Michito Okai
eac3341241
KEYCLOAK-15779 Authorization Server Metadata for the URL of the
...
authorization server's JWK Set [JWK] document
2020-10-02 11:18:31 +02:00
Thomas Darimont
12576e339d
KEYCLOAK-15146 Add support for searching users by emailVerified status
...
We now allow to search for users by their emailVerified status.
This enables users to easily find users and deal with incomplete user accounts.
2020-09-29 08:28:59 -03:00
Takashi Norimatsu
6596811d5d
KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level
2020-09-25 08:31:14 +02:00
Pedro Igor
76dede0f1e
[KEYCLOAK-14221] - Allow to map subject to userinfo response
2020-09-23 14:33:14 +02:00
Frode Ingebrigtsen
0a0b7da53e
KEYCLOAK-15429 Add CORS origin on permission request with invalid access token
2020-09-22 08:56:21 -03:00
Denis
50210c4d9b
KEYCLOAK-14161 Regression on custom registration process
2020-09-21 20:23:39 +02:00
mhajas
12bc84322a
KEYCLOAK-14974 Map group storage provider
2020-09-21 15:56:32 +02:00
testn
2cd03569d6
KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader
2020-09-21 13:05:03 +02:00
Takashi Norimatsu
bd3840c606
KEYCLOAK-15559 Client Policy - Executor : Missing Help Text of SecureResponseTypeExecutor
2020-09-21 12:40:25 +02:00
vmuzikar
790b549cf9
KEYCLOAK-15262 Logout all sessions after password change
2020-09-18 20:09:40 -03:00
mhajas
b75ad2fbd8
KEYCLOAK-15259 Avoid using "null" Origin header as a valid value
2020-09-17 23:21:49 -07:00
mhajas
f7e0af438d
KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak
...
(cherry picked from commit 0b49640231abc6e465542bd2608e1c908c079ced)
2020-09-17 23:21:49 -07:00
Luca Leonardo Scorcia
10077b1efe
KEYCLOAK-15485 Add option to enable SAML SP metadata signature
2020-09-16 16:40:45 +02:00
Mark Wolfe
3723d78e3c
KEYCLOAK-15460 Fix missing event types in SAML endpoint
...
A change was done in 32f13016fa
which isn't setting the type for events and causing an internal error.
2020-09-16 16:36:19 +02:00
Martin Kanis
5d5e56dde3
KEYCLOAK-15199 Complement methods for accessing roles with Stream variants
2020-09-16 16:29:51 +02:00
Benjamin Weimer
f874e9a43c
KEYCLOAK-9874 include realm and client roles in user info response
2020-09-16 10:01:02 +02:00
Takashi Norimatsu
b670734eec
KEYCLOAK-14205 FAPI-RW Client Policy - Executor : Enforce Response Type of OIDC Hybrid Flow
2020-09-14 20:58:25 +02:00
Hynek Mlnarik
a05066d567
KEYCLOAK-15477 Fix permission evaluation logic
2020-09-14 20:53:46 +02:00
mposolda
4123b7a91e
KEYCLOAK-11678 Remove dummy resource. Adding keycloak-services and liquibase to jandex indexing
2020-09-14 09:27:34 -03:00
vmuzikar
a9a719b88c
KEYCLOAK-15270 Account REST API doesn't verify audience
2020-09-14 08:43:09 -03:00
mhajas
3186f1b5a9
KEYCLOAK-15514 Update AbstractStorageManager to check capability interface types
2020-09-11 14:42:48 +02:00
Miquel Simon
2572b1464b
KEYCLOAK-15395. Removed totp/remove (DELETE) and credentials/password (GET, POST) endpoints.
2020-09-10 18:03:03 -03:00
Takashi Norimatsu
af2f18449b
KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role
2020-09-10 18:34:19 +02:00
Clement Cureau
b19fe5c01b
Finegrain admin as fallback and added some tests
2020-09-10 12:26:55 -03:00
Clement Cureau
73378df52e
[KEYCLOAK-11621] Allow user creation via group permissions (Admin API)
...
Problem:
Using fine-grained admin permissions on groups, it is not permitted to create new users
within a group.
Cause:
The POST /{realm}/users API does not check permission for each group part of the new
user representation
Solution:
- Change access logic for POST /{realm}/users to require MANAGE_MEMBERS and
MANAGE_MEMBERSHIP permissions on each of the incoming groups
Tests:
Manual API testing performed:
1. admin user from master realm:
- POST /{realm}/users without groups => HTTP 201 user created
- POST /{realm}/users with groups => HTTP 201 user created
2. user with MANAGE_MEMBERS & MANAGE_MEMBERSHIP permissions on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 201 user created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
3. user with MANAGE_MEMBERS permission on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
2020-09-10 12:26:55 -03:00
Sebastian Laskawiec
e01159a943
KEYCLOAK-14767 OpenShift Review Endpoint audience fix
2020-09-09 11:57:24 -03:00
Takashi Norimatsu
cbb79f0430
KEYCLOAK-15448 FAPI-RW : Error Response on OIDC private_key_jwt Client Authentication Error (400 error=invalid_client)
2020-09-09 11:14:21 +02:00
Benjamin Weimer
b2934e8dd0
KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found
2020-09-08 11:17:20 -03:00
Martin Kanis
4e9bdd44f3
KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak
2020-09-07 13:11:55 +02:00
stianst
76f7fbb984
KEYCLOAK-14548 Add support for cached gzip encoding of resources
2020-09-07 00:58:47 -07:00
Martin Bartos
e34ff6cd9c
[KEYCLOAK-14326] Identity Provider force sync is not working
2020-09-07 09:42:40 +02:00
Takashi Norimatsu
1d8230d438
KEYCLOAK-14190 Client Policy - Condition : The way of creating/updating a client
2020-09-04 09:54:55 +02:00
Luca Leonardo Scorcia
67b2d5ffdd
KEYCLOAK-14961 SAML Client: Add ability to request specific AuthnContexts to remote IdPs
2020-09-03 21:25:36 +02:00
Konstantinos Georgilakis
1fa93db1b4
KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing
2020-09-02 20:43:09 +02:00
Takashi Norimatsu
b93a6ed19f
KEYCLOAK-14919 Dynamic registration - Scope ignored
2020-09-02 13:59:22 +02:00
Takashi Norimatsu
107a429238
KEYCLOAK-15236 FAPI-RW : Error Response on OAuth 2.0 Mutual TLS Client Authentication Error (400 error=invalid_client)
2020-09-02 09:31:20 +02:00
mhajas
3928a49c77
KEYCLOAK-14816 Reset brute-force-detection data for the user after a successful password grant type flow
2020-09-01 21:45:17 +02:00
Hynek Mlnarik
583fa07bc4
KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking
2020-09-01 20:40:38 +02:00
mhajas
bdccfef513
KEYCLOAK-14973 Create GroupStorageManager
2020-09-01 10:21:39 +02:00
Martin Bartos
9c847ab176
[KEYCLOAK-14432] Unhandled NPE in identity broker auth response
2020-08-31 14:14:42 +02:00
Martin Kanis
d59a74c364
KEYCLOAK-15102 Complement methods for accessing groups with Stream variants
2020-08-28 20:56:10 +02:00
Stan Silvert
35931d60eb
KEYCLOAK-15137: Move PF4 css files to keycloak/common
2020-08-20 08:46:28 -04:00
Pratik Somanagoudar
f486e97c18
KEYCLOAK-15087 : Reduce get client and get roles calls in realm create
2020-08-20 08:49:51 -03:00
mhajas
ae39760a62
KEYCLOAK-14972 Add independent GroupProvider interface
2020-08-13 21:13:12 +02:00
Benjamin Weimer
fdcfa6e13e
KEYCLOAK-15156 backchannel logout offline session handling
2020-08-13 08:09:59 -03:00
David Hellwig
ddc2c25951
KEYCLOAK-2940 - draft - Backchannel Logout ( #7272 )
...
* KEYCLOAK-2940 Backchannel Logout
Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com>
Co-authored-by: David Hellwig <hed4be@bosch.com>
2020-08-12 09:07:58 -03:00
Sebastian Paetzold
4ff34c1be9
KEYCLOAK-14890 Improve null handling in case of missing NameId
2020-08-06 10:45:22 -03:00
Dmitry Telegin
70ee36224c
KEYCLOAK-14944 - Unit test failure in keycloak-services on Java 11
2020-08-05 10:41:43 -03:00
vmuzikar
b68d06f91c
KEYCLOAK-13127 Update Account Console to Account REST API v1
2020-08-04 18:43:23 -03:00
zak905
8597edba8e
KEYCLOAK-14851: make AIA max auth age configurable per AIA
2020-08-04 13:30:37 -04:00