Peter Nalyvayko
b8e5fd2b99
KC-4335: working on adding a reverse proxy support to allow X.509 client certificate authentication when running keycloak behind a reverse proxy
...
KC-4335: reverse proxy => a swtich to change a type of reverse proxy when running the X509 integration tests; changes to the names of the reverse proxy providers
KC-4335: updated the migration scripts to add x509 spi to standalone and domain configurations; removed the HAproxy and apache x509 spi configuration
2017-11-30 11:00:32 +01:00
pedroigor
674fb31a2c
[KEYCLOAK-5660] - Rest API User count returns wrong value
2017-11-30 10:45:54 +01:00
Bruno Oliveira
6a528a3ee6
[KEYCLOAK-2645] Reset password page says 'You need to change your password to activate your account.'
2017-11-30 10:37:21 +01:00
stianst
2be78a0239
KEYCLOAK-5924 Add error handler for uncaught errors
2017-11-30 10:33:13 +01:00
Bruno Oliveira
af66c5dbd2
[KEYCLOAK-5483] X.509 Auth - log in attempt is not sometimes logged in the Login Events
2017-11-29 20:08:22 +01:00
Bill Burke
0a8995efc7
Merge pull request #4747 from mstruk/KEYCLOAK-5741
...
KEYCLOAK-5741 [Admin CLI] Fix instructions in build-in help
2017-11-28 08:57:29 -05:00
Bill Burke
c398f6619f
Merge pull request #4748 from mstruk/KEYCLOAK-5762
...
KEYCLOAK-5762 [Client Registration CLI] Fix instructions in built-in help
2017-11-28 08:57:15 -05:00
Stian Thorgersen
cf485c3fc9
KEYCLOAK-5308 Fix updating protocol mappers on Oracle
2017-11-27 19:46:12 +01:00
Stian Thorgersen
5666bfe88b
KEYCLOAK-4962 Fix updating mappers for identity providers on Oracle
2017-11-27 19:46:12 +01:00
Marko Strukelj
c35c6e6ab7
KEYCLOAK-5762 [Client Registration CLI] Fix instructions in built-in help
2017-11-27 17:00:48 +01:00
Marko Strukelj
0e2332196d
KEYCLOAK-5741 [Admin CLI] Fix instructions in build-in help
2017-11-27 16:12:00 +01:00
Bruno Oliveira
9d35891e7d
[KEYCLOAK-5467] X.509 Auth - missing internationalization support
2017-11-27 13:44:38 +01:00
Bruno Oliveira
00677a6b92
[KEYCLOAK-5898] X.509 Auth - add tests for CRL with direct grant
2017-11-27 13:43:37 +01:00
Bruno Oliveira
697caaa805
[KEYCLOAK-4683] Add key usage tests for X.509 Authentication
...
These tests cover the scenarios already available at our certificates:
* Key Usage with the flag critical
* Extended Key Usage without the flag critical
2017-11-27 13:42:57 +01:00
Marek Posolda
dd6502013e
Merge pull request #4734 from rmartinc/ui_locales
...
KEYCLOAK-5896: Parameter "ui_locales" not redirected to login page in java adapters
2017-11-24 10:59:26 +01:00
rmartinc
ecbf6e5386
KEYCLOAK-5896: adding a test for the ui_locales change.
2017-11-24 08:21:37 +01:00
pedroigor
2721e6a5e4
[KEYCLOAK-5770] - Logout event test
2017-11-23 21:08:07 +01:00
mposolda
6d91ab674b
KEYCLOAK-5895 CrossDC: NotSerializableException when opening sessions tab in admin console
2017-11-23 20:03:12 +01:00
Pavel Drozd
94ba85c210
Merge pull request #4720 from vramik/KEYCLOAK-5872
...
KEYCLOAK-5872 add preview assumption to InvalidationCrossDCTest.authz…
2017-11-23 07:42:31 +01:00
Bill Burke
2117db5e6d
Merge pull request #4730 from patriot1burke/master
...
KEYCLOAK-4715
2017-11-22 12:45:23 -05:00
Bill Burke
116bfb05c2
fix
2017-11-22 11:55:10 -05:00
Bill Burke
aee6d16f58
fix more stupidity
2017-11-22 10:22:47 -05:00
Bill Burke
ae29e36e1f
fix my stupidity
2017-11-22 08:19:30 -05:00
mposolda
bd1072d2eb
KEYCLOAK-5747 Ensure refreshToken doesn't need to send request to the other DC. Other fixes and polishing
2017-11-22 11:55:12 +01:00
Bill Burke
75d517a1e8
cleanup test
2017-11-21 21:49:51 -05:00
Bill Burke
8993ca08ad
KEYCLOAK-4715
2017-11-21 17:46:48 -05:00
vmuzikar
7fd237b40b
KEYCLOAK-5879 Fix SocialLoginTest with -Pauth-server-wildfly
2017-11-21 11:12:21 +01:00
Bill Burke
06762ba13d
KEYCLOAK-5878
2017-11-20 17:03:28 -05:00
vramik
37b625fd99
KEYCLOAK-5872 add preview assumption to InvalidationCrossDCTest.authzResourceInvalidationTest
2017-11-20 11:30:44 +01:00
Bruno Oliveira
641069d4fd
[KEYCLOAK-5866] MigrationTest fails for extracting realm keys
2017-11-16 19:44:09 +01:00
Bruno Oliveira
07aa718cb9
[KEYCLOAK-5379] MigrationTest fails for migration to 3.3.0
2017-11-16 07:22:57 +01:00
Pedro Igor
f96c3312e2
[KEYCLOAK-5841] - Test
2017-11-16 07:03:08 +01:00
Hynek Mlnařík
393fae74b3
Merge pull request #4693 from hmlnarik/KEYCLOAK-5349-JS-client-breaks-login-session
...
KEYCLOAK-5349 User session count in IdP-initiated flow tests
2017-11-15 12:35:19 +01:00
Hynek Mlnarik
a2f6c16764
KEYCLOAK-5349 User session count in IdP-initiated flow tests
2017-11-15 11:41:45 +01:00
Pedro Igor
63a01b1e1f
Merge pull request #4689 from pedroigor/KEYCLOAK-5844
...
[KEYCLOAK-5844] - Refreshing PAT instead of obtaining a new one every time
2017-11-14 18:25:24 -02:00
Pedro Igor
fdb618219f
[KEYCLOAK-5844] - Refreshing PAT instead of obtaining a new one every time
2017-11-14 11:24:45 -02:00
Stian Thorgersen
89f4b87038
KEYCLOAK-5567 Set correct status code on login error pages
2017-11-14 12:33:29 +01:00
Bruno Oliveira
03d0488335
[KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-13 19:57:04 -02:00
Stian Thorgersen
925d5e1dea
KEYCLOAK-3173 enable logout offline refresh token using OIDC logout endpoint
2017-11-13 18:23:39 +01:00
Stian Thorgersen
d30bf938ee
KEYCLOAK-5821 Fix basic auth tests with embedded Undertow
2017-11-13 16:34:25 +01:00
Pavel Drozd
af97a84108
Merge pull request #4635 from vmuzikar/fix-x509
...
KEYCLOAK-5720 Fix X.509 tests
2017-11-13 11:56:16 +01:00
Stian Thorgersen
4295f4ec31
KEYCLOAK-1886 Added cors headers to errors in token endpoint
2017-11-10 12:01:21 +01:00
mposolda
b033ce0669
KEYCLOAK-5371 SessionExpirationCrossDCTest - improve stability. Remove checks for counts of sent messages
2017-11-09 22:18:47 +01:00
mposolda
a98f085be6
KEYCLOAK-5618 Fix SessionsPreloadCrossDCTest. Update HOW-TO-RUN docs. Ensure it's executed in travis.
2017-11-09 17:39:04 +01:00
Bruno Oliveira
26e253f4a5
[KEYCLOAK-5284]
2017-11-09 13:45:06 +01:00
Marko Strukelj
2854a2006e
KEYCLOAK-5810 ClientTokenExchangeTest failures with -Pproduct profile
2017-11-09 13:44:10 +01:00
vmuzikar
2c2a332f80
KEYCLOAK-5332 Fix GitLab social test
2017-11-09 07:19:01 +01:00
mposolda
62a1c187a2
KEYCLOAK-5716 KEYCLOAK-5738 Avoid infinispan deadlock. Ensure code-to-token works correctly in cross-dc
2017-11-07 09:01:59 +01:00
Hynek Mlnarik
fe2f65daac
KEYCLOAK-5581 Fix SAML identity broker context serialization
2017-11-03 21:09:18 +01:00
vmuzikar
ef8adc15f4
KEYCLOAK-5720 Fix X.509 tests
2017-11-03 17:09:46 +01:00
Pedro Igor
3716fa44ac
[KEYCLOAK-5728] - Permission Claims support
2017-10-27 12:40:30 -02:00
Hynek Mlnařík
248da4687a
Merge pull request #4610 from hmlnarik/KEYCLOAK-5745-Extract-client-sessions-from-user-sessions
...
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 13:09:06 +02:00
Hynek Mlnarik
75c354fd94
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 10:39:41 +02:00
Bill Burke
903a4dd849
Merge pull request #4612 from patriot1burke/master
...
KEYCLOAK-5273
2017-10-25 13:54:32 -04:00
Bill Burke
de6eab6d5d
fix
2017-10-25 13:00:58 -04:00
Bill Burke
8c1a3253fb
KEYCLOAK-5273
2017-10-25 10:31:11 -04:00
Bruno Oliveira da Silva
375e01a074
KEYCLOAK-5278 ( #4606 )
2017-10-25 15:27:24 +02:00
Bill Burke
50ccb5e5f6
Merge pull request #4591 from abstractj/KEYCLOAK-5717
...
KEYCLOAK-5717
2017-10-24 17:38:28 -04:00
Pedro Igor
1840cc54e4
Merge pull request #4601 from pedroigor/KEYCLOAK-5726
...
[KEYCLOAK-5726] - Support define enforcement mode for scopes on the adapter config
2017-10-24 12:51:52 -02:00
Pedro Igor
80e9b08bb6
[KEYCLOAK-5726] - Tests for scopes-enforcement-mode ALL and ANY
2017-10-24 11:37:41 -02:00
Bruno Oliveira
4d762159ef
KEYCLOAK-5717
2017-10-24 10:55:02 -02:00
Hynek Mlnařík
8e0cc2a5ea
Merge pull request #4605 from mposolda/master
...
KEYCLOAK-5710 Change cache-server to use backups based caches
2017-10-24 14:40:01 +02:00
Pedro Igor
a6e1413d58
[KEYCLOAK-5726] - Support define enforcement mode for scopes on the adapter configuration
2017-10-24 10:39:54 -02:00
Pavel Drozd
a4ec32ba66
Merge pull request #4602 from vramik/KEYCLOAK-5244
...
KEYCLOAK-5244 fix PasswordPolicyTest.testBlacklistPasswordPolicyWithT…
2017-10-24 14:17:35 +02:00
mposolda
9a19e95b60
KEYCLOAK-5710 Change cache-server to use backups based caches
2017-10-24 11:52:08 +02:00
Stan Silvert
9083e5fe5c
KEYCLOAK-5298: Enable autoescaping in Freemarker ( #4561 )
...
* KEYCLOAK-5298: Enable autoescaping in Freemarker
* Fix several of the failing tests.
* Fix broken tests in integration-deprecated
* Fix last failing test.
2017-10-23 12:03:00 -04:00
Stian Thorgersen
9b75b603e3
KEYCLOAK-5234 ( #4585 )
2017-10-23 16:13:22 +02:00
vramik
a3a1761eb7
KEYCLOAK-5244 fix PasswordPolicyTest.testBlacklistPasswordPolicyWithTestBlacklist on Wildfly
2017-10-23 12:11:36 +02:00
Bill Burke
73ba06b26b
Merge pull request #4590 from patriot1burke/master
...
KEYCLOAK-5698
2017-10-20 14:58:07 -04:00
Bill Burke
92245e3fc8
fixes
2017-10-20 09:55:37 -04:00
Hynek Mlnarik
3248557897
KEYCLOAK-5707 Have travis run cross-dc tests when appropriate
2017-10-19 13:29:26 +02:00
Stian Thorgersen
d9ffc4fa21
KEYCLOAK-5225 ( #4577 )
...
KEYCLOAK-5225 fix test
Fix
2017-10-19 08:23:16 +02:00
Stian Thorgersen
fea4c54adc
KEYCLOAK-5280 ( #4576 )
2017-10-19 08:02:23 +02:00
Pedro Igor
cedc095a9c
[KEYCLOAK-4550] - Test invalid configuration for user policy
2017-10-18 18:42:55 -02:00
Thomas Darimont
3103e0fd0a
KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider ( #4370 )
...
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider
This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.
The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.
I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords ) project.
For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/
Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```
Password blacklist is stored in a TreeSet.
* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter
We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.
BloomFilter implementation is provided by google-guava
which is available in wildfly.
Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.
This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.
Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.
Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.
The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.
Configure password blacklist folder for tests
* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers
* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
Hynek Mlnarik
056ba75a72
KEYCLOAK-5656 Use standard infinispan remote-store
2017-10-16 21:49:42 +02:00
Bill Burke
31dccc9a5e
Merge pull request #4509 from TeliaSoneraNorge/KEYCLOAK-5032
...
KEYCLOAK-5032 Forward request parameters to another IdP
2017-10-13 18:47:05 -04:00
Bill Burke
c66ce3a209
Merge pull request #4559 from micedre/KEYCLOAK-4052bis
...
KEYCLOAK-4052 - add an option to validate Password Policy for ldap user storage
2017-10-13 18:44:57 -04:00
Bill Burke
46d3ed7832
Merge remote-tracking branch 'upstream/master'
2017-10-13 17:00:57 -04:00
Bill Burke
d9af93850c
KEYCLOAK-5683, KEYCLOAK-5684, KEYCLOAK-5682, KEYCLOAK-5612, KEYCLOAK-5611
2017-10-13 16:51:56 -04:00
Cédric Couralet
656fc5d7c0
KEYCLOAK-4052 - add an option to validate Password Policy for ldap user storage
2017-10-13 13:54:50 +02:00
mposolda
1874820008
KEYCLOAK-5371 Fix ConcurrentLoginCrossDCTest.concurrentLoginWithRandomDcFailures
2017-10-11 13:02:55 +02:00
mposolda
f5ff24ccdb
KEYCLOAK-5371 Fix SessionExpirationCrossDCTest, Added ExecutorsProvider. Debug support for cache-servers in tests
2017-10-10 22:30:44 +02:00
Bill Burke
b0464f1751
Merge remote-tracking branch 'upstream/master'
2017-10-10 09:10:04 -04:00
Bill Burke
5bd4ea30ad
rev
2017-10-10 09:09:51 -04:00
Marek Posolda
d336667972
Merge pull request #4527 from Hitachi/master
...
OIDC Financial API Read Only Profile : scope MUST be returned in the response from Token Endpoint
2017-10-10 11:37:45 +02:00
Carl Kristian Eriksen
50dd07217d
KEYCLOAK-5032 Forward request parameters to another IdP
...
Forwarding of prompt and acr_values, if provided in the authorization request.
If prompt is set in the configuration for the identity provider, the configuration overrules the request parameter.
2017-10-09 16:15:27 +02:00
Marek Posolda
c6483f8b1e
Merge pull request #4523 from abustya/master
...
KEYCLOAK-5616 Processing of claims parameter
2017-10-09 11:14:23 +02:00
Bill Burke
c8516c2349
support social external exchange
2017-10-06 16:44:26 -04:00
Hynek Mlnařík
00ddf03ad3
Merge pull request #4538 from vramik/KEYCLOAK-5586
...
KEYCLOAK-5586 increase startup timeout for jboss containers
2017-10-06 10:46:49 +02:00
vramik
940715a975
KEYCLOAK-5586 increase startup timeout for jboss containers
2017-10-06 10:06:26 +02:00
Stian Thorgersen
698483ee17
Missing test ( #4537 )
2017-10-05 13:27:15 +02:00
mposolda
bca4c35708
KEYCLOAK-5371 Fix ActionTokenCrossDCTest and BruteForceCrossDCTest
2017-10-04 13:25:45 +02:00
Pavel Drozd
98c63bc195
Merge pull request #4502 from mhajas/KEYCLOAK-5555
...
KEYCLOAK-5555 Use driver from function argument for URL Asserts
2017-10-04 08:00:45 +02:00
Takashi Norimatsu
6f6a467c7b
OIDC Financial API Read Only Profile : scope MUST be returned in the
...
response from Token Endpoint
2017-10-04 12:59:49 +09:00
Áron Bustya
c2ffaa0777
Merge remote-tracking branch 'keycloak/master'
2017-10-03 14:53:40 +02:00
Áron Bustya
632414cc92
process claims parameter
...
also support parsing from request object
2017-10-03 14:51:46 +02:00
vramik
f806d4a5d6
KEYCLOAK-5586 Add support for testing cross dc tests on jboss-based containers
2017-10-03 14:01:45 +02:00
Bruno Oliveira da Silva
da72968085
KEYCLOAK-4401: Wrong message when a temporarily disabled user requests password reset ( #4506 )
2017-10-03 06:28:34 +02:00
Marek Posolda
faa5ec5125
Merge pull request #4520 from mposolda/master
...
KEYCLOAK-5440 RestartLoginCookie field 'cs' not marked ignorable
2017-10-02 20:03:34 +02:00
filipelautert
c4cc752e18
Fixing tests for Oracle ( #4481 )
2017-10-02 14:59:33 +02:00
mposolda
4a7013d550
KEYCLOAK-5440 RestartLoginCookie field 'cs' not marked ignorable
2017-10-02 14:19:27 +02:00
Bruno Oliveira da Silva
bb0bccc3c0
[KEYCLOAK-5486] Test email connection feature does not work the second time ( #4517 )
2017-10-02 13:14:50 +02:00
mposolda
7d641baf4e
KEYCLOAK-5570 Added InvalidationCrossDCTest
2017-09-29 19:36:40 +02:00
Marek Posolda
13fe9e7cf8
Merge pull request #4510 from glavoie/KEYCLOAK-3303
...
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93
KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT
2017-09-29 13:20:22 +02:00
Gabriel Lavoie
134daeac7f
KEYCLOAK-3303: Allow reuse of refresh tokens.
...
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
mhajas
01187901ea
KEYCLOAK-5555 Use driver from function argument for URL Asserts
2017-09-27 10:09:46 +02:00
Bill Burke
fd025ae76b
Merge pull request #4209 from guitaro/feature/group-search-and-pagination
...
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Bill Burke
537081ec9d
Merge pull request #4494 from patriot1burke/master
...
KEYCLOAK-5516
2017-09-22 16:38:13 -04:00
Bill Burke
3020a04a8b
Merge pull request #4490 from Fiercely/master
...
Keycloak 2035
2017-09-22 16:13:22 -04:00
Thomas Darimont
236b2b9273
KEYCLOAK-3599 Add Script based OIDC ProtocolMapper
2017-09-22 21:24:20 +02:00
Bill Burke
9d452b4bc3
Merge remote-tracking branch 'upstream/master'
2017-09-22 11:48:41 -04:00
Bill Burke
eb4f7f3b21
KEYCLOAK-5516
2017-09-22 11:48:30 -04:00
howcroft
e78bf5f876
Keycloak 2035
...
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Bill Burke
15ddb2009d
Merge pull request #4475 from mstruk/KEYCLOAK-5328
...
KEYCLOAK-5328 Documentation issue for kcadm.sh set-password command
2017-09-21 21:50:16 -04:00
Bill Burke
8ace0e68c3
KEYCLOAK-910 KEYCLOAK-5455
2017-09-21 17:15:18 -04:00
Bill Burke
ab58052a4c
Merge pull request #4482 from patriot1burke/master
...
KEYCLOAK-5491 KEYCLOAK-5492 KEYCLOAK-5490
2017-09-19 14:01:40 -04:00
Pavel Drozd
c67a1d0469
Merge pull request #4483 from vmuzikar/KEYCLOAK-5495
...
KEYCLOAK-5495 Update Arquillian Drone to 2.4.2
2017-09-19 16:34:16 +02:00
Marko Strukelj
87cad0d84b
KEYCLOAK-5328 Documentation issue for kcadm.sh set-password command
2017-09-18 20:01:31 +02:00
mposolda
ca92bcbf7f
KEYCLOAK-5480 Cross-DC setup: Remote cache stores are connecting to Infinispan servers in both datacenters
2017-09-18 18:04:04 +02:00
Marek Posolda
fa35249afd
Merge pull request #4480 from TeliaSoneraNorge/KEYCLOAK-5494
...
Fix introspection error for pairwise access tokens
2017-09-18 16:44:24 +02:00
Pedro Igor
e8ef050093
Merge pull request #4471 from pedroigor/KEYCLOAK-5095
...
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-18 09:32:47 -03:00
Martin Hardselius
6b687c4318
Fix offline validation errors
...
Refactored token validation method to run user checks only if the user
session is valid.
2017-09-18 11:26:57 +02:00
Vaclav Muzikar
b4aae198fc
KEYCLOAK-5495 Update Arquillian Drone to 2.4.2
2017-09-18 09:52:45 +02:00
Bill Burke
2276279434
fix
2017-09-15 17:46:42 -04:00
Bill Burke
5a22b360f1
resolve conflicts
2017-09-15 16:37:35 -04:00
Bill Burke
f927ee7b4e
KEYCLOAK-5491 KEYCLOAK-5492
2017-09-15 16:30:45 -04:00
Pavel Drozd
34b8c58c0f
Merge pull request #4459 from mhajas/KEYCLOAK-5320
...
KEYCLOAK-5320 Configure SSL using creaper
2017-09-15 13:35:14 +02:00
Bill Burke
3e6adbc904
KEYCLOAK-5490 ( #4477 )
2017-09-15 11:36:48 +02:00
Martin Hardselius
a4315f4076
Fix introspection error for pairwise access tokens
...
When access tokens containing a pairwise sub are introspected, user
related checks are using that sub to fetch the UserModel instead of
fetching the user from the UserSession. No corresponding user is found
(or possibly even another user) and the token is reported inactive.
Resolves: KEYCLOAK-5494
2017-09-15 10:31:47 +02:00
Bill Burke
affeadf4f3
KEYCLOAK-5490
2017-09-14 21:16:50 -04:00
Levente NAGY
d18aa44fb4
Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination
2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7
KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache
2017-09-13 16:45:45 +02:00
Pedro Igor
8b2d47dd71
[KEYCLOAK-5095] - Adding tests
2017-09-13 10:37:52 -03:00
Hisanobu Okuda
b7af96aa4d
KEYCLOAK-5315 Conditional OTP enforcement does not work ( #4399 )
2017-09-13 06:58:59 +02:00
Martin Kanis
550e5f752a
KEYCLOAK-5146 TokenEndpoint returns wrong methods for preflight requests ( #4455 )
2017-09-13 06:23:11 +02:00
Pedro Igor
90db6654d3
Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
...
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00
Petter Lysne
7f8b5e032a
feat: added PayPal IDP ( #4449 )
2017-09-12 11:57:59 +02:00
Hynek Mlnarik
24e9cbb292
KEYCLOAK-4899 Replace updates to user session with temporary auth session
2017-09-11 21:43:49 +02:00
Pavel Drozd
9032889c15
Merge pull request #4465 from vramik/KEYCLOAK-4793
...
KEYCLOAK-4793 add kie.maven.settings.custom property to tests
2017-09-11 11:55:13 +02:00
vramik
a33007afb6
KEYCLOAK-4793 add kie.maven.settings.custom property to tests
2017-09-11 11:15:38 +02:00
mhajas
330cb022eb
KEYCLOAK-5320 Configure SSL using creaper
2017-09-08 13:19:48 +02:00
vramik
0a5de1239f
KEYCLOAK-5414 fix AccountRestServiceTest on undertow ( #4460 )
2017-09-07 09:30:20 +02:00
Gabriel Lavoie
c1664478d9
KEYCLOAK-4858: Slow query performance for client with large data volume
...
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00
mposolda
fe43c26829
KEYCLOAK-5248 auth_time is not updated when reauthentication is requested with 'login=prompt'
2017-09-05 12:22:30 +02:00
mposolda
30d8a7503b
KEYCLOAK-5326 Test that userSession is still the same after prompt=login
2017-09-05 12:22:30 +02:00
Pedro Igor
fa6d5f0ee2
[KEYCLOAK-4653] - Identity.hasClientRole(String) and Identity.hasRole(String) break role namespaces and should be removed
2017-09-01 16:08:34 -03:00
filipelautert
e055589448
[KEYCLOAK-4778] Fix for Oracle null value when having an empty String as attribute value ( #4406 )
...
* Add client.name as a second parameter to the title expressions in login template
* Fixing tooltip.
* pt_BR localization for admin screens.
* Reverting login.ftl
* Added all tooltip messages - even the ones not translated.
Translated around 150 messages todas.
* More translations.
* Fixing wrong edit.
* [KEYCLOAK-4778] Null check on Attribute value. This value can be null when retrieved from an Oracle database.
* [KEYCLOAK-4778] Create unit tests for empty and null values.
* [KEYCLOAK-4778] Move empty and null attributes tests to a separated test method; change tests to empty or null Strings.
* [KEYCLOAK-4778] Check if value is null and set it as empty array. In the former code if null was received it would generate an array with 1 string element ["null"]. Also if we set value as null instead of ArrayList, later when the rest call is executed it will generate the same incorrect array again.
* [KEYCLOAK-4778] Tests clean up.
2017-08-31 06:09:41 +02:00
Wim Vandenhaute
924b4f651a
KEYCLOAK-5186 createUser: set federationLink ( #4316 )
2017-08-31 06:07:43 +02:00
Hynek Mlnařík
e36b94d905
KEYCLOAK-5318 Verify signature on raw query parameters ( #4445 )
2017-08-31 05:46:26 +02:00
vramik
8bfab22417
KEYCLOAK-5049 add explicit removal of groups ( #4416 )
2017-08-30 08:16:00 +02:00
Stian Thorgersen
dcfa4aca8c
KEYCLOAK-943 Started account rest service. Profile and sessions completed. ( #4439 )
2017-08-29 20:12:09 +02:00
Hynek Mlnařík
0caf93dfd9
KEYCLOAK-5336 Count on IPv6 address in tests ( #4433 )
2017-08-28 15:39:44 +02:00
Hynek Mlnarik
794c508b10
KEYCLOAK-4995 Support for distributed SAML logout in cross DC
2017-08-28 13:15:11 +02:00
Hynek Mlnarik
a2ccf4efa3
KEYCLOAK-5300 Fix Wildfly 10 SAML cluster tests
2017-08-28 13:15:11 +02:00
Pavel Drozd
53fe96db78
Merge pull request #4403 from mhajas/KEYCLOAK-5313
...
KEYCLOAK-5313 Assume preview profile for InstallationTests
2017-08-28 10:28:13 +02:00
Pavel Drozd
a76e4434fa
KEYCLOAK-5340 - Testsuite compilation error - waitForPageToLoad without driver param
2017-08-28 09:14:45 +02:00
Pavel Drozd
e3a61c580e
Merge pull request #4414 from vmuzikar/KEYCLOAK-5229-dep-update
...
KEYCLOAK-5229 Update testsuite dependencies
2017-08-28 08:07:25 +02:00
Hynek Mlnařík
9ee8f72be9
\KEYCLOAK-5335 Destination attr in SAML requests is optional ( #4424 )
2017-08-28 08:06:48 +02:00
Bruno Oliveira da Silva
859cd30c3a
Include frame-ancestors for CSP 2 ( #4413 )
...
Signed-off-by: Bruno Oliveira <bruno@abstractj.org>
2017-08-28 06:46:03 +02:00
Pavel Drozd
9b858907ec
Merge pull request #4402 from mhajas/KEYCLOAK-5312
...
KEYCLOAK-5312 Add preview profile assumption to authz tests
2017-08-25 11:25:00 +02:00
Stian Thorgersen
d58c6ad4e0
[KEYCLOAK-4900] Pass login_hint parameter to idp & review ( #4421 )
2017-08-25 10:14:38 +02:00
Bill Burke
6696c44dc0
Merge remote-tracking branch 'upstream/master'
2017-08-24 15:19:48 -04:00
Bill Burke
7a57723c01
more token exchange
2017-08-24 15:19:38 -04:00
mhajas
8bb473147c
KEYCLOAK-5312 Add preview profile assumption
2017-08-24 11:45:09 +02:00
mhajas
543f61048f
KEYCLOAK-5313 Assume preview profile for Authz test
2017-08-24 10:20:27 +02:00
Vaclav Muzikar
da9a88c45c
KEYCLOAK-5229 Update testsuite dependencies
2017-08-23 15:36:29 +02:00
Pedro Igor
8e5752c9db
Merge pull request #4388 from pedroigor/KEYCLOAK-5015-elytron-adapter
...
[KEYCLOAK-5015] - Updating Elytron Adapters
2017-08-23 08:55:25 -03:00
mposolda
fe5891fbdb
KEYCLOAK-5293 Add notBefore to user
2017-08-23 08:58:26 +02:00
Pedro Igor
287a86938e
[KEYCLOAK-5015] - HAL integration tests
2017-08-22 18:01:19 -03:00
Pavel Drozd
8d3384666a
Merge pull request #4401 from mhajas/KEYCLOAK-5265
...
KEYCLOAK-5265 Set localization tests to community profile only
2017-08-22 09:01:33 +02:00
Pavel Drozd
2ae812420d
Merge pull request #4396 from mhajas/KEYCLOAK-5311
...
KEYCLOAK-5311 Fix authorization tests
2017-08-22 09:00:23 +02:00
mhajas
7f7c0bac1e
KEYCLOAK-5265 Set localization tests to community profile only
2017-08-21 13:10:45 +02:00
mhajas
d58499acfb
KEYCLOAK-5311 Fix authorization tests
2017-08-18 09:22:50 +02:00
mhajas
0c21b8c3a6
KEYCLOAK-4393 Remove example tests
2017-08-18 09:11:53 +02:00
mposolda
089514d8a6
KEYCLOAK-4634 Cross-dc support for UserLoginFailures
2017-08-17 10:22:12 +02:00
Stian Thorgersen
6119572934
KEYCLOAK-5282 ( #4389 )
2017-08-17 09:22:23 +02:00
mposolda
c4bb29b4bb
KEYCLOAK-4187 SessionExpirationCrossDCTest - added tests for user logout and removal
2017-08-14 11:19:07 +02:00
mposolda
3aae4d22f6
KEYCLOAK-4630 Testing that refresh with offline token works
2017-08-11 19:37:25 +02:00
mposolda
868e76fcf3
KEYCLOAK-4630 Added SessionsPreloadCrossDCTest for test preloading sessions and offline sessions. Support for manual.mode to control manually lifecycle of all servers.
2017-08-11 17:44:00 +02:00
mposolda
0f7440d344
KEYCLOAK-4187 Fixes and tests related to sessions expiration and bulk removal in cross-dc environment
2017-08-10 08:29:59 +02:00
Pavel Drozd
9f6d9f7403
Merge pull request #4376 from pdrozd/KEYCLOAK-5267
...
KEYCLOAK-5267 Fuse tests - added timeouts for closing ssh channel
2017-08-09 21:48:36 +02:00
Bill Burke
3470b1839d
Merge remote-tracking branch 'upstream/master'
2017-08-09 10:25:25 -04:00
Bill Burke
2fa55550f3
token exchange permissions
2017-08-09 10:04:14 -04:00
Pavel Drozd
6bdc49048a
KEYCLOAK-5267 Fuse tests - added timeouts for closing ssh channel
2017-08-09 13:39:04 +02:00
mposolda
a72c297d5d
KEYCLOAK-4187 Fix LoginCrossDCTest
2017-08-08 14:02:48 +02:00
Hynek Mlnarik
52de3fff06
KEYCLOAK-4189 Fix tests
2017-08-08 10:11:51 +02:00
Hynek Mlnarik
afc972278c
KEYCLOAK-4694
2017-08-08 10:11:51 +02:00
Hynek Mlnarik
9ca72dc5c6
KEYCLOAK-4189 Improve logging and concurrency/cross-DC testing
2017-08-08 10:11:51 +02:00
mposolda
251b41a7ac
KEYCLOAK-4187 Fix LastSessionRefreshCrossDCTest and ConcurrentLoginCrossDCTest
2017-08-07 11:55:49 +02:00
Bill Burke
2365445a3e
Merge pull request #4360 from hmlnarik/KEYCLOAK-4189-Update-ConcurrencyTest-null
...
KEYCLOAK-4189 Update ConcurrencyTest
2017-08-02 19:47:55 -04:00
Bill Burke
3b5ca2bac0
Merge pull request #4366 from hmlnarik/KEYCLOAK-4694-null
...
KEYCLOAK-4694
2017-08-02 19:47:34 -04:00
Hynek Mlnarik
4583a45e78
KEYCLOAK-4694
2017-08-01 09:57:12 +02:00
Bill Burke
8c93fdfb62
fix test
2017-07-31 13:01:23 -04:00
Bill Burke
56bb37a9cf
Merge remote-tracking branch 'upstream/master'
2017-07-31 10:53:24 -04:00
Pavel Drozd
070bb9bf6a
Merge pull request #4318 from mhajas/KEYCLOAK-3297
...
KEYCLOAK-3297 Add test for Access-Control-Expose-Headers
2017-07-31 12:59:32 +02:00
Bill Burke
6b991b850e
change role name
2017-07-28 16:20:23 -04:00
Bill Burke
852e9274d4
Merge remote-tracking branch 'upstream/master'
2017-07-28 16:15:53 -04:00
Bill Burke
db9b1bcb21
token exchange
2017-07-28 16:15:39 -04:00
Hynek Mlnarik
a955364f0e
KEYCLOAK-4189 Update ConcurrencyTest
2017-07-28 13:00:14 +02:00
mposolda
07e2136b3b
KEYCLOAK-4187 Added UserSession support for cross-dc
2017-07-27 22:32:58 +02:00
Marek Posolda
dd6a7b23c3
Merge pull request #4350 from hmlnarik/KEYCLOAK-4446-Failed-to-process-response-when-reject-consent-with-turned-on-encryption
...
KEYCLOAK-4446 Do not encrypt SAML status messages
2017-07-26 15:31:54 +02:00
Hynek Mlnarik
3c537f5f28
KEYCLOAK-4446 Do not encrypt SAML status messages
...
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
2017-07-26 11:22:56 +02:00
Hynek Mlnarik
8d81a4a2e4
KEYCLOAK-5236
2017-07-26 11:22:05 +02:00
Hynek Mlnarik
c7046b6325
KEYCLOAK-4189 Preparation for cross-DC SAML testing
2017-07-25 09:44:36 +02:00
Bill Burke
11ff5a05e9
KEYCLOAK-5205
2017-07-18 11:03:01 -04:00
Bill Burke
7406a095b9
Merge remote-tracking branch 'upstream/master'
2017-07-17 17:56:09 -04:00
Bill Burke
876edc0186
...
2017-07-17 17:55:59 -04:00
Bill Burke
b10e7b8c31
Merge pull request #4323 from patriot1burke/master
...
KEYCLOAK-5152
2017-07-14 15:35:48 -04:00
Bill Burke
f68754290f
KEYCLOAK-5152
2017-07-14 14:14:38 -04:00
Stian Thorgersen
badba7adaf
KEYCLOAK-5143 Run auth-server-wildfly profile on Travis ( #4317 )
2017-07-14 07:01:54 +02:00
Bill Burke
b0a33c9765
KEYCLOAK-5155
2017-07-13 14:51:27 -04:00
mhajas
b86079c589
KEYCLOAK-3297 Add test for Access-Control-Expose-Headers
2017-07-13 14:40:43 +02:00
mposolda
3fca731395
KEYCLOAK-5136 Improve browser refresh button after switch to different flow
2017-07-11 13:03:18 +02:00
Marek Posolda
d2274fa49f
Merge pull request #4311 from mposolda/master
...
KEYCLOAK-5061 Process correct initial flow when action expired
2017-07-11 07:23:07 +02:00
Pedro Igor
7e7d67464e
Merge pull request #4308 from pedroigor/KEYCLOAK-5140
...
[KEYCLOAK-5140] - GroupPolicyManagementTest fails with mssql and oracle
2017-07-10 18:04:19 -03:00
mposolda
936efe872a
KEYCLOAK-5061 Process correct initial flow when action expired
2017-07-10 22:52:54 +02:00
mposolda
7be2c55f61
KEYCLOAK-5061 Better error messages when action expired
2017-07-10 19:50:28 +02:00
Pedro Igor
dac381058c
[KEYCLOAK-5140] - GroupPolicyManagementTest fails with mssql and oracle
2017-07-10 11:54:58 -03:00
Marek Posolda
48eaebf1c3
Merge pull request #4293 from TeliaSoneraNorge/KEYCLOAK-5139
...
KEYCLOAK-5139 refresh token does not work with pairwise subject ident…
2017-07-10 11:21:34 +02:00
Martin Hardselius
5b2e390f57
Update refresh token test for deleted user
...
Instead of disabling the user under test, the test will now correctly
delete the user under test.
2017-07-10 10:20:41 +02:00
Pavel Drozd
50424b2ad3
Merge pull request #4284 from vramik/KEYCLOAK-5133
...
KEYCLOAK-5133 Fix FineGrainAdminUnitTest when impersonation is disabled
2017-07-10 08:04:23 +02:00
Pedro Igor
65251748c7
[KEYCLOAK-5148] - Create authorization settings when creating a new client using a config file
2017-07-05 18:19:00 -03:00
Pedro Igor
4b7c61111c
Merge pull request #4288 from pedroigor/KEYCLOAK-5135
...
[KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation
2017-07-05 08:22:23 -03:00
Martin Hardselius
8cb8678525
KEYCLOAK-5139 refresh token does not work with pairwise subject identifiers
2017-07-05 12:32:43 +02:00
Stian Thorgersen
c95aace6e0
KEYCLOAK-5141 Return '*' in Cors requests when '*' is in list of permitted origins. Stop caching well-known information as it can change. ( #4290 )
2017-07-05 09:25:21 +02:00
Stian Thorgersen
eba8dac47d
KEYCLOAK-4536 Add test to check behavior with file redirect URI ( #4291 )
2017-07-05 09:08:13 +02:00
Pedro Igor
e1622006c3
[KEYCLOAK-5135] - More tests for resource mgmt
2017-07-04 16:45:06 -03:00
Stian Thorgersen
9a9f4137e5
KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested ( #4289 )
2017-07-04 21:18:34 +02:00
Stan Silvert
32b16717a7
KEYCLOAK-4234: Link to app in acct mgt doesn't use root url ( #4285 )
...
* KEYCLOAK-4234: Link to app in acct mgt not use root url
* Add tests.
2017-07-04 07:01:58 +02:00
vramik
41011a95e1
KEYCLOAK-5133 Fix FineGrainAdminUnitTest when impersonation is disabled
2017-07-03 11:49:46 +02:00
Bill Burke
999dff353c
Merge remote-tracking branch 'upstream/master'
2017-06-29 17:37:45 -04:00
Bill Burke
f5389b0e17
don't clean up properly
2017-06-29 17:36:45 -04:00
vramik
6ba3687b76
KEYCLOAK-5114 Fix UsersTest on auth-server-wildfly ( #4271 )
2017-06-29 14:39:59 +02:00
Stian Thorgersen
620bea3553
Merge pull request #4270 from stianst/KEYCLOAK-5107
...
KEYCLOAK-5107 Fix FineGrainAdminUnitTest and IllegalAdminUpgradeTest …
2017-06-29 08:54:59 +02:00
Stian Thorgersen
c9bc321d2a
Merge pull request #4269 from stianst/dockerdockerdocker
...
KEYCLOAK-3592 Docker auth implementation
2017-06-29 07:23:47 +02:00
Stian Thorgersen
74fe9249d5
Merge pull request #4216 from machielg/master
...
KEYCLOAK-5026 Store credentials
2017-06-29 06:52:16 +02:00
Stian Thorgersen
9f814c6cf1
KEYCLOAK-5107 Fix FineGrainAdminUnitTest and IllegalAdminUpgradeTest on auth-server-wildfly
2017-06-29 06:46:21 +02:00
Josh Cain
89fcddd605
KEYCLOAK-3592 Docker auth implementation
2017-06-29 06:37:34 +02:00
Hynek Mlnarik
5e16a32f86
KEYCLOAK-5106 Fix BasicSamlTest on auth-server-wildfly
2017-06-28 20:47:43 +02:00
Stian Thorgersen
e964b156cc
Merge pull request #4264 from stianst/KEYCLOAK-5074
...
KEYCLOAK-5074 Allow updating client secret through client registratio…
2017-06-28 11:40:04 +02:00
Stian Thorgersen
ce4506f367
Merge pull request #4261 from hmlnarik/KEYCLOAK-4377-null
...
KEYCLOAK-4377
2017-06-28 08:21:20 +02:00
Stian Thorgersen
1220d7f898
KEYCLOAK-5074 Allow updating client secret through client registration service
2017-06-28 08:11:51 +02:00
Hynek Mlnarik
a3ccac2012
KEYCLOAK-4377
2017-06-27 14:34:47 +02:00
Stian Thorgersen
4be0e36306
Merge pull request #4208 from ASzc/KEYCLOAK-4758
...
KEYCLOAK-4758
2017-06-27 11:35:43 +02:00
Stian Thorgersen
56c5996aff
Merge pull request #4259 from stianst/abstractj-KEYCLOAK-4444
...
KEYCLOAK-4444
2017-06-27 10:44:30 +02:00
Machiel Groeneveld
7849191ec7
Merge branch 'master' into master
2017-06-27 10:27:07 +02:00
Bruno Oliveira
361ab1c988
[KEYCLOAK-4444] Allow sending test email
2017-06-27 08:38:36 +02:00
Stian Thorgersen
b4d39ca061
KEYCLOAK-4984 Don't update client registration access token on read
2017-06-27 08:29:03 +02:00
Bill Burke
b771960e21
fix log file
2017-06-26 12:36:43 -04:00
Bill Burke
bc05560d4d
Merge remote-tracking branch 'upstream/master'
2017-06-26 11:41:12 -04:00
Bill Burke
3855b5c0a3
admin console work
2017-06-26 11:40:56 -04:00
Bill Burke
28b3ef9aa9
admin console work
2017-06-26 11:40:32 -04:00
Bill Burke
22987bb90b
Merge pull request #4250 from mposolda/RHSSO-1027
...
KEYCLOAK-5085 Easy fix to just handle the exception
2017-06-26 10:04:02 -04:00
Hynek Mlnarik
955cbc76d7
KEYCLOAK-5030 Change action tokens cache type to distributed
2017-06-26 10:11:53 +02:00
Bill Burke
f1807aead4
impersonate
2017-06-25 11:28:37 -04:00
mposolda
756d996a4a
KEYCLOAK-5085 RHSSO-1027 Fix to handle the exception thrown from alternative flow
2017-06-23 19:13:43 +02:00
Bill Burke
3ee86fedc7
Merge remote-tracking branch 'upstream/master'
2017-06-23 09:57:35 -04:00
Bill Burke
39dea4b078
restricting admin role mapping
2017-06-22 16:51:46 -04:00
Pavel Drozd
58e5f41415
Merge pull request #4210 from vramik/KEYCLOAK-4983
...
KEYCLOAK-4983 export authorization test with multiple roles
2017-06-22 09:36:26 +02:00
Pavel Drozd
a7fbcaaef4
Merge pull request #4211 from vramik/KEYCLOAK-5027
...
KEYCLOAK-5027 Add possibility to attach debugger to jboss based servers
2017-06-22 09:34:58 +02:00
Stian Thorgersen
6f731dfee9
Merge pull request #4118 from skjolber/feature/KEYCLOAK-3056-verify-signature-2
...
Some adjustments for KEYCLOAK-3056 / PR #3893
2017-06-22 08:44:32 +02:00
Marek Posolda
ab7a0c2252
Merge pull request #4248 from mposolda/client-initial-access-db
...
KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to…
2017-06-22 06:27:25 +02:00
Bill Burke
d08ddade2e
merge
2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc
removal
2017-06-21 17:42:57 -04:00
Bill Burke
f1132ffabe
Merge pull request #4175 from mrezai/fix-pkce-s256-code-challenge
...
KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
2017-06-21 17:04:31 -04:00
Bill Burke
8c82201add
Merge pull request #4224 from pedroigor/KEYCLOAK-3168
...
[KEYCLOAK-3168] - Group-Based Access Control
2017-06-21 17:03:34 -04:00
mposolda
fc61a4e89f
KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model
2017-06-21 22:14:20 +02:00
Hynek Mlnarik
bf43ccf6c1
KEYCLOAK-4993 Fix intermittent failures in ComponentsTest testConcurrencyWithChildren
...
... and seems that the KEYCLOAK-5020 as well
2017-06-21 15:19:23 +02:00
Marek Posolda
be5291f710
Merge pull request #4242 from mposolda/master
...
KEYCLOAK-4438 Disable kerberos flow when provider removed
2017-06-21 11:54:50 +02:00
Marek Posolda
3fd6fc250d
Merge pull request #4240 from hmlnarik/KEYCLOAK-4189-Cross-DC-testing
...
KEYCLOAK-4189 Infinispan cache and channel statistics for Cross-DC testing
2017-06-21 10:22:43 +02:00
mposolda
e91dd011c5
KEYCLOAK-4438 Disable kerberos flow when provider removed
2017-06-21 09:38:20 +02:00
mposolda
32cf8b7cad
KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid'
2017-06-20 17:17:43 +02:00
Hynek Mlnarik
2e2d15be9f
KEYCLOAK-4189 Infinispan cache and channel statistics for Cross-DC-testing
2017-06-20 12:48:08 +02:00
mposolda
f363dbcad0
KEYCLOAK-4327 Switching language on User consent gives error
2017-06-20 09:21:41 +02:00
Bill Burke
57cb46148f
tests
2017-06-19 11:21:59 -04:00
Bill Burke
a994af9010
remove scope
2017-06-16 11:26:43 -04:00
Pedro Igor
5028c05cc2
[KEYCLOAK-3168] - Export and import tests
2017-06-14 09:33:59 -03:00
Martin Hardselius
60942346f3
KEYCLOAK-4924: pairwise clients get duplicate subs in tokens
2017-06-14 10:47:40 +02:00
vramik
97509ebf89
KEYCLOAK-4983 export authorization test with multiple roles
2017-06-14 10:38:47 +02:00
Pedro Igor
169280b6a1
[KEYCLOAK-3168] - Group-Based Access Control
2017-06-13 19:05:44 -03:00
Hynek Mlnarik
a0f3a6469f
KEYCLOAK-4189 - Cross DC testing
2017-06-12 11:14:28 +02:00
Pedro Igor
fd8a3dccaf
Merge pull request #4214 from pedroigor/KEYCLOAK-4904
...
[KEYCLOAK-4904] - Authorization Audit - Part 1
2017-06-09 17:17:30 -03:00
Pedro Igor
f12cef2c86
[KEYCLOAK-4904] - Authorization Audit - Part 1
2017-06-09 13:31:06 -03:00
Machiel Keizer-Groeneveld
80f8815b9a
KEYCLOAK-5026 Store credentials
...
Credentials are stored with user creation if they are present in the UserRepresentation.
2017-06-09 09:32:33 +02:00
Stian Thorgersen
6cccd66162
Merge pull request #4192 from hokuda/KEYCLOAK-4980
...
KEYCLOAK-4980 SAML adapter should return 403 when unauthenticated Aja…
2017-06-09 04:40:26 +02:00
Hisanobu Okuda
9135ba7c40
KEYCLOAK-4980 SAML adapter should return 401 when unauthenticated Ajax client accesses
2017-06-08 23:36:25 +09:00
Bill Burke
94528976d4
console work
2017-06-07 16:29:43 -04:00
vramik
7381ec456a
KEYCLOAK-5027 Add possibility to attach debugger to jboss based servers
2017-06-07 14:35:33 +02:00
Bill Burke
536a57a514
ui for permission reference
2017-06-05 19:52:51 -04:00
Alex Szczuczko
5d88c2b8be
KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam.
2017-06-05 16:24:38 -06:00
Pedro Igor
9be9e30ad6
Merge pull request #4206 from pedroigor/KEYCLOAK-4983
...
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-05 16:19:58 -03:00
Pedro Igor
23887f4031
Fixing tests and more client policy tests
2017-06-05 11:26:33 -03:00
Pedro Igor
3760f2753b
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-02 20:09:33 -03:00
Pedro Igor
d0f505455d
[KEYCLOAK-4991] - Allow clients to limit the number of permission in a RPT when using entitlements
2017-06-02 19:06:40 -03:00
Bill Burke
a41d282e92
client permission tests
2017-06-02 15:49:20 -04:00
Thomas Skjølberg
241c58dd61
Add unit tests related to signatures, check that a signature is present when want assertion signing.
2017-06-02 15:36:52 +02:00
Bill Burke
b9f7a43a72
group permissions
2017-06-01 20:16:35 -04:00
Pedro Igor
dcd1a68d95
[KEYCLOAK-4992] - Allow clients to exclude resource_set_name from RPT
2017-05-31 19:33:34 -03:00
Pavel Drozd
a52a1f4618
Merge pull request #4196 from vramik/KEYCLOAK-4481
...
KEYCLOAK-4481 some authz export tests
2017-05-30 16:56:54 +02:00
Stian Thorgersen
a6e4245185
Merge pull request #4194 from stianst/KEYCLOAK-4888
...
KEYCLOAK-4888
2017-05-30 14:49:22 +02:00
vramik
8f1938c28d
KEYCLOAK-4481 Role based permission test
2017-05-30 13:10:09 +02:00
Stian Thorgersen
8c53c5a90e
KEYCLOAK-4888
...
Change default hashing provider for realm
2017-05-30 09:54:05 +02:00
Thomas Darimont
7d0b461683
KEYCLOAK-4975 Use authenticationSession binding name in ScriptBasedAuthenticator
...
We now use authenticationSession instead of clientSession to reflect
the renaming of ClientSessionModel to AuthenticationSessionModel.
Note that this is a breaking change which needs to be mentioned in
the upgrade notes!
2017-05-29 18:14:02 +02:00
Bill Burke
c3ea847b3e
auth changes
2017-05-29 09:53:17 -04:00
Stian Thorgersen
684689d40d
Merge pull request #3561 from glavoie/KEYCLOAK-3990
...
KEYCLOAK-3990: Very slow use of NamedQueries.
2017-05-29 09:39:39 +02:00
mposolda
c4f172afe7
KEYCLOAK-4977 Upgrade infinispan and undertow version to align with Wildfly 11.0.0.Alpha1
2017-05-26 14:29:30 +02:00
Hynek Mlnarik
e4fc8f083e
KEYCLOAK-3990 Tests
2017-05-24 07:50:48 -04:00
mposolda
2b59db71a8
KEYCLOAK-3316 Remove the IDToken if scope=openid is not used
2017-05-24 09:23:14 +02:00
Stian Thorgersen
c442bcd8d3
Merge pull request #4174 from stianst/KEYCLOAK-4889
...
KEYCLOAK-4889
2017-05-23 14:26:15 +02:00
Stian Thorgersen
c00a64208a
Merge pull request #4136 from frelibert/KEYCLOAK-4897
...
KEYCLOAK-4897
2017-05-23 14:10:34 +02:00
Stian Thorgersen
ef29097679
Merge pull request #4172 from hmlnarik/KEYCLOAK-4813-Destination-Validation-should-ignore-whether-default-port-is-explicitly-specified
...
KEYCLOAK-4813 Destination validation counts on port being not specified
2017-05-23 13:59:36 +02:00
Pavel Drozd
0a869f56a7
Merge pull request #4146 from vramik/KEYCLOAK-4926
...
KEYCLOAK-4926 exclude WelcomePageTest from migration scenario
2017-05-23 13:59:26 +02:00
Stian Thorgersen
ff2d6941d0
Merge pull request #4140 from mstruk/RHSSO-978
...
RHSSO-978 Cannot migrate event types using export/import
2017-05-23 13:55:17 +02:00
Mohammad Rezai
acd78ee407
KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
2017-05-23 16:15:44 +04:30
Stian Thorgersen
130452f6c3
Merge pull request #4085 from mstruk/RHSSO-402
...
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-23 13:29:32 +02:00
Stian Thorgersen
097a2267f5
KEYCLOAK-4889
...
Improve error messages for password policies
2017-05-23 13:18:06 +02:00
Hynek Mlnarik
f47283f61a
KEYCLOAK-4813 Destination validation counts on port being not specified
2017-05-23 12:52:48 +02:00
mposolda
8adde64e2c
KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout
2017-05-23 09:08:58 +02:00
Daan de Wit
ef6b303bfe
KEYCLOAK-4911 charset not specified by Java client registration API
2017-05-22 15:22:39 +02:00
Bill Burke
ab763e7c5b
fixes after merge
2017-05-19 15:54:36 -04:00
Bill Burke
f114895cd2
for merge
2017-05-19 11:29:26 -04:00
vramik
f0386d9374
KEYCLOAK-4926 exclude WelcomePageTest from migration scenario
2017-05-19 13:30:01 +02:00
Marek Posolda
d80381ec0d
Merge pull request #4139 from vramik/KEYCLOAK-4827
...
KEYCLOAK-4827 Add tests for concurrent use of user session in cache
2017-05-19 11:14:57 +02:00
Bill Burke
2cac8b1bb7
KEYCLOAK-4929
2017-05-18 16:53:31 -04:00
Bill Burke
c291748f43
KEYCLOAK-4929
2017-05-18 16:48:04 -04:00
Hynek Mlnarik
f9767ad6cd
KEYCLOAK-4627 Additional tests for action tokens
2017-05-18 12:04:32 +02:00
Hynek Mlnarik
10c9e0f00f
KEYCLOAK-4897 Tests for assertion-only signatures with encrypted assertions
2017-05-17 15:56:49 +02:00
Marko Strukelj
27b291c345
RHSSO-978 Cannot migrate event types using export/import
2017-05-16 18:52:58 +02:00
Marko Strukelj
7d0ca42c6c
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-15 12:13:58 +02:00
Bill Burke
954ef99f22
Merge remote-tracking branch 'upstream/master'
2017-05-12 10:10:29 -04:00
vramik
cc6a5419de
KEYCLOAK-4827 Add tests for concurrent use of user session in cache
2017-05-12 14:14:14 +02:00
mposolda
7d8796e614
KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes.
2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02
KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token
2017-05-11 22:16:26 +02:00
mposolda
db8b733610
KEYCLOAK-4626 Fix TrustStoreEmailTest and PolicyEvaluationCompositeRoleTest. Distribution update
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01
KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes
2017-05-11 22:16:26 +02:00
mposolda
168153c6e7
KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
47aaa5a636
KEYCLOAK-4627 reset credentials and admin e-mails use action tokens. E-mail verification via action tokens.
2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a
KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
b55b089355
KEYCLOAK-4627 Changes in TokenVerifier to include token in exceptions. Reset credentials uses checks to validate individual token aspects
2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424
KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
19a41c8704
KEYCLOAK-4627 Refactor TokenVerifier to support more than just access token checks. Action tokens implementation with reset e-mail action converted to AT
2017-05-11 22:16:26 +02:00
mposolda
e4aba9e471
KEYCLOAK-4829 Access token from offline token falsely reported as inactive by token introspection
2017-05-11 21:17:04 +02:00
Stian Thorgersen
c3a2b3a6b6
KEYCLOAK-4523 PBKDF2WithHmacSHA256 and PBKDF2WithHmacSHA512 providers
2017-05-11 11:58:22 +02:00
Bill Burke
bfb4395b28
role and Users finished UI work
2017-05-10 15:25:04 -04:00
Bill Burke
46ec12c41c
fixes
2017-05-10 14:19:10 -04:00
Pedro Igor
c0b08a27a2
Test for role policy evaluation
2017-05-09 15:27:19 -03:00
Bill Burke
a8a8ea4bcd
Merge remote-tracking branch 'upstream/master'
2017-05-08 13:49:03 -04:00
Bill Burke
f760427c5c
fine grain tests
2017-05-08 13:48:51 -04:00
Pavel Drozd
a8071356bb
Merge pull request #4109 from mhajas/KEYCLOAK-4503
...
KEYCLOAK-4503 Add test
2017-05-05 13:06:50 +02:00
Marc Heide
d5c643eaf9
KEYCLOAK-4521: consider offline sessions if no active user session was found for user info endpoint
2017-05-04 15:25:09 +02:00
mhajas
b33f7414da
KEYCLOAK-4503 Add test
2017-05-03 08:51:26 +02:00
Bill Burke
c3b44e61d4
Merge remote-tracking branch 'upstream/master'
2017-05-01 14:51:07 -04:00
Eriksson Fabian
ca1152c3e5
KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
...
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Pavel Drozd
7bcbc9a6af
Merge pull request #4042 from daklassen/KEYCLOAK-2976
...
KEYCLOAK-2976 Merge two "ClientTest" classes in integration-arquillian
2017-04-27 17:16:58 +02:00
Pavel Drozd
51e4beccf4
Merge pull request #4076 from vramik/KEYCLOAK-4732
...
KEYCLOAK-4732 fix for wildfly
2017-04-27 08:06:55 +02:00
Bill Burke
c7bdb489ee
Merge remote-tracking branch 'upstream/master'
2017-04-26 18:57:56 -04:00
Pedro Igor
389e2b42f1
Test for uma_authorization scope
2017-04-26 16:04:37 -03:00
Bill Burke
2276f99d54
Merge remote-tracking branch 'upstream/master'
2017-04-26 14:39:45 -04:00
Bill Burke
f67013bcb6
fix
2017-04-26 14:39:41 -04:00
Pedro Igor
b78cc63f0d
Merge pull request #4084 from pedroigor/KEYCLOAK-4755
...
[KEYCLOAK-4755] - Client UI Tests
2017-04-26 13:29:00 -03:00
Pedro Igor
b84507507d
Merge pull request #4079 from mhajas/KEYCLOAK-4769
...
KEYCLOAK-4769 Add test for URI priority
2017-04-26 12:20:53 -03:00
Pedro Igor
fbcfcfa088
[KEYCLOAK-4755] - Client UI Tests
2017-04-26 12:11:53 -03:00
Hynek Mlnarik
d7615d6a68
KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter
2017-04-26 11:59:37 +02:00
mhajas
9c0e7cb4a5
KEYCLOAK-4769 Add test for URI priority
2017-04-26 08:32:40 +02:00
Pedro Igor
0ccb98a81f
Merge pull request #4078 from pedroigor/KEYCLOAK-3135
...
[KEYCLOAK-3135] - Rules UI Tests
2017-04-25 18:04:09 -03:00
Pedro Igor
5b5cfb01b9
Merge pull request #4077 from pedroigor/KEYCLOAK-4792
...
[KEYCLOAK-4792] - Client credentials provider support and making easier to obtain authz client
2017-04-25 18:03:32 -03:00
Pedro Igor
b3131bf679
[KEYCLOAK-3135] - Rules UI Tests
2017-04-25 16:52:14 -03:00
Pedro Igor
79c9078caa
[KEYCLOAK-4792] - Client credentials provider support and making easier to obtain authz client
2017-04-25 14:51:45 -03:00
vramik
a3c57f4326
KEYCLOAK-4732 fix for wildfly
2017-04-25 13:57:14 +02:00
Pedro Igor
ab58779d22
[KEYCLOAK-4732] - Need to run the test using the target testing realm
2017-04-25 08:34:39 -03:00
Stian Thorgersen
d081f967ea
Merge pull request #4067 from hmlnarik/KEYCLOAK-4779
...
KEYCLOAK-4779 Fix NPE
2017-04-25 10:31:00 +02:00
mposolda
b81891f89b
KEYCLOAK-4271 Migration test for offline tokens - manual mode
2017-04-25 09:18:33 +02:00
Hynek Mlnarik
e8a65017fa
KEYCLOAK-4779 Fix NPE
2017-04-24 23:09:27 +02:00
Pedro Igor
5e57e84384
Merge pull request #4054 from pedroigor/KEYCLOAK-3135
...
[KEYCLOAK-3135] - More changes to Policy Management API
2017-04-24 17:44:07 -03:00
Bill Burke
12cb295a35
Merge remote-tracking branch 'upstream/master'
2017-04-24 10:05:46 -04:00
Bill Burke
58868ca99f
prototype
2017-04-24 10:05:39 -04:00
mposolda
d05a894831
KEYCLOAK-4326 KEYCLOAK-4588 Can't get granted consents if client template mappers were consented to
2017-04-24 15:44:38 +02:00
Pedro Igor
e0f753bcf5
[KEYCLOAK-3135] - More changes to Policy Management API
2017-04-24 07:34:08 -03:00
mposolda
1fd5af840b
KEYCLOAK-4525 Deleting a client with existing sessions/offline_tokens leads to Internal Server Errors
2017-04-24 11:24:09 +02:00
Pavel Drozd
95fc8f79dd
Merge pull request #4051 from mhajas/KEYCLOAK-4505
...
KEYCLOAK-4505 Add test of clientSession for script based authenticator
2017-04-21 13:50:29 +02:00
Pavel Drozd
f50e08d111
Merge pull request #4044 from vmuzikar/adapter-compat-upstream
...
KEYCLOAK-4761 Support for Java adapter backward compatibility testing
2017-04-21 13:49:17 +02:00
Pedro Igor
fa1b998802
Merge pull request #4050 from pedroigor/KEYCLOAK-4769
...
[KEYCLOAK-4769] - Policy enforcer path matching tests
2017-04-20 14:02:59 -03:00
Pedro Igor
df163d86e8
Merge pull request #4052 from pedroigor/KEYCLOAK-4754
...
[KEYCLOAK-4754] - Unable to delete realm when using aggregated policies
2017-04-20 13:23:09 -03:00
Pedro Igor
80a80512ea
[KEYCLOAK-4769] - Policy enforcer path matching tests
2017-04-20 13:21:01 -03:00
mhajas
4f66919474
KEYCLOAK-4505 Add tests of clientSession for script based authenticator
2017-04-20 17:10:56 +02:00
Pedro Igor
bf69bc94bb
[KEYCLOAK-4754] - Unable to delete realm when using aggregated policies
2017-04-20 12:10:52 -03:00
Pavel Drozd
585653b88e
Merge pull request #4038 from vmuzikar/social-fix
...
KEYCLOAK-4624 Fix, stabilize and revamp SocialLoginTest
2017-04-20 13:13:29 +02:00
Vaclav Muzikar
c7a97cfd21
KEYCLOAK-4761 Prepare the testsuite for Java adapter backward compatibility testing
2017-04-19 13:51:24 +02:00
David Klassen
19a59429ae
KEYCLOAK-2976 Merge two "ClientTest" classes in integration-arquillian
2017-04-19 13:25:30 +02:00
Stian Thorgersen
4f771ac51a
Merge pull request #4027 from abacusresearch/KEYCLOAK-4729_update_german_translation
...
KEYCLOAK-4729 Update German translations
2017-04-18 15:13:39 +02:00
Vaclav Muzikar
32b62b2a70
KEYCLOAK-4624 Fix, stabilize and revamp SocialLoginTest
2017-04-13 13:41:30 +02:00
Pedro Igor
964693077a
[KEYCLOAK-4751] - More tests
2017-04-12 18:25:38 -03:00
Pedro Igor
8e877a7f6c
[KEYCLOAK-3135] - More tests
2017-04-12 14:34:27 -03:00
Pedro Igor
eec712a259
[KEYCLOAK-3135] - Role and user policies apis
2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c
[KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests
2017-04-12 00:52:13 -03:00
Pedro Igor
d60dcb4c62
[KEYCLOAK-3135] - Some more tests and making policy type rest api more generic
2017-04-12 00:52:13 -03:00
Pedro Igor
8e64bc3e4d
Tests for new permission management rest api
2017-04-12 00:52:13 -03:00
Pedro Igor
cf1e8d1dd8
[KEYCLOAK-3135] - Tests and typos
2017-04-12 00:52:13 -03:00
Pavel Drozd
bfd76d7813
Merge pull request #3962 from mhajas/KEYCLOAK-4366
...
KEYCLOAK-4366
2017-04-10 08:44:52 +02:00
Dominik Langenegger
16430791bb
KEYCLOAK-4729 Update German translations
2017-04-07 16:03:34 +02:00
Bill Burke
3ce0c57e17
Merge pull request #3831 from Hitachi/master
...
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Bill Burke
c198f4ffa7
Merge pull request #4015 from patriot1burke/master
...
KEYCLOAK-4727 KEYCLOAK-4652
2017-04-06 15:27:49 -04:00
Bill Burke
26db0dd1fc
Merge pull request #4016 from pedroigor/KEYCLOAK-4726
...
[KEYCLOAK-4726] - Multiple role policies crash realm delete
2017-04-06 13:21:53 -04:00
Pedro Igor
1f50421a54
[KEYCLOAK-4726] - Multiple role policies crash realm delete
2017-04-06 12:36:03 -03:00
Bill Burke
1b3549f828
oops
2017-04-06 10:49:48 -04:00
Bill Burke
201d2c6aac
Merge remote-tracking branch 'upstream/master'
2017-04-06 10:44:43 -04:00
Bill Burke
31074c3c8d
KEYCLOAK-4727 KEYCLOAK-4652
2017-04-06 10:44:33 -04:00
Stian Thorgersen
af4c74f1d9
Merge pull request #3718 from thomasdarimont/issue/KEYCLOAK-4163-improve-support-for-email-addresses
...
KEYCLOAK-4163 Improve support for e-mail addresses
2017-04-06 15:34:30 +02:00
Marek Posolda
ad1ca78034
Merge pull request #4002 from mposolda/master
...
KEYCLOAK-4705 Running test from IDE should log INFO to the console
2017-04-04 11:52:10 +02:00
Pavel Drozd
b4c5eb8354
Merge pull request #3994 from vramik/KEYCLOAK-4534
...
KEYCLOAK-4534 ClientInitiatedAccountLinkTest fails with auth-server-w…
2017-04-04 10:47:36 +02:00
Pavel Drozd
91c3977d71
Merge pull request #3988 from mhajas/KEYCLOAK-3955
...
KEYCLOAK-3955
2017-04-04 10:46:12 +02:00
mposolda
457f183d46
KEYCLOAK-4705 Running test from IDE should log INFO to the console
2017-04-04 10:15:22 +02:00
vramik
ca6d8c9dbe
KEYCLOAK-4534 ClientInitiatedAccountLinkTest fails with auth-server-wildlfy
2017-03-30 12:47:51 +02:00
mhajas
3bb587530b
KEYCLOAK-3955
2017-03-28 16:05:44 +02:00
mhajas
bc05010ece
Fix javascript adapter tests
2017-03-28 15:02:44 +02:00
Takashi Norimatsu
ef3aef9381
Merge branch 'master' into master
2017-03-28 16:21:40 +09:00
Vaclav Muzikar
66c13b4a72
KEYCLOAK-4613 Fix Console UI and Social Login tests
2017-03-27 15:25:24 +02:00
mhajas
36fc643bfb
KEYCLOAK-4366
2017-03-27 11:22:01 +02:00
Pavel Drozd
ed67dcc712
Merge pull request #3975 from vmuzikar/KEYCLOAK-4660
...
KEYCLOAK-4660 Add support for Chrome CLI switches to Arquillian Tests…
2017-03-27 09:38:33 +02:00
Pavel Drozd
4aa996c2db
Merge pull request #3959 from mhajas/KEYCLOAK-4141
...
KEYCLOAK-4141 Added saml tests
2017-03-27 09:36:41 +02:00
Bill Burke
71f0c01d4f
Merge pull request #3980 from patriot1burke/master
...
KEYCLOAK-4664 KEYCLOAK-4665
2017-03-25 20:12:22 -04:00
Bill Burke
f554fd90db
Merge pull request #3911 from almighty/oso_provider
...
[KEYCLOAK-4528] Adds Openshift Identity Provider as part of social brokers
2017-03-25 19:25:44 -04:00
Bill Burke
dd8a64f30c
KEYCLOAK-4664
2017-03-25 11:21:11 -04:00
Vaclav Muzikar
6a093abfdb
KEYCLOAK-4660 Add support for Chrome CLI switches to Arquillian Testsuite
2017-03-24 12:25:49 +01:00
Bill Burke
815e9e8e02
Merge pull request #3968 from vramik/KEYCLOAK-4229
...
KEYCLOAK-4229 Add migration test from 2.5.5
2017-03-23 14:48:39 -04:00
Bill Burke
d1e71acf10
Merge pull request #3961 from jblashka/maxLifespanInvalidationFixes
...
KEYCLOAK-4612 Fix CachePolicy.MAX_LIFESPAN invalidation
2017-03-23 14:25:21 -04:00
Bartosz Majsak
210143738e
Merge branch 'master' into oso_provider
2017-03-23 13:45:07 +01:00
vramik
1fccff7e7c
KEYCLOAK-4229 Add migration test from 2.5.5
2017-03-22 14:19:35 +01:00
mhajas
7c1eb5582a
KEYCLOAK-4141 Added saml tests
2017-03-21 10:41:06 +01:00
Jared Blashka
61bd9bb58c
Fix CachePolicy.MAX_LIFESPAN invalidation
2017-03-20 22:56:35 -04:00
Peter Nalyvayko
b2f10359c8
KEYCLOAK-4335: x509 client certificate authentication
...
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments
x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute
Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received
Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes
Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document
A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README
Changes to the formating of the readme
Added a list of features to readme
Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions
Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master
Removed a superfluous file created when merging x509 and main branches
X509 authentication: removed the PKIX path validation as superflous
Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main
Merge the unit tests from x509 branch
added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured
CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.
changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail
Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)
X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them
X509 fixed a compile error caused by the changes to the user model in master
Integration tests to validate X509 client certificate authentication
Minor tweaks to X509 client auth related integration tests
CRLs to support x509 client cert auth integration tests
X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime
X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class
X509 separated the browser and direct grant x509 authenction integration tests
x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator
x509 removed the dependency on mockito
x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests
index.txt.attr is needed by openssl to run a simple OCSP server
x509: minor grammar fixes
Add OCSP stub responder to integration tests
This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.
Replace printStackTrece with logging
This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.
Remove unused imports
Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.
Parameterized Hashtable variable
Removed unused CertificateFactory variable
Declared serialVersionUID for Serializable class
Removed unused CertificateBuilder class
The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.
Removing unused variable declaration
`response` variable is not used in the test, removed it.
Made sure InputStreams are closed
Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.
Removed deprecated usage of URLEncoder
Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.
Made it more clear how to control OCSP stub responder in the tests
X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job
KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests
KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Pavel Drozd
b2d677256d
Merge pull request #3877 from mhajas/KEYCLOAK-3955
...
KEYCLOAK-3955 Add CORS tests to integration arquillian testsuite
2017-03-15 23:52:03 +01:00
Stian Thorgersen
feeac69197
Merge pull request #3888 from daklassen/KEYCLOAK-4421
...
KEYCLOAK-4421 Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-15 09:54:21 +01:00
Thomas Darimont
b782892769
KEYCLOAK-4163 Improve support for e-mail addresses
...
Added support for user friendly email addresses as well as dedicated
reply-to addresses for emails being sent by Keycloak.
Both can be customized via the email settings per realm in
the admin-console.
User friendly email addresses use the format:
"Friendly Name"<email@example.org> and provide way to add a meaning
full name to an e-mail address.
We also allow to specify an optional envelope from bounce address.
If a mail sent to a user could not be delivered the email-provider
will sent a notification to that address.
See: https://en.wikipedia.org/wiki/Bounce_address
Add test for proper email headers in sent messages
2017-03-14 18:22:54 +01:00
Bill Burke
6d51862057
Merge pull request #3897 from anderius/feature/KEYCLOAK-4504-redirect-logout
...
[WIP] Saml broker: Option to specify logout request binding
2017-03-14 11:32:26 -04:00
David Klassen
32d3f760ec
KEYCLOAK-4421: Change http url to https
...
Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-14 10:18:40 +01:00
Pedro Igor
9d1d22565c
Merge pull request #3938 from pedroigor/authz-fixes
...
AuthZ Services Fixes
2017-03-13 15:20:41 -03:00
Pedro Igor
e7e6314146
[KEYCLOAK-4555] - Fixes and improvements to evaluation code
2017-03-13 14:08:54 -03:00
Marek Posolda
649ca36ece
Merge pull request #3945 from mposolda/master
...
KEYCLOAK-4572 AccountTest.changeProfileNoAccess unstable
2017-03-13 15:57:43 +01:00
Pavel Drozd
253c8a342b
Merge pull request #3941 from pdrozd/KEYCLOAK-4569
...
KEYCLOAK-4569 SSSDTest rewrited to be usable in different enviroments
2017-03-13 15:50:06 +01:00
mposolda
aa84709087
KEYCLOAK-4572 AccountTest.changeProfileNoAccess unstable
2017-03-13 13:58:46 +01:00
Pavel Drozd
f32fc99e80
KEYCLOAK-4569 SSSDTest rewrited to be usable in different enviroments
2017-03-13 08:05:30 +01:00
Pavel Drozd
b5433720c1
KEYCLOAK-4304 Updated Kerberos tests to be able to run them on different environment
2017-03-13 08:00:41 +01:00
Pavel Drozd
282896b653
Merge pull request #3930 from vmuzikar/KEYCLOAK-4554-2
...
KEYCLOAK-4554 Fix WelcomePage test
2017-03-10 15:57:47 +01:00
Pavel Drozd
3884dd974a
Merge pull request #3925 from vmuzikar/KEYCLOAK-4553
...
KEYCLOAK-4553 Truststore not found in Arquillian tests in "other" module
2017-03-10 15:56:40 +01:00
Bill Burke
0ff4223184
Merge pull request #3922 from hmlnarik/KEYCLOAK-4288-SAML-logouts-are-not-invalidating-the-sessions-for-all-the-logged-in-applications
...
KEYCLOAK-4288 Invalidate sessions in cluster for SAML logouts
2017-03-09 19:13:37 -05:00
Vaclav Muzikar
8b888fdf0c
KEYCLOAK-4554 Fix WelcomePage test
2017-03-09 16:41:54 +01:00
Mark Pardijs
c78c0b73d3
KEYCLOAK-4360: Add OneTimeUse condition to SAMLResponse
...
Add OneTimeUse Condition to SAMLResponse when configured in client settings
2017-03-09 13:01:05 +01:00