Peter Zaoral
b0ffea699e
KEYCLOAK-12186 Improve the OTP login form
...
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-02-12 11:25:02 +01:00
Peter Skopek
622a97bd1c
KEYCLOAK-12228 Sensitive Data Exposure
...
from patch of hiba haddad haddadhiba0@gmail.com
2020-02-12 09:57:31 +01:00
stianst
3c0cf8463a
KEYCLOAK-12821 Check if action is disabled in realm before executing
2020-02-12 09:04:43 +01:00
stianst
0b8adc7874
KEYCLOAK-12921 Fix NPE in client validation on startup
2020-02-12 08:23:25 +01:00
stianst
dda829710e
KEYCLOAK-12829 Require PKCE for admin and account console
2020-02-12 08:22:20 +01:00
Thomas Darimont
7969aed8e0
KEYCLOAK-10931 Trigger UPDATE_PASSWORD event on password update via AccountCredentialResource
2020-02-11 19:51:58 +01:00
Martin Kanis
1d54f2ade3
KEYCLOAK-9563 Improve access token checks for userinfo endpoint
2020-02-11 15:09:21 +01:00
stianst
ecec20ad59
KEYCLOAK-12193 Internal error message returned in error response
2020-02-07 18:10:41 +01:00
mabartos
a5d02d62c1
KEYCLOAK-12908 TOTP not accepted in request for Access token
2020-02-07 13:17:05 +01:00
stianst
7545749632
KEYCLOAK-12190 Add validation for client root and base URLs
2020-02-07 09:09:40 +01:00
Pedro Igor
fc514aa256
[KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering
2020-02-06 13:16:01 +01:00
Dmitry Telegin
b6c5acef25
KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID
2020-02-06 08:53:31 +01:00
Martin Bartoš
7dec314ed0
KEYCLOAK-12900 NullPointerException during WebAuthn Registration ( #6732 )
2020-02-05 17:01:36 +01:00
Axel Messinese
b73553e305
Keycloak-11526 search and pagination for roles
2020-02-05 15:28:25 +01:00
rmartinc
d39dfd8688
KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters
2020-02-05 11:30:28 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability ( #6710 )
2020-02-05 08:35:47 +01:00
Thomas Darimont
42fdc12bdc
KEYCLOAK-8573 Invalid client credentials should return Unauthorized status ( #6725 )
2020-02-05 08:27:15 +01:00
Thomas Darimont
d417639cb8
KEYCLOAK-11033 Avoid NPE in password endpoint of AccountCredentialResource ( #6721 )
...
Added additional null guard since some credentials provide might not
maintain a "CreatedDate" for a password credentials.
2020-02-04 16:01:27 +01:00
rmartinc
5b9eb0fe19
KEYCLOAK-10884: Need clock skew for SAML identity provider
2020-02-03 22:00:44 +01:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements ( #6709 )
...
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
the user to provide device name label,
Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages
Add a corresponding testcase
Also address issues pointed out by mposolda's review. Thanks, Marek!
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … ( #6668 )
2020-02-03 19:23:30 +01:00
Leon Graser
01a42f417f
Search and Filter for the count endpoint
2020-02-03 09:36:30 +01:00
Pedro Igor
ed2d392a3d
[KEYCLOAK-9666] - Entitlement request with service account results in server error
2020-02-03 08:57:56 +01:00
Pedro Igor
658a083a0c
[KEYCLOAK-9600] - Find by name in authz client returning wrong resource
2020-02-03 08:57:20 +01:00
rmartinc
1989483401
KEYCLOAK-12001: Audience support for SAML clients
2020-01-31 15:56:40 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… ( #6690 )
...
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
2020-01-31 14:28:23 +01:00
Stan Silvert
6ac5a2a17e
[KEYCLOAK-12744] rh-sso-preview theme for product build
...
* change logo for RH-SSO
* Small fixes to rh-sso-preview theme
* rh-sso-preview theme
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2020-01-31 08:16:52 -03:00
Pedro Igor
c37ca235ab
[KEYCLOAK-11352] - Can't request permissions by name by a non-owner resource service, although the audience is set
2020-01-30 11:36:21 +01:00
stianst
2916af351a
KEYCLOAK-12712 Add thread-safety for provider hot-deployment
2020-01-29 14:06:11 +01:00
stianst
a3e5f9d547
KEYCLOAK-12736 Set time for admin events in milliseconds, instead of converted seconds
2020-01-29 14:05:22 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless ( #6649 )
2020-01-29 09:33:45 +01:00
Takashi Norimatsu
993ba3179c
KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT ( #6633 )
2020-01-28 14:55:48 +01:00
Stian Thorgersen
87cab778eb
KEYCLOAK-11996 Authorization Endpoint does not return an error when a request includes a parameter more than once ( #6696 )
...
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2020-01-24 12:10:56 +01:00
Thomas Darimont
303861f7e8
KEYCLOAK-10003 Fix handling of request parameters for SMTP Connection Test
...
We now transfer the SMTP connection configuration via HTTP POST
request body parameters instead of URL parameters.
The improves handling of SMTP connection configuration values with
special characters. As a side effect sensitive information like SMTP
credentials are now longer exposed via URL parameters.
Previously the SMTP connection test send the connection parameters
as encoded URL parameters in combination with parameters in the request body.
However the server side endpoint did only look at the URL parameters.
Certain values, e.g. passwords with + or ; could lead to broken URL parameters.
2020-01-23 13:19:31 -06:00
Leon Graser
f1ddd5016f
KEYCLOAK-11821 Add account api roles to the client on creation
...
Co-authored-by: stianst <stianst@gmail.com>
2020-01-23 13:10:04 -06:00
Benjamin Weimer
dd9ad305ca
KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with
...
following features
* Regex support for claim values.
* Support for multiple claims.
2020-01-23 07:17:22 -06:00
Stan Silvert
210fd92d23
KEYCLOAK-11550: Signing In page
2020-01-23 07:35:09 -05:00
Domenico Briganti
812b69af13
KEYCLOAK-9837 Not hide exception in email templating - clean code
2020-01-23 05:45:25 -06:00
Domenico Briganti
f07e08ef28
KEYCLOAK-9837 Not hide exception in email templating - Throws always an Exception
2020-01-23 05:45:25 -06:00
Domenico Briganti
476da4f276
KEYCLOAK-9837 Not hide exception in email templating
2020-01-23 05:45:25 -06:00
Captain-P-Goldfish
b90a0307ea
Add certificate timestamp validation ( #6330 )
...
KEYCLOAK-11818 Add certificate timestamp validation
2020-01-22 20:53:06 +01:00
vmuzikar
03306b87e8
KEYCLOAK-12125 Introduce SameSite attribute in cookies
...
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
Martin Bartos RH
d3f6937a23
[KEYCLOAK-12426] Add username to the login form + ability to reset login
2020-01-17 09:40:13 +01:00
mposolda
85dc1b3653
KEYCLOAK-12426 Add username to the login form + ability to reset login - NOT DESIGN YET
2020-01-17 09:40:13 +01:00
Tomas Kyjovsky
05c428f6e7
KEYCLOAK-12295 After password reset, the new password has low priority ( #6653 )
2020-01-16 09:11:25 +01:00
k-tamura
562dc3ff8c
KEYCLOAK-10659 Proxy authentication support for proxy-mappings
2020-01-15 13:29:54 +01:00
Martin Bartoš
5aab03d915
[KEYCLOAK-12184] Remove BACK button from login forms ( #6657 )
2020-01-15 12:25:37 +01:00
Axel Messinese
789e8c70ce
KEYCLOAK-12630 full representation param for get groups by user endpoint
2020-01-15 10:14:52 +01:00
Axel Messinese
72aff51fca
KEYCLOAK-12670 inconsistent param name full to briefRepresentation
2020-01-15 08:32:57 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector ( #6591 )
2020-01-14 21:54:45 +01:00
k-tamura
221aad9877
KEYCLOAK-11511 Improve exception handling of REST user creation
2020-01-14 13:34:34 +01:00
mhajas
a79d6289de
KEYCLOAK-11416 Fix nil AttributeValue handling
2020-01-10 12:47:09 +01:00
Viswa Teja Nariboina
5082ed2fcb
[ KEYCLOAK-12606 ] Passing email in login_hint query parameter during Identity brokering fails when an account already exists
2020-01-09 10:40:42 +01:00
Pedro Igor
03bbf77b35
[KEYCLOAK-12511] - Mapper not visible in client's mapper list
2020-01-09 10:25:06 +01:00
Thomas Darimont
062cbf4e0a
KEYCLOAK-9925 Use Client WebOrigins in UserInfoEndpoint
...
We now use the allowed WebOrigins configured for the client
for which the user info is requested.
Previously, Web Origins defined on the Client were not being recognized
by the /userinfo endpoint unless you apply the "Allowed Web Origins"
protocol mapper.
This was an inconsistency with how the Web Origins work compared
with the /token endpoint.
2020-01-09 10:10:59 +01:00
Pedro Igor
709cbfd4b7
[KEYCLOAK-10705] - Return full resource representation when querying policies by id
2020-01-09 10:00:24 +01:00
Pedro Igor
9fd7ab81f0
[KEYCLOAK-10407] - Avoiding redundant calls on identity.getid
2020-01-09 09:56:48 +01:00
Manfred Duchrow
f926529767
KEYCLOAK-12616 Vault unit test always failes on Windows
2020-01-07 20:55:50 +01:00
Hynek Mlnarik
f7379086e0
KEYCLOAK-12619 Improve mapped byte buffer cleanup
2020-01-07 16:07:43 +01:00
Thomas Darimont
54b69bd1dc
KEYCLOAK-10190 Fix NPE on missing clientSession in TokenEndpoint.codeToToken
...
In certain scenarios, e.g. when an auth code from another realm login is
used to perform the code to token exchange, it can happen that the
ClientSession is null which triggered an NPE when the userSession field is accessed.
Added null check for clientSession in TokenEndpoint.codeToToken to prevent an NPE.
2020-01-06 14:45:20 +01:00
Thomas Darimont
1a7aeb9b20
KEYCLOAK-8249 Improve extraction of Bearer tokens from Authorization headers ( #6624 )
...
We now provide a simple way to extract the Bearer token string from
Authorization header with a null fallback.
This allows us to have more fine grained error handling for the
various endpoints.
2020-01-06 13:58:52 +01:00
rmartinc
401d36b446
KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts
2019-12-27 15:59:38 -03:00
Thomas Darimont
0219d62f09
KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens
...
As required by the OIDC spec (1) we now return a proper WWW-Authenticate
response header if the given token is invalid.
1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError
2019-12-23 07:42:06 -03:00
Andrei Arlou
eed4847469
KEYCLOAK-12311 Fix minor warnings with collections in packages: forms, keys, partialimport, protocol from module "services"
2019-12-20 13:31:38 +01:00
Peter Skopek
7a14661fce
KEYCLOAK-6115 Login fails if federated user is read-only and has selected a locale on the login screen
2019-12-19 14:36:50 +01:00
Andrei Arlou
aceb123242
KEYCLOAK-12417 Fix minor warnings in tests from module "services"
2019-12-19 10:51:37 +01:00
Andrei Arlou
697eaa4f36
KEYCLOAK-12309 Fix warnings with collections in packages:
...
authentification, authorization, broker, email, events, exportimport from module "services"
2019-12-18 14:02:27 +01:00
Andrei Arlou
bb156fb2fd
KEYCLOAK-12317 Fix minor warnings with modificators in packages: authentication, authorization, keys, partialimport, protocol from module "services"
2019-12-18 13:26:27 +01:00
Andrei Arlou
c61cc1a493
KEYCLOAK-12316 Simplify conditions in packages: authentication, broker, credential, protocol from module "services"
2019-12-18 13:22:36 +01:00
Stefan Guilhen
9f69386a53
[KEYCLOAK-11707] Add support for Elytron credential store vault
...
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
- Introduces an abstract provider and factory that unifies code that is common to the existing implementations
- Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
and key names when constructing the vault entry id
- Introduces a keyResolvers property to the existing implementation via superclass that allows for the
configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
are tried in the order they were declared when retrieving a secret from the vault
- Adds more tests for the files-plaintext provider using the new key resolvers
- Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb
[KEYCLOAK-12254] Fix re-evaluation of conditional flow ( #6558 )
2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9
[KEYCLOAK-11859] Added option to always display a client in the accounts console
2019-12-17 17:12:49 -03:00
jacac
3ae508e1b9
KEYCLOAK-12425 Encode userid with Base64Url. ( #6585 )
2019-12-16 20:40:27 +01:00
Douglas Palmer
af0594b58d
[KEYCLOAK-12463] Fixed missing consents
2019-12-12 17:27:54 -03:00
Douglas Palmer
f9fa5b551d
[KEYCLOAK-5628] Added application endpoint
2019-12-11 13:06:04 -03:00
Martin Bartoš
2cf6483cdf
[KEYCLOAK-12044] Fix messages in the UsernameForm ( #6548 )
2019-12-11 10:59:46 +01:00
Dmitry Telegin
56aa14ffab
KEYCLOAK-11347 - MicroProfile-Config
2019-12-10 12:08:22 +01:00
Denis Richtárik
48bddc37ae
KEYCLOAK-12011 Remove cancel button from OTP form ( #6511 )
...
* KEYCLOAK-12011 Remove cancel button from OTP form
* Remove back button
2019-12-09 19:23:26 +01:00
Dmitry Telegin
e2144d6aec
KEYCLOAK-12175 - Platform SPI
2019-12-09 09:55:04 +01:00
Yoshiyuki Tabata
b2664c7ef9
KEYCLOAK-12094 "client-session-stats" not search null client information ( #6554 )
2019-12-06 10:37:25 +01:00
Martin Bartoš
e405ce6e97
[KEYCLOAK-11824] Fix bug with only one value of the authentication model execution requirement ( #6570 )
2019-12-05 18:28:00 +01:00
Andrei Arlou
fb421d3086
KEYCLOAK-12262 Remove unused imports from packages "authorization" and "authentification" in module "services" ( #6547 )
2019-12-05 14:39:03 +01:00
Andrei Arlou
da7e0ba403
KEYCLOAK-12310 Remove unused imports from packages: exportimport, forms, jose, partialimport, protocol in module "services" ( #6560 )
2019-12-05 14:28:47 +01:00
Cristian Schuszter
5c7ce775cf
KEYCLOAK-11472 Pagination support for clients
...
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
vmuzikar
072cd9f93f
KEYCLOAK-12329 Fix linking accounts in the new Account Console
2019-12-03 18:49:40 -03:00
Martin Kanis
73d1a26040
KEYCLOAK-11773 Front-channel logout with identity brokering does not work after browser restart
2019-12-03 08:17:54 +01:00
harture
129c689855
[KEYCLOAK-12253] Fix conditional authenticators are evaluated even if they are disabled ( #6553 )
2019-11-28 09:30:31 +01:00
Stan Silvert
de6f90b43b
KEYCLOAK-11550: Single page for credentials (initial commit)
2019-11-27 07:32:13 -03:00
rmartinc
82ef5b7927
KEYCLOAK-12000: Allow overriding time lifespans on a SAML client
2019-11-26 10:02:34 +01:00
Dmitry Telegin
79074aa380
KEYCLOAK-12162 Modularize config backends ( #6499 )
...
* KEYCLOAK-12162 - Modularize configuration backends
* - Use JsonSerialization
- simplify backend selection (no fallbacks)
* Remove unused org.wildfly.core:wildfly-controller dependency
2019-11-22 15:23:04 +01:00
Yoshiyuki Tabata
0a9d058b81
KEYCLOAK-12150 change error response from invalid_request to unsupported_grant_type
2019-11-22 11:11:07 +01:00
Yoshiyuki Tabata
a36cfee84b
KEYCLOAK-12149 change error response from invalid_grant to unauthorized_client
2019-11-22 11:10:16 +01:00
Yoshiyuki Tabata
4117710379
KEYCLOAK-12019 change error response from unsupported_response_type to unauthorized_client
2019-11-22 11:03:02 +01:00
Vidhyadharan Deivamani
9e366f0453
KEYCLOAK-8162 review comment adopted
2019-11-22 10:37:50 +01:00
Vidhyadharan Deivamani
318b290f55
KEYCLOAK-8162 Added resourcesPath
2019-11-22 10:37:50 +01:00
Fuxin Hao
ff4c94506f
use reCAPTCHA globally
2019-11-22 10:22:15 +01:00
Stan Silvert
ea268af511
KEYCLOAK-12159: AIA and Logout broken in new acct console
2019-11-21 09:35:46 -03:00
stianst
3731e36ece
KEYCLOAK-12069 Add account-console client for new account console
2019-11-20 08:48:40 -05:00
keycloak-bot
76aa199fee
Set version to 9.0.0-SNAPSHOT
2019-11-15 20:43:21 +01:00
Stefan Guilhen
9a7c1a91a5
KEYCLOAK-10780 Stop creating placeholder e-mails for service accounts ( #228 )
2019-11-15 15:08:29 +01:00
k-tamura
43e2370f21
KEYCLOAK-11772 Fix temporary credential property to work correctly
2019-11-15 08:48:12 +01:00
AlistairDoswald
4553234f64
KEYCLOAK-11745 Multi-factor authentication ( #6459 )
...
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Stan Silvert
d439f4181a
KEYCLOAK-6503: Linked Accounts Page
2019-11-14 07:39:43 -03:00
Martin Kanis
25511d4dbf
KEYCLOAK-9651 Wrong ECDSA signature R and S encoding
2019-11-13 15:32:51 +01:00
stianst
b8881b8ea0
KEYCLOAK-11728 New default hostname provider
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2019-11-11 12:25:44 +01:00
stianst
062841a059
KEYCLOAK-11898 Refactor AIA implementation
2019-11-08 16:03:07 -03:00
stianst
63abebd993
KEYCLOAK-11627 Require users to re-authenticate before invoking AIA
2019-11-08 16:03:07 -03:00
stianst
bc5113053d
KEYCLOAK-11897 Change kc_action parameter to proper built-in parameter
2019-11-08 16:03:07 -03:00
stianst
1e66660fd0
KEYCLOAK-11896 Remove initiate-action role
2019-11-08 16:03:07 -03:00
Takashi Norimatsu
4574d37d8d
KEYCLOAK-11372 Support for attestation statement verification ( #6449 )
2019-11-08 09:15:28 +01:00
Stian Thorgersen
f14f92ab0b
KEYCLOAK-6073 Make adapters use discovery endpoint for URLs instead of hardcoding ( #6412 )
2019-11-06 10:34:35 +01:00
Stan Silvert
041229f9ca
KEYCLOAK-7429: Linked Accounts REST API
2019-11-05 16:03:21 -05:00
Takashi Norimatsu
ecae2c5772
KEYCLOAK-11743 Update to webauthn4j 0.9.14.RELEASE and add apache-kerby-asn1:2.0.0 dependency ( #6401 )
2019-11-05 09:23:09 +01:00
Miguel Paulos Nunes
aa44579a02
KEYCLOAK-9553 Performance optimization on role mappings retrieval.
2019-11-05 08:59:53 +01:00
Dmitry Telegin
203646627f
Use global bootstrap flag
2019-11-01 10:56:06 +01:00
Dmitry Telegin
b68e8323ed
KEYCLOAK-11785 - Support for deferred initialization
2019-11-01 10:56:06 +01:00
Gideon Caranzo
e07fd9ffa3
KEYCLOAK-9936 Added optional hooks for preprocessing SAML authentication
...
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2019-10-29 13:06:59 +01:00
Helge Olav Aarstein
d7a0597b1d
KEYCLOAK-9091 Fix for claims with dots from userInfo ( #6312 )
...
* KEYCLOAK-9091 Unable to map claim attributes with dots (.) in them when claims are retrieved from userInfo endpoint
2019-10-24 21:41:38 +02:00
pkokush
ff551c5545
KEYCLOAK-10307: check password history length in password verification ( #6058 )
2019-10-24 21:33:21 +02:00
Takashi Norimatsu
1905260eac
KEYCLOAK-11251 ES256 or PS256 support for Client Authentication by Signed JWT ( #6414 )
2019-10-24 17:58:54 +02:00
Pedro Igor
bb4ff55229
[KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server
...
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
2019-10-22 10:34:24 +02:00
Pedro Igor
bad9e29c15
[KEYCLOAK-10870] - Deprecate support for JavaScript policy support from UMA policy endpoint
...
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java
(cherry picked from commit 13923a7683cb666d2842bc61429c23409c1493b6)
2019-10-22 10:34:24 +02:00
Martin Kanis
0e0177136c
KEYCLOAK-9984 Remove org.apache.commons.* usages from the code
2019-10-22 09:48:15 +02:00
Martin Kanis
37304fdd7d
KEYCLOAK-10728 Upgrade to WildFly 18 Final
2019-10-21 14:06:44 +02:00
Martin Reinhardt
28748ebf3f
[KEYCLOAK-6376] Fix NPE and test setup
2019-10-21 10:41:04 +02:00
Martin Reinhardt
f18c8b9da5
[KEYCLOAK-6376] Switching to arquillian end2end tests
2019-10-21 10:41:04 +02:00
Martin Reinhardt
eed4449f8d
[KEYCLOAK-6376] Fixing Conditional OTP by reusing existing API for role checks
2019-10-21 10:41:04 +02:00
Kohei Tamura
59ba874e1d
KEYCLOAK-10945 Avoid lockout when clicking login twice
2019-10-21 10:36:16 +02:00
Pedro Igor
17785dac08
[KEYCLOAK-10714] - Add filtering support in My Resources endpoint by name
2019-10-16 16:26:55 +02:00
Sebastian Laskawiec
b6b7c11517
KEYCLOAK-11725 Removed VaultRealmModel from tests
2019-10-15 10:59:05 +02:00
stianst
c16cfe9696
Fixes for Quarkus
2019-10-15 10:57:54 +02:00
Sebastian Laskawiec
ea1b22daa7
KEYCLOAK-11227 Removed enabled/disabled flag from FileTruststoreProvider
2019-10-15 05:24:28 +02:00
stianst
52085da520
KEYCLOAK-11702 Remove RestEasy 4 dependencies from core codebase
2019-10-11 15:03:34 +02:00
mhajas
2f44c58a0d
KEYCLOAK-11495 Change name of PlaintextVaultProvider to FilesPlaintextVaultProvider
2019-10-09 14:48:00 +02:00
Pedro Igor
f0fb48fb76
[KEYCLOAK-11326] - Refactoring to support different versions of resteasy
2019-10-09 12:01:34 +02:00
Pedro Igor
a2e98b57f4
[KEYCLOAK-11326] - Refactoring to use types from JAX-RS API
2019-10-09 12:01:34 +02:00
Hisanobu Okuda
75a44696a2
KEYCLOAK-10636 Large Login timeout causes login failure
...
KEYCLOAK-10637 Large Login Action timeout causes login failure
2019-10-07 13:27:20 +02:00
vmuzikar
434ea0965c
KEYCLOAK-11632 Don't cache server info endpoint
2019-10-07 10:29:52 +02:00
Axel Messinese
f3607fd74d
KEYCLOAK-10712 get groups full representation endpoint
2019-10-03 11:26:30 +02:00
Takashi Norimatsu
66de87a211
KEYCLOAK-11253 Advertise acr claim in claims_supported Server Metadata
2019-10-03 11:25:45 +02:00
Niko Köbler
d0324d8098
KEYCLOAK-11566 add attribute resourceType to log output of admin events
2019-10-02 13:18:30 +02:00
Vincent Letarouilly
6b36e57593
KEYCLOAK-6698 - Add substitution of system properties and environment variables in theme.properties file
2019-10-01 16:34:54 +02:00
Takashi Norimatsu
6c9cf346c6
KEYCLOAK-11252 Implement Server Metadata of OAuth 2.0 Mutual TLS Client Authentication
2019-10-01 15:27:59 +02:00
Takashi Norimatsu
7c75546eac
KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
...
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
Jess Thrysoee
3b58692d7c
KEYCLOAK-11596 Enable template cache when cacheTemplates attribute is true
2019-10-01 14:37:48 +02:00
David Festal
d73a2b821c
Fix a NPE when using token-exchange
...
When using the preview token-exchange feature with the `openshit-v3` identity provider, a NPE is triggered, because it tries to extract the `metadata` field twice from the user profile:
```
13:17:13,667 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.NullPointerException
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getJsonProperty(AbstractOAuth2IdentityProvider.java:357)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractUserContext(OpenshiftV3IdentityProvider.java:61)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractIdentityFromProfile(OpenshiftV3IdentityProvider.java:87)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.validateExternalTokenThroughUserInfo(AbstractOAuth2IdentityProvider.java:489)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalUserInfoValidationOnly(AbstractOAuth2IdentityProvider.java:548)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalImpl(AbstractOAuth2IdentityProvider.java:528)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternal(AbstractOAuth2IdentityProvider.java:519)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.exchangeExternalToken(TokenEndpoint.java:917)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.tokenExchange(TokenEndpoint.java:696)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:194)
.....
13:17:28,916 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.NullPointerException
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getJsonProperty(AbstractOAuth2IdentityProvider.java:357)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractUserContext(OpenshiftV3IdentityProvider.java:61)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractIdentityFromProfile(OpenshiftV3IdentityProvider.java:87)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.validateExternalTokenThroughUserInfo(AbstractOAuth2IdentityProvider.java:489)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalUserInfoValidationOnly(AbstractOAuth2IdentityProvider.java:548)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalImpl(AbstractOAuth2IdentityProvider.java:528)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternal(AbstractOAuth2IdentityProvider.java:519)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.exchangeExternalToken(TokenEndpoint.java:917)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.tokenExchange(TokenEndpoint.java:696)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:194)
......
13:17:53,492 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.NullPointerException
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getJsonProperty(AbstractOAuth2IdentityProvider.java:357)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractUserContext(OpenshiftV3IdentityProvider.java:61)
at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractIdentityFromProfile(OpenshiftV3IdentityProvider.java:87)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.validateExternalTokenThroughUserInfo(AbstractOAuth2IdentityProvider.java:489)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalUserInfoValidationOnly(AbstractOAuth2IdentityProvider.java:548)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalImpl(AbstractOAuth2IdentityProvider.java:528)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternal(AbstractOAuth2IdentityProvider.java:519)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.exchangeExternalToken(TokenEndpoint.java:917)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.tokenExchange(TokenEndpoint.java:696)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:194)
```
2019-10-01 14:23:46 +02:00
Mathieu CLAUDEL
2fb507e170
KEYCLOAK-10802 add support of SAMLv2 ForceAuthn
2019-09-27 09:55:54 +02:00
Yaroslav Kvasetskiy
622d049207
KEYCLOAK-10837 Add possibility to disable certificate verification for outgoing https connections
2019-09-26 08:12:09 -03:00
madgaet
0d12b8dd5a
[KEYCLOAK-11497] OIDC Idp authentication with private_key_jwt may not always work ( #6337 )
2019-09-25 23:10:07 +02:00
Hisanobu Okuda
da49dbce2b
KEYCLOAK-10770 user-storage/{id}/sync should return 400 instead of 404
2019-09-20 11:17:09 +02:00
mhajas
37b7b595a5
KEYCLOAK-11410 Do not throw exception in PlaintextVaultProvider if unconfigured
2019-09-19 14:56:19 +02:00
rradillen
b71198af9f
[KEYCLOAK-8575] oidc idp basic auth ( #6268 )
...
* [KEYCLOAK-8575] Allow to choose between basic auth and form auth for oidc idp
* uncomment ui and add tests
* move basic auth to abstract identity provider (except for getting refresh tokens)
* removed duplications
2019-09-19 14:36:16 +02:00
rmartinc
7f54a57271
KEYCLOAK-10757: Replaying assertion with signature in SAML adapters
2019-09-18 16:49:00 +02:00
farmersmurf
515727c944
fix: as discussed changed to NOT_ACCEPTABLE rather than OK to prevent INTERNAL SERVER ERROR on validation
2019-09-17 16:35:42 +02:00
farmersmurf
ae74335760
KEYCLOAK-10944 Fix 500 Error Code on Update Password
2019-09-17 16:35:42 +02:00
farmersmurf
b443c8186d
KEYCLOAK-10944 Fix 500 Error Code on Update Password
2019-09-17 16:35:42 +02:00
madgaet
c35718cb87
[KEYCLOAK-9809] Support private_key_jwt authentication for external IdP
2019-09-17 16:04:23 +02:00
Kohei Tamura
09671aa480
KEYCLOAK-11178 Suppress incorrect warnings
2019-09-13 10:21:20 +02:00
Shiva Prasad Thagadur Prakash
ff8b790549
KEYCLOAK-10022 Fixing few admin events not raised bug
2019-09-11 18:01:10 -03:00
Cédric Couralet
9c37da0ee9
KEYCLOAK-8818 Support message bundle in theme resources
2019-09-11 08:03:16 +02:00
mhajas
2703388946
KEYCLOAK-11245 Adapt LDAPConnectionTestManager to use newly introduced LDAPContextManager
2019-09-10 22:51:19 +02:00
mhajas
9c2525ec1a
KEYCLOAK-11245 Use transcription object for LDAP bindCredential
2019-09-09 19:39:53 +02:00
Martin Kanis
4235422798
KEYCLOAK-11246 Use the transcription object for SMTP password
2019-09-09 13:27:11 +02:00
Hynek Mlnarik
9eb2e1d845
KEYCLOAK-11028 Use pessimistic locks to prevent DB deadlock when deleting objects
2019-09-09 10:57:49 +02:00
rmartinc
a726e625e9
KEYCLOAK-10782: Credentials tab on clients can only be displayed with view-realm
2019-09-06 16:45:08 -03:00
Martin Kanis
b1be6c2bdd
KEYCLOAK-11247 Use the transcription object for Identity providers password
2019-09-06 15:29:11 +02:00
Cédric Couralet
aadd5331bc
[KEYCLOAK-11219] log an explicit error message when state is null
2019-09-06 10:59:28 +02:00
Pedro Igor
a1d8850373
[KEYCLOAK-7416] - Device Activity
2019-09-05 11:43:27 -03:00
Sebastian Laskawiec
69d6613ab6
KEYCLOAK-10169 OpenShift 4 Identity Provider
2019-09-05 16:33:59 +02:00
Stefan Guilhen
bb9c811a65
[KEYCLOAK-10935] Add a vault transcriber implementation that can be obtained from the session.
...
- automatically parses ${vault.<KEY>} expressions to obtain the key that contains the secret in the vault.
- enchances the capabilities of the VaultProvider by offering methods to convert the raw secrets into other types.
2019-09-04 22:34:08 +02:00
Kohei Tamura
6ae0773e09
KEYCLOAK-11006 Add method to log catched exception
2019-09-02 10:11:20 +02:00
Sebastian Laskawiec
3afbdd3ea3
KEYCLOAK-10934 PlainTextVaultProvider
2019-08-20 21:46:47 +02:00
Pedro Igor
e12c245355
[KEYCLOAK-10779] - CSRF check to My Resources
...
(cherry picked from commit dbaba6f1b8c043da4a37c906dc0d1700956a0869)
2019-08-20 06:35:00 -03:00
Hynek Mlnarik
97811fdd51
KEYCLOAK-10786 Check signature presence in SAML broker
...
(cherry picked from commit ba9f73aaff22eb34c7dec16f4b76d36d855d569b)
2019-08-20 06:35:00 -03:00
Leon Graser
0ce10a3249
[KEYCLOAK-10653] Manage Consent via the Account API
2019-08-20 06:24:44 -03:00
Nemanja Hiršl
411ea331f6
KEYCLOAK-10785 X.509 Authenticator - Update user identity source mappers
...
Update user identity sources and the way how X.509 certificates are mapped to the user to:
1. Include "Serial number + Issuer DN" as described in RFC 5280
2. Include "Certificate's SHA256-Thumbprint"
3. Exclude "Issuer DN"
4. Exclude "Issuer Email"
Add an option to represent serial number in hexadecimal format.
Documentation PR created: https://github.com/keycloak/keycloak-documentation/pull/714
KEYCLOAK-10785 - Documentation for new user identity source mappers
2019-08-16 11:35:50 -03:00
Takashi Norimatsu
8225157a1c
KEYCLOAK-6768 Signed and Encrypted ID Token Support
2019-08-15 15:57:35 +02:00
Hynek Mlnarik
d2da206d6b
KEYCLOAK-10933 Interfaces for vault SPI
2019-08-13 08:50:29 +02:00
Kohei Tamura
c0f73c0df4
KEYCLOAK-10817 Set referrer on error
2019-08-02 10:02:23 -03:00
Vlastimil Elias
4571f65d1e
KEYCLOAK-10209 - AuthenticationSessionModel made available through
...
KeycloakContext in KeycloakSession
2019-07-30 12:36:57 +02:00
Pedro Igor
8b203d48ce
[KEYCLOAK-10949] - Proper error messages when failing to authenticate the request
2019-07-29 17:01:42 -03:00
Pedro Igor
967d21dbb5
[KEYCLOAK-10713] - Pagination to resources rest api
2019-07-29 16:19:22 -03:00
k-tamura
fe0d6f4583
KEYCLOAK-10665 Fix incorrect client link on my resources page
2019-07-26 15:36:06 -03:00
k-tamura
2dceda3f50
KEYCLOAK-10807 Fix incorrect RS link on my resources page
2019-07-26 15:29:25 -03:00
Stan Silvert
bc818367a1
KEYCLOAK-10854: App-initiated actions Phase I
2019-07-26 14:56:29 -03:00
Stan Silvert
6c79bdee41
KEYCLOAK-10854: App initiated actions phase I
2019-07-26 14:56:29 -03:00
mhajas
57a8fcb669
KEYCLOAK-10776 Add session expiration to Keycloak saml login response
2019-07-24 13:35:07 +02:00
keycloak-bot
17e9832dc6
Set version to 8.0.0-SNAPSHOT
2019-07-19 19:05:03 +02:00
Pedro Igor
5f5cb6cb7b
[KEYCLOAK-10808] - Do not show authorization tab when client is not confidential
2019-07-15 10:07:31 -03:00
rmartinc
1d2d6591b2
KEYCLOAK-10826: Provide the locale name in the LocaleBean to be used in themes
2019-07-13 07:18:40 +02:00
rmartinc
6d6db1f3e5
KEYCLOAK-10345: OCSP validation fails if there is no intermediate CA in the client certificate
2019-07-12 15:16:00 +02:00
Takashi Norimatsu
2e850b6d4a
KEYCLOAK-10747 Explicit Proof Key for Code Exchange Activation Settings
2019-07-12 08:33:20 +02:00
Martin Kanis
efdf0f1bd8
KEYCLOAK-6839 You took too long to login after SSO idle
2019-07-10 10:15:26 +02:00
Kohei Tamura
55a6141bff
KEYCLOAK-10783 Fix internal server error when logging out after sharing my resource
2019-07-09 09:06:58 -03:00
mposolda
5f9feee3f8
KEYCLOAK-9846 Verifying signatures on CRL during X509 authentication
2019-07-08 20:20:38 +02:00
Tomasz Prętki
0376e7241a
KEYCLOAK-10251 New Claim JSON Type - JSON
2019-07-08 11:59:57 +02:00
Sven-Torben Janus
c883c11e7e
KEYCLOAK-10158 Use PEM cert as X.509 user identity
...
Allows to use the full PEM encoded X.509 certificate from client cert
authentication as a user identity. Also allows to validate that user's
identity against LDAP in PEM (String and binary format). In addition,
a new custom attribute mapper allows to validate against LDAP when
certificate is stored in DER format (binay, Octet-String).
KEYCLOAK-10158 Allow lookup of certs in binary adn DER format from LDAP
2019-07-08 11:58:26 +02:00
Hynek Mlnarik
ca4e14fbfa
KEYCLOAK-7852 Use original NameId value in logout requests
2019-07-04 19:30:21 +02:00
Sebastian Laskawiec
b5d8f70cc7
KEYCLOAK-8224 Client not found error message
2019-07-03 18:34:56 +02:00
Asier Aguado
bed22b9b8d
[KEYCLOAK-10710] Make social providers compatible with OIDC UsernameTemplateMappers
2019-07-03 15:01:46 +02:00
rmartinc
bd5dec1830
KEYCLOAK-10112: Issues in loading offline session in a cluster environment during startup
2019-07-03 13:17:45 +02:00
Axel Messinese
b32d52e62b
KEYCLOAK-10750 Check if role exist on get user/group in role endpoint
2019-07-03 08:46:36 +02:00
Pedro Igor
0cdd23763c
[KEYCLOAK-10443] - Define a global decision strategy for resource servers
2019-07-02 09:14:37 -03:00
Jeroen ter Voorde
7518692c0d
[KEYCLOAK-10419] Added briefRepresentation parameter support to the admin client interface
...
And added a aquillian test for it.
2019-06-21 11:31:01 +02:00
Jeroen ter Voorde
a2099cff39
[KEYCLOAK-10419] Added support for briefRepresentation param on the GroupResource members endpoint.
2019-06-21 11:31:01 +02:00
k-tamura
542333a0dd
KEYCLOAK-10660 Fix internal server error when re-logging in from my resources page
2019-06-18 06:18:36 -03:00
Hisanobu Okuda
1ac51611d3
KEYCLOAK-10664 correct the error message when no SAML request provided
2019-06-18 08:47:35 +02:00
Pedro Igor
fdc0943a92
[KEYCLOAK-8060] - My Resources REST API
2019-06-11 14:23:26 -03:00
Pedro Igor
61eb94c674
[KEYCLOAK-8915] - Support resource type in authorization requests
2019-06-04 21:02:54 -03:00
Stefan Guilhen
40ec46b79b
[KEYCLOAK-8043] Allow prompt=none query parameter to be propagated to default IdP
2019-05-29 09:22:46 +02:00
Pedro Igor
e9ea1f0e36
[KEYCLOAK-10279] - Do not limit results when fetching resources
2019-05-28 15:35:29 -03:00
Ian Duffy
de0ee474dd
Review feedback
2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4
[KEYCLOAK-10230] Support for LDAP with Start TLS
...
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
2019-05-27 21:30:01 +02:00
vramik
d64f716a20
KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title
2019-05-20 09:51:04 +02:00
Sebastian Loesch
76a6e82173
Fix log message
...
Single quotes need to be represented by double single quotes throughout a String.
See: https://docs.oracle.com/javase/7/docs/api/java/text/MessageFormat.html
2019-05-15 15:33:43 +02:00
Kohei Tamura
8bee7ec542
KEYCLOAK-9983 - Fix the P3P header corruption in Japanese and Turkish ( #6006 )
2019-05-15 15:23:45 +02:00
Tomohiro Nagai
d593ac3e6f
KEYCLOAK-9711 REQUIRED authentictor in ALTERNATIVE subflow throws AuthenticationFlowException when the authentictor returns ATTEMPTED.
2019-05-15 12:45:50 +02:00
Hynek Mlnarik
b8aa1916d8
KEYCLOAK-10195 Fix role lookup to address roles with dots
2019-05-14 13:00:04 +02:00
Kohei Tamura
43bda455bc
KEYCLOAK-10106 - Fix typos in default scripts ( #6010 )
2019-05-07 10:20:04 +02:00
Stefan Guilhen
f1acdc000e
[KEYCLOAK-10168] Handle microprofile-jwt client scope migration
2019-05-06 15:14:27 -03:00
Jan Lieskovsky
9eb400262f
KEYCLOAK-6055 Include X.509 certificate data in audit logs
...
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2019-04-30 11:31:04 +02:00
Sebastian Loesch
96250c9685
[KEYCLOAK-9573] Allow AdminEvents for custom resource types
2019-04-26 09:57:28 +01:00
Hynek Mlnarik
65326ce16a
KEYCLOAK-9629 Update cookie type
2019-04-24 07:18:41 +01:00
Sebastian Loesch
43393220bf
Add X.509 authenticator option for canonical DN
...
Because the current distinguished name determination is security provider
dependent, a new authenticator option is added to use the canonical format
of the distinguished name, as descriped in
javax.security.auth.x500.X500Principal.getName(String format).
2019-04-23 21:04:18 +02:00
keycloak-bot
49d4e935cb
Set version to 7.0.0-SNAPSHOT
2019-04-17 09:48:07 +01:00
Bekh-Ivanov George
ebcfeb20a3
[KEYCLOAK-10020] - Add ability to request user-managed (ticket) permissions by name
2019-04-12 08:44:57 -03:00
Takashi Norimatsu
9b3e297cd0
KEYCLOAK-9756 PS256 algorithm support for token signing and validation
2019-04-09 20:52:02 +02:00
Francesco Degrassi
1bf19ada7e
KEYCLOAK-9825: keep existing refresh token on token exchange requiring refresh if new one not provided in response
2019-04-09 15:21:56 -03:00
Francesco Degrassi
5b78063dce
KEYCLOAK-6614: Support requesting refresh tokens from Google using access_type=offline
2019-04-08 15:06:03 -03:00
Stefan Guilhen
2fa2437555
KEYCLOAK-5613 Add built-in optional client scope for MicroProfile-JWT
2019-04-02 08:40:19 -03:00
Hisanobu Okuda
b44c86bd26
KEYCLOAK-9833 Large SSO Session Idle/SSO Session Max causes login failure
2019-03-27 11:42:40 +01:00
vramik
b7c5ca8b38
KEYCLOAK-8535 Inconsistent SAML Logout endpoint handling
2019-03-22 14:09:31 +01:00
Pedro Igor
d2275ca563
[KEYCLOAK-7939] - Startup logs warning instead of error when admin user already exists
2019-03-21 11:44:17 -03:00
mposolda
db271f7150
KEYCLOAK-9572 Support for multiple CRLs with X509 authentication
2019-03-20 15:00:44 +01:00
Hynek Mlnarik
25c07f78bc
KEYCLOAK-9578 Fix typo in SAML attribute name format
2019-03-19 11:45:38 +01:00
Hynek Mlnarik
1c906c834b
KEYCLOAK-3373 Remove SAML IdP descriptor from client installation and publicize it in realm endpoint instead
2019-03-19 11:37:15 +01:00
fisache
a868b8b22a
[KEYCLOAK-9772] Permissions are duplicated
...
- when resource server is current user
2019-03-18 16:37:54 -03:00
stianst
8d42c9193b
KEYCLOAK-9838 Trim username in admin welcome page
2019-03-18 09:20:38 +01:00
vramik
3cc405b1c5
KEYCLOAK-8542 Remove resteasy workaround - KeycloakStringEntityFilter
2019-03-16 13:53:54 +01:00
mposolda
a48698caa3
KEYCLOAK-6056 Map user by Subject Alternative Name (otherName) when authenticating user with X509
2019-03-15 23:11:47 +01:00
Yaser Abouelenein
404ac1d050
KEYCLOAK-8701 changes needed to include x5c property in jwks
2019-03-15 06:01:15 +01:00
Axel Messinese
e18fb56389
KEYCLOAK-4978 Add endpoint to get groups by role
2019-03-15 06:00:17 +01:00
Corey McGregor
be77fd9459
KEYCLOAK-2339 Adding impersonator details to user session notes and supporting built-in protocol mappers.
2019-03-08 09:14:42 +01:00
rmartinc
231db059b2
KEYCLOAK-8996: Provide a way to set a responder certificate in OCSP/X509 Authenticator
2019-03-07 07:57:20 +01:00
keycloak-bot
e843d84f6e
Set version to 6.0.0-SNAPSHOT
2019-03-06 15:54:08 +01:00
Gilles
f295a2e303
[KEYCLOAK-3723] Fixed updated of protocol mappers within client updates in clients-registrations resource
2019-03-04 11:57:59 +01:00
vramik
5d205d16e8
KEYCLOAK-9167 Using kcadm to update an identity-provider instance via a json file does not work without an "internalId" present in the json
2019-02-27 14:56:36 +01:00
Stan Silvert
fe5966d224
KEYCLOAK-8602: PatternFly 4 integration
2019-02-25 08:26:54 -03:00
Simon Neaves
b5fbc04e5e
KEYCLOAK-9376 Add "aud" to DEFAULT_CLAIMS_SUPPORTED
...
See https://issues.jboss.org/browse/KEYCLOAK-9376?_sscc=t
2019-02-25 10:21:49 +01:00
Pedro Igor
99f8e5f808
[KEYCLOAK-9489] - Fixing fine-grained permission functionality
2019-02-22 09:22:14 -03:00
Steven Aerts
d36cb27bd9
KEYCLOAK-9526 admin console auth-url with hostname SPI
2019-02-21 11:55:11 +01:00
Guilhem Lucas
b666756b8f
KEYCLOAK-9320 Make theme properties available in email templates
2019-02-21 11:19:17 +01:00
stianst
e06c705ca8
Set version 5.0.0
2019-02-21 09:35:14 +01:00
Pedro Igor
34d8974e7f
[KEYCLOAK-9489] - User not able to log in to admin console when using query-* roles
2019-02-20 18:09:36 +01:00
Hynek Mlnarik
52840533c9
KEYCLOAK-9111 Fix for unhandled exception
2019-02-13 15:49:49 +01:00
Hynek Mlnarik
37e6b6ffc6
KEYCLOAK-9113 Add support for inspecting log messages for uncaught errors
2019-02-13 15:49:49 +01:00
stianst
7c9f15778a
Set version to 4.8.3.Final
2019-01-09 20:39:30 +01:00
Pedro Igor
382f6b0c2c
[KEYCLOAK-9185] - Update LinkedIn broker to LinkedIn API v2
2019-01-09 15:29:40 +01:00
stianst
7c4890152c
Set version to 4.8.2
2019-01-03 14:43:22 +01:00
Hynek Mlnarik
ca76f943c1
KEYCLOAK-9190 Update GoogleIdentityProvider endpoints
...
per https://accounts.google.com/.well-known/openid-configuration
2019-01-03 14:32:57 +01:00
stianst
07ccbdc3db
KEYCLOAK-9182
2019-01-03 14:28:35 +01:00
Hynek Mlnarik
2e52093ac5
KEYCLOAK-9123 Fix content-type check
2018-12-19 10:43:33 +01:00
mposolda
061693a8c9
KEYCLOAK-9089 IllegalArgumentException when trying to use ES256 as OIDC access token signature
2018-12-14 21:01:03 +01:00
mposolda
1237986fd0
KEYCLOAK-8838 Incorrect resource_access in accessToken when clientId contains dots
2018-12-13 10:31:27 +01:00
rmartinc
3c44e6c377
KEYCLOAK-9068: IDP-initiated-flow is not working with REDIRECT binding
2018-12-13 06:28:38 -02:00
mposolda
c51c492996
KEYCLOAK-9050 Change LoginProtocol.authenticated to read most of the values from authenticationSession
2018-12-12 13:30:03 +01:00
Stan Silvert
3ed77825a2
KEYCLOAK-8495: Account REST Svc doesn't require acct roles
2018-12-12 12:07:29 +01:00
mposolda
a7f57c7e23
KEYCLOAK-9021
2018-12-12 07:09:14 +01:00
mposolda
10eb13854e
KEYCLOAK-9028 Fix another NPE in Cors debug logging
2018-12-11 21:24:32 +01:00
Hynek Mlnarik
cea9e877ad
KEYCLOAK-9036 Fix NPE
2018-12-11 15:35:19 +01:00
MICHEL Arnault (UA 2118)
3f13df81ab
[KEYCLOAK-8580] Fixes and log improvements :
...
- fix buildChain method (return value)
- method setJVMDebuggingForCertPathBuilder removed as it doesn't output anything in server.log
- Performance : don't reload truststore on each authentication request
- Don't generate stacktrace while detecting intermediate CA's
- review log levels and messages : no log if
- log if truststore is not properly configured in standalone[-ha].xml
2018-12-10 13:58:58 +01:00
Hynek Mlnarik
dad12635f6
KEYCLOAK-9014 Fix displayed applications
2018-12-10 09:59:46 +01:00
Pedro Igor
0c39eda8d2
[KECLOAK-8237] - Openshift Client Storage
2018-12-06 10:57:53 -02:00
Hynek Mlnarik
27f145969f
KEYCLOAK-7936 Prevent registration of the same node
...
The root cause is that NodesRegistrationManagement.tryRegister can be
called from multiple threads on the same node, so it can require
registration of the same node multiple times. Hence once it turns to
tasks that invoke sendRegistrationEvent (called sequentially), the same
check has been added to that method to prevent multiple invocations on
server side, or invocation upon undeployment/termination.
2018-12-05 12:34:17 +01:00
Pedro Igor
e798c3bca2
[KEYCLOAK-8901] - Identity Provider : UserInfo response as JWT Token not supported
2018-12-05 09:28:12 -02:00
stianst
b674c0d4d9
Prepare for 4.8.0.Final
2018-12-04 13:54:25 +01:00
Pedro Igor
4355c89b9d
[KEYCLOAK-7365] - No need to check roles when refreshing tokens
2018-11-29 08:51:25 -02:00
rmartinc
1b37394276
KEYCLOAK-7242: LDAPS not working with truststore SPI and connection timeout
2018-11-29 11:21:46 +01:00
mposolda
6db1f60e27
KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs
2018-11-21 21:51:32 +01:00
Cédric Couralet
dc06a8cee3
Fix KEYCLOAK-8832 ( #5735 )
...
Avoid NullPointerException when browser sends "Origin" header and
allowedOrigin is null. This happens on chrome with admin console
2018-11-19 17:53:05 +01:00
Stian Thorgersen
f3bf1456ab
KEYCLOAK-8781 Mark OpenShift integration as preview. Fix issue in Profile where preview features was not enabled in preview mode. ( #5738 )
2018-11-19 17:32:21 +01:00
Hynek Mlnarik
548950ed8e
KEYCLOAK-8756 Consider also required actions of AuthenticationSession
2018-11-19 16:04:43 +01:00
Marek Posolda
f67d6f9660
KEYCLOAK-8482 Access token should never contain azp as an audience ( #5719 )
2018-11-19 14:38:41 +01:00
Stian Thorgersen
3756cf629b
KEYCLOAK-7081 Fixes for manual/qr mode switches on login config otp page ( #5717 )
2018-11-19 14:32:28 +01:00
Takashi Norimatsu
0793234c19
KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 ( #5603 )
...
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
also support client signed signature verification by refactored token
verification mechanism
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
incorporate feedbacks and refactor client public key loading mechanism
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
unsigned request object not allowed
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
revert to re-support "none"
2018-11-19 14:28:32 +01:00
Hynek Mlnarik
461dae20de
KEYCLOAK-8731 Ensure password history is kept in line with password policy
2018-11-19 12:48:51 +01:00
mposolda
0533782d90
KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB
2018-11-16 14:23:28 +01:00
Stan Silvert
0b36020bf5
KEYCLOAK-8759: Wrong RH-SSO name on Welcome Page
2018-11-15 13:00:55 -05:00
Leon Graser
85f11873c3
KEYCLOAK-8613 Group Membership Pagination
2018-11-15 17:54:07 +01:00
Gideon Caranzo
39bf08e1b9
KEYCLOAK-8783 also checked admin roles when realm admin client is specified
2018-11-15 14:23:18 +01:00
Gideon Caranzo
9f88abb022
KEYCLOAK-8783 only checked master and realm admin roles when roles are specified in imported realm
2018-11-15 14:23:18 +01:00
Thomas Darimont
cf57a1bc4b
KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
...
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.
SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.
Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
Pedro Igor
f5ae76d8e3
[KEYCLOAK-8768] - Policy evaluation tool failing when client is used and identity.getId is called
2018-11-14 19:16:41 -02:00
stianst
ecd476fb10
Prepare for 4.7.0.Final
2018-11-14 20:10:59 +01:00
Hynek Mlnarik
c3778e66db
KEYCLOAK-8260 Improve SAML conditions handling
2018-11-14 20:09:22 +01:00
Martin Kanis
6a23eb19f5
KEYCLOAK-8166
2018-11-14 20:09:22 +01:00
Martin Kanis
72b23c1357
KEYCLOAK-8160
2018-11-14 20:09:22 +01:00
Martin Kanis
0cb6053699
KEYCLOAK-8125
2018-11-14 20:09:22 +01:00
vramik
6564cebc0f
KEYCLOAK-7707
2018-11-14 20:09:22 +01:00
Bruno Oliveira da Silva
a957e118e6
Redirect URLs are not normalized
2018-11-14 20:09:22 +01:00
mposolda
0897d969b1
KEYCLOAK-7340
2018-11-14 20:09:22 +01:00
mposolda
1b5a83c4f1
KEYCLOAK-6980 Check if client_assertion was already used during signed JWT client authentication
2018-11-14 20:09:22 +01:00
Pedro Igor
cd96d6cc35
[KEYCLOAK-8694] - Mark Drools policy as tech preview
2018-11-09 11:08:49 -02:00
Pedro Igor
bce2aee144
[KEYCLOAK-8646] - Error deleting policies when admin events are enabled
2018-11-06 11:27:32 -02:00
rmartinc
cbe59f03b7
KEYCLOAK-8708: Provide aggregation of group attributes for mappers
2018-11-06 13:42:38 +01:00
Torbjørn Skyberg Knutsen
36b0d8b80e
KEYCLOAK-7166 Added the possibility of not logging out of remote idp on browser logout, by passing a query param containing the id of the identity provider
2018-11-06 13:39:19 +01:00
Pedro Igor
327991bd73
[KEYCLOAK-8716] - Issue with caching resolved roles in KeycloakSession
2018-11-06 10:27:04 -02:00
mposolda
ffcd8e09e7
KEYCLOAK-8175 Possibility of clientScope not being used if user doesn't have a role
2018-10-31 18:04:41 +01:00
mposolda
cfeb56e18a
KEYCLOAK-8641 Remove aud from the authorization tickets
2018-10-31 13:31:26 +01:00
mposolda
9652748ba9
KEYCLOAK-8484 Remove audience client scope template
2018-10-31 11:11:02 +01:00
Pedro Igor
f6943296c7
[KEYCLOAK-8489] - RPT request: Authorized Party's protocol mappers are being applied instead of the Audience's ones
2018-10-26 09:40:32 -03:00
Graser Leon
9ef4c7fffd
KEYCLOAK-8377 Role Attributes
2018-10-24 22:04:28 +02:00
Pedro Igor
2af9d002b6
[KEYCLOAK-8172] - Evaluation not considering scopes inherited from parent resources
2018-10-24 12:50:27 -03:00
Pedro Igor
a2b13715ed
[KEYCLOAK-8625] - Saving client settings will cause always adding default authorization settings
2018-10-24 10:18:04 -03:00
mposolda
c36b577566
KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken
2018-10-23 13:52:09 +02:00
Gideon Caranzo
7d85ce93bb
KEYCLOAK-8555 queried only realms with user storage provider to speed up user storage sync bootstrap
2018-10-19 09:53:58 +02:00
vramik
7a96911a83
KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
...
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
MICHEL Arnault (UA 2118)
ab8789739f
[KEYCLOAK-8580] Add Nginx certificate lookup provider
2018-10-16 07:53:18 +02:00
stianst
5f0424fb11
KEYCLOAK-8310 Change scheme option to alwaysHttps option
2018-10-15 14:00:00 +02:00
Stefan Guilhen
68a54abb09
KEYCLOAK-6757 Update MicrosoftIdentityProvider to use the Microsoft Graph endpoints
2018-10-15 12:46:15 +02:00
stianst
11374a2707
KEYCLOAK-8556 Improvements to profile
2018-10-12 12:26:37 +02:00
Gideon Caranzo
0e8d79bbfb
KEYCLOAK-8554 checked if master realm exist instead of number of realms for new installation check
2018-10-12 09:43:41 +02:00
stianst
aaa33ad883
KEYCLOAK-8509 Improvements to session iframe
2018-10-10 21:01:05 +02:00
rmartinc
0a6f43c1a1
KEYCLOAK-8490: Direct grants returns invalid credentials when user has pending actions
2018-10-10 20:18:20 +02:00
Toni Ristola
22d64368a6
KEYCLOAK-8191 Fixed DI that was not working
2018-10-09 08:22:43 -03:00
Pedro Igor
79ca722b49
[KEYCLOAK-7605] - Make sure Evaluation API is read-only
2018-10-09 08:09:29 -03:00
Moritz Becker
f17b5f0f49
fix KEYCLOAK-7572 consistently perform duplicate user checks during account update only if email changes
...
Fix test
2018-10-05 09:35:05 +02:00
stianst
86a2f28561
KEYCLOAK-8310 Add support to set fixed scheme on fixed hostname provider
2018-10-05 09:34:17 +02:00
gbtec-igormartens
c41bcddd8d
Update UserResource.java
...
In my opinion, the old documentation does not match the actual behaviour of the resetPassword method.
2018-10-04 12:54:49 +02:00
mposolda
2a4cee6044
KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers
2018-10-04 12:00:38 +02:00
Stan Silvert
dba513c921
KEYCLOAK-8419: Make most act mgt APIs only active in preview mode
2018-10-02 16:32:56 -04:00
Pedro Igor
b4b3527df7
[KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups
2018-10-02 15:44:23 -03:00
mposolda
4b9b189016
KEYCLOAK-8008 Ensure InputStream are closed
2018-10-01 16:06:32 +02:00
Martin Kanis
efe6a38648
KEYCLOAK-6718 Auth Flow does not Check Client Protocol
2018-09-26 21:00:02 +02:00
stianst
c3fc9e9815
Set version to 4.6.0.Final-SNAPSHOT
2018-09-26 20:58:41 +02:00
Pedro Igor
43f5983613
[KEYCLOAK-8289] - Remove authorization services from product preview profile
2018-09-26 18:27:27 +02:00
mposolda
3777dc45d0
KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch
2018-09-21 11:17:05 +02:00
Douglas Palmer
b748e269ec
[KEYCLOAK-7435] Added code to delete a specific session and tests for session deletion
2018-09-20 15:57:58 +02:00
Pedro Igor
6b0bc0b3be
[KEYCLOAK-8308] - Deprecate token_introspection_endpoint claim from OIDC discovery document
2018-09-19 09:46:50 -03:00
Rafael Weingärtner
3dd6f9cb85
Enable "DockerComposeYamlInstallationProviderTest" to run on Windows
2018-09-19 11:22:57 +02:00
Pedro Igor
aaf78297c9
[KEYCLOAK-7987] - Can't set authorization enabled when using kcreg
2018-09-18 10:00:16 -03:00
mposolda
99a16dcc1f
KEYCLOAK-6638 Support for adding audiences to tokens
2018-09-13 21:40:16 +02:00
slominskir
c4a651bcac
KEYCLOAK-7270 - Support for automatically linking brokered identities
2018-09-12 18:50:35 +02:00
Johannes Knutsen
d4a5c81034
KEYCLOAK-8146: Extract LocaleSelectorSPI to allow custom overrides of locale selection
2018-09-11 20:35:48 +02:00
stianst
26f257a6ac
KEYCLOAK-8264 Update OpenShift Token Review endpoint to support additional algorithms and to update session last refresh on token introspection
2018-09-11 19:57:38 +02:00
stianst
12f3d2115d
KEYCLOAK-8263 Add option to client to override access token timeout
2018-09-11 12:40:51 +02:00
stianst
24e60747b6
KEYCLOAK-7560 Refactor token signature SPI PR
...
Also incorporates:
KEYCLOAK-6770 ES256/384/512 providers
KEYCLOAK-4622 Use HS256 for refresh tokens
KEYCLOAK-4623 Use HS256 for client reg tokens
2018-09-11 08:14:10 +02:00
Takashi Norimatsu
5b6036525c
KEYCLOAK-7560 Refactor Token Sign and Verify by Token Signature SPI
2018-09-11 08:14:10 +02:00
Pedro Igor
0561d73ae2
[KEYCLOAK-6285] - HTTP Challenge Authentication Flow
2018-09-10 19:02:49 +02:00
stianst
bf758809ba
KEYCLOAK-6229 OpenShift Token Review interface
2018-09-07 08:21:28 +02:00
stianst
1fb4ca4525
Set version to 4.5.0.Final
2018-09-06 20:08:02 +02:00
stianst
c56e171f3a
KEYCLOAK-7608 Check if themes dir is null in FolderThemeProvider
2018-09-06 08:52:17 +02:00
Hynek Mlnarik
812e76c39b
KEYCLOAK-8163 Improve SAML validations
2018-09-05 15:47:03 +02:00
Pedro Igor
47066e1b89
[KEYCLOAK-8012] - Fix offline session support in authorization services
2018-09-04 15:07:49 -03:00
Pedro Igor
6a0a1031a1
[KEYCLOAK-7754] - Fixing compat issues with UMA spec in RPT Introspection Provider
2018-09-04 11:41:09 -03:00
June Zhang
237318dfd3
KEYCLOAK-7751 Auth welcome page
2018-09-04 07:55:08 +02:00
Hynek Mlnarik
54b5ec206e
KEYCLOAK-8183 Improve authz caching for negative cases
2018-08-31 18:31:55 +02:00
Hynek Mlnarik
bee3894cdf
KEYCLOAK-8150 Improve loading user list
2018-08-30 13:03:49 +02:00
mposolda
b70468341e
KEYCLOAK-7470 Ability to order client scopes
2018-08-29 14:37:27 +02:00
Jani
42553cdc44
[KEYCLOAK-7695] Restore token_type and expires_in for implicit flow
...
As KEYCLOAK-6585 concerns only hybrid flow, this commit restores the behavior for implicit flow.
This commit partially reverts #5041 (061049e41a6b0e6fb45c75f05748023ad7ab7d92).
2018-08-29 13:00:57 +02:00
AlistairDoswald
36837ae4b6
Added a ScriptMapper for SAML for KEYCLOAK-5520
...
Added mapper, tests and entry in the ProtocolMapper file.
This code is adapted from the following module: https://github.com/cloudtrust/keycloak-client-mappers
2018-08-29 09:39:30 +02:00
mposolda
31270e2f52
KEYCLOAK-7437 Support for prompt=consent
2018-08-29 08:35:29 +02:00
Johannes Knutsen
56c97407d4
KEYCLOAK-8152: Allow passing the current locale to OAuth2 identity providers
2018-08-28 15:52:23 +02:00
mposolda
6fc99cd749
KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
...
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
Martin Kanis
59082e0b5f
KEYCLOAK-7943 NPE when SAML User Property mapper is empty
2018-08-24 14:39:24 +02:00
Pedro Igor
9882341ecf
[KEYCLOAK-7725] - CORS should be set based on client making the request
2018-08-24 09:35:38 -03:00
Martin Kanis
248654a75e
KEYCLOAK-6706 E-mail verification won't let user back into the app
2018-08-21 16:30:15 +02:00
rmartinc
1b88eaf817
KEYCLOAK-8080 Audit the realm event configuration change
2018-08-20 21:01:38 +02:00
Corentin Dupont
b80701589c
[KEYCLOAK-7804] - Option to return resource body
2018-08-20 13:07:29 -03:00
Martin Kanis
d04791243c
KEYCLOAK-7970-KEYCLOAK-7222 Add clientId to action tokens
2018-08-20 15:25:24 +02:00
Pedro Igor
625f613128
[KEYCLOAK-4902] - Using streams to process requested permissions and limit support for scope responses
2018-08-17 11:00:53 -03:00
stianst
e406e8f1f0
KEYCLOAK-8069 Simplify config for fixed hostname provider
2018-08-17 14:47:14 +02:00
Hiroyuki Wada
730377a843
KEYCLOAK-7528 Set Cache-Control and Pragma header in token endpoint
2018-08-14 11:41:12 +02:00
Stefan Guilhen
f36e45cb10
[KEYCLOAK-4902] - Using streams to process scopes and cache improvements
2018-08-14 06:29:10 -03:00
Steffen Kreutz
ed72097862
KEYCLOAK-5289 Add support for Google's hd parameter
2018-08-14 11:08:57 +02:00
Stefan Guilhen
1912a8acf4
[KEYCLOAK-7885] Fix javadoc/log message typos
2018-08-13 22:09:17 -03:00
Sebastian Laskawiec
3449401ae2
KEYCLOAK-7635: Subject DN validation for x509ClientAuthenticator
2018-08-13 09:36:02 +02:00
sebastienblanc
02b2a8aab0
KEYCLOAK-7635 : Authenticate clients with x509 certificate
2018-08-13 09:36:02 +02:00
Stefan Guilhen
060b3b8d0f
[KEYCLOAK-4902] - Using streams when fetching resources
2018-08-09 16:28:31 -03:00
Hynek Mlnarik
a8a9631d4f
KEYCLOAK-6832 Unify Destination attribute handling
2018-08-09 10:30:30 +02:00
Pedro Igor
80e5227bcd
[KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests
2018-08-07 10:53:40 -03:00
Richard Kolkovich
72750b9882
KEYCLOAK-7954 treat empty string as null for skipping token verification
2018-08-07 11:13:15 +02:00
mposolda
959cd035ba
Set version to 4.3.0.Final-SNAPSHOT
2018-08-01 22:40:05 +02:00
ssilvert@win.redhat.com
e7e15652cf
KEYCLOAK-7479: Sanitize
2018-08-01 14:22:39 -04:00
Hynek Mlnarik
f57cc3a9c0
KEYCLOAK-5257 Clarify usage of TokenVerifier
2018-08-01 13:38:31 +02:00
mposolda
29da7d3d90
KEYCLOAK-7562 Fix ClientInitiatedAccountLinkTest#testErrorConditions
2018-08-01 13:33:23 +02:00
stianst
f99299ee39
KEYCLOAK-7967 Introduce Hostname SPI
2018-08-01 11:57:45 +02:00
stianst
ae47b7fa80
KEYCLOAK-7967 Remove injection of UriInfo
2018-08-01 11:57:45 +02:00
Takashi Norimatsu
665bcaebbb
KEYCLOAK-7959 OAuth 2.0 Certificate Bound Access Tokens in Rev Proxy
2018-07-31 21:53:46 +02:00
Hiroyuki Wada
398f7d950f
KEYCLOAK-7910 Store credentials when updating user via Admin REST API
2018-07-31 15:36:21 +02:00
Takashi Mogi
959e7b1b01
KEYCLOAK-7201 OIDC Identity Brokering with Client parameter forward
...
Forward "custom" (non-standard) query parameters to external IDP
2018-07-31 10:18:29 +02:00
ssilvert@win.redhat.com
6c593bab5a
Check credential confirmation on server side.
2018-07-30 13:15:02 -04:00
Hynek Mlnarik
f43519a16e
KEYCLOAK-6708 Fix NPE when email not set for email NameIDFormat
2018-07-27 11:10:35 +02:00
fisache
771d7f1724
[KEYCLOAK-7872] Fix. Remove Identity Provider Mapper when remove identity provider
2018-07-26 08:45:26 +02:00
ssilvert@win.redhat.com
0844aa8d68
KEYCLOAK-7857: Fix notifications
2018-07-25 08:59:25 -04:00
ssilvert@win.redhat.com
d73c4288ae
KEYCLOAK-7294: Password page - Angular
2018-07-25 08:59:25 -04:00
vramik
524ab44160
KEYCLOAK-6866 Error 404 after changing locale while authenticating using X.509
2018-07-24 17:24:32 +02:00
Daniil Filippov
af72c1374a
KEYCLOAK-7823 Fix HTTP status returned during SPNEGO auth
2018-07-24 10:38:42 +02:00
Hiroyuki Wada
7c0ca9aad2
KEYCLOAK-6313 Add required action's priority for customizing the execution order
2018-07-23 22:21:04 +02:00
Hynek Mlnarik
b43392bac8
KEYCLOAK-6577 KEYCLOAK-5609 Support dot in claim names by escaping with backslash
2018-07-23 14:46:25 +02:00
Pedro Igor
acc5f5c6d1
[KEYCLOAK-7864] - Authorization claim not set in refresh token when issuing a new refresh token
2018-07-19 09:56:59 -03:00
Pedro Igor
8b6979ac18
[KEYCLOAK-7849] - Improvements to RPT upgrade
2018-07-18 16:40:55 -03:00
Martin Kanis
34407957b9
KEYCLOAK-6314 Internal server error after T&C rejection
2018-07-18 15:05:22 +02:00
ssilvert@win.redhat.com
3e158c0321
KEYCLOAK-7846: Turn off disallowed features
2018-07-17 12:44:06 -04:00
Pedro Igor
90bfa2bff5
[KEYCLOAK-7781] - More validations to authorization requests
2018-07-13 09:18:05 -03:00
stianst
f022bc1269
[KEYCLOAK-5629] Add credential endpoints to account service
2018-07-12 13:00:25 -04:00
mhajas
5aebc74f8c
KEYCLOAK-7269 Setting more uris for Authorization Resource
2018-07-11 17:48:34 -03:00
mposolda
d0a824dde4
Updating version to 4.2.0.Final-SNAPSHOT
2018-07-05 07:42:48 -04:00
mposolda
8c66f520af
KEYCLOAK-7745 JTA error if offline sessions can't be preloaded at startup within 5 minutes
2018-07-04 10:22:13 +02:00
Pedro Igor
dafd567e68
[KEYCLOAK-7763] - NPE when enabling authorization to security-admin-console
2018-07-03 13:18:53 -03:00
ssilvert@win.redhat.com
d55ccf5312
KEYCLOAK-7015: Not allowing two users to have empty string emails addrs.
2018-07-03 11:04:36 -04:00
Pedro Igor
871be4ad87
[KEYCLOAK-7764] - Error when processing resource-less permissions
2018-07-03 10:35:11 -03:00
vramik
742a280f5d
KEYCLOAK-5556 support for POST for AuthorizationEndpoint
2018-07-03 10:38:10 +02:00
wyvie
1450a7fad4
[KEYCLOAK-7569] support for authentication flow update
...
Added support for the PUT method of the authentication flow endpoint in
the admin API.
Now it's possible to run the 'update' method for authentication/flows in
kcadm.sh.
2018-07-03 10:31:23 +02:00
stianst
3c5027de3c
KEYCLOAK-7701 Refactor key providers to support additional algorithms
2018-06-29 14:14:25 +02:00
Johannes Knutsen
fc3ca33033
Set hardcoded user session attribute after IDP first login flow
2018-06-26 10:31:55 +02:00
Takashi Norimatsu
2fb022e501
KEYCLOAK-7688 Offline Session Max for Offline Token
2018-06-26 08:25:06 +02:00
vramik
b478472b35
KEYCLOAK-7478 Add key query param to change locale url
2018-06-26 08:19:25 +02:00
Hynek Mlnarik
6b968796ce
KEYCLOAK-7667 Fix namespace handling when decrypting assertion
2018-06-21 13:09:18 +02:00
Hiroyuki Wada
c2012a595b
KEYCLOAK-7650 Don't display disabled identity providers
2018-06-19 08:55:24 -04:00
stianst
e1a0e581b9
Update to 4.1.0.Final-SNAPSHOT
2018-06-14 14:22:28 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support ( #5076 )
...
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes
Co-authored-by: vramik <vramik@redhat.com>
* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353
...
[KEYCLOAK-7353] Support Policy Management in Protection API
2018-06-07 11:05:49 -03:00
Ola Bergefall
c8c76cc03f
KEYCLOAK-7316: Default back to false if isPassive is missing in request.
2018-06-07 08:50:32 +02:00
Federico M. Facca
5a9bfea419
[KEYCLOAK-7353] Support Policy Management in Protection API
...
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Hynek Mlnarik
7ff18ca14b
KEYCLOAK-7331 Fix NPE when SAML Issuer not set in AuthnRequest
2018-06-06 16:21:18 +02:00
Takashi Norimatsu
c586c63533
KEYCLOAK-6771 Holder of Key mechanism
...
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
2018-06-05 08:18:29 +02:00
Pedro Igor
f8919f8baa
Merge pull request #5211 from pedroigor/KEYCLOAK-7367
...
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-06-04 09:35:13 -03:00
Jared Blashka
65c39763eb
KEYCLOAK-7356 Code to Token flow fails if initial redirect_uri contains a session_state parameter
2018-05-31 08:53:11 +02:00
Martin Kanis
f429469fc8
KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )
2018-05-31 08:44:34 +02:00
Takashi Norimatsu
eb97151476
KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
2018-05-28 22:15:43 +02:00
Pedro Igor
2b6597e9f1
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-05-25 16:18:15 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final ( #5224 )
2018-05-24 19:02:30 +02:00
Pedro Igor
e5d997a6c0
Merge pull request #5203 from martel-innovate/separate-ticket-permission-and-uma-permission-API
...
[KEYCLOAK-7354] - Split ticket management and permission endpoint
2018-05-17 15:22:55 -03:00
Federico M. Facca
76076cdb3c
[KEYCLOAK-7354] split ticket management and permission endpoint
...
see (https://issues.jboss.org/browse/KEYCLOAK-7354 )
* created new endpoint for ticket management /permission/ticket
* removed unused class
* support for direct creation of ticket by resource owner
* fix DELETE ticket
2018-05-16 15:10:39 +02:00
Timo Knapp
487539542a
KEYCLOAK-7325: Fix Issue regarding HTTP 500 Server Error for resource_set Endpoint in ProtectionService ( #5196 )
...
* KEYCLOAK-7325: Fix Issue regarding HTTP 500 Server Error for resource_set Endpoint in ProctectionService
2018-05-15 14:57:33 -03:00
Federico M. Facca
5cbe595fe3
This commit implement feature KEYCLOAK-7337
...
* return requester
when returnNames=true
* return requesterName
* return owernName
2018-05-11 21:08:16 +02:00
Pedro Igor
e84acd9898
Merge pull request #5177 from pedroigor/KEYCLOAK-7206
...
[KEYCLOAK-7206] - Search by user id on admin console
2018-05-04 09:11:49 -03:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT ( #5185 )
2018-05-02 14:32:20 +02:00
Martin Kanis
9505925363
Revert "KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )" ( #5183 )
...
This reverts commit a67da7bc59
.
2018-05-02 09:31:42 +02:00
pedroigor
ddceaaf3d5
[KEYCLOAK-7206] - Search by user id on admin console
2018-04-30 11:44:33 -03:00
Pedro Igor
e960642399
Merge pull request #5144 from pedroigor/KEYCLOAK-4903
...
[KEYCLOAK-4903] - Pushed Claims
2018-04-26 15:59:13 -03:00
Stan Silvert
35154db50f
KEYCLOAK-7123: l10n dropdowns ( #5170 )
...
* KEYCLOAK-7196: Add kc_locale to keycloak.js
* KEYCLOAK-7123: Localization dropdowns
* Update keycloak-service to latest keycloak.js
2018-04-25 15:04:12 -04:00
pedroigor
035ebc881a
[KEYCLOAK-4903] - Claim Information point Provider SPI and configuration
2018-04-25 10:16:41 -03:00
pedroigor
e813fcd9c8
[KEYCLOAK-4903] - Pushing claims when obtaining a permission ticket
2018-04-24 19:47:28 -03:00
mposolda
634e7170e3
KEYCLOAK-7158 RestartLoginCookie throws error when KC_RESTART cookie created by Keycloak 1.9
2018-04-23 21:56:13 +02:00
Martin Kanis
7efa45126c
KEYCLOAK-6991 NPE when importing realm from file
2018-04-19 14:26:50 +02:00
Oskars
3bef6d5066
KEYCLOAK-4538 Configurable clock skew when validating tokens ( #5014 )
...
* [master]: fix type for checkLoginIframeInterval
* [master]: KEYCLOAK-4538 Feature to tolerate a configurable amount of seconds of clock skew when validating tokens
* [master]: KEYCLOAK-4538 Fix unit test scenarios for token clock skew
* [master]: KEYCLOAK-4538 Reverted wildcard imports
* [master]: fix unit test to use longer intervals to make test less fragile.
2018-04-16 11:09:25 +02:00
Vlastimil Eliáš
c1311e4619
KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn OAuth2 endpoint ( #5125 )
...
* KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn
OAuth2 endpoint
* KEYCLOAK-6849 - LinkedIn social login provider test updated
* KEYCLOAK-6849 - LinkedIn social login provider test updated to
conditionally handle consent page when shown only
* Simplify the LinkedIn app authorization
This reverts commit c12359e7a13d9ff231fe2e25cddba66ad679a9cd.
2018-04-13 08:09:27 +02:00
Stan Silvert
095fec95e5
KEYCLOAK-7022 Fix l10n on Welcome page ( #5143 )
2018-04-11 12:05:07 -04:00
Hugo Guerrero
fac3118b0a
KEYCLOAK-6448 - implement instagram social broker ( #4963 )
...
* KEYCLOAK-6448 - implement instagram social broker
* Instagram SocialLogin Tests
2018-04-09 17:30:27 +02:00
Martin Kanis
a67da7bc59
KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )
2018-04-06 09:26:29 +02:00
Bill Burke
ffd9d957f4
Merge pull request #5123 from patriot1burke/kcadm-token
...
KEYCLOAK-7044 KEYCLOAK-7046
2018-04-04 17:22:17 -04:00
Stefan Guilhen
87abe5e648
[KEYCLOAK-6853] Make TimePolicyProvider use the kc.date.time_date contextual attribute when evaluating policies
2018-04-04 14:37:03 -03:00
Stan Silvert
701c318b60
KEYCLOAK-7047: Fix RegistrationEmailAsUsername and EditUserNameAllowed ( #5122 )
...
on personal info page.
2018-04-04 09:31:38 -04:00
Bill Burke
8a5428808e
KEYCLOAK-7044 KEYCLOAK-7046
2018-04-03 21:29:31 -04:00
Bill Burke
4078e84fb6
server driven success page
2018-03-31 10:16:44 -04:00
Bill Burke
f4a5e49b63
initial
2018-03-29 17:14:36 -04:00
Pedro Igor
5cae1bb134
Merge pull request #5093 from pedroigor/KEYCLOAK-4102
...
[KEYCLOAK-4102] - Support lazy load paths
2018-03-29 09:16:34 -03:00
Bill Burke
8d3dc790df
Merge pull request #5087 from patriot1burke/kcinit
...
KEYCLOAK-6813
2018-03-28 17:35:33 -04:00
Bill Burke
f5bacb79c1
review changes
2018-03-28 16:45:52 -04:00
pedroigor
4a425c2674
[KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config
2018-03-28 09:23:59 -03:00
Bill Burke
c38b6d585e
KEYCLOAK-528 ( #5103 )
2018-03-28 11:15:37 +02:00
Bill Burke
ad5f3fefc5
Merge remote-tracking branch 'upstream/master' into kcinit
2018-03-27 16:38:35 -04:00
Stan Silvert
80feb67fc2
KEYCLOAK-6494: Address load time of new acct mgt console ( #5100 )
...
* Optimize loading. min bundles, stop double-loading, rxjs-system instead of
plain rxjs, clean up 404's
* Create module loading hierarchy. Allows for lazy loading.
* Upgrade NG, remove jquery, load keycloak.js only from auth/js
* Delay systemjs loading. Load home page instead of account.
* KEYCLOAK-6496: Cleanup and polish code after optimizations.
* Fix message bundle to be back the way it was.
* Remove unused png's. Remove comments in index.ftl. Remove javaMessages.
2018-03-27 12:42:13 -04:00
pedroigor
e9e376419d
[KEYCLOAK-4102] - Removing create-resources configuration option
2018-03-27 09:51:13 -03:00
Pedro Igor
ffeb0420bf
Merge pull request #5079 from pedroigor/KEYCLOAK-6529
...
[KEYCLOAK-6529] - Resource Attributes
2018-03-27 09:30:38 -03:00
stianst
07fea02146
Bump versions to 4.0.0.Beta2-SNAPSHOT
2018-03-26 18:17:38 +02:00
wyvie
d40e9bd3c1
[KEYCLOAK-6814] check if HMAC exists during session restart
2018-03-26 10:05:39 +02:00
Bill Burke
f000cedcbb
Merge remote-tracking branch 'upstream/master' into kcinit
2018-03-20 16:49:43 -04:00
Jérôme Blanchard
f11c24e359
[KEYCLOAK-6147] Include Nonce in OIDC authentication
2018-03-20 10:51:44 +01:00
Bill Burke
8926837a3e
tests
2018-03-19 16:47:13 -04:00
Áron Bustya
82ba2b1b0d
remove changes from standard OIDC client registration, move constants
2018-03-19 19:31:22 +01:00
Áron Bustya
57f57f5c75
set request object mandatory for client, restrict delivery mode
...
handle new attribute in client representation
add to UI
2018-03-19 19:31:22 +01:00
pedroigor
08896ee9c9
[KEYCLOAK-6529] - Resource Attributes
2018-03-19 13:21:39 -03:00
Bill Burke
4bba11cd94
kcinit
2018-03-16 12:11:57 -04:00
Alex Szczuczko
e4781b8aa3
KEYCLOAK-6828 Drop jcenter repository from services/pom.xml
...
swagger2markup-maven-plugin depends transitively on markdown_to_asciidoc, which
is inexplicably not in Central. This causes issues during productisation, as
it's reasonably assumed that all third party artifacts will be in Central.
Stian has already asked the community project to get their artifacts in Central
( bodiam/markdown-to-asciidoc#26 ), and they haven't done anything in almost a
year. So, I've added the artifacts under my own namespace, and changed the pom
to use those instead. The artifacts are unchanged from the ones on jcenter,
except the pom was expanded slightly to meet the minimum requirements of
Central.
I'm making this change now, as I hit the problem when trying to set up
continuous productization builds from master.
2018-03-16 08:36:04 +01:00
Douglas Palmer
fed1b62c5d
[KEYCLOAK-6301] Remove service account when it is disabled from the client
2018-03-14 15:09:42 +01:00
Takashi Norimatsu
5b1e65c23e
KEYCLOAK-6700 Financial API Read and Write API Security Profile : state
...
hash value (s_hash) to protect state parameter
2018-03-13 16:40:34 +01:00
Takashi Norimatsu
e72756d01a
KEYCLOAK-6700 Financial API Read and Write API Security Profile : state hash value (s_hash) to protect state parameter
2018-03-13 16:40:34 +01:00
Pedro Igor
2aa71d1737
Merge pull request #5051 from pedroigor/KEYCLOAK-6787
...
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-12 11:41:49 -03:00
pedroigor
0a4fd79b22
[KEYCLOAK-6116] - Get email attribute from 'subject alternative name' using X509 certificate
2018-03-09 10:56:35 -03:00
Martin Hardselius
8549bd70b7
Add pairwise sub support to authorization services
...
Identity token verification will now fetch the user from the session
state instead of relying on the sub provided in the token. Also done in
KeycloakIdentity.
Resolves: KEYCLOAK-6659
2018-03-02 13:08:27 +01:00
pedroigor
1e1de85685
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-01 16:50:05 -03:00
pedroigor
cb531056a6
[KEYCLOAK-6621] - Fixing cache and queries of policies with type scope
2018-02-28 16:33:45 -03:00
Pedro Igor
91bdc4bde2
[KEYCLOAK-3169] - UMA 2.0 ( #4368 )
...
* [KEYCLOAK-3169] - UMA 2.0 Support
* [KEYCLOAK-3169] - Changes to account service and more tests
* [KEYCLOAK-3169] - Code cleanup and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - More tests
* [KEYCLOAK-3169] - Changes to adapter configuration
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring
* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests
* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers
* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console
* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console
* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests
* [KEYCLOAK-3169] - Removing more UMA 1.0 related code
* [KEYCLOAK-3169] - Only submit requests if ticket exists
* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - 403 response in case ticket is not created
* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent
* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
wyvie
f8022a5c2f
[KEYCLOAK-6585] hybrid flow: removed token_type and expires_in paramters from oidc auth response
2018-02-27 15:31:12 +01:00
vmuzikar
a2cc7bd4b9
KEYCLOAK-6709 Fix OpenShift IdP doesn't fetch user's full name
2018-02-27 12:28:42 +01:00
wyvie
52acd959e0
[KEYCLOAK-6584] removed not-before-policy parameter from authorization response
2018-02-26 17:41:18 +01:00
Josh Cain
24132c8f5b
Return location for execution and flow creation in admin interface. Also allow for retrieval of execution by ID
2018-02-26 17:00:17 +01:00
Hynek Mlnarik
e7cdb8ad54
KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers
2018-02-23 08:16:14 +01:00
Stian Thorgersen
9ef1f1b73c
KEYCLOAK-3482
2018-02-22 09:42:45 -03:00
Erlend Hamnaberg
208ecbc3f7
KEYCLOAK-6676: Fix NPE if the redirect_uri parameter is missing
2018-02-21 19:44:22 +01:00
mposolda
fc463ae50b
KEYCLOAK-6617 Offline token logout did not invalidate user session
2018-02-19 08:49:05 +01:00
cgol
86a8addf49
KEYCLOAK-6615 Remove offline session from database on offline token logout
...
remove offline token from database on offline session logout
2018-02-19 08:49:05 +01:00
stianst
9b63cd35f0
KEYCLOAK-6431
2018-02-13 19:38:46 +01:00
Hynek Mlnarik
84ea3f8cb1
KEYCLOAK-4315 Remove some dead/duplicate classes
2018-02-13 15:41:36 +01:00
Bill Burke
5d5373454c
Merge pull request #4991 from patriot1burke/challenge-support
...
KEYCLOAK-6355
2018-02-13 09:38:45 -05:00
Bill Burke
87ee15a081
fix
2018-02-12 16:52:55 -05:00
Bill Burke
d6788a0839
finish
2018-02-10 13:38:39 -05:00
stianst
505cf5b251
KEYCLOAK-6519 Theme resource provider
2018-02-09 08:28:59 +01:00
Bill Burke
5ea4ef9e55
change code query params to session_code
2018-02-08 17:37:27 -05:00
Douglas Palmer
e8de4655ac
KEYCLOAK-6344 Use POST instead of GET for LDAP connection tests
2018-02-08 21:18:03 +01:00
Jochen Preusche
8325151e16
Extract findLocale
to LocaleNegotiator
, add tests
...
* Improve Testability of Locale Negotiation
* Add test for Locale Negotiation
* Fix Locale Negotiation for omitted Country Code
2018-02-06 09:50:04 +01:00
Serhii Shymkiv
c2fe500eb8
[KEYCLOAK-4721] Consider Session Language of Realm Also In ReCaptcha
2018-02-02 13:57:03 +01:00
vramik
019c3c9ef9
KEYCLOAK-6146 realm import fails when password policy is specified
2018-02-02 08:30:06 +01:00
Thomas Darimont
77334af34e
KEYCLOAK-6222 Check syntax for errors on ScriptBasedOIDCProtocolMapper validation
...
We now explicitly check for syntax errors
during validation of ScriptBasedOIDCProtocolMappers.
2018-02-02 08:28:27 +01:00
Bill Burke
8f09efab9d
Merge pull request #4949 from patriot1burke/client-storage-spi
...
KEYCLOAK-6228
2018-02-01 08:59:02 -05:00
Bill Burke
126dd70efc
client stat improvement
2018-01-31 13:05:13 -05:00
Bill Burke
a571781240
hynek db changes
2018-01-30 17:00:55 -05:00
Vlastimil Elias
a5f675d693
KEYCLOAK-4937 - convert time units in emails into human-friendly format
2018-01-30 06:38:57 +01:00
Bill Burke
1d8e38f0c6
admin console
2018-01-27 13:05:02 -05:00
Bill Burke
dd4c0d448c
Merge remote-tracking branch 'upstream/master' into client-storage-spi
2018-01-27 09:47:41 -05:00
Bill Burke
6b84b9b4b6
done 1st iteration
2018-01-27 09:47:16 -05:00
Takashi Norimatsu
502627f590
KEYCLOAK-5811 Client Authentication by JWS Client Assertion in client secret
2018-01-26 10:59:40 +01:00
gregoirew
13261b52db
Use the github /user/emails api endpoint if the github user did not set any public email.
...
Github can send a null email on the user info endpoint if there is no public email on the user profile.
This commit look for email on the /user/emails endpoint, selecting the primary email.
2018-01-25 20:56:24 +01:00
Bill Burke
ddad1cb8af
Merge remote-tracking branch 'upstream/master' into client-storage-spi
2018-01-25 10:08:37 -05:00
Bill Burke
8a17b61f4e
initial work
2018-01-25 10:08:26 -05:00
Bill Burke
7c66f76858
Merge pull request #4932 from patriot1burke/per-client-flow
...
KEYCLOAK-6335
2018-01-25 09:55:11 -05:00
Thomas Darimont
3d12bf7d14
KEYCLOAK-4743 Revise proxy support for HttpClient SPI
...
Polishing & more tests.
2018-01-25 09:31:32 +01:00
Thomas Darimont
851d0192ad
KEYCLOAK-4743 Add proxy support to HttpClient SPI
...
We now provide a configurable way for dynamic proxy route selection
for the default HttpClient based on regex based targetHostname patterns.
Introduced `ProxyMapping` to describe a regex based mapping
between target hosts and the proxy URL to use.
A `ProxyMapping` can be build from an ordered list of string based
mapping representations, e.g:
```
^.*.(google.com|googleapis.com)$;http://localhost:8080
```
If the targetHost does not match a configured proxy mapping,
no proxy is used.
This can be configured via standalone.xml / jboss-cli, e.g.:
```
echo SETUP: Configure proxy routes for HttpClient SPI
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:add(enabled=true)
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:write-attribute(name=properties.proxy-mappings,value=["^.*.(google.com|googleapis.com)$;http://www-proxy1:8080 ","^.*.facebook.com$;http://www-proxy2:8080 "])
```
The new `ProxyMappingWareRoutePlanner` uses a configured `ProxyMapping`
to decide which proxy to use for a given request based on the target host
denoted by the HTTP request to execute.
I verified this manually with the BurpProxy Suite.
2018-01-25 09:31:32 +01:00
mposolda
6369c26671
KEYCLOAK-6286 Adding 'Exclude Session State From Authentication Response' switch to fix backwards compatibility with Keycloak 2.X adapters
2018-01-24 11:35:13 +01:00
Bill Burke
7b2e72d395
Merge remote-tracking branch 'upstream/master' into per-client-flow
2018-01-23 12:10:11 -05:00
Bill Burke
a9297df89c
KEYCLOAK-6335
2018-01-23 12:09:49 -05:00
Hynek Mlnarik
4ba72e2d2d
KEYCLOAK-5976 Fix client setting in brokered IdP-initiated scenario
2018-01-23 09:34:11 +01:00
stianst
f762173eb0
KEYCLOAK-3370 Add option to override theme in client template and client
2018-01-18 09:14:13 +01:00
stianst
35ada9d636
KEYCLOAK-6289 Add ThemeSelectorSPI
2018-01-18 09:14:13 +01:00
Thomas Darimont
bae4d4c673
KEYCLOAK-5791 Allow multi-valued ScriptBasedOIDCProtocolMapper
...
We now support multi-valued attribute values for the
`ScriptBasedOIDCProtocolMapper`.
Previously the `ScriptBasedOIDCProtocolMapper` only supported
single valued output. If a script returned a list of
output values then only the first value was emitted to the token.
By default multi-valued is set to `false` / `off`.
2018-01-11 08:52:24 +01:00
stianst
d8c0cc447f
KEYCLOAK-6090 Add missing cors headers with invalid username/password and resource owner grant
2018-01-02 15:15:15 +01:00
stianst
0bedbb4dd3
Bump version to 4.0.0.CR1-SNAPSHOT
2017-12-21 15:06:00 +01:00
Marko Strukelj
23d0afbfd8
KEYCLOAK-6058 Partial import should ignore built-in clients
2017-12-21 13:52:58 +01:00
stianst
f0c5752ef9
KEYCLOAK-5443 Fix update user account when both email as username and edit username are enabled
2017-12-20 14:40:03 +01:00
Bruno Oliveira
811cd3a04a
KEYCLOAK-6011
2017-12-20 13:37:11 +01:00
stianst
e96c6a4bcb
KEYCLOAK-6068 Fix preflight request on admin endpoints
2017-12-20 10:19:34 +01:00
stianst
465675ac28
KEYCLOAK-5019 Fixes for password managers
2017-12-19 16:13:16 +01:00
mposolda
5a66f577eb
KEYCLOAK-5982 Fix NPEs when client 'account' was renamed/removed
2017-12-18 21:47:17 +01:00
stianst
27b5e1aae2
KEYCLOAK-6050 Fix export doesn't export internal realm rep
2017-12-18 13:15:42 +01:00
stianst
b303acaaba
KEYCLOAK-2120 Added manual setup page for OTP
2017-12-18 11:20:20 +01:00
Bill Burke
118e998570
Merge pull request #4834 from pedroigor/KEYCLOAK-5806
...
[KEYCLOAK-5806] - Create policy button to associated policies
2017-12-16 23:44:35 -05:00
Bill Burke
80be4c9dbc
fix more
2017-12-16 07:12:32 -05:00
pedroigor
5d7ba39e0c
[KEYCLOAK-5806] - Create policy component to permission pages
2017-12-15 23:41:52 -02:00
Bill Burke
7cb39c2dfc
KEYCLOAK-5420
2017-12-15 12:16:24 -05:00
Hynek Mlnarik
e4a91c0706
KEYCLOAK-6042 Encode user ID before storing in auth session
2017-12-15 15:16:26 +01:00
stianst
a8943fb323
KEYCLOAK-6043 Use same urls for get and posts in account
2017-12-15 08:31:04 +01:00
Bruno Oliveira
1a541889f4
[KEYCLOAK-6015] replyTo can be empty string in DB
2017-12-15 07:01:15 +01:00
stianst
b672229efc
KEYCLOAK-6032 Fix error page when internationalization is enabled
2017-12-15 06:32:00 +01:00
Vlastimil Elias
7e20a65989
KEYCLOAK-6040 AuthenticationSessionModel pushing into
...
EmailTemplateProvider
2017-12-14 15:51:04 +01:00
Hynek Mlnarik
2a2e6c839b
KEYCLOAK-5635
2017-12-13 21:07:46 +01:00
Hynek Mlnarik
7174c0b4ec
KEYCLOAK-6025 Simplify easy access to current session in action token handlers
2017-12-12 17:53:44 +01:00
stianst
f939818252
KEYCLOAK-5907 Use client manager to delete clients in client registration services
2017-12-12 14:25:05 +01:00
mposolda
63efee6e15
KEYCLOAK-5938 Authentication sessions: Support for logins of multiple tabs of same client
2017-12-12 08:01:02 +01:00
stianst
867de9de50
KEYCLOAK-6010 Add CORS headers to keycloak.js
2017-12-11 14:24:12 +01:00
k-tamura
d7a90817f2
KEYCLOAK-6009 Fix incorrect String.format usage
2017-12-10 20:56:36 +01:00
Bill Burke
c9b218db71
Merge pull request #4823 from patriot1burke/master
...
KEYCLOAK-5724
2017-12-08 20:03:05 -05:00
Bill Burke
ce9f4bf97a
KEYCLOAK-5724
2017-12-08 10:25:30 -05:00
Bill Burke
5d5a200413
Merge pull request #4818 from patriot1burke/master
...
KEYCLOAK-5926
2017-12-08 09:59:32 -05:00
Hynek Mlnarik
00fb36437d
KEYCLOAK-5861 Remove AUTH_SESSION_ID when END_AFTER_REQUIRED_ACTIONS set
2017-12-08 09:52:14 +01:00
Hynek Mlnarik
4a012b73ea
KEYCLOAK-4998 Fix NPE in AttributeToRoleMapper
2017-12-08 09:21:21 +01:00
Bill Burke
49ba71fd8f
add logic for sync
2017-12-07 20:03:10 -05:00
Bill Burke
0dee393071
KEYCLOAK-5926
2017-12-07 19:49:10 -05:00
stianst
c055ffb083
KEYCLOAK-4215 Consider session expiration when setting token timeouts
2017-12-07 10:45:02 +01:00
stianst
cccddebfd0
KEYCLOAK-5984 Fix error message in client initiated
2017-12-06 19:46:11 +01:00
mposolda
8a0fa521c4
KEYCLOAK-5915 Support for sticky sessions managed by loadbalancer. Support for KeyAffinityService
2017-12-06 13:06:54 +01:00
Bill Burke
f669fdf0df
Merge pull request #4797 from stianst/KEYCLOAK-5734
...
KEYCLOAK-5734
2017-12-05 17:31:36 -05:00
stianst
94ce97b972
KEYCLOAK-5734
2017-12-05 21:22:47 +01:00
stianst
c3d9f4704e
KEYCLOAK-5946 Make sure wildcard origin is never returned
2017-12-04 19:55:34 +01:00
stianst
4541acc628
KEYCLOAK-5176 Strip headers from PEM when uploading to client
2017-12-04 19:54:15 +01:00
mposolda
ff6fcd30d9
KEYCLOAK-4478 OIDC auth response lacks session_state in some cases
2017-12-04 16:13:22 +01:00
stianst
37de8e9f69
Bump version to 3.4.2.Final-SNAPSHOT
2017-12-01 09:34:48 +01:00
mposolda
7b03eed9c8
KEYCLOAK-5797 Refactoring authenticationSessions to support login in multiple browser tabs with different clients
2017-11-30 12:56:45 +01:00
Peter Nalyvayko
b8e5fd2b99
KC-4335: working on adding a reverse proxy support to allow X.509 client certificate authentication when running keycloak behind a reverse proxy
...
KC-4335: reverse proxy => a swtich to change a type of reverse proxy when running the X509 integration tests; changes to the names of the reverse proxy providers
KC-4335: updated the migration scripts to add x509 spi to standalone and domain configurations; removed the HAproxy and apache x509 spi configuration
2017-11-30 11:00:32 +01:00
pedroigor
17748d5ba8
[KEYCLOAK-5660] - Adding UserQueryProvider.getUsersCount(realm, includeServiceAccount) method
2017-11-30 10:45:54 +01:00
Marko Strukelj
c5d9301951
KEYCLOAK-4920 NPE when exporting configuration without alias
2017-11-30 10:40:25 +01:00
Bruno Oliveira
6a528a3ee6
[KEYCLOAK-2645] Reset password page says 'You need to change your password to activate your account.'
2017-11-30 10:37:21 +01:00
stianst
2be78a0239
KEYCLOAK-5924 Add error handler for uncaught errors
2017-11-30 10:33:13 +01:00
Bruno Oliveira
af66c5dbd2
[KEYCLOAK-5483] X.509 Auth - log in attempt is not sometimes logged in the Login Events
2017-11-29 20:08:22 +01:00
Pedro Igor
d22c58ee30
Merge pull request #4760 from pedroigor/KEYCLOAK-5900
...
[KEYCLOAK-5900] - Returning error response when resource does not exist
2017-11-29 10:38:44 -02:00
pedroigor
c5b06f23e9
[KEYCLOAK-5900] - Returning error response when resource does not exist
2017-11-28 19:46:18 -02:00
pedroigor
bf73375a5c
[KEYCLOAK-5901] - Changing response to return a 400 in case scope is invalid
2017-11-28 19:32:41 -02:00
stianst
36314c51d6
KEYCLOAK-5856 Fix infinite loop
2017-11-28 07:54:49 +01:00
pedroigor
e3c9fa25a3
[KEYCLOAK-5770] - Global Saml Logout doesn't create logout event
2017-11-23 21:08:07 +01:00
Bill Burke
2117db5e6d
Merge pull request #4730 from patriot1burke/master
...
KEYCLOAK-4715
2017-11-22 12:45:23 -05:00
mposolda
bd1072d2eb
KEYCLOAK-5747 Ensure refreshToken doesn't need to send request to the other DC. Other fixes and polishing
2017-11-22 11:55:12 +01:00
Bill Burke
8993ca08ad
KEYCLOAK-4715
2017-11-21 17:46:48 -05:00
Bill Burke
06762ba13d
KEYCLOAK-5878
2017-11-20 17:03:28 -05:00
Marek Posolda
8e53ccf5ab
Merge pull request #4706 from stianst/KEYCLOAK-5383
...
KEYCLOAK-5383 Fix creating password in LDAP through admin create user…
2017-11-20 09:17:45 +01:00
Bill Burke
7c0c48da01
Merge pull request #4717 from patriot1burke/master
...
KEYCLOAK-5715
2017-11-17 12:59:36 -05:00
Bill Burke
ff5010cdd0
Merge pull request #4663 from mstruk/KEYCLOAK-5702
...
KEYCLOAK-5702 kcadm delete realm fails with nullpointer
2017-11-17 11:57:58 -05:00
Bill Burke
c66ff60c58
KEYCLOAK-5715
2017-11-17 11:34:32 -05:00
Stian Thorgersen
86fb18395e
KEYCLOAK-5383 Fix creating password in LDAP through admin create user endpoint
2017-11-15 21:20:00 +01:00
Pedro Igor
1bd2f0e98f
Merge pull request #4674 from thomasdarimont/issue/fix-npe-in-userpermissions
...
KEYCLOAK-5841 Fix NPE in deletePermissionSetup in UserPermissions
2017-11-15 10:22:44 -02:00
Pedro Igor
eebf0b0499
Merge pull request #4690 from pedroigor/KEYCLOAK-5824
...
[KEYCLOAK-5824] - Keycloak throws "Error while evaluating permissions" exception often
2017-11-14 18:35:56 -02:00
Pedro Igor
b0ccce397a
[KEYCLOAK-5824] - Fixing logging of error mesages
2017-11-14 11:28:21 -02:00
Stian Thorgersen
89f4b87038
KEYCLOAK-5567 Set correct status code on login error pages
2017-11-14 12:33:29 +01:00
Bruno Oliveira
03d0488335
[KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-13 19:57:04 -02:00
Stian Thorgersen
925d5e1dea
KEYCLOAK-3173 enable logout offline refresh token using OIDC logout endpoint
2017-11-13 18:23:39 +01:00
Stian Thorgersen
51c7917853
KEYCLOAK-5772 Missing produces type on welcome resource post
2017-11-13 16:38:42 +01:00
Stian Thorgersen
d02ffd33b3
KEYCLOAK-5721 Moved state checker from separate cookie to claim on identity cookie
2017-11-13 14:11:28 +01:00
Thomas Darimont
a5b73a365d
KEYCLOAK-5841 Fix NPE in deletePermissionSetup in UserPermissions
...
Previously a call to `UserPermissions#deletePermissionSetup`
always resulted in a NPE if the usersResource was null.
We now only try to delete the resourceStore information if
the given usersResource is not null.
2017-11-13 13:35:40 +01:00
Stian Thorgersen
90900b1a1f
KEYCLOAK-5825 Clear state checker for welcome on form submit
2017-11-10 13:40:29 +01:00
Stian Thorgersen
4295f4ec31
KEYCLOAK-1886 Added cors headers to errors in token endpoint
2017-11-10 12:01:21 +01:00
Marko Strukelj
7035a4647d
KEYCLOAK-5702 kcadm delete realm fails with nullpointer
2017-11-09 20:57:49 +01:00
Stian Thorgersen
128ff12f8f
Bump versions
2017-11-09 15:37:21 +01:00
Xiaojian Liu
19eed51582
KEYCLOAK-5352 Basic Auth fails if password contains a ':'
2017-11-09 13:56:02 +01:00
Xiaojian Liu
9ff22f596d
KEYCLOAK-5352 Basic Auth fails if password contains a ':'
2017-11-09 13:56:02 +01:00
Xiaojian Liu
e1af9f133f
KEYCLOAK-5352 Basic Auth fails if password contains a ':'
2017-11-09 13:56:02 +01:00
Bruno Oliveira
26e253f4a5
[KEYCLOAK-5284]
2017-11-09 13:45:06 +01:00
mposolda
701b7acd80
KEYCLOAK-5371 More stable cross-dc tests
2017-11-08 10:03:04 +01:00
Stian Thorgersen
b1a05dfce2
KEYCLOAK-5664 ( #4604 )
2017-11-07 10:09:34 +01:00
Hynek Mlnarik
fe2f65daac
KEYCLOAK-5581 Fix SAML identity broker context serialization
2017-11-03 21:09:18 +01:00
Pedro Igor
3716fa44ac
[KEYCLOAK-5728] - Permission Claims support
2017-10-27 12:40:30 -02:00
Pedro Igor
57d3c44bb7
[KEYCLOAK-4901] - New policy mgmt rest api should return specific representations for a policy type
2017-10-26 15:26:40 -02:00
Pedro Igor
a70cab502c
[KEYCLOAK-4901] - Reviewing methods on provider spis
2017-10-26 13:39:57 -02:00
Hynek Mlnařík
248da4687a
Merge pull request #4610 from hmlnarik/KEYCLOAK-5745-Extract-client-sessions-from-user-sessions
...
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 13:09:06 +02:00
Hynek Mlnarik
75c354fd94
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 10:39:41 +02:00
Bruno Oliveira da Silva
375e01a074
KEYCLOAK-5278 ( #4606 )
2017-10-25 15:27:24 +02:00
Stian Thorgersen
f0bbcbf0fd
KEYCLOAK-5487 ( #4603 )
2017-10-24 10:49:08 +02:00
Stan Silvert
9083e5fe5c
KEYCLOAK-5298: Enable autoescaping in Freemarker ( #4561 )
...
* KEYCLOAK-5298: Enable autoescaping in Freemarker
* Fix several of the failing tests.
* Fix broken tests in integration-deprecated
* Fix last failing test.
2017-10-23 12:03:00 -04:00
Stian Thorgersen
9b75b603e3
KEYCLOAK-5234 ( #4585 )
2017-10-23 16:13:22 +02:00
Stian Thorgersen
d9ffc4fa21
KEYCLOAK-5225 ( #4577 )
...
KEYCLOAK-5225 fix test
Fix
2017-10-19 08:23:16 +02:00
Stian Thorgersen
fea4c54adc
KEYCLOAK-5280 ( #4576 )
2017-10-19 08:02:23 +02:00
Bill Burke
649bca7618
KEYCLOAK-4328
2017-10-18 09:37:17 -04:00
Hynek Mlnarik
056ba75a72
KEYCLOAK-5656 Use standard infinispan remote-store
2017-10-16 21:49:42 +02:00
Bruno Oliveira da Silva
b6ab2852c2
Remove unused imports ( #4558 )
2017-10-16 14:23:42 +02:00
Bill Burke
31dccc9a5e
Merge pull request #4509 from TeliaSoneraNorge/KEYCLOAK-5032
...
KEYCLOAK-5032 Forward request parameters to another IdP
2017-10-13 18:47:05 -04:00
Bill Burke
46d3ed7832
Merge remote-tracking branch 'upstream/master'
2017-10-13 17:00:57 -04:00
Bill Burke
d9af93850c
KEYCLOAK-5683, KEYCLOAK-5684, KEYCLOAK-5682, KEYCLOAK-5612, KEYCLOAK-5611
2017-10-13 16:51:56 -04:00
mposolda
26f11078dc
KEYCLOAK-5371 Use managed executors on Wildfly
2017-10-11 11:09:53 +02:00
mposolda
f5ff24ccdb
KEYCLOAK-5371 Fix SessionExpirationCrossDCTest, Added ExecutorsProvider. Debug support for cache-servers in tests
2017-10-10 22:30:44 +02:00
Bill Burke
b0464f1751
Merge remote-tracking branch 'upstream/master'
2017-10-10 09:10:04 -04:00
Bill Burke
5bd4ea30ad
rev
2017-10-10 09:09:51 -04:00
Marek Posolda
d336667972
Merge pull request #4527 from Hitachi/master
...
OIDC Financial API Read Only Profile : scope MUST be returned in the response from Token Endpoint
2017-10-10 11:37:45 +02:00
Carl Kristian Eriksen
50dd07217d
KEYCLOAK-5032 Forward request parameters to another IdP
...
Forwarding of prompt and acr_values, if provided in the authorization request.
If prompt is set in the configuration for the identity provider, the configuration overrules the request parameter.
2017-10-09 16:15:27 +02:00
Marek Posolda
c6483f8b1e
Merge pull request #4523 from abustya/master
...
KEYCLOAK-5616 Processing of claims parameter
2017-10-09 11:14:23 +02:00
Bill Burke
c8516c2349
support social external exchange
2017-10-06 16:44:26 -04:00
Vlastimil Eliáš
c9da02912e
KEYCLOAK-2671 - FreeMarker form providers refactored for better ( #4533 )
...
extensibility
2017-10-05 13:37:32 +02:00
Takashi Norimatsu
6f6a467c7b
OIDC Financial API Read Only Profile : scope MUST be returned in the
...
response from Token Endpoint
2017-10-04 12:59:49 +09:00
Václav Muzikář
da146f13c1
KEYCLOAK-5566 Google IdP doesn't reliably fetch user's full name ( #4503 )
2017-10-03 20:56:25 +02:00
Áron Bustya
c2ffaa0777
Merge remote-tracking branch 'keycloak/master'
2017-10-03 14:53:40 +02:00
Áron Bustya
632414cc92
process claims parameter
...
also support parsing from request object
2017-10-03 14:51:46 +02:00
Bruno Oliveira da Silva
da72968085
KEYCLOAK-4401: Wrong message when a temporarily disabled user requests password reset ( #4506 )
2017-10-03 06:28:34 +02:00
mposolda
4a7013d550
KEYCLOAK-5440 RestartLoginCookie field 'cs' not marked ignorable
2017-10-02 14:19:27 +02:00
Bruno Oliveira da Silva
bb0bccc3c0
[KEYCLOAK-5486] Test email connection feature does not work the second time ( #4517 )
2017-10-02 13:14:50 +02:00
Marek Posolda
13fe9e7cf8
Merge pull request #4510 from glavoie/KEYCLOAK-3303
...
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93
KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT
2017-09-29 13:20:22 +02:00
Gabriel Lavoie
134daeac7f
KEYCLOAK-3303: Allow reuse of refresh tokens.
...
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b
Merge pull request #4209 from guitaro/feature/group-search-and-pagination
...
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Bill Burke
9db6a5e0df
Merge pull request #4497 from thomasdarimont/issue/KEYCLOAK-3599-add-script-based-protocol-mapper
...
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
2017-09-23 20:38:51 -04:00
Thomas Darimont
57c633967a
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
...
We now use the `ScriptingProvider` API instead of
using the `ScriptEngineManager` because dynamic
`ScriptEngineManager` lookups might fail in some
environments like JBoss EAP.
Refactored `AbstractOIDCProtocolMapper` to provide
a new version of the `setClaim(..)` method which takes a
`KeycloakSession` as additional argument.
The old `setClaim(..)` method is marked as deprecated and
should be scheduled for removal in a later release.
To ensure backwards compatibility we call the old `setClaim(..)`
from the new `setClaim(..,keycloakSession)` method in order
to not break user implementations of OIDC ProtocolMappers.
The existing OIDC ProtocolMappers which override the old
`setClaim(..)` method should be updated to use the new version
`setClaim(..,keycloakSession)`.
This was necessary to be able to lookup a `ScriptingProvider`.
2017-09-22 22:57:07 +02:00
Bill Burke
1599e6db6e
KEYCLOAK-5518
2017-09-22 16:38:50 -04:00
Bill Burke
537081ec9d
Merge pull request #4494 from patriot1burke/master
...
KEYCLOAK-5516
2017-09-22 16:38:13 -04:00
Bill Burke
3020a04a8b
Merge pull request #4490 from Fiercely/master
...
Keycloak 2035
2017-09-22 16:13:22 -04:00
Bill Burke
790e2dc69f
fix compiler bug
2017-09-22 15:43:13 -04:00
Thomas Darimont
236b2b9273
KEYCLOAK-3599 Add Script based OIDC ProtocolMapper
2017-09-22 21:24:20 +02:00
Bill Burke
eb4f7f3b21
KEYCLOAK-5516
2017-09-22 11:48:30 -04:00
howcroft
e78bf5f876
Keycloak 2035
...
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Bill Burke
8ace0e68c3
KEYCLOAK-910 KEYCLOAK-5455
2017-09-21 17:15:18 -04:00
Bill Burke
ab58052a4c
Merge pull request #4482 from patriot1burke/master
...
KEYCLOAK-5491 KEYCLOAK-5492 KEYCLOAK-5490
2017-09-19 14:01:40 -04:00
Marek Posolda
fa35249afd
Merge pull request #4480 from TeliaSoneraNorge/KEYCLOAK-5494
...
Fix introspection error for pairwise access tokens
2017-09-18 16:44:24 +02:00
Pedro Igor
e8ef050093
Merge pull request #4471 from pedroigor/KEYCLOAK-5095
...
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-18 09:32:47 -03:00
Martin Hardselius
6b687c4318
Fix offline validation errors
...
Refactored token validation method to run user checks only if the user
session is valid.
2017-09-18 11:26:57 +02:00
Bill Burke
f927ee7b4e
KEYCLOAK-5491 KEYCLOAK-5492
2017-09-15 16:30:45 -04:00
Bill Burke
3e6adbc904
KEYCLOAK-5490 ( #4477 )
2017-09-15 11:36:48 +02:00
Martin Hardselius
a4315f4076
Fix introspection error for pairwise access tokens
...
When access tokens containing a pairwise sub are introspected, user
related checks are using that sub to fetch the UserModel instead of
fetching the user from the UserSession. No corresponding user is found
(or possibly even another user) and the token is reported inactive.
Resolves: KEYCLOAK-5494
2017-09-15 10:31:47 +02:00
Bill Burke
c999a0d8f9
Merge remote-tracking branch 'upstream/master'
2017-09-14 21:17:12 -04:00
Bill Burke
affeadf4f3
KEYCLOAK-5490
2017-09-14 21:16:50 -04:00
Stian Thorgersen
ee35673615
KEYCLOAK-1250 Profile and console loader for new account management console
2017-09-14 19:53:02 +02:00
Levente NAGY
d18aa44fb4
Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination
2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7
KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache
2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f
Merge branch 'master' into feature/group-search-and-pagination
2017-09-13 10:27:38 +02:00
Hisanobu Okuda
b7af96aa4d
KEYCLOAK-5315 Conditional OTP enforcement does not work ( #4399 )
2017-09-13 06:58:59 +02:00
Martin Kanis
550e5f752a
KEYCLOAK-5146 TokenEndpoint returns wrong methods for preflight requests ( #4455 )
2017-09-13 06:23:11 +02:00
Pedro Igor
cdb3c159c5
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-12 16:59:20 -03:00
Pedro Igor
90db6654d3
Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
...
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00
Levente NAGY
c8c88dd58c
KEYCLOAK 2538 - UI group pagination - TU + some code improvement + add mockito dependency
2017-09-12 15:09:08 +02:00
Petter Lysne
7f8b5e032a
feat: added PayPal IDP ( #4449 )
2017-09-12 11:57:59 +02:00
Hynek Mlnarik
24e9cbb292
KEYCLOAK-4899 Replace updates to user session with temporary auth session
2017-09-11 21:43:49 +02:00
Levente NAGY
2c24b39268
KEYCLOAK 2538 - UI group pagination
2017-09-07 19:39:06 +02:00
Gabriel Lavoie
c1664478d9
KEYCLOAK-4858: Slow query performance for client with large data volume
...
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00
mposolda
fe43c26829
KEYCLOAK-5248 auth_time is not updated when reauthentication is requested with 'login=prompt'
2017-09-05 12:22:30 +02:00
Pedro Igor
fa6d5f0ee2
[KEYCLOAK-4653] - Identity.hasClientRole(String) and Identity.hasRole(String) break role namespaces and should be removed
2017-09-01 16:08:34 -03:00
filipelautert
e055589448
[KEYCLOAK-4778] Fix for Oracle null value when having an empty String as attribute value ( #4406 )
...
* Add client.name as a second parameter to the title expressions in login template
* Fixing tooltip.
* pt_BR localization for admin screens.
* Reverting login.ftl
* Added all tooltip messages - even the ones not translated.
Translated around 150 messages todas.
* More translations.
* Fixing wrong edit.
* [KEYCLOAK-4778] Null check on Attribute value. This value can be null when retrieved from an Oracle database.
* [KEYCLOAK-4778] Create unit tests for empty and null values.
* [KEYCLOAK-4778] Move empty and null attributes tests to a separated test method; change tests to empty or null Strings.
* [KEYCLOAK-4778] Check if value is null and set it as empty array. In the former code if null was received it would generate an array with 1 string element ["null"]. Also if we set value as null instead of ArrayList, later when the rest call is executed it will generate the same incorrect array again.
* [KEYCLOAK-4778] Tests clean up.
2017-08-31 06:09:41 +02:00
Wim Vandenhaute
924b4f651a
KEYCLOAK-5186 createUser: set federationLink ( #4316 )
2017-08-31 06:07:43 +02:00
Hynek Mlnařík
e36b94d905
KEYCLOAK-5318 Verify signature on raw query parameters ( #4445 )
2017-08-31 05:46:26 +02:00
Stian Thorgersen
d3dc26181e
KEYCLOAK-3481 ( #4441 )
2017-08-30 08:00:22 +02:00
Stian Thorgersen
dcfa4aca8c
KEYCLOAK-943 Started account rest service. Profile and sessions completed. ( #4439 )
2017-08-29 20:12:09 +02:00
Stian Thorgersen
463661b051
Set version to 3.4.0.CR1-SNAPSHOT
2017-08-28 15:46:22 +02:00
Stian Thorgersen
8cc1d02d46
KEYCLOAK-5342 ( #4431 )
2017-08-28 14:35:58 +02:00
Hynek Mlnařík
9ee8f72be9
\KEYCLOAK-5335 Destination attr in SAML requests is optional ( #4424 )
2017-08-28 08:06:48 +02:00
Stian Thorgersen
d58c6ad4e0
[KEYCLOAK-4900] Pass login_hint parameter to idp & review ( #4421 )
2017-08-25 10:14:38 +02:00
w9n
e173bf33ba
auth is already part of the serverBaseUri ( #4418 )
2017-08-25 08:16:01 +02:00
John Ament
30ea556a7a
KEYCLOAK-5285: Adding protected access. ( #4405 )
...
Allows FreemarkerEmailTemplateProvider to be more extensible.
2017-08-25 07:30:26 +02:00
Bill Burke
6696c44dc0
Merge remote-tracking branch 'upstream/master'
2017-08-24 15:19:48 -04:00
Bill Burke
7a57723c01
more token exchange
2017-08-24 15:19:38 -04:00
mposolda
fe5891fbdb
KEYCLOAK-5293 Add notBefore to user
2017-08-23 08:58:26 +02:00
Stian Thorgersen
20ac70d3fd
KEYCLOAK-5119 ( #4400 )
2017-08-22 08:07:36 +02:00
John Ament
5b179420fd
KEYCLOAK-5274: Check that authenticator config id is null before attempting to fetch it. ( #4404 )
2017-08-22 06:57:49 +02:00
mposolda
a6a6a62dc0
KEYCLOAK-5260 kc_idp_hint was only working first time
2017-08-18 11:09:17 +02:00
mposolda
089514d8a6
KEYCLOAK-4634 Cross-dc support for UserLoginFailures
2017-08-17 10:22:12 +02:00
Bill Burke
16954fc370
fix
2017-08-10 14:58:09 -04:00
Levente NAGY
c8aa708cff
Merge remote-tracking branch 'upstream/master'
2017-08-10 18:14:49 +02:00
Bill Burke
41cdd9db70
KEYCLOAK-5268
2017-08-10 09:36:45 -04:00
Bill Burke
fbeef3e75f
manageMembership not deleted
2017-08-10 09:25:44 -04:00
Bill Burke
45eac1093d
show permissions
2017-08-09 10:39:59 -04:00
Bill Burke
3470b1839d
Merge remote-tracking branch 'upstream/master'
2017-08-09 10:25:25 -04:00
Bill Burke
2fa55550f3
token exchange permissions
2017-08-09 10:04:14 -04:00
mposolda
a72c297d5d
KEYCLOAK-4187 Fix LoginCrossDCTest
2017-08-08 14:02:48 +02:00
Hynek Mlnarik
9ca72dc5c6
KEYCLOAK-4189 Improve logging and concurrency/cross-DC testing
2017-08-08 10:11:51 +02:00
Bill Burke
430fe60533
Merge pull request #4374 from patriot1burke/master
...
KEYCLOAK-5190
2017-08-07 14:19:23 -04:00
Bill Burke
ed5e880931
Merge remote-tracking branch 'upstream/master'
2017-08-07 12:02:50 -04:00
Bill Burke
c9b7504e3f
KEYCLOAK-5190
2017-08-07 12:02:18 -04:00
Bill Burke
3fce14d9ce
Merge pull request #4369 from patriot1burke/master
...
KEYCLOAK-5249
2017-08-03 09:57:55 -04:00
Bill Burke
3b5ca2bac0
Merge pull request #4366 from hmlnarik/KEYCLOAK-4694-null
...
KEYCLOAK-4694
2017-08-02 19:47:34 -04:00
Bill Burke
cf0ee31bc5
KEYCLOAK-5249
2017-08-02 19:42:35 -04:00
Hynek Mlnarik
4583a45e78
KEYCLOAK-4694
2017-08-01 09:57:12 +02:00
Bill Burke
8f542618f7
KEYCLOAK-4748
2017-07-31 10:36:04 -04:00
Bill Burke
486a0c9528
remove restriction
2017-07-28 16:25:32 -04:00
Bill Burke
6b991b850e
change role name
2017-07-28 16:20:23 -04:00
Bill Burke
852e9274d4
Merge remote-tracking branch 'upstream/master'
2017-07-28 16:15:53 -04:00
Bill Burke
db9b1bcb21
token exchange
2017-07-28 16:15:39 -04:00
mposolda
07e2136b3b
KEYCLOAK-4187 Added UserSession support for cross-dc
2017-07-27 22:32:58 +02:00
Hynek Mlnarik
ab05216730
KEYCLOAK-4775 Added encryption certificate to SAML metadata
2017-07-27 08:18:10 +02:00
Hynek Mlnarik
3c537f5f28
KEYCLOAK-4446 Do not encrypt SAML status messages
...
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
2017-07-26 11:22:56 +02:00
Hynek Mlnarik
c7046b6325
KEYCLOAK-4189 Preparation for cross-DC SAML testing
2017-07-25 09:44:36 +02:00
Marek Posolda
79a64657f7
Merge pull request #4331 from hmlnarik/KEYCLOAK-5209-IdpEmailVerificationAuthenticator-should-use-user-action-timeout
...
KEYCLOAK-5209 Make IdpEmailVerificationAuthenticator use user action …
2017-07-21 15:32:40 +02:00
Hynek Mlnarik
a192b6f50a
KEYCLOAK-5209 Make IdpEmailVerificationAuthenticator use user action timeout
2017-07-19 15:25:20 +02:00
Hynek Mlnarik
d52d685161
KEYCLOAK-4818 Fix undeclared namespace error in context serialization
2017-07-19 15:18:53 +02:00
Hynek Mlnarik
c36074c7f3
KEYCLOAK-4187 Minor updates (abstraction)
2017-07-18 15:08:06 +02:00
Bill Burke
27b4f0e25d
Merge pull request #4324 from patriot1burke/master
...
KEYCLOAK-5194
2017-07-15 09:26:51 -04:00
Bill Burke
a7940c6ffa
KEYCLOAK-5194
2017-07-14 18:29:48 -04:00
Bill Burke
1e059e3fa3
Merge pull request #4282 from cargosoft/KEYCLOAK-5131
...
KEYCLOAK-5131 ProviderFactory::postInit not called with hot deployment
2017-07-14 15:53:34 -04:00
Bill Burke
01152144bb
Merge pull request #4321 from hmlnarik/KEYCLOAK-4187-Minor-updates
...
KEYCLOAK-4187 Minor updates in API
2017-07-14 15:48:53 -04:00
Bill Burke
f68754290f
KEYCLOAK-5152
2017-07-14 14:14:38 -04:00
Hynek Mlnarik
ddcbee2bff
KEYCLOAK-4187 Minor updates in API
2017-07-14 15:40:43 +02:00
Bill Burke
b0a33c9765
KEYCLOAK-5155
2017-07-13 14:51:27 -04:00
mposolda
3fca731395
KEYCLOAK-5136 Improve browser refresh button after switch to different flow
2017-07-11 13:03:18 +02:00
mposolda
936efe872a
KEYCLOAK-5061 Process correct initial flow when action expired
2017-07-10 22:52:54 +02:00
mposolda
7be2c55f61
KEYCLOAK-5061 Better error messages when action expired
2017-07-10 19:50:28 +02:00
Marek Posolda
48eaebf1c3
Merge pull request #4293 from TeliaSoneraNorge/KEYCLOAK-5139
...
KEYCLOAK-5139 refresh token does not work with pairwise subject ident…
2017-07-10 11:21:34 +02:00
Pedro Igor
65251748c7
[KEYCLOAK-5148] - Create authorization settings when creating a new client using a config file
2017-07-05 18:19:00 -03:00
Pedro Igor
4b7c61111c
Merge pull request #4288 from pedroigor/KEYCLOAK-5135
...
[KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation
2017-07-05 08:22:23 -03:00
Martin Hardselius
8cb8678525
KEYCLOAK-5139 refresh token does not work with pairwise subject identifiers
2017-07-05 12:32:43 +02:00
Stian Thorgersen
c95aace6e0
KEYCLOAK-5141 Return '*' in Cors requests when '*' is in list of permitted origins. Stop caching well-known information as it can change. ( #4290 )
2017-07-05 09:25:21 +02:00
Stian Thorgersen
9a9f4137e5
KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested ( #4289 )
2017-07-04 21:18:34 +02:00
Pedro Igor
adffe16cb8
[KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation
2017-07-04 10:16:55 -03:00
Stan Silvert
32b16717a7
KEYCLOAK-4234: Link to app in acct mgt doesn't use root url ( #4285 )
...
* KEYCLOAK-4234: Link to app in acct mgt not use root url
* Add tests.
2017-07-04 07:01:58 +02:00
Dmitry Telegin
fba264433a
KEYCLOAK-5131 ProviderFactory::postInit not called with hot deployment
2017-07-03 12:20:29 +03:00
Stian Thorgersen
454c5f4d83
Set version to 3.3.0.CR1-SNAPSHOT
2017-06-30 09:47:11 +02:00
Bill Burke
999dff353c
Merge remote-tracking branch 'upstream/master'
2017-06-29 17:37:45 -04:00
Bill Burke
f5389b0e17
don't clean up properly
2017-06-29 17:36:45 -04:00
Sebastien Blanc
500a21685f
KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters ( #4255 )
...
* add rewrite rule config property
* add subsystem support for redirect rewrite
* update deployment unit test
* add license headers
* Optimize rewrite method
2017-06-29 12:50:42 +02:00
Stian Thorgersen
5e225c2bd5
Merge pull request #4266 from CoreFiling/FullNameMapper
...
Fallback to using username in FullNameMapper
2017-06-29 07:28:42 +02:00
Stian Thorgersen
c9bc321d2a
Merge pull request #4269 from stianst/dockerdockerdocker
...
KEYCLOAK-3592 Docker auth implementation
2017-06-29 07:23:47 +02:00
Stian Thorgersen
74fe9249d5
Merge pull request #4216 from machielg/master
...
KEYCLOAK-5026 Store credentials
2017-06-29 06:52:16 +02:00
Josh Cain
89fcddd605
KEYCLOAK-3592 Docker auth implementation
2017-06-29 06:37:34 +02:00
Stian Thorgersen
e964b156cc
Merge pull request #4264 from stianst/KEYCLOAK-5074
...
KEYCLOAK-5074 Allow updating client secret through client registratio…
2017-06-28 11:40:04 +02:00
Jay Anslow
bdc9e8d2c3
Omit empty name claim in FullNameMapper
...
If a user has no first or last name, don't add the `name` claim.
2017-06-28 09:40:57 +01:00
Stian Thorgersen
ce4506f367
Merge pull request #4261 from hmlnarik/KEYCLOAK-4377-null
...
KEYCLOAK-4377
2017-06-28 08:21:20 +02:00
Stian Thorgersen
1220d7f898
KEYCLOAK-5074 Allow updating client secret through client registration service
2017-06-28 08:11:51 +02:00
Hynek Mlnarik
a3ccac2012
KEYCLOAK-4377
2017-06-27 14:34:47 +02:00
Stian Thorgersen
4be0e36306
Merge pull request #4208 from ASzc/KEYCLOAK-4758
...
KEYCLOAK-4758
2017-06-27 11:35:43 +02:00
Stian Thorgersen
56c5996aff
Merge pull request #4259 from stianst/abstractj-KEYCLOAK-4444
...
KEYCLOAK-4444
2017-06-27 10:44:30 +02:00
Machiel Groeneveld
7849191ec7
Merge branch 'master' into master
2017-06-27 10:27:07 +02:00
Stian Thorgersen
06a318d7d5
KEYCLOAK-4444 Update for fine grained permissions
2017-06-27 08:38:51 +02:00
Bruno Oliveira
361ab1c988
[KEYCLOAK-4444] Allow sending test email
2017-06-27 08:38:36 +02:00
Stian Thorgersen
b4d39ca061
KEYCLOAK-4984 Don't update client registration access token on read
2017-06-27 08:29:03 +02:00
Léventé NAGY
1a50e77a4d
Merge branch 'master' into feature/group-search-and-pagination
2017-06-26 20:36:36 +02:00
Bill Burke
bc05560d4d
Merge remote-tracking branch 'upstream/master'
2017-06-26 11:41:12 -04:00
Bill Burke
28b3ef9aa9
admin console work
2017-06-26 11:40:32 -04:00
Bill Burke
22987bb90b
Merge pull request #4250 from mposolda/RHSSO-1027
...
KEYCLOAK-5085 Easy fix to just handle the exception
2017-06-26 10:04:02 -04:00
Bill Burke
f1807aead4
impersonate
2017-06-25 11:28:37 -04:00
mposolda
756d996a4a
KEYCLOAK-5085 RHSSO-1027 Fix to handle the exception thrown from alternative flow
2017-06-23 19:13:43 +02:00
Bill Burke
3ee86fedc7
Merge remote-tracking branch 'upstream/master'
2017-06-23 09:57:35 -04:00
Bill Burke
e7f781df5a
fix
2017-06-23 09:57:25 -04:00
Hynek Mlnarik
8f9ed32a66
KEYCLOAK-5078 ConcurrencyTest fails intermittently
...
This commit fixes 401 Unauthorized issues
2017-06-23 15:16:23 +02:00
Bill Burke
39dea4b078
restricting admin role mapping
2017-06-22 16:51:46 -04:00
Léventé NAGY
41d8d17062
Merge branch 'master' into feature/group-search-and-pagination
2017-06-22 17:41:30 +02:00
Levente NAGY
124bf43a27
[KEYCLOAK-2538] - groups count for pagination
2017-06-22 17:32:38 +02:00
Stian Thorgersen
6f731dfee9
Merge pull request #4118 from skjolber/feature/KEYCLOAK-3056-verify-signature-2
...
Some adjustments for KEYCLOAK-3056 / PR #3893
2017-06-22 08:44:32 +02:00
Marek Posolda
ab7a0c2252
Merge pull request #4248 from mposolda/client-initial-access-db
...
KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to…
2017-06-22 06:27:25 +02:00
Bill Burke
d08ddade2e
merge
2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc
removal
2017-06-21 17:42:57 -04:00
Bill Burke
2b1613d36b
Merge pull request #4064 from frelibert/KEYCLOAK-4781
...
KEYCLOAK-4781 Support for an AttributeStatement Mapper
2017-06-21 17:06:16 -04:00
Bill Burke
f1132ffabe
Merge pull request #4175 from mrezai/fix-pkce-s256-code-challenge
...
KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
2017-06-21 17:04:31 -04:00
mposolda
fc61a4e89f
KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model
2017-06-21 22:14:20 +02:00
Marek Posolda
eae0360eb1
Merge pull request #4243 from mposolda/KEYCLOAK-3316
...
KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid'
2017-06-20 22:05:23 +02:00
Pedro Igor
93d57c7d00
Merge pull request #4236 from CoreFiling/js-policy-performance
...
[KEYCLOAK-5072] - Improve performance of JSPolicyProvider
2017-06-20 15:11:40 -03:00
mposolda
32cf8b7cad
KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid'
2017-06-20 17:17:43 +02:00
mposolda
f363dbcad0
KEYCLOAK-4327 Switching language on User consent gives error
2017-06-20 09:21:41 +02:00
Bill Burke
57cb46148f
tests
2017-06-19 11:21:59 -04:00
Jay Anslow
7614ff8c6f
Extract EvaluatebleScriptAdapter
...
Precursor for InvocableScriptAdapter, which compiles/evaluates a script without affecting the engine's bindings. This allows the same script to be compiled once and then evaluated multiple times (with the same ScriptEngine).
2017-06-19 15:32:14 +01:00
Bill Burke
a994af9010
remove scope
2017-06-16 11:26:43 -04:00
Pedro Igor
93105a2182
[KEYCLOAK-5056] - @NoCache to scope admin api
2017-06-15 09:49:20 -03:00
Martin Hardselius
60942346f3
KEYCLOAK-4924: pairwise clients get duplicate subs in tokens
2017-06-14 10:47:40 +02:00
Hynek Mlnarik
a0f3a6469f
KEYCLOAK-4189 - Cross DC testing
2017-06-12 11:14:28 +02:00
Pedro Igor
f12cef2c86
[KEYCLOAK-4904] - Authorization Audit - Part 1
2017-06-09 13:31:06 -03:00
Machiel Keizer-Groeneveld
80f8815b9a
KEYCLOAK-5026 Store credentials
...
Credentials are stored with user creation if they are present in the UserRepresentation.
2017-06-09 09:32:33 +02:00
Bill Burke
94528976d4
console work
2017-06-07 16:29:43 -04:00
Levente NAGY
f377a45c4e
[KEYCLOAK-2538] - groups count for pagination limits
2017-06-07 20:52:22 +02:00
Levente NAGY
c4da7637d6
[KEYCLOAK-2538] - groups pagination and group search
2017-06-06 18:32:48 +02:00
Bill Burke
536a57a514
ui for permission reference
2017-06-05 19:52:51 -04:00
Alex Szczuczko
5d88c2b8be
KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam.
2017-06-05 16:24:38 -06:00
Pedro Igor
9be9e30ad6
Merge pull request #4206 from pedroigor/KEYCLOAK-4983
...
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-05 16:19:58 -03:00
Pedro Igor
23887f4031
Fixing tests and more client policy tests
2017-06-05 11:26:33 -03:00
Pedro Igor
3760f2753b
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-02 20:09:33 -03:00
Pedro Igor
d0f505455d
[KEYCLOAK-4991] - Allow clients to limit the number of permission in a RPT when using entitlements
2017-06-02 19:06:40 -03:00
Bill Burke
a41d282e92
client permission tests
2017-06-02 15:49:20 -04:00
Pedro Igor
813af5d757
[KEYCLOAK-4992] - Using query parameter metadata for GET requests
2017-06-02 16:13:04 -03:00
Thomas Skjølberg
241c58dd61
Add unit tests related to signatures, check that a signature is present when want assertion signing.
2017-06-02 15:36:52 +02:00
Bill Burke
b9f7a43a72
group permissions
2017-06-01 20:16:35 -04:00
Pedro Igor
dcd1a68d95
[KEYCLOAK-4992] - Allow clients to exclude resource_set_name from RPT
2017-05-31 19:33:34 -03:00
Pedro Igor
c4a0470a37
[KEYCLOAK-4987] - Remove async support from AuthZ Token Endpoints
2017-05-30 12:48:18 -03:00
Stian Thorgersen
a6e4245185
Merge pull request #4194 from stianst/KEYCLOAK-4888
...
KEYCLOAK-4888
2017-05-30 14:49:22 +02:00
Stian Thorgersen
8c53c5a90e
KEYCLOAK-4888
...
Change default hashing provider for realm
2017-05-30 09:54:05 +02:00
Thomas Darimont
7d0b461683
KEYCLOAK-4975 Use authenticationSession binding name in ScriptBasedAuthenticator
...
We now use authenticationSession instead of clientSession to reflect
the renaming of ClientSessionModel to AuthenticationSessionModel.
Note that this is a breaking change which needs to be mentioned in
the upgrade notes!
2017-05-29 18:14:02 +02:00
Bill Burke
c3ea847b3e
auth changes
2017-05-29 09:53:17 -04:00
mposolda
5560175888
KEYCLOAK-4626 Changed javadoc. Remove unused ClientSessionModel class
2017-05-25 18:51:05 +02:00
Pedro Igor
81f1a5b145
Merge pull request #4183 from pedroigor/stan-ui-fixes
...
[KEYCLOAK-4915] - Fixes to evaluation tool UI
2017-05-24 09:32:42 -03:00
mposolda
2b59db71a8
KEYCLOAK-3316 Remove the IDToken if scope=openid is not used
2017-05-24 09:23:14 +02:00
Pedro Igor
829bcf5eaf
Fix to evaluation tool
2017-05-23 17:50:06 -03:00
Pedro Igor
554e692d8f
Merge pull request #4171 from pedroigor/KEYCLOAK-4913
...
[KEYCLOAK-4913] - Caching more query methods
2017-05-23 17:40:51 -03:00
Stian Thorgersen
c442bcd8d3
Merge pull request #4174 from stianst/KEYCLOAK-4889
...
KEYCLOAK-4889
2017-05-23 14:26:15 +02:00
Stian Thorgersen
1b6405a28f
Merge pull request #4173 from hmlnarik/KEYCLOAK-4941
...
KEYCLOAK-4941
2017-05-23 14:00:43 +02:00
Stian Thorgersen
ef29097679
Merge pull request #4172 from hmlnarik/KEYCLOAK-4813-Destination-Validation-should-ignore-whether-default-port-is-explicitly-specified
...
KEYCLOAK-4813 Destination validation counts on port being not specified
2017-05-23 13:59:36 +02:00
Mohammad Rezai
acd78ee407
KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
2017-05-23 16:15:44 +04:30
Stian Thorgersen
130452f6c3
Merge pull request #4085 from mstruk/RHSSO-402
...
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-23 13:29:32 +02:00
Stian Thorgersen
097a2267f5
KEYCLOAK-4889
...
Improve error messages for password policies
2017-05-23 13:18:06 +02:00
Hynek Mlnarik
f47283f61a
KEYCLOAK-4813 Destination validation counts on port being not specified
2017-05-23 12:52:48 +02:00
Hynek Mlnarik
03b1dff1bd
KEYCLOAK-4941
2017-05-23 11:15:51 +02:00
mposolda
8adde64e2c
KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout
2017-05-23 09:08:58 +02:00
Pedro Igor
37a98fba20
[KEYCLOAK-4913] - Caching more query methods
2017-05-22 19:08:24 -03:00
Pedro Igor
62ffab7239
Exporting a client is updating policy config
2017-05-19 19:45:47 -03:00
Bill Burke
ab763e7c5b
fixes after merge
2017-05-19 15:54:36 -04:00
Bill Burke
f114895cd2
for merge
2017-05-19 11:29:26 -04:00
Bill Burke
2cac8b1bb7
KEYCLOAK-4929
2017-05-18 16:53:31 -04:00
Bill Burke
c291748f43
KEYCLOAK-4929
2017-05-18 16:48:04 -04:00
Marko Strukelj
7d0ca42c6c
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-15 12:13:58 +02:00
Bill Burke
954ef99f22
Merge remote-tracking branch 'upstream/master'
2017-05-12 10:10:29 -04:00
mposolda
7d8796e614
KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes.
2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02
KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token
2017-05-11 22:16:26 +02:00
mposolda
db8b733610
KEYCLOAK-4626 Fix TrustStoreEmailTest and PolicyEvaluationCompositeRoleTest. Distribution update
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01
KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes
2017-05-11 22:16:26 +02:00
mposolda
168153c6e7
KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
47aaa5a636
KEYCLOAK-4627 reset credentials and admin e-mails use action tokens. E-mail verification via action tokens.
2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a
KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
b55b089355
KEYCLOAK-4627 Changes in TokenVerifier to include token in exceptions. Reset credentials uses checks to validate individual token aspects
2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424
KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows
2017-05-11 22:16:26 +02:00
Hynek Mlnarik
19a41c8704
KEYCLOAK-4627 Refactor TokenVerifier to support more than just access token checks. Action tokens implementation with reset e-mail action converted to AT
2017-05-11 22:16:26 +02:00
mposolda
83b29c5080
KEYCLOAK-4626 AuthenticationSessions: start
2017-05-11 22:16:26 +02:00
mposolda
e4aba9e471
KEYCLOAK-4829 Access token from offline token falsely reported as inactive by token introspection
2017-05-11 21:17:04 +02:00
Stian Thorgersen
c3a2b3a6b6
KEYCLOAK-4523 PBKDF2WithHmacSHA256 and PBKDF2WithHmacSHA512 providers
2017-05-11 11:58:22 +02:00
Bill Burke
46ec12c41c
fixes
2017-05-10 14:19:10 -04:00
Bill Burke
a8a8ea4bcd
Merge remote-tracking branch 'upstream/master'
2017-05-08 13:49:03 -04:00
Bill Burke
f760427c5c
fine grain tests
2017-05-08 13:48:51 -04:00
Johannes Knutsen
47a8077426
KEYCLOAK-4862: Expose client description in ClientBean
2017-05-05 15:06:21 +02:00
Bill Burke
e1b6ba13cc
Merge pull request #3893 from anderius/feature/KEYCLOAK-3056-verify-signature
...
[WIP] Saml broker: Added wantAssertionsSigned and wantAssertionsEncrypted
2017-05-05 09:04:41 -04:00
Stian Thorgersen
8da766e02e
Merge pull request #4104 from sjvs/master
...
Fix three lgtm.com alerts: two possible NPEs, one possible int overflow
2017-05-05 13:13:02 +02:00
Marc Heide
d5c643eaf9
KEYCLOAK-4521: consider offline sessions if no active user session was found for user info endpoint
2017-05-04 15:25:09 +02:00
Bill Burke
c3b44e61d4
Merge remote-tracking branch 'upstream/master'
2017-05-01 14:51:07 -04:00
Bas van Schaik
2df1175315
Fix lgtm.com alert: potential NPE due to non-short circuit logic
...
The logical-AND operator '&&' evaluates its operands in order, which is
what is required here. The bitwise-AND operator '&' always evaluates all
operands, which will in some cases result in a NPE in the second
operand.
Details:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/dist-7900299-1490802114895/files/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java#V543
2017-04-28 14:51:51 +01:00
Eriksson Fabian
ca1152c3e5
KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
...
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Stian Thorgersen
87dedb56e5
Set version to 3.2.0.CR1-SNAPSHOT
2017-04-27 14:23:03 +02:00
Bill Burke
c7bdb489ee
Merge remote-tracking branch 'upstream/master'
2017-04-26 18:57:56 -04:00
Pedro Igor
0cad34abbe
Merge pull request #4087 from pedroigor/master
...
Checking realm role directly
2017-04-26 16:51:14 -03:00
Bill Burke
2276f99d54
Merge remote-tracking branch 'upstream/master'
2017-04-26 14:39:45 -04:00
Bill Burke
f67013bcb6
fix
2017-04-26 14:39:41 -04:00
Pedro Igor
4e43518b2a
Checking realm role directly
2017-04-26 15:39:37 -03:00
Johannes Knutsen
0809033924
KEYCLOAK-4780 Ensure Base64 encoded HMAC secret key is decoded before use
2017-04-26 16:04:44 +02:00
Stian Thorgersen
2913ee8e23
Merge pull request #4081 from stianst/KEYCLOAK-4785
...
KEYCLOAK-4785 Use realm name when creating admin console base url
2017-04-26 13:12:31 +02:00
Stian Thorgersen
f68b28db20
KEYCLOAK-4785 Use realm name when creating admin console base url
2017-04-26 12:39:56 +02:00
Pedro Igor
79c9078caa
[KEYCLOAK-4792] - Client credentials provider support and making easier to obtain authz client
2017-04-25 14:51:45 -03:00
Stian Thorgersen
84f5df4814
Merge pull request #4070 from stianst/KEYCLOAK-4671
...
KEYCLOAK-4671 Add server-private-spi to dependency deployer
2017-04-25 10:36:22 +02:00
Stian Thorgersen
54ee055bd8
KEYCLOAK-4671 Add server-private-spi to dependency deployer
2017-04-25 10:16:24 +02:00
Hynek Mlnarik
e8a65017fa
KEYCLOAK-4779 Fix NPE
2017-04-24 23:09:27 +02:00
Bill Burke
12cb295a35
Merge remote-tracking branch 'upstream/master'
2017-04-24 10:05:46 -04:00
Bill Burke
58868ca99f
prototype
2017-04-24 10:05:39 -04:00
Frederik Libert
b84f6d306d
KEYCLOAK-4781 Support for an AttributeStatement Mapper
2017-04-24 11:29:55 +02:00
Stian Thorgersen
f92ad70ff0
KEYCLOAK-4774 redirect_fragment doesn't work in Admin Console
2017-04-21 14:03:05 +02:00
Pedro Igor
df163d86e8
Merge pull request #4052 from pedroigor/KEYCLOAK-4754
...
[KEYCLOAK-4754] - Unable to delete realm when using aggregated policies
2017-04-20 13:23:09 -03:00
Pedro Igor
bf69bc94bb
[KEYCLOAK-4754] - Unable to delete realm when using aggregated policies
2017-04-20 12:10:52 -03:00
Stian Thorgersen
2a8b2aabb9
Merge pull request #4049 from stianst/KEYCLOAK-4738
...
KEYCLOAK-4738 Make sure script engine always uses correct classloader
2017-04-20 10:02:23 +02:00
Stian Thorgersen
1d03eb5f2b
Merge pull request #4045 from stianst/KEYCLOAK-4737
...
KEYCLOAK-4737 Admin Console redirect loop when hostname contains console
2017-04-20 09:29:41 +02:00
Stian Thorgersen
4da07474fa
KEYCLOAK-4738 Make sure script engine always uses correct classloader
2017-04-20 09:28:46 +02:00
Stian Thorgersen
8919015f74
KEYCLOAK-4287 Remove deprecated session iframe endpoint
2017-04-19 15:01:15 +02:00
Stian Thorgersen
0a0d2174e4
KEYCLOAK-4737 Admin Console redirect loop when hostname contains console
2017-04-19 14:43:56 +02:00
Pedro Igor
8e877a7f6c
[KEYCLOAK-3135] - More tests
2017-04-12 14:34:27 -03:00
Pedro Igor
eec712a259
[KEYCLOAK-3135] - Role and user policies apis
2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c
[KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests
2017-04-12 00:52:13 -03:00
Pedro Igor
d60dcb4c62
[KEYCLOAK-3135] - Some more tests and making policy type rest api more generic
2017-04-12 00:52:13 -03:00
Pedro Igor
8e64bc3e4d
Tests for new permission management rest api
2017-04-12 00:52:13 -03:00
Pedro Igor
0b8fc3d6e1
[KEYCLOAK-3135] - Fixing permission test
2017-04-12 00:52:13 -03:00
Pedro Igor
55f747ecd0
[KEYCLOAK-3135] - Part 1: Permission Management API
2017-04-12 00:52:13 -03:00
Bill Burke
9452d37926
Merge remote-tracking branch 'upstream/master'
2017-04-06 18:33:50 -04:00
Bill Burke
2e284bdd9b
fix protocol mappers
2017-04-06 18:33:06 -04:00
Bill Burke
54cd41c955
Revert "KEYCLOAK-4727 KEYCLOAK-4652 - Fixing protocol mappers when evaluating policies using the tool"
2017-04-06 18:24:31 -04:00
Pedro Igor
6a959b32fc
KEYCLOAK-4727 KEYCLOAK-4652 - Fixing protocol mappers when evaluating policies using the tool
2017-04-06 18:43:54 -03:00
Bill Burke
3ce0c57e17
Merge pull request #3831 from Hitachi/master
...
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Bill Burke
0fd11d16ee
Merge pull request #3983 from bartoszmajsak/oso_typo_fix
...
Fixes misspelled config class in Openshift provider
2017-04-06 15:29:44 -04:00
Bill Burke
6ca5b7de03
Merge pull request #3998 from cainj13/fixNullProtocols
...
Fix null protocols for default clients
2017-04-06 15:29:21 -04:00
Bill Burke
13afc0147e
close user/client session later
2017-04-06 15:07:40 -04:00
Bill Burke
201d2c6aac
Merge remote-tracking branch 'upstream/master'
2017-04-06 10:44:43 -04:00
Bill Burke
31074c3c8d
KEYCLOAK-4727 KEYCLOAK-4652
2017-04-06 10:44:33 -04:00
Stian Thorgersen
af4c74f1d9
Merge pull request #3718 from thomasdarimont/issue/KEYCLOAK-4163-improve-support-for-email-addresses
...
KEYCLOAK-4163 Improve support for e-mail addresses
2017-04-06 15:34:30 +02:00
Stian Thorgersen
6201257f76
KEYCLOAK-4549 [RH-SSO] EAP 7.1.0 Alpha16
2017-04-05 11:55:21 +02:00
Josh Cain
0482ec40fd
Fix null protocols in default realm applications
2017-03-31 16:13:38 -05:00
Pedro Igor
838a045239
[KEYCLOAK-4650] - Adding scope filter and fixing cancel buttons
2017-03-29 12:59:41 -03:00
Takashi Norimatsu
ef3aef9381
Merge branch 'master' into master
2017-03-28 16:21:40 +09:00
Stian Thorgersen
6b21b4d87b
KEYCLOAK-4657 Sort out REST API for prod profile
2017-03-27 20:50:13 +02:00
Bartosz Majsak
0197600565
Fixes misspelled config class
2017-03-27 09:38:47 +02:00
Bill Burke
71f0c01d4f
Merge pull request #3980 from patriot1burke/master
...
KEYCLOAK-4664 KEYCLOAK-4665
2017-03-25 20:12:22 -04:00
Bill Burke
8c2e756732
fix
2017-03-25 19:21:50 -04:00
Bill Burke
d8e98d1de6
KEYCLOAK-4665
2017-03-25 12:47:32 -04:00
Bill Burke
dd8a64f30c
KEYCLOAK-4664
2017-03-25 11:21:11 -04:00
Bartosz Majsak
63e8e7f842
Alings SimpleHttp API with new version
2017-03-23 13:51:14 +01:00
Bartosz Majsak
210143738e
Merge branch 'master' into oso_provider
2017-03-23 13:45:07 +01:00
Peter Nalyvayko
b2f10359c8
KEYCLOAK-4335: x509 client certificate authentication
...
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments
x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute
Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received
Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes
Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document
A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README
Changes to the formating of the readme
Added a list of features to readme
Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions
Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master
Removed a superfluous file created when merging x509 and main branches
X509 authentication: removed the PKIX path validation as superflous
Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main
Merge the unit tests from x509 branch
added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured
CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.
changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail
Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)
X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them
X509 fixed a compile error caused by the changes to the user model in master
Integration tests to validate X509 client certificate authentication
Minor tweaks to X509 client auth related integration tests
CRLs to support x509 client cert auth integration tests
X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime
X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class
X509 separated the browser and direct grant x509 authenction integration tests
x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator
x509 removed the dependency on mockito
x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests
index.txt.attr is needed by openssl to run a simple OCSP server
x509: minor grammar fixes
Add OCSP stub responder to integration tests
This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.
Replace printStackTrece with logging
This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.
Remove unused imports
Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.
Parameterized Hashtable variable
Removed unused CertificateFactory variable
Declared serialVersionUID for Serializable class
Removed unused CertificateBuilder class
The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.
Removing unused variable declaration
`response` variable is not used in the test, removed it.
Made sure InputStreams are closed
Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.
Removed deprecated usage of URLEncoder
Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.
Made it more clear how to control OCSP stub responder in the tests
X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job
KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests
KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Stian Thorgersen
a87ee04024
Bump to 3.1.0.CR1-SNAPSHOT
2017-03-16 14:21:40 +01:00
Bartosz Majsak
a250f08b6c
Removes trailing slash from the base url
2017-03-15 22:27:24 +01:00
Stian Thorgersen
feeac69197
Merge pull request #3888 from daklassen/KEYCLOAK-4421
...
KEYCLOAK-4421 Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-15 09:54:21 +01:00
Stian Thorgersen
2aa93d7d55
Merge pull request #3924 from daklassen/KEYCLOAK-2486
...
KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
2017-03-15 09:50:06 +01:00
Thomas Darimont
b782892769
KEYCLOAK-4163 Improve support for e-mail addresses
...
Added support for user friendly email addresses as well as dedicated
reply-to addresses for emails being sent by Keycloak.
Both can be customized via the email settings per realm in
the admin-console.
User friendly email addresses use the format:
"Friendly Name"<email@example.org> and provide way to add a meaning
full name to an e-mail address.
We also allow to specify an optional envelope from bounce address.
If a mail sent to a user could not be delivered the email-provider
will sent a notification to that address.
See: https://en.wikipedia.org/wiki/Bounce_address
Add test for proper email headers in sent messages
2017-03-14 18:22:54 +01:00
Bill Burke
6d51862057
Merge pull request #3897 from anderius/feature/KEYCLOAK-4504-redirect-logout
...
[WIP] Saml broker: Option to specify logout request binding
2017-03-14 11:32:26 -04:00
David Klassen
32d3f760ec
KEYCLOAK-4421: Change http url to https
...
Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-14 10:18:40 +01:00
Pedro Igor
9d1d22565c
Merge pull request #3938 from pedroigor/authz-fixes
...
AuthZ Services Fixes
2017-03-13 15:20:41 -03:00
Pedro Igor
e7e6314146
[KEYCLOAK-4555] - Fixes and improvements to evaluation code
2017-03-13 14:08:54 -03:00
Alexey Kazakov
063f5303dd
KEYCLOAK-4568 Identity broker service may fail to validate client session if there is more then one active session
2017-03-11 12:59:25 -08:00
Mark Pardijs
c78c0b73d3
KEYCLOAK-4360: Add OneTimeUse condition to SAMLResponse
...
Add OneTimeUse Condition to SAMLResponse when configured in client settings
2017-03-09 13:01:05 +01:00
David Klassen
7029ef80f8
KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
...
Update SimpleHTTP to use Apache HTTP client under the covers.
2017-03-09 09:23:09 +01:00
Thomas Darimont
1dea38bdbb
KEYCLOAK-4205 Allow to return json arrays in Client and Realm Role Mappers
...
Previously the ClientRoleMapper and RealmRoleMapper returned
roles as a comma delimited String in OIDC tokens which
needed to be parsed by client applications.
We now support to generate the role information as JSON
arrays by setting "multi valued" to "true" in the
client role mapper or realm role mappers respectively
which makes it easier for clients to consume.
The default setting for "multi valued" is "false" to
remain backwards compatible.
An example AccessToken that shows the two modes can be found here:
https://gist.github.com/thomasdarimont/dff0cd691cd6e0b5e33c2eb4c76ae5e8
2017-03-08 20:56:56 +01:00
Bill Burke
efffcc5f41
Merge pull request #3915 from TeliaSoneraNorge/KEYCLOAK-4524
...
KEYCLOAK-4524
2017-03-08 10:08:04 -05:00
Bill Burke
c6dc59f63e
Merge remote-tracking branch 'upstream/master'
2017-03-03 11:00:32 -05:00
Martin Hardselius
a0a85f62c6
KEYCLOAK-4524 possible to add identity prover mappers with same name into single identity provider
...
- unique name enforcement working
- test added
2017-03-03 16:40:49 +01:00
Bill Burke
3bb29e033b
KEYCLOAK-4501, KEYCLOAK-4511, KEYCLOAK-4513
2017-03-03 09:48:52 -05:00
Bartosz Majsak
1a6bb2fedb
Adds Openshift Identity Provider as part of social brokers
2017-03-02 15:14:57 +01:00
Marek Posolda
cfb8d25ff2
Merge pull request #3900 from KillerDiller/wellknownprovider-four-oh-four
...
KEYCLOAK-4519: Avoid NPE for unknown paths under .../.well-known/.
2017-03-02 12:22:35 +01:00
Marek Posolda
4f4ae44a16
Merge pull request #3896 from thomasdarimont/issue/KEYCLOAK-4505-expose-clientSession-binding-to-ScriptBasedAuthenticator
...
KEYCLOAK-4505 Expose current clientSession binding to ScriptBasedAuthenticator
2017-03-01 12:17:29 +01:00
mposolda
091b376624
KEYCLOAK-1590 Realm import per test class
2017-03-01 09:38:44 +01:00
Anders Båtstrand
8d82390843
KEYCLOAK-4504 New configuration option for SAML Broker:
...
* postBindingLogout: Indicates if POST or redirect should be used for the logout requests.
This applies to both IdP-initiated logout, and Keycloak-initiated logout. If unset (for example when upgrading Keycloak), the setting is initially set to the same as postBindingResponse.
The flag is also set when importing IdP metadata.
2017-02-28 12:08:22 +01:00
Bill Burke
0765b01189
Merge remote-tracking branch 'upstream/master'
2017-02-27 18:46:09 -05:00
Bill Burke
b4f625e1ce
KEYCLOAK-4501
2017-02-27 18:46:00 -05:00
Stefan Paletta
bcbde3fdf0
Avoid NPE for unknown paths under .../.well-known/.
2017-02-27 02:42:02 +01:00
Anders Båtstrand
89c6cda2ac
Two new configuration options for the Saml broker:
...
* wantAssertionsSigned: This will toggle the flag in the SP Metadata Descriptor, and validate the signature if and only if "Validate signature" is selected.
* wantAssertionsEncrypted: This will simply require that the assertion is encrypted.
Default behavior is unchanged. The signature validation uses the original XML, and supports therefore an IdP that adds whitespace and line breaks between tags (for example OpenAM).
2017-02-24 15:08:57 +01:00
Thomas Darimont
18a8ed3e95
KEYCLOAK-4505 Expose current clientSession binding to ScriptBasedAuthenticator.
...
Previously the ScriptBasedAuthenticator did not expose the current
clientSession from the AuthenticationFlowContext.
In order to implement client specific authentications with javascript
one needs information about the current client.
2017-02-24 14:01:10 +01:00
Stian Thorgersen
e2b1c97e26
KEYCLOAK-943 Added initial implementation for update profile
2017-02-24 13:19:29 +01:00
Stian Thorgersen
faf0e98665
Merge pull request #3736 from guusdk/api-documentation
...
Improving the generated REST API documentation
2017-02-20 15:30:32 +01:00
Stian Thorgersen
3653d7ed9a
Merge pull request #3762 from sldab/hide-providers
...
KEYCLOAK-4224 Allow hiding identity providers on login page
2017-02-17 12:04:35 +01:00
Bill Burke
c3e72b11db
KEYCLOAK-4382
2017-02-13 10:51:10 -05:00
Bill Burke
d9633dc20c
Merge remote-tracking branch 'upstream/master'
2017-02-09 09:13:00 -05:00
Stian Thorgersen
44180a68e6
Merge pull request #3845 from frelibert/KEYCLOAK-4378
...
KEYCLOAK-4378 New user attribute is not added after first login from …
2017-02-09 10:02:09 +01:00
Bill Burke
cf5e2a1d20
unlink/remoteimported
2017-02-08 19:48:22 -05:00
Frederik Libert
f3a552ac9d
KEYCLOAK-4378 New user attribute is not added after first login from broker
2017-02-07 15:37:16 +01:00
mposolda
8a16ab52a9
KEYCLOAK-4371 Offline Tokens still useless When SSO Session Max is Reached and normal userSession expired
2017-02-03 11:55:58 +01:00
Takashi Norimatsu
88bfa563df
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
...
7636 - Server Side Implementation
2017-02-03 10:38:54 +09:00
Bill Burke
1d04d56bdb
Merge pull request #3816 from patriot1burke/master
...
KEYCLOAK-4218
2017-02-01 08:55:10 -05:00
Bill Burke
0d308e2b69
KEYCLOAK-4218
2017-01-31 15:15:49 -05:00
Pedro Igor
57c74e3f39
[KEYCLOAK-4341] - Resources are not properly exported when exporting authorization settings
2017-01-31 13:10:25 -02:00
Stian Thorgersen
6f22f88d85
Bump version to 3.0.0.CR1
2017-01-26 06:18:11 +01:00
Stian Thorgersen
d1e491d57d
KEYCLOAK-4286 Add deprecated support for old keycloak.js
2017-01-25 15:59:43 +01:00
mposolda
2de2df3a41
KEYCLOAK-4282 Fix authorization import in DirImportProvider
2017-01-24 21:57:35 +01:00
mposolda
194a63cc71
KEYCLOAK-4282 Import authorization after users are imported
2017-01-24 17:32:34 +01:00
Stian Thorgersen
94ffeda62a
Merge pull request #3773 from hmlnarik/KEYCLOAK-4181-SAML-Response-without-any-assertion-leads-to-an-exception
...
KEYCLOAK-4181 Fix handling of SAML error code in broker
2017-01-24 10:33:05 +01:00
Marek Posolda
29c0fe564c
Merge pull request #3752 from mposolda/master
...
KEYCLOAK-4024 Migration of old offline tokens
2017-01-23 16:25:35 +01:00
Stian Thorgersen
15d0a116ac
Merge pull request #3769 from hmlnarik/KEYCLOAK-4167-Unable-to-validate-access-token-for-OIDC-External-IDP-using-configured-public-key
...
KEYCLOAK-4167 Always use preset key for verification if key ID not set
2017-01-23 13:59:35 +01:00
Hynek Mlnarik
5da491c270
KEYCLOAK-4181 Fix handling of SAML error code in broker
2017-01-19 16:30:06 +01:00
Hynek Mlnarik
f289b281a0
KEYCLOAK-4262
2017-01-19 16:00:03 +01:00
Stian Thorgersen
536b88790e
Merge pull request #3757 from mstruk/KEYCLOAK-4150
...
KEYCLOAK-4150 Unresolved variable ${cliane_security-admin-console} in admin web client
2017-01-19 13:55:36 +01:00
Bill Burke
73d3e8afd9
Merge pull request #3770 from patriot1burke/master
...
KEYCLOAK-4077
2017-01-19 07:35:10 -05:00
Hynek Mlnarik
df4f1e7129
KEYCLOAK-4167 Always use preset key for verification if key ID not set
2017-01-18 10:29:06 +01:00
Stian Thorgersen
5a0504b5d9
Merge pull request #3753 from hmlnarik/KEYCLOAK-4216-mod-auth-mellon-logout-failed-when-using-SSO
...
KEYCLOAK-4216 Fix NPE and logout binding choice
2017-01-18 08:40:02 +01:00
Stian Thorgersen
e364680792
Merge pull request #3721 from hmlnarik/KEYCLOAK-3399-End-session-endpoint-returns-error-when-keycloak-session-is-expired
...
KEYCLOAK-3399 Ignore user session expiration on OIDC logout
2017-01-18 08:38:53 +01:00
mposolda
843b4b470b
KEYCLOAK-2333 LDAP/MSAD password policies are not used when user changes password
2017-01-17 21:06:09 +01:00
Bill Burke
dcf6da2a51
KEYCLOAK-4077
2017-01-17 09:20:44 -05:00
Slawomir Dabek
9bb65ba9b7
KEYCLOAK-4224 Allow hiding identity providers on login page
2017-01-17 14:32:59 +01:00
Stian Thorgersen
1913f801b9
Merge pull request #3739 from hmlnarik/KEYCLOAK-2847-Unexpected-error-when-trying-to-update-clientTemplate-to-already-existing-name
...
KEYCLOAK-2847 Fix for client template duplicate name
2017-01-16 09:45:39 +01:00
Stian Thorgersen
5842f7c837
Merge pull request #3751 from stianst/KEYCLOAK-4192
...
KEYCLOAK-4192 Added missing produces annotations for update methods
2017-01-16 09:41:29 +01:00
Stian Thorgersen
178625d3f2
Merge pull request #3745 from velias/master
...
KEYCLOAK-4202 - Attribute importer of Social Identity providers doesn't handle JSON 'null' values correctly
2017-01-16 08:22:04 +01:00
Marko Strukelj
d68f6bbc42
KEYCLOAK-4150 Unresolved variable ${cliane_security-admin-console} in admin web client
2017-01-13 17:48:21 +01:00
Bill Burke
ffb688b393
Merge remote-tracking branch 'upstream/master'
2017-01-13 11:45:55 -05:00
Bill Burke
6aee6b0c46
KEYCLOAK-4220
2017-01-13 11:45:48 -05:00
Hynek Mlnarik
02eda8943c
KEYCLOAK-4216 Fix NPE and logout binding choice
2017-01-13 14:30:32 +01:00
mposolda
9ad14d991c
KEYCLOAK-4140 Migration of old offline tokens
2017-01-13 11:35:19 +01:00
Stian Thorgersen
ac9268bd48
KEYCLOAK-4192 Added missing produces annotations for update methods
2017-01-13 09:56:20 +01:00
Hynek Mlnarik
0b58bebc90
KEYCLOAK-2847 Fix for client template duplicate name
2017-01-13 09:32:28 +01:00
mposolda
93157e49d5
KEYCLOAK-4201 Offline tokens become useless when accessing admin REST API
2017-01-13 09:06:53 +01:00
Vlastimil Elias
f13deab812
KEYCLOAK-4202 - Attribute importer of Social Identity providers doesn't
...
handle JSON 'null' values correctly
2017-01-12 14:14:09 +01:00
Hynek Mlnarik
e11957ecf3
KEYCLOAK-4167 Make OIDC identity provider key ID configurable
2017-01-11 18:24:22 +01:00
Guus der Kinderen
ba73ab1c2a
API documentation: Overview to left-hand side
2017-01-10 17:08:32 +01:00
Guus der Kinderen
45f5fa6a74
API documentation: Introduce and group by tags.
...
This commit introduces grouping of the documented REST resources. The grouping is based
on a free-form name of a resource (a 'tag' in Swagger terminology), which is introduced
by adding a @resource javadoc tag to every Resource class.
2017-01-10 17:08:27 +01:00
Guus der Kinderen
50b7dbe7b2
API documentation: Update dependencies.
2017-01-10 17:08:14 +01:00
Marek Posolda
227900f288
Merge pull request #3731 from mposolda/master
...
KEYCLOAK-4175 Provide a way to set the connect and read timeout for l…
2017-01-10 09:49:18 +01:00
Stian Thorgersen
7eeebff874
Merge pull request #3720 from hmlnarik/KEYCLOAK-4091-Possible-NullPointerExceptions-with-disabled-cache
...
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-10 06:23:10 +01:00
Bill Burke
452611242c
Merge remote-tracking branch 'upstream/master'
2017-01-09 17:14:34 -05:00
Bill Burke
d075172fd2
KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118
2017-01-09 17:14:20 -05:00
mposolda
c32620b718
KEYCLOAK-4175 Provide a way to set the connect and read timeout for ldap connections
2017-01-09 21:35:58 +01:00
Pedro Igor
0b5b27ea3a
[KEYCLOAK-4166] - Export/Import clients functionality not working as expected
2017-01-06 16:07:10 -02:00
Hynek Mlnarik
9fb3201c8b
KEYCLOAK-3399 Ignore user session expiration on OIDC logout
2017-01-06 15:15:46 +01:00
Hynek Mlnarik
377fbced4a
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-06 10:00:11 +01:00
Bill Burke
f9eeecf836
test KEYCLOAK-4013
2017-01-05 11:27:17 -05:00
Pedro Igor
4044b39ab7
[KEYCLOAK-3517] - Filtering SAML ECP flow
2017-01-04 11:17:39 -02:00
Stian Thorgersen
f2ee9df600
KEYCLOAK-4116 Trim username on recover password page
2017-01-03 11:50:08 +01:00
Stian Thorgersen
45411b1199
KEYCLOAK-4090
2017-01-03 07:53:08 +01:00
Stian Thorgersen
902332c5ae
Merge pull request #3696 from stianst/KEYCLOAK-4038
...
KEYCLOAK-4038 Get bind credential from component if stored
2017-01-02 15:44:59 +01:00
Stian Thorgersen
08d7211a93
KEYCLOAK-4038 Get bind credential from component if stored
2017-01-02 14:40:12 +01:00
Stian Thorgersen
1c0e204f50
Merge pull request #3690 from stianst/master
...
Bump version to 2.5.1.Final-SNAPSHOT
2017-01-02 08:52:04 +01:00
Stian Thorgersen
d6e620a266
Merge pull request #3689 from stianst/KEYCLOAK-4133
...
KEYCLOAK-4133
2017-01-02 08:51:37 +01:00
Pedro Igor
31ed69a970
[KEYCLOAK-4136] - Missing update on resource_set endpoint
2016-12-29 11:59:42 -02:00
Stian Thorgersen
e805ffd945
Bump version to 2.5.1.Final-SNAPSHOT
2016-12-22 08:22:18 +01:00
Stian Thorgersen
40b5731198
KEYCLOAK-4133
...
Login status iframe endpoint doesn't set encoding
2016-12-22 08:20:55 +01:00
Stian Thorgersen
04179c5681
Merge branch 'KEYCLOAK-4004' of https://github.com/l-robinson/keycloak into l-robinson-KEYCLOAK-4004
2016-12-22 06:13:41 +01:00
Stian Thorgersen
d365d9d784
Merge pull request #3649 from sldab/bearer-client-credentials
...
KEYCLOAK-4086 Client credentials missing in bearer-only JSON config
2016-12-20 12:32:03 +01:00
Stian Thorgersen
f6323d94ec
Merge pull request #3676 from stianst/KEYCLOAK-4109
...
KEYCLOAK-4109 Ability to disable impersonation
2016-12-20 09:35:03 +01:00
Stian Thorgersen
eb7ad07e31
KEYCLOAK-4109 Ability to disable impersonation
2016-12-20 08:46:21 +01:00
Pedro Igor
0b3e867362
[KEYCLOAK-4034] - Minor changes to policy enforcer
2016-12-19 23:44:51 -02:00
Pedro Igor
c9c8acd029
[KEYCLOAK-4034] - Invalidating policy cache when creating resources and scopes
2016-12-19 20:28:49 -02:00
Pedro Igor
40591cff25
Merge pull request #3662 from pedroigor/KEYCLOAK-4034
...
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
5cf5168770
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:48:16 -02:00
Slawomir Dabek
16fb1e2078
KEYCLOAK-4086 Client credentials missing in bearer-only Keycloak OIDC JSON
2016-12-19 16:55:19 +01:00
mposolda
ac00f7fee2
KEYCLOAK-4087 LDAP group mapping should be possible via uidNumber in memberUid mode
2016-12-19 16:27:57 +01:00
Marek Posolda
c6363aa146
Merge pull request #3630 from sldab/duplicate-email-support
...
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 15:37:18 +01:00
Pedro Igor
c9c9f05e29
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 11:22:37 -02:00
Stian Thorgersen
3bd3d0285d
Merge branch 'duplicate-groups' of https://github.com/ssilvert/keycloak into ssilvert-duplicate-groups
2016-12-19 13:07:39 +01:00
Stian Thorgersen
b8adfcad87
Merge pull request #3658 from hmlnarik/KEYCLOAK-4095--Not-Recently-Used-Password-Policy-with-value-set-to-1-doesn-t-work
...
KEYCLOAK-4095 Fix for expiring passwords
2016-12-19 12:15:26 +01:00
Slawomir Dabek
93cec9b3ee
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 10:55:12 +01:00
Stian Thorgersen
f29bb7d501
KEYCLOAK-4092 key provider for HMAC signatures
2016-12-19 10:50:43 +01:00
Hynek Mlnarik
787a3f8fcc
KEYCLOAK-4095 Fix for expiring passwords
2016-12-16 14:45:05 +01:00
Bill Burke
a4cbf130b4
Merge pull request #3592 from sldab/default-hooks
...
KEYCLOAK-4074 Decoupling of default provider implementations
2016-12-16 08:42:55 -05:00
Hynek Mlnarik
5453bec1bf
KEYCLOAK-4079, KEYCLOAK-4080 Fix for single-valued claims
2016-12-16 10:00:36 +01:00
Stian Thorgersen
9be9d3f580
Merge pull request #3651 from stianst/KEYCLOAK-4081
...
KEYCLOAK-4081
2016-12-15 15:53:39 +01:00
Bill Burke
3c2a12d019
Merge pull request #3648 from patriot1burke/master
...
KEYCLOAK-3451
2016-12-14 15:46:24 -05:00
Bill Burke
56f9aa41d0
KEYCLOAK-3451
2016-12-14 15:04:53 -05:00
Stian Thorgersen
394676222f
Merge pull request #3616 from sldab/fix-cors
...
KEYCLOAK-4047 WebOrigins not expanded in CORS handling of token endpoints
2016-12-14 15:13:49 +01:00
Stian Thorgersen
e316037910
KEYCLOAK-4081
2016-12-14 11:22:10 +01:00
Stian Thorgersen
97a08a1d99
Merge pull request #3644 from stianst/KEYCLOAK-4071
...
KEYCLOAK-4071
2016-12-14 09:55:55 +01:00
Stian Thorgersen
480d4e6f4f
KEYCLOAK-4071
2016-12-14 07:01:54 +01:00
mposolda
40216b5e7d
KEYCLOAK-3921 LDAP binary attributes
2016-12-13 18:31:26 +01:00
Slawomir Dabek
7ad028fcb1
KEYCLOAK-4074 Added hooks to default implementations of direct grant authenticators
...
and email sender.
2016-12-13 15:32:39 +01:00
Bill Burke
62029e8a33
KEYCLOAK-3506
2016-12-10 11:59:29 -05:00
Bill Burke
10fc7302eb
Merge pull request #3632 from hmlnarik/KEYCLOAK-4057-MS-AD-FS-does-not-recognize-certificate-for-POST-signed-AuthnRequest-for-brokering
...
KEYCLOAK-4057 Do not include KeyName for brokered IdPs
2016-12-09 09:09:13 -05:00
Hynek Mlnarik
24a36e6848
KEYCLOAK-4057 Do not include KeyName for brokered IdPs
...
Active Directory Federation Services require that the subject name
matches KeyName element when present. While KeyName is beneficial for
Keycloak adapters, it breaks functionality for AD FS as the name
included there is a key ID, not certificate subject expected by AD FS.
This patch contains functionality that excludes KeyName from SAML
messages to identity providers. This behaviour should be made
configurable per client/identity provider and is prepared to do so,
however actual GUI changes are left for a separate patch.
2016-12-09 14:33:40 +01:00
Bill Burke
1f0600044a
KEYCLOAK-3967
2016-12-08 19:29:02 -05:00
Bill Burke
d3e3990d77
Merge pull request #3629 from patriot1burke/master
...
KEYCLOAK-2806
2016-12-08 17:36:28 -05:00
Bill Burke
4a80f1e913
Merge remote-tracking branch 'upstream/master'
2016-12-08 17:05:46 -05:00
Bill Burke
0550bdb467
KEYCLOAK-3214
2016-12-08 16:47:17 -05:00
Bill Burke
5f07fa8057
KEYCLOAK-2806
2016-12-08 16:28:22 -05:00
mposolda
e7f6c780e2
KEYCLOAK-4058 Improve LDAPStorageMapper and remove LDAPStorageMapperBridge
2016-12-08 18:35:56 +01:00
Bill Burke
75e2b404c8
Merge pull request #3618 from abstractj/KEYCLOAK-3685
...
[KEYCLOAK-3685]: Username not updated when "Email as username" is enabled
2016-12-06 22:06:55 -05:00
Bill Burke
7271fdaaaa
KEYCLOAK-3509
2016-12-06 18:52:37 -05:00
Bill Burke
68c8bfa0e1
KEYCLOAK-2705
2016-12-06 17:32:41 -05:00
Bruno Oliveira
ddb201db6c
[KEYCLOAK-3685]: Username not updated when "Email as username" is enabled
2016-12-06 19:46:31 -02:00
Slawomir Dabek
4069be3ff6
KEYCLOAK-4047 Expand + to valid WebOrigins in Cors class
2016-12-06 20:22:35 +01:00
Bill Burke
77d17de14d
Merge pull request #3611 from patriot1burke/master
...
KEYCLOAK-3620
2016-12-06 08:18:36 -05:00
Bill Burke
bab08bf8f0
Merge remote-tracking branch 'upstream/master'
2016-12-06 08:18:05 -05:00
Bill Burke
6587cd2478
KEYCLOAK-3620
2016-12-05 17:51:06 -05:00
Bill Burke
693d6c0e5d
Merge pull request #3608 from hmlnarik/KEYCLOAK-4035
...
KEYCLOAK-4035 Composite roles need to be expanded in SAML attribute mapper
2016-12-05 14:44:21 -05:00
Bill Burke
952c1decf0
Merge pull request #3607 from patriot1burke/master
...
KEYCLOAK-4033
2016-12-05 14:44:07 -05:00
Bill Burke
f03d79c7d3
Merge pull request #3603 from thomasdarimont/issue/KEYCLOAK-3969-Allow-authentication-via-ScriptAuthenticator-without-user
...
KEYCLOAK-3969 Allow use of ScriptAuthenticator without user
2016-12-05 10:19:02 -05:00
Hynek Mlnarik
3c4114091f
KEYCLOAK-4035 Composite roles need to be expanded in SAML attribute mapper
2016-12-05 16:16:08 +01:00
Bill Burke
d354aa1f62
KEYCLOAK-4033
2016-12-05 10:15:55 -05:00
Hynek Mlnarik
197f51e50f
KEYCLOAK-3950 Fix NPE on request for NameIDPolicy without format
...
... and two more one-line issues
2016-12-05 07:24:38 +01:00
l-robinson
1c66ce7dd7
Additional test case added to check the text in the 'Back to application' link
2016-12-05 12:13:30 +10:30
Thomas Darimont
8610a02d72
KEYCLOAK-3969 Allow use of ScriptAuthenticator without user
...
Previously ScriptAuthenticator required a user to be authenticated
before it could be used as an additional authentication step which
limited the scenarios the authenticator could be used.
We now allow ScriptAuthenticators to be used without requiring an
user to be authenticated before.
Adapted the authenticator-template.js with a null safe username check.
Note that existing custom ScriptAuthenticators might need some additional
null checks since the user can now be undefined.
2016-12-04 23:15:53 +01:00
Bill Burke
0ab352706b
Merge pull request #3554 from hassaneinaltememyictu/2.3.0-ictu-change-role-attributeToRoleMapper
...
grant the new role from the saml token if it exist
2016-12-03 13:43:40 -05:00
Bill Burke
88d08c4f38
component query and remove provider alis fix
2016-12-03 11:34:48 -05:00
Bill Burke
8fd7091068
KEYCLOAK-3986
2016-12-03 09:33:52 -05:00
Bill Burke
ce50b0ed29
Merge remote-tracking branch 'upstream/master'
2016-12-02 19:26:34 -05:00
Bill Burke
e88af874ca
finish
2016-12-02 19:25:17 -05:00
mposolda
17d8394ab6
KEYCLOAK-3340 Service Account user not renamed when renaming client-id
2016-12-02 18:13:29 +01:00
mposolda
cccb532a21
KEYCLOAK-3701 NullPointerException when trying to get access token from offline token
2016-12-02 16:35:21 +01:00
Stian Thorgersen
8842d88058
Merge pull request #3562 from ssilvert/overwrite-client-role-fails
...
KEYCLOAK-3042: NPE when trying to overwrite client role
2016-12-02 14:06:27 +01:00
Stian Thorgersen
209f8155d1
KEYCLOAK-3835 Remove redirect on flow and return not modified if page is refreshed
2016-12-02 06:29:59 +01:00
Manuel Palacio
bfec073457
KEYCLOAK-3648
2016-12-01 19:34:33 +01:00
l-robinson
c72ceadfce
KEYCLOAK-4004 Pass the client name in the ReferrerBean instead of the referrer parameter
2016-12-01 17:17:57 +10:30
Stian Thorgersen
1e7f1b1e54
Merge pull request #3570 from stianst/master
...
Bump to 2.5.0.Final-SNAPSHOT
2016-12-01 06:36:37 +01:00
Stian Thorgersen
433f373f60
KEYCLOAK-3889 Add produces to server info endpoint
2016-11-30 15:46:01 +01:00
Stian Thorgersen
b771b84f56
Bump to 2.5.0.Final-SNAPSHOT
2016-11-30 15:44:51 +01:00
mposolda
d0a96d463d
KEYCLOAK-3831 Improve AddressMapper configurability. Support for 'formatted' subclaim
2016-11-30 13:04:45 +01:00
Bill Burke
9e50a45b4c
UserBulkUpdateProvider interface
2016-11-29 18:43:22 -05:00
Stan Silvert
83063a5740
KEYCLOAK-3042: NPE when trying to overwrite client role
2016-11-29 15:43:48 -05:00
Bill Burke
7efa3a3ddf
Merge remote-tracking branch 'upstream/master'
2016-11-29 11:34:04 -05:00
Marek Posolda
80c4b2aa31
Merge pull request #3556 from mposolda/master
...
KEYCLOAK-3822 Changing signature validation settings of an external I…
2016-11-28 22:37:44 +01:00
Bill Burke
63458a7de7
Merge pull request #3559 from patriot1burke/master
...
KEYCLOAK-3980
2016-11-28 13:36:52 -05:00
Bill Burke
f6a080729a
javadoc
2016-11-28 12:25:54 -05:00
Bill Burke
1dacddb7e3
KEYCLOAK-3980
2016-11-28 12:20:40 -05:00
mposolda
69ce1e05f0
KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected
2016-11-28 15:27:25 +01:00
Hynek Mlnarik
65b269cd54
KEYCLOAK-3731 Provide functionality for IdP-initiated SSO for broker
...
A SAML brokered IdP can send unsolicited login response to the broker.
This commit adds a new GET/POST endpoint under [broker SAML
endpoint]/clients/{client_id}. Broken will respond to submission to
this new endpoint by looking up a SAML client with URL name equal to
client_id, and if found, it performs IdP-initiated SSO to that client.
2016-11-28 13:54:04 +01:00
mposolda
7c6032cc84
KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite
2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70
remove User Fed SPI
2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf
remove realm UserFed SPI methods
2016-11-23 08:31:20 -05:00
Stian Thorgersen
6ec82865d3
Bump version to 2.4.1.Final-SNAPSHOT
2016-11-22 14:56:21 +01:00
mposolda
d8c8afe070
KEYCLOAK-3943 Admin console issues when updating LDAP Storage provider
2016-11-21 14:22:45 +01:00
mposolda
da52a5c9cf
KEYCLOAK-3930 KEYCLOAK-3931 LDAP and Mongo fixes
2016-11-18 20:02:02 +01:00
Stian Thorgersen
7043ecc21b
KEYCLOAK-3881 Fix login status iframe with * origin
2016-11-18 12:50:52 +01:00
Marek Posolda
3e71aeddf3
Merge pull request #3479 from hmlnarik/KEYCLOAK-3469-UserRealmRoleMapper
...
KEYCLOAK-3469 Make role mappers account for user groups
2016-11-18 09:21:56 +01:00
Marek Posolda
b434c2b9cf
Merge pull request #3510 from ssilvert/delete-subflows
...
KEYCLOAK-3681: Delete top flow doesn't remove all subflows
2016-11-18 08:50:13 +01:00
mposolda
a27be0cee7
KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches.
2016-11-16 22:29:23 +01:00
Stan Silvert
55556fc63c
KEYCLOAK-3681: Delete top flow doesn't remove all subflows
2016-11-16 12:43:11 -05:00
Stian Thorgersen
26b1541f4a
Merge pull request #3476 from abstractj/KEYCLOAK-3875
...
[KEYCLOAK-3875] - Conditional OTP Forms not working as expected
2016-11-16 12:44:50 +01:00
Stian Thorgersen
1c3a475d1e
Merge pull request #3485 from hmlnarik/KEYCLOAK-3071
...
KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import
2016-11-16 12:38:45 +01:00
Bill Burke
cc0eb47814
merge
2016-11-14 15:09:41 -05:00
Bill Burke
c280634bfa
fix tests
2016-11-14 15:06:17 -05:00
Hynek Mlnarik
750e942267
KEYCLOAK-3469 Make role mappers account for user groups
2016-11-14 11:38:00 +01:00
Bruno Oliveira
39f40bc005
[KEYCLOAK-3875] - Conditional OTP Forms not working as expected
2016-11-11 15:16:08 -02:00
Stian Thorgersen
a86b5988b5
Merge pull request #3484 from hmlnarik/KEYCLOAK-3658
...
KEYCLOAK-3658 Fixed typo in condition
2016-11-11 09:41:48 +01:00
Stian Thorgersen
088f0ea630
Merge pull request #3490 from stianst/KEYCLOAK-3086
...
[KEYCLOAK-3086] - NPE when accessing Account with invalid clientId s…
2016-11-11 09:35:45 +01:00
Bruno Oliveira
675faee593
[KEYCLOAK-3086] - NPE when accessing Account with invalid clientId set as ?referrer, and additional referrer_uri set
2016-11-10 13:49:40 +01:00
Stian Thorgersen
7e33f4a7d1
KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private
2016-11-10 13:28:42 +01:00
Bill Burke
94076a3b24
admin console ui
2016-11-09 17:34:07 -05:00
Hynek Mlnarik
8816b55843
KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import
2016-11-09 14:13:53 +01:00
Hynek Mlnarik
9c724b616d
KEYCLOAK-3658 Fixed typo in condition
2016-11-09 11:27:33 +01:00
Vlasta Ramik
6f1b8e1fee
remove KEYCLOAK_REMEMBERME when user logs in without rememberme checked + tests
2016-11-09 10:33:46 +01:00
Bill Burke
4880c0443c
ldap port admin console
2016-11-08 12:30:20 -05:00
Stian Thorgersen
292777259e
Merge pull request #3472 from hmlnarik/KEYCLOAK-1881-saml-key-rotation
...
Keycloak 1881 - SAML key/cert rotation for IdP
2016-11-08 07:56:25 +01:00
Stian Thorgersen
db4f3561a5
Merge pull request #3454 from ssilvert/keystore-error-messages
...
KEYCLOAK-3817: More detailed errors when loading keys from JKS
2016-11-08 07:33:43 +01:00
Bill Burke
5a86623c88
merge
2016-11-06 08:52:10 -05:00
Bill Burke
14dc0ff92f
Merge remote-tracking branch 'upstream/master'
2016-11-05 20:05:01 -04:00
Bill Burke
4302b440ee
ldap port
2016-11-05 20:04:53 -04:00
Bill Burke
c75dcb90c2
ldap port
2016-11-04 21:25:47 -04:00
Hynek Mlnarik
8ae1b1740d
KEYCLOAK-1881 Client installers
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
4f9e35c0a1
KEYCLOAK-1881 Support for multiple certificates in broker (hardcoded at the moment)
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
67bb9aef3d
KEYCLOAK-1881 Add switch to enable/disable generation of <Extensions>
...
Some SP clients might be confused by using a standard SAML protocol tag
<Extensions> which is used for signed REDIRECT binding messages to
specify signing key ID. To enable the interoperability, generation of
the tag is disabled by default and can be enabled for individual
clients.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f
KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
...
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
d5c3bde0af
KEYCLOAK-1881 Make SAML descriptor endpoint return all certificates
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af
KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
...
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
Pedro Igor
706c1e2660
[KEYCLOAK-3704] - Registering UserSinchronizer to remove resources when the owner is removed
2016-11-02 21:40:58 -02:00
Pedro Igor
95d2130405
[KEYCLOAK-3704] - Checkign if owner is a valid user
2016-11-02 21:01:24 -02:00
Stan Silvert
facdd586a3
KEYCLOAK-2720: Should not allow two groups with the same path.
2016-11-01 16:08:30 -04:00
Stan Silvert
a5e5f4cf9c
KEYCLOAK-3817: More detailed errors when loading keys from JKS
2016-11-01 13:54:34 -04:00
Bill Burke
ccaac40863
Merge pull request #3437 from patriot1burke/master
...
disable credential type REST and admin ui
2016-10-28 11:33:16 -04:00
Stian Thorgersen
f4a77c3d06
Merge pull request #3444 from stianst/KEYCLOAK-3225
...
KEYCLOAK-3225
2016-10-28 11:51:35 +02:00
Stian Thorgersen
b6b567f948
Merge pull request #3441 from stianst/KEYCLOAK-3733
...
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 10:36:24 +02:00
Stian Thorgersen
479295cfd2
KEYCLOAK-3225
...
Modifying user's Identity Provider Links requires manage-realm client role
2016-10-28 10:25:41 +02:00
Stian Thorgersen
a78cfa4b2c
Merge pull request #3440 from stianst/KEYCLOAK-3667
...
KEYCLOAK-3667
2016-10-28 10:13:06 +02:00
Stian Thorgersen
c6caeb3bec
Merge pull request #3439 from stianst/KEYCLOAK-3828
...
KEYCLOAK-3828
2016-10-28 10:12:51 +02:00
Stian Thorgersen
a9d47287ee
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 09:15:05 +02:00
Stian Thorgersen
3d46b4c425
KEYCLOAK-3667
2016-10-28 08:43:24 +02:00
Stian Thorgersen
db428dad1d
KEYCLOAK-3828
...
Component uses wrong role
2016-10-28 07:56:44 +02:00
Stian Thorgersen
e958bd254a
Merge pull request #3435 from stianst/KEYCLOAK-3331
...
KEYCLOAK-3331 Reset password leads to 400 bad request when link is op…
2016-10-28 06:40:48 +02:00
Stian Thorgersen
0c6b47b9f2
Merge pull request #3433 from stianst/KEYCLOAK-3641
...
KEYCLOAK-3641 Clicking an invalid verification link due to re-send re…
2016-10-28 06:40:27 +02:00
Bill Burke
91da6a47d7
disable cred types ui
2016-10-27 16:17:02 -04:00
Stian Thorgersen
c6ac3266f0
KEYCLOAK-3641 Clicking an invalid verification link due to re-send removes the email verification key from the session
2016-10-27 16:16:52 +02:00
Stian Thorgersen
ab72b2b141
KEYCLOAK-3331 Reset password leads to 400 bad request when link is opened in a different browser session
2016-10-27 16:04:45 +02:00
Bill Burke
73e3f2a89b
REST API for disable cred type
2016-10-26 15:48:45 -04:00
Bill Burke
68e853b4bd
Merge remote-tracking branch 'upstream/master'
2016-10-25 13:40:32 -04:00
Bill Burke
b67cb0e97a
Merge remote-tracking branch 'upstream/master'
2016-10-25 11:44:22 -04:00
Stian Thorgersen
4b27e66714
KEYCLOAK-3782 Keysize for rsa-generated should be a dropdown
2016-10-25 08:52:02 +02:00
Bill Burke
3e28ac1e46
user spi cache policy
2016-10-24 15:36:37 -04:00
hassaneinaltememyictu
a119a46495
grant the new role from the saml token if it exist
...
grant the user with the new role from the saml token if it is a realm role in keycloak
2016-10-24 17:17:22 +02:00
Stian Thorgersen
4d47f758fc
Merge pull request #3405 from stianst/master
...
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb
Bump version
2016-10-21 07:03:15 +02:00
Stian Thorgersen
1a4f9e656d
Merge pull request #3398 from stianst/KEYCLOAK-3774
...
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redir…
2016-10-21 06:34:43 +02:00
Stian Thorgersen
9801f09a93
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redirect_uri
2016-10-20 21:31:25 +02:00
Stian Thorgersen
5a00aaefa8
KEYCLOAK-2594
...
bind credential being leaked in admin tool JSON response
KEYCLOAK-2972
Keycloak leaks configuration passwords in Admin Event logs
2016-10-20 19:30:59 +02:00
Stian Thorgersen
1bf24d26a4
Merge pull request #3395 from stianst/master
...
KEYCLOAK-3772
2016-10-20 19:27:03 +02:00
Stian Thorgersen
839c4e8ede
KEYCLOAK-3772
...
Login with Twitter is not working
2016-10-20 15:05:07 +02:00
mposolda
072ccb5c61
KEYCLOAK-3770 OIDC registration with id_token grant type should set publicClient flag to true
2016-10-20 14:10:53 +02:00
Stian Thorgersen
dfc09b69a8
Merge pull request #3380 from stianst/KEYCLOAK-3364
...
KEYCLOAK-3364 Fix for dns that ends with digit
2016-10-20 06:24:50 +02:00
Stian Thorgersen
d2e0432afb
Merge pull request #3389 from patriot1burke/master
...
KEYCLOAK-3651
2016-10-20 06:24:15 +02:00
Bill Burke
34d80c9083
KEYCLOAK-3651
2016-10-19 20:28:33 -04:00
Bill Burke
9f00f693c6
Merge pull request #3387 from ssilvert/spelling-represenation
...
KEYCLOAK-3496: Spelling Error in Admin GUI Documentation
2016-10-19 19:59:41 -04:00
Stan Silvert
ad59cd618e
Merge pull request #3383 from ssilvert/duplicate-fed-provider
...
KEYCLOAK-2892: Bad error when create fed provider w/ same name.
2016-10-19 16:40:58 -04:00
Stan Silvert
ac80f99e8c
KEYCLOAK-3496: Spelling Error in Admin GUI Documentation
2016-10-19 16:33:59 -04:00
Bill Burke
cdf7dd3a6c
Merge pull request #3372 from patriot1burke/master
...
onCreate for Components
2016-10-19 16:21:20 -04:00
Bill Burke
934ea1c33c
KEYCLOAK-3562
2016-10-19 14:01:21 -04:00
Stan Silvert
9d098e9068
KEYCLOAK-2892: Bad error when create fed provider w/ same name.
2016-10-19 13:32:28 -04:00
Stian Thorgersen
ffce2023c0
KEYCLOAK-3364 Fix for dns that ends with digit
2016-10-19 18:41:43 +02:00
mposolda
3779bfb6b4
KEYCLOAK-3666 client registration policies - polishing
2016-10-19 17:45:23 +02:00
mposolda
964cd50f1d
KEYCLOAK-3666 Added client reg policies for maxClients and clientDisabled
2016-10-19 17:45:23 +02:00
Stian Thorgersen
36c367a3bc
Merge pull request #3369 from stianst/KEYCLOAK-3625
...
KEYCLOAK-3625
2016-10-19 15:56:57 +02:00
Stian Thorgersen
1b24d2edd8
KEYCLOAK-3625 More work on the issue
2016-10-19 14:21:50 +02:00
Stian Thorgersen
bbc1d26b72
Merge pull request #3367 from stianst/KEYCLOAK-3745
...
KEYCLOAK-3745 Change attributes in user rep
2016-10-19 14:01:39 +02:00
Stian Thorgersen
4efe12cb93
KEYCLOAK-3745 Change attributes in user rep
2016-10-19 12:15:13 +02:00
Stian Thorgersen
f2f508ac2e
Merge pull request #3357 from stianst/KEYCLOAK-3107
...
KEYCLOAK-3017 Expose Location header in cors request to admin endpoint
2016-10-19 08:45:18 +02:00
Stian Thorgersen
13220e1d38
Merge pull request #3355 from stianst/KEYCLOAK-2699
...
KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport
2016-10-19 07:35:54 +02:00
Stian Thorgersen
116027bd7b
Merge pull request #3354 from stianst/KEYCLOAK-2488
...
KEYCLOAK-2488 Token introspection returns wrong response for invalid …
2016-10-19 07:33:25 +02:00
Stian Thorgersen
a33997976f
KEYCLOAK-3017 Expose Location header in cors request to admin endpoint
2016-10-18 21:27:46 +02:00
Stian Thorgersen
0a8d1e28f1
KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport
2016-10-18 20:31:51 +02:00
Stian Thorgersen
29538332d9
KEYCLOAK-2488 Token introspection returns wrong response for invalid token
2016-10-18 20:28:14 +02:00
Bill Burke
d941e07169
Merge pull request #3350 from patriot1burke/master
...
federated import/export to json
2016-10-18 14:15:25 -04:00
Stian Thorgersen
e41d11877f
Merge pull request #3349 from stianst/KEYCLOAK-2741
...
KEYCLOAK-2741
2016-10-18 19:39:54 +02:00
mposolda
b62e6e2751
KEYCLOAK-3653 CORS headers not sent in certs endpoint
2016-10-18 16:57:06 +02:00
Stian Thorgersen
74dad004e3
KEYCLOAK-2741
...
Don't remove KEYCLOAK_REMEMBERME cookie when sso session expires.
2016-10-18 16:14:36 +02:00
Bill Burke
2199df71bf
Merge remote-tracking branch 'upstream/master'
2016-10-18 10:14:00 -04:00
Bill Burke
4182e4d92a
federated import/export
2016-10-18 10:13:51 -04:00
Marek Posolda
3986ce2ce0
Merge pull request #3345 from mposolda/master
...
KEYCLOAK-3499 Fixes in OIDCProtocolMapper support for includeInUserInfo
2016-10-18 14:28:29 +02:00
Stian Thorgersen
4b56743788
Merge pull request #3343 from stianst/KEYCLOAK-2884
...
KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()
2016-10-18 14:08:50 +02:00
mposolda
a7287aad36
KEYCLOAK-3499 More fixes for IncludeInUserInfo. Fixing tests and migration
2016-10-18 13:09:30 +02:00
Thomas Darimont
c3b577de11
KEYCLOAK-3499 Revise OIDCProtocolMapper support
...
Moved methods `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken` to the `AbstractOIDCProtocolMapper` base class
in order to reduce code duplication.
Previously every mapper implemented at least one or two of those
methods with exactly the same code.
Having those methods in the base class ensures that the code is the
same for all mappers. Since the mentioned methods are declared
on the `OIDCIDTokenMapper`, `OIDCAccessTokenMapper` and `UserInfoTokenMapper`
interfaces `AbstractOIDCProtocolMapper` implementations can now choose
how they should be handled by the `TokenManager`
by implementing the desired set of interfaces `*TokenMapper`-interfaces.
I think this provides a good balance between ease of use, reduced code duplication
and ensured backwards compatiblity.
Existing protocol mapper implementations will still work since they just implement
their own logic for `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken`.
The "claim" information provided by a `ProtocolMapper` to a `*Token` can now
be provided by overriding the `AbstractOIDCProtocolMapper.setClaim` method.
Adapted all eligible ProtocolMapper implementations within the
`org.keycloak.protocol.oidc.mappers` package accordingly.
2016-10-18 13:09:30 +02:00
Stian Thorgersen
e157a60a23
KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()
2016-10-18 09:01:24 +02:00
Marek Posolda
2fd680092a
Merge pull request #3336 from mposolda/master
...
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for …
2016-10-18 08:33:26 +02:00
mposolda
00879b39b7
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue
2016-10-17 21:34:21 +02:00
Stian Thorgersen
77499be8d2
KEYCLOAK-3728
...
Disable script based authenticator in product profile
2016-10-17 21:16:51 +02:00
Stian Thorgersen
64339aaca7
Merge pull request #3317 from stianst/KEY-ROTATION
...
Updated labels for java keystore provider config
2016-10-17 19:39:47 +02:00
Stian Thorgersen
2ed6067de0
Merge pull request #3290 from hmlnarik/KEYCLOAK-3655
...
KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow
2016-10-17 19:31:43 +02:00
Stian Thorgersen
d22f45f0d2
Merge pull request #3335 from stianst/KEYCLOAK-3635
...
KEYCLOAK-3635 Not possible to filter debug/trace logging
2016-10-17 18:50:10 +02:00
Stian Thorgersen
b320eb8fc7
KEYCLOAK-3635 Not possible to filter debug/trace logging
2016-10-17 16:12:14 +02:00
Geir Ole Hiåsen Stevning
95f62c6aeb
KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent
2016-10-17 13:53:12 +02:00
mposolda
5732b2c58f
KEYCLOAK-3716 Unable to start Keycloak on wildfly
2016-10-17 12:22:33 +02:00
mposolda
18e0c0277f
KEYCLOAK-3666 Dynamic client registration policies
2016-10-14 20:20:40 +02:00
Bill Burke
1c0abbd722
Merge pull request #3315 from patriot1burke/master
...
import and sync spi
2016-10-14 10:12:42 -04:00
Stian Thorgersen
422805b511
Updated labels for java keystore provider config
2016-10-14 10:36:17 +02:00
Bill Burke
8c8a39c833
sync and import
2016-10-13 20:49:02 -04:00
Bill Burke
0938390654
sync and import
2016-10-13 20:38:49 -04:00
Stian Thorgersen
4e245d428c
KEYCLOAK-905 More testing
2016-10-13 20:44:33 +02:00
Stian Thorgersen
d2cae0f8c3
KEYCLOAK-905
...
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Bill Burke
fbaa731dfa
import spi
2016-10-11 18:33:59 -04:00
Bill Burke
db05dc6ee4
KEYCLOAK-3671
2016-10-06 15:02:15 -04:00
Bill Burke
fbb65fa072
KEYCLOAK-3671
2016-10-06 14:56:02 -04:00
Bill Burke
74325fe133
initial sync/import spi
2016-10-06 14:48:53 -04:00
Hynek Mlnarik
cfbc9cf14b
KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow
2016-10-05 13:57:02 +02:00
Bill Burke
c5600e888d
revactor CredentialValidationOutput apis
2016-10-04 17:26:45 -04:00
Bill Burke
4af0976194
remove UserCredValueModel and hold hash providers
2016-10-04 12:34:15 -04:00
mposolda
bc916a1909
KEYCLOAK-3564 Update demo examples with public key rotation
2016-10-04 14:05:01 +02:00
mposolda
0f9798a10d
KEYCLOAK-3493 KEYCLOAK-3532 Renamed KeyStorageProvider to PublicKeyStorageProvider
2016-10-03 15:23:50 +02:00
Thomas Darimont
c852d6d817
KEYCLOAK-3642 Favor StreamUtil over IOUTils in ScriptBasedAuthenticatorFactory
...
The dependency on commons-io through the use of IOUtils in
ScriptBasedAuthenticatorFactory resulted in
NoClassDefFoundError org/apache/commons/io/IOUtils when building the
keycloak-distribution.
We now use the StreamUtil from keycloak-common to avoid this dependency.
2016-10-03 13:33:53 +02:00
Bill Burke
d4c3fae546
merge conflicts
2016-09-30 19:19:12 -04:00
Bill Burke
6a4e413bf4
final mongo fixes
2016-09-30 19:08:34 -04:00
mposolda
f9a0abcfc4
KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url.
2016-09-30 21:28:23 +02:00
Stian Thorgersen
5d34b7e682
Merge pull request #3189 from thomasdarimont/issue/KEYCLOAK-3491-revise-scripting-support
...
KEYCLOAK-3491 Revise Scripting Support
2016-09-29 10:12:15 +02:00
Bill Burke
8967ca4066
refactor mongo entities, optimize imports
2016-09-28 15:25:39 -04:00
Stian Thorgersen
34f62eb31d
Fixes to [KEYCLOAK-2438] PR
2016-09-28 10:25:37 +02:00
Bruno Oliveira
98d2fe15e8
[KEYCLOAK-2438] - Add display name to social login buttons
...
[KEYCLOAK-3291] - Names of social identity providers are wrongly capitalized (eg GitHub vs Github)
2016-09-26 13:36:28 -03:00
Bill Burke
ecc104719d
bump pom version
2016-09-26 11:01:18 -04:00
Stian Thorgersen
033d1f564a
KEYCLOAK-2756
...
Renaming a realm breaks down the Clients
2016-09-26 10:11:28 +02:00
Bill Burke
27e86e36c4
Merge remote-tracking branch 'upstream/master'
2016-09-23 16:50:16 -04:00
Bill Burke
ff1326fe35
authenticator example updated
2016-09-23 16:50:08 -04:00
Marek Posolda
5fc7149aac
Merge pull request #3257 from mposolda/pairwise
...
KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring
2016-09-23 20:58:51 +02:00
Bill Burke
a1bcd0651d
fixes
2016-09-23 10:38:49 -04:00
Marek Posolda
22aaa4cb52
Merge pull request #3237 from brat000012001/kc-iss-3505
...
KEYCLOAK-3505: updated the oidc user attribute mapper used to map oid…
2016-09-23 15:38:20 +02:00
mposolda
04f05c0cd1
KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring
2016-09-23 15:29:13 +02:00
Bill Burke
8e65356891
creds
2016-09-22 19:57:39 -04:00
Bill Burke
7209a95dce
credential refactoring
2016-09-22 08:34:45 -04:00
Thomas Darimont
8e113384aa
KEYCLOAK-3491 Revise Scripting Support
...
Refactored the scripting infrastructure and added documentation.
Added tests and an authenticator template in JavaScript for a quickstart.
Increased height of ace code editor to 600px to avoid scrolling.
2016-09-20 14:33:39 +02:00
Stian Thorgersen
4977527f60
Merge pull request #3239 from stianst/SERVER-PROFILE
...
KEYCLOAK-3579 Add ability to define profiles
2016-09-20 10:39:05 +02:00
Stian Thorgersen
992268a8e6
KEYCLOAK-3579 Add ability to define profiles
2016-09-20 08:41:23 +02:00
Stian Thorgersen
44c47431a1
Merge pull request #3233 from betovieirasilva/master-KEYCLOAK-LoginUsername
...
[PULL-REQUEST-3181 & PULL-REQUEST-3233] Username is not displayed on the login screen with that email
2016-09-16 09:23:26 +02:00
Peter Nalyvayko
0348e427de
KEYCLOAK-3505: cosmetic coding style changes
2016-09-15 15:42:09 -04:00
Peter Nalyvayko
b97908fb02
KEYCLOAK-3505: updated the oidc user attribute mapper used to map oidc broker claims to map the claims from userinfo claim set
2016-09-15 11:11:58 -04:00
Gilberto Vieira da Silva
6d5dc673d4
When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field.
...
Conflicts:
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
[PULL-REQUEST-3181]
2016-09-13 18:56:25 -03:00
Gilberto Vieira da Silva
55e07bcde2
Reverted to appli to branch master-KEYCLOAK-LoginUsername
2016-09-13 18:52:16 -03:00
Gilberto Vieira da Silva
cb1b34eee5
When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field.
...
Conflicts:
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
2016-09-13 18:21:04 -03:00
Martin Hardselius
04d03452bd
KEYCLOAK-3422 support pairwise subject identifier in oidc
2016-09-13 09:18:45 +02:00
mposolda
bf6246f5c1
KEYCLOAK-905 Realm keys rotation support on adapters
2016-09-12 21:24:04 +02:00
Stian Thorgersen
1630b9a20c
Merge pull request #3220 from abstractj/KEYCLOAK-3535
...
KEYCLOAK-3535 - Check if SSSD is available via DBUS
2016-09-09 08:15:11 +02:00
Stian Thorgersen
65befb16fd
Merge pull request #3219 from pedroigor/KEYCLOAK-3534
...
[KEYCLOAK-3534] - Authorization tab appears too soon in admin console
2016-09-09 08:14:03 +02:00
Stian Thorgersen
e8f99a2109
Merge pull request #3221 from patriot1burke/master
...
KEYCLOAK-3423
2016-09-09 07:45:53 +02:00
Pedro Igor
7af16fc747
[KEYCLOAK-3534] - Authorization tab appears too soon in admin console
2016-09-09 01:03:09 -03:00
Bill Burke
84f5c0926b
KEYCLOAK-3423
2016-09-08 16:47:06 -04:00
Bruno Oliveira
11245701d2
Check if SSSD is available via DBUS
2016-09-08 16:01:45 -03:00
Bill Burke
2a5c778af5
Merge pull request #3209 from patriot1burke/master
...
KEYCLOAK-3440
2016-09-08 09:10:54 -04:00
Stian Thorgersen
36bb94afb8
Environment dependent provider
2016-09-08 07:40:19 -03:00
Marek Posolda
76e1160b36
Merge pull request #3210 from mposolda/master
...
KEYCLOAK-3537 Username not shown when validation error on Account pro…
2016-09-08 10:04:38 +02:00
Stian Thorgersen
f726caea9b
Merge pull request #3205 from stianst/KEYCLOAK-3342
...
KEYCLOAK-3342 Add Identity Provider authenticator
2016-09-08 08:40:32 +02:00
mposolda
16282aeb7b
KEYCLOAK-3537 Username not shown when validation error on Account profile page
2016-09-08 08:36:39 +02:00
Stian Thorgersen
d2c546bdc2
Merge pull request #3201 from pedroigor/KEYCLOAK-3129
...
[KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest
2016-09-08 08:03:40 +02:00
Stian Thorgersen
7c292b1213
KEYCLOAK-3342 Add Identity Provider authenticator
2016-09-08 07:20:35 +02:00
Bill Burke
3b9a6b32e1
Revert "Revert "KEYCLOAK-3440""
...
This reverts commit 01e48dc4b8
.
2016-09-07 23:41:32 -04:00
Bill Burke
01e48dc4b8
Revert "KEYCLOAK-3440"
2016-09-07 23:17:35 -04:00
Bill Burke
3f35234cf5
Merge remote-tracking branch 'upstream/master'
2016-09-07 23:11:38 -04:00
Bill Burke
da135389c7
KEYCLOAK-3440
2016-09-07 23:11:28 -04:00
mposolda
5a015a6518
KEYCLOAK-3494 Input elements backed by user attributes fail to update in themes
2016-09-07 20:08:09 +02:00
Pedro Igor
517413d38e
[KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest
2016-09-06 17:32:37 -03:00
Bill Burke
15d31a202f
Merge remote-tracking branch 'upstream/master'
2016-09-06 08:56:17 -04:00
Bill Burke
6714c1a136
cred refactor
2016-09-06 08:55:47 -04:00
mposolda
8c5b1e4892
KEYCLOAK-3525 Validation callback when creating/updating protocolMapper
2016-09-06 07:15:27 +02:00
mposolda
03c05bd72b
KEYCLOAK-2957 IdpEmailVerificationAuthenticator should setEmailVerified to true after successfuly link user by email verification
2016-09-05 18:04:24 +02:00
mposolda
a24a43c4be
KEYCLOAK-3349 Support for 'request' and 'request_uri' parameters
2016-09-02 20:20:38 +02:00
Vaclav Muzikar
1b085d3e13
KEYCLOAK-3421 Validation for URI fragments in redirect_uri
2016-08-31 13:07:33 +02:00
mposolda
02f28a7e8e
KEYCLOAK-3416 Add support for signed Userinfo requests
2016-08-30 20:21:04 +02:00
Stian Thorgersen
5a4bb5f3f0
Merge pull request #3168 from stianst/master
...
KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer
2016-08-30 09:47:31 +02:00
mposolda
f4aee129e4
KEYCLOAK-3424 Issuer or token-endpoint as audience in signed JWT
2016-08-29 14:43:35 +02:00
mposolda
a7f9a6e095
KEYCLOAK-3424 Support for import from public key
2016-08-29 14:43:29 +02:00
Stian Thorgersen
4f51b7b34c
KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer
2016-08-29 09:21:22 +02:00
Stian Thorgersen
2a29f2a9c6
Merge pull request #3151 from ssilvert/dmr-server-config
...
KEYCLOAK-3196: Use WildFly management model for server configuration.
2016-08-26 13:44:45 +02:00
Marek Posolda
d138b19adb
Merge pull request #3142 from vmuzikar/KEYCLOAK-3429
...
KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components
2016-08-24 09:53:29 +02:00
Stan Silvert
3abcf713e5
KEYCLOAK-3196: Test need ability to load keycloak-server.json from
...
/META-INF
2016-08-23 11:27:06 -04:00
Stan Silvert
e4d97485ec
KEYCLOAK-3196: Create master cli script for server-subsystem.
2016-08-23 11:27:04 -04:00
Stan Silvert
3493aa4ab7
KEYCLOAK-3196: Use WildFly management model for server configuration.
2016-08-23 11:26:56 -04:00
Stian Thorgersen
c522a20ab9
KEYCLOAK-3447 Manual upgrade of database schema
2016-08-22 10:22:08 +02:00
Pedro Igor
4cd0a8e894
[KEYCLOAK-3377] - Add pagination to authorization UI
2016-08-18 13:29:54 -03:00
Pedro Igor
a8d2b810cf
[KEYCLOAK-3144] - Add authorization settings when exporting/importing a realm.
2016-08-15 10:35:28 -03:00
mposolda
2cba13db9c
KEYCLOAK-3424 Possibility to import JWK key through admin console
2016-08-12 15:51:14 +02:00
mposolda
3eb9134e02
KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint
2016-08-12 15:51:14 +02:00
Vaclav Muzikar
b7f2e0b5ff
KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components
2016-08-12 14:02:17 +02:00
Pedro Igor
27187c11f1
Merge pull request #3138 from pedroigor/KEYCLOAK-3428
...
[KEYCLOAK-3428] - Removing scope policies in case the resource does not match
2016-08-11 14:59:20 -03:00
Pedro Igor
0030df060b
[KEYCLOAK-3428] - Removing scope policies in case the resource does not match
2016-08-11 14:58:14 -03:00
Marek Posolda
f6f587e472
Merge pull request #3137 from thomasdarimont/issue/KEYCLOAK-3412-remove-unused-adminEventBuilder-error-method
...
KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method
2016-08-11 17:41:04 +02:00
Thomas Darimont
e0d70a35d6
KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method
...
Wasn't used within the Keycloak codebase and wouldn't have worked either
since the OperationType lookup would always fail since there are no
"_ERROR" operation types.
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-11 16:10:49 +02:00
mposolda
0520d465c1
KEYCLOAK-3414 Support for client registration from trusted hosts
2016-08-11 15:55:32 +02:00
mposolda
a8fb988e31
KEYCLOAK-3406 OIDC dynamic client registrations specs fixes
2016-08-11 15:54:51 +02:00
mposolda
d52e043322
Set version to 2.2.0-SNAPSHOT
2016-08-10 08:57:18 +02:00
Marek Posolda
26bc07b2c4
Merge pull request #3126 from pedroigor/KEYCLOAK-3398
...
[KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand
2016-08-10 06:50:51 +02:00
Pedro Igor
70eb27ec83
[KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand
2016-08-09 21:56:29 -03:00
Bill Burke
530870f05e
realm components import/export
2016-08-09 15:06:29 -04:00
Bill Burke
ff703f935f
component export/import
2016-08-09 12:25:04 -04:00
Bill Burke
f838c697d1
Merge remote-tracking branch 'upstream/master'
2016-08-08 16:04:16 -04:00
Bill Burke
83306963e8
jta transaction abstraction
2016-08-08 12:32:36 -04:00
mposolda
65e2f127c9
KEYCLOAK-3400 OIDC request with missing response_type should respond with error
2016-08-08 16:11:50 +02:00
mposolda
9be6777685
KEYCLOAK-2169 KEYCLOAK-3286 Support for at_hash and c_hash
2016-08-08 10:57:44 +02:00
Bill Burke
f14f303dfe
Merge remote-tracking branch 'upstream/master'
2016-08-07 11:50:44 -04:00
Bill Burke
33d7d89ad9
provider hot deployment
2016-08-07 11:41:52 -04:00
Marek Posolda
65c49c39f4
Merge pull request #3114 from mposolda/master
...
KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected …
2016-08-05 16:45:56 +02:00
mposolda
e0a59baaf2
KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected unless using the code flow. Started responseType tests
2016-08-05 15:05:26 +02:00
Thomas Darimont
e49afb2d83
KEYCLOAK-3142 - Revised according to codereview
...
Liquibase Moved schema evolution configuration from jpa-changelog-2.1.0
to jpa-changelog-2.2.0.
Corrected wrong ResourceType references in tests.
Adapted AdminEvents copy-routines to be aware of resourceType attribute.
Added ResourceType enum to exposed ENUMS of ServerInfoAdminResource.
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-05 00:01:03 +02:00
Thomas Darimont
586f6eeece
KEYCLOAK-3142 - Capture ResourceType that triggers an AdminEvent
...
Introduced new ResourceType enum for AdminEvents which lists
the current supported ResourceTypes for which AdminEvents
can be fired.
Previously it was difficult for custom EventListeners to figure
out which ResourceType triggered an AdminEvent in order
to handle it appropriately, effectively forcing users to parse
the representation.
Having dedicated resource types as a marker on an AdminEvent helps
to ease custom EventListener code.
We now also allow filtering of admin events by ResourceType in the
admin-console.
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-04 11:30:02 +02:00
Bill Burke
534ee2e50c
Merge remote-tracking branch 'upstream/master'
2016-08-03 19:16:45 -04:00
Bill Burke
70722d0d3d
user storage provider jpa example
2016-08-03 19:16:11 -04:00
Bill Burke
7f08717dfb
Merge pull request #3105 from patriot1burke/master
...
component model
2016-08-02 09:28:55 -04:00
Bill Burke
e3aec098a2
Merge pull request #3064 from cainj13/oneSamlAttributeStatement
...
SamlProtocol should only drop attributes into a single attributeStatement
2016-08-02 07:14:08 -04:00
Bill Burke
17e75950fe
more fixes
2016-08-02 06:56:22 -04:00
Bill Burke
1c75b03e59
props
2016-08-02 06:50:13 -04:00
Bill Burke
1d695237b7
fix
2016-08-02 05:49:50 +02:00
Bill Burke
09693eb108
component model
2016-08-02 05:48:57 +02:00
Pedro Igor
ae1a7542d8
[KEYCLOAK-3385] - Improvements to evaluation tool UI and result
2016-08-01 18:01:24 -03:00
Bill Burke
a8a77add39
fix
2016-08-01 12:07:02 -04:00
Bill Burke
5facec73e4
Merge remote-tracking branch 'upstream/master'
2016-08-01 11:19:09 -04:00
Bill Burke
91a267a0d8
component model
2016-08-01 11:18:58 -04:00
Marek Posolda
0d99b797b6
Merge pull request #3068 from mstruk/KEYCLOAK-2981-m
...
KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys
2016-08-01 11:20:55 +02:00
Marek Posolda
159b752fb0
Merge pull request #3085 from pedroigor/master
...
[KEYCLOAK-3376] - Show authorization data when evaluating authorization requests
2016-08-01 09:09:55 +02:00
Dmitry Telegin
fea277a7f5
KEYCLOAK-3369: Fire RealmPostCreateEvent
2016-08-01 01:00:50 +03:00
Pedro Igor
bd5b434894
[KEYCLOAK-3376] - Show authorization data when evaluating authorization requests
2016-07-29 22:09:17 -03:00
Pedro Igor
3c8ed8e3d8
[KEYCLOAK-3372] - Code cleanup
2016-07-29 05:18:38 -03:00
Pedro Igor
8cfa50f134
[KEYCLOAK-3338] More testing and improvements when importing role policies
2016-07-28 12:31:46 -03:00
Bill Burke
5d9fe09599
Merge pull request #3070 from mstruk/KEYCLOAK-2571
...
KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired
2016-07-28 07:23:32 -04:00
Bill Burke
2219cd363e
Merge pull request #3079 from patriot1burke/master
...
KEYCLOAK-3268
2016-07-28 07:22:45 -04:00
Pedro Igor
7e1b97888a
[KEYCLOAK-3338] - Adding client roles to role policy and UX improvements
2016-07-27 15:15:14 -03:00
Bill Burke
46b4bb0909
KEYCLOAK-3268
2016-07-27 09:28:48 -04:00
Marko Strukelj
59e0570cdf
KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired
2016-07-26 21:32:57 +02:00
Marko Strukelj
94f583e935
KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys
2016-07-25 11:13:21 +02:00
Bill Burke
3973aed57d
Merge pull request #2989 from thomasdarimont/issue/KEYCLOAK-3234-allow-restricting-mapper-for-userinfo
...
KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint
2016-07-22 17:54:00 -04:00
Josh Cain
535a0763fc
put imports back, new IDE snuck a * in there.
2016-07-22 14:57:07 -05:00
Josh Cain
283581f920
SamlProtocol should only drop attributes into a single attributeStatement element
2016-07-22 14:49:48 -05:00
mposolda
01830fd7f3
KEYCLOAK-3319 More OIDC tests. Minor refactoring
2016-07-22 18:16:58 +02:00
mposolda
9169bcd88d
KEYCLOAK-3354 request and request_uri not supported
2016-07-22 13:44:45 +02:00
mposolda
56e011dce4
KEYCLOAK-3318 Adapter support for prompt and max_age. Refactoring to not hardcode OIDC specifics to CookieAuthenticator
2016-07-21 18:19:53 +02:00
Pedro Igor
484d5d6e08
[KEYCLOAK-3313] - UI improvements and messages
2016-07-20 22:11:24 -03:00
mposolda
f4ddfe4a52
KEYCLOAK-3318 Support for prompt=login. More tests for prompt parameter
2016-07-20 21:27:38 +02:00
Bill Burke
6f92bac782
Merge pull request #3000 from tonswieb/master
...
KEYCLOAK-3265 Support writing a NameIDType AttributeValue
2016-07-20 11:23:18 -04:00
Stian Thorgersen
1b517a461e
Merge pull request #3041 from stianst/KEYCLOAK-3302
...
KEYCLOAK-3302 Allow logout with expired refresh token
2016-07-19 08:03:52 +02:00
Marek Posolda
a6bdf81e6d
Merge pull request #3040 from mposolda/master
...
KEYCLOAK-3220 Added test for missing response_type
2016-07-15 22:19:52 +02:00
Stian Thorgersen
e708c53730
KEYCLOAK-3302 Allow logout with expired refresh token
2016-07-15 12:56:31 +02:00
Stian Thorgersen
1ce17c459d
Merge pull request #3039 from stianst/KEYCLOAK-3192
...
KEYCLOAK-3192 Ignore disabled required action
2016-07-15 10:38:49 +02:00
mposolda
fda0a79e27
KEYCLOAK-3237 Add scopes_supported to OIDC WellKnown endpoint
2016-07-15 09:47:09 +02:00
Stian Thorgersen
970c89dd6a
KEYCLOAK-3192 Ignore disabled required action
2016-07-15 09:01:44 +02:00
mposolda
13a21e5fda
KEYCLOAK-3220 Improve error handling on adapters
2016-07-14 23:56:46 +02:00
mposolda
dcc4ea3aea
KEYCLOAK-3237 Change OIDC adapters to use scope=openid as required per specs
2016-07-14 23:56:46 +02:00
Pedro Igor
aacf2e9390
[KEYCLOAK-3137] - Review i18n for AuthZ Services
2016-07-14 13:54:37 -03:00
mposolda
ee3ac3fdaf
KEYCLOAK-3223 Basic support for acr claim
2016-07-14 12:36:12 +02:00
Stian Thorgersen
4f1d83b9dc
Merge pull request #3030 from stianst/KEYCLOAK-2824-2
...
KEYCLOAK-2824 Password Policy SPI
2016-07-14 10:12:25 +02:00
Stian Thorgersen
ea44b5888b
KEYCLOAK-2824 Password Policy SPI
2016-07-14 07:20:30 +02:00
mposolda
abde62f369
KEYCLOAK-3220 redirect to client with error if possible
2016-07-13 20:57:43 +02:00