Takashi Norimatsu
993ba3179c
KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT ( #6633 )
2020-01-28 14:55:48 +01:00
vmuzikar
03306b87e8
KEYCLOAK-12125 Introduce SameSite attribute in cookies
...
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
root
4cbe478129
Fix KEYCLOAK-10838, use bytesRead to make sure the output stream does not get padded with null bytes.
2020-01-14 13:20:10 +01:00
vramik
3b1bdb216a
KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem
2020-01-14 13:17:13 +01:00
mhajas
a79d6289de
KEYCLOAK-11416 Fix nil AttributeValue handling
2020-01-10 12:47:09 +01:00
Pedro Igor
c596647241
[KEYCLOAK-11712] - Request body not buffered when using body CIP in Undertow
2020-01-09 10:02:18 +01:00
Michael Thirion
44ab3f46b7
[KEYCLOAK-6008] - Spring Boot does not honour wildcard auth-role ( #6579 )
2019-12-24 19:06:55 -03:00
Asbjørn Dyhrberg Thegler
1162455f32
KEYCLOAK-10894 Adds a ready indicating promise
...
This is non-intrusive and backwards compatible. With this change it is possible
to `await keycloakAuthorization.ready` to make sure the component has been
properly initialized.
2019-12-24 18:33:20 -03:00
Pedro Igor
e316e2a2f0
[KEYCLOAK-8616] - Process requests only if a deployment can be resolved
2019-12-20 13:33:12 +01:00
Pedro Igor
3bd193acd7
[KEYCLOAK-12412] - Policy enforcer should consider charset when comparing the content-type of the request
2019-12-19 14:14:33 +01:00
keycloak-bot
76aa199fee
Set version to 9.0.0-SNAPSHOT
2019-11-15 20:43:21 +01:00
scranen
2d3f771b70
Cookie token store not working in Spring Security adapter
...
Co-authored-by: scranen <scranen@gmail.com>
Co-authored-by: rainerfrey <frey.rainer@gmail.com>
Co-authored-by: pedroigor <pigor.craveiro@gmail.com>
2019-11-13 16:54:45 +01:00
Andrei Arlou
df5cdea1e8
KEYCLOAK-12006 Use diamond operator in module adapters/oidc/as7-eap6
2019-11-13 09:54:10 +01:00
Andrei Arlou
dca8835fbc
KEYCLOAK-12008 Fix minor warnings in module adapters/oidc/installed
2019-11-13 09:35:49 +01:00
Andrei Arlou
7f1de02ca0
KEYCLOAK-11994 Fix minor warnings in module in adapters/oidc/adapter-core
2019-11-11 09:49:13 +01:00
Andrei Arlou
066cdb7dec
KEYCLOAK-11993 Remove unused import and use diamond operator for collection in module adapters/oidc/adapter-core
2019-11-11 09:42:12 +01:00
Leonid Rozenblyum
a4edb083c3
KEYCLOAK-6752, KEYCLOAK-6565
...
Fixed missing deployment after deserialization.
Other adapters already have logic for filling in deployment when it's
missing in the context, Spring Security adapter lacked that feature.
The solution is based on an attachment
https://issues.jboss.org/secure/attachment/12431091/FixKeycloakSecurityContextRequestFilter.java
from https://issues.jboss.org/browse/KEYCLOAK-6565
2019-11-08 11:51:27 -03:00
Jon Koops
5281a38cf7
[KEYCLOAK-11771] Add missing type definitions for config
2019-11-08 10:36:04 -03:00
Jon Koops
913056b2b2
[KEYCLOAK-11971] Remove credentials option from configuration
2019-11-08 11:36:18 +01:00
sebastienblanc
263a64ef0a
add a legacy shaded adapters jar for spring boot 1
2019-11-07 13:58:20 +01:00
Stian Thorgersen
f14f92ab0b
KEYCLOAK-6073 Make adapters use discovery endpoint for URLs instead of hardcoding ( #6412 )
2019-11-06 10:34:35 +01:00
Peter Skopek
d0386dab85
KEYCLOAK-8785 remove k_version endpoint ( #6428 )
2019-11-05 11:35:55 +01:00
Douglas Palmer
a32c8c5190
[KEYCLOAK-11185] Fixed build with JDK 11
2019-11-04 10:56:07 -03:00
Leonid Rozenblyum
61561968ed
KEYCLOAK-10266 Allows proper handling of Single Sign Out events.
...
It was incorrectly relying on web application listeners on session
destruction.
While it's used as a Spring Bean (declared in
KeycloakWebSecurityConfigurerAdapter) so it has to use Spring-based
facility.
See also https://lists.jboss.org/pipermail/keycloak-user/2016-March/005479.html
2019-10-30 15:47:45 +01:00
Benjamin Bentmann
d6f56e58c1
KEYCLOAK-11806 Fix SAML adapter to not fail upon receiving a login response without the optional Destination attribute
2019-10-29 23:12:15 +01:00
Peter Sönder
68fa37b4cd
[KEYCLOAK-11765] Changed to jdk7 compliant code
2019-10-29 13:35:22 +01:00
Peter Sönder
6c83b36360
Do not log when failure.getError is blank/empty
...
Sometimes the error message is blank, which results in an empty error line getting logged.
Since the catch always logs "failed to turn code into token" and "status from server: " + failure.getStatus() (on separate lines) this extra blank line is simply noise in the log.
2019-10-29 13:35:22 +01:00
Denis Richtárik
6bf1e8a9a7
KEYCLOAK-9979 Remove keycloak-servlet-oauth-client ( #6423 )
2019-10-24 17:28:41 +02:00
mhajas
ac71ee9633
KEYCLOAK-11081 Include jetty94 adapter to product build
2019-10-23 15:53:37 +02:00
Martin Reinhardt
21a62a2670
[KEYCLOAK-6376] Reorganize imports and revert pom changes
2019-10-21 10:41:04 +02:00
Martin Reinhardt
eed4449f8d
[KEYCLOAK-6376] Fixing Conditional OTP by reusing existing API for role checks
2019-10-21 10:41:04 +02:00
Phil Brown
85ead8b38a
KEYCLOAK-11740:
...
Fix debug message that does not properly handle single quotes
according to java.text.MessageFormat, which in turn causes the
replacement to not be handled.
Signed-off-by: Phil Brown <brownp@stellarscience.com>
2019-10-17 13:02:03 +02:00
stianst
ceeb087dbd
KEYCLOAK-8938 TypeError: kc.login(...).success is not a function
2019-10-16 17:57:18 +02:00
Martin Kanis
4d872d0c2c
KEYCLOAK-11527 Override version of jboss-as-subsystem-test for product profile
2019-10-10 21:09:22 +02:00
stianst
7866a6cff3
Playing with Travis
2019-10-09 10:10:20 +02:00
Martin Kanis
9200a33346
KEYCLOAK-11527 Change type of jboss-as-subsystem-test artifact to pom for product
2019-10-07 13:12:16 +02:00
Jon Koops
bc5b4de79e
[KEYCLOAK-11435] Log deprecation warning for usage of non-native Promises
2019-10-03 10:55:22 -04:00
rmartinc
6283c7add3
KEYCLOAK-10975: Clock skew configuration in keycloak-saml.xml can't be found in the keycloak-saml subsystem
2019-09-27 09:35:03 +02:00
Jon Koops
ff77b549ec
[KEYCLOAK-11193] Change 'disableLogging' to 'enableLogging' and default to false
2019-09-24 10:31:02 -03:00
Stefan Guilhen
b833ce9dd3
[KEYCLOAK-11485] Add test case for the as7-eap6 SAML subsystem
2019-09-19 13:39:24 +02:00
Jon Koops
0b9c6192a3
KEYCLOAK-11193 Allow JavaScript logging to be disabled
2019-09-19 07:09:32 -03:00
rmartinc
7f54a57271
KEYCLOAK-10757: Replaying assertion with signature in SAML adapters
2019-09-18 16:49:00 +02:00
Karel Hala
f8e4ccd57a
KEYCLOAK-11195 Add module loading to dependencies
...
Use window global libraries for AMD
2019-09-13 14:47:45 -03:00
Stefan Guilhen
60205845a8
[KEYCLOAK-7264] Add a RoleMappingsProvider SPI to allow for the configuration of custom role mappers in the SAML adapters.
...
- Provides a default implementation based on mappings loaded from a properties file.
- Role mappers can also be configured in the keycloak-saml susbsytem.
2019-09-09 05:24:25 -03:00
jferrer
97fccd6d50
KEYCLOAK-10910 login function now uses promise type specified in init
2019-09-06 15:24:31 -04:00
Jon Koops
c902896ab6
KEYCLOAK-11196 Document the type for the useNonce
option
2019-08-30 14:34:20 -04:00
Jon Koops
2d465df94d
KEYCLOAK-11194 Remove dead code from JavaScript adapter
2019-08-30 14:32:54 -04:00
Niko Köbler
49e9cd759b
KEYCLOAK-10734 Let the check-sso feature do the check in hidden iframe
2019-08-20 15:41:09 -03:00
Martin Kanis
75d2ec8ff6
KEYCLOAK-11012 Unable to install EAP6 adapter
2019-08-16 12:44:50 +02:00
Valeran86
b0d0d3e579
[KEYCLOAK-10849] - KeycloakRole equals only with itself
...
I use Keycloak Spring Adapter (KSA) to secure existing application. Today I realized that some functions didn't work anymore because of security checking like this:
```
GrantedAuthority adminRole = new MySpecialGrantedAuthority( "superadmin" );
for ( GrantedAuthority role : userRoles ) {
if ( role.equals( adminRole ) ) {
return true;
}
}
```
In this example, when I use KSA authorization fails.
I believe, that more preferable in `KeycloakRole` use this implementation of `equals` method.
2019-08-16 05:20:03 -03:00
Takashi Norimatsu
8225157a1c
KEYCLOAK-6768 Signed and Encrypted ID Token Support
2019-08-15 15:57:35 +02:00
mhajas
4b18c6a117
KEYCLOAK-7207 Check session expiration for SAML session
2019-07-24 13:35:07 +02:00
keycloak-bot
17e9832dc6
Set version to 8.0.0-SNAPSHOT
2019-07-19 19:05:03 +02:00
Hynek Mlnarik
67f8622d13
KEYCLOAK-8318 Workaround Elytron's double encoding of the query parameters
...
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-07-19 14:37:38 +02:00
Stefan Guilhen
ceaae7a254
[KEYCLOAK-10384] Add equals and hashCode to KeycloakUndertowAccount, SamlPrincipal and SamlSession to avoid cache misses in the PicketBox JAAS auth manager
2019-07-18 21:08:22 +02:00
kuan
1c5f7c1420
Update KeycloakTokenParsed definition.
...
To match KeycloakInstance's realm access and resources access.
2019-07-17 15:29:34 -04:00
Hynek Mlnarik
67eb0c3079
KEYCLOAK-8318 Workaround ELY-1525 similarly to OIDC adapter
2019-07-17 09:33:20 +02:00
Hynek Mlnarik
3d4283fac9
KEYCLOAK-9987 Upgrade to Wildfly17
...
Co-Authored-By: hmlnarik <hmlnarik@redhat.com>
2019-07-16 08:05:46 +02:00
Steeve Beroard
fc9a0e1766
[KEYCLOAK-8104] Keycloak SAML Adapter does not support clockSkew configuration
...
Co-Authored-By: vramik <vramik@redhat.com>
2019-07-15 13:08:52 +02:00
Pedro Igor
9215957bd0
Revert "KeycloakRole equals only with itself"
...
This reverts commit 2899375614
.
2019-07-09 09:05:20 -03:00
Valeran86
2899375614
KeycloakRole equals only with itself
...
I use Keycloak Spring Adapter (KSA) to secure existing application. Today I realized that some functions didn't work anymore because of security checking like this:
```
GrantedAuthority adminRole = new MySpecialGrantedAuthority( "superadmin" );
for ( GrantedAuthority role : userRoles ) {
if ( role.equals( adminRole ) ) {
return true;
}
}
```
In this example, when I use KSA authorization fails.
I believe, that more preferable in `KeycloakRole` use this implementation of `equals` method.
2019-07-08 14:33:03 -03:00
Hynek Mlnarik
ca4e14fbfa
KEYCLOAK-7852 Use original NameId value in logout requests
2019-07-04 19:30:21 +02:00
Vlasta Ramik
cc8cfd4269
KEYCLOAK-10751 Fix SAML undertow adapter not sending challenge
...
Co-Authored-By: mhajas <mhajas@redhat.com>
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2019-07-04 10:04:51 +02:00
Thomas Darimont
53d0db80c3
KEYCLOAK-10313 Only use PKCE if enable-pkce is configured for KeycloakInstalled adapter
...
Users who want to use PKCE support with the KeycloakInstalled adapter need to set the property
``"enable-pkce": true` in the adapter configuration / `keycloak.json`.
2019-07-03 08:49:55 +02:00
Thomas Darimont
8bd48391ca
KEYCLOAK-10313 Add PKCE support to KeycloakInstalled Adpater
...
This adds PKCE support for Desktop Apps as
a followup to KEYCLOAK-1033 #6047 .
2019-07-03 08:49:55 +02:00
vramik
d245287320
KEYCLOAK-9598 Apache Tomcat adapter
2019-06-14 10:09:13 +02:00
mhajas
12d351ae97
KEYCLOAK-10595 Make KeycloakSpringBootConfigResolver Spring bean
2019-06-14 09:41:56 +02:00
Sebastian Laskawiec
e739344556
KEYCLOAK-9640 Unify surefire versions
2019-06-13 13:26:49 +02:00
Nils Christian Ehmke
a58a0e7678
[KEYCLOAK-10334] Keycloak Spring Boot Adapter shares configuration in static field
...
Signed-off-by: Nils Christian Ehmke <nils-christian.ehmke@bmiag.de>
2019-06-04 07:13:13 -03:00
Pedro Igor
803e44dcb1
[KEYCLOAK-10422] - Code challenge only sent when options object argument is passed to login method
2019-05-29 15:09:01 -03:00
Thomas Darimont
2825619243
KEYCLOAK-1033 Add PKCE support for JS Adapter
...
This adds support for the "S256" code_challenge_method to the JS Adapter.
Note that the method "plain" was deliberately left out as is not recommended
to be used in new applications.
Note that this PR includes two libraries:
- [base64-js]{@link https://github.com/beatgammit/base64-js }
- [js-sha256]{@link https://github.com/emn178/js-sha256 }
`base64-js` is needed for cross-browser support for decoding the
Uint8ArrayBuffer returned by `crypto.getRandomValues` to a PKCE
compatible base64 string.
`js-sha256` library is required because the `crypto.subtle.digest`
support is not available for all browsers.
The PKCE codeVerifier is stored in the callbackStore of the JS Adapter.
Note: This PR is based on #5255 which got messed up during a rebase.
2019-05-29 15:40:16 +02:00
Pedro Igor
e9ea1f0e36
[KEYCLOAK-10279] - Do not limit results when fetching resources
2019-05-28 15:35:29 -03:00
vramik
9a5b85910a
KEYCLOAK-9599 Remove Wildfly 8 adapter
2019-05-28 14:28:09 +02:00
vramik
3bbab225c8
KEYCLOAK-9596 Remove Apache Tomcat 6.0.x adapter
2019-05-28 12:00:19 +02:00
Alan Balbo
0a67e0a89e
KEYCLOAK-10097 Fix register method in javascript adatper for cordova
2019-05-24 08:49:10 -04:00
Sergio Livi
80932c07a2
KEYCLOAK-10071 check isNaN for minValidity
2019-05-20 09:18:40 -04:00
Jonas Kello
96f13e15ca
Add CompatPromise conditional type
2019-05-15 07:42:06 -04:00
mhajas
429863e83b
KEYCLOAK-9095 Fix NPE in AuthenticatedActionsHandler
2019-05-02 13:03:06 +02:00
Martin Kanis
e5092bb617
KEYCLOAK-10090 Fix alignment for CD 6 release in PNC
2019-04-18 09:13:02 +02:00
keycloak-bot
49d4e935cb
Set version to 7.0.0-SNAPSHOT
2019-04-17 09:48:07 +01:00
Sebastian Laskawiec
0042726dd8
KEYCLOAK-9601 KEYCLOAK-9602 Jetty 8.1 and 9.1 removal
...
Co-Authored-By: mhajas <mhajas@redhat.com>
2019-04-16 11:21:29 +02:00
Anders Rønning
3f7d32d1ae
KEYCLOAK-10026: Add missing TypeScript definition for init options
2019-04-15 07:46:05 -04:00
Pedro Igor
c8970c95d5
[KEYCLOAK-10015] - CIP not properly resolving objects from JSON request body
2019-04-11 18:19:43 -03:00
mhajas
5b47df8979
KEYCLOAK-10013 Do not reject tokens with issuedAt == notBefore
2019-04-11 21:57:11 +02:00
Hynek Mlnarik
a63efd872d
KEYCLOAK-9822 Fix deadlock in OIDC adapter upon logout
2019-04-09 21:03:02 +02:00
Pedro Igor
ad9f59f9f7
[KEYCLOAK-9353] - Avoids initialization of the policy enforcer during deployment
2019-04-05 16:02:53 -03:00
mposolda
a516a795a2
KEYCLOAK-9836 Deprecate keycloak-servlet-oauth-clien
2019-04-02 10:52:18 -03:00
Martin Ball
21e2fa8784
KEYCLOAK-4249 - Make IDP URL in keycloak-saml.xml configurable
...
Added the metadata url as an attribute on the IDP in the keycloak saml configuration which then propagates through to the DefaultSamlDeployment where it is used on the construction of the SamlDescriptorPublicKeyLocator thereby allowing support for ADFS or other IDP which uses a path that is different to the Keycloak IDP.
To make this work when testing with ADFS a change was made to SamlDescriptorIDPKeysExtractor because it would not extract keys from metadata which contained the EntityDescriptor as the root element. The solution was to change the xpath expression in SamlDescriptorIDPKeysExtractor so that it does not require a wrapping EntitiesDescriptor but instead loads all EntityDescriptors located in the document. This allows it to handle a single EntityDescriptor or multiple descriptors wrapped in an EntitiesDescriptor in the same xpath expression. A unit test SamlDescriptorIDPKeysExtractorTest has been added which validates that keys can be loaded in both scenarios.
2019-03-27 08:04:53 +01:00
Pedro Igor
20376c9111
[KEYCLOAK-9353] - Quarkus integration
2019-03-21 11:45:35 -03:00
Grzegorz Grzybek
e01562d7cf
[KEYCLOAK-9646] Increase import range for javax.servlet API to cover EAP 7.2, servlet-api 4.0
...
[KEYCLOAK-9646] Update HOW-TO-RUN.md for Fuse 7.1+ instructions
2019-03-12 15:14:34 +01:00
keycloak-bot
e843d84f6e
Set version to 6.0.0-SNAPSHOT
2019-03-06 15:54:08 +01:00
mhajas
8a750c7fca
KEYCLOAK-6750 Adapt Tomcat adapter tests to new structure
2019-03-06 08:57:46 +01:00
Sebastian Laskawiec
406097a508
KEYCLOAK-6749 Jetty App Server
2019-03-05 15:21:48 +01:00
mposolda
d5b28013d1
KEYCLOAK-8523 Remove jaxrs package from old testsuite and deprecate jaxrs filter
2019-03-04 10:25:01 +01:00
Pedro Igor
75d9847672
[KEYCLOAK-9478] - Support multiple CIP providers in the policy enforcer configuration
2019-02-27 19:08:57 -03:00
sakanaou
007c364027
Store rewritten redirect URL in adapter-core
2019-02-27 15:39:32 -03:00
Philipp Nowak
39828b2c94
[KEYCLOAK-9539] Race condition SecurityContextHolder.setAuthentication()
...
This is an issue with the Spring Security Keycloak Adapter relating to
the way the Authentication is stored in the SecurityContext, causing a
race condition in application code using that. It does not seem to
affect actual Spring Security operation.
We had a pretty strange race condition in our application. When many
requests were incoming at the same time, occasionally the old
unauthenticated Authentication provided to
KeycloakAuthenticationProvider for performing the actual authentication
would stay the current authentication, as returned by
SecurityContextHolder.getContext().getAuthentication(). That resulted
in authenticated users' JavaScript requests occasionally (~1/50 given a
large request volume) returning a 403 because the 'old' token was still
in the context, causing Spring Security to see them as unauthenticated.
This PR resolves this issue by replacing the whole context, as suggested
by a Spring Security contributor in jzheaux/spring-security-oauth2-resource-server#48 . By default,
SecurityContextHolder keeps the actual context object in a ThreadLocal,
which should be safe from race-conditions. The actual Authentication
object, however, is kept in a mere field, hence the reason for this PR.
JIRA issue: https://issues.jboss.org/browse/KEYCLOAK-9539
2019-02-27 14:58:10 -03:00
Pedro Igor
4d5dff1d64
[KEYCLOAK-9474] - Public endpoints are returning 403 with body when enforcement mode is disabled
2019-02-21 16:27:07 -03:00
stianst
e06c705ca8
Set version 5.0.0
2019-02-21 09:35:14 +01:00
Sebastian Laskawiec
ee41a0450f
KEYCLOAK-8349 KEYCLOAK-8659 Use TLS for all tests in the suite
2019-02-08 08:57:48 -02:00
stianst
7c9f15778a
Set version to 4.8.3.Final
2019-01-09 20:39:30 +01:00
stianst
7c4890152c
Set version to 4.8.2
2019-01-03 14:43:22 +01:00
Charles Jourdan
68873c29b7
Fix on type for KeycloakInstance.realmAccess and KeycloakInstance.ressourceAccess
2018-12-13 19:03:47 +01:00
Stephane Nicoll
f739e2e2d8
KEYCLOAK-8155 Use Spring Boot autoconfigure-processor to optimize auto-configurations
2018-12-13 09:01:21 +01:00
Boudewijn van Klingeren
5354e88f60
KEYCLOAK-8243 Change error logging to debug for normal flow outcomes
2018-12-13 08:39:54 +01:00
sebastienblanc
aa89ae96a9
update and align Spring Boot versions
2018-12-11 15:34:47 +01:00
Pedro Igor
8204509b0c
[KEYCLOAK-8980] - ElytronAccount not serializable
2018-12-10 08:55:00 +01:00
Hynek Mlnarik
27f145969f
KEYCLOAK-7936 Prevent registration of the same node
...
The root cause is that NodesRegistrationManagement.tryRegister can be
called from multiple threads on the same node, so it can require
registration of the same node multiple times. Hence once it turns to
tasks that invoke sendRegistrationEvent (called sequentially), the same
check has been added to that method to prevent multiple invocations on
server side, or invocation upon undeployment/termination.
2018-12-05 12:34:17 +01:00
stianst
b674c0d4d9
Prepare for 4.8.0.Final
2018-12-04 13:54:25 +01:00
Hynek Mlnarik
c9cd060417
KEYCLOAK-8824 Fix servlet filter versions
2018-11-22 14:20:46 +01:00
stianst
ecd476fb10
Prepare for 4.7.0.Final
2018-11-14 20:10:59 +01:00
Hynek Mlnarik
7703d81389
KEYCLOAK-7421 Support SAML cluster logout for Elytron SAML adapter
2018-11-09 21:06:50 +01:00
stianst
1ee6fd7130
KEYCLOAK-8619 Fix check-sso when there is no cookie
2018-11-09 10:36:31 -02:00
vramik
560d76b7ee
KEYCLOAK-6748 undertow saml adapter tests
2018-11-06 21:17:07 +01:00
Stefan Guilhen
3be2c35561
KEYCLOAK-8528 Change getRelativePath to include the servlet path followed by the path info
2018-11-06 13:43:50 +01:00
scranen
5880efe775
KEYCLOAK-4342 Make naming consistent
2018-11-06 10:28:06 -02:00
scranen
e6b9364c39
KEYCLOAK-4342 PR comments
2018-11-06 10:28:06 -02:00
scranen
0c6b20e862
[KEYCLOAK-4342] Make adapter state cookie path configurable
2018-11-06 10:28:06 -02:00
Pedro Igor
234b7a06a1
[KEYCLOAK-7798] - Spring security adapter does not renew expired tokens
2018-11-06 10:26:40 -02:00
BaHwan Han
91c4bfa81c
The Keycloak JS adapter should not mutate browser history state
2018-10-29 20:08:32 +01:00
mposolda
c36b577566
KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken
2018-10-23 13:52:09 +02:00
Pedro Igor
6f8f8e6a28
[KEYCLOAK-8449] - Option to automatically map HTTP verbs to scopes when configuring the policy enforcer
2018-10-23 08:40:54 -03:00
vramik
7a96911a83
KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
...
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
vramik
623d985e7f
KEYCLOAK-8454 KeycloakHttpServerAuthenticationMechanism uses wrong status code when logout page not set
2018-10-17 19:03:24 +02:00
mposolda
4483677cdd
KEYCLOAK-8529 Fix most of adapter tests on EAP6
2018-10-12 12:01:33 +02:00
Tobias Gippert
c71f6e2188
The Keycloak JS adapter should not create a new browser history entry,
...
when it is redirecting the user, unless the user is in the admin console.
2018-10-12 09:42:26 +02:00
stianst
aaa33ad883
KEYCLOAK-8509 Improvements to session iframe
2018-10-10 21:01:05 +02:00
stianst
9be8bef575
KEYCLOAK-7920 Changes to native promises in JS adapter. Native promises have to be explicitly enabled and when they are old success/error functions are no longer supported. Internally we don't use native promises.
2018-10-10 21:00:19 +02:00
Frank Schmager
6b59c2f44c
try to register node during authentication attempt in filter
...
* PreAuthActionsFilter registers deployment during authentication attempt to enable, well,
node registration if filter is used by itself (if no securityConstraints when using spring boot and spring security)
* deregistering node during clean shutdown
* added unit test
2018-10-09 10:30:37 -03:00
sebastienblanc
fd0ab4a626
removing spring factories from core module
2018-10-09 14:17:33 +02:00
Pedro Igor
6fd4a02f95
[KEYCLOAK-8444] - Error when producing KeycloakSpringBootConfigResolver from spring security configuration
2018-10-08 09:29:59 -03:00
Hynek Mlnarik
211774ccbc
KEYCLOAK-7810 Fix NPE in Elytron SAML adapter
2018-10-04 14:38:45 +02:00
Pedro Igor
2da758ac86
[KEYCLOAK-6928] - Selecting first bearer if multiple values exists in authorization header
2018-10-01 09:36:10 -03:00
stianst
c3fc9e9815
Set version to 4.6.0.Final-SNAPSHOT
2018-09-26 20:58:41 +02:00
Pedro Igor
081e9883e6
[KEYCLOAK-7659] - k_version not supporting cors
2018-09-25 11:50:17 -03:00
Pedro Igor
df311b60b4
[KEYCLOAK-8168] - PEP is resolving claims twice under certain circumstances
2018-09-25 11:47:50 -03:00
mposolda
3777dc45d0
KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch
2018-09-21 11:17:05 +02:00
Pedro Igor
adf0a19f9d
[KEYCLOAK-8133] - Can't Sucessfully inject a custom KeycloakSpringBootConfigResolver in the Keycloak Spring Boot Security Adapter
2018-09-20 11:11:12 -03:00
Hynek Mlnarik
2bf6d75e57
KEYCLOAK-8010 Improve handling of Conditions SAML tag
2018-09-19 14:00:28 +02:00
Hynek Mlnarik
0b893d5634
KEYCLOAK-8187 Fix Undertow imports for Fuse
...
Co-Authored-By: wyvie <irum@redhat.com>
2018-09-18 16:54:03 +02:00
Pedro Igor
64f8fe4987
[KEYCLOAK-8070] - wrong expose headers when enable cors and policyenforcer
2018-09-17 17:02:15 -03:00
stianst
1fb4ca4525
Set version to 4.5.0.Final
2018-09-06 20:08:02 +02:00
Hynek Mlnarik
812e76c39b
KEYCLOAK-8163 Improve SAML validations
2018-09-05 15:47:03 +02:00
Pedro Igor
33efcc6b93
[KEYCLOAK-8142] - Fixing regression when setting path enforcement mode to disabled
2018-09-04 10:32:06 -03:00
Dmitry Telegin
bc8763ccf3
KEYCLOAK-7858 - OIDC servlet filter adapter OSGi support
2018-09-04 11:29:45 +02:00
Jani
42553cdc44
[KEYCLOAK-7695] Restore token_type and expires_in for implicit flow
...
As KEYCLOAK-6585 concerns only hybrid flow, this commit restores the behavior for implicit flow.
This commit partially reverts #5041 (061049e41a6b0e6fb45c75f05748023ad7ab7d92).
2018-08-29 13:00:57 +02:00
mposolda
6fc99cd749
KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
...
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
Dan Hooper
0a8fca7ec4
Created common interface for parsed tokens in typescript declaration file
2018-08-23 16:14:17 -04:00
Frank Schmager
3e2e0ac91c
Renamed factory and java doc
2018-08-22 16:39:55 +02:00
Frank Schmager
dda365e002
initial exposing of BasicAuthRequestAuthenticator to make extensible
2018-08-22 16:39:55 +02:00
Grzegorz Grzybek
fdc9882709
[KEYCLOAK-8101] Return just cached deployment to prevent NPE
2018-08-21 09:56:58 +02:00
Alex Szczuczko
a35ed671e6
KEYCLOAK-7480 Make fuse7 tomcat8 adapter community-only
2018-08-20 09:06:45 +02:00
Alex Szczuczko
f0a2f7a675
KEYCLOAK-7480 Make fuse7 adapter's jetty94 conditional on the community profile
...
In commit d70859ef
keycloak-pax-web-jetty94 was added.
org.keycloak:keycloak-jetty94-adapter:jar is a dependency of this module, and
isn't produced outside of the community profile. So, the jetty94 module here
must be consistent with that.
2018-08-20 09:06:45 +02:00
Erin Recachinas
fa8cb004a1
KEYCLOAK-6086 Casting Jetty WebAppContext in Spring Adapter checks validity and unwraps
2018-08-13 11:16:19 +02:00
Hynek Mlnarik
a8a9631d4f
KEYCLOAK-6832 Unify Destination attribute handling
2018-08-09 10:30:30 +02:00
Pedro Igor
80e5227bcd
[KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests
2018-08-07 10:53:40 -03:00
mposolda
959cd035ba
Set version to 4.3.0.Final-SNAPSHOT
2018-08-01 22:40:05 +02:00
Tair Sabirgaliev
d88568266f
KEYCLOAK-7821 Enable tomcat-specific features: *
(all roles), **
(authenticated user) in authRoles
constraint
2018-07-27 14:24:49 +02:00
mhajas
a6e4f4f9aa
KEYCLOAK-7922 Use Time.currentTimeMillis() instead of System.currentTimeMillis() in PathCache
2018-07-24 08:52:48 -03:00
Hynek Mlnarik
c8bc0d6d7b
KEYCLOAK-7400 Remove dead code
...
This commit can only be merged once the Camel 2.21.2 would be
released, otherwise the code won't compile due to missing dependencies.
See https://issues.apache.org/jira/browse/CAMEL-12514 for details.
2018-07-23 14:46:00 +02:00
Pedro Igor
7c14a6a503
[KEYCLOAK-6547] - AuthenticatedActionsHandler should process responses after identity is established
2018-07-19 10:05:04 -03:00
Grzegorz Grzybek
2cb7ec9432
[KEYCLOAK-7703] HierarchicalPathBasedKeycloakConfigResolver for more fine/coarse grained Keycloak configuration in Karaf
2018-07-19 14:25:52 +02:00
Gregor Tudan
3417b569c0
KEYCLOAK-2606: add support for native browsers on cordova
...
KEYCLOAK-2606 Added cordova native
KEYCLOAK-2606 Some more fixes and tweaks
Fix redirect in example realm
feature(cordova-native): fix universalLinks and kc options
Added 'cordova-native' to typings
Added an option to define a "default" redirectUri in keycloak.js
Added 'login' and 'logout' event to universalLinks configuration in config.xml
Improved 'cordova-native' example to always use a redirectUri and
update state after successfull logout
Setting the 'authenticated' flag for the keycloak instance to 'false'
after a logout redirect
KEYCLOAK-2606: Simplify example for cordova-native
I wanted to make it explicit which options are actually needed, so I didn't want to reuse the keycloak conf
KEYCLOAK-2606: simplify example
The update state after logout shouldn't be necessary as it is set in `keycloak.onAuthLogout = updateState;`
Not sure why it is called after the login promise...
Fixes
2018-07-18 10:51:59 +02:00
Martin Kanis
b520dda3ef
KEYCLOAK-4662 Keycloak adapter missing configuration attribute proxy-url
2018-07-13 14:30:40 +02:00
mhajas
5aebc74f8c
KEYCLOAK-7269 Setting more uris for Authorization Resource
2018-07-11 17:48:34 -03:00
Pedro Igor
55550f2023
[KEYCLOAK-6547] - AuthenticatedActionsHandler should process responses after identity is established
2018-07-11 11:33:31 -03:00
rmartinc
4a82979792
KEYCLOAK-1925: SAML adapter multitenant support
2018-07-10 13:21:11 +02:00
mposolda
d0a824dde4
Updating version to 4.2.0.Final-SNAPSHOT
2018-07-05 07:42:48 -04:00
sebastienblanc
f5d00ddffb
making Spring Boot 2 the default starter
2018-07-03 22:04:16 +02:00
Pedro Igor
dcadc61220
[KEYCLOAK-7670] - PEP not returning correct status code when authorization header is not set
2018-06-29 09:39:55 -03:00
Pedro Igor
f10c47955f
[KEYCLOAK-7427] - Fix to support writing to response when doing programmatic logouts
2018-06-28 11:08:28 -03:00
Pedro Igor
23db2b852b
[KEYCLOAK-7679] - Wildfly adapter must be disabled when using Elytron
2018-06-28 11:08:28 -03:00
Grzegorz Grzybek
3c9d3c2c04
[KEYCLOAK-7681] Review pax-web OSGi dependencies
...
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2018-06-22 13:47:20 +02:00
Grzegorz Grzybek
f90e0fc14c
[KEYCLOAK-7425] Correctly import packages of httpclient and http core, fix Karaf feature
2018-06-21 14:28:47 +02:00
Hynek Mlnarik
6b968796ce
KEYCLOAK-7667 Fix namespace handling when decrypting assertion
2018-06-21 13:09:18 +02:00
vramik
2fcfa5cf71
KEYCLOAK-7094 Support redirect to external logout page for saml filter adapter
2018-06-19 13:23:18 +02:00
stianst
e1a0e581b9
Update to 4.1.0.Final-SNAPSHOT
2018-06-14 14:22:28 +02:00
Dennis Bayer
c43d8b3d85
Get role list to update directly from the security context rather than from previously created subject info.
...
Roles within groups must be unpacked added separately in order to contain all roles.
2018-06-13 21:03:30 -03:00
Dennis Bayer
6a2a121d4e
Map group members of authenticated subject into subject info.
...
This commit contains a POC for the issue "Roles get lost after security context was propagated back to wildfly-swarm, if using jwt for authentication" (KEYCLOAK-7309).
2018-06-13 21:03:30 -03:00
Hynek Mlnarik
9dc5709ce7
KEYCLOAK-7593 Setters for httpContext
2018-06-13 16:32:39 +02:00
vramik
5f1f3dff5e
KEYCLOAK-7094 Support redirect to external logout page for elytron adapter
2018-06-13 12:50:38 +02:00
Stefan Guilhen
d897159560
[KEYCLOAK-7598] - Set CIP config when defining paths in policy enforcer config ( #5264 )
2018-06-12 11:24:17 -03:00
Vlasta Ramik
182c975e01
KEYCLOAK-7597 fix logger classes ( #5263 )
2018-06-12 11:02:04 -03:00
Pedro Igor
db60abc604
[KEYCLOAK-7543] - Policy enforcer should not delegate decisions when using UMA ( #5252 )
2018-06-11 08:17:40 -03:00
Lorent Lempereur
f55c93a1e4
Javascript Adapter - Add 'cordovaOptions' to the Typescript definition of KeycloakLoginOptions ( #5250 )
2018-06-11 08:21:04 +02:00
Grzegorz Grzybek
fca6da3a5a
KEYCLOAK-7523 better context path detection in PathBasedKeycloakConfigResolver
2018-06-08 21:32:14 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support ( #5076 )
...
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes
Co-authored-by: vramik <vramik@redhat.com>
* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353
...
[KEYCLOAK-7353] Support Policy Management in Protection API
2018-06-07 11:05:49 -03:00
Federico M. Facca
5a9bfea419
[KEYCLOAK-7353] Support Policy Management in Protection API
...
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Hynek Mlnarik
5a241392cf
KEYCLOAK-7094 Support redirect to external logout page
2018-06-05 14:51:18 +02:00
Pedro Igor
bc665fdbc3
Merge pull request #5195 from suem/bugfix_FilterSessionStore
...
NullPointerException in FilterSessionStore when restoring request
2018-06-01 10:51:28 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final ( #5224 )
2018-05-24 19:02:30 +02:00
Hynek Mlnarik
1e438cdc45
KEYCLOAK-7277 KEYCLOAK-7282 Tomcat 8/Pax Web integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
d70859ef1b
KEYCLOAK-7277 KEYCLOAK-7282 Jetty/Pax Web integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
cace03c3cc
KEYCLOAK-7279 Camel/Undertow integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
b2df872ad4
KEYCLOAK-7278 KEYCLOAK-7280 CXF/Undertow integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
dd65c231f9
KEYCLOAK-7277 KEYCLOAK-7282 Undertow/Pax Web integration
2018-05-23 13:14:07 +02:00
Hynek Mlnarik
ae690e0679
KEYCLOAK-5522 Base for Fuse 7 adapter
2018-05-23 13:14:07 +02:00
Pedro Igor
dac5d313b3
Merge pull request #5166 from pedroigor/KEYCLOAK-7021
...
[KEYCLOAK-7021] - keycloak-authz.js and keycloak-authz.d.ts do not work with TypeScript
2018-05-17 17:42:51 -03:00
Pedro Igor
21d139c6c2
Merge pull request #5173 from pedroigor/KEYCLOAK-7148
...
[KEYCLOAK-7148] - Associate sub resources to a parent resource
2018-05-17 16:51:55 -03:00
Lorent Lempereur
27d8afe4a7
Javascript Adapter - Reject 'login' promise when users close their cordova in-app-browser on purpose ( #5000 )
2018-05-09 15:49:38 -07:00
Samuel Ueltschi
3391ec5377
check if content-type is null when restoring request
2018-05-09 12:47:14 +02:00
Lorent Lempereur
f6125a2542
[KEYCLOAK-6655] Javascript Adapter - Allow users to provide cordova-specific options to login and register ( #4998 )
...
* Javascript Adapter - Allow users to pass cordova-specific options (in-app-browser) to the login and register functions
* Javascript Adapter - Allow users to pass cordova-specific options (in-app-browser) to the login and register functions
* [KEYCLOAK-6655] On Android 8, explicit hidden=no fails on in-app-browser load.
2018-05-07 00:26:46 +02:00
pedroigor
7ebcc69cb9
[KEYCLOAK-7148] - Associate sub resources to a parent resource
2018-05-02 13:04:11 -03:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT ( #5185 )
2018-05-02 14:32:20 +02:00
Pedro Igor
e960642399
Merge pull request #5144 from pedroigor/KEYCLOAK-4903
...
[KEYCLOAK-4903] - Pushed Claims
2018-04-26 15:59:13 -03:00
Stan Silvert
35154db50f
KEYCLOAK-7123: l10n dropdowns ( #5170 )
...
* KEYCLOAK-7196: Add kc_locale to keycloak.js
* KEYCLOAK-7123: Localization dropdowns
* Update keycloak-service to latest keycloak.js
2018-04-25 15:04:12 -04:00
pedroigor
b249a48dcf
[KEYCLOAK-7147] - Support obtaining a buffered input stream in HttpFacade.Request
2018-04-25 10:16:41 -03:00
pedroigor
035ebc881a
[KEYCLOAK-4903] - Claim Information point Provider SPI and configuration
2018-04-25 10:16:41 -03:00
Stan Silvert
b6a0303a4c
KEYCLOAK-7196: Add kc_locale to keycloak.js ( #5165 )
...
* KEYCLOAK-7196: Add kc_locale to keycloak.js
* Update keycloak.d.ts
2018-04-23 11:45:32 -04:00
pedroigor
824b900a43
[KEYCLOAK-7021] - keycloak-authz.js and keycloak-authz.d.ts do not work with TypeScript
2018-04-23 08:48:42 -03:00
pedroigor
c3d297dd05
[KEYCLOAK-7162] - Expose WWW-Authenticate Header when using CORS
2018-04-23 08:46:54 +02:00
pedroigor
527d6ca4d8
[KEYCLOAK-6414] - Empty response body with 200 response when using Elytron
2018-04-23 08:46:54 +02:00
Wojciech Trocki
c3c1a0fb4e
Allow to use custom adapter ( #5067 )
...
* Allow to use custom adapter
* fix: improve TypeScript documentation
2018-04-20 09:18:46 +02:00
Pedro Igor
e1f5245145
Merge pull request #5120 from pedroigor/KEYCLOAK-7029
...
[KEYCLOAK-7029] - Configuration of cache policies for cached resources/path
2018-04-05 09:33:23 -03:00
Stian Thorgersen
5514812a4d
KEYCLOAK-7048 Clear token if refresh fails ( #5124 )
2018-04-04 20:12:25 +02:00
pedroigor
a939c45d58
[KEYCLOAK-7029] - Configuration of cache policies for cached resources/path
2018-04-03 16:44:27 -03:00
Bill Burke
0b2fe75828
Merge pull request #5115 from patriot1burke/kcinit-browser
...
KEYCLOAK-7004 KEYCLOAK-7003 KEYCLOAK-6999 KEYCLOAK-7033
2018-04-03 10:31:30 -04:00
pedroigor
5c52da80c6
[KEYCLOAK-7028] - Propagating AuthorizationContext when enforcement-mode is disable for a path
2018-04-02 11:10:43 -03:00
Bill Burke
4078e84fb6
server driven success page
2018-03-31 10:16:44 -04:00
Pedro Igor
5cae1bb134
Merge pull request #5093 from pedroigor/KEYCLOAK-4102
...
[KEYCLOAK-4102] - Support lazy load paths
2018-03-29 09:16:34 -03:00
pedroigor
4a425c2674
[KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config
2018-03-28 09:23:59 -03:00
Bill Burke
ad5f3fefc5
Merge remote-tracking branch 'upstream/master' into kcinit
2018-03-27 16:38:35 -04:00
pedroigor
e9e376419d
[KEYCLOAK-4102] - Removing create-resources configuration option
2018-03-27 09:51:13 -03:00
sebastienblanc
91135c95ae
KEYCLOAK-6732 : Make Spring Sec Dep optional
2018-03-27 10:59:29 +02:00
stianst
07fea02146
Bump versions to 4.0.0.Beta2-SNAPSHOT
2018-03-26 18:17:38 +02:00
Pedro Igor
593f57fd2c
Merge pull request #5088 from pedroigor/KEYCLOAK-6878
...
[KEYCLOAK-6878] - Always refresh token option not working for invalid tokens
2018-03-26 09:38:05 -03:00
Ryan Dawson
d57fb445eb
adapter for spring boot 2
...
remove built directory
update snapshot version references
refactor out core library to remove duplication
adapter for spring boot 2
remove built directory
update snapshot version references
Revert "merge from upstream"
This reverts commit 88c39a2f23b8f2d4b25360e2b46e683d11b4972b, reversing
changes made to f0811145ceeb8ec609ed66b06067f797e288aa89.
setting correct versions
updating to latest keycloak
arquillian test app for spring boot2
update to 2.0.0.RELEASE
added Rest Customizer
2018-03-22 14:23:55 +01:00
pedroigor
3559c5dc3c
[KEYCLOAK-6878] - Always refresh token option not working for invalid tokens
2018-03-21 10:01:02 -03:00
Bill Burke
f000cedcbb
Merge remote-tracking branch 'upstream/master' into kcinit
2018-03-20 16:49:43 -04:00
Bill Burke
681e3d751e
golang integration
2018-03-20 16:42:35 -04:00
Bill Burke
8926837a3e
tests
2018-03-19 16:47:13 -04:00
Bill Burke
4bba11cd94
kcinit
2018-03-16 12:11:57 -04:00
pedroigor
668b67dcdb
[KEYCLOAK-6623] - Policy enforcer gets confused with similar paths ending with wildcards
2018-03-09 16:38:57 -03:00
Pedro Igor
91bdc4bde2
[KEYCLOAK-3169] - UMA 2.0 ( #4368 )
...
* [KEYCLOAK-3169] - UMA 2.0 Support
* [KEYCLOAK-3169] - Changes to account service and more tests
* [KEYCLOAK-3169] - Code cleanup and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - More tests
* [KEYCLOAK-3169] - Changes to adapter configuration
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring
* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests
* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers
* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console
* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console
* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests
* [KEYCLOAK-3169] - Removing more UMA 1.0 related code
* [KEYCLOAK-3169] - Only submit requests if ticket exists
* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - 403 response in case ticket is not created
* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent
* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
wyvie
f8022a5c2f
[KEYCLOAK-6585] hybrid flow: removed token_type and expires_in paramters from oidc auth response
2018-02-27 15:31:12 +01:00
Hynek Mlnarik
1f20c03afa
KEYCLOAK-6470 Refactor SAML adapter parsers
2018-02-27 09:37:29 +01:00
wyvie
52acd959e0
[KEYCLOAK-6584] removed not-before-policy parameter from authorization response
2018-02-26 17:41:18 +01:00
Hynek Mlnarik
e7cdb8ad54
KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers
2018-02-23 08:16:14 +01:00
stianst
eb326cd1bb
KEYCLOAK-6534 Check for string in receiveMessage in session iframe
2018-02-22 07:02:16 +01:00
stianst
9b63cd35f0
KEYCLOAK-6431
2018-02-13 19:38:46 +01:00
Bill Burke
5d5373454c
Merge pull request #4991 from patriot1burke/challenge-support
...
KEYCLOAK-6355
2018-02-13 09:38:45 -05:00
Bill Burke
a3d6917f20
disable clisso experimental feature
2018-02-12 17:57:05 -05:00
David Festal
f44cda2621
Make the keycloak.js
capable of working with alternate OIDC providers ( #4978 )
...
* Make the `keycloak.js` capable of working with alternate OIDC providers
(provided that they create access_tokens as JWT tokens with `exp` and
`iat` claims).
Also add a `useNonce` option, to allow disabling the `nonce` check
since, in the OIDC specification, `nonce` is optional.
Signed-off-by: David Festal <dfestal@redhat.com>
* Update the `keycloak.ts` with the `useNonce` additional init option.
Signed-off-by: David Festal <dfestal@redhat.com>
* Fix 2 errors in the case `checkSessionIframe` is used
Signed-off-by: David Festal <dfestal@redhat.com>
2018-02-12 11:00:02 +01:00
Bill Burke
d6788a0839
finish
2018-02-10 13:38:39 -05:00
o.pakers
8495a7c05a
[master]: fix type for checkLoginIframeInterval
2018-02-02 08:37:07 +01:00
Martin Kanis
6b8ec0bb82
KEYCLOAK-6154 Exclude common-logging/codec from keycloak-osgi-thirdparty
2018-01-31 21:26:41 +01:00
Takashi Norimatsu
502627f590
KEYCLOAK-5811 Client Authentication by JWS Client Assertion in client secret
2018-01-26 10:59:40 +01:00
Ray DeCampo
a21a94078b
KEYCLOAK-5578: Keycloak JS adapter returns native Promise instances when available.
...
Promise instances are adorned with success() and error() functions to retain backwards compatibility.
2018-01-25 20:42:31 +01:00
stianst
06bb6f00e5
Include Jetty 9.1 in product profile
2018-01-04 09:14:11 +01:00