Commit graph

462 commits

Author SHA1 Message Date
pedroigor
668b67dcdb [KEYCLOAK-6623] - Policy enforcer gets confused with similar paths ending with wildcards 2018-03-09 16:38:57 -03:00
Pedro Igor
91bdc4bde2 [KEYCLOAK-3169] - UMA 2.0 (#4368)
* [KEYCLOAK-3169] - UMA 2.0 Support

* [KEYCLOAK-3169] - Changes to account service and more tests

* [KEYCLOAK-3169] - Code cleanup and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - More tests

* [KEYCLOAK-3169] - Changes to adapter configuration

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring

* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests

* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers

* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console

* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console

* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests

* [KEYCLOAK-3169] - Removing more UMA 1.0 related code

* [KEYCLOAK-3169] - Only submit requests if ticket exists

* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - 403 response in case ticket is not created

* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent

* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
wyvie
f8022a5c2f [KEYCLOAK-6585] hybrid flow: removed token_type and expires_in paramters from oidc auth response 2018-02-27 15:31:12 +01:00
Hynek Mlnarik
1f20c03afa KEYCLOAK-6470 Refactor SAML adapter parsers 2018-02-27 09:37:29 +01:00
wyvie
52acd959e0 [KEYCLOAK-6584] removed not-before-policy parameter from authorization response 2018-02-26 17:41:18 +01:00
Hynek Mlnarik
e7cdb8ad54 KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers 2018-02-23 08:16:14 +01:00
stianst
eb326cd1bb KEYCLOAK-6534 Check for string in receiveMessage in session iframe 2018-02-22 07:02:16 +01:00
stianst
9b63cd35f0 KEYCLOAK-6431 2018-02-13 19:38:46 +01:00
Bill Burke
5d5373454c
Merge pull request #4991 from patriot1burke/challenge-support
KEYCLOAK-6355
2018-02-13 09:38:45 -05:00
Bill Burke
a3d6917f20 disable clisso experimental feature 2018-02-12 17:57:05 -05:00
David Festal
f44cda2621 Make the keycloak.js capable of working with alternate OIDC providers (#4978)
* Make the `keycloak.js` capable of working with alternate OIDC providers

(provided that they create access_tokens as JWT tokens with `exp` and
`iat` claims).

Also add a `useNonce` option, to allow disabling the `nonce` check
since, in the OIDC specification, `nonce` is optional.

Signed-off-by: David Festal <dfestal@redhat.com>

* Update the `keycloak.ts` with the `useNonce` additional init option. 

Signed-off-by: David Festal <dfestal@redhat.com>

* Fix 2 errors in the case `checkSessionIframe` is used

Signed-off-by: David Festal <dfestal@redhat.com>
2018-02-12 11:00:02 +01:00
Bill Burke
d6788a0839 finish 2018-02-10 13:38:39 -05:00
o.pakers
8495a7c05a [master]: fix type for checkLoginIframeInterval 2018-02-02 08:37:07 +01:00
Martin Kanis
6b8ec0bb82 KEYCLOAK-6154 Exclude common-logging/codec from keycloak-osgi-thirdparty 2018-01-31 21:26:41 +01:00
Takashi Norimatsu
502627f590 KEYCLOAK-5811 Client Authentication by JWS Client Assertion in client secret 2018-01-26 10:59:40 +01:00
Ray DeCampo
a21a94078b KEYCLOAK-5578: Keycloak JS adapter returns native Promise instances when available.
Promise instances are adorned with success() and error() functions to retain backwards compatibility.
2018-01-25 20:42:31 +01:00
stianst
06bb6f00e5 Include Jetty 9.1 in product profile 2018-01-04 09:14:11 +01:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Hynek Mlnarik
626004e782 KEYCLOAK-6066 Be less strict when handling cookies 2017-12-19 21:39:41 +01:00
sebastienblanc
a96c9d34c9 set auth contraint to true when wildcard is used 2017-12-14 14:00:03 +01:00
vramik
5a8ff72cb6 KEYCLOAK-4641 migrate remaining Adapter tests from old testsuite 2017-12-06 15:12:37 +01:00
stianst
5467d67c91 KEYCLOAK-5945 Strip default ports from urls 2017-12-04 19:56:01 +01:00
mposolda
ff6fcd30d9 KEYCLOAK-4478 OIDC auth response lacks session_state in some cases 2017-12-04 16:13:22 +01:00
Samuel Mendenhall
d69fe27cf9 set error instead of throw 2017-12-04 16:03:47 +01:00
Samuel Mendenhall
ca324c29e8 processInit should return a promise for setupCheckLoginIframe and should only call processCallback if that setupCheckLoginIframe is successful 2017-12-04 16:03:47 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
Domenico Briganti
b72b01bb9d fix logger class 2017-11-30 10:52:26 +01:00
pedroigor
5f43a6a342 [KEYCLOAK-3629] - Adding confidential-port attribute to wildfly adapter subsystem 2017-11-30 10:39:21 +01:00
pedroigor
6587cfa084 [KEYCLOAK-3629] - Some Adapters do not work with SSL Redirect 2017-11-30 10:39:21 +01:00
stianst
0bd2e63162 KEYCLOAK-5939 Align dependencies with WildFly 11 2017-11-29 20:39:10 +01:00
Pedro Igor
f48509c32c
Merge pull request #4741 from pedroigor/KEYCLOAK-2517
[KEYCLOAK-2517] - Doesn't work always refresh token
2017-11-28 20:58:56 -02:00
pedroigor
792ffdf39b [KEYCLOAK-5925] - Trace-level should log tokens without their signatures 2017-11-28 09:54:57 -02:00
Thomas Kuestermann
bb900f9db8 KEYCLOAK-5753 fixed NPE thrown when using custom RequestMatcher 2017-11-27 09:55:32 +01:00
pedroigor
819a60932e [KEYCLOAK-2517] - Doesn't work always refresh token 2017-11-24 23:40:29 -02:00
rmartinc
0b3ae30473 Parameter "ui_locales" not redirected to login page in java adapters 2017-11-23 11:18:29 +01:00
David De Vreese
9485a63157 KEYCLOAK-5183 Support for AssertionConsumerServiceUrl in Saml Adapter subsystem
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-20 15:59:47 +01:00
Thomas Recloux
04ad634986 Add configuration for KeycloakAuthenticatedActionsFilter
Fixes KEYCLOAK-5227
2017-11-10 10:44:12 +01:00
Bartłomiej Piech
d4b9c3c014 KEYCLOAK-5679 2017-11-10 10:42:26 +01:00
emilienbondu
8b8e694c60 Fix https://issues.jboss.org/browse/KEYCLOAK-5636 NPE 2017-11-09 19:32:27 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Xiaojian Liu
19eed51582 KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
9ff22f596d KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Xiaojian Liu
e1af9f133f KEYCLOAK-5352 Basic Auth fails if password contains a ':' 2017-11-09 13:56:02 +01:00
Pedro Igor
476dd1cef5 [KEYCLOAK-4439] - Fixing saml adapter 2017-11-08 19:01:54 -02:00
Pedro Igor
a8ba3eb7f9 [KEYCLOAK-4439] - Fixing elytron adapter for standalone apps 2017-11-08 14:09:34 -02:00
Paramvir-JIndal
d1468eaa45 [KEYCLOAK-5767]IE9 sometimes using HTTP status code 1223 instead of 204 (#4628) 2017-11-07 10:46:13 +01:00
Pedro Igor
d3dee07956 [KEYCLOAK-5763] - Forward credentials when using Elytron Adapter 2017-10-27 12:34:31 -02:00
Pedro Igor
7dd7b6b984 [KEYCLOAK-5726] - Defaults to true in case no required scopes are defined 2017-10-24 10:39:55 -02:00
Pedro Igor
a6e1413d58 [KEYCLOAK-5726] - Support define enforcement mode for scopes on the adapter configuration 2017-10-24 10:39:54 -02:00
Pavel Drozd
20d0fa1b4e Merge pull request #4528 from RaiSaurabh/test
KEYCLOAK-5623: Fix to support the URL handler for the file loading.
2017-10-23 12:52:10 +02:00
saurabhrai
6dd8592434 KEYCLOAK-5623: Updated to code to check the profile configuration to support Jboss Fuse adapter. Read from profile resource. 2017-10-23 14:17:18 +05:30
Gabriel Lavoie
e2f5ac60cf KEYCLOAK-5499: Use authentication token type rather than token source detection to identify interactive and non-interactive authentications. (#4488)
- access_token URL parameter wasn't interpreted correctly as a non-interactive authentication.
2017-10-16 09:38:05 +02:00
Sjoerd Cranen
cb43e3d763 KEYCLOAK-5191 Prevent exception in KeycloakAuthenticationFailureHandler (#4319)
* KEYCLOAK-5191 Don't attempt to send 401 when response is already committed

* KEYCLOAK-5191 Defend against configuration errors by preventing 2xx response after authentication failure
2017-10-16 09:34:58 +02:00
Stian Thorgersen
7774d5c6b8 Revert changes in KEYCLOAK-5621 (#4539) 2017-10-06 14:02:34 +02:00
Wojciech Trocki
a6e852495d Remove bug with login redirect on IOS (#4514)
* Create wrapper for window.open

* Move function to variable
2017-10-06 06:24:07 +02:00
Bartek Andrzejczak
8c7313f290 Renames realmKey to realmPublicKey for consistency (#4526) 2017-10-04 08:29:09 +02:00
Pedro Igor
4c71e2ec17 [KEYCLOAK-4439] - Changes for Wildfly 11.0.0.CR1 (#4504)
* [KEYCLOAK-4439] - Changes for Wildfly 11.0.0.CR1

* [KEYCLOAK-5463] - Fixing servlet filter when using elytron adapters
2017-09-28 11:46:17 +02:00
jtyrrell-se-jboss
9673ce5541 Update OAuthRequestAuthenticator.java (#4427)
Removed a check for a 400 error, I was seeing a 403 error, and it wasn't until I rewrote the code to be like what is in line 334 I did not see enough meaningful information to figure out I had a /etc/hosts issue, where I had it locally on my machine, but the remote tomcat instance needed it also.
2017-09-12 08:24:36 +02:00
Bill Burke
2cadf0a260 Merge pull request #4454 from sebastienblanc/KEYCLOAK-3473
KEYCLOAK-3473 : add new flag to determine if error response must be sent or not
2017-09-11 18:52:07 -04:00
Bill Burke
9c48da2a78 Merge pull request #4417 from mgmeiner/master
KEYCLOAK-5329 async support for tomcat7 and tomcat8
2017-09-11 18:51:20 -04:00
Jasper Siepkes
458c2f2682
Clarify request URI mismatch error message in SAML adapter.
Show expected URI and received URI in error message. Also makes the logging behavior of 'handleSamlResponse' the same as 'handleSamlRequest' since that method already shows the expected and received URI.
2017-09-11 19:52:49 +02:00
sebastienblanc
aaac85e541 add new flag to determine if error response must be sent or not 2017-09-05 15:08:17 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnarik
794c508b10 KEYCLOAK-4995 Support for distributed SAML logout in cross DC 2017-08-28 13:15:11 +02:00
WITT-AD\Micgme
0a82a6b434 KEYCLOAK-5329 abstracted AuthenticatedActionsValve to allow async support for Tomcat7 and Tomcat8 adapter 2017-08-24 15:54:43 +02:00
Pedro Igor
b4530cfbe9 fixing policy enforcer /* 2017-08-23 13:30:24 -03:00
Pedro Igor
a6dfb4ccdd [KEYCLOAK-5015] - Support for Elytron capabilities in subsystem 2017-08-22 18:01:19 -03:00
Pedro Igor
d3e559453b [KEYCLOAK-5015] - Updating Elytron Adapters 2017-08-22 18:01:19 -03:00
Markus Heberling
ef32585f57 create JS source maps (#4365)
updated minify plugin to 1.7.6
switch minify plugin to use CLOSURE compiler
enable source map generation https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k
include source maps in distribution files
2017-08-22 08:10:09 +02:00
Stian Thorgersen
b5ed8961f7 Add title attribute for iframe to suppress accessibility errors (#4407) 2017-08-22 08:07:04 +02:00
Bill Burke
61ab6d5b8b Merge pull request #4303 from jmcshane/master
KEYCLOAK-5173 Spring Boot KeycloakRestTemplate support
2017-08-13 12:22:45 -04:00
Bill Burke
02f043d9a6 fix readme file 2017-07-28 16:21:33 -04:00
Bill Burke
852e9274d4 Merge remote-tracking branch 'upstream/master' 2017-07-28 16:15:53 -04:00
Bill Burke
db9b1bcb21 token exchange 2017-07-28 16:15:39 -04:00
Marek Posolda
1b83928652 Merge pull request #4354 from hmlnarik/KEYCLOAK-5241-Tomcat-Adapter-8-x-does-not-work-with-Tomcat-8-5-8
KEYCLOAK-5241 Tomcat SAML Adapter (Fix for Tomcat 8.5.8)
2017-07-27 14:27:19 +02:00
Hynek Mlnarik
96bdd32bd0 KEYCLOAK-5241 Tomcat SAML Adapter Tomcat 8.5.8 2017-07-27 10:20:49 +02:00
Hynek Mlnarik
d8b77895db KEYCLOAK-4788 Fix reversed arguments and String comparison 2017-07-27 08:25:22 +02:00
Marek Posolda
dd6a7b23c3 Merge pull request #4350 from hmlnarik/KEYCLOAK-4446-Failed-to-process-response-when-reject-consent-with-turned-on-encryption
KEYCLOAK-4446 Do not encrypt SAML status messages
2017-07-26 15:31:54 +02:00
Hynek Mlnarik
3c537f5f28 KEYCLOAK-4446 Do not encrypt SAML status messages
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
2017-07-26 11:22:56 +02:00
Hynek Mlnarik
8d81a4a2e4 KEYCLOAK-5236 2017-07-26 11:22:05 +02:00
c5403
ec89aab8fb Refactoring the spring-boot adapter to use the rest template customizer 2017-07-24 11:15:01 -05:00
Thomas Recloux
69fa9de4d8 Fix KEYCLOAK-3471 ClassCastException 2017-07-23 21:49:16 +02:00
Pedro Igor
5456514499 [KEYCLOAK-5015] - Pushing keycloak context to exchange scope 2017-07-19 16:39:38 -03:00
jmcshane
e99b08c6da Adding a instance of HttpComponentsClientHttpRequestFactory that supports the embedded servlet container auth pattern 2017-07-07 23:48:43 -05:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Marek Posolda
09ec642543 Merge pull request #4232 from wvdhaute/token-store
[KEYCLOAK-5067] Allow refreshable context to have an optional adapter token store
2017-07-03 20:55:26 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
hmlnarik
b4ad69b841 KEYCLOAK-5115 (#4272) 2017-06-29 15:50:50 +02:00
Sebastien Blanc
500a21685f KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters (#4255)
* add rewrite rule config property

* add subsystem support for redirect rewrite

* update deployment unit test

* add license headers

* Optimize rewrite method
2017-06-29 12:50:42 +02:00
Stian Thorgersen
4be0e36306 Merge pull request #4208 from ASzc/KEYCLOAK-4758
KEYCLOAK-4758
2017-06-27 11:35:43 +02:00
Stian Thorgersen
b041146a3f Merge pull request #4200 from guigarage/servlet-config
KeycloakConfigResolver config for servlet filter
2017-06-27 10:45:29 +02:00
Stian Thorgersen
cc14c5db23 Merge pull request #4239 from frelibert/KEYCLOAK-4897
KEYCLOAK-4897 SAML Adapter fails to validate signature on assertion
2017-06-22 08:45:04 +02:00
Stian Thorgersen
8e36a52f1e Merge pull request #4227 from sebastienblanc/KEYCLOAK-3492-rebased
KEYCLOAK-3492 : Changing request matcher to attempt auth on /sso/login or Auhtorizati…
2017-06-21 08:51:09 +02:00
Stian Thorgersen
9edb5b53c0 Merge pull request #4199 from guigarage/spring-security-annotation
Easy Spring security annotation
2017-06-21 08:47:17 +02:00
Frederik Libert
63d2d0f7ed KEYCLOAK-4897 SAML Adapter fails to validate signature on assertion 2017-06-19 18:26:17 +02:00
Wim Vandenhaute
0e0140d88b Allow refreshable context to have an optional adapter token store 2017-06-15 15:24:07 +02:00
Hendrik Ebbers
0ac92c4bfa new line in doc 2017-06-15 13:01:05 +02:00
Hendrik Ebbers
98a5c57e65 Author added 2017-06-15 13:00:24 +02:00
emilienbondu
91585f8563 Changing request matcher to attempt auth on /sso/login or Auhtorization header
Add default login URL.

Throwing exception if login fails to enable auth entry point

Adding a test for invalid token and bearer-only

handle redirect correctly
2017-06-14 14:41:35 +02:00
Stian Thorgersen
6cccd66162 Merge pull request #4192 from hokuda/KEYCLOAK-4980
KEYCLOAK-4980 SAML adapter should return 403 when unauthenticated Aja…
2017-06-09 04:40:26 +02:00