Commit graph

509 commits

Author SHA1 Message Date
Bill Burke
fcca9dd90a fix urn redirect uri 2014-05-20 16:15:13 -04:00
Stian Thorgersen
b09e2f697e Email audit listener 2014-05-20 17:04:17 +01:00
Bill Burke
b3dd349342 check redirect uri exists in token service 2014-05-20 11:38:35 -04:00
Bill Burke
57f0ea0638 Merge remote-tracking branch 'upstream/master' 2014-05-20 09:27:18 -04:00
Bill Burke
f723ac79d1 redirect not required with bearer only 2014-05-20 09:19:04 -04:00
Stian Thorgersen
cc97265c06 Add realm option to enable/disable Resource Owner Password Credentials Grant 2014-05-20 11:32:22 +01:00
Stian Thorgersen
8d1149dc07 Add email theme config for realm 2014-05-20 11:00:43 +01:00
Bill Burke
a53206995a stuff 2014-05-19 15:08:38 -04:00
Bill Burke
11c23a7945 require redirect 2014-05-19 14:44:36 -04:00
Stian Thorgersen
a3d08e7191 Added theme support to emails 2014-05-19 17:34:58 +01:00
Bill Burke
7e8b16f975 acct svc + sessions 2014-05-19 17:34:48 +01:00
Bill Burke
dc7923c436 fix brute shutdown 2014-05-19 10:33:49 -04:00
Bill Burke
c2bf6c3822 Merge remote-tracking branch 'upstream/master' 2014-05-17 14:24:37 -04:00
Bill Burke
ab8de6ba25 client user-session association 2014-05-17 14:24:32 -04:00
Stian Thorgersen
855269f35d Added 'keycloak-server.json' for configuring the server
Added SPI interface to detect SPI's
Converted Model to SPI/Provider to be loaded through ProviderSessionFactory
2014-05-16 17:33:22 +01:00
Stian Thorgersen
a3ed02ea16 Merge pull request #391 from jeroenr/master
CORS improvements and clean up
2014-05-16 16:06:43 +01:00
Jeroen Rosenberg
84f13eadc1 * Possibility to add exposed headers
* Default allow headers
* Fix warnings, unused import, redundancies
2014-05-16 16:39:17 +02:00
Jeroen Rosenberg
cedf43c084 Refactored joining of allowed headers to be more efficient 2014-05-16 14:28:49 +02:00
Jeroen Rosenberg
4c281a39bb Unused import 2014-05-16 14:10:13 +02:00
Jeroen Rosenberg
5533357c46 Added HEAD as default allowed method for Cors 2014-05-16 14:09:50 +02:00
Bill Burke
67e3e60f28 test sso idle, logout on idle 2014-05-15 23:10:14 -04:00
Bill Burke
bc2360e985 sso session idle and max lifespan 2014-05-15 17:25:57 -04:00
Bill Burke
27efd3c0a4 ssoSessionIdleTimeout refactor 2014-05-15 13:53:28 -04:00
Bill Burke
26f6da10dd Merge pull request #385 from patriot1burke/master
Improved role and scope mapping screens
2014-05-14 14:50:52 -04:00
Bill Burke
7ba8e09aef improved scope screen 2014-05-14 14:50:11 -04:00
Stian Thorgersen
7bea4af6c9 Redirect to login page if logged out and submitting forms in acct mngmt 2014-05-14 17:46:30 +01:00
Bill Burke
0e0dfb60e0 composite role mapping listing 2014-05-14 10:37:50 -04:00
Stian Thorgersen
f4f9b1e323 KEYCLOAK-431 View open sessions, and logout all sessions, through account management 2014-05-14 11:56:28 +01:00
Bill Burke
639b7c5610 fix IE problems 2014-05-13 22:33:46 -04:00
Bill Burke
b30809d681 httponly, ie keycloak.js fix 2014-05-13 22:06:32 -04:00
Bill Burke
e8f8829a76 cors example 2014-05-13 17:17:27 -04:00
Bill Burke
ea672e36ae rename realm management app 2014-05-12 19:28:34 -04:00
Bill Burke
1e1991e285 per-realm admin 2014-05-12 10:12:31 -04:00
Bill Burke
1194e40ef2 iframe check login 2014-05-10 11:23:44 -04:00
Stian Thorgersen
624fcf6197 KEYCLOAK-421 Set realm admin apps to bearer-only 2014-05-09 12:03:39 +01:00
Stian Thorgersen
6f0b12174c KEYCLOAK-432 Added user sessions 2014-05-09 11:52:45 +01:00
Bill Burke
d957cc4883 Merge remote-tracking branch 'upstream/master' 2014-05-08 20:03:20 -04:00
Bill Burke
2d949b63b5 keycloak.js login for admin 2014-05-08 19:55:57 -04:00
mposolda
c51011acef KEYCLOAK-354 Possibility for admin to see social links of some user in admin console 2014-05-07 17:28:13 +02:00
mposolda
6b1e0401ba KEYCLOAK-361 it shouldn't be possible to remove last social link if user don't have password 2014-05-07 17:28:13 +02:00
Bruno Oliveira
334b981741 notBefore wasn't being assigned 2014-05-07 08:10:03 -03:00
Bill Burke
5edf05d569 Merge pull request #366 from mposolda/export-import-rebased
Full export-import implemented. Remove dependency of mongo on picketlink...
2014-05-06 21:17:51 -04:00
Bill Burke
f987d331b7 /rest removal and pom fixes 2014-05-06 20:43:01 -04:00
Bill Burke
64f591769a remove /rest from RealmsResource 2014-05-06 20:21:49 -04:00
mposolda
0801c9c120 Full export-import implemented. Remove dependency of mongo on picketlink-common 2014-05-06 22:15:57 +02:00
Stian Thorgersen
1d760388de KEYCLOAK-441 Remove org.json 2014-05-06 12:32:29 +01:00
Bill Burke
e7c64b7812 adatper deployment context fixes, picketlink abstraction 2014-05-05 18:20:52 -04:00
Bill Burke
7ff2c77a82 relative uri tests and fixes 2014-05-02 12:30:08 -04:00
Bill Burke
e5e43173bc relative redirect uris 2014-05-02 10:58:29 -04:00
Bill Burke
2576975988 fix mimetype 2014-04-30 14:25:23 -04:00
Bill Burke
8c5ae9d052 fix mimetype 2014-04-30 14:24:37 -04:00
Stian Thorgersen
38e6bde07e KEYCLOAK-415 Make sure query params are included when navigating in acct mngmt 2014-04-30 11:03:13 +01:00
Stian Thorgersen
9811aaeecc KEYCLOAK-333 Removed use of RestEasy's Logger 2014-04-30 10:13:53 +01:00
Stian Thorgersen
316431c4d1 Ensure role name unique within realm/app 2014-04-30 09:50:29 +01:00
Stian Thorgersen
646e762cbe Ensure user loginName and email unique within realm 2014-04-29 17:15:28 +01:00
Stian Thorgersen
1d94649b96 Ensure application and client names are unique within realm 2014-04-29 12:03:09 +01:00
Stian Thorgersen
364998b34b Enforce that realm name is unique in model 2014-04-29 10:43:27 +01:00
Bill Burke
62f8811a46 Merge remote-tracking branch 'upstream/master'
Conflicts:
	bundled-war-example/src/main/java/org/keycloak/server/KeycloakServerApplication.java
	bundled-war-example/src/main/webapp/WEB-INF/web.xml
2014-04-28 18:04:50 -04:00
Bill Burke
2d1dc4a874 application refactor 2014-04-28 17:34:06 -04:00
Stian Thorgersen
c06009d5fb KEYCLOAK-430 Fix bundled war example 2014-04-28 13:36:34 +01:00
Stian Thorgersen
3d02fd5d0e KEYCLOAK-429 Remove role from composite roles when deleted 2014-04-28 12:55:04 +01:00
Stian Thorgersen
292089cee8 Ensure Realm names are unique 2014-04-25 17:02:03 +01:00
Stian Thorgersen
f64f55a4c6 KEYCLOAK-347 Link realm and realm-permissions application 2014-04-25 15:32:28 +01:00
Stian Thorgersen
b8dfac391a KEYCLOAK-385 Add CORS support to refresh token 2014-04-25 14:09:39 +01:00
Stian Thorgersen
d6e5e376bf Theme support for admin 2014-04-25 13:58:58 +01:00
Bill Burke
541e865fe8 brute force fixes 2014-04-23 17:55:13 -04:00
Bill Burke
54abfb670c brute force settings 2014-04-15 11:37:27 -04:00
Bill Burke
2b8d2288fb more brute force detection 2014-04-14 18:58:45 -04:00
Bill Burke
272806a3f3 app/keycloak self bootstrapping bundle 2014-04-11 13:24:07 -04:00
Bill Burke
cc982cf246 workarounds for resteasy 2.3.7 bugs 2014-04-11 10:33:53 -04:00
Bill Burke
b41c45d40a remove transitive dependencies 2014-04-10 11:29:47 -04:00
Bill Burke
ecaa0d1401 use resteasy 2.3.7 2014-04-10 05:21:07 -04:00
Bill Burke
cdc35d99bc cleanup 2014-04-09 22:34:36 -04:00
Stian Thorgersen
eb3e69d5d7 Updated audit timer 2014-04-09 06:40:15 +01:00
mposolda
5aefe52ccc Refactoring of Authentication SPI and Picketlink to use ProviderSessions
Refactoring of ProviderSessionFactory to support dependencies between components
Calling lifecycle methods
Removing KeycloakRegistry
2014-04-09 00:34:01 +02:00
mposolda
c8c4cfbaae Restructure of authentication module and packages 2014-04-09 00:06:04 +02:00
Stian Thorgersen
7f0cf3eda8 Allow clearing audit events through admin console, and added timer to clear expired events 2014-04-08 11:32:20 +01:00
Stian Thorgersen
8ca46fa35d Audit configurable through admin console 2014-04-07 17:58:52 +01:00
Stian Thorgersen
948960f33f Allow changing base url for Keycloak 2014-04-07 10:54:27 +01:00
mposolda
58083fbb96 Hide password tab in acct management if passwordUpdate not supported 2014-04-04 23:47:12 +02:00
mposolda
ad068a300b Basic support for registration of new users in AuthenticationProvider 2014-04-04 19:53:02 +02:00
Stian Thorgersen
216e24864a Merge branch 'ldap' of https://github.com/mposolda/keycloak into mposolda-ldap
Conflicts:
	admin-ui/src/main/resources/META-INF/resources/admin/js/app.js
	admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
2014-04-04 15:29:03 +01:00
Stian Thorgersen
88ddc8ebca Added audit to admin console 2014-04-04 15:16:08 +01:00
mposolda
2aac603fad Added configuration of authentication providers into admin console 2014-04-04 13:20:12 +02:00
Stian Thorgersen
8caf3fa83a Added details to log view in acct mngmt 2014-04-04 11:01:18 +01:00
Stian Thorgersen
3433227fa7 Added audit log to account mngmt 2014-04-03 16:27:31 +01:00
Stian Thorgersen
e6067c915d Added ProviderSession to requests 2014-04-03 16:27:31 +01:00
Bill Burke
126b444d77 brute force merge 2014-04-02 20:26:33 -04:00
Bill Burke
d58870545f brute force protection 2014-04-02 20:09:14 -04:00
mposolda
25bf6d63b4 Refactoring of AuthenticationProvider SPI 2014-04-02 17:27:07 +02:00
mposolda
05cd8a82e5 Storing default AuthenticationProvider at the realm creation time 2014-04-02 17:17:33 +02:00
Stian Thorgersen
225307e855 KEYCLOAK-389 Added AuditListener SPI
KEYCLOAK-390 Added JBoss Logging AuditListener
KEYCLOAK-391 Audit Token events
2014-03-31 17:35:14 +01:00
mposolda
77a44751a6 KEYCLOAK-388 - Auth SPI should be able to differentiate between the INVALID_USERNAME and INVALID_CREDENTIALS 2014-03-26 09:49:47 +01:00
mposolda
ab02dea902 Fixes in AuthenticationProvider. Fixing testsuite 2014-03-25 15:05:08 +01:00
mposolda
793f69d4b6 Authentication SPI. Implementations based on Picketlink+LDAP, model and external model (other realm). Added KeycloakRegistry 2014-03-24 23:11:11 +01:00
Stian Thorgersen
702ae0307e Fixes to account referrer to allow configurable referrer uri based on app redirect uri 2014-03-19 16:52:41 +00:00
Stian Thorgersen
331ab71427 KEYCLOAK-380 Added OAuth2Constants 2014-03-15 10:43:52 +00:00
Stian Thorgersen
f9aaa16cfe KEYCLOAK-378 KEYCLOAK-379 KEYCLOAK-381 Fix refresh token if token contains app roles. Changed long time fields in AccessCode and AccessToken to int 2014-03-15 10:15:10 +00:00
Bill Burke
08769a2daa NPE in create user 2014-03-13 10:56:09 -04:00
Bill Burke
52018b1f81 revoke on logoutAll 2014-03-12 15:57:43 -04:00
Bill Burke
e48cc006f6 Merge remote-tracking branch 'upstream/master' 2014-03-12 10:17:24 -04:00
Bill Burke
accb56be7f user import fix 2014-03-12 10:17:09 -04:00
Stian Thorgersen
a1f10ef54b Merge pull request #285 from stianst/master
Add user friendly username for social links. Show access denied if social login is cancelled
2014-03-12 13:52:28 +00:00
Stian Thorgersen
0214827492 KEYCLOAK-364 Show access denied if social login is cancelled 2014-03-12 09:21:11 +00:00
Stian Thorgersen
6dc156712e KEYCLOAK-359 Add user friendly username for social links 2014-03-12 08:52:47 +00:00
Bill Burke
e836371887 security context propagation 2014-03-11 17:40:53 -04:00
mposolda
3d0d130622 KEYCLOAK-26 Linking social providers to existing account 2014-03-10 11:31:59 +01:00
Bill Burke
2b01de5ecf remove transaction 2014-03-07 08:35:41 -05:00
Bill Burke
dd292c1d52 remove scope support for now part 2 2014-03-06 10:26:46 -05:00
Bill Burke
801ef3281a remove scope support for now 2014-03-06 09:59:27 -05:00
Bill Burke
8f29bf0a5a client type selection 2014-03-06 09:48:52 -05:00
Bill Burke
599faa3cb5 public clients 2014-03-05 20:26:27 -05:00
Stian Thorgersen
60bb05e6ca Added Config to centralize system properties used to configure KC 2014-03-05 15:20:53 +00:00
Stian Thorgersen
0219aa1e4c Added support for any port with http://localhost redirect uri 2014-03-05 12:54:57 +00:00
Bill Burke
d6bd02ea7d session mgmt 2014-03-04 22:25:33 -05:00
Bill Burke
7699dd2701 Merge remote-tracking branch 'upstream/master' 2014-03-04 15:52:40 -05:00
Bill Burke
2d86b29b6c session stats 2014-03-04 15:52:27 -05:00
Stian Thorgersen
77259320cf Fix js for cors requests 2014-03-04 15:27:13 +00:00
Bill Burke
06288fa07b revocation app level 2014-03-03 17:10:15 -05:00
Bill Burke
01154f18dd Merge remote-tracking branch 'upstream/master' 2014-03-03 15:50:21 -05:00
Bill Burke
716972347d revocation 2014-03-03 15:50:10 -05:00
Stian Thorgersen
87aaaf0b06 Started support for installed applications 2014-03-03 12:58:16 +00:00
Bill Burke
8126110312 refactor getRoleById 2014-03-02 20:28:58 -05:00
Bill Burke
c8023c6651 revocation next phase: undertow complete 2014-03-02 17:32:25 -05:00
Bill Burke
7b30cc59b8 revocation phase 1 2014-02-28 19:47:05 -05:00
Bill Burke
0d309d058c add claims to grant page 2014-02-28 10:45:12 -05:00
Bill Burke
11559cba50 public realm info update 2014-02-28 09:52:53 -05:00
Bill Burke
4dc4c56921 fix NPE 2014-02-28 09:19:26 -05:00
Bill Burke
3fc273070e remove clientmodel.agent phase1 2014-02-27 13:55:04 -05:00
Bill Burke
f8da693fd0 move secret to clientmodel 2014-02-27 10:59:47 -05:00
Stian Thorgersen
32b7c464c7 Added create-realm role 2014-02-27 11:07:48 +00:00
Stian Thorgersen
b3375d4279 Fixed permissions not updated when realm is imported 2014-02-27 10:23:27 +00:00
Bill Burke
42d30a5a70 rename scope rep username to client 2014-02-26 22:23:04 -05:00
Bill Burke
48d39bf977 Use ClientModel wherever possible 2014-02-26 22:04:57 -05:00
Bill Burke
c02d532001 refactor model 2014-02-26 19:25:42 -05:00
Bill Burke
0f67feb9dd IDToken setup 2014-02-26 19:04:42 -05:00
Bill Burke
8613452f4f Merge remote-tracking branch 'upstream/master' 2014-02-26 15:29:31 -05:00
Bill Burke
b249809d2e claims backend 2014-02-26 15:29:17 -05:00
Stian Thorgersen
ae1b98e38f Added view roles, including updating console to make forms read-only 2014-02-26 17:38:42 +00:00
Stian Thorgersen
9a73936002 KEYCLOAK-292 Fine-grained admin control 2014-02-25 12:53:36 +00:00
Bill Burke
64065a4573 javascript refresh token 2014-02-24 19:58:54 -05:00
Bill Burke
166e00f2e8 remember me 2014-02-23 11:30:32 -05:00
Bill Burke
01ddafa83a central login timeouts, rememberme framework 2014-02-22 21:52:29 -05:00
Bill Burke
3e88cb3b76 logout 2014-02-22 20:40:06 -05:00
Bill Burke
273e706a42 undertow refresh token support 2014-02-22 17:24:04 -05:00
Bill Burke
0a9b82a6f4 refresh tokens server side 2014-02-21 17:36:39 -05:00
Bill Burke
97dd7470ce rename tokenLifespan to accessTokenLifespan 2014-02-21 12:12:54 -05:00
Bill Burke
e583dc60ae Merge remote-tracking branch 'upstream/master' 2014-02-21 12:02:36 -05:00
Bill Burke
9607acdb6a refactor token creation 2014-02-21 12:02:24 -05:00
Stian Thorgersen
05bd92d765 KEYCLOAK-286 Allow login with username or email. KEYCLOAK-287 Remove recover username as we now support login with email 2014-02-21 15:25:55 +00:00