Thomas Darimont
12576e339d
KEYCLOAK-15146 Add support for searching users by emailVerified status
...
We now allow to search for users by their emailVerified status.
This enables users to easily find users and deal with incomplete user accounts.
2020-09-29 08:28:59 -03:00
vmuzikar
fbe18e67c3
KEYCLOAK-15721 KeycloakPromise sometimes doesn't work
2020-09-28 15:57:46 -03:00
Pedro Igor
04415d34ea
[KEYCLOAK-14255] - More improvements to CLI
2020-09-25 08:52:19 +02:00
Takashi Norimatsu
6596811d5d
KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level
2020-09-25 08:31:14 +02:00
mposolda
006b98ae13
KEYCLOAK-15632 Support nested expressions inside StringPropertyReplacer
2020-09-24 18:41:01 +02:00
mhajas
e4078933f8
KEYCLOAK-14828 Disable DTD for SAML XML parser
...
(cherry picked from commit 37de7de78b2ae0eebee97fe917642bb849325f86)
2020-09-24 13:35:21 +02:00
Pedro Igor
267be2d416
[KEYCLOAK-14255] - More improvements to CLI
2020-09-23 10:47:11 -03:00
Pedro Igor
76dede0f1e
[KEYCLOAK-14221] - Allow to map subject to userinfo response
2020-09-23 14:33:14 +02:00
mposolda
f0a8e78636
KEYCLOAK-15635 Remove quarkus.index-dependency properties from application.properties
2020-09-22 19:30:44 -03:00
vmuzikar
bca73fd04a
KEYCLOAK-15158 Javascript adapter init() is throwing a promise error after upgrade to 11
2020-09-22 10:56:46 -03:00
Frode Ingebrigtsen
0a0b7da53e
KEYCLOAK-15429 Add CORS origin on permission request with invalid access token
2020-09-22 08:56:21 -03:00
Martin Kanis
053f5bad1f
KEYCLOAK-15608 JsonFileImport...MigrationTest fails for map store
2020-09-22 12:29:24 +02:00
Denis
50210c4d9b
KEYCLOAK-14161 Regression on custom registration process
2020-09-21 20:23:39 +02:00
mhajas
12bc84322a
KEYCLOAK-14974 Map group storage provider
2020-09-21 15:56:32 +02:00
testn
2cd03569d6
KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader
2020-09-21 13:05:03 +02:00
Takashi Norimatsu
bd3840c606
KEYCLOAK-15559 Client Policy - Executor : Missing Help Text of SecureResponseTypeExecutor
2020-09-21 12:40:25 +02:00
vmuzikar
790b549cf9
KEYCLOAK-15262 Logout all sessions after password change
2020-09-18 20:09:40 -03:00
Peter Skopek
1bcb397a2f
KEYCLOAK-14953 Unify wildfly component versions related properties already used in keycloak.
2020-09-17 23:27:25 -07:00
Darran Lofthouse
0adb33a59d
[KEYCLOAK-14953] Make repository.jboss.org available for building the Galleon feature pack.
...
Update the EAP versions to match the most recent release.
2020-09-17 23:27:25 -07:00
Darran Lofthouse
64b8bca9d7
[KEYCLOAK-14953] Additional updates to the new Galleon feature pack:
...
- Adjust feature pack to depend on "wildfly-galleon-pack".
- Declare dependency from "keycloak-client-oidc" on "undertow" and "ee" layers.
- Update name of layer to "keycloak-client-oidc".
- Update the producer to match the group and artifact ID of the maven artifact.
2020-09-17 23:27:25 -07:00
JF Denise
6a5c1defe1
[KEYCLOAK-14953] keycloak oidc/elytron adapter galleon-pack prototype
2020-09-17 23:27:25 -07:00
mhajas
b75ad2fbd8
KEYCLOAK-15259 Avoid using "null" Origin header as a valid value
2020-09-17 23:21:49 -07:00
mhajas
f7e0af438d
KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak
...
(cherry picked from commit 0b49640231abc6e465542bd2608e1c908c079ced)
2020-09-17 23:21:49 -07:00
Martin Kanis
f037dabdc1
KEYCLOAK-15199 Use stream variant method in jpa/RoleAdapter.getFirstAttribute
2020-09-17 13:18:21 +02:00
Pedro Igor
3fd6f0ce10
[KEYCLOAK-14255] - Fixing tests
2020-09-17 10:38:41 +02:00
Luca Leonardo Scorcia
c6608c1561
KEYCLOAK-15383 Translation strings escaped twice in saml-post-form.ftl
2020-09-16 21:31:51 +02:00
Pedro Igor
0978d78a48
[KEYCLOAK-14255] - Initial changes to configuration
2020-09-16 20:03:52 +02:00
Luca Leonardo Scorcia
3973d47bd4
KEYCLOAK-15465 SAML Identity Broker - SP metadata writer always emits AttributeConsumingService isDefault attribute
...
The isDefault attribute is defined as optional, yet if it set to null Keycloak incorrectly emits the value isDefault="null".
2020-09-16 16:44:19 +02:00
Luca Leonardo Scorcia
10077b1efe
KEYCLOAK-15485 Add option to enable SAML SP metadata signature
2020-09-16 16:40:45 +02:00
Mark Wolfe
3723d78e3c
KEYCLOAK-15460 Fix missing event types in SAML endpoint
...
A change was done in 32f13016fa
2020-09-16 16:36:19 +02:00
Martin Kanis
5d5e56dde3
KEYCLOAK-15199 Complement methods for accessing roles with Stream variants
2020-09-16 16:29:51 +02:00
Benjamin Weimer
f874e9a43c
KEYCLOAK-9874 include realm and client roles in user info response
2020-09-16 10:01:02 +02:00
Joaquim Fellmann
be4780243b
KEYCLOAK-15483 Replace badly displayed HTML message with simple text message for french locale (align with en, de, pt, po, tr, nl locales)
2020-09-15 17:09:53 -04:00
Takashi Norimatsu
b670734eec
KEYCLOAK-14205 FAPI-RW Client Policy - Executor : Enforce Response Type of OIDC Hybrid Flow
2020-09-14 20:58:25 +02:00
Hynek Mlnarik
a05066d567
KEYCLOAK-15477 Fix permission evaluation logic
2020-09-14 20:53:46 +02:00
Konstantinos Georgilakis
f4f58ab707
KEYCLOAK-15540 correct SAMLAttributeConsumingServiceParser
2020-09-14 16:01:46 +02:00
mposolda
4123b7a91e
KEYCLOAK-11678 Remove dummy resource. Adding keycloak-services and liquibase to jandex indexing
2020-09-14 09:27:34 -03:00
vmuzikar
a9a719b88c
KEYCLOAK-15270 Account REST API doesn't verify audience
2020-09-14 08:43:09 -03:00
Dmitry Telegin
b62d68a591
KEYCLOAK-14952 - Unit test failure in keycloak-saml-core on Java 11
2020-09-14 11:17:57 +02:00
mhajas
3186f1b5a9
KEYCLOAK-15514 Update AbstractStorageManager to check capability interface types
2020-09-11 14:42:48 +02:00
vmuzikar
cb5c893d87
Add tests for KEYCLOAK-15481
2020-09-11 07:03:24 -04:00
Stan Silvert
952e8fecee
KEYCLOAK-15481: Display forbidden screen
2020-09-11 07:03:24 -04:00
Miquel Simon
2572b1464b
KEYCLOAK-15395. Removed totp/remove (DELETE) and credentials/password (GET, POST) endpoints.
2020-09-10 18:03:03 -03:00
Takashi Norimatsu
af2f18449b
KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role
2020-09-10 18:34:19 +02:00
Clement Cureau
b19fe5c01b
Finegrain admin as fallback and added some tests
2020-09-10 12:26:55 -03:00
Clement Cureau
73378df52e
[KEYCLOAK-11621] Allow user creation via group permissions (Admin API)
...
Problem:
Using fine-grained admin permissions on groups, it is not permitted to create new users
within a group.
Cause:
The POST /{realm}/users API does not check permission for each group part of the new
user representation
Solution:
- Change access logic for POST /{realm}/users to require MANAGE_MEMBERS and
MANAGE_MEMBERSHIP permissions on each of the incoming groups
Tests:
Manual API testing performed:
1. admin user from master realm:
- POST /{realm}/users without groups => HTTP 201 user created
- POST /{realm}/users with groups => HTTP 201 user created
2. user with MANAGE_MEMBERS & MANAGE_MEMBERSHIP permissions on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 201 user created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
3. user with MANAGE_MEMBERS permission on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
2020-09-10 12:26:55 -03:00
testn
706299557e
KEYCLOAK-15174: ResourceServerAdapter.toEntity checks the wrong type
2020-09-10 12:19:25 -03:00
testn
c288175c03
KEYCLOAK-15208: PermissionTicketAdapter checks for the wrong type
2020-09-10 12:16:48 -03:00
Sebastian Laskawiec
e01159a943
KEYCLOAK-14767 OpenShift Review Endpoint audience fix
2020-09-09 11:57:24 -03:00
Takashi Norimatsu
cbb79f0430
KEYCLOAK-15448 FAPI-RW : Error Response on OIDC private_key_jwt Client Authentication Error (400 error=invalid_client)
2020-09-09 11:14:21 +02:00
