Commit graph

209 commits

Author SHA1 Message Date
Pedro Igor
0c501f8302 [KEYCLOAK-16837] - Authz client still relying on refresh tokens when doing client credentials 2021-01-27 12:23:32 -03:00
Michal Hajas
ba8e2fef6b KEYCLOAK-15524 Cleanup user related interfaces 2021-01-18 16:56:10 +01:00
keycloak-bot
75be33ccad Set version to 13.0.0-SNAPSHOT 2020-12-16 17:31:55 +01:00
Thomas Darimont
de20830412 KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens.
Co-authored-by: mposolda <mposolda@gmail.com>
2020-11-06 09:15:34 +01:00
Hynek Mlnarik
925f089d62 KEYCLOAK-16077 Remove need for MapStorage.replace 2020-10-29 15:40:47 +01:00
Pedro Igor
24f90ca6cb [KEYCLOAK-15406] - Grant access when evaluating user-managed permission for the owner 2020-10-28 09:59:24 -03:00
Denis Richtárik
c8d0f2c59c
KEYCLOAK-15892 Can not install 7.4.3.CR1 Fuse adapter 2020-10-20 10:47:56 +02:00
Martin Kanis
4e9bdd44f3 KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak 2020-09-07 13:11:55 +02:00
Martin Kanis
d59a74c364 KEYCLOAK-15102 Complement methods for accessing groups with Stream variants 2020-08-28 20:56:10 +02:00
keycloak-bot
afff0a5109 Set version to 12.0.0-SNAPSHOT 2020-07-22 14:36:15 +02:00
Pedro Igor
7501e42969 [KEYCLOAK-14646] - Improving permission resolution and evaluation 2020-07-21 14:22:09 +02:00
Thomas Vitale
4cd5ace800 KEYCLOAK-9321 Remove invalid token_introspection_endpoint
The discovery document is advertizing both token_introspection_endpoint
and introspection_endpoint. The former has been removed as it is not
defined by OAuth2/OIDC.
2020-07-17 11:41:28 +02:00
Álvaro Gómez Giménez
666832d1be KEYCLOAK-13066 Include resourceType in ScopePermissionRepresentation 2020-05-12 17:11:35 -03:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
Bart Monhemius
9389332675 [KEYCLOAK-13927] Accept only ticketId instead of the PermissionTicketRepresentation for delete in PermissionResource 2020-04-23 15:59:43 -03:00
Bart Monhemius
56a70bd376 [KEYCLOAK-13927] Fix java doc @param name in PermissionResource 2020-04-23 15:59:43 -03:00
Bart Monhemius
acc5ab9e44 [KEYCLOAK-13927] Allow deleting permission tickets with the Authz client 2020-04-23 15:59:43 -03:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
Pedro Igor
421ec34557 [KEYCLOAK-8049] - Prevent users from not choosing a group 2020-02-13 10:10:46 +01:00
mhajas
62c9e15776 KEYCLOAK-12638 Remove Request parameters from exception message 2020-02-10 09:23:31 +01:00
Pedro Igor
ed2d392a3d [KEYCLOAK-9666] - Entitlement request with service account results in server error 2020-02-03 08:57:56 +01:00
Pedro Igor
658a083a0c [KEYCLOAK-9600] - Find by name in authz client returning wrong resource 2020-02-03 08:57:20 +01:00
Pedro Igor
873c62bbef [KEYCLOAK-12569] - User cannot be deleted if he has owned resources / permission tickets
Co-authored-by: mhajas <mhajas@redhat.com>
2020-01-30 11:08:28 +01:00
Pedro Igor
946088d48d [KEYCLOAK-12109] - Resolving authz discovery url using KeycloakUriBuilder 2019-12-19 14:18:21 +01:00
Pedro Igor
cee884e4a7 [KEYCLOAK-8406] - Remove Drools/Rules Policy 2019-11-22 15:38:51 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
Pedro Igor
bb4ff55229 [KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server
Conflicts:
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java

(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
2019-10-22 10:34:24 +02:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Pedro Igor
fdc0943a92 [KEYCLOAK-8060] - My Resources REST API 2019-06-11 14:23:26 -03:00
skyfalke
0007bad6f3 KEYCLOAK-10393 Fix permission ticket pagination in Authz Client
KEYCLOAK-10393 Ensure idempotency of find method of permission ticket store
2019-05-29 09:43:54 -03:00
Pedro Igor
e9ea1f0e36 [KEYCLOAK-10279] - Do not limit results when fetching resources 2019-05-28 15:35:29 -03:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
Pedro Igor
ed0b5d4df1 [KEYCLOAK-8857] - Provide utility to create AuthzClient from InputStream 2018-12-03 11:14:43 -02:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
Pedro Igor
cd96d6cc35 [KEYCLOAK-8694] - Mark Drools policy as tech preview 2018-11-09 11:08:49 -02:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
Pedro Igor
8e57cee30f [KEYCLOAK-8445] - Owner not granted with permissions when using only scope-based permissions 2018-10-08 09:57:21 -03:00
Pedro Igor
0a6e22ba54 [KEYCLOAK-8412] - Upgrade to Drools 7.11.0.Final 2018-10-04 09:41:41 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
Pedro Igor
6b0bc0b3be [KEYCLOAK-8308] - Deprecate token_introspection_endpoint claim from OIDC discovery document 2018-09-19 09:46:50 -03:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
mposolda
6fc99cd749 KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
Corentin Dupont
b80701589c [KEYCLOAK-7804] - Option to return resource body 2018-08-20 13:07:29 -03:00
Pedro Igor
625f613128 [KEYCLOAK-4902] - Using streams to process requested permissions and limit support for scope responses 2018-08-17 11:00:53 -03:00
Stefan Guilhen
0b95cdacb8 [KEYCLOAK-7885] Add user policy support to the policy API 2018-08-13 22:09:17 -03:00
Stefan Guilhen
1912a8acf4 [KEYCLOAK-7885] Fix javadoc/log message typos 2018-08-13 22:09:17 -03:00
Stefan Guilhen
060b3b8d0f [KEYCLOAK-4902] - Using streams when fetching resources 2018-08-09 16:28:31 -03:00
Pedro Igor
80e5227bcd [KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests 2018-08-07 10:53:40 -03:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
Pedro Igor
8b6979ac18 [KEYCLOAK-7849] - Improvements to RPT upgrade 2018-07-18 16:40:55 -03:00
Tommy Cheng
fba2bf0b2f [KEYCLOAK-7822] - Fix access token and refresh token timeout in resource server 2018-07-11 15:13:50 -03:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
Grzegorz Grzybek
f90e0fc14c [KEYCLOAK-7425] Correctly import packages of httpclient and http core, fix Karaf feature 2018-06-21 14:28:47 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Pedro Igor
f8919f8baa
Merge pull request #5211 from pedroigor/KEYCLOAK-7367
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-06-04 09:35:13 -03:00
Pedro Igor
2b6597e9f1 [KEYCLOAK-7367] - User-Managed Policy Provider 2018-05-25 16:18:15 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Federico M. Facca
76076cdb3c [KEYCLOAK-7354] split ticket management and permission endpoint
see (https://issues.jboss.org/browse/KEYCLOAK-7354)

* created new endpoint for ticket management /permission/ticket
* removed unused class
* support for direct creation of ticket by resource owner
* fix DELETE ticket
2018-05-16 15:10:39 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
Pedro Igor
e1f5245145
Merge pull request #5120 from pedroigor/KEYCLOAK-7029
[KEYCLOAK-7029] - Configuration of cache policies for cached resources/path
2018-04-05 09:33:23 -03:00
Pedro Igor
3cea54e3a6
Merge pull request #5128 from sguilhen/KC6853
[KEYCLOAK-6853] Make TimePolicyProvider use the kc.date.time_date con…
2018-04-04 15:58:04 -03:00
Stefan Guilhen
87abe5e648 [KEYCLOAK-6853] Make TimePolicyProvider use the kc.date.time_date contextual attribute when evaluating policies 2018-04-04 14:37:03 -03:00
Stefan Guilhen
7e3703b2bf [KEYCLOAK-5864] Display user friendly error message when a rule policy artifact can't be retrieved 2018-04-04 14:33:31 -03:00
pedroigor
a939c45d58 [KEYCLOAK-7029] - Configuration of cache policies for cached resources/path 2018-04-03 16:44:27 -03:00
pedroigor
4a425c2674 [KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config 2018-03-28 09:23:59 -03:00
Pedro Igor
ffeb0420bf
Merge pull request #5079 from pedroigor/KEYCLOAK-6529
[KEYCLOAK-6529] - Resource Attributes
2018-03-27 09:30:38 -03:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
pedroigor
08896ee9c9 [KEYCLOAK-6529] - Resource Attributes 2018-03-19 13:21:39 -03:00
pedroigor
1e1de85685 [KEYCLOAK-6787] - Wrong validation of resources with same name and different owners 2018-03-01 16:50:05 -03:00
Pedro Igor
91bdc4bde2 [KEYCLOAK-3169] - UMA 2.0 (#4368)
* [KEYCLOAK-3169] - UMA 2.0 Support

* [KEYCLOAK-3169] - Changes to account service and more tests

* [KEYCLOAK-3169] - Code cleanup and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - More tests

* [KEYCLOAK-3169] - Changes to adapter configuration

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring

* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests

* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers

* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console

* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console

* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests

* [KEYCLOAK-3169] - Removing more UMA 1.0 related code

* [KEYCLOAK-3169] - Only submit requests if ticket exists

* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - 403 response in case ticket is not created

* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent

* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
pedroigor
bda57d00df [KEYCLOAK-6164] - Authorization services client doesn't work with JDK7 2018-01-31 13:42:30 -02:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Martin Kanis
47721957b7 KEYCLOAK-6018 Create BOM for Drools dependencies 2017-12-14 14:51:25 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
Pedro Igor
eebf0b0499
Merge pull request #4690 from pedroigor/KEYCLOAK-5824
[KEYCLOAK-5824] - Keycloak throws "Error while evaluating permissions" exception often
2017-11-14 18:35:56 -02:00
Pedro Igor
6731c55429 [KEYCLOAK-5824] - Wrong usage of SimpleDateFormat 2017-11-14 11:27:57 -02:00
Pedro Igor
fdb618219f [KEYCLOAK-5844] - Refreshing PAT instead of obtaining a new one every time 2017-11-14 11:24:45 -02:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Pedro Igor
a70cab502c [KEYCLOAK-4901] - Reviewing methods on provider spis 2017-10-26 13:39:57 -02:00
Pedro Igor
4071dd7734 [KEYCLOAK-5703] - Improving exception handling and parsing server response 2017-10-18 20:27:21 -02:00
Bruno Oliveira da Silva
b6ab2852c2 Remove unused imports (#4558) 2017-10-16 14:23:42 +02:00
Gabriel Lavoie
c1664478d9 KEYCLOAK-4858: Slow query performance for client with large data volume
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Bill Burke
8c82201add Merge pull request #4224 from pedroigor/KEYCLOAK-3168
[KEYCLOAK-3168] - Group-Based Access Control
2017-06-21 17:03:34 -04:00
Pedro Igor
c7a20d7620 [KEYCLOAK-5702] - Caching scripts and removing when updating 2017-06-20 15:26:18 -03:00
Jay Anslow
a04d79c576 Cache compiled scripts in JSPolicyProviderFactory 2017-06-19 16:53:07 +01:00
Jay Anslow
7614ff8c6f Extract EvaluatebleScriptAdapter
Precursor for InvocableScriptAdapter, which compiles/evaluates a script without affecting the engine's bindings. This allows the same script to be compiled once and then evaluated multiple times (with the same ScriptEngine).
2017-06-19 15:32:14 +01:00
Pedro Igor
0b5e6b0d49 JS policy should use ScriptingSPI 2017-06-16 11:49:32 -03:00
Pedro Igor
5028c05cc2 [KEYCLOAK-3168] - Export and import tests 2017-06-14 09:33:59 -03:00
Pedro Igor
169280b6a1 [KEYCLOAK-3168] - Group-Based Access Control 2017-06-13 19:05:44 -03:00
Pedro Igor
9be9e30ad6 Merge pull request #4206 from pedroigor/KEYCLOAK-4983
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-05 16:19:58 -03:00