vmuzikar
b68d06f91c
KEYCLOAK-13127 Update Account Console to Account REST API v1
2020-08-04 18:43:23 -03:00
vramik
6b00633c47
KEYCLOAK-14812 Create RoleStorageManager
2020-07-31 15:11:25 -03:00
vramik
bfa21c912c
KEYCLOAK-14811 Create RoleProvider and make it independent of ClientProvider and RealmProvider
2020-07-31 15:11:25 -03:00
rmartinc
32bf50e037
KEYCLOAK-14336: LDAP group membership is not visible under "Users in Role" tab for users imported from LDAP
2020-07-30 16:19:22 +02:00
Dillon Sellars
25bb2e3ba2
KEYCLOAK-14529 Signed and Encrypted ID Token Support : RSA-OAEP-256 Key Management Algorithm
2020-07-30 15:20:51 +02:00
vramik
7f979ffbcf
KEYCLOAK-14889 Create test for clientStorageProviderTimeout
2020-07-30 08:42:51 -03:00
Yoshiyuki Tabata
cd76ed0d74
KEYCLOAK-14289 OAuth Authorization Server Metadata for Token Revocation
2020-07-29 11:41:56 +02:00
Martin Idel
97400827d2
KEYCLOAK-14870: Fix bug where user is incorrectly imported
...
Bug: SerializedBrokeredIdentityContext was changed to mirror
UserModel changes. However, when creating the user in LDAP,
the username must be provided first (everything else can
be handled via attributes).
2020-07-29 11:33:41 +02:00
Takashi Norimatsu
0191f91850
KEYCLOAK-14380 Support Requesting Claims using the claims Request Parameter
2020-07-29 09:53:28 +02:00
mposolda
c4fca5895f
KEYCLOAK-14892 NullPointerException when group mappings for LDAP users are accessed
2020-07-28 14:45:06 +02:00
Martin Idel
330a3d8ff5
KEYCLOAK-14904 Fix AccountRestService
...
- custom attributes in UserModel are removed during update
- this can break caching (doesn't break if user is written
to database)
- also ensure that we don't accidentally change username
and/or firstName/lastName through attributes
2020-07-28 10:03:14 +02:00
Martin Idel
bf411d7567
KEYCLOAK-14869: Fix nullpointer exception in FullNameLDAPStorageMapper
...
Setting an attribute should be possible with a list
containing no elements or a null list
This can happen e.g. when creating users via idps
using a UserAttributeStatementMapper.
Fix this unprotected access in other classes too
2020-07-28 09:54:37 +02:00
Lorent Lempereur
e82fe7d9e3
KEYCLOAK-13950 SAML2 Identity Provider - Send Subject in SAML requests
2020-07-24 21:41:57 +02:00
mhajas
74988a3f21
KEYCLOAK-14826 Fix non-ssl auth-server tests failures
2020-07-23 14:20:19 +02:00
keycloak-bot
afff0a5109
Set version to 12.0.0-SNAPSHOT
2020-07-22 14:36:15 +02:00
Hynek Mlnarik
8fae2997c9
KEYCLOAK-14553 Improve logging
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
c566b46e8f
KEYCLOAK-14549 Make ClientProvider independent of RealmProvider
...
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
ac0011ab6f
KEYCLOAK-14553 Client map store
...
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Martin Kanis
c5d5423cd3
KEYCLOAK-12265 Move KerberosEmbeddedServer to testsuite
2020-07-21 18:27:09 +02:00
vmuzikar
316f9f46e2
KEYCLOAK-14825 Make adapter tests running with FF to test cookies
2020-07-21 10:25:19 -03:00
Luca Leonardo Scorcia
9204402514
KEYCLOAK-14820 Import the NameIDPolicyFormat attribute from SAML IDP metadata descriptors
2020-07-21 12:23:25 +02:00
Takashi Norimatsu
e0fbfa722e
KEYCLOAK-14189 Client Policy : Basics
2020-07-21 07:50:08 +02:00
Douglas Palmer
6d5495141d
[KEYCLOAK-14611] Incorrect error message shown on duplicated email registration
2020-07-20 18:17:54 -03:00
Jan Lieskovsky
969b09f530
[KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final"
...
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-07-20 22:15:08 +02:00
Luca Leonardo Scorcia
46bf139cb4
KEYCLOAK-14741 Minor SAML specs compliance improvements
2020-07-20 21:08:12 +02:00
mhajas
93149d6b47
KEYCLOAK-14234 Adjust Adapter testsuite to work with app/auth.server.host including TLS configured
2020-07-20 11:22:16 +02:00
Thomas Vitale
4cd5ace800
KEYCLOAK-9321 Remove invalid token_introspection_endpoint
...
The discovery document is advertizing both token_introspection_endpoint
and introspection_endpoint. The former has been removed as it is not
defined by OAuth2/OIDC.
2020-07-17 11:41:28 +02:00
Erik Jan de Wit
ace64c1f0c
KEYCLOAK-12249 added test to test that time is localized
2020-07-15 14:57:38 -04:00
Pedro Igor
582046bbfe
[KEYCLOAK-13141] - Fixing filter
2020-07-15 11:00:55 -03:00
Luca Leonardo Scorcia
f8a4f66d6c
KEYCLOAK-13698 - SAML Client - Add certificate info to signature
...
Adds the X509Data tag to the XML Document signature in AuthnRequests
2020-07-10 23:06:37 +02:00
vmuzikar
7087c081f0
KEYCLOAK-14023 Instagram User Endpoint change
...
Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>
2020-07-10 17:36:51 -03:00
Pedro Igor
1db1deb066
[KEYCLOAK-13141] - Supporting re-augmentation
2020-07-10 11:04:46 -03:00
Pavel Drozd
48e4432e9d
KEYCLOAK-14508 - Exclude SessionNotOnOrAfterTest from remote tests
2020-07-10 14:22:11 +02:00
Luca Leonardo Scorcia
d6934c64fd
Refactor SAML metadata generation to use the SAMLMetadataWriter class
2020-07-09 09:39:35 +02:00
Pedro Igor
9c4da9b3ce
[KEYCLOAK-14147] - Request filter refactoring
...
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2020-07-07 11:26:12 -03:00
kurisumakise2011
738f24aa38
[KEYCLOAK-14570] Resolve nullpointer issue in controller
...
Some ProviderFactory returns null as properties instead of
Collections.emptyList() and it leads to NPE.
Fix it with using Optional.ofNullable(...).orElse(Collections.emptyList())
2020-07-07 07:46:26 +02:00
Douglas Palmer
9369c7cf4d
Add filter by name to applications endpoint
2020-07-03 15:35:38 -03:00
Martin Idel
8fe25948f7
KEYCLOAK-13959 Add AdvancedAttribute mapper for SAML to allow regexes
2020-07-03 18:19:35 +02:00
Plamen Kostov
914b226d11
[KEYCLOAK-14282] Create additional filtering for GET /users endpoint for enabled/disabled users
2020-07-03 09:07:42 -03:00
Axel Messinese
f30395d535
KEYCLOAK-12687 Add briefRepresentation queryParams to get roles 'composite' endpoints
2020-07-03 09:41:53 +02:00
Bartosz Siemieńczuk
e2040f5d13
KEYCLOAK-14006 Allow administrator to add additional fields to be fetched with Facebook profile request
2020-07-01 18:27:04 -03:00
Eric Rodrigues Pires
de9a0a0a4a
[KEYCLOAK-13044] Fix owner name representations of UMA tickets for client-owned resources
2020-07-01 18:15:22 -03:00
vmuzikar
dc6f7d0547
KEYCLOAK-14635 Saml tests are failing with invalid redirect urls
2020-07-01 13:46:43 +02:00
vmuzikar
001fe9eb11
KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked
...
Co-authored-by: mhajas <mhajas@redhat.com>
2020-06-30 17:11:20 -03:00
Douglas Palmer
5e44bb781b
[KEYCLOAK-14344] Cannot revoke offline access for an app if the app doesn't require consent
2020-06-26 14:56:08 -04:00
Martin Idel
05b6ef8327
KEYCLOAK-14536 Migrate UserModel fields to attributes
...
- In order to make lastName/firstName/email/username field
configurable in profile
we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)
Fix tests with logic changes
- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes
Potential impact on users:
- When subclassing UserModel, consistency issues may occur since one can
now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Pedro Igor
337a751aaa
[KEYCLOAK-11330] - Clustering tests for GA
2020-06-24 17:23:45 +02:00
Douglas Palmer
1434f14663
[KEYCLOAK-14346] Base URL for applications is broken
2020-06-23 15:26:07 -03:00
vramik
1b988cc12e
KEYCLOAK-14516 app-server-eap6 tests fails due to compilation error
2020-06-22 13:43:11 +02:00
Hiroyuki Wada
f73b51818b
KEYCLOAK-14113 Support for exchanging to SAML 2.0 token
2020-06-19 22:08:42 +02:00
Dirk Weinhardt
08dca9e89f
KEYCLOAK-13205 Apply locale resolution strategy to admin console.
2020-06-19 10:27:13 -04:00
Peter Skopek
5f78a09db1
KEYCLOAK-13029 kcadm composite role creation fails
2020-06-18 16:37:02 +02:00
vmuzikar
662f7fbccd
KEYCLOAK-14497 Compilation error in UsernameTemplateMapperTest
2020-06-18 09:15:07 -03:00
Martin Bartos
ec9bf6206e
[KEYCLOAK-13202] Reset password redirects to account client
2020-06-18 13:08:36 +02:00
Erik Jan de Wit
c20766f2d7
KEYCLOAK-14140 added more test cases
...
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
2020-06-17 13:56:11 -04:00
Thomas Darimont
92ab9c08ae
KEYCLOAK-8100 Expose sub claim in OIDC IdentityBroker Mappers
...
We now expose the claims "sub" for use in Identity Broker mappers.
Previously claims directly mapped to `JsonWebToken` fields were not
accessible for mappings.
2020-06-17 12:56:08 -03:00
Pedro Igor
d331091c5e
[KEYCLOAK-11330] - Quarkus tests
2020-06-17 17:20:55 +02:00
vmuzikar
d71e81ed5e
KEYCLOAK-14235 Support for running broker tests with different hostnames for auth server and IdP
2020-06-17 14:13:00 +02:00
Pedro Igor
a8bad5b9bb
[KEYCLOAK-11330] - Quarkus clustering tests
2020-06-16 10:07:24 -03:00
vramik
c403aa49f7
KEYCLOAK-14087 migration from 9.0.3
2020-06-15 14:47:13 +02:00
mhajas
5d1d75db40
KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration
2020-06-15 14:45:57 +02:00
Jan Lieskovsky
df7d85b38d
[KEYCLOAK-14358] Enable StartTLS LDAP tests
...
Thanks to KEYCLOAK-14343 Use Truststore SPI StartTLS bug fix
they will work with Truststore SPI used by auth server Wildfly too
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00
Tero Saarni
3c82f523ff
[KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00
Pedro Igor
e16f30d31f
[KEYCLOAK-2343] - Allow exact user search by user attributes
...
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2020-06-10 12:02:50 -03:00
vramik
d63b3ceca4
KEYCLOAK-14141 0 downtime upgrade test
2020-06-10 12:45:34 +02:00
Pedro Igor
6ccde288a3
[KEYCLOAK-11330] - SSL Support
2020-06-09 08:43:52 +02:00
vmuzikar
b192ac4ea7
KEYCLOAK-14233 Support for generating SSL keystore before running testsuite
...
Move profile for app server to base
2020-06-08 10:51:54 -03:00
Douglas Palmer
33863ba161
KEYCLOAK-10162 Usage of ObjectInputStream without checking the object types
...
Co-authored-by: mposolda <mposolda@gmail.com>
2020-06-08 13:12:08 +02:00
Yoshiyuki Tabata
f03ee2ec98
KEYCLOAK-14145 OIDC support for Client "offline" session lifespan
2020-06-04 14:24:52 +02:00
Denis
8d6f8d0465
EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows
2020-06-04 08:08:52 +02:00
Alfredo Boullosa
2ddfc94495
KEYCLOAK-14115 Add a refresh to avoid failure
2020-06-03 20:13:08 -04:00
Pedro Igor
357982adf6
[KEYCLOAK-11330] - Initial changes to get testsuite working for Quarkus
2020-06-03 09:57:24 -03:00
Jan Lieskovsky
a121f77ea4
[KEYCLOAK-12305] [Testsuite] Check LDAP federated user (in)valid
...
login(s) using various authentication methods, bind credential
types, and connection encryption mechanisms
The tests cover various possible combinations of the following:
* Authentication method: Anonymous or Simple (default),
* Bind credential: Secret (default) or Vault,
* Connection encryption: Plaintext (default), SSL, or startTLS
Also, ignore the StartTLS LDAP tests for now till KEYCLOAK-14343
& KEYCLOAK-14354 are corrected (due these issues they aren't
working with auth server Wildfly). They will be re-enabled later
via KEYCLOAK-14358 once possible
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-02 14:44:17 +02:00
Pedro Igor
e8dc10b4a1
[KEYCLOAK-11330] - Properly handling POST formdata and UriInfo
2020-06-02 09:36:40 +02:00
stianst
90b29b0e31
KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy
2020-05-29 13:57:38 +02:00
Benjamin Weimer
4265fdcab2
KEYCLOAK-14318 Client Empty Root URL and relative Base URL is valid
2020-05-29 11:21:28 +02:00
vmuzikar
f8dce7fc3e
KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies
2020-05-28 13:37:56 +02:00
Thomas Darimont
e825ec24cb
KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow
...
Revised tests
2020-05-27 07:34:05 +02:00
Thomas Darimont
5a337d0376
KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow
...
Added missing test
2020-05-27 07:34:05 +02:00
Torsten Juergeleit
6005503a3d
Namespace support to group-ldap-mapper
...
Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.
This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.
This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.
A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.
This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.
An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.
2020-05-26 17:37:29 +02:00
Hynek Mlnarik
7deb89caab
KEYCLOAK-10729 Do not serialize SAML signature
2020-05-25 15:38:17 +02:00
vmuzikar
e873c70374
KEYCLOAK-14236 Support for custom Firefox preferences
2020-05-22 09:24:41 -03:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … ( #6962 )
...
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).
* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.
Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
2020-05-20 21:04:45 +02:00
Denis
8c7b69fc9e
KEYCLOAK-13748 Create automated test for scenario with alternative subflow for credential reset
2020-05-20 14:06:53 +02:00
Stan Silvert
13d0491ff3
KEYCLOAK-14038: Re-allow special characters for Roles only
2020-05-20 07:53:23 -04:00
Takashi Norimatsu
c057b994e7
KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support
2020-05-20 09:01:59 +02:00
mhajas
4b8c7dd7d7
KEYCLOAK-14048 Allow clock skew when testing refresh token actual expiration time
2020-05-20 08:12:54 +02:00
Takashi Norimatsu
be0ba79daa
KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS
2020-05-19 17:00:41 +02:00
mposolda
12d965abf3
KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP
2020-05-19 16:58:25 +02:00
Martin Kanis
6f43b58ccf
KEYCLOAK-14074 filterIdentityProviders compares providerId instead of alias
2020-05-19 09:46:21 +02:00
Thomas Darimont
6211fa90e0
KEYCLOAK-10932 Honor given_name and family_name in OIDC brokering
...
Previously firstname and lastname were derived from the name claim.
We now use direct mappings to extract firstname and lastname from
given_name and family_name claims.
Added test to KcOidcFirstBrokerLoginTest
Marked org.keycloak.broker.provider.BrokeredIdentityContext#setName
as deprecated to avoid breaking existing integrations.
2020-05-19 09:10:43 +02:00
Álvaro Gómez Giménez
666832d1be
KEYCLOAK-13066 Include resourceType in ScopePermissionRepresentation
2020-05-12 17:11:35 -03:00
Sven-Torben Janus
82d3251ab4
Remove *-imports
2020-05-12 20:50:18 +02:00
Sven-Torben Janus
fcb0e450a0
KEYCLOAK-13817 Return local user from LDAPStorageProvider
2020-05-12 20:50:18 +02:00
Yoshiyuki Tabata
f7d00fc2e9
KEYCLOAK-13844 "exp" claim should not be "0" when using offline token
2020-05-12 16:14:37 +02:00
stianst
49db2c13a5
KEYCLOAK-8141 Fix issue where attribute values are duplicated if updates to user are done in parallell
2020-05-12 09:06:44 +02:00
Pedro Igor
44c49d69a7
[KEYCLOAK-13071] - AuthorizationTokenService swallows Exceptions thrown by KeycloakIdentity
2020-05-08 09:21:37 +02:00
Takashi Norimatsu
3716bd96ad
KEYCLOAK-14093 Specify Signature Algorithm in Signed JWT with Client Secret
2020-05-07 11:28:39 +02:00
Takashi Norimatsu
0d0617d44a
KEYCLOAK-13720 Specify Signature Algorithm in Signed JWT Client Authentication
2020-05-05 17:43:00 +02:00
rmartinc
f0852fd362
KEYCLOAK-13823: "Dir" Full export/import: On import, service account roles and authorization info are not imported
2020-05-05 17:05:56 +02:00
Vanrar68
85feda3beb
KEYCLOAK-13998 ConditionalRoleAuthenticator doesn't work with composite roles
2020-05-05 08:39:04 +02:00
Martin Bartos
7ebdca48d3
[KEYCLOAK-13572] Doesn't observe After events due to assume check
2020-05-04 17:31:44 +02:00
Michael Riedmann
66c7ec6b08
[KEYCLOAK-13995] added test for clientUpdate with ProtocolMappers
2020-05-04 17:13:57 +02:00
Erik Jan de Wit
435815249b
KEYCLOAK-12783 changed to base account url for new console
2020-05-04 07:16:15 -04:00
Hynek Mlnarik
32f13016fa
KEYCLOAK-12874 Align Destination field existence check with spec
2020-05-04 09:19:44 +02:00
Martin Kanis
aa309b96a8
KEYCLOAK-13682 NPE when refreshing token after enabling consent
2020-04-30 08:46:21 +02:00
keycloak-bot
ae20b7d3cd
Set version to 11.0.0-SNAPSHOT
2020-04-29 12:57:55 +02:00
Yoshiyuki Tabata
874642fe9e
KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC
2020-04-28 15:34:25 +02:00
stianst
5b017e930d
KEYCLOAK-13128 Security Headers SPI and response filter
2020-04-28 15:28:24 +02:00
Yoshiyuki Tabata
b40c12c712
KEYCLOAK-5325 Provide OAuth token revocation capability
2020-04-28 15:25:22 +02:00
Erik Jan de Wit
ab2d1546b4
fix merge errors
2020-04-27 09:09:31 -04:00
Erik Jan de Wit
7580be8708
KEYCLOAK-13121 added the basic functionality
2020-04-27 09:09:31 -04:00
Stefan Guilhen
da1138a8d2
[KEYCLOAK-13005] Make sure the master URL is used if the consumer POST or REDIRECT URL is an empty string
...
- Fixes issue where admin console sets an empty string when the consumer POST or REDIRECT URL is deleted
2020-04-27 14:25:03 +02:00
Pedro Igor
44b489b571
[KEYCLOAK-13656] - Deny request if requested scope is not associated to resource or any typed resources
2020-04-27 08:39:38 +02:00
Pedro Igor
dacbe22d53
[KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource
2020-04-27 08:38:55 +02:00
Martin Idel
7e8018c7ca
KEYCLOAK-11862 Add Sync mode option
...
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported
Fix updateBrokeredUser method for all mappers
- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
Bug: delete cannot work - just delete it. Don't fix it in legacy mode
Rework mapper tests
- Fix old tests for Identity Broker:
Old tests did not work at all:
They tested that if you take a realm and assign the role,
this role is then assigned to the user in that realm,
which has nothing to do with identity brokering
Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
Added tests for UsernameTemplateMapper
Added tests to all RoleMappers
Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode
Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
2020-04-24 15:54:32 +02:00
Pedro Igor
8f5e58234e
[KEYCLOAK-11317] - IDP review profile allows empty username
2020-04-24 10:52:59 -03:00
Douglas Palmer
d4eeed306b
[KEYCLOAK-11764] Upgrade to Wildfly 19
2020-04-24 08:19:43 -03:00
Bart Monhemius
9389332675
[KEYCLOAK-13927] Accept only ticketId instead of the PermissionTicketRepresentation for delete in PermissionResource
2020-04-23 15:59:43 -03:00
Bart Monhemius
acc5ab9e44
[KEYCLOAK-13927] Allow deleting permission tickets with the Authz client
2020-04-23 15:59:43 -03:00
Martin Kanis
a04c70531a
KEYCLOAK-9623 Disabling logged in user will not allow other user to login after he is thrown out of his session
2020-04-23 14:40:25 +02:00
Takashi Norimatsu
8513760e25
KEYCLOAK-12176 WebAuthn: show the attestation statement format in the admin console
2020-04-23 10:01:19 +02:00
mhajas
1db87acc98
KEYCLOAK-13852 reset time at the end of testTokenConcurrentRefresh test
2020-04-22 15:06:28 +02:00
mposolda
83255e1b08
KEYCLOAK-13922 MigrationModelTest failing in latest master
2020-04-22 14:05:34 +02:00
Thomas Darimont
12e53e6f11
KEYCLOAK-11003 Remove UPDATE_PASSWORD RequiredAction on non-temporary password reset
...
We now remove a potentially existing UPDATE_PASSWORD action when
explicitly assigning a non-temporary password.
Adapted tests to use a temporary password when UpdatePassword required actions
were used.
2020-04-22 10:59:49 +02:00
Thomas Darimont
f9f71039ae
KEYCLOAK-13566 ValidateUsername should raise USER_NOT_FOUND event if the user lookup fails
2020-04-21 21:11:11 +02:00
Pedro Igor
cbab159aa8
[KEYCLOAK-8071] - Properly validating requested scopes
2020-04-21 12:23:59 +02:00
mposolda
38195ca789
KEYCLOAK-12842 Not possible to update user with multivalued LDAP RDN
2020-04-21 11:35:41 +02:00
aboullos
2945eb63b7
KEYCLOAK-8836 Add test to check product name on welcome page
...
Modify import
KEYCLOAK-8836 Add test to check product name on welcome page
2020-04-21 11:30:20 +02:00
keycloak-bot
33314ae3ca
Set version to 10.0.0-SNAPSHOT
2020-04-21 09:19:32 +02:00
mposolda
b29810c923
KEYCLOAK-13306 Model fixes for check realm when lookup by ID
...
(cherry picked from commit e40a62de31f6f5d326234314a9e285010665f707)
2020-04-21 08:19:50 +02:00
mposolda
821405e175
KEYCLOAK-10852 Inconsistency when using 'forgot password' after changing email directly in LDAP
2020-04-16 12:28:41 +02:00
Pedro Igor
acfbdf6b0e
[KEYCLOAK-13187] - Concurrency issue when refreshing tokens and updating security context state
2020-04-16 12:25:42 +02:00
Pedro Igor
21597b1ff2
[KEYCLOAK-13581] - Fixing client pagination when permission is enabled
2020-04-14 16:57:27 -03:00
mposolda
4f1985826c
KEYCLOAK-12934 LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY user roles retrieve strategy role-ldap-mapper option should only be displayed if LDAP provider vendor is Active Directory
2020-04-14 20:01:55 +02:00
stianst
1f02f87a6e
KEYCLOAK-13565 Add support for kc_action to keycloak.js
...
Co-authored-by mhajas <mhajas@redhat.com>
2020-04-14 19:23:56 +02:00
stianst
97b5654690
KEYCLOAK-13285 Enable check identity for email
2020-04-14 19:22:57 +02:00
mhajas
845195780e
KEYCLOAK-13758 Exclude some tests for remote runs
2020-04-08 16:38:58 +02:00
Pedro Igor
b60b85ab65
[KEYCLOAK-7450] - Match subject when validating id_token returned from external OP
2020-04-06 13:43:19 +02:00
mposolda
6f62c0ed98
KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console
2020-03-27 13:29:55 +01:00
mposolda
bf92bd16b0
KEYCLOAK-13383 WebAuthnRegisterAndLoginTest fails with -Dproduct with auth-server-eap
2020-03-26 16:27:23 +01:00
vramik
330d5b2c25
KEYCLOAK-13384 exclude IdentityProviderTest.failCreateInvalidUrl from remote-tests
2020-03-26 14:04:38 +01:00
vramik
780d11e790
KEYCLOAK-13571 KcinitTest fails with -Dproduct due to skipped maven plugin exacution
2020-03-26 14:03:11 +01:00
Pedro Igor
b812159193
[KEYCLOAK-10675] - Deleting an Identity Provider doesn't remove the associated IdP Mapper for that user
2020-03-26 11:41:17 +01:00
Pedro Igor
1b8369c7d5
[KEYCLOAK-13385] - Better message when saving a provider with invalid URLs
2020-03-26 08:46:44 +01:00
mhajas
b2b790cd1d
KEYCLOAK-10797 Unignore hawtio on eap6 test
2020-03-24 15:10:40 +01:00
mhajas
8b96882a1c
KEYCLOAK-12972 Fix fuse tests
2020-03-24 14:50:54 +01:00
keycloak-bot
f6a592b15a
Set version to 9.0.4-SNAPSHOT
2020-03-24 08:31:18 +01:00
mposolda
5ddd605ee9
KEYCLOAK-13259
2020-03-24 05:32:41 +01:00
mposolda
9474dd6208
KEYCLOAK-12986 BruteForceProtector does not log failures when login failure in PostBroker flow
2020-03-24 05:32:10 +01:00
Martin Kanis
e6e0e6945d
KEYCLOAK-12156 LogoutEndpoint does not verify token type of id_token_hint
...
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-03-24 05:31:36 +01:00
Pedro Igor
ec63245ac8
[KEYCLOAK-13386] - SslRequired.EXTERNAL doesn't work for identity broker validations
2020-03-23 12:16:43 -03:00
mposolda
3e82473a90
KEYCLOAK-13369 Not possible to move groups in admin console
2020-03-23 10:17:23 +01:00
mposolda
61fd66e107
KEYCLOAK-13368 TestClassProvider undertow server not stopped after testsuite
2020-03-23 07:10:17 +01:00
Pavel Drozd
6cc897e319
KEYCLOAK-8372 - User Federation tests - fixing for different vendors ( #6909 )
2020-03-20 11:36:35 +01:00
Dmitry Telegin
3b24465141
KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking ( #6828 )
...
* KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking
* KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow
* KEYCLOAK-12870: remove "already authenticated as different user" check and message
* KEYCLOAK-12870: translations
* KEYCLOAK-12870: fix tests
2020-03-20 07:41:35 +01:00
Pedro Igor
2eab44d3f3
[KEYCLOAK-13273] - Remove group policy when group is removed
2020-03-20 07:40:18 +01:00
rmartinc
a8e74196d1
KEYCLOAK-4923: Client Service Account Roles are not exported
2020-03-19 11:38:33 -03:00
Aboullos
f8dc7c0329
KEYCLOAK-13007 Add LDAPAccountTest
2020-03-18 10:11:59 -03:00
Stan Silvert
fff8571cfd
KEYCLOAK-12768: Prevent reserved characters in URLs
2020-03-18 07:40:24 +01:00
Stefan Guilhen
8c627fdb20
[KEYCLOAK-13036] Fix KeycloakElytronCSVaultTest failures on IBM JDK
...
- credential store is generated on the fly for the test, avoiding incompatibilities between implementations of keystores
2020-03-17 17:07:55 +01:00
mposolda
56d1ab19a8
KEYCLOAK-11412 Display more nice error message when creating top level group with same name
2020-03-16 21:03:46 +01:00
mposolda
d7688f6b12
KEYCLOAK-12869 REST sends credential type when no credential exists and credential disabled
2020-03-16 21:02:40 +01:00
Stan Silvert
1f1ed36b71
KEYCLOAK-9782: Do not allow duplicate group name when updating
2020-03-13 10:13:45 -04:00
Sebastian Laskawiec
8774a0f4ba
KEYCLOAK-12881 KEYCLOAK-13099 Update FederatedIdentities and Groups on POST
2020-03-12 14:57:02 +01:00
mposolda
72e4690248
KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage
2020-03-11 12:51:56 +01:00
mposolda
803f398dba
KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage
2020-03-11 12:51:56 +01:00
Thomas Darimont
cd51ff3474
KEYCLOAK-13186 Remove role information from RefreshTokens
...
We now no longer expose role assignment information into the RefreshToken.
Previously RefreshTokens contained information about the realm and
client specific roles which are assigned to a user. Since the role
information is usually either taken from the AccessToken, IDToken or
the User-Info endpoint and the RefreshToken is an internal format which
is opaque to the client, it would be a waste of space to keep that
information in the RefreshToken.
See:
https://lists.jboss.org/pipermail/keycloak-dev/2019-April/011936.html
2020-03-11 06:28:22 +01:00
rmartinc
ad3b9fc389
KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups
2020-03-11 06:14:29 +01:00
mposolda
bc1146ac2f
KEYCLOAK-10029 Offline token migration fix. Always test offline-token migration when run MigrationTest
2020-03-10 20:38:16 +01:00
Pedro Igor
b7a395a3ef
[KEYCLOAK-11345] - Test basic features of Keycloak.X with current tetsuite
2020-03-10 15:59:35 +01:00
Sebastian Schuster
99aba33980
KEYCLOAK-13163 Fixed searching for user with fine-grained permissions
2020-03-09 09:56:13 -03:00
vmuzikar
8cfd4d60e6
KEYCLOAK-13069 Fix failing RH-SSO base tests
2020-03-09 13:50:40 +01:00
Phy
8aa5019efe
KEYCLOAK-13074 Don't return LDAP group members if under IMPORT mode
...
If GroupLDAPStorageMapper is running under IMPORT mode, getGroupMembers should not return users in LDAP, which, according to how UserStorageManager.query works (getting both user federation and Keycloak storage), will cause duplicate users in the list.
A test has been added as well, which will fail before the fix in the mapper.
2020-03-06 11:44:36 +01:00
stianst
ed97d40939
KEYCLOAK-9851 Removed properties from realm json attributes that are included as fields
2020-03-05 17:59:50 +01:00
mabartos
a1bbab9eb2
KEYCLOAK-12799 Missing Cancel button on The WebAuthn setup screen when using AIA
2020-03-05 15:04:38 +01:00
Pedro Igor
23b4aee445
[KEYCLOAK-13056] - Searching clients with reduced permissions results in 403
2020-03-05 13:39:25 +01:00
Pedro Igor
30b07a1ff5
[KEYCLOAK-13175] - Setting the enforcement mode when fetching lazily fetching resources
2020-03-05 13:31:21 +01:00
stianst
75a772f52b
KEYCLOAK-10967 Add JSON body methods for test ldap and smtp connections. Deprecate old form based methods.
2020-03-05 10:07:58 +01:00
Pedro Igor
2f489a41eb
[KEYCLOAK-12192] - Missing Input Validation in IDP Authorization URLs
2020-03-05 06:32:35 +01:00
Hynek Mlnarik
0cf0955318
KEYCLOAK-13181 Fix NPE in EAP 6 adapter
2020-03-04 10:19:43 +01:00
Jon Koops
c1bf183998
KEYCLOAK-9346 Add new KeycloakPromise to support native promises
...
Co-authored-by: mhajas <mhajas@redhat.com>
2020-03-04 08:53:35 +01:00
Douglas Palmer
dfb67c3aa4
[KEYCLOAK-12980] Username not updated when "Email as username" is enabled
2020-03-03 10:26:35 +01:00
Pedro Igor
49b1dbba68
[KEYCLOAK-11804] - Block service accounts to authenticate or manage credentials
2020-03-03 06:48:02 +01:00
Hynek Mlnarik
f45f882f0c
KEYCLOAK-11903 Test for XSW attacks
2020-03-02 21:26:13 +01:00
mhajas
df11a8a864
KEYCLOAK-12606 Add test
2020-03-02 20:07:52 +01:00
vramik
7c91e36e43
KEYCLOAK-10898 WildFly Adapter CLI based installation scripts
2020-03-02 10:08:45 +01:00
mhajas
d3bebb4746
KEYCLOAK-12884 Add more tests for SameSite
2020-02-28 16:19:44 +01:00
mhajas
9b81c42525
KEYCLOAK-13113 Exclude tests for Tomcat
2020-02-28 13:35:33 +01:00
mabartos
695fb92241
KEYCLOAK-13070 UserConsentWithUserStorageModelTest failing with ModelDuplicateException
2020-02-27 21:25:49 +01:00
Hynek Mlnarik
aecfe251e4
KEYCLOAK-12816 Fix representation to model conversion
2020-02-27 21:11:24 +01:00
Douglas Palmer
85d7216228
[KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import
2020-02-27 09:45:48 -03:00
vramik
f1e54455e7
KEYCLOAK-13111 Move execution of db-allocator-plugin to jpa profile
2020-02-27 11:51:05 +01:00
mhajas
3db55727ca
KEYCLOAK-12979 Fix group-attribute parsing
2020-02-27 10:48:03 +01:00
vramik
e2bd99e9e4
KEYCLOAK-13097 fix UserStorageTest - add cleanup after test
2020-02-27 10:46:38 +01:00
Pedro Igor
a830818a84
[KEYCLOAK-12794] - Missing id token checks in oidc broker
2020-02-27 09:13:29 +01:00
Erik Jan de Wit
8297c0c878
KEYCLOAK-11155 split on first '=' instead of all
2020-02-27 09:12:51 +01:00
Erik Jan de Wit
93a1374558
KEYCLOAK-11129 coalesce possible null values
2020-02-27 09:11:29 +01:00
Pedro Igor
1c71eb93db
[KEYCLOAK-11576] - Properly handling redirect_uri parser errors
2020-02-27 08:29:06 +01:00
stianst
950eae090f
KEYCLOAK-13054 Unblock temporarily disabled user on password reset, and remove invalid error message
2020-02-27 08:05:46 +01:00
vmuzikar
de8ba75399
KEYCLOAK-12635 KEYCLOAK-12935 KEYCLOAK-13023 UI test fixes
2020-02-26 15:54:44 -03:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn ( #6780 )
...
* KEYCLOAK-12958 Preview feature profile for WebAuthn
* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server
* KEYCLOAK-12958 WebAuthn profile product/project
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2020-02-26 08:45:26 +01:00
stianst
9e47022116
KEYCLOAK-8044 Clear theme caches on hot-deploy
2020-02-20 08:50:10 +01:00
stianst
d8d81ee162
KEYCLOAK-12268 Show page not found for /account/log if events are disabled for the realm
2020-02-20 08:49:30 +01:00
stianst
9a3a358b96
KEYCLOAK-11700 Lower-case passwords before checking with password blacklist
2020-02-20 08:33:46 +01:00
stianst
536824beb6
KEYCLOAK-12960 Use Long for time based values in JsonWebToken
2020-02-19 15:46:05 +01:00
Stefan Guilhen
7a3998870c
[KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs
...
- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
2020-02-18 16:38:19 -03:00
mposolda
eeeaafb5e7
KEYCLOAK-12858 Authenticator is sometimes required even when configured as alternative
2020-02-18 09:05:59 +01:00
Thomas Darimont
67ddd3b0eb
KEYCLOAK-12926 Improve Locale based message lookup
...
We now consider intermediate Locales when performing a Locale based
ResourceBundle lookup, before using an Locale.ENGLISH fallback.
Co-authored-by: stianst <stianst@gmail.com>
2020-02-18 08:43:46 +01:00
keycloak-bot
d352d3fa8e
Set version to 9.0.1-SNAPSHOT
2020-02-17 20:38:54 +01:00
Adamczyk Błażej
497787d2cd
[KEYCLOAK-10696] - fixed missing client role attributes after import
2020-02-17 10:01:19 +01:00
mposolda
a76c496c23
KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users
2020-02-14 20:24:42 +01:00
Douglas Palmer
876086c846
[KEYCLOAK-12161] "Back to Application" link is shown with link to current page
2020-02-14 10:37:32 -03:00
stianst
f0e3122792
KEYCLOAK-12953 Ignore empty realm frontendUrl
2020-02-14 11:33:07 +01:00
stianst
42773592ca
KEYCLOAK-9632 Improve handling of user locale
2020-02-14 08:32:20 +01:00
Pedro Igor
7efaf9869a
[KEYCLOAK-12864] - OIDCIdentityProvider with Reverse Proxy
2020-02-13 15:01:10 +01:00
mabartos
90b35cc13d
KEYCLOAK-10420 Broker tests don't work with RH-SSO
2020-02-12 18:33:55 +01:00
mabartos
1bdf77f409
KEYCLOAK-12065 UserSessionInitializerTest is failing
2020-02-12 17:39:28 +01:00
mhajas
c3f0b342bf
KEYCLOAK-12964 Fix adapter remote tests execution deciding
2020-02-12 16:04:44 +01:00
mhajas
1bb238d20f
KEYCLOAK-12950 Use maven-plugin to configure shrinkwrap resolver
2020-02-12 16:04:44 +01:00
mhajas
f28ca30e6d
KEYCLOAK-12963 Exclude testNoPortInDestination test for remote container
2020-02-12 13:18:51 +01:00
Peter Zaoral
b0ffea699e
KEYCLOAK-12186 Improve the OTP login form
...
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-02-12 11:25:02 +01:00
vramik
3d22644bbe
KEYCLOAK-12237 Fix WelcomePageTest on Postgresql
2020-02-12 10:43:29 +01:00
Peter Skopek
622a97bd1c
KEYCLOAK-12228 Sensitive Data Exposure
...
from patch of hiba haddad haddadhiba0@gmail.com
2020-02-12 09:57:31 +01:00
stianst
3c0cf8463a
KEYCLOAK-12821 Check if action is disabled in realm before executing
2020-02-12 09:04:43 +01:00
stianst
6676b9bba0
Fix
2020-02-12 08:23:25 +01:00
stianst
0b8adc7874
KEYCLOAK-12921 Fix NPE in client validation on startup
2020-02-12 08:23:25 +01:00
stianst
dda829710e
KEYCLOAK-12829 Require PKCE for admin and account console
2020-02-12 08:22:20 +01:00
Thomas Darimont
7969aed8e0
KEYCLOAK-10931 Trigger UPDATE_PASSWORD event on password update via AccountCredentialResource
2020-02-11 19:51:58 +01:00
Martin Kanis
1d54f2ade3
KEYCLOAK-9563 Improve access token checks for userinfo endpoint
2020-02-11 15:09:21 +01:00
mhajas
e5935d8069
KEYCLOAK-12764 Fix shrinkwrap issue by updating arquillian bom version
2020-02-08 10:51:48 +01:00
stianst
ecec20ad59
KEYCLOAK-12193 Internal error message returned in error response
2020-02-07 18:10:41 +01:00
Pedro Igor
da0e2aaa12
[KEYCLOAK-12897] - Policy enforcer should just deny when beare is invalid
2020-02-07 15:04:45 +01:00
mabartos
a5d02d62c1
KEYCLOAK-12908 TOTP not accepted in request for Access token
2020-02-07 13:17:05 +01:00
stianst
5d1fa8719e
KEYCLOAK-12190 Fix PartialImportTest for client validation
2020-02-07 11:44:09 +01:00
stianst
7545749632
KEYCLOAK-12190 Add validation for client root and base URLs
2020-02-07 09:09:40 +01:00
Pedro Igor
fc514aa256
[KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering
2020-02-06 13:16:01 +01:00
Pedro Igor
199e5dfa3e
[KEYCLOAK-12909] - Keycloak uses embedded cache manager instead of container-managed one
2020-02-06 13:14:36 +01:00
Dmitry Telegin
b6c5acef25
KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID
2020-02-06 08:53:31 +01:00
Axel Messinese
b73553e305
Keycloak-11526 search and pagination for roles
2020-02-05 15:28:25 +01:00
mhajas
66350f415c
KEYCLOAK-12849 Exclude SameSite tests in non-SSL test runs
2020-02-05 11:44:07 +01:00
rmartinc
d39dfd8688
KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters
2020-02-05 11:30:28 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability ( #6710 )
2020-02-05 08:35:47 +01:00
Thomas Darimont
42fdc12bdc
KEYCLOAK-8573 Invalid client credentials should return Unauthorized status ( #6725 )
2020-02-05 08:27:15 +01:00
vmuzikar
0801cfb01f
KEYCLOAK-12105 Add UI tests for Single page to manage credentials
2020-02-04 15:18:52 -03:00
rmartinc
5b9eb0fe19
KEYCLOAK-10884: Need clock skew for SAML identity provider
2020-02-03 22:00:44 +01:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements ( #6709 )
...
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
the user to provide device name label,
Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages
Add a corresponding testcase
Also address issues pointed out by mposolda's review. Thanks, Marek!
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … ( #6668 )
2020-02-03 19:23:30 +01:00
vramik
337e8f8fad
KEYCLOAK-12240 MigrationModelTest fails in pipeline
2020-02-03 13:14:53 +01:00
Leon Graser
01a42f417f
Search and Filter for the count endpoint
2020-02-03 09:36:30 +01:00