Commit graph

2927 commits

Author SHA1 Message Date
rmartinc
401d36b446 KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts 2019-12-27 15:59:38 -03:00
Thomas Darimont
0219d62f09 KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens
As required by the OIDC spec (1) we now return a proper WWW-Authenticate
response header if the given token is invalid.

1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError
2019-12-23 07:42:06 -03:00
Andrei Arlou
eed4847469 KEYCLOAK-12311 Fix minor warnings with collections in packages: forms, keys, partialimport, protocol from module "services" 2019-12-20 13:31:38 +01:00
Peter Skopek
7a14661fce KEYCLOAK-6115 Login fails if federated user is read-only and has selected a locale on the login screen 2019-12-19 14:36:50 +01:00
Andrei Arlou
aceb123242 KEYCLOAK-12417 Fix minor warnings in tests from module "services" 2019-12-19 10:51:37 +01:00
Andrei Arlou
697eaa4f36 KEYCLOAK-12309 Fix warnings with collections in packages:
authentification, authorization, broker, email, events, exportimport from module "services"
2019-12-18 14:02:27 +01:00
Andrei Arlou
bb156fb2fd KEYCLOAK-12317 Fix minor warnings with modificators in packages: authentication, authorization, keys, partialimport, protocol from module "services" 2019-12-18 13:26:27 +01:00
Andrei Arlou
c61cc1a493 KEYCLOAK-12316 Simplify conditions in packages: authentication, broker, credential, protocol from module "services" 2019-12-18 13:22:36 +01:00
Stefan Guilhen
9f69386a53 [KEYCLOAK-11707] Add support for Elytron credential store vault
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
 - Introduces an abstract provider and factory that unifies code that is common to the existing implementations
 - Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
   and key names when constructing the vault entry id
 - Introduces a keyResolvers property to the existing implementation via superclass that allows for the
   configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
   are tried in the order they were declared when retrieving a secret from the vault
 - Adds more tests for the files-plaintext provider using the new key resolvers
 - Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
   needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb [KEYCLOAK-12254] Fix re-evaluation of conditional flow (#6558) 2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9 [KEYCLOAK-11859] Added option to always display a client in the accounts console 2019-12-17 17:12:49 -03:00
jacac
3ae508e1b9 KEYCLOAK-12425 Encode userid with Base64Url. (#6585) 2019-12-16 20:40:27 +01:00
Douglas Palmer
af0594b58d [KEYCLOAK-12463] Fixed missing consents 2019-12-12 17:27:54 -03:00
Douglas Palmer
f9fa5b551d [KEYCLOAK-5628] Added application endpoint 2019-12-11 13:06:04 -03:00
Martin Bartoš
2cf6483cdf [KEYCLOAK-12044] Fix messages in the UsernameForm (#6548) 2019-12-11 10:59:46 +01:00
Dmitry Telegin
56aa14ffab KEYCLOAK-11347 - MicroProfile-Config 2019-12-10 12:08:22 +01:00
Denis Richtárik
48bddc37ae KEYCLOAK-12011 Remove cancel button from OTP form (#6511)
* KEYCLOAK-12011 Remove cancel button from OTP form

* Remove back button
2019-12-09 19:23:26 +01:00
Dmitry Telegin
e2144d6aec KEYCLOAK-12175 - Platform SPI 2019-12-09 09:55:04 +01:00
Yoshiyuki Tabata
b2664c7ef9 KEYCLOAK-12094 "client-session-stats" not search null client information (#6554) 2019-12-06 10:37:25 +01:00
Martin Bartoš
e405ce6e97 [KEYCLOAK-11824] Fix bug with only one value of the authentication model execution requirement (#6570) 2019-12-05 18:28:00 +01:00
Andrei Arlou
fb421d3086 KEYCLOAK-12262 Remove unused imports from packages "authorization" and "authentification" in module "services" (#6547) 2019-12-05 14:39:03 +01:00
Andrei Arlou
da7e0ba403 KEYCLOAK-12310 Remove unused imports from packages: exportimport, forms, jose, partialimport, protocol in module "services" (#6560) 2019-12-05 14:28:47 +01:00
Cristian Schuszter
5c7ce775cf KEYCLOAK-11472 Pagination support for clients
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
vmuzikar
072cd9f93f KEYCLOAK-12329 Fix linking accounts in the new Account Console 2019-12-03 18:49:40 -03:00
Martin Kanis
73d1a26040 KEYCLOAK-11773 Front-channel logout with identity brokering does not work after browser restart 2019-12-03 08:17:54 +01:00
harture
129c689855 [KEYCLOAK-12253] Fix conditional authenticators are evaluated even if they are disabled (#6553) 2019-11-28 09:30:31 +01:00
Stan Silvert
de6f90b43b KEYCLOAK-11550: Single page for credentials (initial commit) 2019-11-27 07:32:13 -03:00
rmartinc
82ef5b7927 KEYCLOAK-12000: Allow overriding time lifespans on a SAML client 2019-11-26 10:02:34 +01:00
Dmitry Telegin
79074aa380 KEYCLOAK-12162 Modularize config backends (#6499)
* KEYCLOAK-12162 - Modularize configuration backends

* - Use JsonSerialization
- simplify backend selection (no fallbacks)

* Remove unused org.wildfly.core:wildfly-controller dependency
2019-11-22 15:23:04 +01:00
Yoshiyuki Tabata
0a9d058b81 KEYCLOAK-12150 change error response from invalid_request to unsupported_grant_type 2019-11-22 11:11:07 +01:00
Yoshiyuki Tabata
a36cfee84b KEYCLOAK-12149 change error response from invalid_grant to unauthorized_client 2019-11-22 11:10:16 +01:00
Yoshiyuki Tabata
4117710379 KEYCLOAK-12019 change error response from unsupported_response_type to unauthorized_client 2019-11-22 11:03:02 +01:00
Vidhyadharan Deivamani
9e366f0453 KEYCLOAK-8162 review comment adopted 2019-11-22 10:37:50 +01:00
Vidhyadharan Deivamani
318b290f55 KEYCLOAK-8162 Added resourcesPath 2019-11-22 10:37:50 +01:00
Fuxin Hao
ff4c94506f use reCAPTCHA globally 2019-11-22 10:22:15 +01:00
Stan Silvert
ea268af511 KEYCLOAK-12159: AIA and Logout broken in new acct console 2019-11-21 09:35:46 -03:00
stianst
3731e36ece KEYCLOAK-12069 Add account-console client for new account console 2019-11-20 08:48:40 -05:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
Stefan Guilhen
9a7c1a91a5 KEYCLOAK-10780 Stop creating placeholder e-mails for service accounts (#228) 2019-11-15 15:08:29 +01:00
k-tamura
43e2370f21 KEYCLOAK-11772 Fix temporary credential property to work correctly 2019-11-15 08:48:12 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459)
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Stan Silvert
d439f4181a KEYCLOAK-6503: Linked Accounts Page 2019-11-14 07:39:43 -03:00
Martin Kanis
25511d4dbf KEYCLOAK-9651 Wrong ECDSA signature R and S encoding 2019-11-13 15:32:51 +01:00
stianst
b8881b8ea0 KEYCLOAK-11728 New default hostname provider
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2019-11-11 12:25:44 +01:00
stianst
062841a059 KEYCLOAK-11898 Refactor AIA implementation 2019-11-08 16:03:07 -03:00
stianst
63abebd993 KEYCLOAK-11627 Require users to re-authenticate before invoking AIA 2019-11-08 16:03:07 -03:00
stianst
bc5113053d KEYCLOAK-11897 Change kc_action parameter to proper built-in parameter 2019-11-08 16:03:07 -03:00
stianst
1e66660fd0 KEYCLOAK-11896 Remove initiate-action role 2019-11-08 16:03:07 -03:00
Takashi Norimatsu
4574d37d8d KEYCLOAK-11372 Support for attestation statement verification (#6449) 2019-11-08 09:15:28 +01:00
Stian Thorgersen
f14f92ab0b KEYCLOAK-6073 Make adapters use discovery endpoint for URLs instead of hardcoding (#6412) 2019-11-06 10:34:35 +01:00