mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-04-29 19:52:41 -05:00
Code Issues Packages Projects Releases Wiki Activity
28,734 Commits 33 Branches 304 Tags
097fe4ab46d24fa85af0cd918e7907b7065e261f
Commit Graph

185 Commits

Author SHA1 Message Date
rmartinc e0bba39da0 Allow configure encryption details for SAML clients 
Closes #40933

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-18 20:13:40 +02:00
Anchels 1fe782997c added DCL pattern implementation for TransformerUtil 
Closes #40030

Signed-off-by: Anchels <mishtitov@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-05 19:39:11 +02:00
Anchels 856293b7cc Removed the Serializable interface 
Closes #40034

Signed-off-by: Anchels <mishtitov@gmail.com>
 2025-06-02 17:51:10 +02:00
Anchels 4fc065aadc Removed unnecessary boxing/unboxing 
Closes #39987

Signed-off-by: Anchels <mishtitov@gmail.com>
 2025-05-30 13:10:39 +02:00
rmartinc b4853de5c6 Display POST and REDIRECT bindings in the SPSSODescriptor for the SAML IDP provider 
Closes #39596

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-29 09:57:21 -03:00
Anchels d91688198c Removed dead local stores 
Closes #39698

Signed-off-by: Anchels <mishtitov@gmail.com>
 2025-05-27 09:09:13 +02:00
Thibault Morin 9c8e2b8d7f chore: update copyright year to 2025 in ArtifactResponseUtil and ArtifactResponseUtilTest 
Signed-off-by: tmorin <git@morin.io>
 2025-02-20 14:01:50 -03:00
Thibault Morin 23332d1383 fix: the assertion is stripped of its signature when it is manipulated during artifact binding resolution 
Signed-off-by: tmorin <git@morin.io>
 2025-02-20 14:01:50 -03:00
Thibault Morin 82f9421e0a fix: the assertion is stripped of its signature when it is manipulated during artifact binding resolution 
Signed-off-by: tmorin <git@morin.io>
 2025-02-20 14:01:50 -03:00
rmartinc 25953f2fbb Add option to sign the IdP metadata for SAML 
Closes #34132

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-01-15 11:50:26 +01:00
Stian Thorgersen c1c147cb17 Restrict access to environment variables when at the server runtime (#36472) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-15 09:36:19 +01:00
esagalara 42eec96f61 Add information to SAML parser exceptions 
Include namespaces and location of expected/found elements

Closes #29698

Signed-off-by: esagalara <erik.sagalara@gmail.com>
 2024-09-27 08:44:30 +02:00
Stian Thorgersen d778a8551a Use references to obtain the signed elements in a signature (#188) (#33190) 
Closes keycloak/keycloak-private#191
Closes #33116

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2024-09-23 13:51:46 +02:00
Giuseppe Graziano c2c74faec0 Removing BOM character from SAML entity descriptor 
Closes #30604

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-08-26 10:59:05 +02:00
Thibault Morin f6fa869b12 feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619) 
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP

Signed-off-by: tmorin <git@morin.io>

* Adding broker test and minor improvements

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing IdentityProviderTest

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Renaming methods related to idp initiated flows

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing partial_import_test.spec.ts

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-14 08:54:49 -03:00
Dimitri Papadopoulos Orfanos 64a145e960 Fix user-facing typos in error messages (#29326) 
Update resource file and tests accordingly

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
 2024-05-16 09:55:41 +02:00
Dimitri Papadopoulos Orfanos cd8e0fd333 Fix user-facing typos in Javadoc (#28971) 
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-06 18:57:55 +00:00
Konstantinos Georgilakis a40a953644 SAML element EncryptionMethod can consist any element 
closes #12585

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-04-09 14:15:56 +02:00
Marek Posolda 335a10fead Handle 'You are already logged in' for expired authentication sessions (#27793) 
closes #24112

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-04-04 10:41:03 +02:00
Alexander Schwartz 595959398b Instead of an InputStream that doesn't know about its encoding, use a String 
Closes #20916

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-07 10:24:36 +00:00
Ricardo Martin 2ba7a51da6 Escape action in the form_post response mode (#60) 
Closes keycloak/keycloak-private#31
Closes https://issues.redhat.com/browse/RHBK-652

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 18:10:41 -03:00
rmartinc 16afecd6b4 Allow automatic download of SAML certificates in the identity provider 
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 18:03:31 +01:00
rmartinc e17295d04a Allow duplicated keys in the HardcodedKeyLocator 
Closes https://github.com/keycloak/keycloak/issues/24961

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-27 19:29:57 -03:00
rmartinc f8a9e0134a Ensure that the EncryptedKey is passed to the DecryptionKeyLocator for SAML 
Closes https://github.com/keycloak/keycloak/issues/22974
 2023-09-20 15:09:18 +02:00
Thomas Darimont 82269f789a Avoid using deprecated junit APIs in tests 
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
 2023-08-01 11:44:25 +02:00
Martin Bartoš 7cff857238 Migrate packages from javax.* to jakarta.* 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
 2023-04-27 13:36:54 +02:00
rmartinc 04ac3a64ee Adding support for rsa-oaep for SAML encryption 
Closes https://github.com/keycloak/keycloak/issues/19689
 2023-04-26 10:46:10 +02:00
Daniel Kobras a45b5dcd90 Prefer cert over pubkey in SAML metadata 
If SAML key material was given as a certificate, consistently
expose the certificate rather than just the public key when
presenting SAML metadata info. This change ensures that the
client obtains sufficient information (eg. issuer) to close
the trust chain.

Closes: #17549

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
 2023-03-29 11:17:24 +02:00
rmartinc cab7e50410 Better handling for SAML signatures in POST and REDIRECT bindings 
Closes https://github.com/keycloak/keycloak/issues/17456
 2023-03-15 09:06:59 -03:00
lpa 3cd413dee1 SOAP backchannel logout for SAML protocol 
Closes #16293
 2023-02-27 14:24:12 +01:00
laskasn dc8b759c3d Use encryption keys rather than sig for crypto in SAML 
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
 2023-02-10 12:06:49 +01:00
Hynek Mlnarik 977cc473bb Fix linebreaks in XML / SAML signatures 
See https://bugs.openjdk.org/browse/JDK-8264194
See https://issues.apache.org/jira/browse/SANTUARIO-482

Fixes: #14529
 2023-01-23 15:39:10 +01:00
David Anderson a8db79a68c Introduce crypto module using Wildfly Elytron (#14415) 
Closes #12702
 2022-09-27 08:53:46 +02:00
Sebastian Knauer 21f700679f KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper 2022-08-03 13:07:12 +02:00
Marek Posolda 4e4fc16617 Skip adding xmlsec security provider. Adding KeycloakFipsSecurityProvider to workaround 'Security.getInstance("SHA1PRNG")' (#12786) 
Closes #12425 #12853
 2022-07-26 16:40:36 +02:00
Marek Posolda be1e31dc68 Introduce crypto/default module. Refactoring BouncyIntegration (#12692) 
Closes #12625
 2022-06-29 07:17:09 +02:00
Stian Thorgersen e49e8335e0 Refactor BouncyIntegration (#12244) 
Closes #12243
 2022-06-07 09:02:00 +02:00
Michal Hajas 01e16a569d Remove usage of BiFunction from keycloak-core module 
Closes #11091
 2022-04-04 15:52:09 +02:00
Francis PEROT 7555063ed9 Support 0/1 values for XML boolean attributes 
Closes #10802
 2022-03-31 09:36:35 +02:00
Kohei Tamura 05eb4b376d Update DefaultPicketLinkLogger.java 2022-03-24 10:28:49 +01:00
Kohei Tamura 2c94370e8e KEYCLOAK-19105 Fix to log the root cause of exception 
Please refer to: https://issues.redhat.com/browse/KEYCLOAK-19105
 2022-03-24 10:28:49 +01:00
Yoann Guion 3d470126de include AuthnContextDecl if present during SAML Assertion Serialization 
Closes #10743
 2022-03-16 12:12:35 +01:00
Hans-Christian Halfbrodt d9d77fe1f7 Fix for KEYCLOAK-18914 (#9355) 
Closed #9382 

Co-authored-by: Hans-Christian Halfbrodt <hc-github42@halfbrodt.org>
 2022-01-06 18:05:50 +01:00
Konstantinos Georgilakis 63c9845cb9 KEYCLOAK-18276 client content screen enhancement 2021-11-18 13:15:02 +01:00
stianst 12c7bc7350 KEYCLOAK-19410 Compile issues in IntelliJ due to imports of sun packages 2021-09-28 14:59:33 +02:00
stianst b04236f7de Fix saml-core issues without changing Java version 2021-09-28 08:11:39 +02:00
Sebastian Kanzow 4e8e4592ca [KEYCLOAK-18419] Support SAML 2.0 Encrypted IDs in Assertion 2021-08-03 11:55:36 +02:00
Sebastian Kanzow a412bb7b99 [KEYCLOAK-18417] Skip SAML 2.0 AttributeValue with user-defined xsi types 2021-07-30 08:48:25 +02:00
Luca Leonardo Scorcia 6bd7420907 KEYCLOAK-17290 SAML Client - Generate AttributeConsumingService SP metadata section 2021-07-22 21:53:16 +02:00
Martin Bartoš 23e3bc5f8f KEYCLOAK-18466 Configure HTTP client timeouts for adapters 2021-07-22 10:54:59 +02:00