Commit graph

3352 commits

Author SHA1 Message Date
vramik
e3c76035b2 KEYCLOAK-18359 Default role migration is not performed correctly when empty realm id 2021-06-14 20:54:37 +02:00
Davide Setti
74089a51b3 KEYCLOAK-18383 Update Group: don't check siblings if the name doesn't change 2021-06-14 12:58:45 +02:00
Pedro Igor
ef3a0ee06c [KEYCLOAK-17399] - Declarative User Profile and UI
Co-authored-by: Vlastimil Elias <velias@redhat.com>
2021-06-14 11:28:32 +02:00
Martin Bartoš
7ffa2835ef KEYCLOAK-18391 CIBATest failure 2021-06-11 10:36:56 +02:00
Yoshiyuki Tabata
4d1576b96a KEYCLOAK-18328 "access_denied" instead of "interaction_required" should
be returned when a user cancels the login
2021-06-10 11:16:50 +02:00
mposolda
070c68e18a KEYCLOAK-18069 Migration of client policies JSON from Keycloak 13 2021-06-10 10:40:14 +02:00
Douglas Palmer
aac0b6ec5f [KEYCLOAK-17602] Email account verification link is wrongly encoded 2021-06-10 08:34:53 +02:00
mposolda
91865fa93e KEYCLOAK-18368 Invalidate client session after refresh token re-use 2021-06-09 14:43:29 +02:00
Benjamin Weimer
f66354a80e KEYCLOAK-16947 add error parameters to access token response & improve logging 2021-06-07 17:53:30 +02:00
Marek Posolda
7a81dfff7a Update services/src/main/java/org/keycloak/services/clientpolicy/executor/FullScopeDisabledExecutorFactory.java
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2021-06-04 15:46:33 +02:00
mposolda
3d16a1e8d3 KEYCLOAK-16811 Add executor for disable 'Full Scope Allowed' and add it to FAPI profiles 2021-06-04 15:46:33 +02:00
Douglas Palmer
986b69c03f [KEYCLOAK-17405] Session auth time updated when user has not re-authenticated 2021-06-01 19:35:42 +02:00
stianst
c3a15cb368 KEYCLOAK-17796 Add options to http-builder to enable expect-continue, and to disable re-use of connections 2021-06-01 10:28:31 +02:00
mposolda
73a38997d8 KEYCLOAK-14208 Default client profiles for FAPI 2021-05-31 12:31:52 +02:00
Michito Okai
bc6a746780 KEYCLOAK-18112 Token introspection of the revoked refresh token 2021-05-31 11:01:01 +02:00
Michal Hajas
4dcb69596b KEYCLOAK-18146 Search for clients by client attribute when doing saml artifact resolution 2021-05-27 23:02:22 +02:00
Stian Thorgersen
2cb59e2503
KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients 2021-05-27 22:28:56 +02:00
Hynek Mlnarik
3d8f152787 KEYCLOAK-17747 KEYCLOAK-17754 Optimize getClients() calls 2021-05-27 22:12:56 +02:00
Martin Kanis
23aee6c210 KEYCLOAK-16616 Limit number of authSessios per rootAuthSession 2021-05-27 22:10:36 +02:00
Martin Kanis
122fbe1bc6 KEYCLOAK-18298 ClearExpiredUserSessions timeouts with large number of sessions 2021-05-27 16:31:10 +02:00
Takashi Norimatsu
669556af71 KEYCLOAK-18296 RefreshTokenRequest returns incorrect error code during failed HoK request 2021-05-27 15:28:29 +02:00
vramik
4e8b18f560 KEYCLOAK-17752 Avoid iterating over all clients in UserResource.getConsents() 2021-05-27 13:45:28 +02:00
vramik
3aa06c2721 KEYCLOAK-18073 avoid ModelDuplicateException during parallel starup of servers 2021-05-27 07:10:35 +02:00
Stefan Guilhen
eb631bf63b [KEYCLOAK-8730] Ensure role mappers don't remove roles already granted by another mapper when updating a brokered user 2021-05-26 17:21:54 +02:00
mposolda
9b76b07144 KEYCLOAK-18284 WARNING in the log when login to public clients 2021-05-26 14:38:14 +02:00
stianst
962047e7ea KEYCLOAK-17750 Check admin has view/query access first before listing clients 2021-05-25 16:14:35 +02:00
Luca Leonardo Scorcia
478319348b KEYCLOAK-16450 X509 Direct Grant Auth does not verify certificate timestamp validity 2021-05-25 10:32:17 +02:00
Takashi Norimatsu
6e7898039b KEYCLOAK-18139 SecureResponseTypeExecutor: polishing for FAPI 1 final 2021-05-25 08:32:43 +02:00
mposolda
d4374f37ae KEYCLOAK-18258 Not possible to login with public client, which was confidential with custom client authenticator set 2021-05-24 13:17:14 +02:00
Takashi Norimatsu
6532baa9a7 KEYCLOAK-18127 Option for skip return user's claims in the ID Token for hybrid flow 2021-05-24 08:02:34 +02:00
Vlastimil Elias
4ad1687f2b [KEYCLOAK-17399] UserProfile SPI - Validation SPI integration 2021-05-20 15:26:17 -03:00
Thomas Darimont
c49dbd66fa KEYCLOAK-15437 Ensure at_hash is generated for IDTokens on token-refresh 2021-05-20 16:05:11 +02:00
Hynek Mlnarik
860fc4c06c KEYCLOAK-17756 KEYCLOAK-17757 Optimize IdP-first lookup 2021-05-20 14:44:55 +02:00
Pedro Igor
a0f8d2bc0e [KEYCLOAK-17399] - Review User Profile SPI
Co-Authored-By: Vlastimil Elias <vlastimil.elias@worldonline.cz>
2021-05-20 08:44:24 -03:00
Michal Hajas
3bb5bff8e0 KEYCLOAK-17495 Do not include principal in the reference to broker sessionId 2021-05-20 11:32:11 +02:00
mposolda
d3e9e21abd KEYCLOAK-17906 Use auto-configure instead of is-augment. Use default-client-authenticator option in SecureClientAuthenticatorExecutor 2021-05-19 12:18:11 +02:00
Hynek Mlnarik
c02a706a86 KEYCLOAK-17748 Optimize validation of redirect URIs in logout endpoint
Reimplementation of KEYCLOAK-17718
2021-05-18 20:31:21 +02:00
Bastian Ike
5c3d7f186e KEYCLOAK-17784: URL encode Keycloak's remember-me cookie to allow non-ascii usernames.
International users using non-ascii symbols such as the german `äöü`
will make Keycloak set the KEYCLOAK_REMEMBER_ME cookie without URL
encoding. This will trigger an java.lang.IllegalArgumentException:
UT000173 exception in undertow's cookie parser which does not
allow non-ascii characters.

Co-authored-by: Fabian Freyer <mail@fabianfreyer.de>
2021-05-18 16:15:30 +02:00
Václav Muzikář
65fbf3f68c KEYCLOAK-18079 Client Policy UI Improvements: JSON error handling 2021-05-18 16:12:48 +02:00
Mathieu CLAUDEL
df714506cc KEYCLOAK-17655 - Can't impersonate 2021-05-18 14:16:01 +02:00
mposolda
71dcbec642 KEYCLOAK-18108 Refactoring retrieve of condition/executor providers. Make sure correct configuration of executor/condition is used for particular provider 2021-05-18 12:20:47 +02:00
mposolda
b8a7750000 KEYCLOAK-18113 Refactor some executor/condition provider IDs 2021-05-18 09:17:41 +02:00
Gregor Tudan
10f7ea01d4 KEYCLOAK-16091: only persist webauthn-authentication count if the authenticator increments it beyond zero
Fixes an issue with Apple Keys stored in the secure enclave. They don's support counters and recommend attestation instead. This is a valid design choice according to the Webauthn-Spec (counters are mentioned as SHOULD)
2021-05-17 08:42:50 +02:00
Václav Muzikář
62e6883524 KEYCLOAK-17084 KEYCLOAK-17434 Support querying clients by client attributes 2021-05-14 13:58:53 +02:00
vramik
d78d4a8d47 KEYCLOAK-17760 deprecate ScopeMappedResource.getScopeMappings() 2021-05-13 16:56:42 +02:00
Marek Posolda
a6d4316084
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies (#7969)
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
2021-05-12 16:19:55 +02:00
mhajas
f37a24dd91 KEYCLOAK-17348 Add manual pagination into UserStorageManager#query 2021-05-12 15:09:36 +02:00
Takashi Norimatsu
355a5d65fb KEYCLOAK-18052 Client Policies : Revise SecureRequestObjectExecutor to have an option for checking nbf claim 2021-05-11 14:29:33 +02:00
rmartinc
2539bd9ed3 [KEYCLOAK-17903] idp metadata describing one entity MUST have EntityDescriptor root element 2021-05-11 13:02:13 +02:00
Takashi Norimatsu
5dced05591 KEYCLOAK-18050 Client Policies : Rename "secure-redirecturi-enforce-executor" to indicate what this executor does 2021-05-11 07:42:18 +02:00