Commit graph

12621 commits

Author SHA1 Message Date
Benjamin Weimer
f874e9a43c KEYCLOAK-9874 include realm and client roles in user info response 2020-09-16 10:01:02 +02:00
Joaquim Fellmann
be4780243b KEYCLOAK-15483 Replace badly displayed HTML message with simple text message for french locale (align with en, de, pt, po, tr, nl locales) 2020-09-15 17:09:53 -04:00
Takashi Norimatsu
b670734eec KEYCLOAK-14205 FAPI-RW Client Policy - Executor : Enforce Response Type of OIDC Hybrid Flow 2020-09-14 20:58:25 +02:00
Hynek Mlnarik
a05066d567 KEYCLOAK-15477 Fix permission evaluation logic 2020-09-14 20:53:46 +02:00
Konstantinos Georgilakis
f4f58ab707 KEYCLOAK-15540 correct SAMLAttributeConsumingServiceParser 2020-09-14 16:01:46 +02:00
mposolda
4123b7a91e KEYCLOAK-11678 Remove dummy resource. Adding keycloak-services and liquibase to jandex indexing 2020-09-14 09:27:34 -03:00
vmuzikar
a9a719b88c KEYCLOAK-15270 Account REST API doesn't verify audience 2020-09-14 08:43:09 -03:00
Dmitry Telegin
b62d68a591 KEYCLOAK-14952 - Unit test failure in keycloak-saml-core on Java 11 2020-09-14 11:17:57 +02:00
mhajas
3186f1b5a9 KEYCLOAK-15514 Update AbstractStorageManager to check capability interface types 2020-09-11 14:42:48 +02:00
vmuzikar
cb5c893d87 Add tests for KEYCLOAK-15481 2020-09-11 07:03:24 -04:00
Stan Silvert
952e8fecee KEYCLOAK-15481: Display forbidden screen 2020-09-11 07:03:24 -04:00
Miquel Simon
2572b1464b KEYCLOAK-15395. Removed totp/remove (DELETE) and credentials/password (GET, POST) endpoints. 2020-09-10 18:03:03 -03:00
Takashi Norimatsu
af2f18449b KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role 2020-09-10 18:34:19 +02:00
Clement Cureau
b19fe5c01b Finegrain admin as fallback and added some tests 2020-09-10 12:26:55 -03:00
Clement Cureau
73378df52e [KEYCLOAK-11621] Allow user creation via group permissions (Admin API)
Problem:
Using fine-grained admin permissions on groups, it is not permitted to create new users
within a group.

Cause:
The POST /{realm}/users API does not check permission for each group part of the new
user representation

Solution:
- Change access logic for POST /{realm}/users to require MANAGE_MEMBERS and
MANAGE_MEMBERSHIP permissions on each of the incoming groups

Tests:
Manual API testing performed:
  1. admin user from master realm:
    - POST /{realm}/users without groups                  => HTTP 201 user created
    - POST /{realm}/users with groups                     => HTTP 201 user created
  2. user with MANAGE_MEMBERS & MANAGE_MEMBERSHIP permissions on group1
    - POST /{realm}/users without groups                  => HTTP 403 user NOT created
    - POST /{realm}/users with group1                     => HTTP 201 user created
    - POST /{realm}/users with group1 & group2            => HTTP 403 user NOT created
    - POST /{realm}/users with group1 & wrong group path  => HTTP 400 user NOT created
  3. user with MANAGE_MEMBERS permission on group1
    - POST /{realm}/users without groups                  => HTTP 403 user NOT created
    - POST /{realm}/users with group1                     => HTTP 403 user NOT created
    - POST /{realm}/users with group1 & group2            => HTTP 403 user NOT created
    - POST /{realm}/users with group1 & wrong group path  => HTTP 400 user NOT created
2020-09-10 12:26:55 -03:00
testn
706299557e KEYCLOAK-15174: ResourceServerAdapter.toEntity checks the wrong type 2020-09-10 12:19:25 -03:00
testn
c288175c03 KEYCLOAK-15208: PermissionTicketAdapter checks for the wrong type 2020-09-10 12:16:48 -03:00
Sebastian Laskawiec
e01159a943 KEYCLOAK-14767 OpenShift Review Endpoint audience fix 2020-09-09 11:57:24 -03:00
Takashi Norimatsu
cbb79f0430 KEYCLOAK-15448 FAPI-RW : Error Response on OIDC private_key_jwt Client Authentication Error (400 error=invalid_client) 2020-09-09 11:14:21 +02:00
mhajas
df52c12ebb KEYCLOAK-15479 Replace enlistAfterCompletion with enlist in MapClientProvider 2020-09-09 08:27:38 +02:00
Benjamin Weimer
b2934e8dd0 KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found 2020-09-08 11:17:20 -03:00
Martin Kanis
4e9bdd44f3 KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak 2020-09-07 13:11:55 +02:00
stianst
76f7fbb984 KEYCLOAK-14548 Add support for cached gzip encoding of resources 2020-09-07 00:58:47 -07:00
Martin Bartos
e34ff6cd9c [KEYCLOAK-14326] Identity Provider force sync is not working 2020-09-07 09:42:40 +02:00
Takashi Norimatsu
1d8230d438 KEYCLOAK-14190 Client Policy - Condition : The way of creating/updating a client 2020-09-04 09:54:55 +02:00
Luca Leonardo Scorcia
67b2d5ffdd KEYCLOAK-14961 SAML Client: Add ability to request specific AuthnContexts to remote IdPs 2020-09-03 21:25:36 +02:00
Hynek Mlnarik
1c4a2db8e1 KEYCLOAK-14510 Properly close Response object 2020-09-03 11:23:05 +02:00
Simon Legner
bed664e4fe KEYCLOAK-15186 Sort user federation table 2020-09-02 17:40:41 -04:00
stianst
a92bf0c3be KEYCLOAK-15091 Fix issue with custom favicon.ico 2020-09-02 23:18:49 +02:00
Konstantinos Georgilakis
1fa93db1b4 KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing 2020-09-02 20:43:09 +02:00
Takashi Norimatsu
aad3bdcb88 KEYCLOAK-15251 keycloak-themes build fails in windows 2020-09-02 12:40:07 -04:00
Takashi Norimatsu
b93a6ed19f KEYCLOAK-14919 Dynamic registration - Scope ignored 2020-09-02 13:59:22 +02:00
Takashi Norimatsu
107a429238 KEYCLOAK-15236 FAPI-RW : Error Response on OAuth 2.0 Mutual TLS Client Authentication Error (400 error=invalid_client) 2020-09-02 09:31:20 +02:00
mhajas
3928a49c77 KEYCLOAK-14816 Reset brute-force-detection data for the user after a successful password grant type flow 2020-09-01 21:45:17 +02:00
Hynek Mlnarik
583fa07bc4 KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking 2020-09-01 20:40:38 +02:00
testn
0362d3a430 KEYCLOAK-15113: Move away from deprecated Promise.success()/error() 2020-09-01 14:26:44 -04:00
Zack Powers
0001a930b4 KEYCLOAK-15068: Fix 15068 by parameterizing ProviderFactory with LoginFormsProvider. 2020-09-01 12:17:17 +02:00
Iavael
f021f72fcd [KEYCLOAK-14663] Fix spelling in RU translation
https://en.wiktionary.org/wiki/%D0%BF%D1%80%D0%B8%D0%B2%D0%B8%D0%BB%D0%B5%D0%B3%D0%B8%D1%8F
2020-09-01 12:01:13 +02:00
Jon Koops
b64cf3c315 KEYCLOAK-14980 Remove references to Bower 2020-09-01 11:49:58 +02:00
mhajas
bdccfef513 KEYCLOAK-14973 Create GroupStorageManager 2020-09-01 10:21:39 +02:00
Luca Leonardo Scorcia
03c07bd2d7 KEYCLOAK-14902 Replace SAML SP metadata export with link to descriptor 2020-08-31 22:26:30 +02:00
testn
b392084297 KEYCLOAK-15173: Fix bug in SAML11EvidenceType.remove() 2020-08-31 21:46:26 +02:00
Martin Bartos
9c847ab176 [KEYCLOAK-14432] Unhandled NPE in identity broker auth response 2020-08-31 14:14:42 +02:00
Martin Kanis
d59a74c364 KEYCLOAK-15102 Complement methods for accessing groups with Stream variants 2020-08-28 20:56:10 +02:00
kaibo-ondruska
6d45d715d3 KEYCLOAK-15369 fix Czech translation
"Přihlasovací" should be "Přihlašovací"
2020-08-28 14:54:50 +02:00
Thomas Darimont
300b15e604 KEYCLOAK-15214 Improve SimpleHTTP
- Added support for configuring socket, connect and request timeouts on request level.
- Added support for HTTP HEAD and HTTP PATCH methods
- Small refactorings
2020-08-26 10:34:11 +02:00
Martin Kanis
4be99772d8 KEYCLOAK-14967 Closing streams obtained from JPA layer 2020-08-25 21:47:24 +02:00
Thomas Darimont
df94cefbc1 KEYCLOAK-12729 Revise password policy not-email tests
- Added missing cleanup to RegisterTest
- Revised test-setup for AccountFormServiceTest
2020-08-21 14:55:07 +02:00
Thomas Darimont
0f967b7acb KEYCLOAK-12729 Add password policy not-email
Added test cases and initial translations
2020-08-21 14:55:07 +02:00
Stan Silvert
35931d60eb KEYCLOAK-15137: Move PF4 css files to keycloak/common 2020-08-20 08:46:28 -04:00