Commit graph

524 commits

Author SHA1 Message Date
Leonid Rozenblyum
61561968ed KEYCLOAK-10266 Allows proper handling of Single Sign Out events.
It was incorrectly relying on web application listeners on session
destruction.
While it's used as a Spring Bean (declared in
KeycloakWebSecurityConfigurerAdapter) so it has to use Spring-based
facility.
See also https://lists.jboss.org/pipermail/keycloak-user/2016-March/005479.html
2019-10-30 15:47:45 +01:00
Peter Sönder
68fa37b4cd [KEYCLOAK-11765] Changed to jdk7 compliant code 2019-10-29 13:35:22 +01:00
Peter Sönder
6c83b36360 Do not log when failure.getError is blank/empty
Sometimes the error message is blank, which results in an empty error line getting logged. 
Since the catch always logs "failed to turn code into token" and "status from server: " + failure.getStatus() (on separate lines) this extra blank line is simply noise in the log.
2019-10-29 13:35:22 +01:00
Denis Richtárik
6bf1e8a9a7 KEYCLOAK-9979 Remove keycloak-servlet-oauth-client (#6423) 2019-10-24 17:28:41 +02:00
mhajas
ac71ee9633 KEYCLOAK-11081 Include jetty94 adapter to product build 2019-10-23 15:53:37 +02:00
Martin Reinhardt
21a62a2670 [KEYCLOAK-6376] Reorganize imports and revert pom changes 2019-10-21 10:41:04 +02:00
Martin Reinhardt
eed4449f8d [KEYCLOAK-6376] Fixing Conditional OTP by reusing existing API for role checks 2019-10-21 10:41:04 +02:00
Phil Brown
85ead8b38a KEYCLOAK-11740:
Fix debug message that does not properly handle single quotes
according to java.text.MessageFormat, which in turn causes the
replacement to not be handled.

Signed-off-by: Phil Brown <brownp@stellarscience.com>
2019-10-17 13:02:03 +02:00
stianst
ceeb087dbd KEYCLOAK-8938 TypeError: kc.login(...).success is not a function 2019-10-16 17:57:18 +02:00
stianst
7866a6cff3 Playing with Travis 2019-10-09 10:10:20 +02:00
Jon Koops
bc5b4de79e [KEYCLOAK-11435] Log deprecation warning for usage of non-native Promises 2019-10-03 10:55:22 -04:00
Jon Koops
ff77b549ec [KEYCLOAK-11193] Change 'disableLogging' to 'enableLogging' and default to false 2019-09-24 10:31:02 -03:00
Jon Koops
0b9c6192a3 KEYCLOAK-11193 Allow JavaScript logging to be disabled 2019-09-19 07:09:32 -03:00
Karel Hala
f8e4ccd57a KEYCLOAK-11195 Add module loading to dependencies
Use window global libraries for AMD
2019-09-13 14:47:45 -03:00
jferrer
97fccd6d50 KEYCLOAK-10910 login function now uses promise type specified in init 2019-09-06 15:24:31 -04:00
Jon Koops
c902896ab6 KEYCLOAK-11196 Document the type for the useNonce option 2019-08-30 14:34:20 -04:00
Jon Koops
2d465df94d KEYCLOAK-11194 Remove dead code from JavaScript adapter 2019-08-30 14:32:54 -04:00
Niko Köbler
49e9cd759b KEYCLOAK-10734 Let the check-sso feature do the check in hidden iframe 2019-08-20 15:41:09 -03:00
Martin Kanis
75d2ec8ff6 KEYCLOAK-11012 Unable to install EAP6 adapter 2019-08-16 12:44:50 +02:00
Valeran86
b0d0d3e579 [KEYCLOAK-10849] - KeycloakRole equals only with itself
I use Keycloak Spring Adapter (KSA) to secure existing application. Today I realized that some functions didn't work anymore because of security checking like this:
```
GrantedAuthority adminRole = new MySpecialGrantedAuthority( "superadmin" );
for ( GrantedAuthority role : userRoles ) {
        if ( role.equals( adminRole ) ) {
          return true;
        }
      }
```
In this example, when I use KSA authorization fails.
I believe, that more preferable in `KeycloakRole` use this implementation of `equals` method.
2019-08-16 05:20:03 -03:00
Takashi Norimatsu
8225157a1c KEYCLOAK-6768 Signed and Encrypted ID Token Support 2019-08-15 15:57:35 +02:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Hynek Mlnarik
67f8622d13 KEYCLOAK-8318 Workaround Elytron's double encoding of the query parameters
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-07-19 14:37:38 +02:00
Stefan Guilhen
ceaae7a254 [KEYCLOAK-10384] Add equals and hashCode to KeycloakUndertowAccount, SamlPrincipal and SamlSession to avoid cache misses in the PicketBox JAAS auth manager 2019-07-18 21:08:22 +02:00
kuan
1c5f7c1420 Update KeycloakTokenParsed definition.
To match KeycloakInstance's realm access and resources access.
2019-07-17 15:29:34 -04:00
Hynek Mlnarik
3d4283fac9 KEYCLOAK-9987 Upgrade to Wildfly17
Co-Authored-By: hmlnarik <hmlnarik@redhat.com>
2019-07-16 08:05:46 +02:00
Pedro Igor
9215957bd0 Revert "KeycloakRole equals only with itself"
This reverts commit 2899375614.
2019-07-09 09:05:20 -03:00
Valeran86
2899375614 KeycloakRole equals only with itself
I use Keycloak Spring Adapter (KSA) to secure existing application. Today I realized that some functions didn't work anymore because of security checking like this:
```
GrantedAuthority adminRole = new MySpecialGrantedAuthority( "superadmin" );
for ( GrantedAuthority role : userRoles ) {
        if ( role.equals( adminRole ) ) {
          return true;
        }
      }
```
In this example, when I use KSA authorization fails.
I believe, that more preferable in `KeycloakRole` use this implementation of `equals` method.
2019-07-08 14:33:03 -03:00
Thomas Darimont
53d0db80c3 KEYCLOAK-10313 Only use PKCE if enable-pkce is configured for KeycloakInstalled adapter
Users who want to use PKCE support with the KeycloakInstalled adapter need to set the property
``"enable-pkce": true` in the adapter configuration / `keycloak.json`.
2019-07-03 08:49:55 +02:00
Thomas Darimont
8bd48391ca KEYCLOAK-10313 Add PKCE support to KeycloakInstalled Adpater
This adds PKCE support for Desktop Apps as
a followup to KEYCLOAK-1033 #6047.
2019-07-03 08:49:55 +02:00
vramik
d245287320 KEYCLOAK-9598 Apache Tomcat adapter 2019-06-14 10:09:13 +02:00
mhajas
12d351ae97 KEYCLOAK-10595 Make KeycloakSpringBootConfigResolver Spring bean 2019-06-14 09:41:56 +02:00
Sebastian Laskawiec
e739344556 KEYCLOAK-9640 Unify surefire versions 2019-06-13 13:26:49 +02:00
Nils Christian Ehmke
a58a0e7678 [KEYCLOAK-10334] Keycloak Spring Boot Adapter shares configuration in static field
Signed-off-by: Nils Christian Ehmke <nils-christian.ehmke@bmiag.de>
2019-06-04 07:13:13 -03:00
Pedro Igor
803e44dcb1 [KEYCLOAK-10422] - Code challenge only sent when options object argument is passed to login method 2019-05-29 15:09:01 -03:00
Thomas Darimont
2825619243 KEYCLOAK-1033 Add PKCE support for JS Adapter
This adds support for the "S256" code_challenge_method to the JS Adapter.
Note that the method "plain" was deliberately left out as is not recommended
to be used in new applications.

Note that this PR includes two libraries:
- [base64-js]{@link https://github.com/beatgammit/base64-js}
- [js-sha256]{@link https://github.com/emn178/js-sha256}

`base64-js` is needed for cross-browser support for decoding the
Uint8ArrayBuffer returned by `crypto.getRandomValues` to a PKCE
compatible base64 string.

`js-sha256` library is required because the `crypto.subtle.digest`
support is not available for all browsers.

The PKCE codeVerifier is stored in the callbackStore of the JS Adapter.

Note: This PR is based on #5255 which got messed up during a rebase.
2019-05-29 15:40:16 +02:00
Pedro Igor
e9ea1f0e36 [KEYCLOAK-10279] - Do not limit results when fetching resources 2019-05-28 15:35:29 -03:00
vramik
9a5b85910a KEYCLOAK-9599 Remove Wildfly 8 adapter 2019-05-28 14:28:09 +02:00
vramik
3bbab225c8 KEYCLOAK-9596 Remove Apache Tomcat 6.0.x adapter 2019-05-28 12:00:19 +02:00
Alan Balbo
0a67e0a89e KEYCLOAK-10097 Fix register method in javascript adatper for cordova 2019-05-24 08:49:10 -04:00
Sergio Livi
80932c07a2 KEYCLOAK-10071 check isNaN for minValidity 2019-05-20 09:18:40 -04:00
Jonas Kello
96f13e15ca Add CompatPromise conditional type 2019-05-15 07:42:06 -04:00
mhajas
429863e83b KEYCLOAK-9095 Fix NPE in AuthenticatedActionsHandler 2019-05-02 13:03:06 +02:00
Martin Kanis
e5092bb617 KEYCLOAK-10090 Fix alignment for CD 6 release in PNC 2019-04-18 09:13:02 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
Sebastian Laskawiec
0042726dd8 KEYCLOAK-9601 KEYCLOAK-9602 Jetty 8.1 and 9.1 removal
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-04-16 11:21:29 +02:00
Anders Rønning
3f7d32d1ae KEYCLOAK-10026: Add missing TypeScript definition for init options 2019-04-15 07:46:05 -04:00
Pedro Igor
c8970c95d5 [KEYCLOAK-10015] - CIP not properly resolving objects from JSON request body 2019-04-11 18:19:43 -03:00
mhajas
5b47df8979 KEYCLOAK-10013 Do not reject tokens with issuedAt == notBefore 2019-04-11 21:57:11 +02:00
Pedro Igor
ad9f59f9f7 [KEYCLOAK-9353] - Avoids initialization of the policy enforcer during deployment 2019-04-05 16:02:53 -03:00