Commit graph

407 commits

Author SHA1 Message Date
Stefan Guilhen
aa46735173 [KEYCLOAK-15200] Complement methods for accessing users with Stream variants 2020-11-10 15:13:11 +01:00
Takashi Norimatsu
a63814da67 KEYCLOAK-14201 Client Policy - Executor : Enforce Proof Key for Code Exchange (PKCE) 2020-11-09 08:18:05 +01:00
Takashi Norimatsu
6dc136dfc0 KEYCLOAK-14199 Client Policy - Executor : Enforce more secure client authentication method when client registration 2020-11-05 20:42:49 +01:00
Pedro Igor
2b9ee02adc [KEYCLOAK-11698] - Change context path of Keycloak to / for Keycloak.X 2020-11-02 15:25:11 -03:00
vramik
785f2e78bc KEYCLOAK-14977 create MapRoleProvider 2020-10-30 08:15:22 +01:00
Pedro Igor
b95ca30ec2 [KEYCLOAK-14255] - Minor fixes and improvements 2020-10-23 10:39:21 +02:00
stianst
da6f7d697f KEYCLOAK-11786 Include Keycloak.X preview dist in distribution 2020-10-23 08:46:13 +02:00
mhajas
4556e858ad KEYCLOAK-15522 Use AbstractStorageManager in UserStorageManager 2020-10-15 20:41:13 +02:00
Martin Kanis
086f7b4696 KEYCLOAK-15450 Complement methods for accessing realms with Stream variants 2020-10-14 08:16:49 +02:00
testn
269a72d672 KEYCLOAK-15184: Use static inner class where possible 2020-10-09 23:37:08 +02:00
mposolda
ff05072c16 KEYCLOAK-15770 Skip creating session for docker protocol authentication 2020-10-09 07:53:26 +02:00
Takashi Norimatsu
6596811d5d KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level 2020-09-25 08:31:14 +02:00
vmuzikar
bca73fd04a KEYCLOAK-15158 Javascript adapter init() is throwing a promise error after upgrade to 11 2020-09-22 10:56:46 -03:00
testn
2cd03569d6 KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader 2020-09-21 13:05:03 +02:00
Pedro Igor
0978d78a48 [KEYCLOAK-14255] - Initial changes to configuration 2020-09-16 20:03:52 +02:00
Martin Kanis
5d5e56dde3 KEYCLOAK-15199 Complement methods for accessing roles with Stream variants 2020-09-16 16:29:51 +02:00
vmuzikar
a9a719b88c KEYCLOAK-15270 Account REST API doesn't verify audience 2020-09-14 08:43:09 -03:00
Takashi Norimatsu
af2f18449b KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role 2020-09-10 18:34:19 +02:00
Martin Kanis
4e9bdd44f3 KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak 2020-09-07 13:11:55 +02:00
stianst
76f7fbb984 KEYCLOAK-14548 Add support for cached gzip encoding of resources 2020-09-07 00:58:47 -07:00
Takashi Norimatsu
1d8230d438 KEYCLOAK-14190 Client Policy - Condition : The way of creating/updating a client 2020-09-04 09:54:55 +02:00
Hynek Mlnarik
583fa07bc4 KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking 2020-09-01 20:40:38 +02:00
mhajas
bdccfef513 KEYCLOAK-14973 Create GroupStorageManager 2020-09-01 10:21:39 +02:00
Martin Kanis
d59a74c364 KEYCLOAK-15102 Complement methods for accessing groups with Stream variants 2020-08-28 20:56:10 +02:00
vramik
6b00633c47 KEYCLOAK-14812 Create RoleStorageManager 2020-07-31 15:11:25 -03:00
rmartinc
32bf50e037 KEYCLOAK-14336: LDAP group membership is not visible under "Users in Role" tab for users imported from LDAP 2020-07-30 16:19:22 +02:00
Dillon Sellars
25bb2e3ba2 KEYCLOAK-14529 Signed and Encrypted ID Token Support : RSA-OAEP-256 Key Management Algorithm 2020-07-30 15:20:51 +02:00
vramik
7f979ffbcf KEYCLOAK-14889 Create test for clientStorageProviderTimeout 2020-07-30 08:42:51 -03:00
Martin Kanis
feef5b4db2 KEYCLOAK-14220 Complement methods for accessing clients with Stream variants 2020-07-27 10:38:39 +02:00
Pedro Igor
d5348066cb [KEYCLOAK-14639] - Update ISPN schemas and how to run guide 2020-07-23 14:53:05 -03:00
keycloak-bot
afff0a5109 Set version to 12.0.0-SNAPSHOT 2020-07-22 14:36:15 +02:00
Hynek Mlnarik
c566b46e8f KEYCLOAK-14549 Make ClientProvider independent of RealmProvider
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Takashi Norimatsu
e0fbfa722e KEYCLOAK-14189 Client Policy : Basics 2020-07-21 07:50:08 +02:00
Jan Lieskovsky
969b09f530 [KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final"
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-07-20 22:15:08 +02:00
mhajas
93149d6b47 KEYCLOAK-14234 Adjust Adapter testsuite to work with app/auth.server.host including TLS configured 2020-07-20 11:22:16 +02:00
vmuzikar
7087c081f0 KEYCLOAK-14023 Instagram User Endpoint change
Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>
2020-07-10 17:36:51 -03:00
Pedro Igor
1db1deb066 [KEYCLOAK-13141] - Supporting re-augmentation 2020-07-10 11:04:46 -03:00
Pedro Igor
9c4da9b3ce [KEYCLOAK-14147] - Request filter refactoring
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2020-07-07 11:26:12 -03:00
vmuzikar
001fe9eb11 KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked
Co-authored-by: mhajas <mhajas@redhat.com>
2020-06-30 17:11:20 -03:00
Martin Idel
05b6ef8327 KEYCLOAK-14536 Migrate UserModel fields to attributes
- In order to make lastName/firstName/email/username field
  configurable in profile
  we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)

Fix tests with logic changes

- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes

Potential impact on users:

- When subclassing UserModel, consistency issues may occur since one can
  now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Pedro Igor
337a751aaa [KEYCLOAK-11330] - Clustering tests for GA 2020-06-24 17:23:45 +02:00
vramik
753c21e9ef KEYCLOAK-14129 0 downtime upgrade test - eap 2020-06-23 19:37:45 +02:00
Pedro Igor
d331091c5e [KEYCLOAK-11330] - Quarkus tests 2020-06-17 17:20:55 +02:00
Pedro Igor
a8bad5b9bb [KEYCLOAK-11330] - Quarkus clustering tests 2020-06-16 10:07:24 -03:00
mhajas
5d1d75db40 KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration 2020-06-15 14:45:57 +02:00
Pedro Igor
e16f30d31f [KEYCLOAK-2343] - Allow exact user search by user attributes
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2020-06-10 12:02:50 -03:00
Pedro Igor
8142b9ad7f [KEYCLOAK-11330] - Fixing build when using empty repository 2020-06-10 08:03:18 -03:00
vramik
d63b3ceca4 KEYCLOAK-14141 0 downtime upgrade test 2020-06-10 12:45:34 +02:00
Pedro Igor
6ccde288a3 [KEYCLOAK-11330] - SSL Support 2020-06-09 08:43:52 +02:00
vmuzikar
f8dce7fc3e KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies 2020-05-28 13:37:56 +02:00
Torsten Juergeleit
6005503a3d Namespace support to group-ldap-mapper
Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.

This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.

This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.

A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.

This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.

An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.
2020-05-26 17:37:29 +02:00
Pedro Igor
35f622f48e [KEYCLOAK-11719] - Remove need for servlets/undertow from Quarkus dist
Co-authored-by: MatthewC <matthewc@backbase.com>
2020-05-13 09:28:58 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00
Martin Kanis
be28bfee1d KEYCLOAK-13636 Missing wildfly-dist in EAP 7.4.0.CD19 build 2020-04-28 08:55:42 -03:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
mposolda
821405e175 KEYCLOAK-10852 Inconsistency when using 'forgot password' after changing email directly in LDAP 2020-04-16 12:28:41 +02:00
vramik
52b67f6172 KEYCLOAK-13660 Patch installation is not performed with -Dauth.server.patch.zips 2020-04-02 10:35:07 +02:00
mposolda
6f62c0ed98 KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console 2020-03-27 13:29:55 +01:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
Stefan Guilhen
8c627fdb20 [KEYCLOAK-13036] Fix KeycloakElytronCSVaultTest failures on IBM JDK
- credential store is generated on the fly for the test, avoiding incompatibilities between implementations of keystores
2020-03-17 17:07:55 +01:00
mposolda
72e4690248 KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage 2020-03-11 12:51:56 +01:00
mposolda
803f398dba KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage 2020-03-11 12:51:56 +01:00
Pedro Igor
b7a395a3ef [KEYCLOAK-11345] - Test basic features of Keycloak.X with current tetsuite 2020-03-10 15:59:35 +01:00
vramik
83461d033b KEYCLOAK-11808 update testsuite to use current jdbc driver version for migration testing 2020-03-09 15:05:12 +01:00
Sebastian Schuster
99aba33980 KEYCLOAK-13163 Fixed searching for user with fine-grained permissions 2020-03-09 09:56:13 -03:00
vramik
e2bd99e9e4 KEYCLOAK-13097 fix UserStorageTest - add cleanup after test 2020-02-27 10:46:38 +01:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn (#6780)
* KEYCLOAK-12958 Preview feature profile for WebAuthn

* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server

* KEYCLOAK-12958 WebAuthn profile product/project

Co-authored-by: Marek Posolda <mposolda@gmail.com>
2020-02-26 08:45:26 +01:00
Thomas Darimont
67ddd3b0eb KEYCLOAK-12926 Improve Locale based message lookup
We now consider intermediate Locales when performing a Locale based
ResourceBundle lookup, before using an Locale.ENGLISH fallback.

Co-authored-by: stianst <stianst@gmail.com>
2020-02-18 08:43:46 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
mposolda
a76c496c23 KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users 2020-02-14 20:24:42 +01:00
Pedro Igor
7efaf9869a [KEYCLOAK-12864] - OIDCIdentityProvider with Reverse Proxy 2020-02-13 15:01:10 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … (#6668) 2020-02-03 19:23:30 +01:00
vmuzikar
03306b87e8 KEYCLOAK-12125 Introduce SameSite attribute in cookies
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
Martin Kanis
e1f8e5d08c KEYCLOAK-12462 Align to EAP 7.3.0.GA 2020-01-13 14:58:59 +01:00
vramik
419d9c6351 KEYCLOAK-11597 Remote testing changes + possibility to exclude tests for specific auth server
Co-Authored-By: <mhajas@redhat.com>
2020-01-06 14:29:36 +01:00
Stefan Guilhen
9f69386a53 [KEYCLOAK-11707] Add support for Elytron credential store vault
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
 - Introduces an abstract provider and factory that unifies code that is common to the existing implementations
 - Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
   and key names when constructing the vault entry id
 - Introduces a keyResolvers property to the existing implementation via superclass that allows for the
   configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
   are tried in the order they were declared when retrieving a secret from the vault
 - Adds more tests for the files-plaintext provider using the new key resolvers
 - Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
   needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb [KEYCLOAK-12254] Fix re-evaluation of conditional flow (#6558) 2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9 [KEYCLOAK-11859] Added option to always display a client in the accounts console 2019-12-17 17:12:49 -03:00
vramik
c3d80651bf KEYCLOAK-12473 Add possibility to specify length of event detail when storing to database 2019-12-17 17:15:50 +01:00
Dmitry Telegin
e2144d6aec KEYCLOAK-12175 - Platform SPI 2019-12-09 09:55:04 +01:00
stianst
30e024a3c9 KEYCLOAK-12167 Remove need for Arquillian deployment to load test classes 2019-12-06 12:46:08 +01:00
Cristian Schuszter
5c7ce775cf KEYCLOAK-11472 Pagination support for clients
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
Martin Kanis
685d49c693 KEYCLOAK-11967 Violation of UNIQUE KEY constraint SIBLING_NAMES (#6485) 2019-11-26 16:00:50 +01:00
Dmitry Telegin
79074aa380 KEYCLOAK-12162 Modularize config backends (#6499)
* KEYCLOAK-12162 - Modularize configuration backends

* - Use JsonSerialization
- simplify backend selection (no fallbacks)

* Remove unused org.wildfly.core:wildfly-controller dependency
2019-11-22 15:23:04 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459)
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Martin Kanis
25511d4dbf KEYCLOAK-9651 Wrong ECDSA signature R and S encoding 2019-11-13 15:32:51 +01:00
mhajas
b74f69c5ac KEYCLOAK-11779 Make feature controller which takes care of enabling/disabling features including restarting container if needed 2019-11-07 09:35:11 +01:00
Martin Bartoš
e3d755fe9d KEYCLOAK-11729: ExtendingThemeTest is failing with auth-server-wildfly (#6410) 2019-11-04 11:27:03 +01:00
Takashi Norimatsu
1905260eac KEYCLOAK-11251 ES256 or PS256 support for Client Authentication by Signed JWT (#6414) 2019-10-24 17:58:54 +02:00
vramik
5c56a8493b KEYCLOAK-11568 Some properties are not propagated if specified via command line 2019-10-10 10:25:48 -03:00
Pedro Igor
f0fb48fb76 [KEYCLOAK-11326] - Refactoring to support different versions of resteasy 2019-10-09 12:01:34 +02:00
Pedro Igor
a2e98b57f4 [KEYCLOAK-11326] - Refactoring to use types from JAX-RS API 2019-10-09 12:01:34 +02:00
vramik
b1697a5e71 KEYCLOAK-11069 auth-server-remote tests 2019-09-30 10:29:51 +02:00
mhajas
37b7b595a5 KEYCLOAK-11410 Do not throw exception in PlaintextVaultProvider if unconfigured 2019-09-19 14:56:19 +02:00
Cédric Couralet
9c37da0ee9 KEYCLOAK-8818 Support message bundle in theme resources 2019-09-11 08:03:16 +02:00
mhajas
2703388946 KEYCLOAK-11245 Adapt LDAPConnectionTestManager to use newly introduced LDAPContextManager 2019-09-10 22:51:19 +02:00
mhajas
9c2525ec1a KEYCLOAK-11245 Use transcription object for LDAP bindCredential 2019-09-09 19:39:53 +02:00
Martin Kanis
4235422798 KEYCLOAK-11246 Use the transcription object for SMTP password 2019-09-09 13:27:11 +02:00