -02:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
Charles Jourdan
68873c29b7 Fix on type for KeycloakInstance.realmAccess and KeycloakInstance.ressourceAccess 2018-12-13 19:03:47 +01:00
Stephane Nicoll
f739e2e2d8 KEYCLOAK-8155 Use Spring Boot autoconfigure-processor to optimize auto-configurations 2018-12-13 09:01:21 +01:00
Boudewijn van Klingeren
5354e88f60 KEYCLOAK-8243 Change error logging to debug for normal flow outcomes 2018-12-13 08:39:54 +01:00
sebastienblanc
aa89ae96a9 update and align Spring Boot versions 2018-12-11 15:34:47 +01:00
Pedro Igor
8204509b0c [KEYCLOAK-8980] - ElytronAccount not serializable 2018-12-10 08:55:00 +01:00
Hynek Mlnarik
27f145969f KEYCLOAK-7936 Prevent registration of the same node
The root cause is that NodesRegistrationManagement.tryRegister can be
called from multiple threads on the same node, so it can require
registration of the same node multiple times. Hence once it turns to
tasks that invoke sendRegistrationEvent (called sequentially), the same
check has been added to that method to prevent multiple invocations on
server side, or invocation upon undeployment/termination.
2018-12-05 12:34:17 +01:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
Hynek Mlnarik
c9cd060417 KEYCLOAK-8824 Fix servlet filter versions 2018-11-22 14:20:46 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
stianst
1ee6fd7130 KEYCLOAK-8619 Fix check-sso when there is no cookie 2018-11-09 10:36:31 -02:00
scranen
5880efe775 KEYCLOAK-4342 Make naming consistent 2018-11-06 10:28:06 -02:00
scranen
e6b9364c39 KEYCLOAK-4342 PR comments 2018-11-06 10:28:06 -02:00
scranen
0c6b20e862 [KEYCLOAK-4342] Make adapter state cookie path configurable 2018-11-06 10:28:06 -02:00
Pedro Igor
234b7a06a1 [KEYCLOAK-7798] - Spring security adapter does not renew expired tokens 2018-11-06 10:26:40 -02:00
BaHwan Han
91c4bfa81c The Keycloak JS adapter should not mutate browser history state 2018-10-29 20:08:32 +01:00
mposolda
c36b577566 KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken 2018-10-23 13:52:09 +02:00
Pedro Igor
6f8f8e6a28 [KEYCLOAK-8449] - Option to automatically map HTTP verbs to scopes when configuring the policy enforcer 2018-10-23 08:40:54 -03:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
mposolda
4483677cdd KEYCLOAK-8529 Fix most of adapter tests on EAP6 2018-10-12 12:01:33 +02:00
Tobias Gippert
c71f6e2188 The Keycloak JS adapter should not create a new browser history entry,
when it is redirecting the user, unless the user is in the admin console.
2018-10-12 09:42:26 +02:00
stianst
aaa33ad883 KEYCLOAK-8509 Improvements to session iframe 2018-10-10 21:01:05 +02:00
stianst
9be8bef575 KEYCLOAK-7920 Changes to native promises in JS adapter. Native promises have to be explicitly enabled and when they are old success/error functions are no longer supported. Internally we don't use native promises. 2018-10-10 21:00:19 +02:00
Frank Schmager
6b59c2f44c try to register node during authentication attempt in filter
* PreAuthActionsFilter registers deployment during authentication attempt to enable, well,
  node registration if filter is used by itself (if no securityConstraints when using spring boot and spring security)
* deregistering node during clean shutdown
* added unit test
2018-10-09 10:30:37 -03:00
sebastienblanc
fd0ab4a626 removing spring factories from core module 2018-10-09 14:17:33 +02:00
Pedro Igor
6fd4a02f95 [KEYCLOAK-8444] - Error when producing KeycloakSpringBootConfigResolver from spring security configuration 2018-10-08 09:29:59 -03:00
Pedro Igor
2da758ac86 [KEYCLOAK-6928] - Selecting first bearer if multiple values exists in authorization header 2018-10-01 09:36:10 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
Pedro Igor
081e9883e6 [KEYCLOAK-7659] - k_version not supporting cors 2018-09-25 11:50:17 -03:00
Pedro Igor
df311b60b4 [KEYCLOAK-8168] - PEP is resolving claims twice under certain circumstances 2018-09-25 11:47:50 -03:00
mposolda
3777dc45d0 KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch 2018-09-21 11:17:05 +02:00
Pedro Igor
adf0a19f9d [KEYCLOAK-8133] - Can't Sucessfully inject a custom KeycloakSpringBootConfigResolver in the Keycloak Spring Boot Security Adapter 2018-09-20 11:11:12 -03:00
Hynek Mlnarik
0b893d5634 KEYCLOAK-8187 Fix Undertow imports for Fuse
Co-Authored-By: wyvie <irum@redhat.com>
2018-09-18 16:54:03 +02:00
Pedro Igor
64f8fe4987 [KEYCLOAK-8070] - wrong expose headers when enable cors and policyenforcer 2018-09-17 17:02:15 -03:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
Pedro Igor
33efcc6b93 [KEYCLOAK-8142] - Fixing regression when setting path enforcement mode to disabled 2018-09-04 10:32:06 -03:00
Dmitry Telegin
bc8763ccf3 KEYCLOAK-7858 - OIDC servlet filter adapter OSGi support 2018-09-04 11:29:45 +02:00
Jani
42553cdc44 [KEYCLOAK-7695] Restore token_type and expires_in for implicit flow
As KEYCLOAK-6585 concerns only hybrid flow, this commit restores the behavior for implicit flow.

This commit partially reverts #5041 (061049e41a6b0e6fb45c75f05748023ad7ab7d92).
2018-08-29 13:00:57 +02:00
mposolda
6fc99cd749 KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
Dan Hooper
0a8fca7ec4 Created common interface for parsed tokens in typescript declaration file 2018-08-23 16:14:17 -04:00
Frank Schmager
3e2e0ac91c Renamed factory and java doc 2018-08-22 16:39:55 +02:00
Frank Schmager
dda365e002 initial exposing of BasicAuthRequestAuthenticator to make extensible 2018-08-22 16:39:55 +02:00
Grzegorz Grzybek
fdc9882709 [KEYCLOAK-8101] Return just cached deployment to prevent NPE 2018-08-21 09:56:58 +02:00
Alex Szczuczko
a35ed671e6 KEYCLOAK-7480 Make fuse7 tomcat8 adapter community-only 2018-08-20 09:06:45 +02:00
Alex Szczuczko
f0a2f7a675 KEYCLOAK-7480 Make fuse7 adapter's jetty94 conditional on the community profile
In commit d70859ef keycloak-pax-web-jetty94 was added.

org.keycloak:keycloak-jetty94-adapter:jar is a dependency of this module, and
isn't produced outside of the community profile. So, the jetty94 module here
must be consistent with that.
2018-08-20 09:06:45 +02:00
Erin Recachinas
fa8cb004a1 KEYCLOAK-6086 Casting Jetty WebAppContext in Spring Adapter checks validity and unwraps 2018-08-13 11:16:19 +02:00
Pedro Igor
80e5227bcd [KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests 2018-08-07 10:53:40 -03:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
Tair Sabirgaliev
d88568266f KEYCLOAK-7821 Enable tomcat-specific features: * (all roles), ** (authenticated user) in authRoles constraint 2018-07-27 14:24:49 +02:00
mhajas
a6e4f4f9aa KEYCLOAK-7922 Use Time.currentTimeMillis() instead of System.currentTimeMillis() in PathCache 2018-07-24 08:52:48 -03:00
Hynek Mlnarik
c8bc0d6d7b KEYCLOAK-7400 Remove dead code
This commit can only be merged once the Camel 2.21.2 would be
released, otherwise the code won't compile due to missing dependencies.

See https://issues.apache.org/jira/browse/CAMEL-12514 for details.
2018-07-23 14:46:00 +02:00
Pedro Igor
7c14a6a503 [KEYCLOAK-6547] - AuthenticatedActionsHandler should process responses after identity is established 2018-07-19 10:05:04 -03:00
Grzegorz Grzybek
2cb7ec9432 [KEYCLOAK-7703] HierarchicalPathBasedKeycloakConfigResolver for more fine/coarse grained Keycloak configuration in Karaf 2018-07-19 14:25:52 +02:00
Gregor Tudan
3417b569c0 KEYCLOAK-2606: add support for native browsers on cordova
KEYCLOAK-2606 Added cordova native

KEYCLOAK-2606 Some more fixes and tweaks

Fix redirect in example realm

feature(cordova-native): fix universalLinks and kc options

Added 'cordova-native' to typings

Added an option to define a "default" redirectUri in keycloak.js

Added 'login' and 'logout' event to universalLinks configuration in config.xml

Improved 'cordova-native' example to always use a redirectUri and
update state after successfull logout

Setting the 'authenticated' flag for the keycloak instance to 'false'
after a logout redirect

KEYCLOAK-2606: Simplify example for cordova-native

I wanted to make it explicit which options are actually needed, so I didn't want to reuse the keycloak conf

KEYCLOAK-2606: simplify example

The update state after logout shouldn't be necessary as it is set in `keycloak.onAuthLogout = updateState;`
Not sure why it is called after the login promise...

Fixes
2018-07-18 10:51:59 +02:00
Martin Kanis
b520dda3ef KEYCLOAK-4662 Keycloak adapter missing configuration attribute proxy-url 2018-07-13 14:30:40 +02:00
mhajas
5aebc74f8c KEYCLOAK-7269 Setting more uris for Authorization Resource 2018-07-11 17:48:34 -03:00
Pedro Igor
55550f2023 [KEYCLOAK-6547] - AuthenticatedActionsHandler should process responses after identity is established 2018-07-11 11:33:31 -03:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
sebastienblanc
f5d00ddffb making Spring Boot 2 the default starter 2018-07-03 22:04:16 +02:00
Pedro Igor
dcadc61220 [KEYCLOAK-7670] - PEP not returning correct status code when authorization header is not set 2018-06-29 09:39:55 -03:00
Pedro Igor
f10c47955f [KEYCLOAK-7427] - Fix to support writing to response when doing programmatic logouts 2018-06-28 11:08:28 -03:00
Pedro Igor
23db2b852b [KEYCLOAK-7679] - Wildfly adapter must be disabled when using Elytron 2018-06-28 11:08:28 -03:00
Grzegorz Grzybek
3c9d3c2c04 [KEYCLOAK-7681] Review pax-web OSGi dependencies
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2018-06-22 13:47:20 +02:00
Grzegorz Grzybek
f90e0fc14c [KEYCLOAK-7425] Correctly import packages of httpclient and http core, fix Karaf feature 2018-06-21 14:28:47 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Dennis Bayer
c43d8b3d85 Get role list to update directly from the security context rather than from previously created subject info.
Roles within groups must be unpacked added separately in order to contain all roles.
2018-06-13 21:03:30 -03:00
Dennis Bayer
6a2a121d4e Map group members of authenticated subject into subject info.
This commit contains a POC for the issue "Roles get lost after security context was propagated back to wildfly-swarm, if using jwt for authentication" (KEYCLOAK-7309).
2018-06-13 21:03:30 -03:00
Hynek Mlnarik
9dc5709ce7 KEYCLOAK-7593 Setters for httpContext 2018-06-13 16:32:39 +02:00
Stefan Guilhen
d897159560 [KEYCLOAK-7598] - Set CIP config when defining paths in policy enforcer config (#5264) 2018-06-12 11:24:17 -03:00
Vlasta Ramik
182c975e01 KEYCLOAK-7597 fix logger classes (#5263) 2018-06-12 11:02:04 -03:00
Pedro Igor
db60abc604
[KEYCLOAK-7543] - Policy enforcer should not delegate decisions when using UMA (#5252) 2018-06-11 08:17:40 -03:00
Lorent Lempereur
f55c93a1e4 Javascript Adapter - Add 'cordovaOptions' to the Typescript definition of KeycloakLoginOptions (#5250) 2018-06-11 08:21:04 +02:00
Grzegorz Grzybek
fca6da3a5a KEYCLOAK-7523 better context path detection in PathBasedKeycloakConfigResolver 2018-06-08 21:32:14 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076)
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00