Phy
8aa5019efe
KEYCLOAK-13074 Don't return LDAP group members if under IMPORT mode
...
If GroupLDAPStorageMapper is running under IMPORT mode, getGroupMembers should not return users in LDAP, which, according to how UserStorageManager.query works (getting both user federation and Keycloak storage), will cause duplicate users in the list.
A test has been added as well, which will fail before the fix in the mapper.
2020-03-06 11:44:36 +01:00
stianst
ed97d40939
KEYCLOAK-9851 Removed properties from realm json attributes that are included as fields
2020-03-05 17:59:50 +01:00
mabartos
a1bbab9eb2
KEYCLOAK-12799 Missing Cancel button on The WebAuthn setup screen when using AIA
2020-03-05 15:04:38 +01:00
Pedro Igor
23b4aee445
[KEYCLOAK-13056] - Searching clients with reduced permissions results in 403
2020-03-05 13:39:25 +01:00
Pedro Igor
30b07a1ff5
[KEYCLOAK-13175] - Setting the enforcement mode when fetching lazily fetching resources
2020-03-05 13:31:21 +01:00
stianst
75a772f52b
KEYCLOAK-10967 Add JSON body methods for test ldap and smtp connections. Deprecate old form based methods.
2020-03-05 10:07:58 +01:00
Pedro Igor
2f489a41eb
[KEYCLOAK-12192] - Missing Input Validation in IDP Authorization URLs
2020-03-05 06:32:35 +01:00
Hynek Mlnarik
0cf0955318
KEYCLOAK-13181 Fix NPE in EAP 6 adapter
2020-03-04 10:19:43 +01:00
Jon Koops
c1bf183998
KEYCLOAK-9346 Add new KeycloakPromise to support native promises
...
Co-authored-by: mhajas <mhajas@redhat.com>
2020-03-04 08:53:35 +01:00
Douglas Palmer
dfb67c3aa4
[KEYCLOAK-12980] Username not updated when "Email as username" is enabled
2020-03-03 10:26:35 +01:00
Pedro Igor
49b1dbba68
[KEYCLOAK-11804] - Block service accounts to authenticate or manage credentials
2020-03-03 06:48:02 +01:00
Hynek Mlnarik
f45f882f0c
KEYCLOAK-11903 Test for XSW attacks
2020-03-02 21:26:13 +01:00
mhajas
df11a8a864
KEYCLOAK-12606 Add test
2020-03-02 20:07:52 +01:00
vramik
7c91e36e43
KEYCLOAK-10898 WildFly Adapter CLI based installation scripts
2020-03-02 10:08:45 +01:00
mhajas
d3bebb4746
KEYCLOAK-12884 Add more tests for SameSite
2020-02-28 16:19:44 +01:00
mhajas
9b81c42525
KEYCLOAK-13113 Exclude tests for Tomcat
2020-02-28 13:35:33 +01:00
mabartos
695fb92241
KEYCLOAK-13070 UserConsentWithUserStorageModelTest failing with ModelDuplicateException
2020-02-27 21:25:49 +01:00
Hynek Mlnarik
aecfe251e4
KEYCLOAK-12816 Fix representation to model conversion
2020-02-27 21:11:24 +01:00
Douglas Palmer
85d7216228
[KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import
2020-02-27 09:45:48 -03:00
vramik
f1e54455e7
KEYCLOAK-13111 Move execution of db-allocator-plugin to jpa profile
2020-02-27 11:51:05 +01:00
mhajas
3db55727ca
KEYCLOAK-12979 Fix group-attribute parsing
2020-02-27 10:48:03 +01:00
vramik
e2bd99e9e4
KEYCLOAK-13097 fix UserStorageTest - add cleanup after test
2020-02-27 10:46:38 +01:00
Pedro Igor
a830818a84
[KEYCLOAK-12794] - Missing id token checks in oidc broker
2020-02-27 09:13:29 +01:00
Erik Jan de Wit
8297c0c878
KEYCLOAK-11155 split on first '=' instead of all
2020-02-27 09:12:51 +01:00
Erik Jan de Wit
93a1374558
KEYCLOAK-11129 coalesce possible null values
2020-02-27 09:11:29 +01:00
Pedro Igor
1c71eb93db
[KEYCLOAK-11576] - Properly handling redirect_uri parser errors
2020-02-27 08:29:06 +01:00
stianst
950eae090f
KEYCLOAK-13054 Unblock temporarily disabled user on password reset, and remove invalid error message
2020-02-27 08:05:46 +01:00
vmuzikar
de8ba75399
KEYCLOAK-12635 KEYCLOAK-12935 KEYCLOAK-13023 UI test fixes
2020-02-26 15:54:44 -03:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn ( #6780 )
...
* KEYCLOAK-12958 Preview feature profile for WebAuthn
* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server
* KEYCLOAK-12958 WebAuthn profile product/project
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2020-02-26 08:45:26 +01:00
stianst
9e47022116
KEYCLOAK-8044 Clear theme caches on hot-deploy
2020-02-20 08:50:10 +01:00
stianst
d8d81ee162
KEYCLOAK-12268 Show page not found for /account/log if events are disabled for the realm
2020-02-20 08:49:30 +01:00
stianst
9a3a358b96
KEYCLOAK-11700 Lower-case passwords before checking with password blacklist
2020-02-20 08:33:46 +01:00
stianst
536824beb6
KEYCLOAK-12960 Use Long for time based values in JsonWebToken
2020-02-19 15:46:05 +01:00
Stefan Guilhen
7a3998870c
[KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs
...
- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
2020-02-18 16:38:19 -03:00
mposolda
eeeaafb5e7
KEYCLOAK-12858 Authenticator is sometimes required even when configured as alternative
2020-02-18 09:05:59 +01:00
Thomas Darimont
67ddd3b0eb
KEYCLOAK-12926 Improve Locale based message lookup
...
We now consider intermediate Locales when performing a Locale based
ResourceBundle lookup, before using an Locale.ENGLISH fallback.
Co-authored-by: stianst <stianst@gmail.com>
2020-02-18 08:43:46 +01:00
keycloak-bot
d352d3fa8e
Set version to 9.0.1-SNAPSHOT
2020-02-17 20:38:54 +01:00
Adamczyk Błażej
497787d2cd
[KEYCLOAK-10696] - fixed missing client role attributes after import
2020-02-17 10:01:19 +01:00
mposolda
a76c496c23
KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users
2020-02-14 20:24:42 +01:00
Douglas Palmer
876086c846
[KEYCLOAK-12161] "Back to Application" link is shown with link to current page
2020-02-14 10:37:32 -03:00
stianst
f0e3122792
KEYCLOAK-12953 Ignore empty realm frontendUrl
2020-02-14 11:33:07 +01:00
stianst
42773592ca
KEYCLOAK-9632 Improve handling of user locale
2020-02-14 08:32:20 +01:00
Pedro Igor
7efaf9869a
[KEYCLOAK-12864] - OIDCIdentityProvider with Reverse Proxy
2020-02-13 15:01:10 +01:00
mabartos
90b35cc13d
KEYCLOAK-10420 Broker tests don't work with RH-SSO
2020-02-12 18:33:55 +01:00
mabartos
1bdf77f409
KEYCLOAK-12065 UserSessionInitializerTest is failing
2020-02-12 17:39:28 +01:00
mhajas
c3f0b342bf
KEYCLOAK-12964 Fix adapter remote tests execution deciding
2020-02-12 16:04:44 +01:00
mhajas
1bb238d20f
KEYCLOAK-12950 Use maven-plugin to configure shrinkwrap resolver
2020-02-12 16:04:44 +01:00
mhajas
f28ca30e6d
KEYCLOAK-12963 Exclude testNoPortInDestination test for remote container
2020-02-12 13:18:51 +01:00
Peter Zaoral
b0ffea699e
KEYCLOAK-12186 Improve the OTP login form
...
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-02-12 11:25:02 +01:00
vramik
3d22644bbe
KEYCLOAK-12237 Fix WelcomePageTest on Postgresql
2020-02-12 10:43:29 +01:00
Peter Skopek
622a97bd1c
KEYCLOAK-12228 Sensitive Data Exposure
...
from patch of hiba haddad haddadhiba0@gmail.com
2020-02-12 09:57:31 +01:00
stianst
3c0cf8463a
KEYCLOAK-12821 Check if action is disabled in realm before executing
2020-02-12 09:04:43 +01:00
stianst
6676b9bba0
Fix
2020-02-12 08:23:25 +01:00
stianst
0b8adc7874
KEYCLOAK-12921 Fix NPE in client validation on startup
2020-02-12 08:23:25 +01:00
stianst
dda829710e
KEYCLOAK-12829 Require PKCE for admin and account console
2020-02-12 08:22:20 +01:00
Thomas Darimont
7969aed8e0
KEYCLOAK-10931 Trigger UPDATE_PASSWORD event on password update via AccountCredentialResource
2020-02-11 19:51:58 +01:00
Martin Kanis
1d54f2ade3
KEYCLOAK-9563 Improve access token checks for userinfo endpoint
2020-02-11 15:09:21 +01:00
mhajas
e5935d8069
KEYCLOAK-12764 Fix shrinkwrap issue by updating arquillian bom version
2020-02-08 10:51:48 +01:00
stianst
ecec20ad59
KEYCLOAK-12193 Internal error message returned in error response
2020-02-07 18:10:41 +01:00
Pedro Igor
da0e2aaa12
[KEYCLOAK-12897] - Policy enforcer should just deny when beare is invalid
2020-02-07 15:04:45 +01:00
mabartos
a5d02d62c1
KEYCLOAK-12908 TOTP not accepted in request for Access token
2020-02-07 13:17:05 +01:00
stianst
5d1fa8719e
KEYCLOAK-12190 Fix PartialImportTest for client validation
2020-02-07 11:44:09 +01:00
stianst
7545749632
KEYCLOAK-12190 Add validation for client root and base URLs
2020-02-07 09:09:40 +01:00
Pedro Igor
fc514aa256
[KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering
2020-02-06 13:16:01 +01:00
Pedro Igor
199e5dfa3e
[KEYCLOAK-12909] - Keycloak uses embedded cache manager instead of container-managed one
2020-02-06 13:14:36 +01:00
Dmitry Telegin
b6c5acef25
KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID
2020-02-06 08:53:31 +01:00
Axel Messinese
b73553e305
Keycloak-11526 search and pagination for roles
2020-02-05 15:28:25 +01:00
mhajas
66350f415c
KEYCLOAK-12849 Exclude SameSite tests in non-SSL test runs
2020-02-05 11:44:07 +01:00
rmartinc
d39dfd8688
KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters
2020-02-05 11:30:28 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability ( #6710 )
2020-02-05 08:35:47 +01:00
Thomas Darimont
42fdc12bdc
KEYCLOAK-8573 Invalid client credentials should return Unauthorized status ( #6725 )
2020-02-05 08:27:15 +01:00
vmuzikar
0801cfb01f
KEYCLOAK-12105 Add UI tests for Single page to manage credentials
2020-02-04 15:18:52 -03:00
rmartinc
5b9eb0fe19
KEYCLOAK-10884: Need clock skew for SAML identity provider
2020-02-03 22:00:44 +01:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements ( #6709 )
...
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
the user to provide device name label,
Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages
Add a corresponding testcase
Also address issues pointed out by mposolda's review. Thanks, Marek!
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … ( #6668 )
2020-02-03 19:23:30 +01:00
vramik
337e8f8fad
KEYCLOAK-12240 MigrationModelTest fails in pipeline
2020-02-03 13:14:53 +01:00
Leon Graser
01a42f417f
Search and Filter for the count endpoint
2020-02-03 09:36:30 +01:00
Pedro Igor
ed2d392a3d
[KEYCLOAK-9666] - Entitlement request with service account results in server error
2020-02-03 08:57:56 +01:00
Pedro Igor
658a083a0c
[KEYCLOAK-9600] - Find by name in authz client returning wrong resource
2020-02-03 08:57:20 +01:00
Jan Lieskovsky
00a36e5f7b
[KEYCLOAK-12865] Stabilize distribution profile ( #6712 )
...
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-01 13:31:54 +01:00
rmartinc
1989483401
KEYCLOAK-12001: Audience support for SAML clients
2020-01-31 15:56:40 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… ( #6690 )
...
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
2020-01-31 14:28:23 +01:00
Bart Monhemius
52fd2b4aa4
KEYCLOAK-12698: Allow setting lifespan on executeActionsEmail
2020-01-31 09:27:07 +01:00
Pedro Igor
c37ca235ab
[KEYCLOAK-11352] - Can't request permissions by name by a non-owner resource service, although the audience is set
2020-01-30 11:36:21 +01:00
Pedro Igor
2a82ed6eea
[KEYCLOAK-9402] - 401 response when enforcement mode is DISABLED
2020-01-30 11:09:32 +01:00
Pedro Igor
873c62bbef
[KEYCLOAK-12569] - User cannot be deleted if he has owned resources / permission tickets
...
Co-authored-by: mhajas <mhajas@redhat.com>
2020-01-30 11:08:28 +01:00
Pedro Igor
c821dcf820
[KEYCLOAK-12438] - Scope-based policies falsely give a permit with an empty scope list
2020-01-29 14:02:44 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless ( #6649 )
2020-01-29 09:33:45 +01:00
Takashi Norimatsu
993ba3179c
KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT ( #6633 )
2020-01-28 14:55:48 +01:00
Stian Thorgersen
87cab778eb
KEYCLOAK-11996 Authorization Endpoint does not return an error when a request includes a parameter more than once ( #6696 )
...
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2020-01-24 12:10:56 +01:00
Denis Richtárik
24c6e2ba08
KEYCLOAK-12742 Authentication -> WebAuthn Policy: Unable to delete the Acceptable AAGUIDS via the provided minus (-) button, once set ( #6695 )
2020-01-24 11:55:20 +01:00
Leon Graser
f1ddd5016f
KEYCLOAK-11821 Add account api roles to the client on creation
...
Co-authored-by: stianst <stianst@gmail.com>
2020-01-23 13:10:04 -06:00
Martin Kanis
1fbee8134b
KEYCLOAK-12697 Remove mvel2 from parent pom and licenses
2020-01-23 13:04:31 -06:00
Benjamin Weimer
dd9ad305ca
KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with
...
following features
* Regex support for claim values.
* Support for multiple claims.
2020-01-23 07:17:22 -06:00
mposolda
f0d95da52d
KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt
2020-01-23 05:43:29 -06:00
Denis Richtárik
8d312d748b
KEYCLOAK-12163 Old account console: UI not updated after removing of TOTP ( #6688 )
2020-01-22 12:26:28 +01:00
vmuzikar
03306b87e8
KEYCLOAK-12125 Introduce SameSite attribute in cookies
...
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
vmuzikar
475ec6f3e4
Add tests for 'Always Display in Console'
2020-01-17 08:35:01 -03:00
Stan Silvert
568b1586a6
KEYCLOAK-12526: Add 'Always Display in Console' to admin console
2020-01-17 08:35:01 -03:00
Martin Bartos RH
d3f6937a23
[KEYCLOAK-12426] Add username to the login form + ability to reset login
2020-01-17 09:40:13 +01:00
mposolda
85dc1b3653
KEYCLOAK-12426 Add username to the login form + ability to reset login - NOT DESIGN YET
2020-01-17 09:40:13 +01:00
Tomas Kyjovsky
05c428f6e7
KEYCLOAK-12295 After password reset, the new password has low priority ( #6653 )
2020-01-16 09:11:25 +01:00
Martin Bartoš
5aab03d915
[KEYCLOAK-12184] Remove BACK button from login forms ( #6657 )
2020-01-15 12:25:37 +01:00
Axel Messinese
789e8c70ce
KEYCLOAK-12630 full representation param for get groups by user endpoint
2020-01-15 10:14:52 +01:00
Axel Messinese
72aff51fca
KEYCLOAK-12670 inconsistent param name full to briefRepresentation
2020-01-15 08:32:57 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector ( #6591 )
2020-01-14 21:54:45 +01:00
k-tamura
221aad9877
KEYCLOAK-11511 Improve exception handling of REST user creation
2020-01-14 13:34:34 +01:00
vramik
3b1bdb216a
KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem
2020-01-14 13:17:13 +01:00
mhajas
a79d6289de
KEYCLOAK-11416 Fix nil AttributeValue handling
2020-01-10 12:47:09 +01:00
vramik
a2b3747d0e
KEYCLOAK-7014 - Correctly handle null-values in UserAttributes
2020-01-10 12:44:52 +01:00
Pedro Igor
03bbf77b35
[KEYCLOAK-12511] - Mapper not visible in client's mapper list
2020-01-09 10:25:06 +01:00
mposolda
fea7b4e031
KEYCLOAK-12424 SPNEGO / Kerberos sends multiple 401 responses with WWW-Authenticate: Negotiate header when kerberos token is invalid
2020-01-09 10:21:24 +01:00
Thomas Darimont
062cbf4e0a
KEYCLOAK-9925 Use Client WebOrigins in UserInfoEndpoint
...
We now use the allowed WebOrigins configured for the client
for which the user info is requested.
Previously, Web Origins defined on the Client were not being recognized
by the /userinfo endpoint unless you apply the "Allowed Web Origins"
protocol mapper.
This was an inconsistency with how the Web Origins work compared
with the /token endpoint.
2020-01-09 10:10:59 +01:00
Pedro Igor
dae212c035
[KEYCLOAK-12312] - Partial import of realm breaking access to client's service account roles
2020-01-09 10:06:32 +01:00
Pedro Igor
c596647241
[KEYCLOAK-11712] - Request body not buffered when using body CIP in Undertow
2020-01-09 10:02:18 +01:00
Pedro Igor
709cbfd4b7
[KEYCLOAK-10705] - Return full resource representation when querying policies by id
2020-01-09 10:00:24 +01:00
vramik
419d9c6351
KEYCLOAK-11597 Remote testing changes + possibility to exclude tests for specific auth server
...
Co-Authored-By: <mhajas@redhat.com>
2020-01-06 14:29:36 +01:00
Thomas Darimont
1a7aeb9b20
KEYCLOAK-8249 Improve extraction of Bearer tokens from Authorization headers ( #6624 )
...
We now provide a simple way to extract the Bearer token string from
Authorization header with a null fallback.
This allows us to have more fine grained error handling for the
various endpoints.
2020-01-06 13:58:52 +01:00
mhajas
28b01bc34d
KEYCLOAK-12609 Fix integer overflow for SAML XMLTimeUtil add method parameters
2020-01-06 13:53:16 +01:00
Yoshiyuki Tabata
e96725127f
KEYCLOAK-12165 Fix UserSessionProviderTest to work correctly ( #6513 )
2020-01-02 17:57:14 +01:00
Marek Posolda
fa453e9c0c
KEYCLOAK-12278 Default first broker login flow is broken after migration ( #6556 )
2020-01-02 17:53:56 +01:00
Pedro Igor
56d53b191a
[KEYCLOAK-8779] - Fixing PartialImportTest
2019-12-28 06:24:19 -03:00
rmartinc
401d36b446
KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts
2019-12-27 15:59:38 -03:00
Thomas Darimont
0219d62f09
KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens
...
As required by the OIDC spec (1) we now return a proper WWW-Authenticate
response header if the given token is invalid.
1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError
2019-12-23 07:42:06 -03:00
Pedro Igor
946088d48d
[KEYCLOAK-12109] - Resolving authz discovery url using KeycloakUriBuilder
2019-12-19 14:18:21 +01:00
Pedro Igor
3bd193acd7
[KEYCLOAK-12412] - Policy enforcer should consider charset when comparing the content-type of the request
2019-12-19 14:14:33 +01:00
Stefan Guilhen
9f69386a53
[KEYCLOAK-11707] Add support for Elytron credential store vault
...
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
- Introduces an abstract provider and factory that unifies code that is common to the existing implementations
- Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
and key names when constructing the vault entry id
- Introduces a keyResolvers property to the existing implementation via superclass that allows for the
configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
are tried in the order they were declared when retrieving a secret from the vault
- Adds more tests for the files-plaintext provider using the new key resolvers
- Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb
[KEYCLOAK-12254] Fix re-evaluation of conditional flow ( #6558 )
2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9
[KEYCLOAK-11859] Added option to always display a client in the accounts console
2019-12-17 17:12:49 -03:00
vramik
c3d80651bf
KEYCLOAK-12473 Add possibility to specify length of event detail when storing to database
2019-12-17 17:15:50 +01:00
vmuzikar
4f7b56d227
KEYCLOAK-12106 UI tests for Device Activity page
2019-12-16 14:26:58 -03:00
Douglas Palmer
af0594b58d
[KEYCLOAK-12463] Fixed missing consents
2019-12-12 17:27:54 -03:00
Douglas Palmer
f9fa5b551d
[KEYCLOAK-5628] Added application endpoint
2019-12-11 13:06:04 -03:00
Martin Bartoš
2cf6483cdf
[KEYCLOAK-12044] Fix messages in the UsernameForm ( #6548 )
2019-12-11 10:59:46 +01:00
mposolda
0f3e0f4d4e
KEYCLOAK-12432 Compilation error in latest master in LDAPHardcodedAttributeTest
2019-12-10 18:01:11 -03:00
Cédric Couralet
bde94f2f08
KEYCLOAK-11770 add an hardcoded attribute mapper ( #6396 )
...
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-12-10 12:57:46 +01:00
Denis Richtárik
48bddc37ae
KEYCLOAK-12011 Remove cancel button from OTP form ( #6511 )
...
* KEYCLOAK-12011 Remove cancel button from OTP form
* Remove back button
2019-12-09 19:23:26 +01:00
stianst
30e024a3c9
KEYCLOAK-12167 Remove need for Arquillian deployment to load test classes
2019-12-06 12:46:08 +01:00
Yoshiyuki Tabata
b2664c7ef9
KEYCLOAK-12094 "client-session-stats" not search null client information ( #6554 )
2019-12-06 10:37:25 +01:00
Martin Bartoš
e405ce6e97
[KEYCLOAK-11824] Fix bug with only one value of the authentication model execution requirement ( #6570 )
2019-12-05 18:28:00 +01:00
Cristian Schuszter
5c7ce775cf
KEYCLOAK-11472 Pagination support for clients
...
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
vmuzikar
072cd9f93f
KEYCLOAK-12329 Fix linking accounts in the new Account Console
2019-12-03 18:49:40 -03:00
Martin Kanis
73d1a26040
KEYCLOAK-11773 Front-channel logout with identity brokering does not work after browser restart
2019-12-03 08:17:54 +01:00
vmuzikar
f426643225
KEYCLOAK-11744 KEYCLOAK-11271 New Account Console testsuite
2019-11-28 08:32:48 -03:00
Jan Lieskovsky
9a5fda5ec9
[KEYCLOAK-11748] Add multiple OTP tokens configured Direct Access Grant test ( #6546 )
...
Add a Direct Access Grant test to verify, when the user has multiple OTP
authenticators configured, they can properly login using the 1-th one of
them (IOW the 1-th OTP token is the preferred credential)
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-11-28 09:34:53 +01:00
harture
129c689855
[KEYCLOAK-12253] Fix conditional authenticators are evaluated even if they are disabled ( #6553 )
2019-11-28 09:30:31 +01:00
Martin Kanis
685d49c693
KEYCLOAK-11967 Violation of UNIQUE KEY constraint SIBLING_NAMES ( #6485 )
2019-11-26 16:00:50 +01:00
rmartinc
82ef5b7927
KEYCLOAK-12000: Allow overriding time lifespans on a SAML client
2019-11-26 10:02:34 +01:00
Pedro Igor
cee884e4a7
[KEYCLOAK-8406] - Remove Drools/Rules Policy
2019-11-22 15:38:51 +01:00
Yoshiyuki Tabata
0a9d058b81
KEYCLOAK-12150 change error response from invalid_request to unsupported_grant_type
2019-11-22 11:11:07 +01:00
Yoshiyuki Tabata
a36cfee84b
KEYCLOAK-12149 change error response from invalid_grant to unauthorized_client
2019-11-22 11:10:16 +01:00
Yoshiyuki Tabata
4117710379
KEYCLOAK-12019 change error response from unsupported_response_type to unauthorized_client
2019-11-22 11:03:02 +01:00
Martin Kanis
50ec24557e
KEYCLOAK-12117 X509BrowserLoginTest failing in pipeline
2019-11-21 11:35:10 +01:00
stianst
3731e36ece
KEYCLOAK-12069 Add account-console client for new account console
2019-11-20 08:48:40 -05:00
Ramon Spahr
0f00e23f96
KEYCLOAK-10977 Allow disabling Kerberos athentication with LDAP federation provider ( #6422 )
2019-11-18 14:12:26 +01:00
keycloak-bot
76aa199fee
Set version to 9.0.0-SNAPSHOT
2019-11-15 20:43:21 +01:00
Stefan Guilhen
9a7c1a91a5
KEYCLOAK-10780 Stop creating placeholder e-mails for service accounts ( #228 )
2019-11-15 15:08:29 +01:00
k-tamura
43e2370f21
KEYCLOAK-11772 Fix temporary credential property to work correctly
2019-11-15 08:48:12 +01:00
stianst
3a36569e20
KEYCLOAK-9129 Don't expose Keycloak version in resource paths
2019-11-15 08:21:28 +01:00
AlistairDoswald
4553234f64
KEYCLOAK-11745 Multi-factor authentication ( #6459 )
...
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Andy Munro
e7e49c13d5
KEYCLOAK-11413 Update UI messages
...
Co-authored-by: stianst <stianst@gmail.com>
Made a couple more spelling corrections.
2019-11-14 12:31:05 +01:00
Martin Kanis
25511d4dbf
KEYCLOAK-9651 Wrong ECDSA signature R and S encoding
2019-11-13 15:32:51 +01:00
sarveshtamba
0525fb43b9
Update pom.xml
2019-11-11 11:16:07 -03:00
stianst
b8881b8ea0
KEYCLOAK-11728 New default hostname provider
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2019-11-11 12:25:44 +01:00
Patrick Teubner
b3d87b52c2
KEYCLOAK-11888 Fix inconsistent pagination of groups by ordering the results of 'getTopLevelGroupIds' query
2019-11-11 09:22:51 +01:00
stianst
062841a059
KEYCLOAK-11898 Refactor AIA implementation
2019-11-08 16:03:07 -03:00
Martin Bartoš
bf8184221a
KEYCLOAK-11838: Fixed unstable RefreshTokenTest ( #6455 )
2019-11-08 08:53:23 +01:00
mhajas
b74f69c5ac
KEYCLOAK-11779 Make feature controller which takes care of enabling/disabling features including restarting container if needed
2019-11-07 09:35:11 +01:00
vmuzikar
b13fa2d16a
KEYCLOAK-11602 Add token exchange test to OpenShift 3 social login test
2019-11-06 06:49:10 -03:00
vmuzikar
bf5cca52a4
KEYCLOAK-11675 Fix unstable Google Social Login test
2019-11-06 06:49:10 -03:00
Stan Silvert
041229f9ca
KEYCLOAK-7429: Linked Accounts REST API
2019-11-05 16:03:21 -05:00
Peter Skopek
d0386dab85
KEYCLOAK-8785 remove k_version endpoint ( #6428 )
2019-11-05 11:35:55 +01:00
Douglas Palmer
a32c8c5190
[KEYCLOAK-11185] Fixed build with JDK 11
2019-11-04 10:56:07 -03:00
Martin Bartoš
e3d755fe9d
KEYCLOAK-11729: ExtendingThemeTest is failing with auth-server-wildfly ( #6410 )
2019-11-04 11:27:03 +01:00
Benjamin Bentmann
d6f56e58c1
KEYCLOAK-11806 Fix SAML adapter to not fail upon receiving a login response without the optional Destination attribute
2019-10-29 23:12:15 +01:00
pkokush
ff551c5545
KEYCLOAK-10307: check password history length in password verification ( #6058 )
2019-10-24 21:33:21 +02:00
Takashi Norimatsu
1905260eac
KEYCLOAK-11251 ES256 or PS256 support for Client Authentication by Signed JWT ( #6414 )
2019-10-24 17:58:54 +02:00
Hynek Mlnarik
783545572a
KEYCLOAK-11684 Add support to display passwords in password fields
...
Add UI tests for KEYCLOAK-11684
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
2019-10-23 15:30:11 +02:00
mposolda
0cb8730df8
KEYCLOAK-11474 Fix LDAPGroupMapper tests with MySQL and MariaDB
2019-10-23 14:55:33 +02:00
Hynek Mlnarik
f0685cc246
KEYCLOAK-11739 Ensure unique / PK constraint in JPA is on par with Liquibase
2019-10-23 14:53:17 +02:00
Pedro Igor
bb4ff55229
[KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server
...
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
2019-10-22 10:34:24 +02:00
Pedro Igor
bad9e29c15
[KEYCLOAK-10870] - Deprecate support for JavaScript policy support from UMA policy endpoint
...
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java
(cherry picked from commit 13923a7683cb666d2842bc61429c23409c1493b6)
2019-10-22 10:34:24 +02:00
Jan Lieskovsky
f2e5f9dedd
[KEYCLOAK-11717] Drop the public key credential related elements ( #6407 )
...
from the Edit Account screen of the Account console
Add a testcase for it
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-10-21 19:54:39 +02:00
Martin Kanis
37304fdd7d
KEYCLOAK-10728 Upgrade to WildFly 18 Final
2019-10-21 14:06:44 +02:00
Martin Reinhardt
5ad05c9317
[KEYCLOAK-6376] Directly create group
2019-10-21 10:41:04 +02:00
Martin Reinhardt
21a62a2670
[KEYCLOAK-6376] Reorganize imports and revert pom changes
2019-10-21 10:41:04 +02:00
Martin Reinhardt
28748ebf3f
[KEYCLOAK-6376] Fix NPE and test setup
2019-10-21 10:41:04 +02:00
Martin Reinhardt
f18c8b9da5
[KEYCLOAK-6376] Switching to arquillian end2end tests
2019-10-21 10:41:04 +02:00
k-tamura
4a8065ec6b
Add test method pointed out on review
2019-10-21 10:36:16 +02:00
Kohei Tamura
59ba874e1d
KEYCLOAK-10945 Avoid lockout when clicking login twice
2019-10-21 10:36:16 +02:00
Pedro Igor
6acb87bd7a
[KEYCLOAK-10822] - Prevent access to users from another realm
2019-10-21 10:32:50 +02:00
Martin Bartoš
ad9641722f
KEYCLOAK-11613 Chrome Testing API ( #6385 )
2019-10-18 10:50:28 +02:00
stianst
31ed01a6de
KEYCLOAK-11754 Prevent AbstractKeycloakTest from inititating backchannel logout on cleanup
2019-10-17 12:56:31 +02:00
mhajas
9cb2f1afdc
KEYCLOAK-11530 Do not enable/disable vault before/after test method but before/after class
2019-10-17 09:55:06 +02:00
Pedro Igor
17785dac08
[KEYCLOAK-10714] - Add filtering support in My Resources endpoint by name
2019-10-16 16:26:55 +02:00
Tomas Kyjovsky
c2273e8f49
KEYCLOAK-11547 ( #6341 )
...
- Fixing `X509OCSPResponderTest.loginOKOnOCSPResponderRevocationCheckWithoutCA` test case on Windows
2019-10-15 15:56:29 +02:00
mposolda
f0a506a143
KEYCLOAK-11691 Broker tests re-structure
2019-10-14 11:38:09 +02:00
mhajas
2f44c58a0d
KEYCLOAK-11495 Change name of PlaintextVaultProvider to FilesPlaintextVaultProvider
2019-10-09 14:48:00 +02:00
Hisanobu Okuda
75a44696a2
KEYCLOAK-10636 Large Login timeout causes login failure
...
KEYCLOAK-10637 Large Login Action timeout causes login failure
2019-10-07 13:27:20 +02:00
Cédric Couralet
5f006b283a
KEYCLOAK-8316 Add an option to ldap provider to trust emails on import
...
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-10-04 16:28:02 +02:00
Axel Messinese
f3607fd74d
KEYCLOAK-10712 get groups full representation endpoint
2019-10-03 11:26:30 +02:00
Takashi Norimatsu
66de87a211
KEYCLOAK-11253 Advertise acr claim in claims_supported Server Metadata
2019-10-03 11:25:45 +02:00
Vincent Letarouilly
6b36e57593
KEYCLOAK-6698 - Add substitution of system properties and environment variables in theme.properties file
2019-10-01 16:34:54 +02:00
Takashi Norimatsu
6c9cf346c6
KEYCLOAK-11252 Implement Server Metadata of OAuth 2.0 Mutual TLS Client Authentication
2019-10-01 15:27:59 +02:00
Takashi Norimatsu
7c75546eac
KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
...
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
mhajas
f852ef157d
KEYCLOAK-11470 Fix rebase issue
2019-10-01 08:20:55 +02:00
mhajas
6f097bdf89
KEYCLOAK-11470 Remove Assertj from testsuite
...
There is no reason to use more types of assertions and we already
heavily use hamcrest
2019-09-30 13:16:01 +02:00
vramik
b1697a5e71
KEYCLOAK-11069 auth-server-remote tests
2019-09-30 10:29:51 +02:00
Mathieu CLAUDEL
2fb507e170
KEYCLOAK-10802 add support of SAMLv2 ForceAuthn
2019-09-27 09:55:54 +02:00
vmuzikar
1cdc5e1969
KEYCLOAK-11514 Add option to download specific WebDriver binaries versions
2019-09-26 09:54:30 -03:00
Benjamin Weimer
2b1acb99a2
KEYCLAOK-9999 fix client import ( #6136 )
2019-09-23 13:08:24 +02:00
mhajas
f810e85526
KEYCLOAK-11316 Fix Photoz instabilities on windows
...
Error message: Cannot read property 'token_endpoint' of undefined
2019-09-20 13:12:09 +02:00
Hisanobu Okuda
da49dbce2b
KEYCLOAK-10770 user-storage/{id}/sync should return 400 instead of 404
2019-09-20 11:17:09 +02:00
mhajas
37b7b595a5
KEYCLOAK-11410 Do not throw exception in PlaintextVaultProvider if unconfigured
2019-09-19 14:56:19 +02:00
rradillen
b71198af9f
[KEYCLOAK-8575] oidc idp basic auth ( #6268 )
...
* [KEYCLOAK-8575] Allow to choose between basic auth and form auth for oidc idp
* uncomment ui and add tests
* move basic auth to abstract identity provider (except for getting refresh tokens)
* removed duplications
2019-09-19 14:36:16 +02:00
rmartinc
7f54a57271
KEYCLOAK-10757: Replaying assertion with signature in SAML adapters
2019-09-18 16:49:00 +02:00
madgaet
c35718cb87
[KEYCLOAK-9809] Support private_key_jwt authentication for external IdP
2019-09-17 16:04:23 +02:00
Jan Lieskovsky
63e9eec52d
[KEYCLOAK-11415] Switch the 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE' setting reliably
...
Use own, separate context when trying to switch 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE'
group mapper config setting to 'false' (or back), across the various tests from LDAPGroupMapperSyncTest
suite. This makes the test results deterministic again (prevents 'test02_syncWithGroupInheritance()'
and 'test03_syncWithDropNonExistingGroups()' tests randomly to fail depending if attempt
to reset the 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE' back to 'true' in previous
'test01_syncNoPreserveGroupInheritance()' test succeeded, or not)
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-16 20:42:46 +02:00
Jan Lieskovsky
7ab854fecf
[KEYCLOAK-8253] When syncing flat (all groups being the top-level ones) structure
...
of LDAP groups from federation provider to Keycloak, perform the search if the
currently processed group already exists in Keycloak in log(N) time
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 20:14:18 +02:00
Jan Lieskovsky
cfb225b499
[KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization
...
(in the direction from LDAP provider to Keycloak) from exponential to
linear time in the case of syncing flat LDAP groups structure
Add a corresponding test (intentionally configured as to be ignored
by CI/CD due to higher demand on time, required fo the test completion)
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 09:54:13 +02:00
Cédric Couralet
9c37da0ee9
KEYCLOAK-8818 Support message bundle in theme resources
2019-09-11 08:03:16 +02:00
mhajas
2703388946
KEYCLOAK-11245 Adapt LDAPConnectionTestManager to use newly introduced LDAPContextManager
2019-09-10 22:51:19 +02:00
mhajas
9c2525ec1a
KEYCLOAK-11245 Use transcription object for LDAP bindCredential
2019-09-09 19:39:53 +02:00
Martin Kanis
4235422798
KEYCLOAK-11246 Use the transcription object for SMTP password
2019-09-09 13:27:11 +02:00
Hynek Mlnarik
9eb2e1d845
KEYCLOAK-11028 Use pessimistic locks to prevent DB deadlock when deleting objects
2019-09-09 10:57:49 +02:00
Stefan Guilhen
60205845a8
[KEYCLOAK-7264] Add a RoleMappingsProvider SPI to allow for the configuration of custom role mappers in the SAML adapters.
...
- Provides a default implementation based on mappings loaded from a properties file.
- Role mappers can also be configured in the keycloak-saml susbsytem.
2019-09-09 05:24:25 -03:00
rmartinc
a726e625e9
KEYCLOAK-10782: Credentials tab on clients can only be displayed with view-realm
2019-09-06 16:45:08 -03:00
Martin Kanis
b1be6c2bdd
KEYCLOAK-11247 Use the transcription object for Identity providers password
2019-09-06 15:29:11 +02:00
Pedro Igor
a1d8850373
[KEYCLOAK-7416] - Device Activity
2019-09-05 11:43:27 -03:00
Sebastian Laskawiec
69d6613ab6
KEYCLOAK-10169 OpenShift 4 Identity Provider
2019-09-05 16:33:59 +02:00
vmuzikar
2f9d875840
KEYCLOAK-11286 Fix tests in "other" module
2019-09-05 16:29:09 +02:00
vramik
ca6fbac599
KEYCLOAK-11150 testsuite dependency with auth-server-remote
2019-09-05 08:34:22 +02:00
Stefan Guilhen
bb9c811a65
[KEYCLOAK-10935] Add a vault transcriber implementation that can be obtained from the session.
...
- automatically parses ${vault.<KEY>} expressions to obtain the key that contains the secret in the vault.
- enchances the capabilities of the VaultProvider by offering methods to convert the raw secrets into other types.
2019-09-04 22:34:08 +02:00
mposolda
3a19db0c9d
KEYCLOAK-10921 Fix unstable RefreshTokenTest
2019-09-04 05:54:26 -03:00
Martin Bartos RH
a0ba6e593e
[KEYCLOAK-11024] RulesPolicyManagementTest failing with auth-server-undertow in universal pipeline
2019-09-02 11:58:30 +02:00
Niko Köbler
49e9cd759b
KEYCLOAK-10734 Let the check-sso feature do the check in hidden iframe
2019-08-20 15:41:09 -03:00
Pedro Igor
e12c245355
[KEYCLOAK-10779] - CSRF check to My Resources
...
(cherry picked from commit dbaba6f1b8c043da4a37c906dc0d1700956a0869)
2019-08-20 06:35:00 -03:00
Hynek Mlnarik
97811fdd51
KEYCLOAK-10786 Check signature presence in SAML broker
...
(cherry picked from commit ba9f73aaff22eb34c7dec16f4b76d36d855d569b)
2019-08-20 06:35:00 -03:00
Leon Graser
0ce10a3249
[KEYCLOAK-10653] Manage Consent via the Account API
2019-08-20 06:24:44 -03:00
Pedro Igor
3f2a38936c
[KEYCLOAK-11154] - Unstable Photoz Adapter Tests
2019-08-19 16:04:24 -03:00
mhajas
78ee5adfe8
KEYCLOAK-10034 Replace pause with waitForPageToLoad
2019-08-19 10:18:15 +02:00
Nemanja Hiršl
411ea331f6
KEYCLOAK-10785 X.509 Authenticator - Update user identity source mappers
...
Update user identity sources and the way how X.509 certificates are mapped to the user to:
1. Include "Serial number + Issuer DN" as described in RFC 5280
2. Include "Certificate's SHA256-Thumbprint"
3. Exclude "Issuer DN"
4. Exclude "Issuer Email"
Add an option to represent serial number in hexadecimal format.
Documentation PR created: https://github.com/keycloak/keycloak-documentation/pull/714
KEYCLOAK-10785 - Documentation for new user identity source mappers
2019-08-16 11:35:50 -03:00
Takashi Norimatsu
8225157a1c
KEYCLOAK-6768 Signed and Encrypted ID Token Support
2019-08-15 15:57:35 +02:00
mposolda
67df6d03af
KEYCLOAK-10449 KEYCLOAK-10550 Fix manual DB migration test with MSSQL
2019-08-15 14:19:27 +02:00
Martin Bartos RH
925864530a
KEYCLOAK-10457 Merge preview features test: SocialLoginTest
2019-08-14 22:09:59 +02:00
Peter Skopek
71eed3af06
KEYCLOAK-10792 MigrationTest fails in pipeline: fix log file checker to start from the right position after server restart
2019-08-12 15:41:56 +02:00
Martin Bartos RH
9d67e92117
[KEYCLOAK-10465] Merge preview features test: OpenShiftTokenReviewEndpoint
2019-08-06 12:57:33 +02:00
Hynek Mlnarik
9bca5c9968
KEYCLOAK-10964 Remove realm reimport in SAMLServletAdapterTest
2019-08-05 09:35:04 +02:00
Martin Bartos RH
da85cff53b
[KEYCLOAK-10458] Merge preview features test: RulesPolicyManagement
2019-08-01 14:34:51 +02:00
Sebastian Laskawiec
041208bd25
KEYCLOAK-10033 Prevent connections going stale
...
See https://stackoverflow.com/questions/10558791/apache-httpclient-interim-error-nohttpresponseexception
2019-07-30 18:13:10 +02:00