Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Pull from Keycloak master #4

Open
wants to merge 2,041 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2041 commits
Select commit Hold shift + click to select a range
63f04c1
KEYCLOAK-18683 Client policy executor for check Backchannel signed re…
tnorimat Jul 9, 2021
f188f02
KEYCLOAK-18826 FAPI-CIBA-ID1 conformance test : ID Token needs to inc…
tnorimat Jul 19, 2021
61aa4e6
KEYCLOAK-18750 - Set "Email Verified" to false when email changed in
velias Jul 15, 2021
8c49478
KEYCLOAK-18699 Brand logo is not found for admin console (#8255)
mabartos Jul 19, 2021
fe4e089
[KEYCLOAK-18745] - Client JWT authentication should allow PAR endpoin…
pedroigor Jul 14, 2021
02a9eb4
KEYCLOAK-18829 FAPI-CIBA-ID1 conformance test : ClientRolesCondition …
tnorimat Jul 19, 2021
f76c074
KEYCLOAK-18827 FAPI-CIBA-ID1 conformance test : Client JWT authentica…
tnorimat Jul 20, 2021
13a0836
[KEYCLOAK-18819] - SecureResponseType executor shall allow response_t…
pedroigor Jul 16, 2021
730d4e8
[KEYCLOAK-18807] - Fixing claims in JARM responses
pedroigor Jul 19, 2021
396a78b
[KEYCLOAK-18723] - Configurable constraints for request object encryp…
pedroigor Jul 12, 2021
e2c5fa2
KEYCLOAK-18849 Client Policy - Condition : ClientRolesCondition needs…
tnorimat Jul 20, 2021
f154b0b
KEYCLOAK-18831 FAPI-CIBA-ID1 conformance test : need to return 400 if…
tnorimat Jul 20, 2021
db7e247
KEYCLOAK-18848 KEYCLOAK-18850 Enable CIBA and PAR by default
mposolda Jul 20, 2021
f1ee282
[KEYCLOAK-18805] - Update Portuguese (Brazil) translations
SrMouraSilva Jul 15, 2021
7f34af4
Revert "[KEYCLOAK-18425] - Allow mapping user profile attributes"
pedroigor Jul 19, 2021
54a0e84
[KEYCLOAK-18741] - Review error messages when validating PAR requests
pedroigor Jul 14, 2021
1f3650d
KEYCLOAK-18815 Update MapKeycloakTransaction return types to match Ma…
hmlnarik Jul 16, 2021
61fcbb3
KEYCLOAK-18830 FAPI-CIBA-ID1 conformance test : HolderOfKeyEnforcerEx…
tnorimat Jul 20, 2021
8df36fb
KEYCLOAK-18828 FAPI-CIBA-ID1 conformance test : Additional checks of …
tnorimat Jul 21, 2021
2c019c9
KEYCLOAK-18832 FAPI-CIBA-ID1 conformance test : need to return 401 er…
tnorimat Jul 21, 2021
d29d945
[KEYCLOAK-18857] - Do not force default to RS256 when verifying token…
pedroigor Jul 20, 2021
843bbf1
KEYCLOAK-18852 Prevent NPE in case of missing truststore
Robbilie Jul 19, 2021
3993b73
KEYCLOAK-18865 CIBATests failing for auth-server-remote
mposolda Jul 21, 2021
44cd6cd
KEYCLOAK-18824 Simplify MapStorageTransaction and move registerEntity…
hmlnarik Jul 17, 2021
23e3bc5
KEYCLOAK-18466 Configure HTTP client timeouts for adapters
mabartos Jun 14, 2021
464475c
[KEYCLOAK-17872] Add missing HTTPClient properties
ruromero Apr 26, 2021
06077dc
KEYCLOAK-18466 Configure HTTP client timeouts for adapters - change p…
mabartos Jul 20, 2021
b4c940f
[KEYCLOAK-18860] - Return attributes defined in user profile from use…
pedroigor Jul 20, 2021
1ea0232
KEYCLOAK-16534 -> New quickstarts scripts folder.
lhanusov Jun 28, 2021
f307c56
KEYCLOAK-18812 UserProfile metadata in Account REST API
velias Jul 16, 2021
fff27f8
KEYCLOAK-18812 fixing Account REST API tests under User Profile enabled
velias Jul 22, 2021
8260c3c
[KEYCLOAK-18860] - Fixing attributes returned from user api
pedroigor Jul 22, 2021
6bd7420
KEYCLOAK-17290 SAML Client - Generate AttributeConsumingService SP me…
lscorcia Jul 1, 2021
84e19f1
KEYCLOAK-18833 FAPI-CIBA-ID1 : need to only accept confidential clien…
tnorimat Jul 22, 2021
6b9040d
KEYCLOAK-18876 Fix intermittent LoginTest failures
hmlnarik Jul 22, 2021
036239a
KEYCLOAK-18643 Generic Javascript failure in server and adapters test…
mabartos Jul 20, 2021
6436716
KEYCLOAK-18834 Client Policies : ClientScopesCondition needs to be ev…
tnorimat Jul 22, 2021
579302f
[KEYCLOAK-18878] Register the subsystem parser for older versions of …
sguilhen Jul 22, 2021
9dff21d
KEYCLOAK-18552
ioemat Jun 29, 2021
9018fe9
KEYCLOAK-18863 Global client profile for FAPI CIBA
tnorimat Jul 22, 2021
07402d9
KEYCLOAK-18845 Remove key type in map storage (move StringKeyConverto…
hmlnarik Jul 19, 2021
8889122
KEYCLOAK-18845 Remove key type in map storage (simplify generics)
hmlnarik Jul 19, 2021
2418e31
KEYCLOAK-18685 Style in RH-SSO login screen is broken
mabartos Jul 9, 2021
643b3c4
KEYCLOAK-18594 CIBA Ping Mode
mposolda Jul 22, 2021
c6e7c06
KEYCLOAK-18695 Support user lookup by ID with Novell eDirectory
sventorben Jul 8, 2021
1b989d6
KEYCLOAK-18893 Adapters tests for EAP6 are failing
mabartos Jul 26, 2021
ce80a3b
KEYCLOAK-18901 Test for update clientNotificationEndpoint to 'http' U…
mposolda Jul 27, 2021
4520cbd
KEYCLOAK-18904 Support cert-bound tokens when doing client credential…
mposolda Jul 27, 2021
aee2ccf
KEYCLOAK-17502 Galleon Adapter Pack dependencies adjust to EAP 7.4.0.
pskopek Jun 22, 2021
052606f
KEYCLOAK-17502 Galleon Server Pack dependencies adjust to EAP 7.4.0
pskopek Jun 22, 2021
0815ee5
7.5.0.DR1 Align versions for productization
drichtarik May 25, 2021
ac92e60
KEYCLOAK-17502 fix productization issue with two formats of packaged …
pskopek Jul 21, 2021
acb2ac1
KEYCLOAK-18875 UI for managing group of attributes
ioemat Jul 7, 2021
ef72343
[KEYCLOAK-18882] - User Profile still tech preview
pedroigor Jul 26, 2021
e58eeca
KEYCLOAK-18706 Add UPDATE_PASSWORD required action only to authentica…
mposolda Jul 21, 2021
05dfed7
KEYCLOAK-18636 The mtls_endpoint_aliases claim is not advertized in t…
mposolda Jul 28, 2021
7efc3e8
[KEYCLOAK-18875] - Minor improvements to attribute group UI
pedroigor Jul 28, 2021
9b0e1ff
KEYCLOAK-18903 More customizable OIDC WellKnown provider
mposolda Jul 28, 2021
4dacbb9
KEYCLOAK-16996 User not able to revoke his offline token for directGr…
mposolda Feb 10, 2021
32f2f09
KEYCLOAK-7724 User Profile default validations
velias Jul 19, 2021
ff70e2e
[KEYCLOAK-18916] - Do not consider empty values when checking read-on…
pedroigor Jul 28, 2021
9e676fc
[KEYCLOAK-18559] Fix SAML adapters so they allow unescaped characters…
sguilhen Jun 28, 2021
5688891
KEYCLOAK-18691 CIBATest.testTokenRequestAfterIntervalButNotYetAuthent…
mabartos Jul 28, 2021
e44a7af
KEYCLOAK-18913 Update messages_cs.properties
McLaynV Jun 14, 2021
a412bb7
[KEYCLOAK-18417] Skip SAML 2.0 AttributeValue with user-defined xsi t…
Jun 10, 2021
0cdce13
KEYCLOAK-18680 Always close result stream
hmlnarik Jul 29, 2021
afb0b16
[KEYCLOAK-18922] - Ignore empty values for internal attributes not se…
pedroigor Jul 29, 2021
3ed20e2
KEYCLOAK-18597 Product distribution ZIP does not include rh-sso-7.5 f…
pskopek Jul 29, 2021
262ec3d
Set version to 16.0.0-SNAPSHOT
keycloak-bot Jul 30, 2021
f265d1d
KEYCLOAK-18933
Jul 30, 2021
443bd4a
KEYCLOAK-15595: update keycloak js for KEYCLOAK-15595
sanket-bhalerao Jul 30, 2021
4e8e459
[KEYCLOAK-18419] Support SAML 2.0 Encrypted IDs in Assertion
Jul 30, 2021
1ad34c6
[KEYCLOAK-18498] French i18n contains wrong param
Jun 18, 2021
b4536a3
Missing null check for session.userCache() added
cturkalj Jun 18, 2021
65480cb
Prevent security flaw using passwordless authentication
fritterhoff Jun 12, 2021
a0b01b6
KEYCLOAK-16703 The username returned by token introspect endpoint is …
ch219318 Aug 1, 2021
d8cb279
KEYCLOAK-17693 add config for loading custom IdMapper class
Yang-Xie-OSS Apr 7, 2020
b1d39aa
KEYCLOAK-18949 DirectGrant login should fail if authenticationSession…
mposolda Aug 3, 2021
bd55694
fix README.md of quarkus
y-tabata Jun 8, 2021
17da3ee
KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
thomasdarimont Jun 8, 2021
565251d
KEYCLOAK-18380 Fix Groups search by name returns unwanted groups, cle…
Jun 9, 2021
5d9d749
KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
Jun 9, 2021
2acb43a
KEYCLOAK-18617 Fix index on client attributes
hmlnarik Aug 3, 2021
3c19fae
KEYCLOAK-18964 MetricsRestServiceTest contains wrong health check mes…
mabartos Aug 4, 2021
b31b60f
KEYCLOAK-18341 Support JWKS OAuth2 Client Metadata in the "by value" …
y-tabata Jun 3, 2021
624a9a3
KEYCLOAK-18509 Fix permission error when deleting client
simenheg Aug 3, 2021
c49c7d0
KEYCLOAK-18970 Update licenses for Keycloak 15 and RH-SSO 7.5.0
drichtarik Jul 30, 2021
b42f765
KEYCLOAK-18982 Token OIDC introspection endpoint should not update an…
martin-kanis Aug 5, 2021
6886bd6
KEYCLOAK-18941 ExecutionException when computed future - InfinispanCa…
martin-kanis Aug 3, 2021
62f2222
KEYCLOAK-18491 - Fixing the distribution/server-dist build problem
Jul 5, 2021
269b661
KEYCLOAK-16633 Prevent deletion of internal clients.
artur-baltabayev Mar 26, 2021
afa6e31
[KEYCLOAK-19006] User Profile: Patched handling of the "whitespace-only"
velias Aug 9, 2021
3e0f8ae
KEYCLOAK-19038 Reload user after being updated
mposolda Aug 16, 2021
9e9e716
Create snyk.yml
Aug 17, 2021
5ff6ff5
[KEYCLOAK-18535] KeycloakSanitizerMethod causes java.lang.IndexOutOfB…
rmartinc Aug 6, 2021
6431afe
KEYCLOAK-18974 BitbucketIdentityProvider IdentityBrokerException message
wuwx Jul 24, 2021
f16eb4d
KEYCLOAK-18954 Refactor user consent list retrieval to avoid Concurre…
thomasdarimont Aug 3, 2021
a7fd1bc
KEYCLOAK-18954 Add test for user consent retrieval with offline acces…
thomasdarimont Aug 16, 2021
418d1e3
KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD w…
mposolda Aug 17, 2021
f9b4e47
KEYCLOAK-19036 Avoid infinite loop during LDAP sync with OpenLDAP and…
thomasdarimont Aug 11, 2021
ba946b5
KEYCLOAK-19021
bohmber Aug 10, 2021
18cef60
KEYCLOAK-19037 Problems with validation of Email field that contains …
mabartos Aug 18, 2021
5fe675b
KEYCLOAK-18841 prevent deletion of default role using RoleContainerRe…
vramik Aug 18, 2021
c8bee9f
[KEYCLOAK-19130] Remove snyk workflow from the Keycloak repository
Aug 26, 2021
e217e9a
KEYCLOAK-18818 Add CORS preflight handler to token revocation endpoint
thomasdarimont Aug 22, 2021
1c27523
KEYCLOAK-19155: Add a .gitleaks.toml
bplaxco Aug 31, 2021
5898f9c
KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock …
thomasdarimont Aug 22, 2021
af892d4
KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock …
thomasdarimont Aug 22, 2021
fd2787a
KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock …
thomasdarimont Aug 24, 2021
7c243c8
KEYCLOAK-18590 Save Button Enabled For Empty Attributes
mabartos Aug 19, 2021
e1a4f7f
KEYCLOAK-19147 Update Test development section for PRs
mabartos Aug 31, 2021
d216f8f
KEYCLOAK-19104 Add custom ForeignKeySnapshotGenerator
vramik Aug 30, 2021
a25a0d5
KEYCLOAK-19159 KcSamlEncryptedIdTest failure for undertow
mabartos Sep 1, 2021
c7f8544
KEYCLOAK-18454 Reset password : wrong email instructions when duplica…
olivierboudet Jun 14, 2021
0c64d32
KEYCLOAK-19183
bohmber Sep 3, 2021
4518b3d
KEYCLOAK-19143 Split note for broker and SP SAML request ID
hmlnarik Sep 2, 2021
5c3df54
KEYCLOAK-17812 extend building.md to prevent build errors
DGuhr Sep 6, 2021
47484c1
KEYCLOAK-18842: deleteExpiredClientSessions very slow on MariaDB
rmartinc Sep 1, 2021
aa01829
[KEYCLOAK-17866] - Upgrade to Quarkus v2
pedroigor Aug 4, 2021
655d66b
KEYCLOAK-19077 fix login for admin console based scenarios (PKCE is r…
benjamin37 Aug 19, 2021
a6cd80c
KEYCLOAK-16076 added new warining when cookies are disabled -with new…
DaSmoo Sep 13, 2021
af83542
KEYCLOAK-16462 X509 Auth: add option to revalidate certificate trust
lscorcia Sep 13, 2021
8ffd53e
KEYCLOAK-18705 add twitter4j dependency to fix twitter social login i…
DGuhr Sep 7, 2021
67e3df6
KEYCLOAK-18740 Admin events trigger transaction rollback if exception…
artur-baltabayev Jun 15, 2021
6d0708d
KEYCLOAK-17368 Show forwarded errors when a default remote IdP is con…
lscorcia Sep 14, 2021
11e5f66
KEYCLOAK-19056 EDIT MODE field should not be leave empty (#8380)
mposolda Sep 14, 2021
6b9e25e
KEYCLOAK-19292 Add missing metadata to fix quarkus dev ui rendering
thomasdarimont Sep 13, 2021
4fe7d6d
KEYCLOAK-17110
bohmber Sep 14, 2021
2be5f52
KEYCLOAK-18700 - consistently record User profile attribute changes in
velias Aug 23, 2021
24811f1
KEYCLOAK-19288 Update Czech translation of login messages
McLaynV Sep 13, 2021
93e229e
KEYCLOAK-18512: Integrate New Admin Console into Keycloak build (#8366)
ssilvert Sep 15, 2021
daf39e2
KEYCLOAK-19281 Added missing closing div tag in login-username templa…
jeswinsimon Sep 15, 2021
b5d477c
[KEYCLOAK-18556] Check for federated credentials when resolving authe…
999eagle Jul 12, 2021
78d3e2e
KEYCLOAK-19300 Update Czech translation of email messages
McLaynV Sep 14, 2021
4090114
KEYCLOAK-16246 Revert changes from workaround made in KEYCLOAK-16244 …
DGuhr Sep 16, 2021
934d1e3
Update MAINTAINERS.md
stianst Sep 17, 2021
6ec4f45
[KEYCLOAK-19321] Remove the remaining Travis files
Sep 15, 2021
6d036a4
KEYCLOAK-13770 Already working Tests after upgrade to Quarkus2
DGuhr Sep 17, 2021
07dc841
KEYCLOAK-19336. Temporarily set version for keycloak-admin-ui artifact.
miquelsi Sep 17, 2021
12b8c0c
Temporary fix to set keycloak-admin-ui version
stianst Sep 17, 2021
c9809f0
KEYCLOAK-18873 href attribute of a "Unable to scan?" tag is wrong in …
ch219318 Aug 6, 2021
b4fe7bb
KEYCLOAK-19344 Add CORS to Device Authorization Request
JessThrysoee Sep 17, 2021
375e478
KEYCLOAK-18558 Client Policy - Endpoint : support Device Authorizatio…
tnorimat Jul 4, 2021
28e220f
KEYCLOAK-18497 - Support different input types in built-in dynamic forms
velias Aug 11, 2021
d562bea
KEYCLOAK-19246 Always use locale en-US when executing unit tests
Sep 7, 2021
2c22ccb
KEYCLOAK-19286 Use client storage provider id to construct client Sto…
lgraf Sep 13, 2021
ac9e1f7
KEYCLOAK-13701 Fix Corrupted STDOUT warning
DGuhr Sep 16, 2021
8f09d34
KEYCLOAK-18288 (#8096)
laskasn Sep 20, 2021
3392245
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role …
danielFesenmeyer Apr 22, 2021
10e4253
[KEYCLOAK-19274] - Avoid loading queries from properties at runtime f…
pedroigor Sep 15, 2021
271033c
[KEYCLOAK-19102] Replace usages of deprecated setAllowNull(boolean) c…
sguilhen Sep 21, 2021
7c0d101
KEYCLOAK-18981 Infinispan: prevent fetching all sessions from remotes
sventorben Sep 24, 2021
69a146d
KEYCLOAK-18128 Keycloak cannot fetch group claims from openshift
vmuzikar Aug 20, 2021
6e8cd32
[KEYCLOAK-19380] - Import not running once schema is inited and requi…
pedroigor Sep 23, 2021
20b91c7
KEYCLOAK-13770 Fix Quarkus ScriptDeploymentTests, Hostnametests and …
DGuhr Sep 17, 2021
9f79476
KEYCLOAK-19403 Fix issues in IntelliJ
stianst Sep 27, 2021
8b262e3
Rewrite camel-undertow to stick with 1.7
stianst Sep 27, 2021
b04236f
Fix saml-core issues without changing Java version
stianst Sep 27, 2021
12c7bc7
KEYCLOAK-19410 Compile issues in IntelliJ due to imports of sun packages
stianst Sep 28, 2021
82964f7
KEYCLOAK-13770 Working FixedHostnameTest for Quarkus
DGuhr Sep 28, 2021
eedccfd
KEYCLOAK-19373 Update quarkus version to 2.2.3.Final
thomasdarimont Sep 23, 2021
15b3af7
KEYCLOAK-19373 Align dependencies with Quarkus 2.2.3
thomasdarimont Sep 28, 2021
36706c7
[KEYCLOAK-19306] - Automatic re-augmentation
pedroigor Sep 21, 2021
d606da9
KEYCLOAK-18981 Infinispan: prevent fetching all sessions from remotes
martin-kanis Sep 29, 2021
f471a11
KEYCLOAK-19408 Better client secrets
stianst Sep 28, 2021
2da0fb7
KEYCLOAK-13760 Document allowed action values for execute-actions-email
thomasdarimont May 23, 2020
ff07c48
[KEYCLOAK-14378] Allow customization of debug settings for clustered …
douglaspalmer Jun 3, 2020
d92bb7d
fix typos in sv login messages
victorhaggqvist Dec 30, 2020
0a2f8f5
KEYCLOAK-17887 fix endpoint for creating or updating realm localizati…
danielFesenmeyer Apr 27, 2021
da88616
[KEYCLOAK-19427] - Upgrade to Quarkus 2.3.0.Final
pedroigor Sep 30, 2021
9838a47
KEYCLOAK-16520 X509 Auth: Add option to verify certificate policy
lscorcia Dec 2, 2020
9e6d639
KEYCLOAK-11364 Revise Service Account roles page (#7098)
thomasdarimont Sep 30, 2021
b0e5c38
KEYCLOAK-19430 Revert deletion of RandomString
stianst Sep 30, 2021
43a3c67
KEYCLOAK-16456 X509 Auth: add option for OCSP fail-open behavior
lscorcia Nov 25, 2020
0210aca
[KEYCLOAK-19424] - Rename the config command to build
pedroigor Sep 30, 2021
64717f6
KEYCLOAK-15167 Retrieve email from Twitter IdP
NathanStrobbe Oct 28, 2020
da0c945
KEYCLOAK-18940 Add support for searching composite roles
mhajas Aug 10, 2021
8cf35c9
KEYCLOAK-13770 - Working DefaultThemeManagerTest
DGuhr Sep 30, 2021
9094740
KEYCLOAK-16380 Make IdP display name available to idp link email subj…
seth-xdam Oct 4, 2021
b2fd05f
Switch to GitHub Discussions are main source for design discussions (…
stianst Oct 4, 2021
4e6e125
[KEYCLOAK-19426] - Support for auto-build when starting the server
pedroigor Oct 1, 2021
e5b05d0
KEYCLOAK-18551 Fixed the adapter to use dynamic openid-configuration …
Jun 25, 2021
021245a
KEYCLOAK-19463 fix PasswordPolicyTest for Quarkus
DGuhr Oct 4, 2021
24a6b77
KEYCLOAK-19425 Allow comma separated args-list in CLI
DGuhr Oct 4, 2021
01a0e11
KEYCLOAK-19392 pass infinispan javaVmArguments via JAVA_OPTS instead …
tkyjovsk Oct 4, 2021
12157bb
KEYCLOAK-19467 Add noopener/noreferrer to links
stianst Oct 5, 2021
24f2704
KEYCLOAK-19469 Cleanup old examples
stianst Oct 5, 2021
cd7a22c
KEYCLOAK-19476: Unignore LoginTest.loginWithLongRedirectUri by adding…
DGuhr Oct 5, 2021
30b3cae
KEYCLOAK-18445 Add support for cross-site model tests
martin-kanis Jun 26, 2021
12d4837
KEYCLOAK-19484_BasicSamlTest
DGuhr Oct 6, 2021
3abf928
KEYCLOAK-19374 Create implementation based on annotation processor
hmlnarik Sep 21, 2021
97ee883
KEYCLOAK-19079 Add special case for kubeadmin without uid and OCP4
DGuhr Sep 13, 2021
891c8e1
[KEYCLOAK-17653] - OIDC Frontchannel logout support
rhyamada Oct 6, 2021
26a2bba
[KEYCLOAK-19309] - Refactoring code to make easier to support additio…
pedroigor Oct 6, 2021
6e59130
KEYCLOAK-19481 Make Id and RealmId mutable fields
mhajas Oct 8, 2021
00feef4
KEYCLOAK-19496 Unignore ArtifactBindingCustomResolverTest and make Se…
DGuhr Oct 7, 2021
576292a
KEYCLOAK-19480 Introduce MapProtocolMapperEntity
hmlnarik Oct 4, 2021
395cd79
KEYCLOAK-19521 Fix resourcetag after restart in Keycloak.X
DGuhr Oct 11, 2021
ce00705
KEYCLOAK-19457 Unignore JsonFileImportTests now that KEYCLOAK-19521 i…
DGuhr Oct 11, 2021
5b0986e
[KEYCLOAK-18891] Add support for searching users by custom user attri…
bartmentech Jul 29, 2021
675e1b0
KEYCLOAK-19505 Generate map entity delegates
hmlnarik Oct 7, 2021
a4f83c5
KEYCLOAK-19510 Nested JWT JOSE header needs to set JWT to cty field
tnorimat Oct 8, 2021
dacf28a
KEYCLOAK-19536 Removal of client creates new instance of provider for…
vramik Oct 12, 2021
d069ec7
KEYCLOAK-18737 Show sessions functionality does not work consistently
martin-kanis Oct 12, 2021
8f39400
KEYCLOAK-19461 Add dependency for openshift restclient to quarkus dis…
DGuhr Oct 12, 2021
cdfe29d
[KEYCLOAK-19309] - Initial support for auto-complete
pedroigor Oct 13, 2021
f9fdee0
KEYCLOAK-16426 add attributes to keycloak.d.ts
maito1201 Oct 15, 2020
bf01ae0
KEYCLOAK-16426 adapt signature to official spec
maito1201 Oct 2, 2021
5d560c1
KEYCLOAK-16426 add optional field to token parsed
maito1201 Oct 8, 2021
fa1544a
[KEYCLOAK-19309] - Minor fixes and improvements
pedroigor Oct 13, 2021
82e4f9a
[KEYCLOAK-19459] - Supporting options with spaces
pedroigor Oct 14, 2021
27e74c4
[KEYCLOAK-19459] - Enabling ClientSearchTest to Dist.X
pedroigor Oct 14, 2021
c5432e7
KEYCLOAK-19557 Misleading label for client parameter 'Pushed Authoriz…
mposolda Oct 14, 2021
acd00a4
KEYCLOAK-19556 Avoid auto-creating invalid redirect URL for FAPI clients
mposolda Oct 15, 2021
982f0f9
[KEYCLOAK-19559] - Support for custom JPA model
pedroigor Oct 14, 2021
b1bcd5d
KEYCLOAK-12754 Honor nested composite roles when creating roles via R…
thomasdarimont Oct 15, 2021
a3b2370
KEYCLOAK-19553 Fix Resteasy Bug in Authenticators for Keycloak.X
DGuhr Oct 14, 2021
7010017
KEYCLOAK-19555 Improvements in ConsentRequiredExecutor of client poli…
mposolda Oct 15, 2021
7d0af85
KEYCLOAK-19080 Simplify the RHSSO setup in an OpenShift Disconnected …
vmuzikar Oct 18, 2021
73f0474
[KEYCLOAK-19422] ClassLoaderTheme and ClasspathThemeResourceProviderF…
douglaspalmer Oct 14, 2021
8ee992e
KEYCLOAK-19482 Generate map entity cloners
hmlnarik Oct 7, 2021
c45a6fd
KEYCLOAK-19547 Switch arquillian quarkus container to use autobuild t…
DGuhr Oct 18, 2021
7b135c4
KEYCLOAK-19461 Unignore OpenShiftTokenReviewEndpointTest
DGuhr Oct 14, 2021
ecb1bfa
Update MAINTAINERS.md
stianst Oct 18, 2021
b4c837f
[KEYCLOAK-19564] - Avoid split packages in Dist.X
pedroigor Oct 15, 2021
c392538
KEYCLOAK-19575: Different user authenticated results in server error …
alechenninger Oct 18, 2021
01b9222
[feature/KEYCLOAK-15976]: KEYCLOAK-15976 Latvian language support
OskarsPakers Oct 16, 2020
65ec15e
Convert utf8 code to symbols
OskarsPakers Oct 10, 2021
9857a04
KEYCLOAK-16107 Enable ScriptBasedOIDCProtocolMapper to return JSON ob…
thomasdarimont Oct 29, 2020
0235540
KEYCLOAK-19582 Quarkus update to 2.4.0.CR1
DGuhr Oct 19, 2021
8d1c3bb
KEYCLOAK-19076 Entrypoint of Keycloak Docker Image that's used in
benjamin37 Aug 19, 2021
e87952d
Fix logout-all enpoint return json format
namphn Oct 18, 2021
44ec565
KEYCLOAK-19522: update login messages_cs
McLaynV Oct 11, 2021
263161f
KEYCLOAK-19540 FAPI 2.0 Baseline : Reject Resource Owner Password Cre…
tnorimat Oct 14, 2021
953c936
Update GOVERNANCE.md
stianst Aug 26, 2021
808e0c8
Update GOVERNANCE.md
stianst Oct 6, 2021
cfbb7f5
KEYCLOAK-19593 Remove CRUD operations from MapStorage interface
mhajas Oct 21, 2021
a5c8c45
KEYCLOAK-19388 correct AttributeConsumingService bug in SAML SP metadata
cgeorgilakis Sep 23, 2021
d6ae76d
KEYCLOAK-19599 Update Quarkus to 2.4.0.Final
DGuhr Oct 21, 2021
53f02a5
KEYCLOAK-19562 Introduce generic trees
hmlnarik Oct 15, 2021
0d62c6d
KEYCLOAK-19565 Client Policies : Wrong SecureLogoutExecutor's provide…
tnorimat Oct 16, 2021
36f7139
Add new personal access token for installing new Admin UI
jonkoops Oct 26, 2021
af97849
KEYCLOAK-19030 Implement HotRodConnectionProvider
martin-kanis Jun 26, 2021
5628370
KEYCLOAK-19307 provide hints in CLI
DGuhr Oct 26, 2021
afc5cb4
KEYCLOAK-19617 Simplify creation of custom user profiles
ioemat Sep 29, 2021
b0b4d01
[KEYCLOAK-19681] Remove unused package-lock.json file in the main rep…
Oct 27, 2021
877ae96
KEYCLOAK-18854 Introduce storage-independent ModelCriteriaBuilder
hmlnarik Oct 25, 2021
340973b
KEYCLOAK-19333 Cannot override modules for Infinispan subsystem in di…
mabartos Sep 24, 2021
9dfcaf0
[KEYCLOAK-19687] - Moving cluster config parsing to build time
pedroigor Oct 28, 2021
bfce612
KEYCLOAK-18338 Fix update user account with configured SSSD
mabartos Oct 26, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
KEYCLOAK-18830 FAPI-CIBA-ID1 conformance test : HolderOfKeyEnforcerEx…
…ecutor needs to be executed on CIBA token request
  • Loading branch information
tnorimat authored and mposolda committed Jul 21, 2021
commit 61fcbb307b94902f7314c2d8e2237fc0c39a9cfc
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,13 @@ public Response cibaGrant() {
throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_GRANT, "Invalid Auth Req ID", Response.Status.BAD_REQUEST);
}

try {
session.clientPolicy().triggerOnEvent(new BackchannelTokenRequestContext(request, formParams));
} catch (ClientPolicyException cpe) {
event.error(cpe.getError());
throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_GRANT, cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
}

OAuth2DeviceTokenStoreProvider store = session.getProvider(OAuth2DeviceTokenStoreProvider.class);
OAuth2DeviceCodeModel deviceCode = store.getByDeviceCode(realm, request.getId());

Expand Down Expand Up @@ -192,13 +199,6 @@ public Response cibaGrant() {

store.removeDeviceCode(realm, request.getId());

try {
session.clientPolicy().triggerOnEvent(new BackchannelTokenRequestContext(request, formParams));
} catch (ClientPolicyException cpe) {
event.error(cpe.getError());
throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_GRANT, cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
}

// Compute client scopes again from scope parameter. Check if user still has them granted
// (but in code-to-token request, it could just theoretically happen that they are not available)
String scopeParam = request.getScope();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ public void executeOnEvent(ClientPolicyContext context) throws ClientPolicyExcep
validate(clientUpdateContext.getProposedClientRepresentation());
break;
case TOKEN_REQUEST:
case BACKCHANNEL_TOKEN_REQUEST:
AccessToken.CertConf certConf = MtlsHoKTokenUtil.bindTokenWithClientCertificate(request, session);
if (certConf == null) {
throw new ClientPolicyException(OAuthErrorException.INVALID_REQUEST, "Client Certification missing for MTLS HoK Token Binding");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -777,25 +777,29 @@ public AccessTokenResponse doBackchannelAuthenticationTokenRequest(String client

public AccessTokenResponse doBackchannelAuthenticationTokenRequest(String clientId, String clientSecret, String authReqId) throws Exception {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
HttpPost post = new HttpPost(getBackchannelAuthenticationTokenRequestUrl());
return doBackchannelAuthenticationTokenRequest(clientId, clientSecret, authReqId, client);
}
}

String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
post.setHeader("Authorization", authorization);
public AccessTokenResponse doBackchannelAuthenticationTokenRequest(String clientId, String clientSecret, String authReqId, CloseableHttpClient client) throws Exception {
HttpPost post = new HttpPost(getBackchannelAuthenticationTokenRequestUrl());

List<NameValuePair> parameters = new LinkedList<>();
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CIBA_GRANT_TYPE));
parameters.add(new BasicNameValuePair(AUTH_REQ_ID, authReqId));
String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
post.setHeader("Authorization", authorization);

UrlEncodedFormEntity formEntity;
try {
formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
post.setEntity(formEntity);
List<NameValuePair> parameters = new LinkedList<>();
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CIBA_GRANT_TYPE));
parameters.add(new BasicNameValuePair(AUTH_REQ_ID, authReqId));

return new AccessTokenResponse(client.execute(post));
UrlEncodedFormEntity formEntity;
try {
formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
post.setEntity(formEntity);

return new AccessTokenResponse(client.execute(post));
}

// KEYCLOAK-6771 Certificate Bound Token
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import javax.ws.rs.core.Response.Status;

import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.impl.client.CloseableHttpClient;

import static org.hamcrest.Matchers.notNullValue;
import static org.junit.Assert.assertEquals;
Expand Down Expand Up @@ -52,6 +53,7 @@

import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
Expand Down Expand Up @@ -91,6 +93,8 @@
import org.keycloak.services.clientpolicy.condition.AnyClientConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory;
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls;
Expand All @@ -101,9 +105,12 @@
import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
import org.keycloak.testsuite.util.KeycloakModelUtils;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.MutualTLSUtils;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.ClientPoliciesUtil;
import org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder;
import org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder;
import org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder;
Expand Down Expand Up @@ -1663,6 +1670,94 @@ public void testSecureCibaAuthenticationRequestSigningAlgorithmEnforceExecutor()
assertEquals(org.keycloak.crypto.Algorithm.ES256, cAppDynamicClient2Rep.getBackchannelAuthenticationRequestSigningAlg());
}

@Test
public void testHolderOfKeyEnforceExecutor() throws Exception {
Assume.assumeTrue("This test must be executed with enabled TLS.", ServerURLs.AUTH_SERVER_SSL_REQUIRED);

// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Az Elso Profil")
.addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID,
ClientPoliciesUtil.createHolderOfKeyEnforceExecutorConfig(Boolean.FALSE))
.addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID,
ClientPoliciesUtil.createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE))
.toRepresentation()
).toString();
updateProfiles(json);

// register policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Az Elso Politika", Boolean.TRUE)
.addCondition(AnyClientConditionFactory.PROVIDER_ID,
createAnyClientConditionConfig())
.addProfile(PROFILE_NAME)
.toRepresentation()
).toString();
updatePolicies(json);

ClientResource clientResource = null;
ClientRepresentation clientRep = null;

try {
String username = "nutzername-rot";
String bindingMessage = "ThisIsBindingMessage";
Map<String, String> additionalParameters = new HashMap<>();
additionalParameters.put("user_device", "mobile");

// prepare CIBA settings
clientResource = ApiUtil.findClientByClientId(adminClient.realm(TEST_REALM_NAME), TEST_CLIENT_NAME);
clientRep = clientResource.toRepresentation();
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseMtlsHoKToken(true);
clientResource.update(clientRep);
prepareCIBASettings(clientResource, clientRep);

// user Backchannel Authentication Request
AuthenticationRequestAcknowledgement response = doBackchannelAuthenticationRequest(TEST_CLIENT_NAME, TEST_CLIENT_PASSWORD, username, bindingMessage, additionalParameters);

// user Authentication Channel Request
TestAuthenticationChannelRequest testRequest = doAuthenticationChannelRequest(bindingMessage);
AuthenticationChannelRequest authenticationChannelReq = testRequest.getRequest();
assertThat(authenticationChannelReq.getBindingMessage(), is(equalTo(bindingMessage)));
assertThat(authenticationChannelReq.getScope(), is(containsString(OAuth2Constants.SCOPE_OPENID)));
assertThat(authenticationChannelReq.getAdditionalParameters().get("user_device"), is(equalTo("mobile")));

// user Authentication Channel completed
doAuthenticationChannelCallback(testRequest);

// Token Request without MTLS
OAuthClient.AccessTokenResponse tokenRes = oauth.doBackchannelAuthenticationTokenRequest(TEST_CLIENT_NAME, TEST_CLIENT_PASSWORD, response.getAuthReqId());
assertThat(tokenRes.getStatusCode(), is(equalTo(400)));
assertThat(tokenRes.getError(), is(equalTo(OAuthErrorException.INVALID_GRANT)));
assertThat(tokenRes.getErrorDescription(), is(equalTo("Client Certification missing for MTLS HoK Token Binding")));
events.expect(EventType.AUTHREQID_TO_TOKEN_ERROR).clearDetails().user((String)null).client(TEST_CLIENT_NAME).error(OAuthErrorException.INVALID_REQUEST).assertEvent();

// Check token obtaining.
OAuthClient.AccessTokenResponse accessTokenResponse;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
accessTokenResponse = doBackchannelAuthenticationTokenRequest(TEST_CLIENT_NAME, TEST_CLIENT_PASSWORD, username, response.getAuthReqId(), client);
AccessToken accessToken = oauth.verifyToken(accessTokenResponse.getAccessToken(), AccessToken.class);
assertThat(accessTokenResponse.getStatusCode(), is(equalTo(200)));
assertThat(accessToken.getCertConf().getCertThumbprint(), notNullValue());
}

// Check logout.
CloseableHttpResponse logoutResponse;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken(), TEST_CLIENT_SECRET, client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
} finally {
updatePolicies("{}");
clientResource = ApiUtil.findClientByClientId(adminClient.realm(TEST_REALM_NAME), TEST_CLIENT_NAME);
clientRep = clientResource.toRepresentation();
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseMtlsHoKToken(false);
clientResource.update(clientRep);
revertCIBASettings(clientResource, clientRep);
}
}

private void testBackchannelAuthenticationFlowNotRegisterSigAlgInAdvanceWithSignedAuthentication(String clientName, boolean useRequestUri, String requestedSigAlg, String sigAlg, int statusCode, String errorDescription) throws Exception {
String clientId = createClientDynamically(clientName, (OIDCClientRepresentation clientRep) -> {
List<String> grantTypes = Optional.ofNullable(clientRep.getGrantTypes()).orElse(new ArrayList<>());
Expand Down Expand Up @@ -1971,6 +2066,17 @@ private OAuthClient.AccessTokenResponse doBackchannelAuthenticationTokenRequest(

private OAuthClient.AccessTokenResponse doBackchannelAuthenticationTokenRequest(String clientId, String clientSecret, String username, String authReqId) throws Exception {
OAuthClient.AccessTokenResponse tokenRes = oauth.doBackchannelAuthenticationTokenRequest(clientId, clientSecret, authReqId);
verifyBackchannelAuthenticationTokenRequest(tokenRes, clientId, username);
return tokenRes;
}

private OAuthClient.AccessTokenResponse doBackchannelAuthenticationTokenRequest(String clientId, String clientSecret, String username, String authReqId, CloseableHttpClient httpClient) throws Exception {
OAuthClient.AccessTokenResponse tokenRes = oauth.doBackchannelAuthenticationTokenRequest(clientId, clientSecret, authReqId, httpClient);
verifyBackchannelAuthenticationTokenRequest(tokenRes, clientId, username);
return tokenRes;
}

private void verifyBackchannelAuthenticationTokenRequest(OAuthClient.AccessTokenResponse tokenRes, String clientId, String username) {
assertThat(tokenRes.getStatusCode(), is(equalTo(200)));
EventRepresentation event = events.expectAuthReqIdToToken(null, null).clearDetails().user(AssertEvents.isUUID()).client(clientId).assertEvent();

Expand All @@ -1985,8 +2091,6 @@ private OAuthClient.AccessTokenResponse doBackchannelAuthenticationTokenRequest(
assertThat(idToken.getPreferredUsername(), is(equalTo(username)));
assertThat(idToken.getIssuedFor(), is(equalTo(clientId)));
assertThat(idToken.getAudience()[0], is(equalTo(idToken.getIssuedFor())));

return tokenRes;
}

private String doIntrospectAccessTokenWithClientCredential(OAuthClient.AccessTokenResponse tokenRes, String username) throws IOException {
Expand Down