inteligr8/alfresco-keycloak
1
0
Fork 0
mirror of https://github.com/bmlong137/alfresco-keycloak.git synced 2025-05-12 21:24:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
62 Commits 7 Branches 7 Tags
Commit Graph

62 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
AFaust
d4d14e9b0f WIP documentation 2021-04-12 20:59:20 +02:00
AFaust
abf49db783 Prepare release r010100-rc6 2021-03-10 20:00:02 +01:00
AFaust
9477071729 Update actual user object, not just session attribute 2021-02-01 19:09:26 +01:00
AFaust
35d07b1616 Extend utility flexible authenticator with access token awareness 2021-01-17 23:20:29 +01:00
AFaust
f9e16e0ef4 Service to obtain tokens for integrations 2021-01-09 16:29:28 +01:00
AFaust
89d8ecc5dc Add inverse mapping / check 2021-01-08 14:36:25 +01:00
AFaust
ea2a2ee43a Add reasonable default timeouts 
- KeycloakDeployment.resolveUrls() blocks otherwise e.g. if realm is
  misconfigured
 2021-01-02 19:21:04 +01:00
AFaust
6f9578ca63 Deal with spurious Share errors in last RC 2020-11-30 19:33:34 +01:00
AFaust
a3e3d9cac9 Release preparation r010100-rc5 2020-11-26 17:51:34 +01:00
AFaust
0dfdc28c50 Further refinement of request context handling 2020-11-04 09:59:17 +01:00
AFaust
f7d78a7a02 Consolidate request context handling 2020-10-30 20:38:29 +01:00
AFaust
45721fcb53 Consolidate projects / shaded dependencies 2020-10-30 13:31:06 +01:00
AFaust
4ad55b7a77 Subsystem documentation / consistency fixes 2020-10-21 19:04:26 +02:00
AFaust
a31309296a Adapter documentation / fix confidential port 2020-10-20 23:34:54 +02:00
AFaust
f34b6eed2d Start proper documentation 2020-10-19 22:28:21 +02:00
AFaust
74f79afa8a Add suport for user name correction in Share 
- effectively support login by alternative identity attributes, e.g.
  Keycloak login by email
 2020-09-04 21:39:34 +02:00
AFaust
96746690b3 Update version for next dev iteration + update Keycloak / deps 2020-09-04 21:39:15 +02:00
AFaust
608ca62af6 Prepare RC release r010100-rc4 2020-09-01 17:21:27 +02:00
AFaust
c157daf3dd Further improvements of context handling 
- RequestAttributes init conflicted with some Surf / Alfresco code which
  partially re-initialises request context, skipping user details if
  request attributes contains request (ServletUtil.getRequest())
- consolidate request context handling in doFilter to remove lower-level
  handling in various contexts
 2020-07-30 01:02:04 +02:00
AFaust
5ce816e3ee Further fixes for inconsistent ACS / Share auth integration 2020-07-28 02:53:39 +02:00
AFaust
f894d79c2e Share backend token handling + NPE fix 2020-07-25 00:29:57 +02:00
AFaust
65f2804734 Update for next RC release r010100-rc3 2020-07-08 12:29:14 +02:00
AFaust
169b1ddb15 Automatic Share Keycloak reauth on session expiration; correct logout handling 2020-07-06 01:57:03 +02:00
AFaust
8c53046cb1 Handle corner cases (e.g. XHR after session timeout) 2020-06-22 12:49:39 +02:00
AFaust
4ca4c66998 RC release for pilot customer deployment r010100-rc2 2020-06-09 20:00:51 +02:00
AFaust
6e6e21dbf8 Don't override old user groups if refresh fails 2020-06-09 19:49:49 +02:00
AFaust
6298c898e2 Ensure parameter value is not directly written to response 2020-06-05 16:48:17 +02:00
AFaust
7ee498154c Minor Keycloak dependency update 2020-06-05 16:42:10 +02:00
AFaust
1287137cad Login redirect on authentication failure if possible 2020-06-05 16:41:36 +02:00
AFaust
4096f741a5 Revise Share token exchange handling 
- retry if refresh of exchanged token yields invalid token (wrong
  audience - known case of apparently incorrect Keycloak behaviour)
- use custom header instead of redirect patch to have Repository tier not
  redirect to Keycloak login page on unauthenticated access from Share
- activate audience verification which is inactive with Keycloak class
  defaults
 2020-06-05 14:52:18 +02:00
AFaust
399419068f Update Acosix dependencies; fix use of deprecated API 2020-06-05 14:52:07 +02:00
AFaust
30a87ac620 Generate source JARs for shaded dependencies 2020-06-05 14:34:30 +02:00
AFaust
ad82e9dbe0 Update Keycloak version; fix minor issues / ensure minimal plugins enabled 
- despite not yet having any integration tests, Repository-tier Docker
  startup needed fixing due to missing Acosix Utility dependency
 2020-05-10 15:48:07 +02:00
AFaust
3c71bf6df1 Remove aggressive default for direct auth server access 2020-05-10 15:06:35 +02:00
AFaust
3f2b3511da Fix typo in web-fragment 2020-05-10 15:05:54 +02:00
AFaust
53e05606b9 Re-add snapshot for development until next rc 2020-05-10 15:05:35 +02:00
AFaust
390ca566a3 Translate input to preferred user name 2020-05-10 15:04:57 +02:00
AFaust
d10ff3ddd5 Release candidate r010100-rc 2020-03-08 20:59:47 +01:00
AFaust
be6e807f66 Fix imports 2020-03-08 20:59:02 +01:00
AFaust
9e8d709399 Support role exclusion patterns; default excl. on tech. roles 2020-03-08 20:13:57 +01:00
AFaust
f8bdd8ce43 Custom Bearer handling in Share 2020-03-08 20:12:32 +01:00
AFaust
0deb5ee8a8 Improved handling of no-auth web script call in pre-authed session 2020-02-24 23:34:46 +01:00
AFaust
2423d365f9 Basic handling; configurable public API coverage + original URL header 2020-02-21 23:39:31 +01:00
AFaust
94b1253f56 Enhance authority display name 2020-02-20 19:11:38 +01:00
AFaust
d5cfe4a131 Deal with Public v1 ReST API auth 2020-02-20 19:11:20 +01:00
AFaust
55184fe219 Minor ticket refresh / role permission improvements 2020-02-20 01:52:34 +01:00
AFaust
5e7e439e19 Ensure request context is always set 2020-02-18 01:34:06 +01:00
AFaust
8037689598 More flexible 'freshLogin' handling on Bearer token 2020-02-18 01:33:34 +01:00
AFaust
0fa088f49d Avoid infinite recursion due proxy bean inheritance 2020-02-17 23:56:33 +01:00
AFaust
b926431d68 Fix token handling due web script remote re-auth 
- RemoteUserAuthenticator may re-run KeycloakRemoteUserMapper for Bearer
  authentication
- RemoteUserAuthenticator simply re-sets current user without running
  through regular ticket validation hoops (which we already covered)
- need authentication listener to hook into triggered event for
  re-processing access token
- this adds hard-dependency to full acosix-utility module, which is
  extremely unfortunate - TODO: Move authenticator listener patch
  (enabling multiple listeners) into utility core, since it can be
  reasonably considered a non-invasive, baseline patch (does not alter
  core behaviours) relevant for potentially multiple extensions, which
  should not necessitate dependency on full utility module with its
  accompanying set of (more or less) invasive patches
 2020-02-17 10:43:45 +01:00