Commit graph

3115 commits

Author SHA1 Message Date
Martin Bartos
ec9bf6206e [KEYCLOAK-13202] Reset password redirects to account client 2020-06-18 13:08:36 +02:00
Erik Jan de Wit
c20766f2d7 KEYCLOAK-14140 added more test cases
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
2020-06-17 13:56:11 -04:00
Thomas Darimont
92ab9c08ae KEYCLOAK-8100 Expose sub claim in OIDC IdentityBroker Mappers
We now expose the claims "sub" for use in Identity Broker mappers.
Previously claims directly mapped to `JsonWebToken` fields were not
accessible for mappings.
2020-06-17 12:56:08 -03:00
Pedro Igor
d331091c5e [KEYCLOAK-11330] - Quarkus tests 2020-06-17 17:20:55 +02:00
Martin Kanis
8f18cf1646 KEYCLOAK-14132 DefaultSecurityHeadersProvider should support 307 as redirect code 2020-06-17 11:55:40 +02:00
Tero Saarni
3c82f523ff [KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS
Signed-off-by:  Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00
Pedro Igor
e16f30d31f [KEYCLOAK-2343] - Allow exact user search by user attributes
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2020-06-10 12:02:50 -03:00
Erik Jan de Wit
8b0760a6d1 KEYCLOAK-14158 Polished the My Resource page
empty state

change case

added dropdown menu instead of buttons

now on edit you can add and remove permissions

changed how the actions work

updated success messages

use live region alerts toast alerts

username or email search

labels for the buttons

margin between accecpt and deny button

fixed test and types

changed to bigger distance with split component

changed to use seperate empty state component
2020-06-08 09:05:30 -04:00
Yoshiyuki Tabata
f03ee2ec98 KEYCLOAK-14145 OIDC support for Client "offline" session lifespan 2020-06-04 14:24:52 +02:00
Denis
8d6f8d0465 EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows 2020-06-04 08:08:52 +02:00
Pedro Igor
e8dc10b4a1 [KEYCLOAK-11330] - Properly handling POST formdata and UriInfo 2020-06-02 09:36:40 +02:00
stianst
90b29b0e31 KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy 2020-05-29 13:57:38 +02:00
Benjamin Weimer
4265fdcab2 KEYCLOAK-14318 Client Empty Root URL and relative Base URL is valid 2020-05-29 11:21:28 +02:00
vmuzikar
f8dce7fc3e KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies 2020-05-28 13:37:56 +02:00
Youssef El Houti
086bdd1700 add optional field at_hash to idToken when using Authorization Code flow since it improves performance and allows to follow the recommandation in RFC for clients to use hash for access_token validation 2020-05-27 07:34:05 +02:00
Pedro Igor
bc901d0025 [KEYCLOAK-14299] - Do not create keys during startup but on-demand 2020-05-26 15:13:26 -03:00
Pedro Igor
f15821fe69 [KEYCLOAK-11679] - Server startup on Quarkus 2020-05-26 08:34:07 -03:00
Hynek Mlnarik
7deb89caab KEYCLOAK-10729 Do not serialize SAML signature 2020-05-25 15:38:17 +02:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … (#6962)
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).

* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.

Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
2020-05-20 21:04:45 +02:00
Stan Silvert
13d0491ff3 KEYCLOAK-14038: Re-allow special characters for Roles only 2020-05-20 07:53:23 -04:00
Takashi Norimatsu
c057b994e7 KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support 2020-05-20 09:01:59 +02:00
Takashi Norimatsu
be0ba79daa KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS 2020-05-19 17:00:41 +02:00
mposolda
12d965abf3 KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP 2020-05-19 16:58:25 +02:00
Martin Kanis
6f43b58ccf KEYCLOAK-14074 filterIdentityProviders compares providerId instead of alias 2020-05-19 09:46:21 +02:00
Thomas Darimont
6211fa90e0 KEYCLOAK-10932 Honor given_name and family_name in OIDC brokering
Previously firstname and lastname were derived from the name claim.
We now use direct mappings to extract firstname and lastname from
given_name and family_name claims.

Added test to KcOidcFirstBrokerLoginTest

Marked org.keycloak.broker.provider.BrokeredIdentityContext#setName
as deprecated to avoid breaking existing integrations.
2020-05-19 09:10:43 +02:00
stianst
d99d65eb92 KEYCLOAK-14163 Common resources are not loaded from common path 2020-05-18 15:08:34 +02:00
Pedro Igor
bae802bcfa [KEYCLOAK-11784] - Using Hibernate Extension 2020-05-14 11:10:46 +02:00
stianst
b04932ede5 KEYCLOAK-12414 Remove the need to specify defaults in config file 2020-05-13 09:02:29 -03:00
Pedro Igor
35f622f48e [KEYCLOAK-11719] - Remove need for servlets/undertow from Quarkus dist
Co-authored-by: MatthewC <matthewc@backbase.com>
2020-05-13 09:28:58 +02:00
Sven-Torben Janus
fcb0e450a0 KEYCLOAK-13817 Return local user from LDAPStorageProvider 2020-05-12 20:50:18 +02:00
Yoshiyuki Tabata
f7d00fc2e9 KEYCLOAK-13844 "exp" claim should not be "0" when using offline token 2020-05-12 16:14:37 +02:00
stianst
49db2c13a5 KEYCLOAK-8141 Fix issue where attribute values are duplicated if updates to user are done in parallell 2020-05-12 09:06:44 +02:00
Pedro Igor
44c49d69a7 [KEYCLOAK-13071] - AuthorizationTokenService swallows Exceptions thrown by KeycloakIdentity 2020-05-08 09:21:37 +02:00
Takashi Norimatsu
3716bd96ad KEYCLOAK-14093 Specify Signature Algorithm in Signed JWT with Client Secret 2020-05-07 11:28:39 +02:00
Agniswar Mandal
8646d0668a KEYCLOAK-14072 docker-compose.yaml file generated creates an invalid urls
* Updated Invalid URLs

The docker-compose.yaml file generated creates an invalid url for REGISTRY_AUTH_TOKEN_REALM and REGISTRY_AUTH_TOKEN_ISSUER. Fixed

* KEYCLOAK-14072 JIRA#14072

Test coverage fix for the the JIRA#14072
2020-05-07 08:40:52 +02:00
stianst
2be61246f4 KEYCLOAK-14057 Fix resource not found error when creating policy 2020-05-06 11:08:29 +02:00
Takashi Norimatsu
0d0617d44a KEYCLOAK-13720 Specify Signature Algorithm in Signed JWT Client Authentication 2020-05-05 17:43:00 +02:00
rmartinc
f0852fd362 KEYCLOAK-13823: "Dir" Full export/import: On import, service account roles and authorization info are not imported 2020-05-05 17:05:56 +02:00
Vanrar68
85feda3beb KEYCLOAK-13998 ConditionalRoleAuthenticator doesn't work with composite roles 2020-05-05 08:39:04 +02:00
Michael Riedmann
b3a88d6509 [KEYCLOAK-13995] fixed ClientMappers update capabilities of Admin REST API endpoint. 2020-05-04 17:13:57 +02:00
stianst
48b1b2b7de KEYCLOAK-14043 Fixes for authz due to security header spi changes 2020-05-04 14:11:01 +02:00
Erik Jan de Wit
435815249b KEYCLOAK-12783 changed to base account url for new console 2020-05-04 07:16:15 -04:00
Hynek Mlnarik
32f13016fa KEYCLOAK-12874 Align Destination field existence check with spec 2020-05-04 09:19:44 +02:00
cc
8876294a72 [KEYCLOAK-13964] exported realm should include keycloak version, not Project/product version
The exported realm json file includes a field named "KeycloakVersion", which is assigned
Version.Version. In community edition, Version.Version is identical to Version.KeycloakVersion.
If we rebrand product based on keycloak project, Version.Version will be Product version, while
keycloak codes expect exported realm file including KeycloakVersion for normal migrating.

For RHSSO product, there are somes codes in class MigrationModelManager for converting the right
KeycloakVersion.

From semantic point, a field named "KeycloakVersion" should be assigned variable named "KeycloakVersion".
2020-04-30 12:41:40 +02:00
Martin Kanis
aa309b96a8 KEYCLOAK-13682 NPE when refreshing token after enabling consent 2020-04-30 08:46:21 +02:00
stianst
a77c35ea8f KEYCLOAK-14009 Add fix for token revocation endpoint 2020-04-29 17:22:25 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
Pedro Igor
601bf8d63e [KEYCLOAK-12735] - Improving queries and cache for authz 2020-04-29 03:58:03 +02:00
Yoshiyuki Tabata
874642fe9e KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC 2020-04-28 15:34:25 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00