keycloak-aplcache
Changes
broker/core/pom.xml 2(+1 -1)
broker/oidc/pom.xml 2(+1 -1)
broker/pom.xml 2(+1 -1)
broker/saml/pom.xml 2(+1 -1)
connections/file/pom.xml 2(+1 -1)
connections/http-client/pom.xml 2(+1 -1)
connections/infinispan/pom.xml 2(+1 -1)
connections/jpa/pom.xml 2(+1 -1)
connections/jpa-liquibase/pom.xml 2(+1 -1)
connections/mongo/pom.xml 2(+1 -1)
connections/mongo-update/pom.xml 2(+1 -1)
connections/pom.xml 2(+1 -1)
core/pom.xml 2(+1 -1)
core-jaxrs/pom.xml 2(+1 -1)
dependencies/pom.xml 2(+1 -1)
dependencies/server-all/pom.xml 2(+1 -1)
dependencies/server-min/pom.xml 2(+1 -1)
distribution/adapters/osgi/pom.xml 2(+1 -1)
distribution/adapters/pom.xml 2(+1 -1)
distribution/demo-dist/pom.xml 2(+1 -1)
distribution/docs-dist/assembly.xml 2(+1 -1)
distribution/docs-dist/pom.xml 2(+1 -1)
distribution/downloads/pom.xml 2(+1 -1)
distribution/examples-dist/pom.xml 2(+1 -1)
distribution/feature-packs/pom.xml 2(+1 -1)
distribution/pom.xml 2(+1 -1)
distribution/proxy-dist/pom.xml 2(+1 -1)
distribution/server-dist/pom.xml 2(+1 -1)
distribution/server-overlay/pom.xml 2(+1 -1)
distribution/src-dist/pom.xml 2(+1 -1)
docbook/pom.xml 2(+1 -1)
events/api/pom.xml 2(+1 -1)
events/email/pom.xml 2(+1 -1)
events/jboss-logging/pom.xml 2(+1 -1)
events/jpa/pom.xml 2(+1 -1)
events/mongo/pom.xml 2(+1 -1)
events/pom.xml 2(+1 -1)
events/syslog/pom.xml 2(+1 -1)
examples/admin-client/pom.xml 2(+1 -1)
examples/basic-auth/pom.xml 2(+1 -1)
examples/broker/pom.xml 2(+1 -1)
examples/cors/pom.xml 2(+1 -1)
examples/demo-template/pom.xml 2(+1 -1)
examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSecretServlet.java 2(+1 -1)
examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSignedJWTServlet.java 2(+1 -1)
examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java 6(+4 -2)
examples/fuse/camel/pom.xml 2(+1 -1)
examples/fuse/cxf-jaxrs/pom.xml 2(+1 -1)
examples/fuse/cxf-jaxws/pom.xml 2(+1 -1)
examples/fuse/features/pom.xml 2(+1 -1)
examples/fuse/pom.xml 2(+1 -1)
examples/js-console/pom.xml 2(+1 -1)
examples/kerberos/kerberosrealm.json 2(+1 -1)
examples/kerberos/pom.xml 6(+5 -1)
examples/kerberos/README.md 154(+145 -9)
examples/ldap/pom.xml 2(+1 -1)
examples/multi-tenant/pom.xml 2(+1 -1)
examples/pom.xml 2(+1 -1)
examples/providers/pom.xml 2(+1 -1)
examples/saml/pom.xml 2(+1 -1)
examples/themes/pom.xml 2(+1 -1)
export-import/pom.xml 2(+1 -1)
federation/kerberos/pom.xml 2(+1 -1)
federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java 5(+5 -0)
federation/ldap/pom.xml 2(+1 -1)
federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java 1(+1 -0)
federation/pom.xml 2(+1 -1)
forms/account-api/pom.xml 2(+1 -1)
forms/account-freemarker/pom.xml 2(+1 -1)
forms/common-freemarker/pom.xml 2(+1 -1)
forms/common-themes/pom.xml 2(+1 -1)
forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js 65(+25 -40)
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-generic.html 22(+12 -10)
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html 4(+2 -2)
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html 4(+2 -2)
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html 6(+3 -3)
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-attributes.html 2(+1 -1)
forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties 22(+11 -11)
forms/email-api/pom.xml 2(+1 -1)
forms/email-freemarker/pom.xml 2(+1 -1)
forms/login-api/pom.xml 2(+1 -1)
forms/login-freemarker/pom.xml 2(+1 -1)
forms/pom.xml 2(+1 -1)
integration/adapter-core/pom.xml 2(+1 -1)
integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientCredentialsProviderUtils.java 15(+13 -2)
integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java 21(+18 -3)
integration/admin-client/pom.xml 2(+1 -1)
integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java 33(+19 -14)
integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java 14(+13 -1)
integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java 81(+76 -5)
integration/as7-eap6/pom.xml 2(+1 -1)
integration/installed/pom.xml 2(+1 -1)
integration/jetty/jetty8.1/pom.xml 4(+2 -2)
integration/jetty/jetty9.1/pom.xml 2(+1 -1)
integration/jetty/jetty9.2/pom.xml 2(+1 -1)
integration/jetty/jetty-core/pom.xml 4(+2 -2)
integration/jetty/pom.xml 2(+1 -1)
integration/js/pom.xml 2(+1 -1)
integration/osgi-adapter/pom.xml 4(+2 -2)
integration/pom.xml 2(+1 -1)
integration/spring-boot/pom.xml 2(+1 -1)
integration/spring-security/pom.xml 2(+1 -1)
integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java 7(+5 -2)
integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java 6(+6 -0)
integration/tomcat/pom.xml 2(+1 -1)
integration/tomcat/tomcat6/pom.xml 2(+1 -1)
integration/tomcat/tomcat7/pom.xml 2(+1 -1)
integration/tomcat/tomcat8/pom.xml 2(+1 -1)
integration/undertow/pom.xml 2(+1 -1)
integration/wildfly/pom.xml 2(+1 -1)
integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java 14(+13 -1)
integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakSubsystemParser.java 81(+76 -5)
integration/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java 38(+37 -1)
integration/wildfly/wf8-subsystem/src/test/resources/org/keycloak/subsystem/wf8/extension/keycloak-1.1.xml 4(+3 -1)
integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java 14(+13 -1)
integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java 81(+76 -5)
integration/wildfly/wf9-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java 37(+36 -1)
integration/wildfly/wf9-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml 4(+3 -1)
model/api/pom.xml 2(+1 -1)
model/file/pom.xml 2(+1 -1)
model/invalidation-cache/pom.xml 2(+1 -1)
model/jpa/pom.xml 2(+1 -1)
model/mongo/pom.xml 2(+1 -1)
model/pom.xml 2(+1 -1)
model/sessions-infinispan/pom.xml 2(+1 -1)
pom.xml 2(+1 -1)
proxy/launcher/pom.xml 2(+1 -1)
proxy/pom.xml 2(+1 -1)
proxy/proxy-server/pom.xml 2(+1 -1)
saml/pom.xml 2(+1 -1)
saml/saml-core/pom.xml 2(+1 -1)
saml/saml-protocol/pom.xml 2(+1 -1)
services/pom.xml 143(+118 -25)
services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java 22(+11 -11)
services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java 25(+18 -7)
services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java 48(+6 -42)
services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java 205(+179 -26)
services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java 13(+9 -4)
services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java 54(+52 -2)
services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java 34(+34 -0)
services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java 2(+1 -1)
services/src/main/java/org/keycloak/services/resources/admin/info/SystemInfoRepresentation.java 4(+3 -1)
services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java 31(+26 -5)
services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java 12(+9 -3)
services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java 14(+7 -7)
services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java 20(+10 -10)
services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java 10(+5 -5)
social/core/pom.xml 2(+1 -1)
social/facebook/pom.xml 2(+1 -1)
social/github/pom.xml 2(+1 -1)
social/google/pom.xml 2(+1 -1)
social/linkedin/pom.xml 2(+1 -1)
social/pom.xml 2(+1 -1)
social/stackoverflow/pom.xml 2(+1 -1)
social/twitter/pom.xml 2(+1 -1)
testsuite/docker-cluster/pom.xml 2(+1 -1)
testsuite/integration/pom.xml 2(+1 -1)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java 2(+1 -1)
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java 18(+13 -5)
testsuite/jetty/jetty81/pom.xml 4(+2 -2)
testsuite/jetty/jetty91/pom.xml 2(+1 -1)
testsuite/jetty/jetty92/pom.xml 2(+1 -1)
testsuite/performance/pom.xml 2(+1 -1)
testsuite/pom.xml 2(+1 -1)
testsuite/proxy/pom.xml 2(+1 -1)
testsuite/tomcat6/pom.xml 2(+1 -1)
testsuite/tomcat7/pom.xml 2(+1 -1)
testsuite/tomcat8/pom.xml 2(+1 -1)
timer/api/pom.xml 2(+1 -1)
timer/basic/pom.xml 2(+1 -1)
timer/pom.xml 2(+1 -1)
util/embedded-ldap/pom.xml 2(+1 -1)
util/pom.xml 2(+1 -1)
Details
broker/core/pom.xml 2(+1 -1)
diff --git a/broker/core/pom.xml b/broker/core/pom.xml
index 2799c7d..db8d901 100755
--- a/broker/core/pom.xml
+++ b/broker/core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
broker/oidc/pom.xml 2(+1 -1)
diff --git a/broker/oidc/pom.xml b/broker/oidc/pom.xml
index 747d1fa..997fcc7 100755
--- a/broker/oidc/pom.xml
+++ b/broker/oidc/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
broker/pom.xml 2(+1 -1)
diff --git a/broker/pom.xml b/broker/pom.xml
index b4f38d5..8437a9e 100755
--- a/broker/pom.xml
+++ b/broker/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
broker/saml/pom.xml 2(+1 -1)
diff --git a/broker/saml/pom.xml b/broker/saml/pom.xml
index b787105..7238405 100755
--- a/broker/saml/pom.xml
+++ b/broker/saml/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
index 1cd28fd..4adeddf 100755
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
@@ -73,74 +73,78 @@ public class SAMLIdentityProviderFactory extends AbstractIdentityProviderFactory
List<EntityDescriptorType.EDTChoiceType> choiceType = entityType.getChoiceType();
if (!choiceType.isEmpty()) {
- EntityDescriptorType.EDTChoiceType edtChoiceType = choiceType.get(0);
- List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = edtChoiceType.getDescriptors();
-
- if (!descriptors.isEmpty()) {
- EntityDescriptorType.EDTDescriptorChoiceType edtDescriptorChoiceType = descriptors.get(0);
- IDPSSODescriptorType idpDescriptor = edtDescriptorChoiceType.getIdpDescriptor();
-
- if (idpDescriptor != null) {
- SAMLIdentityProviderConfig samlIdentityProviderConfig = new SAMLIdentityProviderConfig();
- String singleSignOnServiceUrl = null;
- boolean postBinding = false;
- for (EndpointType endpoint : idpDescriptor.getSingleSignOnService()) {
- if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
- singleSignOnServiceUrl = endpoint.getLocation().toString();
- postBinding = true;
- break;
- } else if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
- singleSignOnServiceUrl = endpoint.getLocation().toString();
- }
- }
- String singleLogoutServiceUrl = null;
- for (EndpointType endpoint : idpDescriptor.getSingleLogoutService()) {
- if (postBinding && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
- singleLogoutServiceUrl = endpoint.getLocation().toString();
- break;
- } else if (!postBinding && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
- singleLogoutServiceUrl = endpoint.getLocation().toString();
- break;
- }
+ IDPSSODescriptorType idpDescriptor = null;
+
+ //Metadata documents can contain multiple Descriptors (See ADFS metadata documents) such as RoleDescriptor, SPSSODescriptor, IDPSSODescriptor.
+ //So we need to loop through to find the IDPSSODescriptor.
+ for(EntityDescriptorType.EDTChoiceType edtChoiceType : entityType.getChoiceType()) {
+ List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = edtChoiceType.getDescriptors();
+ if(!descriptors.isEmpty() && descriptors.get(0).getIdpDescriptor() != null) {
+ idpDescriptor = descriptors.get(0).getIdpDescriptor();
+ }
+ }
+
+ if (idpDescriptor != null) {
+ SAMLIdentityProviderConfig samlIdentityProviderConfig = new SAMLIdentityProviderConfig();
+ String singleSignOnServiceUrl = null;
+ boolean postBinding = false;
+ for (EndpointType endpoint : idpDescriptor.getSingleSignOnService()) {
+ if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
+ singleSignOnServiceUrl = endpoint.getLocation().toString();
+ postBinding = true;
+ break;
+ } else if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
+ singleSignOnServiceUrl = endpoint.getLocation().toString();
}
- samlIdentityProviderConfig.setSingleLogoutServiceUrl(singleLogoutServiceUrl);
- samlIdentityProviderConfig.setSingleSignOnServiceUrl(singleSignOnServiceUrl);
- samlIdentityProviderConfig.setWantAuthnRequestsSigned(idpDescriptor.isWantAuthnRequestsSigned());
- samlIdentityProviderConfig.setValidateSignature(idpDescriptor.isWantAuthnRequestsSigned());
- samlIdentityProviderConfig.setPostBindingResponse(postBinding);
- samlIdentityProviderConfig.setPostBindingAuthnRequest(postBinding);
-
- List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
- String defaultCertificate = null;
-
- if (keyDescriptor != null) {
- for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
- Element keyInfo = keyDescriptorType.getKeyInfo();
- Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
-
- if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
- samlIdentityProviderConfig.setSigningCertificate(x509KeyInfo.getTextContent());
- } else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
- samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
- } else if (keyDescriptorType.getUse() == null) {
- defaultCertificate = x509KeyInfo.getTextContent();
- }
- }
+ }
+ String singleLogoutServiceUrl = null;
+ for (EndpointType endpoint : idpDescriptor.getSingleLogoutService()) {
+ if (postBinding && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
+ singleLogoutServiceUrl = endpoint.getLocation().toString();
+ break;
+ } else if (!postBinding && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
+ singleLogoutServiceUrl = endpoint.getLocation().toString();
+ break;
}
- if (defaultCertificate != null) {
- if (samlIdentityProviderConfig.getSigningCertificate() == null) {
- samlIdentityProviderConfig.setSigningCertificate(defaultCertificate);
+ }
+ samlIdentityProviderConfig.setSingleLogoutServiceUrl(singleLogoutServiceUrl);
+ samlIdentityProviderConfig.setSingleSignOnServiceUrl(singleSignOnServiceUrl);
+ samlIdentityProviderConfig.setWantAuthnRequestsSigned(idpDescriptor.isWantAuthnRequestsSigned());
+ samlIdentityProviderConfig.setValidateSignature(idpDescriptor.isWantAuthnRequestsSigned());
+ samlIdentityProviderConfig.setPostBindingResponse(postBinding);
+ samlIdentityProviderConfig.setPostBindingAuthnRequest(postBinding);
+
+ List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
+ String defaultCertificate = null;
+
+ if (keyDescriptor != null) {
+ for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
+ Element keyInfo = keyDescriptorType.getKeyInfo();
+ Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
+
+ if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
+ samlIdentityProviderConfig.setSigningCertificate(x509KeyInfo.getTextContent());
+ } else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
+ samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
+ } else if (keyDescriptorType.getUse() == null) {
+ defaultCertificate = x509KeyInfo.getTextContent();
}
+ }
+ }
- if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
- samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
- }
+ if (defaultCertificate != null) {
+ if (samlIdentityProviderConfig.getSigningCertificate() == null) {
+ samlIdentityProviderConfig.setSigningCertificate(defaultCertificate);
}
- return samlIdentityProviderConfig.getConfig();
+ if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
+ samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
+ }
}
+
+ return samlIdentityProviderConfig.getConfig();
}
}
} catch (ParsingException pe) {
connections/file/pom.xml 2(+1 -1)
diff --git a/connections/file/pom.xml b/connections/file/pom.xml
index c88a196..c547b60 100755
--- a/connections/file/pom.xml
+++ b/connections/file/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
connections/http-client/pom.xml 2(+1 -1)
diff --git a/connections/http-client/pom.xml b/connections/http-client/pom.xml
index b7e9953..66c1d4c 100755
--- a/connections/http-client/pom.xml
+++ b/connections/http-client/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
connections/infinispan/pom.xml 2(+1 -1)
diff --git a/connections/infinispan/pom.xml b/connections/infinispan/pom.xml
index f7c457d..711de79 100755
--- a/connections/infinispan/pom.xml
+++ b/connections/infinispan/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
connections/jpa/pom.xml 2(+1 -1)
diff --git a/connections/jpa/pom.xml b/connections/jpa/pom.xml
index e5c07a9..b36b850 100755
--- a/connections/jpa/pom.xml
+++ b/connections/jpa/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
connections/jpa-liquibase/pom.xml 2(+1 -1)
diff --git a/connections/jpa-liquibase/pom.xml b/connections/jpa-liquibase/pom.xml
index 6f6e913..609d4b2 100755
--- a/connections/jpa-liquibase/pom.xml
+++ b/connections/jpa-liquibase/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
connections/mongo/pom.xml 2(+1 -1)
diff --git a/connections/mongo/pom.xml b/connections/mongo/pom.xml
index f35cc3b..ca25511 100755
--- a/connections/mongo/pom.xml
+++ b/connections/mongo/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
connections/mongo-update/pom.xml 2(+1 -1)
diff --git a/connections/mongo-update/pom.xml b/connections/mongo-update/pom.xml
index 20f6298..c932903 100755
--- a/connections/mongo-update/pom.xml
+++ b/connections/mongo-update/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
connections/pom.xml 2(+1 -1)
diff --git a/connections/pom.xml b/connections/pom.xml
index abbe3c4..e4db58e 100755
--- a/connections/pom.xml
+++ b/connections/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Connections Parent</name>
<description/>
core/pom.xml 2(+1 -1)
diff --git a/core/pom.xml b/core/pom.xml
index e9725c3..e470755 100755
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 5b59c23..c1c53b3 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -90,6 +90,7 @@ public class RealmRepresentation {
protected String browserFlow;
protected String registrationFlow;
protected String directGrantFlow;
+ protected String resetCredentialsFlow;
protected String clientAuthenticationFlow;
@Deprecated
@@ -737,6 +738,14 @@ public class RealmRepresentation {
this.directGrantFlow = directGrantFlow;
}
+ public String getResetCredentialsFlow() {
+ return resetCredentialsFlow;
+ }
+
+ public void setResetCredentialsFlow(String resetCredentialsFlow) {
+ this.resetCredentialsFlow = resetCredentialsFlow;
+ }
+
public String getClientAuthenticationFlow() {
return clientAuthenticationFlow;
}
diff --git a/core/src/main/java/org/keycloak/Version.java b/core/src/main/java/org/keycloak/Version.java
index 8816843..2ba5b9b 100755
--- a/core/src/main/java/org/keycloak/Version.java
+++ b/core/src/main/java/org/keycloak/Version.java
@@ -1,6 +1,7 @@
package org.keycloak;
import org.codehaus.jackson.annotate.JsonProperty;
+import org.keycloak.util.Time;
import java.io.IOException;
import java.io.InputStream;
@@ -28,6 +29,9 @@ public class Version {
VERSION = props.getProperty("version");
BUILD_TIME = props.getProperty("build-time");
RESOURCES_VERSION = VERSION.toLowerCase();
+ if (RESOURCES_VERSION.endsWith("-snapshot")) {
+ RESOURCES_VERSION = RESOURCES_VERSION.replace("-snapshot", "-" + Time.currentTime());
+ }
} catch (IOException e) {
VERSION=UNKNOWN;
BUILD_TIME=UNKNOWN;
core-jaxrs/pom.xml 2(+1 -1)
diff --git a/core-jaxrs/pom.xml b/core-jaxrs/pom.xml
index b199608..6822b3a 100755
--- a/core-jaxrs/pom.xml
+++ b/core-jaxrs/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
dependencies/pom.xml 2(+1 -1)
diff --git a/dependencies/pom.xml b/dependencies/pom.xml
index b54ad58..d9a86f1 100755
--- a/dependencies/pom.xml
+++ b/dependencies/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
dependencies/server-all/pom.xml 2(+1 -1)
diff --git a/dependencies/server-all/pom.xml b/dependencies/server-all/pom.xml
index c193c00..3776340 100755
--- a/dependencies/server-all/pom.xml
+++ b/dependencies/server-all/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
dependencies/server-min/pom.xml 2(+1 -1)
diff --git a/dependencies/server-min/pom.xml b/dependencies/server-min/pom.xml
index 06b1491..b89c6a6 100755
--- a/dependencies/server-min/pom.xml
+++ b/dependencies/server-min/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
index 3edb343..d905027 100755
--- a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
index d65477b..1628f9b 100755
--- a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
@@ -8,7 +8,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
index cdd180d..7085d9d 100755
--- a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/as7-eap6-adapter/pom.xml b/distribution/adapters/as7-eap6-adapter/pom.xml
index 353599d..884f31b 100644
--- a/distribution/adapters/as7-eap6-adapter/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<name>Keycloak AS7 / JBoss EAP 6 Adapter Distros</name>
diff --git a/distribution/adapters/jetty81-adapter-zip/pom.xml b/distribution/adapters/jetty81-adapter-zip/pom.xml
index ae591ee..fe02923 100755
--- a/distribution/adapters/jetty81-adapter-zip/pom.xml
+++ b/distribution/adapters/jetty81-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/jetty91-adapter-zip/pom.xml b/distribution/adapters/jetty91-adapter-zip/pom.xml
index 62db9ff..0de6688 100755
--- a/distribution/adapters/jetty91-adapter-zip/pom.xml
+++ b/distribution/adapters/jetty91-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/jetty92-adapter-zip/pom.xml b/distribution/adapters/jetty92-adapter-zip/pom.xml
index 16dd82b..d3233ec 100755
--- a/distribution/adapters/jetty92-adapter-zip/pom.xml
+++ b/distribution/adapters/jetty92-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/js-adapter-zip/pom.xml b/distribution/adapters/js-adapter-zip/pom.xml
index a72c62f..0a1c19c 100755
--- a/distribution/adapters/js-adapter-zip/pom.xml
+++ b/distribution/adapters/js-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/osgi/features/pom.xml b/distribution/adapters/osgi/features/pom.xml
index 71e7f5c..5009f4b 100755
--- a/distribution/adapters/osgi/features/pom.xml
+++ b/distribution/adapters/osgi/features/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
<name>Keycloak OSGI Features</name>
diff --git a/distribution/adapters/osgi/jaas/pom.xml b/distribution/adapters/osgi/jaas/pom.xml
index a9ce470..17b8dbf 100755
--- a/distribution/adapters/osgi/jaas/pom.xml
+++ b/distribution/adapters/osgi/jaas/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
<name>Keycloak OSGI JAAS Realm Configuration</name>
distribution/adapters/osgi/pom.xml 2(+1 -1)
diff --git a/distribution/adapters/osgi/pom.xml b/distribution/adapters/osgi/pom.xml
index ff0263f..98fea47 100755
--- a/distribution/adapters/osgi/pom.xml
+++ b/distribution/adapters/osgi/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<name>Keycloak OSGI Integration</name>
diff --git a/distribution/adapters/osgi/thirdparty/pom.xml b/distribution/adapters/osgi/thirdparty/pom.xml
index 22ebe93..c4ddc7a 100755
--- a/distribution/adapters/osgi/thirdparty/pom.xml
+++ b/distribution/adapters/osgi/thirdparty/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
distribution/adapters/pom.xml 2(+1 -1)
diff --git a/distribution/adapters/pom.xml b/distribution/adapters/pom.xml
index 27830d8..5aacc0f 100755
--- a/distribution/adapters/pom.xml
+++ b/distribution/adapters/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/tomcat6-adapter-zip/pom.xml b/distribution/adapters/tomcat6-adapter-zip/pom.xml
index 4e952bf..d08356b 100755
--- a/distribution/adapters/tomcat6-adapter-zip/pom.xml
+++ b/distribution/adapters/tomcat6-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/tomcat7-adapter-zip/pom.xml b/distribution/adapters/tomcat7-adapter-zip/pom.xml
index 625a273..1f394a7 100755
--- a/distribution/adapters/tomcat7-adapter-zip/pom.xml
+++ b/distribution/adapters/tomcat7-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/tomcat8-adapter-zip/pom.xml b/distribution/adapters/tomcat8-adapter-zip/pom.xml
index 8fcee05..e759ffb 100755
--- a/distribution/adapters/tomcat8-adapter-zip/pom.xml
+++ b/distribution/adapters/tomcat8-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/wf8-adapter/pom.xml b/distribution/adapters/wf8-adapter/pom.xml
index 897559e..85a3f5d 100644
--- a/distribution/adapters/wf8-adapter/pom.xml
+++ b/distribution/adapters/wf8-adapter/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<name>Keycloak Wildfly 8 Adapter</name>
diff --git a/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml b/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml
index c1fa52c..6f5dcf6 100755
--- a/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml
+++ b/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
index 5d64596..e652ede 100755
--- a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
+++ b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
@@ -8,7 +8,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/wf9-adapter/pom.xml b/distribution/adapters/wf9-adapter/pom.xml
index 67a7039..4b37d72 100644
--- a/distribution/adapters/wf9-adapter/pom.xml
+++ b/distribution/adapters/wf9-adapter/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<name>Keycloak Wildfly 9 Adapter</name>
diff --git a/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml b/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml
index f925f2b..3fd7c5a 100755
--- a/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml
+++ b/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/adapters/wf9-adapter/wf9-modules/pom.xml b/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
index 00d7cbf..270cc55 100755
--- a/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
+++ b/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
@@ -8,7 +8,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
distribution/demo-dist/pom.xml 2(+1 -1)
diff --git a/distribution/demo-dist/pom.xml b/distribution/demo-dist/pom.xml
index 01624df..7903eb8 100755
--- a/distribution/demo-dist/pom.xml
+++ b/distribution/demo-dist/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
distribution/docs-dist/assembly.xml 2(+1 -1)
diff --git a/distribution/docs-dist/assembly.xml b/distribution/docs-dist/assembly.xml
index 879e92c..c1a1bd9 100755
--- a/distribution/docs-dist/assembly.xml
+++ b/distribution/docs-dist/assembly.xml
@@ -13,7 +13,7 @@
<outputDirectory>javadocs</outputDirectory>
</fileSet>
<fileSet>
- <directory>../../services/target/apidocs</directory>
+ <directory>../../services/target/apidocs-rest/output</directory>
<outputDirectory>rest-api</outputDirectory>
</fileSet>
<fileSet>
distribution/docs-dist/pom.xml 2(+1 -1)
diff --git a/distribution/docs-dist/pom.xml b/distribution/docs-dist/pom.xml
index 3abc176..1f1ce1d 100755
--- a/distribution/docs-dist/pom.xml
+++ b/distribution/docs-dist/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
distribution/downloads/pom.xml 2(+1 -1)
diff --git a/distribution/downloads/pom.xml b/distribution/downloads/pom.xml
index 5062af9..f15b757 100755
--- a/distribution/downloads/pom.xml
+++ b/distribution/downloads/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>distribution-pom</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<artifactId>keycloak-dist-downloads</artifactId>
distribution/examples-dist/pom.xml 2(+1 -1)
diff --git a/distribution/examples-dist/pom.xml b/distribution/examples-dist/pom.xml
index c371b4f..8f3dc2c 100755
--- a/distribution/examples-dist/pom.xml
+++ b/distribution/examples-dist/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
diff --git a/distribution/feature-packs/adapter-feature-pack/pom.xml b/distribution/feature-packs/adapter-feature-pack/pom.xml
index 01f2a5a..37a4c6c 100755
--- a/distribution/feature-packs/adapter-feature-pack/pom.xml
+++ b/distribution/feature-packs/adapter-feature-pack/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>feature-packs-parent</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
distribution/feature-packs/pom.xml 2(+1 -1)
diff --git a/distribution/feature-packs/pom.xml b/distribution/feature-packs/pom.xml
index 596935b..7530b6d 100644
--- a/distribution/feature-packs/pom.xml
+++ b/distribution/feature-packs/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>distribution-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<name>Feature Pack Builds</name>
diff --git a/distribution/feature-packs/server-feature-pack/pom.xml b/distribution/feature-packs/server-feature-pack/pom.xml
index 263c200..ba360d9 100644
--- a/distribution/feature-packs/server-feature-pack/pom.xml
+++ b/distribution/feature-packs/server-feature-pack/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>feature-packs-parent</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
distribution/pom.xml 2(+1 -1)
diff --git a/distribution/pom.xml b/distribution/pom.xml
index 95c0531..ca47939 100755
--- a/distribution/pom.xml
+++ b/distribution/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
distribution/proxy-dist/pom.xml 2(+1 -1)
diff --git a/distribution/proxy-dist/pom.xml b/distribution/proxy-dist/pom.xml
index 030137f..f2b480d 100755
--- a/distribution/proxy-dist/pom.xml
+++ b/distribution/proxy-dist/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
distribution/server-dist/pom.xml 2(+1 -1)
diff --git a/distribution/server-dist/pom.xml b/distribution/server-dist/pom.xml
index 3c90b35..b6217fa 100755
--- a/distribution/server-dist/pom.xml
+++ b/distribution/server-dist/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
diff --git a/distribution/server-overlay/eap6/eap6-server-modules/pom.xml b/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
index 1041b69..59b572c 100755
--- a/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
@@ -8,7 +8,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml b/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
index 9a9e490..83ee9e3 100755
--- a/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
@@ -14,7 +14,7 @@
<outputDirectory>modules/system/layers/base</outputDirectory>
</fileSet>
<fileSet>
- <directory>../../../forms/common-themes/src/main/resources/theme</directory>
+ <directory>../../../../forms/common-themes/src/main/resources/theme</directory>
<outputDirectory>standalone/configuration/themes</outputDirectory>
<includes>
<include>**/**</include>
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
index 8b0a69a..9d15cbf 100755
--- a/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
diff --git a/distribution/server-overlay/eap6/pom.xml b/distribution/server-overlay/eap6/pom.xml
index 9361c3b..fa9142f 100755
--- a/distribution/server-overlay/eap6/pom.xml
+++ b/distribution/server-overlay/eap6/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
distribution/server-overlay/pom.xml 2(+1 -1)
diff --git a/distribution/server-overlay/pom.xml b/distribution/server-overlay/pom.xml
index 159a18a..6569c5d 100755
--- a/distribution/server-overlay/pom.xml
+++ b/distribution/server-overlay/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
diff --git a/distribution/server-overlay/wf9-server-overlay/pom.xml b/distribution/server-overlay/wf9-server-overlay/pom.xml
index fda3fc0..c7e74e4 100755
--- a/distribution/server-overlay/wf9-server-overlay/pom.xml
+++ b/distribution/server-overlay/wf9-server-overlay/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
distribution/src-dist/pom.xml 2(+1 -1)
diff --git a/distribution/src-dist/pom.xml b/distribution/src-dist/pom.xml
index 4c0290e..5a22a28 100755
--- a/distribution/src-dist/pom.xml
+++ b/distribution/src-dist/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
docbook/pom.xml 2(+1 -1)
diff --git a/docbook/pom.xml b/docbook/pom.xml
index 7cef3f7..da51831 100755
--- a/docbook/pom.xml
+++ b/docbook/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/docbook/reference/en/en-US/modules/security-vulnerabilities.xml b/docbook/reference/en/en-US/modules/security-vulnerabilities.xml
index d7fadb0..b2a3882 100755
--- a/docbook/reference/en/en-US/modules/security-vulnerabilities.xml
+++ b/docbook/reference/en/en-US/modules/security-vulnerabilities.xml
@@ -130,8 +130,8 @@
A password has to match all policies. The password policies that can be configured are hash iterations, length, digits,
lowercase, uppercase, special characters, not username, regex patterns, password history and force expired password update.
Force expired password update policy forces or requires password updates after specified span of time. Password history policy
- restricts a user from resetting his password to N old expired passwords. Multiple regex patterns, separated by comma,
- can be specified in regex pattern policy. If there's more than one regex added, password has to match all fully.
+ restricts a user from resetting his password to N old expired passwords. Multiple regex patterns can be specified.
+ If there's more than one regex added, password has to match all fully.
Increasing number of Hash Iterations (n) does not worsen anything (and certainly not the cipher) and it greatly increases the
resistance to dictionary attacks. However the drawback to increasing n is that it has some cost (CPU usage, energy, delay) for
the legitimate parties. Increasing n also slightly increases the odds that a random password gives the same result as the right
events/api/pom.xml 2(+1 -1)
diff --git a/events/api/pom.xml b/events/api/pom.xml
index 5f7eff8..4d4ab5b 100755
--- a/events/api/pom.xml
+++ b/events/api/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-events-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
events/email/pom.xml 2(+1 -1)
diff --git a/events/email/pom.xml b/events/email/pom.xml
index dad42de..f400e52 100755
--- a/events/email/pom.xml
+++ b/events/email/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-events-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
events/jboss-logging/pom.xml 2(+1 -1)
diff --git a/events/jboss-logging/pom.xml b/events/jboss-logging/pom.xml
index 1bb089d..217e130 100755
--- a/events/jboss-logging/pom.xml
+++ b/events/jboss-logging/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-events-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
events/jpa/pom.xml 2(+1 -1)
diff --git a/events/jpa/pom.xml b/events/jpa/pom.xml
index ca70472..d6e7e9e 100755
--- a/events/jpa/pom.xml
+++ b/events/jpa/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-events-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
events/mongo/pom.xml 2(+1 -1)
diff --git a/events/mongo/pom.xml b/events/mongo/pom.xml
index 43d58d6..0900274 100755
--- a/events/mongo/pom.xml
+++ b/events/mongo/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-events-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
events/pom.xml 2(+1 -1)
diff --git a/events/pom.xml b/events/pom.xml
index 7189b13..68ad78e 100755
--- a/events/pom.xml
+++ b/events/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
events/syslog/pom.xml 2(+1 -1)
diff --git a/events/syslog/pom.xml b/events/syslog/pom.xml
index 8514521..4b6338a 100755
--- a/events/syslog/pom.xml
+++ b/events/syslog/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-events-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/admin-client/pom.xml 2(+1 -1)
diff --git a/examples/admin-client/pom.xml b/examples/admin-client/pom.xml
index edbab74..27aec4e 100755
--- a/examples/admin-client/pom.xml
+++ b/examples/admin-client/pom.xml
@@ -5,7 +5,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Keycloak Examples - Admin Client</name>
examples/basic-auth/pom.xml 2(+1 -1)
diff --git a/examples/basic-auth/pom.xml b/examples/basic-auth/pom.xml
index 0e1575e..a8c3400 100755
--- a/examples/basic-auth/pom.xml
+++ b/examples/basic-auth/pom.xml
@@ -6,7 +6,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Keycloak Examples - Basic Auth</name>
diff --git a/examples/broker/facebook-authentication/pom.xml b/examples/broker/facebook-authentication/pom.xml
index 0dd194f..92f8f4d 100755
--- a/examples/broker/facebook-authentication/pom.xml
+++ b/examples/broker/facebook-authentication/pom.xml
@@ -6,7 +6,7 @@
<parent>
<artifactId>keycloak-examples-broker-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Keycloak Broker Examples - Facebook Authentication</name>
diff --git a/examples/broker/google-authentication/pom.xml b/examples/broker/google-authentication/pom.xml
index 2d94033..609a7a9 100755
--- a/examples/broker/google-authentication/pom.xml
+++ b/examples/broker/google-authentication/pom.xml
@@ -6,7 +6,7 @@
<parent>
<artifactId>keycloak-examples-broker-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Keycloak Broker Examples - Google Authentication</name>
examples/broker/pom.xml 2(+1 -1)
diff --git a/examples/broker/pom.xml b/examples/broker/pom.xml
index 0d5488d..2016503 100755
--- a/examples/broker/pom.xml
+++ b/examples/broker/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Broker Examples</name>
diff --git a/examples/broker/saml-broker-authentication/pom.xml b/examples/broker/saml-broker-authentication/pom.xml
index 77f513a..7f4073b 100755
--- a/examples/broker/saml-broker-authentication/pom.xml
+++ b/examples/broker/saml-broker-authentication/pom.xml
@@ -6,7 +6,7 @@
<parent>
<artifactId>keycloak-examples-broker-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Keycloak Broker Examples - SAML Identity Provider Brokering</name>
diff --git a/examples/broker/twitter-authentication/pom.xml b/examples/broker/twitter-authentication/pom.xml
index 2799dbd..2443836 100755
--- a/examples/broker/twitter-authentication/pom.xml
+++ b/examples/broker/twitter-authentication/pom.xml
@@ -6,7 +6,7 @@
<parent>
<artifactId>keycloak-examples-broker-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Keycloak Broker Examples - Twitter Authentication</name>
diff --git a/examples/cors/angular-product-app/pom.xml b/examples/cors/angular-product-app/pom.xml
index 8ad9d4f..353d8f1 100755
--- a/examples/cors/angular-product-app/pom.xml
+++ b/examples/cors/angular-product-app/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-cors-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/cors/database-service/pom.xml b/examples/cors/database-service/pom.xml
index 416b7d0..257113e 100755
--- a/examples/cors/database-service/pom.xml
+++ b/examples/cors/database-service/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-cors-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/cors/pom.xml 2(+1 -1)
diff --git a/examples/cors/pom.xml b/examples/cors/pom.xml
index 00c6f94..54046f9 100755
--- a/examples/cors/pom.xml
+++ b/examples/cors/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Keycloak Examples - CORS</name>
diff --git a/examples/demo-template/admin-access-app/pom.xml b/examples/demo-template/admin-access-app/pom.xml
index 6f4e8b0..6eaa3fc 100755
--- a/examples/demo-template/admin-access-app/pom.xml
+++ b/examples/demo-template/admin-access-app/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/angular-product-app/pom.xml b/examples/demo-template/angular-product-app/pom.xml
index 3220c30..c92fc17 100755
--- a/examples/demo-template/angular-product-app/pom.xml
+++ b/examples/demo-template/angular-product-app/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/customer-app/pom.xml b/examples/demo-template/customer-app/pom.xml
index 8f58a54..6992c5e 100755
--- a/examples/demo-template/customer-app/pom.xml
+++ b/examples/demo-template/customer-app/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/customer-app-cli/pom.xml b/examples/demo-template/customer-app-cli/pom.xml
index 0a39840..eba8148 100755
--- a/examples/demo-template/customer-app-cli/pom.xml
+++ b/examples/demo-template/customer-app-cli/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/customer-app-js/pom.xml b/examples/demo-template/customer-app-js/pom.xml
index 1a864b7..875f605 100755
--- a/examples/demo-template/customer-app-js/pom.xml
+++ b/examples/demo-template/customer-app-js/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/database-service/pom.xml b/examples/demo-template/database-service/pom.xml
index 1001ebf..53a8e4b 100755
--- a/examples/demo-template/database-service/pom.xml
+++ b/examples/demo-template/database-service/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/example-ear/pom.xml b/examples/demo-template/example-ear/pom.xml
index 95fc04b..8614c57 100755
--- a/examples/demo-template/example-ear/pom.xml
+++ b/examples/demo-template/example-ear/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/demo-template/pom.xml 2(+1 -1)
diff --git a/examples/demo-template/pom.xml b/examples/demo-template/pom.xml
index 11e54f4..347a483 100755
--- a/examples/demo-template/pom.xml
+++ b/examples/demo-template/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Examples</name>
diff --git a/examples/demo-template/product-app/pom.xml b/examples/demo-template/product-app/pom.xml
index db4cba3..c4a4271 100755
--- a/examples/demo-template/product-app/pom.xml
+++ b/examples/demo-template/product-app/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/service-account/pom.xml b/examples/demo-template/service-account/pom.xml
index 4a5372f..5a417cd 100644
--- a/examples/demo-template/service-account/pom.xml
+++ b/examples/demo-template/service-account/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSecretServlet.java b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSecretServlet.java
index 43c70f8..4892bad 100644
--- a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSecretServlet.java
+++ b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSecretServlet.java
@@ -9,7 +9,7 @@ public class ProductSAClientSecretServlet extends ProductServiceAccountServlet {
@Override
protected String getAdapterConfigLocation() {
- return "WEB-INF/keycloak-client-secret.json";
+ return "/WEB-INF/keycloak-client-secret.json";
}
@Override
diff --git a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSignedJWTServlet.java b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSignedJWTServlet.java
index 2a6fe33..58c5f9b 100644
--- a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSignedJWTServlet.java
+++ b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSignedJWTServlet.java
@@ -7,7 +7,7 @@ public class ProductSAClientSignedJWTServlet extends ProductServiceAccountServle
@Override
protected String getAdapterConfigLocation() {
- return "WEB-INF/keycloak-client-signed-jwt.json";
+ return "/WEB-INF/keycloak-client-signed-jwt.json";
}
@Override
diff --git a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java
index 91f4a07..13ab646 100644
--- a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java
+++ b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java
@@ -32,6 +32,7 @@ import org.keycloak.adapters.authentication.ClientCredentialsProviderUtils;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.util.JsonSerialization;
+import org.keycloak.util.UriUtils;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -155,7 +156,8 @@ public abstract class ProductServiceAccountServlet extends HttpServlet {
HttpClient client = getHttpClient();
String token = (String) req.getSession().getAttribute(TOKEN);
- HttpGet get = new HttpGet("http://localhost:8080/database/products");
+ String requestOrigin = UriUtils.getOrigin(req.getRequestURL().toString());
+ HttpGet get = new HttpGet(requestOrigin + "/database/products");
if (token != null) {
get.addHeader("Authorization", "Bearer " + token);
}
@@ -165,7 +167,7 @@ public abstract class ProductServiceAccountServlet extends HttpServlet {
int status = response.getStatusLine().getStatusCode();
if (status != 200) {
String json = getContent(entity);
- String error = "Failed retrieve products. Status: " + status + ", Response: " + json;
+ String error = "Failed retrieve products. Status: " + status;
req.setAttribute(ERROR, error);
} else if (entity == null) {
req.setAttribute(ERROR, "No entity");
diff --git a/examples/demo-template/third-party/pom.xml b/examples/demo-template/third-party/pom.xml
index 193129a..360a941 100755
--- a/examples/demo-template/third-party/pom.xml
+++ b/examples/demo-template/third-party/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/third-party/src/main/webapp/error.jsp b/examples/demo-template/third-party/src/main/webapp/error.jsp
new file mode 100644
index 0000000..7c17686
--- /dev/null
+++ b/examples/demo-template/third-party/src/main/webapp/error.jsp
@@ -0,0 +1 @@
+An error occurred. Click <a href="index.html"> to try again.
\ No newline at end of file
diff --git a/examples/demo-template/third-party/src/main/webapp/WEB-INF/web.xml b/examples/demo-template/third-party/src/main/webapp/WEB-INF/web.xml
index 958839d..9e72e01 100755
--- a/examples/demo-template/third-party/src/main/webapp/WEB-INF/web.xml
+++ b/examples/demo-template/third-party/src/main/webapp/WEB-INF/web.xml
@@ -9,6 +9,12 @@
<listener>
<listener-class>org.keycloak.example.oauth.Bootstrap</listener-class>
</listener>
+
+ <error-page>
+ <exception-type>java.lang.RuntimeException</exception-type>
+ <location>/error.jsp</location>
+ </error-page>
+
<!--
<security-constraint>
<web-resource-collection>
diff --git a/examples/demo-template/third-party-cdi/pom.xml b/examples/demo-template/third-party-cdi/pom.xml
index 591c99d..4f2ecfa 100755
--- a/examples/demo-template/third-party-cdi/pom.xml
+++ b/examples/demo-template/third-party-cdi/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-demo-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/fuse/camel/pom.xml 2(+1 -1)
diff --git a/examples/fuse/camel/pom.xml b/examples/fuse/camel/pom.xml
index abefa60..9744dae 100755
--- a/examples/fuse/camel/pom.xml
+++ b/examples/fuse/camel/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-fuse-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/customer-app-fuse/pom.xml b/examples/fuse/customer-app-fuse/pom.xml
index ef42b17..7ebf3d4 100755
--- a/examples/fuse/customer-app-fuse/pom.xml
+++ b/examples/fuse/customer-app-fuse/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-fuse-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/fuse/cxf-jaxrs/pom.xml 2(+1 -1)
diff --git a/examples/fuse/cxf-jaxrs/pom.xml b/examples/fuse/cxf-jaxrs/pom.xml
index c496919..82678c0 100755
--- a/examples/fuse/cxf-jaxrs/pom.xml
+++ b/examples/fuse/cxf-jaxrs/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-fuse-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/fuse/cxf-jaxws/pom.xml 2(+1 -1)
diff --git a/examples/fuse/cxf-jaxws/pom.xml b/examples/fuse/cxf-jaxws/pom.xml
index 24b0c0c..e3940d8 100755
--- a/examples/fuse/cxf-jaxws/pom.xml
+++ b/examples/fuse/cxf-jaxws/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-fuse-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/fuse/features/pom.xml 2(+1 -1)
diff --git a/examples/fuse/features/pom.xml b/examples/fuse/features/pom.xml
index a374a37..e49ce66 100755
--- a/examples/fuse/features/pom.xml
+++ b/examples/fuse/features/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-fuse-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/fuse/pom.xml 2(+1 -1)
diff --git a/examples/fuse/pom.xml b/examples/fuse/pom.xml
index fd93563..6679679 100755
--- a/examples/fuse/pom.xml
+++ b/examples/fuse/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Fuse examples</name>
diff --git a/examples/fuse/product-app-fuse/pom.xml b/examples/fuse/product-app-fuse/pom.xml
index cd809eb..a3ab15b 100755
--- a/examples/fuse/product-app-fuse/pom.xml
+++ b/examples/fuse/product-app-fuse/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-fuse-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/js-console/pom.xml 2(+1 -1)
diff --git a/examples/js-console/pom.xml b/examples/js-console/pom.xml
index b7e910f..a88257f 100755
--- a/examples/js-console/pom.xml
+++ b/examples/js-console/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/kerberos/kerberosrealm.json 2(+1 -1)
diff --git a/examples/kerberos/kerberosrealm.json b/examples/kerberos/kerberosrealm.json
index c2deeac..95d612b 100644
--- a/examples/kerberos/kerberosrealm.json
+++ b/examples/kerberos/kerberosrealm.json
@@ -86,7 +86,7 @@
"bindCredential" : "secret",
"kerberosRealm" : "KEYCLOAK.ORG",
"serverPrincipal" : "HTTP/localhost@KEYCLOAK.ORG",
- "keyTab" : "/tmp/http.keytab"
+ "keyTab" : "http.keytab"
}
}
]
examples/kerberos/pom.xml 6(+5 -1)
diff --git a/examples/kerberos/pom.xml b/examples/kerberos/pom.xml
index bbdafde..27d7071 100755
--- a/examples/kerberos/pom.xml
+++ b/examples/kerberos/pom.xml
@@ -5,7 +5,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Keycloak Examples - Kerberos Credential Delegation</name>
@@ -83,6 +83,10 @@
<key>ldap.ldif</key>
<value>kerberos-example-users.ldif</value>
</systemProperty>
+ <systemProperty>
+ <key>workingDirectory</key>
+ <value>${project.basedir}/target</value>
+ </systemProperty>
</systemProperties>
</configuration>
</plugin>
examples/kerberos/README.md 154(+145 -9)
diff --git a/examples/kerberos/README.md b/examples/kerberos/README.md
index 7b95993..c0f2800 100644
--- a/examples/kerberos/README.md
+++ b/examples/kerberos/README.md
@@ -9,17 +9,22 @@ It also needs to enable forwardable ticket support in Kerberos configuration and
Detailed steps:
-**1)** Build and deploy this sample's WAR file. For this example, deploy on the same server that is running the Keycloak Server, although this is not required for real world scenarios.
+**1)** Build and deploy this sample's WAR file. For this example, deploy on the same server that is running the Keycloak Server (the easiest way is to use Keycloak Demo distribution), although this is not required for real world scenarios.
+If Keycloak Server is running locally, you can deploy the WAR using maven:
-**2)** Copy `http.keytab` file from the root directory of example to `/tmp` directory (On Linux):
+ mvn wildfly:deploy
+**2)** Open `kerberosrealm.json` file for edit. Find `keyTab` config property, and adjust the path to `http.keytab` file, which is in project's root directory, to be an absolute path.
+For example:
```
-cp http.keytab /tmp/http.keytab
+ "keyTab" : "/home/user1/devel/keycloak/examples/kerberos/http.keytab"
```
-Alternative is to configure different location for `keyTab` property in `kerberosrealm.json` configuration file (On Windows this will be needed).
-**WARNING**: In production, keytab file should be in secured location accessible just to the user under which is Keycloak server running.
+On Windows you have to use forward slashes or double backslashes (\\) - e.g.`c:/Users/User1/devel/keycloak/examples/kerberos/http.keytab`.
+
+You can also move the file to another location if you want.
+**WARNING**: In production, keytab file should be in secured location accessible only to the user under which the Keycloak server is running.
**3)** Run Keycloak server and import `kerberosrealm.json` into it through admin console. This will import realm with sample application
@@ -37,13 +42,16 @@ Also if you are on Linux, make sure that record like:
```
is in your `/etc/hosts` before other records for the 127.0.0.1 host to avoid issues related to incompatible reverse lookup (Ensure the similar for other OS as well)
-**4)** Install kerberos client. This is platform dependent. If you are on Fedora, Ubuntu or RHEL, you can install package `freeipa-client`, which contains Kerberos client and bunch of other stuff.
+**4)** Install kerberos client. This is platform dependent. If you are on Fedora, Ubuntu or RHEL, you can install package `freeipa-client`, which contains Kerberos client and bunch of other stuff.
+
**5)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm for host `localhost` and enable `forwardable` flag, which is needed
for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server.
See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/resources/kerberos/test-krb5.conf) for inspiration.
+On OS X the file to edit (or create) is `/Library/Preferences/edu.mit.Kerberos` with the same syntax as `krb5.conf`.
+On Windows the file to edit (or create) is `c:\Windows\krb5.ini` with the same syntax as `krb5.conf`.
-**6)** Run ApacheDS based LDAP server. You can run the command like this (assuming you're in the "kerberos" directory with this example):
+**6)** Run ApacheDS based LDAP server. You can run the command like this (assuming you're in the `kerberos` directory with this example):
```
mvn exec:java -Pkerberos
@@ -60,7 +68,7 @@ both `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegatio
A bit more details in [testsuite README](https://github.com/keycloak/keycloak/blob/master/misc/Testsuite.md#kerberos-server) .
-**8)** Test the example. Obtain kerberos ticket by running command from CMD (on linux):
+**8)** Test the example. Obtain kerberos ticket by running command from Terminal / CMD:
```
kinit hnelson@KEYCLOAK.ORG
```
@@ -68,4 +76,132 @@ with password `secret` .
Then in your web browser open `http://localhost:8080/kerberos-portal` . You should be logged-in automatically through SPNEGO without displaying Keycloak login screen.
Keycloak will also transmit the delegated GSS credential to the application inside access token and application will be able to login with this credential
-to the LDAP server and retrieve some data from it (Actually it just retrieve few simple data about authenticated user himself).
\ No newline at end of file
+to the LDAP server and retrieve some data from it (Actually it just retrieve few simple data about authenticated user himself).
+
+
+Troubleshooting
+---------------
+
+You followed the instructions, but things don't seem to be working. Follow these instructions to troubleshoot.
+
+**1)** Make sure to use the default user in all Terminal / CMD sessions. Do not use 'sudo' or 'su'.
+The reason is that when you open Firefox, it will open within the context of currently signed in user. And it will use that user's Kerberos ticket to perform authentication.
+When you obtain Kerberos ticket using Terminal session, you have to be that same user, otherwise the ticket will not be visible to the browser.
+
+Of course make sure to obtain the ticket:
+
+```
+kinit hnelson@KEYCLOAK.ORG
+```
+with password `secret`.
+
+
+**2)** On Linux make sure that the first entry in your /etc/hosts file is:
+```
+127.0.0.1 localhost
+```
+
+Even if it already contains a similar entry like:
+
+ 127.0.0.1 localhost.localdomain localhost
+
+Make sure to insert the short one before the existing one.
+
+**3)** Make sure you have properly adjusted the path to `http.keytab` file in `kerberosrealm.json`.
+On Windows either use `/` as path delimiter or `\\` (two backslashes).
+
+**4)** Make sure that you have configured Firefox attributes via about:config url, and set `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegation-uris` to `localhost`,
+and `network.negotiate-auth.allow-non-fqdn` to `true`.
+
+
+
+Symptoms and solutions
+----------------------
+
+Here are some typical errors, and how to overcome them. It often helps to close and reopen browser, or restart servers in order for remedy to take effect.
+
+
+### Symptom
+
+ There is an error when starting embedded LDAP server:
+
+```
+GSSException: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)
+```
+### Solution
+
+ Make sure that krb5.conf file exists - location and file name is OS specific. See step no. 5 of the instructions.
+
+
+### Symptom
+
+ Browser redirects to normal login screen. There are no errors in Wildfly log.
+
+### Solution
+
+ Make sure to perform `kinit`, and properly configure Firefox. See points no. 1, and no. 4 above.
+
+
+### Symptom
+
+ Browser redirects to a normal login screen. There is a warning in Wildfly log:
+
+```
+11:31:48,267 WARN [org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator] (default task-6) GSS Context accepted, but no context initiator recognized. Check your kerberos configuration and reverse DNS lookup configuration
+```
+
+ There is also a warning similar to the following in Embedded LDAP log:
+
+```
+11:31:47,923 WARN [org.apache.directory.server.KERBEROS_LOG] No server entry found for kerberos principal name HTTP/localhost.localdomain@KEYCLOAK.ORG
+11:31:47,925 WARN [org.apache.directory.server.KERBEROS_LOG] Server not found in Kerberos database (7)
+```
+
+### Solution
+
+ Make sure that 127.0.0.1 reverse resolution returns 'localhost'. See point no. 2 above.
+
+
+### Symptom
+
+ Browser redirects to a normal login screen. There is a stacktrace in Wildfly log:
+```
+15:10:04,531 WARN [org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator] (default task-3) SPNEGO login failed: java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - DES3 CBC mode with SHA1-KD)
+ at java.security.AccessController.doPrivileged(Native Method)
+ at javax.security.auth.Subject.doAs(Subject.java:422)
+ at org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:46)
+```
+
+### Solution
+
+ Make sure `http.keytab` is available at the location specified in `kerberosrealm.json`. See point no. 3 above.
+
+
+### Symptom
+
+ Browser opens /kerberos-portal page, but reports an error retrieving user details from LDAP. There is a stacktrace in Wildfly log:
+```
+15:29:39,685 ERROR [stderr] (default task-6) javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)]]
+15:29:39,687 ERROR [stderr] (default task-6) at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:169)
+15:29:39,687 ERROR [stderr] (default task-6) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:236)
+15:29:39,689 ERROR [stderr] (default task-6) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
+```
+
+### Solution
+
+ Make sure `http.keytab` is available in location specified in `kerberosrealm.json`. See point no. 3 above. Also delete embedded server's cache directory:
+
+ rm -rf /tmp/server-work-keycloakDS
+
+
+### Symptom
+```
+17:32:19,825 ERROR [stderr] (default task-24) org.keycloak.util.KerberosSerializationUtils$KerberosSerializationException: Null credential given as input. Did you enable kerberos credential delegation for your web browser and mapping of gss credential to access token?, Java version: 1.8.0_60, runtime version: 1.8.0_60-b27, vendor: Oracle Corporation, os: 4.1.6-200.fc22.x86_64
+17:32:19,826 ERROR [stderr] (default task-24) at org.keycloak.util.KerberosSerializationUtils.deserializeCredential(KerberosSerializationUtils.java:109)
+17:32:19,827 ERROR [stderr] (default task-24) at org.keycloak.example.kerberos.GSSCredentialsClient.getUserFromLDAP(GSSCredentialsClient.java:42)
+```
+
+### Solution
+
+ Make sure to properly configure Firefox. See point no. 4 above.
+
examples/ldap/pom.xml 2(+1 -1)
diff --git a/examples/ldap/pom.xml b/examples/ldap/pom.xml
index 704ff25..b74c82b 100644
--- a/examples/ldap/pom.xml
+++ b/examples/ldap/pom.xml
@@ -5,7 +5,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
examples/multi-tenant/pom.xml 2(+1 -1)
diff --git a/examples/multi-tenant/pom.xml b/examples/multi-tenant/pom.xml
index de7a72e..ac316a5 100755
--- a/examples/multi-tenant/pom.xml
+++ b/examples/multi-tenant/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Keycloak Examples - Multi Tenant</name>
examples/pom.xml 2(+1 -1)
diff --git a/examples/pom.xml b/examples/pom.xml
index 7ee1f17..65a428e 100755
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Examples</name>
diff --git a/examples/providers/authenticator/pom.xml b/examples/providers/authenticator/pom.xml
index abfdfda..9a88f17 100755
--- a/examples/providers/authenticator/pom.xml
+++ b/examples/providers/authenticator/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-providers-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Authenticator Example</name>
diff --git a/examples/providers/authenticator/README.md b/examples/providers/authenticator/README.md
index 5a8c50a..f9eafcc 100755
--- a/examples/providers/authenticator/README.md
+++ b/examples/providers/authenticator/README.md
@@ -4,7 +4,7 @@ Example User Federation Provider
This is an example of defining a custom Authenticator and Required action. This example is explained in the user documentation
of Keycloak. To deploy, build this directory then take the jar and copy it to standalone/configuration/providers. Alternatively you can deploy as a module by running:
- KEYCLOAK_HOME/bin/jboss-cli.sh --command="module add --name=org.keycloak.examples.secret-question --resources=target/authenticator-required-action-example.jar --dependencies=org.keycloak.keycloak-core,org.keycloak.keycloak-model-api,org.keycloak.keycloak-services"
+ KEYCLOAK_HOME/bin/jboss-cli.sh --command="module add --name=org.keycloak.examples.secret-question --resources=target/authenticator-required-action-example.jar --dependencies=org.keycloak.keycloak-core,org.keycloak.keycloak-model-api,org.keycloak.keycloak-login-api,org.keycloak.keycloak-services,org.jboss.resteasy.resteasy-jaxrs,javax.ws.rs.api"
Then registering the provider by editing keycloak-server.json and adding the module to the providers field:
diff --git a/examples/providers/event-listener-sysout/pom.xml b/examples/providers/event-listener-sysout/pom.xml
index aba24f9..6b65078 100755
--- a/examples/providers/event-listener-sysout/pom.xml
+++ b/examples/providers/event-listener-sysout/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-providers-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Event Listener System.out Example</name>
diff --git a/examples/providers/event-store-mem/pom.xml b/examples/providers/event-store-mem/pom.xml
index a9d541f..1560b28 100755
--- a/examples/providers/event-store-mem/pom.xml
+++ b/examples/providers/event-store-mem/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-providers-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Event Store In-Mem Example</name>
diff --git a/examples/providers/federation-provider/pom.xml b/examples/providers/federation-provider/pom.xml
index 4e03e1f..ab45194 100755
--- a/examples/providers/federation-provider/pom.xml
+++ b/examples/providers/federation-provider/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-providers-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Properties Authentication Provider Example</name>
examples/providers/pom.xml 2(+1 -1)
diff --git a/examples/providers/pom.xml b/examples/providers/pom.xml
index 7311514..1bb90d0 100755
--- a/examples/providers/pom.xml
+++ b/examples/providers/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Provider Examples</name>
examples/saml/pom.xml 2(+1 -1)
diff --git a/examples/saml/pom.xml b/examples/saml/pom.xml
index 5eeb7e6..f324686 100755
--- a/examples/saml/pom.xml
+++ b/examples/saml/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Provider Examples</name>
examples/themes/pom.xml 2(+1 -1)
diff --git a/examples/themes/pom.xml b/examples/themes/pom.xml
index 3d11e47..8bb9d7c 100755
--- a/examples/themes/pom.xml
+++ b/examples/themes/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-examples-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<name>Themes Examples</name>
diff --git a/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl b/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl
index 8be620d..e02a340 100755
--- a/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl
+++ b/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl
@@ -5,7 +5,7 @@
<#elseif section = "header">
${msg("loginProfileTitle")}
<#elseif section = "form">
- <form id="kc-update-profile-form" class="${properties.kcFormClass!}" action="${url.loginUpdateProfileUrl}" method="post">
+ <form id="kc-update-profile-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('email',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
diff --git a/export-import/export-import-api/pom.xml b/export-import/export-import-api/pom.xml
index fc3bca3..734c793 100755
--- a/export-import/export-import-api/pom.xml
+++ b/export-import/export-import-api/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-export-import-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/export-import/export-import-dir/pom.xml b/export-import/export-import-dir/pom.xml
index bef097b..bf2e345 100755
--- a/export-import/export-import-dir/pom.xml
+++ b/export-import/export-import-dir/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-export-import-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/export-import/export-import-single-file/pom.xml b/export-import/export-import-single-file/pom.xml
index 9a0e969..a6cd0bd 100755
--- a/export-import/export-import-single-file/pom.xml
+++ b/export-import/export-import-single-file/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-export-import-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/export-import/export-import-zip/pom.xml b/export-import/export-import-zip/pom.xml
index 0dc100f..b396fa6 100755
--- a/export-import/export-import-zip/pom.xml
+++ b/export-import/export-import-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-export-import-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
export-import/pom.xml 2(+1 -1)
diff --git a/export-import/pom.xml b/export-import/pom.xml
index 711b2a3..35a6f0b 100755
--- a/export-import/pom.xml
+++ b/export-import/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
federation/kerberos/pom.xml 2(+1 -1)
diff --git a/federation/kerberos/pom.xml b/federation/kerberos/pom.xml
index be0b951..ce6c8fa 100755
--- a/federation/kerberos/pom.xml
+++ b/federation/kerberos/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
index 9c56f75..2252a87 100644
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
@@ -106,6 +106,11 @@ public class SPNEGOAuthenticator {
logAuthDetails(gssContext);
if (gssContext.isEstablished()) {
+ if (gssContext.getSrcName() == null) {
+ log.warn("GSS Context accepted, but no context initiator recognized. Check your kerberos configuration and reverse DNS lookup configuration");
+ return false;
+ }
+
authenticatedKerberosPrincipal = gssContext.getSrcName().toString();
if (gssContext.getCredDelegState()) {
federation/ldap/pom.xml 2(+1 -1)
diff --git a/federation/ldap/pom.xml b/federation/ldap/pom.xml
index 0043d9a..afab21c 100755
--- a/federation/ldap/pom.xml
+++ b/federation/ldap/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
index 215034a..8a5b299 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
@@ -333,6 +333,7 @@ public class LDAPOperationManager {
Hashtable<String, Object> env = new Hashtable<String, Object>(this.connectionProperties);
+ env.put(Context.SECURITY_AUTHENTICATION, LDAPConstants.AUTH_TYPE_SIMPLE);
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password);
federation/pom.xml 2(+1 -1)
diff --git a/federation/pom.xml b/federation/pom.xml
index 51bbe55..0a920dc 100755
--- a/federation/pom.xml
+++ b/federation/pom.xml
@@ -5,7 +5,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
forms/account-api/pom.xml 2(+1 -1)
diff --git a/forms/account-api/pom.xml b/forms/account-api/pom.xml
index 498ff80..c5ab8df 100755
--- a/forms/account-api/pom.xml
+++ b/forms/account-api/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-forms-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
forms/account-freemarker/pom.xml 2(+1 -1)
diff --git a/forms/account-freemarker/pom.xml b/forms/account-freemarker/pom.xml
index ee10fdd..702d68b 100755
--- a/forms/account-freemarker/pom.xml
+++ b/forms/account-freemarker/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-forms-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
forms/common-freemarker/pom.xml 2(+1 -1)
diff --git a/forms/common-freemarker/pom.xml b/forms/common-freemarker/pom.xml
index 852bec4..c6c1e13 100755
--- a/forms/common-freemarker/pom.xml
+++ b/forms/common-freemarker/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-forms-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/forms/common-freemarker/src/main/java/org/keycloak/freemarker/LocaleHelper.java b/forms/common-freemarker/src/main/java/org/keycloak/freemarker/LocaleHelper.java
index fc249d5..9f1aafe 100644
--- a/forms/common-freemarker/src/main/java/org/keycloak/freemarker/LocaleHelper.java
+++ b/forms/common-freemarker/src/main/java/org/keycloak/freemarker/LocaleHelper.java
@@ -18,8 +18,6 @@ public class LocaleHelper {
public static final String UI_LOCALES_PARAM = "ui_locales";
public static final String KC_LOCALE_PARAM = "kc_locale";
- private final static Logger LOGGER = Logger.getLogger(LocaleHelper.class);
-
public static Locale getLocale(RealmModel realm, UserModel user) {
return getLocale(realm, user, null, null);
}
@@ -38,8 +36,6 @@ public class LocaleHelper {
user.setSingleAttribute(UserModel.LOCALE, locale.toLanguageTag());
}
return locale;
- }else{
- LOGGER.infof("Locale %s is not supported.", localeString);
}
}
@@ -52,8 +48,6 @@ public class LocaleHelper {
user.setSingleAttribute(UserModel.LOCALE, locale.toLanguageTag());
}
return locale;
- }else{
- LOGGER.infof("Locale %s is not supported.", localeString);
}
}
@@ -64,8 +58,6 @@ public class LocaleHelper {
if(locale != null){
return locale;
- }else{
- LOGGER.infof("Locale %s is not supported.", localeString);
}
}
@@ -75,8 +67,6 @@ public class LocaleHelper {
Locale locale = findLocale(realm.getSupportedLocales(), localeString.split(" "));
if(locale != null){
return locale;
- }else{
- LOGGER.infof("Locale %s is not supported.", localeString);
}
}
@@ -87,8 +77,6 @@ public class LocaleHelper {
Locale locale = findLocale(realm.getSupportedLocales(), localeString);
if(locale != null){
return locale;
- }else{
- LOGGER.infof("Locale %s is not supported.", localeString);
}
}
}
@@ -109,8 +97,6 @@ public class LocaleHelper {
builder.cookie(new NewCookie(LocaleHelper.LOCALE_COOKIE, locale.toLanguageTag(), path, null, null, 31536000, secure));
}
-
-
public static Locale findLocale(Set<String> supportedLocales, String ... localeStrings) {
for(String localeString : localeStrings){
Locale result = null;
forms/common-themes/pom.xml 2(+1 -1)
diff --git a/forms/common-themes/pom.xml b/forms/common-themes/pom.xml
index 17c59df..957e047 100755
--- a/forms/common-themes/pom.xml
+++ b/forms/common-themes/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-forms-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/forms/common-themes/src/main/resources/theme/base/account/applications.ftl b/forms/common-themes/src/main/resources/theme/base/account/applications.ftl
index 27b916b..4e01c02 100755
--- a/forms/common-themes/src/main/resources/theme/base/account/applications.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/account/applications.ftl
@@ -76,7 +76,7 @@
</td>
<td>
- <#if application.client.consentRequired>
+ <#if application.client.consentRequired && application.claimsGranted?has_content>
<button type='submit' class='${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!}' id='revoke-${application.client.clientId}' name='clientId' value="${application.client.id}">${msg("revoke")}</button>
</#if>
</td>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
index 7819f8b..903131d 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
@@ -638,6 +638,9 @@ module.config([ '$routeProvider', function($routeProvider) {
},
clientAuthenticatorProviders : function(ClientAuthenticatorProvidersLoader) {
return ClientAuthenticatorProvidersLoader();
+ },
+ clientConfigProperties: function(PerClientAuthenticationConfigDescriptionLoader) {
+ return PerClientAuthenticationConfigDescriptionLoader();
}
},
controller : 'ClientCredentialsCtrl'
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
index 46f6c9a..ae334e7 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
@@ -30,25 +30,31 @@ module.controller('ClientRoleListCtrl', function($scope, $location, realm, clien
});
});
-module.controller('ClientCredentialsCtrl', function($scope, $location, realm, client, clientAuthenticatorProviders, Client) {
+module.controller('ClientCredentialsCtrl', function($scope, $location, realm, client, clientAuthenticatorProviders, clientConfigProperties, Client) {
$scope.realm = realm;
$scope.client = angular.copy(client);
$scope.clientAuthenticatorProviders = clientAuthenticatorProviders;
- var updateConfigButtonVisibility = function() {
- for (var i=0 ; i<clientAuthenticatorProviders.length ; i++) {
- var authenticator = clientAuthenticatorProviders[i];
- if ($scope.client.clientAuthenticatorType === authenticator.id) {
- $scope.configButtonVisible = authenticator.configurablePerClient;
- }
+ var updateCurrentPartial = function(val) {
+ $scope.clientAuthenticatorConfigPartial;
+ switch(val) {
+ case 'client-secret':
+ $scope.clientAuthenticatorConfigPartial = 'client-credentials-secret.html';
+ break;
+ case 'client-jwt':
+ $scope.clientAuthenticatorConfigPartial = 'client-credentials-jwt.html';
+ break;
+ default:
+ $scope.currentAuthenticatorConfigProperties = clientConfigProperties[val];
+ $scope.clientAuthenticatorConfigPartial = 'client-credentials-generic.html';
+ break;
}
};
- updateConfigButtonVisibility();
- $scope.$watch('client', function() {
- if (!angular.equals($scope.client, client)) {
+ updateCurrentPartial(client.clientAuthenticatorType);
- console.log("Update client credentials!");
+ $scope.$watch('client.clientAuthenticatorType', function() {
+ if (!angular.equals($scope.client.clientAuthenticatorType, client.clientAuthenticatorType)) {
Client.update({
realm : realm.realm,
@@ -56,31 +62,12 @@ module.controller('ClientCredentialsCtrl', function($scope, $location, realm, cl
}, $scope.client, function() {
$scope.changed = false;
client = angular.copy($scope.client);
- updateConfigButtonVisibility();
+ updateCurrentPartial(client.clientAuthenticatorType)
});
}
}, true);
- $scope.$watch('client.clientAuthenticatorType', function(val) {
- $scope.clientAuthenticatorConfigPartial;
- switch(val) {
- case 'client-secret':
- $scope.clientAuthenticatorConfigPartial = 'client-credentials-secret.html';
- break;
- case 'client-jwt':
- $scope.clientAuthenticatorConfigPartial = 'client-credentials-jwt.html';
- break;
- default:
- $scope.clientAuthenticatorConfigPartial = 'client-credentials-generic.html';
- break;
- }
- });
-
- $scope.configureAuthenticator = function() {
- $location.url("/realms/" + realm.realm + "/clients/" + client.id + "/credentials/" + client.clientAuthenticatorType);
- }
-
});
module.controller('ClientSecretCtrl', function($scope, $location, ClientSecret, Notifications) {
@@ -134,17 +121,15 @@ module.controller('ClientSignedJWTCtrl', function($scope, $location, ClientCerti
};
});
-module.controller('ClientGenericCredentialsCtrl', function($scope, $location, realm, client, clientConfigProperties, Client, Notifications) {
+module.controller('ClientGenericCredentialsCtrl', function($scope, $location, Client, Notifications) {
console.log('ClientGenericCredentialsCtrl invoked');
- $scope.realm = realm;
- $scope.client = angular.copy(client);
- $scope.clientConfigProperties = clientConfigProperties;
+ $scope.clientCopy = angular.copy($scope.client);
$scope.changed = false;
$scope.$watch('client', function() {
- if (!angular.equals($scope.client, client)) {
+ if (!angular.equals($scope.client, $scope.clientCopy)) {
$scope.changed = true;
}
}, true);
@@ -152,17 +137,17 @@ module.controller('ClientGenericCredentialsCtrl', function($scope, $location, re
$scope.save = function() {
Client.update({
- realm : realm.realm,
- client : client.id
+ realm : $scope.realm.realm,
+ client : $scope.client.id
}, $scope.client, function() {
$scope.changed = false;
- client = angular.copy($scope.client);
+ $scope.clientCopy = angular.copy($scope.client);
Notifications.success("Client authentication configuration has been saved to the client.");
});
};
$scope.reset = function() {
- $scope.client = angular.copy(client);
+ $scope.client = angular.copy($scope.clientCopy);
$scope.changed = false;
};
});
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
index 95d80a3..4027a85 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
@@ -414,6 +414,14 @@ module.controller('RealmPasswordPolicyCtrl', function($scope, Realm, realm, $htt
if (!$scope.policy) {
$scope.policy = [];
}
+ if (policy.name === 'regexPattern') {
+ for (var i in $scope.allPolicies) {
+ var p = $scope.allPolicies[i];
+ if (p.name === 'regexPattern') {
+ $scope.allPolicies[i] = { name: 'regexPattern', value: '' };
+ }
+ }
+ }
$scope.policy.push(policy);
}
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/loaders.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/loaders.js
index 3053df5..6b09bc1 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/loaders.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/loaders.js
@@ -419,10 +419,9 @@ module.factory('AuthenticationConfigDescriptionLoader', function(Loader, Authent
});
module.factory('PerClientAuthenticationConfigDescriptionLoader', function(Loader, PerClientAuthenticationConfigDescription, $route, $q) {
- return Loader.query(PerClientAuthenticationConfigDescription, function () {
+ return Loader.get(PerClientAuthenticationConfigDescription, function () {
return {
- realm: $route.current.params.realm,
- provider: $route.current.params.provider
+ realm: $route.current.params.realm
}
});
});
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
index 5a08582..d1abe26 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
@@ -1063,7 +1063,7 @@ module.factory('PasswordPolicy', function() {
upperCase: "Minimal number (integer type) of uppercase characters in password. Default value is 1.",
specialChars: "Minimal number (integer type) of special characters in password. Default value is 1.",
notUsername: "Block passwords that are equal to the username",
- regexPatterns: "Block passwords that do not match all of the regex patterns (string type).",
+ regexPattern: "Block passwords that do not match the regex pattern (string type).",
passwordHistory: "Block passwords that are equal to previous passwords. Default value is 3.",
forceExpiredPasswordChange: "Force password change when password credential is expired. Default value is 365 days."
}
@@ -1076,7 +1076,7 @@ module.factory('PasswordPolicy', function() {
{ name: 'upperCase', value: 1 },
{ name: 'specialChars', value: 1 },
{ name: 'notUsername', value: 1 },
- { name: 'regexPatterns', value: ''},
+ { name: 'regexPattern', value: ''},
{ name: 'passwordHistory', value: 3 },
{ name: 'forceExpiredPasswordChange', value: 365 }
];
@@ -1094,7 +1094,7 @@ module.factory('PasswordPolicy', function() {
for (var i = 0; i < policyArray.length; i ++){
var policyToken = policyArray[i];
- if(policyToken.indexOf('regexPatterns') === 0) {
+ if(policyToken.indexOf('regexPattern') === 0) {
re = /(\w+)\((.*)\)/;
policyEntry = re.exec(policyToken);
if (null !== policyEntry) {
@@ -1134,6 +1134,25 @@ module.factory('PasswordPolicy', function() {
return p;
});
+module.filter('removeSelectedPolicies', function() {
+ return function(policies, selectedPolicies) {
+ var result = [];
+ for(var i in policies) {
+ var policy = policies[i];
+ var policyAvailable = true;
+ for(var j in selectedPolicies) {
+ if(policy.name === selectedPolicies[j].name && policy.name !== 'regexPattern') {
+ policyAvailable = false;
+ }
+ }
+ if(policyAvailable) {
+ result.push(policy);
+ }
+ }
+ return result;
+ }
+});
+
module.factory('IdentityProvider', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/identity-provider/instances/:alias', {
realm : '@realm',
@@ -1258,9 +1277,8 @@ module.factory('AuthenticationConfigDescription', function($resource) {
});
});
module.factory('PerClientAuthenticationConfigDescription', function($resource) {
- return $resource(authUrl + '/admin/realms/:realm/authentication/per-client-config-description/:provider', {
- realm : '@realm',
- provider: '@provider'
+ return $resource(authUrl + '/admin/realms/:realm/authentication/per-client-config-description', {
+ realm : '@realm'
});
});
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-generic.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-generic.html
index c7595dd..e249914 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-generic.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-generic.html
@@ -1,12 +1,14 @@
-<form class="form-horizontal" name="credentialForm" novalidate kc-read-only="!access.manageClients" data-ng-show="client.attributes.length > 0">
- <fieldset>
- <kc-provider-config realm="realm" config="client.attributes" properties="clientConfigProperties"></kc-provider-config>
- </fieldset>
+<div>
+ <form class="form-horizontal" name="credentialForm" novalidate kc-read-only="!access.manageClients" data-ng-show="currentAuthenticatorConfigProperties.length > 0" data-ng-controller="ClientGenericCredentialsCtrl">
+ <fieldset>
+ <kc-provider-config realm="realm" config="client.attributes" properties="currentAuthenticatorConfigProperties"></kc-provider-config>
+ </fieldset>
- <div class="form-group">
- <div class="col-md-10 col-md-offset-2" data-ng-show="access.manageClients">
- <button kc-save data-ng-disabled="!changed">Save</button>
- <button kc-reset data-ng-disabled="!changed">Cancel</button>
+ <div class="form-group">
+ <div class="col-md-10 col-md-offset-2" data-ng-show="access.manageClients">
+ <button kc-save data-ng-disabled="!changed">Save</button>
+ <button kc-reset data-ng-disabled="!changed">Cancel</button>
+ </div>
</div>
- </div>
-</form>
\ No newline at end of file
+ </form>
+</div>
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html
index fc8236f..08c1dcd 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html
@@ -3,7 +3,7 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
- <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials/client-jwt">Signed JWT config</a></li>
+ <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials">Credentials</a></li>
<li class="active">Generate Client Private Key</li>
</ol>
@@ -54,4 +54,4 @@
</form>
</div>
-<kc-menu></kc-menu>
\ No newline at end of file
+<kc-menu></kc-menu>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html
index 654d1d6..a3556ea 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html
@@ -3,7 +3,7 @@
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/clients">Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
- <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials/client-jwt">Signed JWT config</a></li>
+ <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials">Credentials</a></li>
<li class="active">Client Certificate Import</li>
</ol>
@@ -59,4 +59,4 @@
</form>
</div>
-<kc-menu></kc-menu>
\ No newline at end of file
+<kc-menu></kc-menu>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
index ff4e0f7..2da9b0d 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
@@ -7,12 +7,12 @@
<table class="table table-striped table-bordered">
<caption class="hidden">Table of Password Policies</caption>
<thead>
- <tr ng-show="(allPolicies|remove:policy:'name').length > 0">
+ <tr ng-show="(allPolicies|removeSelectedPolicies:policy).length > 0">
<th colspan="5" class="kc-table-actions">
<div class="pull-right">
<div>
<select class="form-control" ng-model="selectedPolicy"
- ng-options="(p.name|capitalize) for p in (allPolicies|remove:policy:'name')"
+ ng-options="(p.name|capitalize) for p in (allPolicies|removeSelectedPolicies:policy)"
data-ng-change="addPolicy(selectedPolicy); selectedPolicy = null">
<option value="" disabled selected>Add policy...</option>
</select>
@@ -51,4 +51,4 @@
</div>
-<kc-menu></kc-menu>
\ No newline at end of file
+<kc-menu></kc-menu>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-attributes.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-attributes.html
index 542431d..9713a80 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-attributes.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-attributes.html
@@ -16,7 +16,7 @@
</tr>
</thead>
<tbody>
- <tr ng-repeat="(key, value) in (user.attributes | filter:search)">
+ <tr ng-repeat="(key, value) in user.attributes">
<td>{{key}}</td>
<td><input ng-model="user.attributes[key]" class="form-control" type="text" name="{{key}}" id="attribute-{{key}}" /></td>
<td class="kc-action-cell">
diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
old mode 100755
new mode 100644
index 3050953..4cbbf0f
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
@@ -168,24 +168,24 @@ registrationNotAllowedMessage=Registrierung nicht erlaubt.
resetCredentialNotAllowedMessage=Reset Credential not allowed
permissionNotApprovedMessage=Berechtigung nicht best\u00E4tigt.
-noRelayStateInResponseMessage=Kein relay state in der Antwort von dem Identity Provider [{0}].
-identityProviderAlreadyLinkedMessage=Die Identit\u00E4t welche von dem Identity Provider [{0}] zur\u00FCckgegeben wurde, ist bereits mit einem anderen Benutzer verkn\u00FCpft.
+noRelayStateInResponseMessage=Kein relay state in der Antwort von dem Identity Provider.
+identityProviderAlreadyLinkedMessage=Die Identit\u00E4t welche von dem Identity Provider zur\u00FCckgegeben wurde, ist bereits mit einem anderen Benutzer verkn\u00FCpft.
insufficientPermissionMessage=Nicht gen\u00FCgend Rechte um die Identit\u00E4t zu verkn\u00FCpfen.
couldNotProceedWithAuthenticationRequestMessage=Konnte den Authentifizierungs Request nicht weiter verarbeiten.
-couldNotObtainTokenMessage=Konnte kein token vom Identity Provider [{0}] entnehmen.
-unexpectedErrorRetrievingTokenMessage=Unerwarteter Fehler w\u00E4hrend dem Empfang des Token von dem Identity Provider [{0}].
-unexpectedErrorHandlingResponseMessage=Unerwarteter Fehler w\u00E4hrend der Bearbeitung des Respons vom Identity Provider [{0}].
-identityProviderAuthenticationFailedMessage=Authentifizierung Fehlgeschlagen. Konnte sich mit dem Identity Provider [{0}] nicht authentifizieren.
-couldNotSendAuthenticationRequestMessage=Konnte Authentifizierungs Request nicht an den Identity Provider [{0}] schicken.
-unexpectedErrorHandlingRequestMessage=Unerwarteter Fehler w\u00E4hrend der Bearbeitung des Requests zum Identity Provider [{0}].
+couldNotObtainTokenMessage=Konnte kein token vom Identity Provider entnehmen.
+unexpectedErrorRetrievingTokenMessage=Unerwarteter Fehler w\u00E4hrend dem Empfang des Token von dem Identity Provider.
+unexpectedErrorHandlingResponseMessage=Unerwarteter Fehler w\u00E4hrend der Bearbeitung des Respons vom Identity Provider.
+identityProviderAuthenticationFailedMessage=Authentifizierung Fehlgeschlagen. Konnte sich mit dem Identity Provider nicht authentifizieren.
+couldNotSendAuthenticationRequestMessage=Konnte Authentifizierungs Request nicht an den Identity Provider schicken.
+unexpectedErrorHandlingRequestMessage=Unerwarteter Fehler w\u00E4hrend der Bearbeitung des Requests zum Identity Provider.
invalidAccessCodeMessage=Ung\u00FCltiger Access-Code.
sessionNotActiveMessage=Session nicht aktiv.
unknownCodeMessage=Unbekannter Code, bitte melden Sie sich erneut \u00FCber die Applikation an.
invalidCodeMessage=Ung\u00FCltiger Code, bitte melden Sie sich erneut \u00FCber die Applikation an.
identityProviderUnexpectedErrorMessage=Unerwarteter Fehler w\u00E4hrend der Authentifizierung mit dem Identity Provider.
-identityProviderNotFoundMessage=Konnte kein Identity Provider mit der Identit\u00E4t [{0}] finden.
-realmSupportsNoCredentialsMessage=Realm [{0}] unterst\u00FCtzt keine Credential Typen.
-identityProviderNotUniqueMessage=Realm [{0}] unterst\u00FCtz mehrere Identity Providers.
+identityProviderNotFoundMessage=Konnte kein Identity Provider mit der Identit\u00E4t finden.
+realmSupportsNoCredentialsMessage=Realm unterst\u00FCtzt keine Credential Typen.
+identityProviderNotUniqueMessage=Realm unterst\u00FCtz mehrere Identity Providers.
invalidParameterMessage=Invalid parameter\: {0}
missingParameterMessage=Missing parameter\: {0}
diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
old mode 100755
new mode 100644
index bc10220..3dfb8ea
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
@@ -171,23 +171,23 @@ registrationNotAllowedMessage=Registration not allowed
resetCredentialNotAllowedMessage=Reset Credential not allowed
permissionNotApprovedMessage=Permission not approved.
-noRelayStateInResponseMessage=No relay state in response from identity provider [{0}].
-identityProviderAlreadyLinkedMessage=The identity returned by the identity provider [{0}] is already linked to another user.
+noRelayStateInResponseMessage=No relay state in response from identity provider.
+identityProviderAlreadyLinkedMessage=The identity returned by the identity provider is already linked to another user.
insufficientPermissionMessage=Insufficient permissions to link identities.
couldNotProceedWithAuthenticationRequestMessage=Could not proceed with authentication request to identity provider.
-couldNotObtainTokenMessage=Could not obtain token from identity provider [{0}].
-unexpectedErrorRetrievingTokenMessage=Unexpected error when retrieving token from identity provider [{0}].
-unexpectedErrorHandlingResponseMessage=Unexpected error when handling response from identity provider [{0}].
-identityProviderAuthenticationFailedMessage=Authentication failed. Could not authenticate with identity provider [{0}].
-couldNotSendAuthenticationRequestMessage=Could not send authentication request to identity provider [{0}].
-unexpectedErrorHandlingRequestMessage=Unexpected error when handling authentication request to identity provider [{0}].
+couldNotObtainTokenMessage=Could not obtain token from identity provider.
+unexpectedErrorRetrievingTokenMessage=Unexpected error when retrieving token from identity provider.
+unexpectedErrorHandlingResponseMessage=Unexpected error when handling response from identity provider.
+identityProviderAuthenticationFailedMessage=Authentication failed. Could not authenticate with identity provider.
+couldNotSendAuthenticationRequestMessage=Could not send authentication request to identity provider.
+unexpectedErrorHandlingRequestMessage=Unexpected error when handling authentication request to identity provider.
invalidAccessCodeMessage=Invalid access code.
sessionNotActiveMessage=Session not active.
invalidCodeMessage=An error occurred, please login again through your application.
identityProviderUnexpectedErrorMessage=Unexpected error when authenticating with identity provider
-identityProviderNotFoundMessage=Could not find an identity provider with the identifier [{0}].
-realmSupportsNoCredentialsMessage=Realm [{0}] does not support any credential type.
-identityProviderNotUniqueMessage=Realm [{0}] supports multiple identity providers. Could not determine which identity provider should be used to authenticate with.
+identityProviderNotFoundMessage=Could not find an identity provider with the identifier.
+realmSupportsNoCredentialsMessage=Realm does not support any credential type.
+identityProviderNotUniqueMessage=Realm supports multiple identity providers. Could not determine which identity provider should be used to authenticate with.
emailVerifiedMessage=Your email address has been verified.
locale_de=German
diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
old mode 100755
new mode 100644
index e57afcd..4833b9b
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
@@ -166,23 +166,23 @@ resetCredentialNotAllowedMessage=Reset Credential not allowed
permissionNotApprovedMessage=Permesso non approvato.
-noRelayStateInResponseMessage=Nessun relay state in risposta dall''identity provider [{0}].
-identityProviderAlreadyLinkedMessage=L''identita'' restituita dall''identity provider [{0}] e'' gia'' associata ad un altro utente.
+noRelayStateInResponseMessage=Nessun relay state in risposta dall''identity provider.
+identityProviderAlreadyLinkedMessage=L''identita'' restituita dall''identity provider e'' gia'' associata ad un altro utente.
insufficientPermissionMessage=Permessi insufficienti per associare le identita''.
couldNotProceedWithAuthenticationRequestMessage=Non posso procedere con la richiesta di autenticazione all''identity provider.
-couldNotObtainTokenMessage=Non posso ottenere un token dall''identity provider [{0}].
-unexpectedErrorRetrievingTokenMessage=Errore inaspettato nella gestione del token dall''identity provider [{0}].
-unexpectedErrorHandlingResponseMessage=Errore inaspettato nella gestione della risposta dall''identity provider [{0}].
-identityProviderAuthenticationFailedMessage=Autenticazione fallita. Non posso effettuare l''autenticazione con l''identity provider [{0}].
-couldNotSendAuthenticationRequestMessage=Non posso inviare la richiesta di autenticazione all''identity provider [{0}].
-unexpectedErrorHandlingRequestMessage=Errore imprevisto durante l''autenticazione con identity provider [{0}].
+couldNotObtainTokenMessage=Non posso ottenere un token dall''identity provider.
+unexpectedErrorRetrievingTokenMessage=Errore inaspettato nella gestione del token dall''identity provider.
+unexpectedErrorHandlingResponseMessage=Errore inaspettato nella gestione della risposta dall''identity provider.
+identityProviderAuthenticationFailedMessage=Autenticazione fallita. Non posso effettuare l''autenticazione con l''identity provider.
+couldNotSendAuthenticationRequestMessage=Non posso inviare la richiesta di autenticazione all''identity provider.
+unexpectedErrorHandlingRequestMessage=Errore imprevisto durante l''autenticazione con identity provider.
invalidAccessCodeMessage=Codice di accesso non valido.
sessionNotActiveMessage=Sessione non attiva.
invalidCodeMessage=Si e'' verificato un errore, per piacere effettua di nuovo il login nella tua applicazione.
identityProviderUnexpectedErrorMessage=Errore imprevisto durante l''autenticazione con identity provider
-identityProviderNotFoundMessage=Non posso trovare un identity provider con l''identificativo [{0}].
-realmSupportsNoCredentialsMessage=Il Realm [{0}] non supporta nessun tipo di credenziali.
-identityProviderNotUniqueMessage=Il Realm [{0}] supporta piu'' di un identity provider. Non posso determinare quale identity provider con il quale autenticarti.
+identityProviderNotFoundMessage=Non posso trovare un identity provider con l''identificativo.
+realmSupportsNoCredentialsMessage=Il Realm non supporta nessun tipo di credenziali.
+identityProviderNotUniqueMessage=Il Realm supporta piu'' di un identity provider. Non posso determinare quale identity provider con il quale autenticarti.
emailVerifiedMessage=Il tuo indirizzo email e'' stato verificato.
locale_de=German
diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties
old mode 100755
new mode 100644
index 89c8808..d2b1b65
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties
@@ -171,23 +171,23 @@ registrationNotAllowedMessage=Registro n\u00E3o permitido.
resetCredentialNotAllowedMessage=Reset Credential not allowed
permissionNotApprovedMessage=Permiss\u00E3o n\u00E3o aprovada.
-noRelayStateInResponseMessage=Sem estado de retransmiss\u00E3o na resposta do provedor de identidade [{0}].
-identityProviderAlreadyLinkedMessage=A identidade retornado pelo provedor de identidade [{0}] j\u00E1 est\u00E1 vinculado a outro usu\u00E1rio.
+noRelayStateInResponseMessage=Sem estado de retransmiss\u00E3o na resposta do provedor de identidade.
+identityProviderAlreadyLinkedMessage=A identidade retornado pelo provedor de identidade j\u00E1 est\u00E1 vinculado a outro usu\u00E1rio.
insufficientPermissionMessage=Permiss\u00F5es insuficientes para vincular identidades.
couldNotProceedWithAuthenticationRequestMessage=N\u00E3o foi poss\u00EDvel proceder \u00E0 solicita\u00E7\u00E3o de autentica\u00E7\u00E3o para provedor de identidade.
-couldNotObtainTokenMessage=N\u00E3o foi poss\u00EDvel obter token do provedor de identidade [{0}].
-unexpectedErrorRetrievingTokenMessage=Erro inesperado ao recuperar token do provedor de identidade [{0}].
-unexpectedErrorHandlingResponseMessage=Erro inesperado ao manusear resposta do provedor de identidade [{0}].
-identityProviderAuthenticationFailedMessage=Falha na autentica\u00E7\u00E3o. N\u00E3o foi poss\u00EDvel autenticar com o provedor de identidade [{0}].
-couldNotSendAuthenticationRequestMessage=N\u00E3o foi poss\u00EDvel enviar solicita\u00E7\u00E3o de autentica\u00E7\u00E3o para o provedor de identidade [{0}].
-unexpectedErrorHandlingRequestMessage=Erro inesperado ao manusear pedido de autentica\u00E7\u00E3o para provedor de identidade [{0}].
+couldNotObtainTokenMessage=N\u00E3o foi poss\u00EDvel obter token do provedor de identidade.
+unexpectedErrorRetrievingTokenMessage=Erro inesperado ao recuperar token do provedor de identidade.
+unexpectedErrorHandlingResponseMessage=Erro inesperado ao manusear resposta do provedor de identidade.
+identityProviderAuthenticationFailedMessage=Falha na autentica\u00E7\u00E3o. N\u00E3o foi poss\u00EDvel autenticar com o provedor de identidade.
+couldNotSendAuthenticationRequestMessage=N\u00E3o foi poss\u00EDvel enviar solicita\u00E7\u00E3o de autentica\u00E7\u00E3o para o provedor de identidade.
+unexpectedErrorHandlingRequestMessage=Erro inesperado ao manusear pedido de autentica\u00E7\u00E3o para provedor de identidade.
invalidAccessCodeMessage=C\u00F3digo de acesso inv\u00E1lido.
sessionNotActiveMessage=Sess\u00E3o inativa.
invalidCodeMessage=C\u00F3digo inv\u00E1lido, por favor fa\u00E7a login novamente atrav\u00E9s de sua aplica\u00E7\u00E3o.
identityProviderUnexpectedErrorMessage=Erro inesperado durante a autentica\u00E7\u00E3o com o provedor de identidade
-identityProviderNotFoundMessage=N\u00E3o foi poss\u00EDvel encontrar um provedor de identidade com o identificador [{0}].
-realmSupportsNoCredentialsMessage=O realm [{0}] n\u00E3o suporta qualquer tipo de credencial.
-identityProviderNotUniqueMessage=O realm [{0}] suporta m\u00FAltiplos provedores de identidade. N\u00E3o foi poss\u00EDvel determinar qual o provedor de identidade deve ser usado para se autenticar.
+identityProviderNotFoundMessage=N\u00E3o foi poss\u00EDvel encontrar um provedor de identidade com o identificador.
+realmSupportsNoCredentialsMessage=O realm n\u00E3o suporta qualquer tipo de credencial.
+identityProviderNotUniqueMessage=O realm suporta m\u00FAltiplos provedores de identidade. N\u00E3o foi poss\u00EDvel determinar qual o provedor de identidade deve ser usado para se autenticar.
emailVerifiedMessage=O seu endere\u00E7o de e-mail foi confirmado.
locale_de=Deutsch
forms/email-api/pom.xml 2(+1 -1)
diff --git a/forms/email-api/pom.xml b/forms/email-api/pom.xml
index 3dd229b..17c5a0d 100755
--- a/forms/email-api/pom.xml
+++ b/forms/email-api/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-forms-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
forms/email-freemarker/pom.xml 2(+1 -1)
diff --git a/forms/email-freemarker/pom.xml b/forms/email-freemarker/pom.xml
index 026431a..e1eff9d 100755
--- a/forms/email-freemarker/pom.xml
+++ b/forms/email-freemarker/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-forms-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
forms/login-api/pom.xml 2(+1 -1)
diff --git a/forms/login-api/pom.xml b/forms/login-api/pom.xml
index abf4c28..5d7725d 100755
--- a/forms/login-api/pom.xml
+++ b/forms/login-api/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-forms-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
forms/login-freemarker/pom.xml 2(+1 -1)
diff --git a/forms/login-freemarker/pom.xml b/forms/login-freemarker/pom.xml
index 5d13698..4bfd3d0 100755
--- a/forms/login-freemarker/pom.xml
+++ b/forms/login-freemarker/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-forms-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
forms/pom.xml 2(+1 -1)
diff --git a/forms/pom.xml b/forms/pom.xml
index c3b3ef3..3e403a0 100755
--- a/forms/pom.xml
+++ b/forms/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/adapter-core/pom.xml 2(+1 -1)
diff --git a/integration/adapter-core/pom.xml b/integration/adapter-core/pom.xml
index e96320a..92308c4 100755
--- a/integration/adapter-core/pom.xml
+++ b/integration/adapter-core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientCredentialsProviderUtils.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientCredentialsProviderUtils.java
index be3eb41..3a7b1c3 100644
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientCredentialsProviderUtils.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientCredentialsProviderUtils.java
@@ -1,8 +1,10 @@
package org.keycloak.adapters.authentication;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.ServiceConfigurationError;
import java.util.ServiceLoader;
import org.apache.http.NameValuePair;
@@ -55,8 +57,17 @@ public class ClientCredentialsProviderUtils {
}
private static void loadAuthenticators(Map<String, ClientCredentialsProvider> authenticators, ClassLoader classLoader) {
- for (ClientCredentialsProvider authenticator : ServiceLoader.load(ClientCredentialsProvider.class, classLoader)) {
- authenticators.put(authenticator.getId(), authenticator);
+ Iterator<ClientCredentialsProvider> iterator = ServiceLoader.load(ClientCredentialsProvider.class, classLoader).iterator();
+ while (iterator.hasNext()) {
+ try {
+ ClientCredentialsProvider authenticator = iterator.next();
+ logger.debugf("Loaded clientCredentialsProvider %s", authenticator.getId());
+ authenticators.put(authenticator.getId(), authenticator);
+ } catch (ServiceConfigurationError e) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("Failed to load clientCredentialsProvider with classloader: " + classLoader, e);
+ }
+ }
}
}
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java
index 6503e67..d68c7cb 100644
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java
@@ -51,7 +51,7 @@ public class JWTClientCredentialsProvider implements ClientCredentialsProvider {
}
String clientKeystoreType = (String) cfg.get("client-keystore-type");
- KeystoreUtil.KeystoreFormat clientKeystoreFormat = clientKeystoreType==null ? KeystoreUtil.KeystoreFormat.JKS : Enum.valueOf(KeystoreUtil.KeystoreFormat.class, clientKeystoreType);
+ KeystoreUtil.KeystoreFormat clientKeystoreFormat = clientKeystoreType==null ? KeystoreUtil.KeystoreFormat.JKS : Enum.valueOf(KeystoreUtil.KeystoreFormat.class, clientKeystoreType.toUpperCase());
String clientKeystorePassword = (String) cfg.get("client-keystore-password");
if (clientKeystorePassword == null) {
@@ -69,8 +69,23 @@ public class JWTClientCredentialsProvider implements ClientCredentialsProvider {
}
this.privateKey = KeystoreUtil.loadPrivateKeyFromKeystore(clientKeystoreFile, clientKeystorePassword, clientKeyPassword, clientKeyAlias, clientKeystoreFormat);
- Integer tokenExp = (Integer) cfg.get("token-timeout");
- this.tokenTimeout = (tokenExp==null) ? 10 : tokenExp;
+ this.tokenTimeout = asInt(cfg, "token-timeout", 10);
+ }
+
+ // TODO: Generic method for this?
+ private Integer asInt(Map<String, Object> cfg, String cfgKey, int defaultValue) {
+ Object cfgObj = cfg.get(cfgKey);
+ if (cfgObj == null) {
+ return defaultValue;
+ }
+
+ if (cfgObj instanceof String) {
+ return Integer.parseInt(cfgObj.toString());
+ } else if (cfgObj instanceof Number) {
+ return ((Number) cfgObj).intValue();
+ } else {
+ throw new IllegalArgumentException("Can't parse " + cfgKey + " from the config. Value is " + cfgObj);
+ }
}
@Override
integration/admin-client/pom.xml 2(+1 -1)
diff --git a/integration/admin-client/pom.xml b/integration/admin-client/pom.xml
index f4501c2..69f9115 100755
--- a/integration/admin-client/pom.xml
+++ b/integration/admin-client/pom.xml
@@ -5,7 +5,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/integration/as7-eap6/as7-adapter/pom.xml b/integration/as7-eap6/as7-adapter/pom.xml
index ee4e44c..74c35f2 100755
--- a/integration/as7-eap6/as7-adapter/pom.xml
+++ b/integration/as7-eap6/as7-adapter/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/integration/as7-eap6/as7-server-subsystem/pom.xml b/integration/as7-eap6/as7-server-subsystem/pom.xml
index e1b0391..4316de0 100755
--- a/integration/as7-eap6/as7-server-subsystem/pom.xml
+++ b/integration/as7-eap6/as7-server-subsystem/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/integration/as7-eap6/as7-subsystem/pom.xml b/integration/as7-eap6/as7-subsystem/pom.xml
index 5b78129..4ab8ca9 100755
--- a/integration/as7-eap6/as7-subsystem/pom.xml
+++ b/integration/as7-eap6/as7-subsystem/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
index 08dbdd7..5891b4b 100755
--- a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
+++ b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
@@ -64,23 +64,28 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
- // if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it
- // otherwise we only set up KEYCLOAK auth if it's requested through web.xml auth-method
+ // otherwise
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
- if (!service.isSecureDeployment(deploymentName) && (loginConfig == null || !loginConfig.getAuthMethod().equalsIgnoreCase("KEYCLOAK"))) {
- return;
- }
- log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentName);
- loginConfig.setAuthMethod("KEYCLOAK");
-
- if (service.isSecureDeployment(deploymentName)) {
- addJSONData(service.getJSON(deploymentName), warMetaData);
- loginConfig.setRealmName(service.getRealmName(deploymentName));
+ boolean hasSubsystemConfig = service.isSecureDeployment(deploymentName);
+ boolean webRequiresKC = loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod());
+
+ if (hasSubsystemConfig || webRequiresKC) {
+ log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentName);
+
+ // if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it
+ if (hasSubsystemConfig) {
+ addJSONData(service.getJSON(deploymentName), warMetaData);
+ if (loginConfig != null) {
+ loginConfig.setAuthMethod("KEYCLOAK");
+ loginConfig.setRealmName(service.getRealmName(deploymentName));
+ } else {
+ log.warn("Failed to set up KEYCLOAK auth method for WAR: " + deploymentName + " (loginConfig == null)");
+ }
+ }
+ addValve(webMetaData);
+ KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
}
- addValve(webMetaData);
-
- KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
}
private void addValve(JBossWebMetaData webMetaData) {
diff --git a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java
index af9e74f..845da8e 100755
--- a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java
+++ b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java
@@ -85,7 +85,19 @@ public final class KeycloakAdapterConfigService {
}
String credentialName = credentialNameFromOp(operation);
- credentials.get(credentialName).set(model.get("value").asString());
+ if (!credentialName.contains(".")) {
+ credentials.get(credentialName).set(model.get("value").asString());
+ } else {
+ String[] parts = credentialName.split("\\.");
+ String provider = parts[0];
+ String property = parts[1];
+ ModelNode credential = credentials.get(provider);
+ if (!credential.isDefined()) {
+ credential = new ModelNode();
+ }
+ credential.get(property).set(model.get("value").asString());
+ credentials.set(provider, credential);
+ }
ModelNode deployment = this.secureDeployments.get(deploymentNameFromOp(operation));
deployment.get(CREDENTIALS_JSON_NAME).set(credentials);
diff --git a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java
index 5c61e55..42b3996 100755
--- a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java
+++ b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java
@@ -34,7 +34,10 @@ import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
import java.util.ArrayList;
import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map;
/**
* The subsystem parser, which uses stax to read and write to and from xml
@@ -125,12 +128,48 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
public void readCredential(XMLExtendedStreamReader reader, PathAddress parent, List<ModelNode> credentialsToAdd) throws XMLStreamException {
String name = readNameAttribute(reader);
+
+ Map<String, String> values = new HashMap<>();
+ String textValue = null;
+ while (reader.hasNext()) {
+ int next = reader.next();
+ if (next == CHARACTERS) {
+ // text value of credential element (like for "secret" )
+ String text = reader.getText();
+ if (text == null || text.trim().isEmpty()) {
+ continue;
+ }
+ textValue = text;
+ } else if (next == START_ELEMENT) {
+ String key = reader.getLocalName();
+ reader.next();
+ String value = reader.getText();
+ reader.next();
+
+ values.put(key, value);
+ } else if (next == END_ELEMENT) {
+ break;
+ }
+ }
+
+ if (textValue != null) {
+ ModelNode addCredential = getCredentialToAdd(parent, name, textValue);
+ credentialsToAdd.add(addCredential);
+ } else {
+ for (Map.Entry<String, String> entry : values.entrySet()) {
+ ModelNode addCredential = getCredentialToAdd(parent, name + "." + entry.getKey(), entry.getValue());
+ credentialsToAdd.add(addCredential);
+ }
+ }
+ }
+
+ private ModelNode getCredentialToAdd(PathAddress parent, String name, String value) {
ModelNode addCredential = new ModelNode();
addCredential.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.ADD);
PathAddress addr = PathAddress.pathAddress(parent, PathElement.pathElement(CredentialDefinition.TAG_NAME, name));
addCredential.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
- addCredential.get(CredentialDefinition.VALUE.getName()).set(reader.getElementText());
- credentialsToAdd.add(addCredential);
+ addCredential.get(CredentialDefinition.VALUE.getName()).set(value);
+ return addCredential;
}
// expects that the current tag will have one single attribute called "name"
@@ -199,11 +238,43 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
private void writeCredentials(XMLExtendedStreamWriter writer, ModelNode credentials) throws XMLStreamException {
+ Map<String, Object> parsed = new LinkedHashMap<>();
for (Property credential : credentials.asPropertyList()) {
+ String credName = credential.getName();
+ String credValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
+
+ if (credName.contains(".")) {
+ String[] parts = credName.split("\\.");
+ String provider = parts[0];
+ String propKey = parts[1];
+
+ Map<String, String> currentProviderMap = (Map<String, String>) parsed.get(provider);
+ if (currentProviderMap == null) {
+ currentProviderMap = new LinkedHashMap<>();
+ parsed.put(provider, currentProviderMap);
+ }
+ currentProviderMap.put(propKey, credValue);
+ } else {
+ parsed.put(credName, credValue);
+ }
+ }
+
+ for (Map.Entry<String, Object> entry : parsed.entrySet()) {
writer.writeStartElement(CredentialDefinition.TAG_NAME);
- writer.writeAttribute("name", credential.getName());
- String credentialValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
- writeCharacters(writer, credentialValue);
+ writer.writeAttribute("name", entry.getKey());
+
+ Object value = entry.getValue();
+ if (value instanceof String) {
+ writeCharacters(writer, (String) value);
+ } else {
+ Map<String, String> credentialProps = (Map<String, String>) value;
+ for (Map.Entry<String, String> prop : credentialProps.entrySet()) {
+ writer.writeStartElement(prop.getKey());
+ writeCharacters(writer, prop.getValue());
+ writer.writeEndElement();
+ }
+ }
+
writer.writeEndElement();
}
}
diff --git a/integration/as7-eap6/as7-subsystem/src/main/resources/schema/keycloak_1_1.xsd b/integration/as7-eap6/as7-subsystem/src/main/resources/schema/keycloak_1_1.xsd
index 269b323..75de38a 100755
--- a/integration/as7-eap6/as7-subsystem/src/main/resources/schema/keycloak_1_1.xsd
+++ b/integration/as7-eap6/as7-subsystem/src/main/resources/schema/keycloak_1_1.xsd
@@ -94,12 +94,11 @@
</xs:annotation>
</xs:attribute>
</xs:complexType>
-
- <xs:complexType name="credential-type">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="name" type="xs:string" />
- </xs:extension>
- </xs:simpleContent>
+
+ <xs:complexType name="credential-type" mixed="true">
+ <xs:sequence maxOccurs="unbounded" minOccurs="0">
+ <xs:any processContents="lax"></xs:any>
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:string" use="required" />
</xs:complexType>
</xs:schema>
integration/as7-eap6/pom.xml 2(+1 -1)
diff --git a/integration/as7-eap6/pom.xml b/integration/as7-eap6/pom.xml
index 12b276f..0080f46 100644
--- a/integration/as7-eap6/pom.xml
+++ b/integration/as7-eap6/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<name>Keycloak AS7 / JBoss EAP 6 Integration</name>
integration/installed/pom.xml 2(+1 -1)
diff --git a/integration/installed/pom.xml b/integration/installed/pom.xml
index 5dc4b60..c107496 100755
--- a/integration/installed/pom.xml
+++ b/integration/installed/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jaxrs-oauth-client/pom.xml b/integration/jaxrs-oauth-client/pom.xml
index 4147b18..90b00e2 100755
--- a/integration/jaxrs-oauth-client/pom.xml
+++ b/integration/jaxrs-oauth-client/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jboss-adapter-core/pom.xml b/integration/jboss-adapter-core/pom.xml
index 55424a9..559fd8b 100755
--- a/integration/jboss-adapter-core/pom.xml
+++ b/integration/jboss-adapter-core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/jetty/jetty8.1/pom.xml 4(+2 -2)
diff --git a/integration/jetty/jetty8.1/pom.xml b/integration/jetty/jetty8.1/pom.xml
index 6bb7115..81625f4 100755
--- a/integration/jetty/jetty8.1/pom.xml
+++ b/integration/jetty/jetty8.1/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -12,7 +12,7 @@
<artifactId>keycloak-jetty81-adapter</artifactId>
<name>Keycloak Jetty 8.1.x Integration</name>
<properties>
- <jetty9.version>8.1.16.v20140903</jetty9.version>
+ <jetty9.version>8.1.17.v20150415</jetty9.version>
<keycloak.osgi.export>
org.keycloak.adapters.jetty.*
</keycloak.osgi.export>
integration/jetty/jetty9.1/pom.xml 2(+1 -1)
diff --git a/integration/jetty/jetty9.1/pom.xml b/integration/jetty/jetty9.1/pom.xml
index 12f4542..85d61d8 100755
--- a/integration/jetty/jetty9.1/pom.xml
+++ b/integration/jetty/jetty9.1/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/jetty/jetty9.2/pom.xml 2(+1 -1)
diff --git a/integration/jetty/jetty9.2/pom.xml b/integration/jetty/jetty9.2/pom.xml
index efba0cd..ab79f28 100755
--- a/integration/jetty/jetty9.2/pom.xml
+++ b/integration/jetty/jetty9.2/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/jetty/jetty-core/pom.xml 4(+2 -2)
diff --git a/integration/jetty/jetty-core/pom.xml b/integration/jetty/jetty-core/pom.xml
index b69d3cc..4628c6b 100755
--- a/integration/jetty/jetty-core/pom.xml
+++ b/integration/jetty/jetty-core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -12,7 +12,7 @@
<artifactId>keycloak-jetty-core</artifactId>
<name>Keycloak Jetty Core Integration</name>
<properties>
- <jetty9.version>8.1.16.v20140903</jetty9.version>
+ <jetty9.version>8.1.17.v20150415</jetty9.version>
<keycloak.osgi.export>
org.keycloak.adapters.jetty.core.*
</keycloak.osgi.export>
integration/jetty/pom.xml 2(+1 -1)
diff --git a/integration/jetty/pom.xml b/integration/jetty/pom.xml
index 5230c8c..3219087 100755
--- a/integration/jetty/pom.xml
+++ b/integration/jetty/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<name>Keycloak Jetty Integration</name>
integration/js/pom.xml 2(+1 -1)
diff --git a/integration/js/pom.xml b/integration/js/pom.xml
index d8384ac..060d666 100755
--- a/integration/js/pom.xml
+++ b/integration/js/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/osgi-adapter/pom.xml 4(+2 -2)
diff --git a/integration/osgi-adapter/pom.xml b/integration/osgi-adapter/pom.xml
index c31a4ed..0f01b8f 100755
--- a/integration/osgi-adapter/pom.xml
+++ b/integration/osgi-adapter/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -14,7 +14,7 @@
<packaging>jar</packaging>
<properties>
- <jetty9.version>8.1.16.v20140903</jetty9.version>
+ <jetty9.version>8.1.17.v20150415</jetty9.version>
<keycloak.osgi.export>
org.keycloak.adapters.osgi.*
</keycloak.osgi.export>
integration/pom.xml 2(+1 -1)
diff --git a/integration/pom.xml b/integration/pom.xml
index 81a2028..e4b7f27 100755
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<name>Keycloak Integration</name>
diff --git a/integration/servlet-oauth-client/pom.xml b/integration/servlet-oauth-client/pom.xml
index 6ac5b2b..721c3bd 100755
--- a/integration/servlet-oauth-client/pom.xml
+++ b/integration/servlet-oauth-client/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/spring-boot/pom.xml 2(+1 -1)
diff --git a/integration/spring-boot/pom.xml b/integration/spring-boot/pom.xml
index a8e4d74..c75a6d8 100755
--- a/integration/spring-boot/pom.xml
+++ b/integration/spring-boot/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/spring-security/pom.xml 2(+1 -1)
diff --git a/integration/spring-security/pom.xml b/integration/spring-security/pom.xml
index 49f25f4..17783fd 100755
--- a/integration/spring-security/pom.xml
+++ b/integration/spring-security/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
index d843aa7..27178ca 100644
--- a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
+++ b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
@@ -32,8 +32,11 @@ public class KeycloakLogoutHandler implements LogoutHandler {
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-
- if (!KeycloakAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
+ if (authentication == null) {
+ log.warn("Cannot log out without authentication");
+ return;
+ }
+ else if (!KeycloakAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
log.warn("Cannot log out a non-Keycloak authentication: {}", authentication);
return;
}
diff --git a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java
index 2ee32af..6a035b5 100644
--- a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java
+++ b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java
@@ -89,6 +89,12 @@ public class KeycloakLogoutHandlerTest {
}
@Test
+ public void testLogoutNullAuthentication() throws Exception {
+ keycloakLogoutHandler.logout(request, response, null);
+ verifyZeroInteractions(session);
+ }
+
+ @Test
public void testHandleSingleSignOut() throws Exception {
keycloakLogoutHandler.handleSingleSignOut(request, response, keycloakAuthenticationToken);
verify(session).logout(eq(keycloakDeployment));
integration/tomcat/pom.xml 2(+1 -1)
diff --git a/integration/tomcat/pom.xml b/integration/tomcat/pom.xml
index 7e91292..23f457e 100755
--- a/integration/tomcat/pom.xml
+++ b/integration/tomcat/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<name>Keycloak Tomcat Integration</name>
integration/tomcat/tomcat6/pom.xml 2(+1 -1)
diff --git a/integration/tomcat/tomcat6/pom.xml b/integration/tomcat/tomcat6/pom.xml
index 2accbc0..f2313e9 100755
--- a/integration/tomcat/tomcat6/pom.xml
+++ b/integration/tomcat/tomcat6/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/tomcat/tomcat7/pom.xml 2(+1 -1)
diff --git a/integration/tomcat/tomcat7/pom.xml b/integration/tomcat/tomcat7/pom.xml
index 8ed96fd..04aabd8 100755
--- a/integration/tomcat/tomcat7/pom.xml
+++ b/integration/tomcat/tomcat7/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/tomcat/tomcat8/pom.xml 2(+1 -1)
diff --git a/integration/tomcat/tomcat8/pom.xml b/integration/tomcat/tomcat8/pom.xml
index 2a9424a..1b59514 100755
--- a/integration/tomcat/tomcat8/pom.xml
+++ b/integration/tomcat/tomcat8/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/integration/tomcat/tomcat-core/pom.xml b/integration/tomcat/tomcat-core/pom.xml
index 3f95666..25c7b6b 100755
--- a/integration/tomcat/tomcat-core/pom.xml
+++ b/integration/tomcat/tomcat-core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/undertow/pom.xml 2(+1 -1)
diff --git a/integration/undertow/pom.xml b/integration/undertow/pom.xml
index 92ed965..4dc9dfb 100755
--- a/integration/undertow/pom.xml
+++ b/integration/undertow/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
integration/wildfly/pom.xml 2(+1 -1)
diff --git a/integration/wildfly/pom.xml b/integration/wildfly/pom.xml
index f1f6ccd..72f87c6 100644
--- a/integration/wildfly/pom.xml
+++ b/integration/wildfly/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<name>Keycloak WildFly Integration</name>
diff --git a/integration/wildfly/wf8-subsystem/pom.xml b/integration/wildfly/wf8-subsystem/pom.xml
index aaa53e0..66b1abe 100755
--- a/integration/wildfly/wf8-subsystem/pom.xml
+++ b/integration/wildfly/wf8-subsystem/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java b/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java
index 4843534..2a0b93c 100755
--- a/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java
+++ b/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java
@@ -84,7 +84,19 @@ public final class KeycloakAdapterConfigService {
}
String credentialName = credentialNameFromOp(operation);
- credentials.get(credentialName).set(model.get("value").asString());
+ if (!credentialName.contains(".")) {
+ credentials.get(credentialName).set(model.get("value").asString());
+ } else {
+ String[] parts = credentialName.split("\\.");
+ String provider = parts[0];
+ String property = parts[1];
+ ModelNode credential = credentials.get(provider);
+ if (!credential.isDefined()) {
+ credential = new ModelNode();
+ }
+ credential.get(property).set(model.get("value").asString());
+ credentials.set(provider, credential);
+ }
ModelNode deployment = this.secureDeployments.get(deploymentNameFromOp(operation));
deployment.get(CREDENTIALS_JSON_NAME).set(credentials);
diff --git a/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakSubsystemParser.java b/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakSubsystemParser.java
index efa260b..a261bc4 100755
--- a/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakSubsystemParser.java
+++ b/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakSubsystemParser.java
@@ -35,7 +35,10 @@ import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
import java.util.ArrayList;
import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map;
/**
* The subsystem parser, which uses stax to read and write to and from xml
@@ -126,12 +129,48 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
public void readCredential(XMLExtendedStreamReader reader, PathAddress parent, List<ModelNode> credentialsToAdd) throws XMLStreamException {
String name = readNameAttribute(reader);
+
+ Map<String, String> values = new HashMap<>();
+ String textValue = null;
+ while (reader.hasNext()) {
+ int next = reader.next();
+ if (next == CHARACTERS) {
+ // text value of credential element (like for "secret" )
+ String text = reader.getText();
+ if (text == null || text.trim().isEmpty()) {
+ continue;
+ }
+ textValue = text;
+ } else if (next == START_ELEMENT) {
+ String key = reader.getLocalName();
+ reader.next();
+ String value = reader.getText();
+ reader.next();
+
+ values.put(key, value);
+ } else if (next == END_ELEMENT) {
+ break;
+ }
+ }
+
+ if (textValue != null) {
+ ModelNode addCredential = getCredentialToAdd(parent, name, textValue);
+ credentialsToAdd.add(addCredential);
+ } else {
+ for (Map.Entry<String, String> entry : values.entrySet()) {
+ ModelNode addCredential = getCredentialToAdd(parent, name + "." + entry.getKey(), entry.getValue());
+ credentialsToAdd.add(addCredential);
+ }
+ }
+ }
+
+ private ModelNode getCredentialToAdd(PathAddress parent, String name, String value) {
ModelNode addCredential = new ModelNode();
addCredential.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.ADD);
PathAddress addr = PathAddress.pathAddress(parent, PathElement.pathElement(CredentialDefinition.TAG_NAME, name));
addCredential.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
- addCredential.get(CredentialDefinition.VALUE.getName()).set(reader.getElementText());
- credentialsToAdd.add(addCredential);
+ addCredential.get(CredentialDefinition.VALUE.getName()).set(value);
+ return addCredential;
}
// expects that the current tag will have one single attribute called "name"
@@ -200,11 +239,43 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
private void writeCredentials(XMLExtendedStreamWriter writer, ModelNode credentials) throws XMLStreamException {
+ Map<String, Object> parsed = new LinkedHashMap<>();
for (Property credential : credentials.asPropertyList()) {
+ String credName = credential.getName();
+ String credValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
+
+ if (credName.contains(".")) {
+ String[] parts = credName.split("\\.");
+ String provider = parts[0];
+ String propKey = parts[1];
+
+ Map<String, String> currentProviderMap = (Map<String, String>) parsed.get(provider);
+ if (currentProviderMap == null) {
+ currentProviderMap = new LinkedHashMap<>();
+ parsed.put(provider, currentProviderMap);
+ }
+ currentProviderMap.put(propKey, credValue);
+ } else {
+ parsed.put(credName, credValue);
+ }
+ }
+
+ for (Map.Entry<String, Object> entry : parsed.entrySet()) {
writer.writeStartElement(CredentialDefinition.TAG_NAME);
- writer.writeAttribute("name", credential.getName());
- String credentialValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
- writeCharacters(writer, credentialValue);
+ writer.writeAttribute("name", entry.getKey());
+
+ Object value = entry.getValue();
+ if (value instanceof String) {
+ writeCharacters(writer, (String) value);
+ } else {
+ Map<String, String> credentialProps = (Map<String, String>) value;
+ for (Map.Entry<String, String> prop : credentialProps.entrySet()) {
+ writer.writeStartElement(prop.getKey());
+ writeCharacters(writer, prop.getValue());
+ writer.writeEndElement();
+ }
+ }
+
writer.writeEndElement();
}
}
diff --git a/integration/wildfly/wf8-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd b/integration/wildfly/wf8-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
index 269b323..75de38a 100755
--- a/integration/wildfly/wf8-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
+++ b/integration/wildfly/wf8-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
@@ -94,12 +94,11 @@
</xs:annotation>
</xs:attribute>
</xs:complexType>
-
- <xs:complexType name="credential-type">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="name" type="xs:string" />
- </xs:extension>
- </xs:simpleContent>
+
+ <xs:complexType name="credential-type" mixed="true">
+ <xs:sequence maxOccurs="unbounded" minOccurs="0">
+ <xs:any processContents="lax"></xs:any>
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:string" use="required" />
</xs:complexType>
</xs:schema>
diff --git a/integration/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java b/integration/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java
index 93e9a59..6089293 100755
--- a/integration/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java
+++ b/integration/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java
@@ -16,6 +16,9 @@
*/
package org.keycloak.subsystem.wf8.extension;
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
import org.jboss.dmr.ModelNode;
import org.junit.Test;
@@ -49,13 +52,46 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest {
node.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes");
node.get("ssl-required").set("external");
node.get("expose-token").set(true);
+
+ ModelNode jwtCredential = new ModelNode();
+ jwtCredential.get("client-keystore-file").set("/tmp/keystore.jks");
+ jwtCredential.get("client-keystore-password").set("changeit");
ModelNode credential = new ModelNode();
- credential.get("password").set("password");
+ credential.get("jwt").set(jwtCredential);
node.get("credentials").set(credential);
System.out.println("json=" + node.toJSONString(false));
}
+ @Test
+ public void testJsonFromSignedJWTCredentials() {
+ KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
+
+ PathAddress addr = PathAddress.pathAddress(PathElement.pathElement("subsystem", "keycloak"), PathElement.pathElement("secure-deployment", "foo"));
+ ModelNode deploymentOp = new ModelNode();
+ deploymentOp.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
+ ModelNode deployment = new ModelNode();
+ deployment.get("realm").set("demo");
+ deployment.get("resource").set("customer-portal");
+ service.addSecureDeployment(deploymentOp, deployment);
+
+ addCredential(addr, service, "secret", "secret1");
+ addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks");
+ addCredential(addr, service, "jwt.token-timeout", "10");
+
+ System.out.println("Deployment: " + service.getJSON("foo"));
+ }
+
+ private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) {
+ PathAddress credAddr = PathAddress.pathAddress(parent, PathElement.pathElement("credential", key));
+ ModelNode credOp = new ModelNode();
+ credOp.get(ModelDescriptionConstants.OP_ADDR).set(credAddr.toModelNode());
+ ModelNode credential = new ModelNode();
+ credential.get("value").set(value);
+ service.addCredential(credOp, credential);
+ }
+
+
@Override
protected String getSubsystemXml() throws IOException {
return readResource("keycloak-1.1.xml");
diff --git a/integration/wildfly/wf8-subsystem/src/test/resources/org/keycloak/subsystem/wf8/extension/keycloak-1.1.xml b/integration/wildfly/wf8-subsystem/src/test/resources/org/keycloak/subsystem/wf8/extension/keycloak-1.1.xml
index 2d12d88..e512f0e 100644
--- a/integration/wildfly/wf8-subsystem/src/test/resources/org/keycloak/subsystem/wf8/extension/keycloak-1.1.xml
+++ b/integration/wildfly/wf8-subsystem/src/test/resources/org/keycloak/subsystem/wf8/extension/keycloak-1.1.xml
@@ -19,6 +19,8 @@
</realm-public-key>
<auth-server-url>http://localhost:8080/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required>
- <credential name="secret">2769a4a2-5be0-454f-838f-f33b7755b667</credential>
+ <credential name="jwt">
+ <client-keystore-file>/tmp/keystore.jks</client-keystore-file>
+ </credential>
</secure-deployment>
</subsystem>
\ No newline at end of file
diff --git a/integration/wildfly/wf9-server-subsystem/pom.xml b/integration/wildfly/wf9-server-subsystem/pom.xml
index a7a1872..634fa47 100755
--- a/integration/wildfly/wf9-server-subsystem/pom.xml
+++ b/integration/wildfly/wf9-server-subsystem/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/integration/wildfly/wf9-subsystem/pom.xml b/integration/wildfly/wf9-subsystem/pom.xml
index 92e510e..1991265 100755
--- a/integration/wildfly/wf9-subsystem/pom.xml
+++ b/integration/wildfly/wf9-subsystem/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
diff --git a/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java b/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
index c6f616a..8eb4b9e 100755
--- a/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
+++ b/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
@@ -84,7 +84,19 @@ public final class KeycloakAdapterConfigService {
}
String credentialName = credentialNameFromOp(operation);
- credentials.get(credentialName).set(model.get("value").asString());
+ if (!credentialName.contains(".")) {
+ credentials.get(credentialName).set(model.get("value").asString());
+ } else {
+ String[] parts = credentialName.split("\\.");
+ String provider = parts[0];
+ String property = parts[1];
+ ModelNode credential = credentials.get(provider);
+ if (!credential.isDefined()) {
+ credential = new ModelNode();
+ }
+ credential.get(property).set(model.get("value").asString());
+ credentials.set(provider, credential);
+ }
ModelNode deployment = this.secureDeployments.get(deploymentNameFromOp(operation));
deployment.get(CREDENTIALS_JSON_NAME).set(credentials);
diff --git a/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java b/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
index 3c63f7e..9a9e667 100755
--- a/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
+++ b/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
@@ -35,7 +35,10 @@ import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
import java.util.ArrayList;
import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map;
/**
* The subsystem parser, which uses stax to read and write to and from xml
@@ -126,12 +129,48 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
public void readCredential(XMLExtendedStreamReader reader, PathAddress parent, List<ModelNode> credentialsToAdd) throws XMLStreamException {
String name = readNameAttribute(reader);
+
+ Map<String, String> values = new HashMap<>();
+ String textValue = null;
+ while (reader.hasNext()) {
+ int next = reader.next();
+ if (next == CHARACTERS) {
+ // text value of credential element (like for "secret" )
+ String text = reader.getText();
+ if (text == null || text.trim().isEmpty()) {
+ continue;
+ }
+ textValue = text;
+ } else if (next == START_ELEMENT) {
+ String key = reader.getLocalName();
+ reader.next();
+ String value = reader.getText();
+ reader.next();
+
+ values.put(key, value);
+ } else if (next == END_ELEMENT) {
+ break;
+ }
+ }
+
+ if (textValue != null) {
+ ModelNode addCredential = getCredentialToAdd(parent, name, textValue);
+ credentialsToAdd.add(addCredential);
+ } else {
+ for (Map.Entry<String, String> entry : values.entrySet()) {
+ ModelNode addCredential = getCredentialToAdd(parent, name + "." + entry.getKey(), entry.getValue());
+ credentialsToAdd.add(addCredential);
+ }
+ }
+ }
+
+ private ModelNode getCredentialToAdd(PathAddress parent, String name, String value) {
ModelNode addCredential = new ModelNode();
addCredential.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.ADD);
PathAddress addr = PathAddress.pathAddress(parent, PathElement.pathElement(CredentialDefinition.TAG_NAME, name));
addCredential.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
- addCredential.get(CredentialDefinition.VALUE.getName()).set(reader.getElementText());
- credentialsToAdd.add(addCredential);
+ addCredential.get(CredentialDefinition.VALUE.getName()).set(value);
+ return addCredential;
}
// expects that the current tag will have one single attribute called "name"
@@ -200,11 +239,43 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
private void writeCredentials(XMLExtendedStreamWriter writer, ModelNode credentials) throws XMLStreamException {
+ Map<String, Object> parsed = new LinkedHashMap<>();
for (Property credential : credentials.asPropertyList()) {
+ String credName = credential.getName();
+ String credValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
+
+ if (credName.contains(".")) {
+ String[] parts = credName.split("\\.");
+ String provider = parts[0];
+ String propKey = parts[1];
+
+ Map<String, String> currentProviderMap = (Map<String, String>) parsed.get(provider);
+ if (currentProviderMap == null) {
+ currentProviderMap = new LinkedHashMap<>();
+ parsed.put(provider, currentProviderMap);
+ }
+ currentProviderMap.put(propKey, credValue);
+ } else {
+ parsed.put(credName, credValue);
+ }
+ }
+
+ for (Map.Entry<String, Object> entry : parsed.entrySet()) {
writer.writeStartElement(CredentialDefinition.TAG_NAME);
- writer.writeAttribute("name", credential.getName());
- String credentialValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
- writeCharacters(writer, credentialValue);
+ writer.writeAttribute("name", entry.getKey());
+
+ Object value = entry.getValue();
+ if (value instanceof String) {
+ writeCharacters(writer, (String) value);
+ } else {
+ Map<String, String> credentialProps = (Map<String, String>) value;
+ for (Map.Entry<String, String> prop : credentialProps.entrySet()) {
+ writer.writeStartElement(prop.getKey());
+ writeCharacters(writer, prop.getValue());
+ writer.writeEndElement();
+ }
+ }
+
writer.writeEndElement();
}
}
diff --git a/integration/wildfly/wf9-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd b/integration/wildfly/wf9-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
index 269b323..0abaac1 100755
--- a/integration/wildfly/wf9-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
+++ b/integration/wildfly/wf9-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
@@ -95,11 +95,10 @@
</xs:attribute>
</xs:complexType>
- <xs:complexType name="credential-type">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="name" type="xs:string" />
- </xs:extension>
- </xs:simpleContent>
+ <xs:complexType name="credential-type" mixed="true">
+ <xs:sequence maxOccurs="unbounded" minOccurs="0">
+ <xs:any processContents="lax"></xs:any>
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:string" use="required" />
</xs:complexType>
</xs:schema>
diff --git a/integration/wildfly/wf9-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java b/integration/wildfly/wf9-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java
index baa131b..dc1e981 100755
--- a/integration/wildfly/wf9-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java
+++ b/integration/wildfly/wf9-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java
@@ -16,6 +16,9 @@
*/
package org.keycloak.subsystem.adapter.extension;
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
import org.jboss.dmr.ModelNode;
import org.junit.Test;
@@ -49,13 +52,45 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest {
node.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes");
node.get("ssl-required").set("external");
node.get("expose-token").set(true);
+
+ ModelNode jwtCredential = new ModelNode();
+ jwtCredential.get("client-keystore-file").set("/tmp/keystore.jks");
+ jwtCredential.get("client-keystore-password").set("changeit");
ModelNode credential = new ModelNode();
- credential.get("password").set("password");
+ credential.get("jwt").set(jwtCredential);
node.get("credentials").set(credential);
System.out.println("json=" + node.toJSONString(false));
}
+ @Test
+ public void testJsonFromSignedJWTCredentials() {
+ KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
+
+ PathAddress addr = PathAddress.pathAddress(PathElement.pathElement("subsystem", "keycloak"), PathElement.pathElement("secure-deployment", "foo"));
+ ModelNode deploymentOp = new ModelNode();
+ deploymentOp.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
+ ModelNode deployment = new ModelNode();
+ deployment.get("realm").set("demo");
+ deployment.get("resource").set("customer-portal");
+ service.addSecureDeployment(deploymentOp, deployment);
+
+ addCredential(addr, service, "secret", "secret1");
+ addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks");
+ addCredential(addr, service, "jwt.token-timeout", "10");
+
+ System.out.println("Deployment: " + service.getJSON("foo"));
+ }
+
+ private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) {
+ PathAddress credAddr = PathAddress.pathAddress(parent, PathElement.pathElement("credential", key));
+ ModelNode credOp = new ModelNode();
+ credOp.get(ModelDescriptionConstants.OP_ADDR).set(credAddr.toModelNode());
+ ModelNode credential = new ModelNode();
+ credential.get("value").set(value);
+ service.addCredential(credOp, credential);
+ }
+
@Override
protected String getSubsystemXml() throws IOException {
return readResource("keycloak-1.1.xml");
diff --git a/integration/wildfly/wf9-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml b/integration/wildfly/wf9-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml
index 2d12d88..e512f0e 100644
--- a/integration/wildfly/wf9-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml
+++ b/integration/wildfly/wf9-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml
@@ -19,6 +19,8 @@
</realm-public-key>
<auth-server-url>http://localhost:8080/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required>
- <credential name="secret">2769a4a2-5be0-454f-838f-f33b7755b667</credential>
+ <credential name="jwt">
+ <client-keystore-file>/tmp/keystore.jks</client-keystore-file>
+ </credential>
</secure-deployment>
</subsystem>
\ No newline at end of file
diff --git a/integration/wildfly/wildfly-adapter/pom.xml b/integration/wildfly/wildfly-adapter/pom.xml
index 101b398..e3803dc 100755
--- a/integration/wildfly/wildfly-adapter/pom.xml
+++ b/integration/wildfly/wildfly-adapter/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/integration/wildfly/wildfly-extensions/pom.xml b/integration/wildfly/wildfly-extensions/pom.xml
index 15b4918..f59f190 100755
--- a/integration/wildfly/wildfly-extensions/pom.xml
+++ b/integration/wildfly/wildfly-extensions/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
model/api/pom.xml 2(+1 -1)
diff --git a/model/api/pom.xml b/model/api/pom.xml
index 1c4fb9d..58ca5e2 100755
--- a/model/api/pom.xml
+++ b/model/api/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_5_0.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_5_0.java
index 95a5224..cbe0eb7 100755
--- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_5_0.java
+++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_5_0.java
@@ -31,13 +31,19 @@ public class MigrateTo1_5_0 {
realm.setBrowserFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
realm.setRegistrationFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
realm.setDirectGrantFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
- realm.setResetCredentialsFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW));
+
+ AuthenticationFlowModel resetFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
+ if (resetFlow == null) {
+ DefaultAuthenticationFlows.resetCredentialsFlow(realm);
+ } else {
+ realm.setResetCredentialsFlow(resetFlow);
+ }
AuthenticationFlowModel clientAuthFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
if (clientAuthFlow == null) {
DefaultAuthenticationFlows.clientAuthFlow(realm);
} else {
- realm.setClientAuthenticationFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW));
+ realm.setClientAuthenticationFlow(clientAuthFlow);
}
for (ClientModel client : realm.getClients()) {
diff --git a/model/api/src/main/java/org/keycloak/models/PasswordPolicy.java b/model/api/src/main/java/org/keycloak/models/PasswordPolicy.java
index b7f2267..5bdae2c 100755
--- a/model/api/src/main/java/org/keycloak/models/PasswordPolicy.java
+++ b/model/api/src/main/java/org/keycloak/models/PasswordPolicy.java
@@ -46,42 +46,37 @@ public class PasswordPolicy implements Serializable {
policy = policy.trim();
String name;
- String[] args = null;
+ String arg = null;
int i = policy.indexOf('(');
if (i == -1) {
name = policy.trim();
} else {
name = policy.substring(0, i).trim();
- args = policy.substring(i + 1, policy.length() - 1).split(",");
- for (int j = 0; j < args.length; j++) {
- args[j] = args[j].trim();
- }
+ arg = policy.substring(i + 1, policy.length() - 1);
}
if (name.equals(Length.NAME)) {
- list.add(new Length(args));
+ list.add(new Length(arg));
} else if (name.equals(Digits.NAME)) {
- list.add(new Digits(args));
+ list.add(new Digits(arg));
} else if (name.equals(LowerCase.NAME)) {
- list.add(new LowerCase(args));
+ list.add(new LowerCase(arg));
} else if (name.equals(UpperCase.NAME)) {
- list.add(new UpperCase(args));
+ list.add(new UpperCase(arg));
} else if (name.equals(SpecialChars.NAME)) {
- list.add(new SpecialChars(args));
+ list.add(new SpecialChars(arg));
} else if (name.equals(NotUsername.NAME)) {
- list.add(new NotUsername(args));
+ list.add(new NotUsername(arg));
} else if (name.equals(HashIterations.NAME)) {
- list.add(new HashIterations(args));
+ list.add(new HashIterations(arg));
} else if (name.equals(RegexPatterns.NAME)) {
- for (String regexPattern : args) {
- Pattern.compile(regexPattern);
- }
- list.add(new RegexPatterns(args));
+ Pattern.compile(arg);
+ list.add(new RegexPatterns(arg));
} else if (name.equals(PasswordHistory.NAME)) {
- list.add(new PasswordHistory(args));
+ list.add(new PasswordHistory(arg));
} else if (name.equals(ForceExpiredPasswordChange.NAME)) {
- list.add(new ForceExpiredPasswordChange(args));
+ list.add(new ForceExpiredPasswordChange(arg));
}
}
return list;
@@ -182,11 +177,10 @@ public class PasswordPolicy implements Serializable {
private static final String NAME = "hashIterations";
private int iterations;
- public HashIterations(String[] args) {
- iterations = intArg(NAME, 1, args);
+ public HashIterations(String arg) {
+ iterations = intArg(NAME, 1, arg);
}
-
@Override
public Error validate(String user, String password) {
return null;
@@ -201,7 +195,7 @@ public class PasswordPolicy implements Serializable {
private static class NotUsername implements Policy {
private static final String NAME = "notUsername";
- public NotUsername(String[] args) {
+ public NotUsername(String arg) {
}
@Override
@@ -219,8 +213,9 @@ public class PasswordPolicy implements Serializable {
private static final String NAME = "length";
private int min;
- public Length(String[] args) {
- min = intArg(NAME, 8, args);
+ public Length(String arg)
+ {
+ min = intArg(NAME, 8, arg);
}
@@ -239,8 +234,9 @@ public class PasswordPolicy implements Serializable {
private static final String NAME = "digits";
private int min;
- public Digits(String[] args) {
- min = intArg(NAME, 1, args);
+ public Digits(String arg)
+ {
+ min = intArg(NAME, 1, arg);
}
@@ -265,8 +261,9 @@ public class PasswordPolicy implements Serializable {
private static final String NAME = "lowerCase";
private int min;
- public LowerCase(String[] args) {
- min = intArg(NAME, 1, args);
+ public LowerCase(String arg)
+ {
+ min = intArg(NAME, 1, arg);
}
@Override
@@ -290,8 +287,8 @@ public class PasswordPolicy implements Serializable {
private static final String NAME = "upperCase";
private int min;
- public UpperCase(String[] args) {
- min = intArg(NAME, 1, args);
+ public UpperCase(String arg) {
+ min = intArg(NAME, 1, arg);
}
@Override
@@ -315,8 +312,9 @@ public class PasswordPolicy implements Serializable {
private static final String NAME = "specialChars";
private int min;
- public SpecialChars(String[] args) {
- min = intArg(NAME, 1, args);
+ public SpecialChars(String arg)
+ {
+ min = intArg(NAME, 1, arg);
}
@Override
@@ -337,23 +335,20 @@ public class PasswordPolicy implements Serializable {
}
private static class RegexPatterns implements Policy {
- private static final String NAME = "regexPatterns";
- private String regexPatterns[];
+ private static final String NAME = "regexPattern";
+ private String regexPattern;
- public RegexPatterns(String[] args) {
- regexPatterns = args;
+ public RegexPatterns(String arg)
+ {
+ regexPattern = arg;
}
@Override
public Error validate(String username, String password) {
- Pattern pattern = null;
- Matcher matcher = null;
- for (String regexPattern : regexPatterns) {
- pattern = Pattern.compile(regexPattern);
- matcher = pattern.matcher(password);
- if (!matcher.matches()) {
- return new Error(INVALID_PASSWORD_REGEX_PATTERN, (Object) regexPatterns);
- }
+ Pattern pattern = Pattern.compile(regexPattern);
+ Matcher matcher = pattern.matcher(password);
+ if (!matcher.matches()) {
+ return new Error(INVALID_PASSWORD_REGEX_PATTERN, (Object) regexPattern);
}
return null;
}
@@ -368,8 +363,9 @@ public class PasswordPolicy implements Serializable {
private static final String NAME = "passwordHistory";
private int passwordHistoryPolicyValue;
- public PasswordHistory(String[] args) {
- passwordHistoryPolicyValue = intArg(NAME, 3, args);
+ public PasswordHistory(String arg)
+ {
+ passwordHistoryPolicyValue = intArg(NAME, 3, arg);
}
@Override
@@ -442,8 +438,8 @@ public class PasswordPolicy implements Serializable {
private static final String NAME = "forceExpiredPasswordChange";
private int daysToExpirePassword;
- public ForceExpiredPasswordChange(String[] args) {
- daysToExpirePassword = intArg(NAME, 365, args);
+ public ForceExpiredPasswordChange(String arg) {
+ daysToExpirePassword = intArg(NAME, 365, arg);
}
@Override
@@ -457,13 +453,11 @@ public class PasswordPolicy implements Serializable {
}
}
- private static int intArg(String policy, int defaultValue, String... args) {
- if (args == null || args.length == 0) {
+ private static int intArg(String policy, int defaultValue, String arg) {
+ if (arg == null) {
return defaultValue;
- } else if (args.length == 1) {
- return Integer.parseInt(args[0]);
} else {
- throw new IllegalArgumentException("Invalid arguments to " + policy + ", expect no argument or single integer");
+ return Integer.parseInt(arg);
}
}
diff --git a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
index f2d4f1e..bf2360e 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
@@ -163,6 +163,7 @@ public class ModelToRepresentation {
if (realm.getBrowserFlow() != null) rep.setBrowserFlow(realm.getBrowserFlow().getAlias());
if (realm.getRegistrationFlow() != null) rep.setRegistrationFlow(realm.getRegistrationFlow().getAlias());
if (realm.getDirectGrantFlow() != null) rep.setDirectGrantFlow(realm.getDirectGrantFlow().getAlias());
+ if (realm.getResetCredentialsFlow() != null) rep.setResetCredentialsFlow(realm.getResetCredentialsFlow().getAlias());
if (realm.getClientAuthenticationFlow() != null) rep.setClientAuthenticationFlow(realm.getClientAuthenticationFlow().getAlias());
List<String> defaultRoles = realm.getDefaultRoles();
diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index 4faff01..811655b 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -359,8 +359,25 @@ public class RepresentationToModel {
} else {
newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
}
+
+ // reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
+ if (rep.getResetCredentialsFlow() == null) {
+ AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
+ if (resetFlow == null) {
+ DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
+ } else {
+ newRealm.setResetCredentialsFlow(resetFlow);
+ }
+ } else {
+ newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
+ }
if (rep.getClientAuthenticationFlow() == null) {
- newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW));
+ AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
+ if (clientFlow == null) {
+ DefaultAuthenticationFlows.clientAuthFlow(newRealm);
+ } else {
+ newRealm.setClientAuthenticationFlow(clientFlow);
+ }
} else {
newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
}
@@ -571,6 +588,9 @@ public class RepresentationToModel {
if (rep.getDirectGrantFlow() != null) {
realm.setDirectGrantFlow(realm.getFlowByAlias(rep.getDirectGrantFlow()));
}
+ if (rep.getResetCredentialsFlow() != null) {
+ realm.setResetCredentialsFlow(realm.getFlowByAlias(rep.getResetCredentialsFlow()));
+ }
if (rep.getClientAuthenticationFlow() != null) {
realm.setClientAuthenticationFlow(realm.getFlowByAlias(rep.getClientAuthenticationFlow()));
}
diff --git a/model/api/src/test/java/org/keycloak/models/PasswordPolicyTest.java b/model/api/src/test/java/org/keycloak/models/PasswordPolicyTest.java
index d091dca..df76588 100755
--- a/model/api/src/test/java/org/keycloak/models/PasswordPolicyTest.java
+++ b/model/api/src/test/java/org/keycloak/models/PasswordPolicyTest.java
@@ -88,41 +88,41 @@ public class PasswordPolicyTest {
public void testRegexPatterns() {
PasswordPolicy policy = null;
try {
- policy = new PasswordPolicy("regexPatterns");
- fail("Expected NullPointerEXception: Regex Pattern cannot be null.");
+ policy = new PasswordPolicy("regexPattern");
+ fail("Expected NullPointerException: Regex Pattern cannot be null.");
} catch (NullPointerException e) {
// Expected NPE as regex pattern is null.
}
try {
- policy = new PasswordPolicy("regexPatterns(*)");
+ policy = new PasswordPolicy("regexPattern(*)");
fail("Expected PatternSyntaxException: Regex Pattern cannot be null.");
} catch (PatternSyntaxException e) {
// Expected PSE as regex pattern(or any of its token) is not quantifiable.
}
try {
- policy = new PasswordPolicy("regexPatterns(*,**)");
+ policy = new PasswordPolicy("regexPattern(*,**)");
fail("Expected PatternSyntaxException: Regex Pattern cannot be null.");
} catch (PatternSyntaxException e) {
// Expected PSE as regex pattern(or any of its token) is not quantifiable.
}
//Fails to match one of the regex pattern
- policy = new PasswordPolicy("regexPatterns(jdoe,j*d)");
+ policy = new PasswordPolicy("regexPattern(jdoe) and regexPattern(j*d)");
Assert.assertEquals("invalidPasswordRegexPatternMessage", policy.validate("jdoe", "jdoe").getMessage());
////Fails to match all of the regex patterns
- policy = new PasswordPolicy("regexPatterns(j*p,j*d,adoe)");
+ policy = new PasswordPolicy("regexPattern(j*p) and regexPattern(j*d) and regexPattern(adoe)");
Assert.assertEquals("invalidPasswordRegexPatternMessage", policy.validate("jdoe", "jdoe").getMessage());
- policy = new PasswordPolicy("regexPatterns([a-z][a-z][a-z][a-z][0-9])");
+ policy = new PasswordPolicy("regexPattern([a-z][a-z][a-z][a-z][0-9])");
Assert.assertEquals("invalidPasswordRegexPatternMessage", policy.validate("jdoe", "jdoe").getMessage());
- policy = new PasswordPolicy("regexPatterns(jdoe)");
+ policy = new PasswordPolicy("regexPattern(jdoe)");
Assert.assertNull(policy.validate("jdoe", "jdoe"));
- policy = new PasswordPolicy("regexPatterns([a-z][a-z][a-z][a-z][0-9])");
+ policy = new PasswordPolicy("regexPattern([a-z][a-z][a-z][a-z][0-9])");
Assert.assertNull(policy.validate("jdoe", "jdoe0"));
}
model/file/pom.xml 2(+1 -1)
diff --git a/model/file/pom.xml b/model/file/pom.xml
index 9d41184..a8ccef3 100755
--- a/model/file/pom.xml
+++ b/model/file/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/model/invalidation-cache/infinispan/pom.xml b/model/invalidation-cache/infinispan/pom.xml
index 4d818c8..5bedd76 100755
--- a/model/invalidation-cache/infinispan/pom.xml
+++ b/model/invalidation-cache/infinispan/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/model/invalidation-cache/model-adapters/pom.xml b/model/invalidation-cache/model-adapters/pom.xml
index 4719a06..0f45b87 100755
--- a/model/invalidation-cache/model-adapters/pom.xml
+++ b/model/invalidation-cache/model-adapters/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
model/invalidation-cache/pom.xml 2(+1 -1)
diff --git a/model/invalidation-cache/pom.xml b/model/invalidation-cache/pom.xml
index cdff0b8..2eb605d 100755
--- a/model/invalidation-cache/pom.xml
+++ b/model/invalidation-cache/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<name>Keycloak Model Invalidation Cache Parent</name>
model/jpa/pom.xml 2(+1 -1)
diff --git a/model/jpa/pom.xml b/model/jpa/pom.xml
index 8c21cee..f4f9eec 100755
--- a/model/jpa/pom.xml
+++ b/model/jpa/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
model/mongo/pom.xml 2(+1 -1)
diff --git a/model/mongo/pom.xml b/model/mongo/pom.xml
index 5387ffc..0c53237 100755
--- a/model/mongo/pom.xml
+++ b/model/mongo/pom.xml
@@ -5,7 +5,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
model/pom.xml 2(+1 -1)
diff --git a/model/pom.xml b/model/pom.xml
index de7e486..7cd37b8 100755
--- a/model/pom.xml
+++ b/model/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<name>Keycloak Model Parent</name>
model/sessions-infinispan/pom.xml 2(+1 -1)
diff --git a/model/sessions-infinispan/pom.xml b/model/sessions-infinispan/pom.xml
index 7aa04c8..3d8c256 100755
--- a/model/sessions-infinispan/pom.xml
+++ b/model/sessions-infinispan/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
pom.xml 2(+1 -1)
diff --git a/pom.xml b/pom.xml
index 861f0f1..ce53528 100755
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
</description>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<packaging>pom</packaging>
<properties>
proxy/launcher/pom.xml 2(+1 -1)
diff --git a/proxy/launcher/pom.xml b/proxy/launcher/pom.xml
index 34d82b5..89e594c 100755
--- a/proxy/launcher/pom.xml
+++ b/proxy/launcher/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
proxy/pom.xml 2(+1 -1)
diff --git a/proxy/pom.xml b/proxy/pom.xml
index 1fef24f..5a9f526 100755
--- a/proxy/pom.xml
+++ b/proxy/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<name>Model Parent</name>
proxy/proxy-server/pom.xml 2(+1 -1)
diff --git a/proxy/proxy-server/pom.xml b/proxy/proxy-server/pom.xml
index 008bd01..eb077ce 100755
--- a/proxy/proxy-server/pom.xml
+++ b/proxy/proxy-server/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
saml/pom.xml 2(+1 -1)
diff --git a/saml/pom.xml b/saml/pom.xml
index 3e90810..2487e9e 100755
--- a/saml/pom.xml
+++ b/saml/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<name>Keycloak SAML Integration</name>
saml/saml-core/pom.xml 2(+1 -1)
diff --git a/saml/saml-core/pom.xml b/saml/saml-core/pom.xml
index 3b1c977..ec148f3 100755
--- a/saml/saml-core/pom.xml
+++ b/saml/saml-core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/saml/saml-core/src/main/java/org/keycloak/saml/BaseSAML2BindingBuilder.java b/saml/saml-core/src/main/java/org/keycloak/saml/BaseSAML2BindingBuilder.java
index 63b5f5e..9ca97f8 100755
--- a/saml/saml-core/src/main/java/org/keycloak/saml/BaseSAML2BindingBuilder.java
+++ b/saml/saml-core/src/main/java/org/keycloak/saml/BaseSAML2BindingBuilder.java
@@ -119,11 +119,11 @@ public class BaseSAML2BindingBuilder<T extends BaseSAML2BindingBuilder> {
public BasePostBindingBuilder(BaseSAML2BindingBuilder builder, Document document) throws ProcessingException {
this.builder = builder;
- if (builder.encrypt) builder.encryptDocument(document);
this.document = document;
if (builder.signAssertions) {
builder.signAssertion(document);
}
+ if (builder.encrypt) builder.encryptDocument(document);
if (builder.sign) {
builder.signDocument(document);
}
@@ -154,8 +154,8 @@ public class BaseSAML2BindingBuilder<T extends BaseSAML2BindingBuilder> {
public BaseRedirectBindingBuilder(BaseSAML2BindingBuilder builder, Document document) throws ProcessingException {
this.builder = builder;
- if (builder.encrypt) builder.encryptDocument(document);
this.document = document;
+ if (builder.encrypt) builder.encryptDocument(document);
if (builder.signAssertions) {
builder.signAssertion(document);
}
@@ -332,7 +332,7 @@ public class BaseSAML2BindingBuilder<T extends BaseSAML2BindingBuilder> {
}
if (sign) {
- builder.queryParam(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, signatureAlgorithm.getJavaSignatureAlgorithm());
+ builder.queryParam(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, signatureAlgorithm.getXmlSignatureMethod());
URI uri = builder.build();
String rawQuery = uri.getRawQuery();
Signature signature = signatureAlgorithm.createSignature();
saml/saml-protocol/pom.xml 2(+1 -1)
diff --git a/saml/saml-protocol/pom.xml b/saml/saml-protocol/pom.xml
index d749a05..7da77bb 100755
--- a/saml/saml-protocol/pom.xml
+++ b/saml/saml-protocol/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
index 4be6608..383e1c5 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
@@ -455,8 +455,12 @@ public class SamlProtocol implements LoginProtocol {
if (roleListMapper == null) return;
AssertionType assertion = response.getAssertions().get(0).getAssertion();
AttributeStatementType attributeStatement = new AttributeStatementType();
- assertion.addStatement(attributeStatement);
roleListMapper.mapper.mapRoles(attributeStatement, roleListMapper.model, session, userSession, clientSession);
+
+ //SAML Spec 2.7.3 AttributeStatement must contain one or more Attribute or EncryptedAttribute
+ if(attributeStatement.getAttributes().size() > 0) {
+ assertion.addStatement(attributeStatement);
+ }
}
services/pom.xml 143(+118 -25)
diff --git a/services/pom.xml b/services/pom.xml
index 3f861fb..3f6bd51 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -13,6 +13,10 @@
<name>Keycloak REST Services</name>
<description />
+ <properties>
+ <version.swagger.doclet>1.0.5</version.swagger.doclet>
+ </properties>
+
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
@@ -185,30 +189,119 @@
<target>${maven.compiler.target}</target>
</configuration>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <subpackages>org.keycloak.services.resources.admin:org.keycloak.protocol.oidc</subpackages>
- <doclet>com.lunatech.doclets.jax.jaxrs.JAXRSDoclet</doclet>
- <docletArtifacts>
- <docletArtifact>
- <groupId>com.lunatech.jax-doclets</groupId>
- <artifactId>doclets</artifactId>
- <version>0.10.2</version>
- </docletArtifact>
- </docletArtifacts>
- <detectOfflineLinks>false</detectOfflineLinks>
- <offlineLinks>
- <offlineLink>
- <url>../javadocs</url>
- <location>${project.basedir}/../target/site/apidocs</location>
- </offlineLink>
- </offlineLinks>
- <additionalparam>-disablejavascriptexample</additionalparam>
- <additionalparam>-pathexcludefilter '/admin/.*index.*' -pathexcludefilter '/admin' -pathexcludefilter '/admin/\\{realm\\}/console.*'</additionalparam>
- </configuration>
- </plugin>
</plugins>
</build>
+
+ <profiles>
+ <profile>
+ <id>jboss-release</id>
+
+ <repositories>
+ <repository>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ <id>central</id>
+ <name>bintray</name>
+ <url>http://jcenter.bintray.com</url>
+ </repository>
+ </repositories>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-service-docs</id>
+ <phase>generate-resources</phase>
+ <configuration>
+ <doclet>com.carma.swagger.doclet.ServiceDoclet</doclet>
+ <docletArtifact>
+ <groupId>com.carma</groupId>
+ <artifactId>swagger-doclet</artifactId>
+ <version>${version.swagger.doclet}</version>
+ </docletArtifact>
+
+ <subpackages>org.keycloak.services.resources.admin:org.keycloak.protocol.oidc</subpackages>
+ <detectOfflineLinks>false</detectOfflineLinks>
+ <offlineLinks>
+ <offlineLink>
+ <url>../javadocs</url>
+ <location>${project.basedir}/../target/site/apidocs</location>
+ </offlineLink>
+ </offlineLinks>
+
+ <reportOutputDirectory>${project.basedir}/target/apidocs-rest/swagger</reportOutputDirectory>
+ <useStandardDocletOptions>false</useStandardDocletOptions>
+ <additionalparam> -skipUiFiles -apiVersion 1 -includeResourcePrefixes org.keycloak.services.resources.admin,org.keycloak.protocol.oidc -docBasePath /apidocs -apiBasePath http://localhost:8080/auth -apiInfoFile ${project.basedir}/src/docs/swagger/apiinfo.json</additionalparam>
+ </configuration>
+ <goals>
+ <goal>javadoc</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>com.redowlanalytics</groupId>
+ <artifactId>swagger2markup-maven-plugin</artifactId>
+ <version>0.7.1</version>
+
+ <dependencies>
+ <dependency>
+ <groupId>io.github.robwin</groupId>
+ <artifactId>swagger2markup</artifactId>
+ <version>0.7.1</version>
+ </dependency>
+ </dependencies>
+
+ <executions>
+ <execution>
+ <id>gen-asciidoc</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>process-swagger</goal>
+ </goals>
+ <configuration>
+ <inputDirectory>${project.basedir}/target/apidocs-rest/swagger/apidocs</inputDirectory>
+ <outputDirectory>${project.basedir}/target/apidocs-rest/asciidoc</outputDirectory>
+ <markupLanguage>asciidoc</markupLanguage>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.asciidoctor</groupId>
+ <artifactId>asciidoctor-maven-plugin</artifactId>
+ <version>1.5.2</version>
+ <executions>
+ <execution>
+ <id>generate-docs</id>
+ <phase>package</phase>
+ <goals>
+ <goal>process-asciidoc</goal>
+ </goals>
+ <configuration>
+ <sourceDirectory>${project.basedir}/src/docs/asciidoc</sourceDirectory>
+ <sourceDocumentName>index.adoc</sourceDocumentName>
+ <outputDirectory>${project.basedir}/target/apidocs-rest/output</outputDirectory>
+ <backend>html5</backend>
+ <attributes>
+ <!-- List of attributes:
+ https://github.com/asciidoctor/asciidoctorj/blob/master/asciidoctorj-core/src/main/java/org/asciidoctor/Attributes.java
+ -->
+ <toc/>
+ <generated>${project.basedir}/target/apidocs-rest/asciidoc</generated>
+ </attributes>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
</project>
diff --git a/services/src/docs/asciidoc/index.adoc b/services/src/docs/asciidoc/index.adoc
new file mode 100644
index 0000000..226d206
--- /dev/null
+++ b/services/src/docs/asciidoc/index.adoc
@@ -0,0 +1,3 @@
+include::{generated}/overview.adoc[]
+include::{generated}/paths.adoc[]
+include::{generated}/definitions.adoc[]
\ No newline at end of file
diff --git a/services/src/docs/swagger/apiinfo.json b/services/src/docs/swagger/apiinfo.json
new file mode 100644
index 0000000..575955f
--- /dev/null
+++ b/services/src/docs/swagger/apiinfo.json
@@ -0,0 +1,4 @@
+{
+ "title": "Keycloak Admin REST API",
+ "description": "This is a REST API reference for the Keycloak Admin"
+}
\ No newline at end of file
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
index b4917ec..bb17291 100644
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
@@ -1,8 +1,10 @@
package org.keycloak.authentication.authenticators.client;
import java.util.Collections;
+import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
@@ -10,16 +12,12 @@ import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.OAuth2Constants;
-import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.ClientAuthenticationFlowContext;
-import org.keycloak.events.Details;
-import org.keycloak.events.Errors;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.util.BasicAuthHelper;
/**
@@ -128,11 +126,6 @@ public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator
}
@Override
- public boolean isConfigurablePerClient() {
- return true;
- }
-
- @Override
public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
return REQUIREMENT_CHOICES;
}
@@ -149,11 +142,18 @@ public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator
@Override
public List<ProviderConfigProperty> getConfigPropertiesPerClient() {
- // This impl doesn't use generic screen in admin console, but has it's own screen. So no need to return anything here
+ // This impl doesn't use generic screen in admin console, but has its own screen. So no need to return anything here
return Collections.emptyList();
}
@Override
+ public Map<String, Object> getAdapterConfiguration(ClientModel client) {
+ Map<String, Object> result = new HashMap<>();
+ result.put(CredentialRepresentation.SECRET, client.getSecret());
+ return result;
+ }
+
+ @Override
public String getId() {
return PROVIDER_ID;
}
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
index 48336a9..0c308ab 100644
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
@@ -3,8 +3,10 @@ package org.keycloak.authentication.authenticators.client;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collections;
+import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
@@ -17,7 +19,6 @@ import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
@@ -145,11 +146,6 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
}
@Override
- public boolean isConfigurablePerClient() {
- return true;
- }
-
- @Override
public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
return REQUIREMENT_CHOICES;
}
@@ -166,11 +162,26 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
@Override
public List<ProviderConfigProperty> getConfigPropertiesPerClient() {
- // This impl doesn't use generic screen in admin console, but has it's own screen. So no need to return anything here
+ // This impl doesn't use generic screen in admin console, but has its own screen. So no need to return anything here
return Collections.emptyList();
}
@Override
+ public Map<String, Object> getAdapterConfiguration(ClientModel client) {
+ Map<String, Object> props = new HashMap<>();
+ props.put("client-keystore-file", "REPLACE WITH THE LOCATION OF YOUR KEYSTORE FILE");
+ props.put("client-keystore-type", "jks");
+ props.put("client-keystore-password", "REPLACE WITH THE KEYSTORE PASSWORD");
+ props.put("client-key-password", "REPLACE WITH THE KEY PASSWORD IN KEYSTORE");
+ props.put("client-key-alias", client.getClientId());
+ props.put("token-timeout", 10);
+
+ Map<String, Object> config = new HashMap<>();
+ config.put("jwt", props);
+ return config;
+ }
+
+ @Override
public String getId() {
return PROVIDER_ID;
}
diff --git a/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java
index 338f980..4b4c100 100644
--- a/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java
+++ b/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java
@@ -1,7 +1,9 @@
package org.keycloak.authentication;
import java.util.List;
+import java.util.Map;
+import org.keycloak.models.ClientModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderFactory;
@@ -26,18 +28,19 @@ public interface ClientAuthenticatorFactory extends ProviderFactory<ClientAuthen
boolean isConfigurable();
/**
- * Is this authenticator configurable per client? The configuration will be in "Clients" / "Credentials" tab in admin console
+ * List of config properties for this client implementation. Those will be shown in admin console in clients credentials tab and can be configured per client.
+ * Applicable only if "isConfigurablePerClient" is true
*
* @return
*/
- boolean isConfigurablePerClient();
+ List<ProviderConfigProperty> getConfigPropertiesPerClient();
/**
- * List of config properties for this client implementation. Those will be shown in admin console in clients credentials tab and can be configured per client.
- * Applicable only if "isConfigurablePerClient" is true
+ * Get configuration, which needs to be used for adapter ( keycloak.json ) of particular client. Some implementations
+ * may return just template and user needs to edit the values according to his environment (For example fill the location of keystore file)
*
* @return
*/
- List<ProviderConfigProperty> getConfigPropertiesPerClient();
+ Map<String, Object> getAdapterConfiguration(ClientModel client);
}
diff --git a/services/src/main/java/org/keycloak/services/managers/ClientManager.java b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
index 1b5a4e8..fa71557 100755
--- a/services/src/main/java/org/keycloak/services/managers/ClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
@@ -3,6 +3,8 @@ package org.keycloak.services.managers;
import org.codehaus.jackson.annotate.JsonProperty;
import org.codehaus.jackson.annotate.JsonPropertyOrder;
import org.jboss.logging.Logger;
+import org.keycloak.authentication.ClientAuthenticator;
+import org.keycloak.authentication.ClientAuthenticatorFactory;
import org.keycloak.constants.ServiceAccountConstants;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ProtocolMapperModel;
@@ -156,7 +158,7 @@ public class ClientManager {
@JsonProperty("public-client")
protected Boolean publicClient;
@JsonProperty("credentials")
- protected Map<String, String> credentials;
+ protected Map<String, Object> credentials;
public Boolean isUseResourceRoleMappings() {
return useResourceRoleMappings;
@@ -174,11 +176,11 @@ public class ClientManager {
this.resource = resource;
}
- public Map<String, String> getCredentials() {
+ public Map<String, Object> getCredentials() {
return credentials;
}
- public void setCredentials(Map<String, String> credentials) {
+ public void setCredentials(Map<String, Object> credentials) {
this.credentials = credentials;
}
@@ -213,11 +215,9 @@ public class ClientManager {
rep.setResource(clientModel.getClientId());
- if (!clientModel.isBearerOnly() && !clientModel.isPublicClient()) {
- Map<String, String> creds = new HashMap<String, String>();
- String cred = clientModel.getSecret();
- creds.put(CredentialRepresentation.SECRET, cred);
- rep.setCredentials(creds);
+ if (showClientCredentialsAdapterConfig(clientModel)) {
+ Map<String, Object> adapterConfig = getClientCredentialsAdapterConfig(clientModel);
+ rep.setCredentials(adapterConfig);
}
return rep;
@@ -238,8 +238,23 @@ public class ClientManager {
buffer.append(" <ssl-required>").append(realmModel.getSslRequired().name()).append("</ssl-required>\n");
buffer.append(" <resource>").append(clientModel.getClientId()).append("</resource>\n");
String cred = clientModel.getSecret();
- if (!clientModel.isBearerOnly() && !clientModel.isPublicClient()) {
- buffer.append(" <credential name=\"secret\">").append(cred).append("</credential>\n");
+ if (showClientCredentialsAdapterConfig(clientModel)) {
+ Map<String, Object> adapterConfig = getClientCredentialsAdapterConfig(clientModel);
+ for (Map.Entry<String, Object> entry : adapterConfig.entrySet()) {
+ buffer.append(" <credential name=\"" + entry.getKey() + "\">");
+
+ Object value = entry.getValue();
+ if (value instanceof Map) {
+ buffer.append("\n");
+ Map<String, Object> asMap = (Map<String, Object>) value;
+ for (Map.Entry<String, Object> credEntry : asMap.entrySet()) {
+ buffer.append(" <" + credEntry.getKey() + ">" + credEntry.getValue().toString() + "</" + credEntry.getKey() + ">\n");
+ }
+ buffer.append(" </credential>\n");
+ } else {
+ buffer.append(value.toString()).append("</credential>\n");
+ }
+ }
}
if (clientModel.getRoles().size() > 0) {
buffer.append(" <use-resource-role-mappings>true</use-resource-role-mappings>\n");
@@ -248,4 +263,22 @@ public class ClientManager {
return buffer.toString();
}
+ private boolean showClientCredentialsAdapterConfig(ClientModel client) {
+ if (client.isPublicClient()) {
+ return false;
+ }
+
+ if (client.isBearerOnly() && client.getNodeReRegistrationTimeout() <= 0) {
+ return false;
+ }
+
+ return true;
+ }
+
+ private Map<String, Object> getClientCredentialsAdapterConfig(ClientModel client) {
+ String clientAuthenticator = client.getClientAuthenticatorType();
+ ClientAuthenticatorFactory authenticator = (ClientAuthenticatorFactory) realmManager.getSession().getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, clientAuthenticator);
+ return authenticator.getAdapterConfiguration(client);
+ }
+
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index bb582af..fb0578e 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -337,7 +337,7 @@ public class RealmManager implements RealmImporter {
}
// Could happen when migrating from older version and I have exported JSON file, which contains "realm-management" client but not "impersonation" client
- // I need to postpone impersonation because it needs "realm-management" client and it's roles set
+ // I need to postpone impersonation because it needs "realm-management" client and its roles set
if (postponeImpersonationSetup) {
setupImpersonationService(realm);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
index d57e96e..834d957 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
@@ -77,6 +77,7 @@ public class AdminRoot {
/**
* Convenience path to master realm admin console
*
+ * @exclude
* @return
*/
@GET
@@ -90,6 +91,7 @@ public class AdminRoot {
/**
* Convenience path to master realm admin console
*
+ * @exclude
* @return
*/
@Path("index.{html:html}") // expression is actually "index.html" but this is a hack to get around jax-doclet bug
@@ -118,6 +120,7 @@ public class AdminRoot {
/**
* path to realm admin console ui
*
+ * @exclude
* @param name Realm name (not id!)
* @return
*/
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java
index 38eec9c..26b9956 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java
@@ -2,64 +2,24 @@ package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
-import org.jboss.resteasy.spi.BadRequestException;
-import org.jboss.resteasy.spi.NotFoundException;
-import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.ClientConnection;
-import org.keycloak.events.Event;
-import org.keycloak.events.EventQuery;
-import org.keycloak.events.EventStoreProvider;
-import org.keycloak.events.EventType;
-import org.keycloak.events.admin.AdminEvent;
-import org.keycloak.events.admin.AdminEventQuery;
import org.keycloak.events.admin.OperationType;
-import org.keycloak.exportimport.ClientImporter;
-import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserFederationProviderModel;
-import org.keycloak.models.UserSessionModel;
import org.keycloak.models.UsernameLoginFailureModel;
-import org.keycloak.models.cache.CacheRealmProvider;
-import org.keycloak.models.cache.CacheUserProvider;
-import org.keycloak.models.utils.ModelToRepresentation;
-import org.keycloak.models.utils.RepresentationToModel;
-import org.keycloak.protocol.oidc.TokenManager;
-import org.keycloak.representations.adapters.action.GlobalRequestResult;
-import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.services.ErrorResponse;
-import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.BruteForceProtector;
-import org.keycloak.services.managers.LDAPConnectionTestManager;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.services.managers.ResourceAdminManager;
-import org.keycloak.services.managers.UsersSyncManager;
-import org.keycloak.timer.TimerProvider;
-import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
import java.util.Map;
-import java.util.regex.PatternSyntaxException;
/**
* Base resource class for the admin REST api of one realm
@@ -127,7 +87,9 @@ public class AttackDetectionResource {
}
/**
- * Clear any user login failures for the user. This can release temporary disabled user
+ * Clear any user login failures for the user
+ *
+ * This can release temporary disabled user
*
* @param username
*/
@@ -143,7 +105,9 @@ public class AttackDetectionResource {
}
/**
- * Clear any user login failures for all users. This can release temporary disabled users
+ * Clear any user login failures for all users
+ *
+ * This can release temporary disabled users
*
*/
@Path("brute-force/usernames")
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
index 84ccb7d..ede2e27 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
@@ -6,13 +6,10 @@ import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.authentication.AuthenticationFlow;
import org.keycloak.authentication.Authenticator;
-import org.keycloak.authentication.AuthenticatorUtil;
import org.keycloak.authentication.ClientAuthenticator;
import org.keycloak.authentication.ClientAuthenticatorFactory;
import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
-import org.keycloak.authentication.DefaultAuthenticationFlow;
import org.keycloak.authentication.FormAction;
-import org.keycloak.authentication.FormAuthenticationFlow;
import org.keycloak.authentication.FormAuthenticator;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
@@ -22,7 +19,6 @@ import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredActionProviderModel;
-import org.keycloak.provider.ConfiguredProvider;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
@@ -172,6 +168,11 @@ public class AuthenticationManagementResource {
}
}
+ /**
+ * Get form providers
+ *
+ * Returns a list of form providers.
+ */
@Path("/form-providers")
@GET
@NoCache
@@ -182,6 +183,11 @@ public class AuthenticationManagementResource {
return buildProviderMetadata(factories);
}
+ /**
+ * Get authenticator providers
+ *
+ * Returns a list of authenticator providers.
+ */
@Path("/authenticator-providers")
@GET
@NoCache
@@ -192,6 +198,11 @@ public class AuthenticationManagementResource {
return buildProviderMetadata(factories);
}
+ /**
+ * Get client authenticator providers
+ *
+ * Returns a list of client authenticator providers.
+ */
@Path("/client-authenticator-providers")
@GET
@NoCache
@@ -211,16 +222,16 @@ public class AuthenticationManagementResource {
data.put("description", configured.getHelpText());
data.put("displayName", configured.getDisplayType());
- if (configured instanceof ClientAuthenticatorFactory) {
- ClientAuthenticatorFactory configuredClient = (ClientAuthenticatorFactory) configured;
- data.put("configurablePerClient", configuredClient.isConfigurablePerClient());
- }
-
providers.add(data);
}
return providers;
}
+ /**
+ * Get form action providers
+ *
+ * Returns a list of form action providers.
+ */
@Path("/form-action-providers")
@GET
@NoCache
@@ -232,6 +243,11 @@ public class AuthenticationManagementResource {
}
+ /**
+ * Get authentication flows
+ *
+ * Returns a list of authentication flows.
+ */
@Path("/flows")
@GET
@NoCache
@@ -247,6 +263,12 @@ public class AuthenticationManagementResource {
return flows;
}
+ /**
+ * Create a new authentication flow
+ *
+ * @param model Authentication flow model
+ * @return
+ */
@Path("/flows")
@POST
@NoCache
@@ -263,6 +285,12 @@ public class AuthenticationManagementResource {
}
+ /**
+ * Get authentication flow for id
+ *
+ * @param id Flow id
+ * @return
+ */
@Path("/flows/{id}")
@GET
@NoCache
@@ -277,6 +305,11 @@ public class AuthenticationManagementResource {
return flow;
}
+ /**
+ * Delete an authentication flow
+ *
+ * @param id Flow id
+ */
@Path("/flows/{id}")
@DELETE
@NoCache
@@ -293,6 +326,14 @@ public class AuthenticationManagementResource {
realm.removeAuthenticationFlow(flow);
}
+ /**
+ * Copy existing authentication flow under a new name
+ *
+ * The new name is given as 'newName' attribute of the passed JSON object
+ *
+ * @param flowAlias Name of the existing authentication flow
+ * @param data JSON containing 'newName' attribute
+ */
@Path("/flows/{flowAlias}/copy")
@POST
@NoCache
@@ -343,6 +384,12 @@ public class AuthenticationManagementResource {
}
}
+ /**
+ * Add new flow with new execution to existing flow
+ *
+ * @param flowAlias Alias of parent authentication flow
+ * @param data New authentication flow / execution JSON data containing 'alias', 'type', 'provider', and 'description' attributes
+ */
@Path("/flows/{flowAlias}/executions/flow")
@POST
@NoCache
@@ -378,6 +425,12 @@ public class AuthenticationManagementResource {
realm.addAuthenticatorExecution(execution);
}
+ /**
+ * Add new authentication execution to a flow
+ *
+ * @param flowAlias Alias of parent flow
+ * @param data New execution JSON data containing 'provider' attribute
+ */
@Path("/flows/{flowAlias}/executions/execution")
@POST
@NoCache
@@ -400,8 +453,11 @@ public class AuthenticationManagementResource {
realm.addAuthenticatorExecution(execution);
}
-
-
+ /**
+ * Get authentication executions for a flow
+ *
+ * @param flowAlias Flow alias
+ */
@Path("/flows/{flowAlias}/executions")
@GET
@NoCache
@@ -472,6 +528,12 @@ public class AuthenticationManagementResource {
}
}
+ /**
+ * Update authentication executions of a flow
+ *
+ * @param flowAlias Flow alias
+ * @param rep
+ */
@Path("/flows/{flowAlias}/executions")
@PUT
@NoCache
@@ -497,6 +559,11 @@ public class AuthenticationManagementResource {
}
}
+ /**
+ * Add new authentication execution
+ *
+ * @param model JSON model describing authentication execution
+ */
@Path("/executions")
@POST
@NoCache
@@ -530,6 +597,11 @@ public class AuthenticationManagementResource {
return parentFlow;
}
+ /**
+ * Raise execution's priority
+ *
+ * @param execution Execution id
+ */
@Path("/executions/{executionId}/raise-priority")
@POST
@NoCache
@@ -569,6 +641,11 @@ public class AuthenticationManagementResource {
return executions;
}
+ /**
+ * Lower execution's priority
+ *
+ * @param execution Execution id
+ */
@Path("/executions/{executionId}/lower-priority")
@POST
@NoCache
@@ -602,6 +679,11 @@ public class AuthenticationManagementResource {
}
+ /**
+ * Delete execution
+ *
+ * @param execution Execution id
+ */
@Path("/executions/{executionId}")
@DELETE
@NoCache
@@ -622,9 +704,13 @@ public class AuthenticationManagementResource {
}
-
-
-
+ /**
+ * Update execution with new configuration
+ *
+ * @param execution Execution id
+ * @param config JSON with new configuration
+ * @return
+ */
@Path("/executions/{executionId}/config")
@POST
@NoCache
@@ -644,6 +730,12 @@ public class AuthenticationManagementResource {
return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build();
}
+ /**
+ * Get execution's configuration
+ *
+ * @param execution Execution id
+ * @param id Configuration id
+ */
@Path("/executions/{executionId}/config/{id}")
@GET
@Produces(MediaType.APPLICATION_JSON)
@@ -707,6 +799,11 @@ public class AuthenticationManagementResource {
}
}
+ /**
+ * Get unregistered required actions
+ *
+ * Returns a list of unregistered required actions.
+ */
@Path("unregistered-required-actions")
@GET
@Produces(MediaType.APPLICATION_JSON)
@@ -734,6 +831,11 @@ public class AuthenticationManagementResource {
return unregisteredList;
}
+ /**
+ * Register a new required actions
+ *
+ * @param data JSON containing 'providerId', and 'name' attributes.
+ */
@Path("register-required-action")
@POST
@Consumes(MediaType.APPLICATION_JSON)
@@ -751,7 +853,11 @@ public class AuthenticationManagementResource {
}
-
+ /**
+ * Get required actions
+ *
+ * Returns a list of required actions.
+ */
@Path("required-actions")
@GET
@Produces(MediaType.APPLICATION_JSON)
@@ -775,6 +881,10 @@ public class AuthenticationManagementResource {
return rep;
}
+ /**
+ * Get required action for alias
+ * @param alias Alias of required action
+ */
@Path("required-actions/{alias}")
@GET
@Produces(MediaType.APPLICATION_JSON)
@@ -788,6 +898,12 @@ public class AuthenticationManagementResource {
}
+ /**
+ * Update required action
+ *
+ * @param alias Alias of required action
+ * @param rep JSON describing new state of required action
+ */
@Path("required-actions/{alias}")
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@@ -808,6 +924,10 @@ public class AuthenticationManagementResource {
realm.updateRequiredActionProvider(update);
}
+ /**
+ * Delete required action
+ * @param alias Alias of required action
+ */
@Path("required-actions/{alias}")
@DELETE
public void updateRequiredAction(@PathParam("alias") String alias) {
@@ -860,6 +980,9 @@ public class AuthenticationManagementResource {
}
+ /**
+ * Get authenticator provider's configuration description
+ */
@Path("config-description/{providerId}")
@GET
@Produces(MediaType.APPLICATION_JSON)
@@ -893,24 +1016,39 @@ public class AuthenticationManagementResource {
return propRep;
}
-
- @Path("per-client-config-description/{providerId}")
+ /**
+ * Get configuration descriptions for all clients
+ */
+ @Path("per-client-config-description")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
- public List<ConfigPropertyRepresentation> getPerClientConfigDescription(@PathParam("providerId") String providerId) {
+ public Map<String, List<ConfigPropertyRepresentation>> getPerClientConfigDescription() {
this.auth.requireView();
- ConfigurableAuthenticatorFactory factory = CredentialHelper.getConfigurableAuthenticatorFactory(session, providerId);
- ClientAuthenticatorFactory clientAuthFactory = (ClientAuthenticatorFactory) factory;
- List<ProviderConfigProperty> perClientConfigProps = clientAuthFactory.getConfigPropertiesPerClient();
- List<ConfigPropertyRepresentation> result = new LinkedList<>();
- for (ProviderConfigProperty prop : perClientConfigProps) {
- ConfigPropertyRepresentation propRep = getConfigPropertyRep(prop);
- result.add(propRep);
+ List<ProviderFactory> factories = session.getKeycloakSessionFactory().getProviderFactories(ClientAuthenticator.class);
+
+ Map<String, List<ConfigPropertyRepresentation>> toReturn = new HashMap<>();
+ for (ProviderFactory clientAuthenticatorFactory : factories) {
+ String providerId = clientAuthenticatorFactory.getId();
+ ConfigurableAuthenticatorFactory factory = CredentialHelper.getConfigurableAuthenticatorFactory(session, providerId);
+ ClientAuthenticatorFactory clientAuthFactory = (ClientAuthenticatorFactory) factory;
+ List<ProviderConfigProperty> perClientConfigProps = clientAuthFactory.getConfigPropertiesPerClient();
+ List<ConfigPropertyRepresentation> result = new LinkedList<>();
+ for (ProviderConfigProperty prop : perClientConfigProps) {
+ ConfigPropertyRepresentation propRep = getConfigPropertyRep(prop);
+ result.add(propRep);
+ }
+
+ toReturn.put(providerId, result);
}
- return result;
+
+ return toReturn;
}
+ /**
+ * Create new authenticator configuration
+ * @param config JSON describing new authenticator configuration
+ */
@Path("config")
@POST
@NoCache
@@ -920,6 +1058,10 @@ public class AuthenticationManagementResource {
return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build();
}
+ /**
+ * Get authenticator configuration
+ * @param id Configuration id
+ */
@Path("config/{id}")
@GET
@Produces(MediaType.APPLICATION_JSON)
@@ -933,6 +1075,11 @@ public class AuthenticationManagementResource {
}
return config;
}
+
+ /**
+ * Delete authenticator configuration
+ * @param id Configuration id
+ */
@Path("config/{id}")
@DELETE
@NoCache
@@ -955,6 +1102,12 @@ public class AuthenticationManagementResource {
realm.removeAuthenticatorConfig(config);
}
+
+ /**
+ * Update authenticator configuration
+ * @param id Configuration id
+ * @param config JSON describing new state of authenticator configuration
+ */
@Path("config/{id}")
@PUT
@Consumes(MediaType.APPLICATION_JSON)
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
index f6949fc..c6a5fea 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
@@ -64,6 +64,7 @@ public class ClientAttributeCertificateResource {
}
/**
+ * Get key info
*
* @return
*/
@@ -78,6 +79,7 @@ public class ClientAttributeCertificateResource {
}
/**
+ * Generate a new certificate with new key pair
*
* @return
*/
@@ -256,8 +258,9 @@ public class ClientAttributeCertificateResource {
}
/**
+ * Get a keystore file for the client, containing private key and public certificate
*
- * @param config
+ * @param config Keystore configuration as JSON
* @return
*/
@POST
@@ -288,10 +291,12 @@ public class ClientAttributeCertificateResource {
}
/**
- * Generate new keypair and certificate and downloads private key into specified keystore format. Only generated certificate is saved in Keycloak DB, but private
- * key is not.
+ * Generate a new keypair and certificate, and get the private key file
*
- * @param config
+ * Generates a keypair and certificate and serves the private key in a specified keystore format.
+ * Only generated public certificate is saved in Keycloak DB - the private key is not.
+ *
+ * @param config Keystore configuration as JSON
* @return
*/
@POST
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
index 821f279..2198333 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
@@ -92,7 +92,7 @@ public class ClientResource {
}
/**
- * Update the client.
+ * Update the client
* @param rep
* @return
*/
@@ -116,7 +116,7 @@ public class ClientResource {
/**
- * Get representation of the client.
+ * Get representation of the client
*
* @return
*/
@@ -129,6 +129,7 @@ public class ClientResource {
}
/**
+ * Get representation of certificate resource
*
* @param attributePrefix
* @return
@@ -140,7 +141,9 @@ public class ClientResource {
/**
- * Return keycloak.json file for this client to be used to configure the adapter of that client.
+ * Get keycloak.json file
+ *
+ * Returns a keycloak.json file to be used to configure the adapter of the specified client.
*
* @return
* @throws IOException
@@ -160,7 +163,9 @@ public class ClientResource {
}
/**
- * Return XML that can be included in the JBoss/Wildfly Keycloak subsystem to configure the adapter of that client.
+ * Get adapter configuration XML for JBoss / Wildfly Keycloak subsystem
+ *
+ * Returns XML that can be included in the JBoss / Wildfly Keycloak subsystem to configure the adapter of that client.
*
* @return
* @throws IOException
@@ -177,7 +182,7 @@ public class ClientResource {
}
/**
- * Delete this client.
+ * Delete the client
*
*/
@DELETE
@@ -190,7 +195,7 @@ public class ClientResource {
/**
- * Generates a new secret for this client
+ * Generate a new secret for the client
*
* @return
*/
@@ -209,7 +214,7 @@ public class ClientResource {
}
/**
- * Get the secret of this client
+ * Get the client secret
*
* @return
*/
@@ -227,7 +232,7 @@ public class ClientResource {
}
/**
- * Base path for managing the scope mappings for this client
+ * Base path for managing the scope mappings for the client
*
* @return
*/
@@ -242,7 +247,9 @@ public class ClientResource {
}
/**
- * Returns set of allowed origin. This is used for CORS requests. Access tokens will have
+ * Get allowed origins
+ *
+ * This is used for CORS requests. Access tokens will have
* their allowedOrigins claim set to this value for tokens created for this client.
*
* @return
@@ -258,7 +265,9 @@ public class ClientResource {
}
/**
- * Change the set of allowed origins. This is used for CORS requests. Access tokens will have
+ * Update allowed origins
+ *
+ * This is used for CORS requests. Access tokens will have
* their allowedOrigins claim set to this value for tokens created for this client.
*
* @param allowedOrigins
@@ -275,10 +284,12 @@ public class ClientResource {
}
/**
- * Remove set of allowed origins from current allowed origins list. This is used for CORS requests. Access tokens will have
+ * Delete the specified origins from current allowed origins
+ *
+ * This is used for CORS requests. Access tokens will have
* their allowedOrigins claim set to this value for tokens created for this client.
*
- * @param allowedOrigins
+ * @param allowedOrigins List of origins to delete
*/
@Path("allowed-origins")
@DELETE
@@ -294,7 +305,7 @@ public class ClientResource {
}
/**
- * Returns user dedicated to this service account
+ * Get a user dedicated to the service account
*
* @return
*/
@@ -319,8 +330,9 @@ public class ClientResource {
}
/**
- * If the client has an admin URL, push the client's revocation policy to it.
+ * Push the client's revocation policy to its admin URL
*
+ * If the client has an admin URL, push revocation policy to it.
*/
@Path("push-revocation")
@POST
@@ -332,7 +344,9 @@ public class ClientResource {
}
/**
- * Number of user sessions associated with this client
+ * Get application session count
+ *
+ * Returns a number of user sessions associated with this client
*
* {
* "count": number
@@ -352,8 +366,12 @@ public class ClientResource {
}
/**
- * Return a list of user sessions associated with this client
+ * Get user sessions for client
+ *
+ * Returns a list of user sessions associated with this client
*
+ * @param firstResult Paging offset
+ * @param maxResults Paging size
* @return
*/
@Path("user-sessions")
@@ -373,6 +391,8 @@ public class ClientResource {
}
/**
+ * Logout all sessions
+ *
* If the client has an admin URL, invalidate all sessions associated with that client directly.
*
*/
@@ -386,6 +406,8 @@ public class ClientResource {
}
/**
+ * Logout the user by username
+ *
* If the client has an admin URL, invalidate the sessions for a particular user directly.
*
*/
@@ -403,6 +425,8 @@ public class ClientResource {
}
/**
+ * Register a cluster node with the client
+ *
* Manually register cluster node to this client - usually it's not needed to call this directly as adapter should handle
* by sending registration request to Keycloak
*
@@ -423,7 +447,7 @@ public class ClientResource {
}
/**
- * Unregister cluster node from this client
+ * Unregister a cluster node from the client
*
* @param node
*/
@@ -443,7 +467,9 @@ public class ClientResource {
}
/**
- * Test if registered cluster nodes are available by sending 'ping' request to all of them
+ * Test if registered cluster nodes are available
+ *
+ * Tests availability by sending 'ping' request to all cluster nodes.
*
* @return
*/
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
index 862aa09..e780dbf 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
@@ -52,9 +52,9 @@ public class ClientsResource {
}
/**
- * List of clients belonging to this realm.
+ * Get clients belonging to the realm
*
- * @return
+ * Returns a list of clients belonging to the realm
*/
@GET
@Produces(MediaType.APPLICATION_JSON)
@@ -80,7 +80,9 @@ public class ClientsResource {
}
/**
- * Create a new client. Client client_id must be unique!
+ * Create a new client
+ *
+ * Client's client_id must be unique!
*
* @param uriInfo
* @param rep
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
index eeffe5d..bf17f4b 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
@@ -7,7 +7,6 @@ import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.IdentityProviderFactory;
import org.keycloak.broker.provider.IdentityProviderMapper;
import org.keycloak.events.admin.OperationType;
-import org.keycloak.models.ClientModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;
@@ -70,6 +69,11 @@ public class IdentityProviderResource {
this.adminEvent = adminEvent;
}
+ /**
+ * Get the identity provider
+ *
+ * @return
+ */
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
@@ -79,6 +83,11 @@ public class IdentityProviderResource {
return rep;
}
+ /**
+ * Delete the identity provider
+ *
+ * @return
+ */
@DELETE
@NoCache
public Response delete() {
@@ -91,6 +100,12 @@ public class IdentityProviderResource {
return Response.noContent().build();
}
+ /**
+ * Update the identity provider
+ *
+ * @param providerRep
+ * @return
+ */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@NoCache
@@ -161,7 +176,13 @@ public class IdentityProviderResource {
return null;
}
-
+ /**
+ * Export public broker configuration for identity provider
+ *
+ * @param uriInfo
+ * @param format Format to use
+ * @return
+ */
@GET
@Path("export")
@NoCache
@@ -175,6 +196,9 @@ public class IdentityProviderResource {
}
}
+ /**
+ * Get mapper types for identity provider
+ */
@GET
@Path("mapper-types")
@NoCache
@@ -210,6 +234,9 @@ public class IdentityProviderResource {
return types;
}
+ /**
+ * Get mappers for identity provider
+ */
@GET
@Path("mappers")
@Produces(MediaType.APPLICATION_JSON)
@@ -223,6 +250,12 @@ public class IdentityProviderResource {
return mappers;
}
+ /**
+ * Add a mapper to identity provider
+ *
+ * @param mapper
+ * @return
+ */
@POST
@Path("mappers")
@Consumes(MediaType.APPLICATION_JSON)
@@ -238,6 +271,12 @@ public class IdentityProviderResource {
}
+ /**
+ * Get mapper by id for the identity provider
+ *
+ * @param id
+ * @return
+ */
@GET
@NoCache
@Path("mappers/{id}")
@@ -249,6 +288,12 @@ public class IdentityProviderResource {
return ModelToRepresentation.toRepresentation(model);
}
+ /**
+ * Update a mapper for the identity provider
+ *
+ * @param id Mapper id
+ * @param rep
+ */
@PUT
@NoCache
@Path("mappers/{id}")
@@ -263,6 +308,11 @@ public class IdentityProviderResource {
}
+ /**
+ * Delete a mapper for the identity provider
+ *
+ * @param id Mapper id
+ */
@DELETE
@NoCache
@Path("mappers/{id}")
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
index 8b2a049..d3dc33a 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
@@ -57,6 +57,12 @@ public class IdentityProvidersResource {
this.adminEvent = adminEvent;
}
+ /**
+ * Get identity providers
+ *
+ * @param providerId Provider id
+ * @return
+ */
@Path("/providers/{provider_id}")
@GET
@NoCache
@@ -70,6 +76,14 @@ public class IdentityProvidersResource {
return Response.status(BAD_REQUEST).build();
}
+ /**
+ * Import identity provider from uploaded JSON file
+ *
+ * @param uriInfo
+ * @param input
+ * @return
+ * @throws IOException
+ */
@POST
@Path("import-config")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@@ -85,6 +99,14 @@ public class IdentityProvidersResource {
return config;
}
+ /**
+ * Import identity provider from JSON body
+ *
+ * @param uriInfo
+ * @param data JSON body
+ * @return
+ * @throws IOException
+ */
@POST
@Path("import-config")
@Consumes(MediaType.APPLICATION_JSON)
@@ -108,6 +130,11 @@ public class IdentityProvidersResource {
}
}
+ /**
+ * Get identity providers
+ *
+ * @return
+ */
@GET
@Path("instances")
@NoCache
@@ -123,6 +150,13 @@ public class IdentityProvidersResource {
return representations;
}
+ /**
+ * Create a new identity provider
+ *
+ * @param uriInfo
+ * @param representation JSON body
+ * @return
+ */
@POST
@Path("instances")
@Consumes(MediaType.APPLICATION_JSON)
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java
index fd0afc9..70022c0 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java
@@ -38,7 +38,7 @@ public class ServerInfoAdminResource {
private KeycloakSession session;
/**
- * Returns a list of themes, social providers, auth providers, and event listeners available on this server
+ * Get themes, social providers, auth providers, and event listeners available on this server
*
* @return
*/
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/info/SystemInfoRepresentation.java b/services/src/main/java/org/keycloak/services/resources/admin/info/SystemInfoRepresentation.java
index bc0329a..e34edc9 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/info/SystemInfoRepresentation.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/info/SystemInfoRepresentation.java
@@ -46,7 +46,9 @@ public class SystemInfoRepresentation {
rep.userName = System.getProperty("user.name");
rep.userDir = System.getProperty("user.dir");
rep.userTimezone = System.getProperty("user.timezone");
- rep.userLocale = (new Locale(System.getProperty("user.country"), System.getProperty("user.language")).toString());
+ if (System.getProperty("user.country") != null && System.getProperty("user.language") != null) {
+ rep.userLocale = (new Locale(System.getProperty("user.country"), System.getProperty("user.language")).toString());
+ }
return rep;
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
index 145a26d..306d350 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
@@ -7,7 +7,6 @@ import org.keycloak.events.admin.OperationType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
-import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
@@ -39,7 +38,7 @@ public class ProtocolMappersResource {
protected ClientModel client;
- protected RealmAuth auth;
+ protected RealmAuth auth;
protected AdminEventBuilder adminEvent;
@@ -58,7 +57,7 @@ public class ProtocolMappersResource {
}
/**
- * Map of mappers by name for a specific protocol
+ * Get mappers by name for a specific protocol
*
* @param protocol
* @return
@@ -77,7 +76,7 @@ public class ProtocolMappersResource {
}
/**
- * creates mapper
+ * Create a mapper
*
* @param rep
*/
@@ -93,7 +92,7 @@ public class ProtocolMappersResource {
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
}
/**
- * creates multiple mapper
+ * Create multiple mappers
*
*/
@Path("add-models")
@@ -110,6 +109,11 @@ public class ProtocolMappersResource {
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(reps).success();
}
+ /**
+ * Get mappers
+ *
+ * @return
+ */
@GET
@NoCache
@Path("models")
@@ -123,6 +127,12 @@ public class ProtocolMappersResource {
return mappers;
}
+ /**
+ * Get mapper by id
+ *
+ * @param id Mapper id
+ * @return
+ */
@GET
@NoCache
@Path("models/{id}")
@@ -134,6 +144,12 @@ public class ProtocolMappersResource {
return ModelToRepresentation.toRepresentation(model);
}
+ /**
+ * Update the mapper
+ *
+ * @param id Mapper id
+ * @param rep
+ */
@PUT
@NoCache
@Path("models/{id}")
@@ -147,6 +163,11 @@ public class ProtocolMappersResource {
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
}
+ /**
+ * Delete the mapper
+ *
+ * @param id Mapper id
+ */
@DELETE
@NoCache
@Path("models/{id}")
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index 40710a1..bab74d6 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -6,8 +6,6 @@ import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.ClientConnection;
-import org.keycloak.authentication.RequiredActionFactory;
-import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.events.Event;
import org.keycloak.events.EventQuery;
import org.keycloak.events.EventStoreProvider;
@@ -27,7 +25,6 @@ import org.keycloak.models.cache.CacheUserProvider;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.TokenManager;
-import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
@@ -143,7 +140,9 @@ public class RealmAdminResource {
}
/**
- * Get the top-level representation of the realm. It will not include nested information like User and Client representations.
+ * Get the top-level representation of the realm
+ *
+ * It will not include nested information like User and Client representations.
*
* @return
*/
@@ -172,7 +171,9 @@ public class RealmAdminResource {
}
/**
- * Update the top-level information of this realm. Any user, roles or client information in the representation
+ * Update the top-level information of the realm
+ *
+ * Any user, roles or client information in the representation
* will be ignored. This will only update top-level attributes of the realm.
*
* @param rep
@@ -215,7 +216,7 @@ public class RealmAdminResource {
}
/**
- * Delete this realm.
+ * Delete the realm
*
*/
@DELETE
@@ -260,7 +261,7 @@ public class RealmAdminResource {
}
/**
- * Path for managing all realm-level or client-level roles defined in this realm by it's id.
+ * Path for managing all realm-level or client-level roles defined in this realm by its id.
*
* @return
*/
@@ -316,8 +317,10 @@ public class RealmAdminResource {
}
/**
+ * Get client session stats
+ *
* Returns a JSON map. The key is the client id, the value is the number of sessions that currently are active
- * with that client. Only client's that actually have a session associated with them will be in this map.
+ * with that client. Only clients that actually have a session associated with them will be in this map.
*
* @return
*/
@@ -341,7 +344,9 @@ public class RealmAdminResource {
}
/**
- * View the events provider and how it is configured.
+ * Get the events provider configuration
+ *
+ * Returns JSON object with events provider configuration
*
* @return
*/
@@ -356,7 +361,9 @@ public class RealmAdminResource {
}
/**
- * Change the events provider and/or it's configuration
+ * Update the events provider
+ *
+ * Change the events provider and/or its configuration
*
* @param rep
*/
@@ -371,15 +378,17 @@ public class RealmAdminResource {
}
/**
- * Query events. Returns all events, or will query based on URL query parameters listed here
+ * Get events
*
- * @param client app or oauth client name
- * @param user user id
- * @param ipAddress
- * @param dateTo
- * @param dateFrom
- * @param firstResult
- * @param maxResults
+ * Returns all events, or filters them based on URL query parameters listed here
+ *
+ * @param client App or oauth client name
+ * @param user User id
+ * @param ipAddress IP address
+ * @param dateTo To date
+ * @param dateFrom From date
+ * @param firstResult Paging offset
+ * @param maxResults Paging size
* @return
*/
@Path("events")
@@ -448,7 +457,9 @@ public class RealmAdminResource {
}
/**
- * Query admin events. Returns all admin events, or will query based on URL query parameters listed here
+ * Get admin events
+ *
+ * Returns all admin events, or filters events based on URL query parameters listed here
*
* @param authRealm
* @param authClient
@@ -538,7 +549,7 @@ public class RealmAdminResource {
}
/**
- * Delete all events.
+ * Delete all events
*
*/
@Path("events")
@@ -551,7 +562,7 @@ public class RealmAdminResource {
}
/**
- * Delete all admin events.
+ * Delete all admin events
*
*/
@Path("admin-events")
@@ -563,6 +574,15 @@ public class RealmAdminResource {
eventStore.clearAdmin(realm.getId());
}
+ /**
+ * Test LDAP connection
+ *
+ * @param action
+ * @param connectionUrl
+ * @param bindDn
+ * @param bindCredential
+ * @return
+ */
@Path("testLDAPConnection")
@GET
@NoCache
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
index f2494c9..d0fb521 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
@@ -73,7 +73,9 @@ public class RealmsAdminResource {
}
/**
- * Returns a list of realms. This list is filtered based on what realms the caller is allowed to view.
+ * Get accessible realms
+ *
+ * Returns a list of accessible realms. The list is filtered based on what realms the caller is allowed to view.
*
* @return
*/
@@ -107,10 +109,12 @@ public class RealmsAdminResource {
}
/**
- * Import a realm from a full representation of that realm. Realm name must be unique.
+ * Import a realm
+ *
+ * Imports a realm from a full representation of that realm. Realm name must be unique.
*
* @param uriInfo
- * @param rep JSON representation
+ * @param rep JSON representation of the realm
* @return
*/
@POST
@@ -141,7 +145,9 @@ public class RealmsAdminResource {
}
/**
- * Upload a realm from a uploaded JSON file. The posted represenation is expected to be a multipart/form-data encapsulation
+ * Import a realm from uploaded JSON file
+ *
+ * The posted represenation is expected to be a multipart/form-data encapsulation
* of a JSON file. The same format a browser would use when uploading a file.
*
* @param uriInfo
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
index bea5d52..1482cab 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
@@ -87,7 +87,7 @@ public class RoleByIdResource extends RoleResource {
}
/**
- * Delete this role
+ * Delete the role
*
* @param id id of role
*/
@@ -102,7 +102,7 @@ public class RoleByIdResource extends RoleResource {
}
/**
- * Update this role
+ * Update the role
*
* @param id id of role
* @param rep
@@ -118,7 +118,7 @@ public class RoleByIdResource extends RoleResource {
}
/**
- * Make this role a composite role by associating some child roles to it.
+ * Make the role a composite role by associating some child roles
*
* @param id
* @param roles
@@ -133,7 +133,9 @@ public class RoleByIdResource extends RoleResource {
}
/**
- * If this role is a composite, return a set of its children
+ * Get role's children
+ *
+ * Returns a set of role's children provided the role is a composite.
*
* @param id
* @return
@@ -151,7 +153,7 @@ public class RoleByIdResource extends RoleResource {
}
/**
- * Return a set of realm-level roles that are in the role's composite
+ * Get realm-level roles that are in the role's composite
*
* @param id
* @return
@@ -167,7 +169,7 @@ public class RoleByIdResource extends RoleResource {
}
/**
- * Return a set of client-level roles for a specific client that are in the role's composite
+ * Get client-level roles for the client that are in the role's composite
*
* @param id
* @param client
@@ -189,7 +191,7 @@ public class RoleByIdResource extends RoleResource {
}
/**
- * Return a set of client-level roles for a specific client that are in the role's composite
+ * Get client-level roles for the client that are in the role's composite
*
* @param role
* @param client
@@ -212,10 +214,10 @@ public class RoleByIdResource extends RoleResource {
}
/**
- * Remove the listed set of roles from this role's composite
+ * Remove a set of roles from the role's composite
*
- * @param id
- * @param roles
+ * @param id Role id
+ * @param roles A set of roles to be removed
*/
@Path("{role-id}/composites")
@DELETE
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
index f267d15..168ff47 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
@@ -4,7 +4,6 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
@@ -51,7 +50,7 @@ public class RoleContainerResource extends RoleResource {
}
/**
- * List all roles for this realm or client
+ * Get all roles for the realm or client
*
* @return
*/
@@ -70,7 +69,7 @@ public class RoleContainerResource extends RoleResource {
}
/**
- * Create a new role for this realm or client
+ * Create a new role for the realm or client
*
* @param rep
* @return
@@ -164,7 +163,7 @@ public class RoleContainerResource extends RoleResource {
}
/**
- * Add a composite to this role
+ * Add a composite to the role
*
* @param roleName role's name (not id!)
* @param roles
@@ -183,7 +182,7 @@ public class RoleContainerResource extends RoleResource {
}
/**
- * List composites of this role
+ * Get composites of the role
*
* @param roleName role's name (not id!)
* @return
@@ -203,7 +202,7 @@ public class RoleContainerResource extends RoleResource {
}
/**
- * Get realm-level roles of this role's composite
+ * Get realm-level roles of the role's composite
*
* @param roleName role's name (not id!)
* @return
@@ -223,7 +222,7 @@ public class RoleContainerResource extends RoleResource {
}
/**
- * An app-level roles for a specific app for this role's composite
+ * An app-level roles for the specified app for the role's composite
*
* @param roleName role's name (not id!)
* @param client
@@ -252,7 +251,7 @@ public class RoleContainerResource extends RoleResource {
/**
- * Remove roles from this role's composite
+ * Remove roles from the role's composite
*
* @param roleName role's name (not id!)
* @param roles roles to remove
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java
index c087197..44b355e 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java
@@ -44,7 +44,9 @@ public class ScopeMappedClientResource {
}
/**
- * Get the roles associated with a client's scope for a specific client.
+ * Get the roles associated with a client's scope
+ *
+ * Returns roles for the client.
*
* @return
*/
@@ -63,7 +65,9 @@ public class ScopeMappedClientResource {
}
/**
- * The available client-level roles that can be associated with the client's scope
+ * The available client-level roles
+ *
+ * Returns the roles for the client that can be associated with the client's scope
*
* @return
*/
@@ -79,7 +83,9 @@ public class ScopeMappedClientResource {
}
/**
- * Get effective client roles that are associated with the client's scope for a specific client.
+ * Get effective client roles
+ *
+ * Returns the roles for the client that are associated with the client's scope.
*
* @return
*/
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
index 4075944..2d9b6a2 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
@@ -19,9 +19,7 @@ import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.UriInfo;
import java.util.ArrayList;
import java.util.HashMap;
@@ -51,7 +49,7 @@ public class ScopeMappedResource {
}
/**
- * Get all scope mappings for this client
+ * Get all scope mappings for the client
*
* @return
*/
@@ -94,7 +92,7 @@ public class ScopeMappedResource {
}
/**
- * Get list of realm-level roles associated with this client's scope.
+ * Get realm-level roles associated with the client's scope
*
* @return
*/
@@ -114,7 +112,7 @@ public class ScopeMappedResource {
}
/**
- * Get list of realm-level roles that are available to attach to this client's scope.
+ * Get realm-level roles that are available to attach to this client's scope
*
* @return
*/
@@ -139,7 +137,9 @@ public class ScopeMappedResource {
}
/**
- * Get all effective realm-level roles that are associated with this client's scope. What this does is recurse
+ * Get effective realm-level roles associated with the client's scope
+ *
+ * What this does is recurse
* any composite roles associated with the client's scope and adds the roles to this lists. The method is really
* to show a comprehensive total view of realm-level roles associated with the client.
*
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java
index 228ebbd..8c5851c 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java
@@ -5,7 +5,6 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@@ -18,7 +17,6 @@ import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
@@ -51,7 +49,7 @@ public class UserClientRoleMappingsResource {
}
/**
- * Get client-level role mappings for this user for a specific app
+ * Get client-level role mappings for the user, and the app
*
* @return
*/
@@ -70,7 +68,9 @@ public class UserClientRoleMappingsResource {
}
/**
- * Get effective client-level role mappings. This recurses any composite roles
+ * Get effective client-level role mappings
+ *
+ * This recurses any composite roles
*
* @return
*/
@@ -120,9 +120,9 @@ public class UserClientRoleMappingsResource {
}
/**
- * Add client-level roles to the user role mapping.
+ * Add client-level roles to the user role mapping
*
- * @param roles
+ * @param roles
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@@ -141,7 +141,7 @@ public class UserClientRoleMappingsResource {
}
/**
- * Delete client-level roles from user role mapping.
+ * Delete client-level roles from user role mapping
*
* @param roles
*/
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
index db1e278..6f7bedf 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
@@ -98,7 +98,7 @@ public class UserFederationProviderResource {
}
/**
- * get a provider
+ * Get a provider
*
*/
@GET
@@ -126,7 +126,7 @@ public class UserFederationProviderResource {
}
/**
- * trigger sync of users
+ * Trigger sync of users
*
* @return
*/
@@ -150,7 +150,7 @@ public class UserFederationProviderResource {
}
/**
- * List of available User Federation mapper types
+ * Get available user federation mapper types
*
* @return
*/
@@ -227,7 +227,7 @@ public class UserFederationProviderResource {
}
/**
- * Create mapper
+ * Create a mapper
*
* @param mapper
* @return
@@ -251,9 +251,9 @@ public class UserFederationProviderResource {
}
/**
- * Get mapper
+ * Get a mapper
*
- * @param id mapperId
+ * @param id Mapper id
* @return
*/
@GET
@@ -268,9 +268,9 @@ public class UserFederationProviderResource {
}
/**
- * Update mapper
+ * Update a mapper
*
- * @param id
+ * @param id Mapper id
* @param rep
*/
@PUT
@@ -291,9 +291,9 @@ public class UserFederationProviderResource {
}
/**
- * Delete mapper with given ID
+ * Delete a mapper with a given id
*
- * @param id
+ * @param id Mapper id
*/
@DELETE
@NoCache
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java
index 294e633..8946c36 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java
@@ -8,8 +8,6 @@ import org.keycloak.constants.KerberosConstants;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
-import org.keycloak.models.RequiredCredentialModel;
-import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderFactory;
import org.keycloak.models.UserFederationProviderModel;
@@ -84,7 +82,9 @@ public class UserFederationProvidersResource {
}
/**
- * Get List of available provider factories
+ * Get available provider factories
+ *
+ * Returns a list of available provider factories.
*
* @return
*/
@@ -105,7 +105,7 @@ public class UserFederationProvidersResource {
}
/**
- * Get factory with given ID
+ * Get factory with given id
*
* @return
*/
@@ -159,7 +159,7 @@ public class UserFederationProvidersResource {
}
/**
- * list configured providers
+ * Get configured providers
*
* @return
*/
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index e3e2437..24aa35a 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -118,7 +118,7 @@ public class UsersResource {
/**
* Update the user
*
- * @param id
+ * @param id User id
* @param rep
* @return
*/
@@ -164,7 +164,9 @@ public class UsersResource {
}
/**
- * Create a new user. Must be a unique username!
+ * Create a new user
+ *
+ * Username must be unique.
*
* @param uriInfo
* @param rep
@@ -245,7 +247,7 @@ public class UsersResource {
/**
* Get represenation of the user
*
- * @param id user id
+ * @param id User id
* @return
*/
@Path("{id}")
@@ -274,6 +276,12 @@ public class UsersResource {
return rep;
}
+ /**
+ * Impersonate the user
+ *
+ * @param id User id
+ * @return
+ */
@Path("{id}/impersonation")
@POST
@NoCache
@@ -314,9 +322,9 @@ public class UsersResource {
/**
- * List set of sessions associated with this user.
+ * Get sessions associated with the user
*
- * @param id
+ * @param id User id
* @return
*/
@Path("{id}/sessions")
@@ -339,9 +347,9 @@ public class UsersResource {
}
/**
- * List set of social logins associated with this user.
+ * Get social logins associated with the user
*
- * @param id
+ * @param id User id
* @return
*/
@Path("{id}/federated-identity")
@@ -373,6 +381,14 @@ public class UsersResource {
return result;
}
+ /**
+ * Add a social login provider to the user
+ *
+ * @param id User id
+ * @param provider Social login provider id
+ * @param rep
+ * @return
+ */
@Path("{id}/federated-identity/{provider}")
@POST
@NoCache
@@ -392,6 +408,12 @@ public class UsersResource {
return Response.noContent().build();
}
+ /**
+ * Remove a social login provider from user
+ *
+ * @param id User id
+ * @param provider Social login provider id
+ */
@Path("{id}/federated-identity/{provider}")
@DELETE
@NoCache
@@ -408,9 +430,9 @@ public class UsersResource {
}
/**
- * List set of consents granted by this user.
+ * Get consents granted by the user
*
- * @param id
+ * @param id User id
* @return
*/
@Path("{id}/consents")
@@ -435,10 +457,10 @@ public class UsersResource {
}
/**
- * Revoke consent for particular client
+ * Revoke consent for particular client from user
*
- * @param id
- * @param clientId
+ * @param id User id
+ * @param clientId Client id
*/
@Path("{id}/consents/{client}")
@DELETE
@@ -462,10 +484,11 @@ public class UsersResource {
}
/**
- * Remove all user sessions associated with this user. And, for all client that have an admin URL, tell
- * them to invalidate the sessions for this particular user.
+ * Remove all user sessions associated with the user
+ *
+ * Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.
*
- * @param id user id
+ * @param id User id
*/
@Path("{id}/logout")
@POST
@@ -484,9 +507,9 @@ public class UsersResource {
}
/**
- * delete this user
+ * Delete the user
*
- * @param id user id
+ * @param id User id
*/
@Path("{id}")
@DELETE
@@ -509,13 +532,17 @@ public class UsersResource {
}
/**
- * Query list of users. May pass in query criteria
+ * Get users
*
- * @param search string contained in username, first or last name, or email
+ * Returns a list of users, filtered according to query parameters
+ *
+ * @param search A String contained in username, first or last name, or email
* @param last
* @param first
* @param email
* @param username
+ * @param first Pagination offset
+ * @param maxResults Pagination size
* @return
*/
@GET
@@ -563,9 +590,9 @@ public class UsersResource {
}
/**
- * Get role mappings for this user
+ * Get role mappings for the user
*
- * @param id user id
+ * @param id User id
* @return
*/
@Path("{id}/role-mappings")
@@ -614,9 +641,9 @@ public class UsersResource {
}
/**
- * Get realm-level role mappings for this user
+ * Get realm-level role mappings for the user
*
- * @param id user id
+ * @param id User id
* @return
*/
@Path("{id}/role-mappings/realm")
@@ -640,9 +667,11 @@ public class UsersResource {
}
/**
- * Effective realm-level role mappings for this user. Will recurse all composite roles to get this list.
+ * Get effective realm-level role mappings for the user
+ *
+ * This will recurse all composite roles to get the result.
*
- * @param id user id
+ * @param id User id
* @return
*/
@Path("{id}/role-mappings/realm/composite")
@@ -668,9 +697,9 @@ public class UsersResource {
}
/**
- * Realm-level roles that can be mapped to this user
+ * Get realm-level roles that can be mapped to this user
*
- * @param id
+ * @param id User id
* @return
*/
@Path("{id}/role-mappings/realm/available")
@@ -690,10 +719,10 @@ public class UsersResource {
}
/**
- * Add realm-level role mappings
+ * Add realm-level role mappings to the user
*
- * @param id
- * @param roles
+ * @param id User id
+ * @param roles Roles to add
*/
@Path("{id}/role-mappings/realm")
@POST
@@ -720,7 +749,7 @@ public class UsersResource {
/**
* Delete realm-level role mappings
*
- * @param id user id
+ * @param id User id
* @param roles
*/
@Path("{id}/role-mappings/realm")
@@ -770,12 +799,14 @@ public class UsersResource {
return new UserClientRoleMappingsResource(uriInfo, realm, auth, user, clientModel, adminEvent);
}
+
/**
- * Set up a temporary password for this user. User will have to reset this temporary password when they log
- * in next.
+ * Set up a temporary password for the user
+ *
+ * User will have to reset the temporary password next time they log in.
*
- * @param id
- * @param pass temporary password
+ * @param id User id
+ * @param pass A Temporary password
*/
@Path("{id}/reset-password")
@PUT
@@ -805,9 +836,9 @@ public class UsersResource {
}
/**
+ * Remove TOTP from the user
*
- *
- * @param id
+ * @param id User id
*/
@Path("{id}/remove-totp")
@PUT
@@ -825,13 +856,15 @@ public class UsersResource {
}
/**
- * Send an email to the user with a link they can click to reset their password.
+ * Send a password-reset email to the user
+ *
+ * An email contains a link the user can click to reset their password.
* The redirectUri and clientId parameters are optional. The default for the
* redirect is the account client.
*
- * @param id
- * @param redirectUri redirect uri
- * @param clientId client id
+ * @param id User is
+ * @param redirectUri Redirect uri
+ * @param clientId Client id
* @return
*/
@Path("{id}/execute-actions-email")
@@ -880,13 +913,15 @@ public class UsersResource {
}
/**
- * Send an email to the user with a link they can click to verify their email address.
+ * Send an email-verification email to the user
+ *
+ * An email contains a link the user can click to verify their email address.
* The redirectUri and clientId parameters are optional. The default for the
* redirect is the account client.
*
- * @param id
- * @param redirectUri redirect uri
- * @param clientId client id
+ * @param id User id
+ * @param redirectUri Redirect uri
+ * @param clientId Client id
* @return
*/
@Path("{id}/send-verify-email")
diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
index f95d7d8..9bbfcf5 100755
--- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
+++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
@@ -64,11 +64,7 @@ import org.keycloak.services.validation.Validation;
import org.keycloak.social.SocialIdentityProvider;
import org.keycloak.util.ObjectUtil;
-import javax.ws.rs.GET;
-import javax.ws.rs.OPTIONS;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.QueryParam;
+import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
@@ -130,6 +126,12 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
this.event = new EventBuilder(realmModel, session, clientConnection).event(EventType.IDENTITY_PROVIDER_LOGIN);
}
+ @POST
+ @Path("/{provider_id}/login")
+ public Response performPostLogin(@PathParam("provider_id") String providerId, @QueryParam("code") String code) {
+ return performLogin(providerId, code);
+ }
+
@GET
@Path("/{provider_id}/login")
public Response performLogin(@PathParam("provider_id") String providerId, @QueryParam("code") String code) {
social/core/pom.xml 2(+1 -1)
diff --git a/social/core/pom.xml b/social/core/pom.xml
index 0e3b26c..a467543 100755
--- a/social/core/pom.xml
+++ b/social/core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-social-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
social/facebook/pom.xml 2(+1 -1)
diff --git a/social/facebook/pom.xml b/social/facebook/pom.xml
index 2b8634c..6481705 100755
--- a/social/facebook/pom.xml
+++ b/social/facebook/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-social-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
social/github/pom.xml 2(+1 -1)
diff --git a/social/github/pom.xml b/social/github/pom.xml
index 1284595..50f8f98 100755
--- a/social/github/pom.xml
+++ b/social/github/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-social-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
social/google/pom.xml 2(+1 -1)
diff --git a/social/google/pom.xml b/social/google/pom.xml
index f3680a7..1bc444e 100755
--- a/social/google/pom.xml
+++ b/social/google/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-social-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
social/linkedin/pom.xml 2(+1 -1)
diff --git a/social/linkedin/pom.xml b/social/linkedin/pom.xml
index f7b04c7..cb6617e 100755
--- a/social/linkedin/pom.xml
+++ b/social/linkedin/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-social-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
social/pom.xml 2(+1 -1)
diff --git a/social/pom.xml b/social/pom.xml
index 597a99a..bf61f80 100755
--- a/social/pom.xml
+++ b/social/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
social/stackoverflow/pom.xml 2(+1 -1)
diff --git a/social/stackoverflow/pom.xml b/social/stackoverflow/pom.xml
index b0b4c56..25beb15 100755
--- a/social/stackoverflow/pom.xml
+++ b/social/stackoverflow/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-social-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
social/twitter/pom.xml 2(+1 -1)
diff --git a/social/twitter/pom.xml b/social/twitter/pom.xml
index 0cfb3e0..7e80533 100755
--- a/social/twitter/pom.xml
+++ b/social/twitter/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-social-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
testsuite/docker-cluster/pom.xml 2(+1 -1)
diff --git a/testsuite/docker-cluster/pom.xml b/testsuite/docker-cluster/pom.xml
index 00abb8b..89b0496 100755
--- a/testsuite/docker-cluster/pom.xml
+++ b/testsuite/docker-cluster/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
testsuite/integration/pom.xml 2(+1 -1)
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index 3653fd9..7948e97 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java
index 8b751e0..66d3556 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java
@@ -77,6 +77,6 @@ public class IdentityProviderHintTest {
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
- assertEquals("Could not find an identity provider with the identifier [invalid-idp-id].", this.driver.findElement(By.className("instruction")).getText());
+ assertEquals("Could not find an identity provider with the identifier.", this.driver.findElement(By.className("instruction")).getText());
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java
index 0c35b75..1e2b50a 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java
@@ -1,8 +1,10 @@
package org.keycloak.testsuite.forms;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.ClientAuthenticationFlowContext;
@@ -69,11 +71,6 @@ public class PassThroughClientAuthenticator extends AbstractClientAuthenticator
}
@Override
- public boolean isConfigurablePerClient() {
- return true;
- }
-
- @Override
public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
return REQUIREMENT_CHOICES;
}
@@ -94,6 +91,17 @@ public class PassThroughClientAuthenticator extends AbstractClientAuthenticator
}
@Override
+ public Map<String, Object> getAdapterConfiguration(ClientModel client) {
+ Map<String, Object> props = new HashMap<>();
+ props.put("foo", "some foo value");
+ props.put("bar", true);
+
+ Map<String, Object> config = new HashMap<>();
+ config.put("dummy", props);
+ return config;
+ }
+
+ @Override
public String getId() {
return PROVIDER_ID;
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java
index 558ff39..2f33e43 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java
@@ -7,6 +7,8 @@ import org.junit.runners.MethodSorters;
import org.keycloak.constants.KerberosConstants;
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapperFactory;
+import org.keycloak.models.AuthenticationExecutionModel;
+import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.FederatedIdentityModel;
@@ -23,6 +25,7 @@ import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderFactory;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
@@ -275,6 +278,17 @@ public class ImportTest extends AbstractModelTest {
UserFederationProviderFactory factory = (UserFederationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, "dummy");
Assert.assertNull(factory.getInstance(session, null).getUserByUsername(realm, "wburke"));
+ // Test builtin authentication flows
+ AuthenticationFlowModel clientFlow = realm.getClientAuthenticationFlow();
+ Assert.assertEquals(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW, clientFlow.getAlias());
+ Assert.assertNotNull(realm.getAuthenticationFlowById(clientFlow.getId()));
+ Assert.assertTrue(realm.getAuthenticationExecutions(clientFlow.getId()).size() > 0);
+
+ AuthenticationFlowModel resetFlow = realm.getResetCredentialsFlow();
+ Assert.assertEquals(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW, resetFlow.getAlias());
+ Assert.assertNotNull(realm.getAuthenticationFlowById(resetFlow.getId()));
+ Assert.assertTrue(realm.getAuthenticationExecutions(resetFlow.getId()).size() > 0);
+
// Test protocol mappers. Default application has all the builtin protocol mappers. OtherApp just gss credential
Assert.assertNotNull(application.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "username"));
Assert.assertNotNull(application.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "email"));
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
index 5b71fd5..2363305 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
@@ -49,6 +49,7 @@ import org.keycloak.testsuite.pages.OAuthGrantPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
+import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import java.io.IOException;
@@ -130,10 +131,15 @@ public class OAuthGrantTest {
events.expectCodeToToken(codeId, loginEvent.getSessionId()).client("third-party").assertEvent();
accountAppsPage.open();
+
+ assertEquals(1, driver.findElements(By.id("revoke-third-party")).size());
+
accountAppsPage.revokeGrant("third-party");
events.expect(EventType.REVOKE_GRANT)
.client("account").detail(Details.REVOKED_CLIENT, "third-party").assertEvent();
+
+ assertEquals(0, driver.findElements(By.id("revoke-third-party")).size());
}
@Test
diff --git a/testsuite/integration-arquillian/pom.xml b/testsuite/integration-arquillian/pom.xml
index 6106fd4..2ef2ac3 100644
--- a/testsuite/integration-arquillian/pom.xml
+++ b/testsuite/integration-arquillian/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
testsuite/jetty/jetty81/pom.xml 4(+2 -2)
diff --git a/testsuite/jetty/jetty81/pom.xml b/testsuite/jetty/jetty81/pom.xml
index 840282e..5fd9e6a 100755
--- a/testsuite/jetty/jetty81/pom.xml
+++ b/testsuite/jetty/jetty81/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -12,7 +12,7 @@
<artifactId>keycloak-testsuite-jetty81</artifactId>
<name>Keycloak Jetty 8.1.x Integration TestSuite</name>
<properties>
- <jetty9.version>8.1.16.v20140903</jetty9.version>
+ <jetty9.version>8.1.17.v20150415</jetty9.version>
</properties>
<description />
testsuite/jetty/jetty91/pom.xml 2(+1 -1)
diff --git a/testsuite/jetty/jetty91/pom.xml b/testsuite/jetty/jetty91/pom.xml
index fea7a82..7815e73 100755
--- a/testsuite/jetty/jetty91/pom.xml
+++ b/testsuite/jetty/jetty91/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
testsuite/jetty/jetty92/pom.xml 2(+1 -1)
diff --git a/testsuite/jetty/jetty92/pom.xml b/testsuite/jetty/jetty92/pom.xml
index 0afd207..09eaec7 100755
--- a/testsuite/jetty/jetty92/pom.xml
+++ b/testsuite/jetty/jetty92/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
testsuite/performance/pom.xml 2(+1 -1)
diff --git a/testsuite/performance/pom.xml b/testsuite/performance/pom.xml
index d853d38..f553ab7 100755
--- a/testsuite/performance/pom.xml
+++ b/testsuite/performance/pom.xml
@@ -5,7 +5,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
testsuite/pom.xml 2(+1 -1)
diff --git a/testsuite/pom.xml b/testsuite/pom.xml
index c25fd4f..beae79e 100755
--- a/testsuite/pom.xml
+++ b/testsuite/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
testsuite/proxy/pom.xml 2(+1 -1)
diff --git a/testsuite/proxy/pom.xml b/testsuite/proxy/pom.xml
index d195398..28c418a 100755
--- a/testsuite/proxy/pom.xml
+++ b/testsuite/proxy/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
testsuite/tomcat6/pom.xml 2(+1 -1)
diff --git a/testsuite/tomcat6/pom.xml b/testsuite/tomcat6/pom.xml
index 92a4953..0597e7d 100755
--- a/testsuite/tomcat6/pom.xml
+++ b/testsuite/tomcat6/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
testsuite/tomcat7/pom.xml 2(+1 -1)
diff --git a/testsuite/tomcat7/pom.xml b/testsuite/tomcat7/pom.xml
index f9dc4f3..b8a44e3 100755
--- a/testsuite/tomcat7/pom.xml
+++ b/testsuite/tomcat7/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
testsuite/tomcat8/pom.xml 2(+1 -1)
diff --git a/testsuite/tomcat8/pom.xml b/testsuite/tomcat8/pom.xml
index 30cbf0d..4862aeb 100755
--- a/testsuite/tomcat8/pom.xml
+++ b/testsuite/tomcat8/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
timer/api/pom.xml 2(+1 -1)
diff --git a/timer/api/pom.xml b/timer/api/pom.xml
index 333aa8b..97eda67 100755
--- a/timer/api/pom.xml
+++ b/timer/api/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-timer-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
timer/basic/pom.xml 2(+1 -1)
diff --git a/timer/basic/pom.xml b/timer/basic/pom.xml
index 31fa870..77b8d8f 100755
--- a/timer/basic/pom.xml
+++ b/timer/basic/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-timer-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
timer/pom.xml 2(+1 -1)
diff --git a/timer/pom.xml b/timer/pom.xml
index 435869b..002bb05 100755
--- a/timer/pom.xml
+++ b/timer/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
util/embedded-ldap/pom.xml 2(+1 -1)
diff --git a/util/embedded-ldap/pom.xml b/util/embedded-ldap/pom.xml
index f93a8c8..d4cd597 100644
--- a/util/embedded-ldap/pom.xml
+++ b/util/embedded-ldap/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/KerberosKeytabCreator.java b/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/KerberosKeytabCreator.java
index 8863e7c..72c90c0 100644
--- a/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/KerberosKeytabCreator.java
+++ b/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/KerberosKeytabCreator.java
@@ -35,7 +35,7 @@ public class KerberosKeytabCreator {
System.out.println("-------------------------");
System.out.println("Arguments missing or invalid. Required arguments are: <principalName> <passPhrase> <outputKeytabFile>");
System.out.println("Example of usage:");
- System.out.println("java -jar embedded-ldap/target/embedded-ldap.jar keytabCreator HTTP/localhost@KEYCLOAK.ORG httppassword /tmp/http.keytab");
+ System.out.println("java -jar embedded-ldap/target/embedded-ldap.jar keytabCreator HTTP/localhost@KEYCLOAK.ORG httppassword http.keytab");
} else {
final File keytabFile = new File(args[2]);
createKeytab(args[0], args[1], keytabFile);
util/pom.xml 2(+1 -1)
diff --git a/util/pom.xml b/util/pom.xml
index d25bd9d..a514c72 100644
--- a/util/pom.xml
+++ b/util/pom.xml
@@ -3,7 +3,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.5.0.Final-SNAPSHOT</version>
+ <version>1.6.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>