No description
24a2773524
The NameID Format in the AuthnRequest NameIDPolicy is now respected, and support has been added for the following NameID Formats: - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:transient The persistent NameID format was previously used in all responses and mapped to the principal's username. Now, unspecified is mapped to the principal's username and used by default if no NameIDPolicy is specified by the SP. The persistent format requires generating a pseudo-random identifier that must be generated by the IdP on first login and stored in the user's profile. Persistent NameID Format is not yet implemented. The certificate is now added to the signature to enable support for integration with Service Providers where only the IdP's certificate fingerprint is configured (e.g. Zendesk). |
||
|---|---|---|
| connections | ||
| core | ||
| core-jaxrs | ||
| dependencies | ||
| distribution | ||
| docbook | ||
| events | ||
| examples | ||
| export-import | ||
| federation | ||
| forms | ||
| integration | ||
| misc | ||
| model | ||
| picketlink | ||
| project-integrations | ||
| saml | ||
| server | ||
| services | ||
| social | ||
| testsuite | ||
| timer | ||
| .gitignore | ||
| License.html | ||
| pom.xml | ||
| README.md | ||
keycloak
Please visit http://keycloak.org for more information on Keycloak including how to download, documentation, and video tutorials.
Keycloak is an SSO Service for web apps and REST services. It can be used for social applications as well as enterprise applications. It is based on OpenID Connect with support for SAML 2.0 as well. Here's some of the features:
- SSO and Single Log Out for browser applications
- Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required.
- Optional LDAP/Active Directory integration
- Optional User Registration
- Password and TOTP support (via Google Authenticator or FreeOTP). Client cert auth coming soon.
- User session management from both admin and user perspective
- Customizable themes for user facing pages: login, grant pages, account management, emails, and admin console all customizable!
- OAuth Bearer token auth for REST Services
- Integrated Browser App to REST Service token propagation
- Admin REST API
- OAuth 2.0 Grant requests
- CORS Support
- CORS Web Origin management and validation
- Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
- Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
- Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
- Supports JBoss AS7, EAP 6.x, Wildfly, Tomcat, and Jetty applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.
- Javascript/HTML 5 adapter for pure Javascript apps
- Session management from admin console
- Revocation policies
- Password policies
- OpenID Connect Support
- SAML Support
Please visit http://keycloak.org for more information on Keycloak including how to download, documentation, and video tutorials.