Merge remote-tracking branch 'upstream/master'

keycloak · Oct 16, 2015 · 41a51d9 · 41a51d9
2 parents ce996f6 + a6556a4
commit 41a51d9
Show file tree

Hide file tree

Showing 105 changed files with 1,529 additions and 408 deletions.
diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
@@ -228,7 +228,7 @@ public Response export(UriInfo uriInfo, RealmModel realm, String format) {
 
 
         String descriptor =
-                "<EntityDescriptor entityID=\"" + getEntityId(uriInfo, realm) + "\">\n" +
+                "<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"" + getEntityId(uriInfo, realm) + "\">\n" +
                 "    <SPSSODescriptor AuthnRequestsSigned=\"" + getConfig().isWantAuthnRequestsSigned() + "\"\n" +
                 "            protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext\">\n" +
                 "        <NameIDFormat>" + getConfig().getNameIDPolicyFormat() + "\n" +

diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml
@@ -2,6 +2,13 @@
 <databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
     <changeSet author="mposolda@redhat.com" id="1.6.0">
 
+        <addColumn tableName="REALM">
+            <column name="OFFLINE_SESSION_IDLE_TIMEOUT" type="INT"/>
+            <column name="REVOKE_REFRESH_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
+        </addColumn>
+
         <addColumn tableName="KEYCLOAK_ROLE">
             <column name="SCOPE_PARAM_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
                 <constraints nullable="false"/>
@@ -43,16 +50,11 @@
             <column name="OFFLINE" type="BOOLEAN" defaultValueBoolean="false">
                 <constraints nullable="false"/>
             </column>
+            <column name="TIMESTAMP" type="INT"/>
             <column name="DATA" type="CLOB"/>
         </createTable>
 
         <addPrimaryKey columnNames="USER_SESSION_ID, OFFLINE" constraintName="CONSTRAINT_OFFLINE_US_SES_PK" tableName="OFFLINE_USER_SESSION"/>
         <addPrimaryKey columnNames="CLIENT_SESSION_ID, OFFLINE" constraintName="CONSTRAINT_OFFLINE_CL_SES_PK" tableName="OFFLINE_CLIENT_SESSION"/>
-
-        <addColumn tableName="REALM">
-            <column name="REVOKE_REFRESH_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
-                <constraints nullable="false"/>
-            </column>
-        </addColumn>
     </changeSet>
 </databaseChangeLog>
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -14,6 +14,7 @@ public class RealmRepresentation {
     protected Integer accessTokenLifespan;
     protected Integer ssoSessionIdleTimeout;
     protected Integer ssoSessionMaxLifespan;
+    protected Integer offlineSessionIdleTimeout;
     protected Integer accessCodeLifespan;
     protected Integer accessCodeLifespanUserAction;
     protected Integer accessCodeLifespanLogin;
@@ -199,6 +200,14 @@ public void setSsoSessionMaxLifespan(Integer ssoSessionMaxLifespan) {
         this.ssoSessionMaxLifespan = ssoSessionMaxLifespan;
     }
 
+    public Integer getOfflineSessionIdleTimeout() {
+        return offlineSessionIdleTimeout;
+    }
+
+    public void setOfflineSessionIdleTimeout(Integer offlineSessionIdleTimeout) {
+        this.offlineSessionIdleTimeout = offlineSessionIdleTimeout;
+    }
+
     public List<ScopeMappingRepresentation> getScopeMappings() {
         return scopeMappings;
     }
@@ -620,10 +629,14 @@ public void setInternationalizationEnabled(Boolean internationalizationEnabled)
     }
 
     public Set<String> getSupportedLocales() {
+        return supportedLocales;
+    }
+
+    public void addSupportedLocales(String locale) {
         if(supportedLocales == null){
-            supportedLocales = new HashSet<String>();
+            supportedLocales = new HashSet<>();
         }
-        return supportedLocales;
+        supportedLocales.add(locale);
     }
 
     public void setSupportedLocales(Set<String> supportedLocales) {

diff --git a/...ver-feature-pack/src/main/resources/content/standalone/configuration/keycloak-server.json b/...ver-feature-pack/src/main/resources/content/standalone/configuration/keycloak-server.json
@@ -59,7 +59,7 @@
 
     "connectionsInfinispan": {
         "default" : {
-            "cacheContainer" : "java:jboss/infinispan/Keycloak"
+            "cacheContainer" : "java:comp/env/infinispan/Keycloak"
         }
     }
 }
diff --git a/...ules/system/layers/base/org/keycloak/keycloak-server-subsystem/infinispan/main/module.xml b/...ules/system/layers/base/org/keycloak/keycloak-server-subsystem/infinispan/main/module.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2014, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server-subsystem.infinispan">
+
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+
+    <dependencies>
+        <module name="org.infinispan" export="true"/>
+    </dependencies>
+</module>
diff --git a/...keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml b/...keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml
@@ -54,6 +54,9 @@
             <module name="org.jboss.resteasy.resteasy-jaxrs"/>
 
             <module name="org.jboss.msc"/>
+
+            <!-- suppress unsupported dependency 'org.infinispan:main' warning -->
+            <module name="org.keycloak.keycloak-server-subsystem.infinispan"/>
         </dependencies>
         <exclusions>
             <module name="org.jboss.resteasy.resteasy-jackson2-provider"/>

diff --git a/...system/layers/base/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/web.xml b/...system/layers/base/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/web.xml
@@ -39,4 +39,10 @@
         <servlet-name>Keycloak REST Interface</servlet-name>
         <url-pattern>/*</url-pattern>
     </servlet-mapping>
+
+    <resource-env-ref>
+        <resource-env-ref-name>infinispan/Keycloak</resource-env-ref-name>
+        <resource-env-ref-type>org.infinispan.manager.EmbeddedCacheManager</resource-env-ref-type>
+        <lookup-name>java:jboss/infinispan/Keycloak</lookup-name>
+    </resource-env-ref>
 </web-app>
diff --git a/distribution/server-overlay/eap6/eap6-server-modules/build.xml b/distribution/server-overlay/eap6/eap6-server-modules/build.xml
@@ -290,6 +290,8 @@
 
         <module-def name="org.keycloak.keycloak-server-subsystem"/>
 
+        <module-def name="org.keycloak.keycloak-server-subsystem.infinispan"/>
+
         <module-def name="org.keycloak.keycloak-wildfly-extensions">
             <maven-resource group="org.keycloak" artifact="keycloak-wildfly-extensions"/>
         </module-def>

diff --git a/...loak/keycloak-as7-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml b/...loak/keycloak-as7-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml
@@ -54,6 +54,9 @@
             <module name="org.jboss.resteasy.resteasy-jaxrs"/>
 
             <module name="org.jboss.msc"/>
+
+            <!-- suppress unsupported dependency 'org.infinispan:main' warning -->
+            <module name="org.keycloak.keycloak-server-subsystem.infinispan"/>
         </dependencies>
         <exclusions>
             <module name="org.jboss.resteasy.resteasy-jackson2-provider"/>

diff --git a/...ources/modules/org/keycloak/keycloak-as7-server-subsystem/main/server-war/WEB-INF/web.xml b/...ources/modules/org/keycloak/keycloak-as7-server-subsystem/main/server-war/WEB-INF/web.xml
@@ -39,4 +39,10 @@
         <servlet-name>Keycloak REST Interface</servlet-name>
         <url-pattern>/*</url-pattern>
     </servlet-mapping>
+
+    <resource-env-ref>
+        <resource-env-ref-name>infinispan/Keycloak</resource-env-ref-name>
+        <resource-env-ref-type>org.infinispan.manager.EmbeddedCacheManager</resource-env-ref-type>
+        <lookup-name>java:jboss/infinispan/Keycloak</lookup-name>
+    </resource-env-ref>
 </web-app>
diff --git a/.../main/resources/modules/org/keycloak/keycloak-server-subsystem/infinispan/main/module.xml b/.../main/resources/modules/org/keycloak/keycloak-server-subsystem/infinispan/main/module.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2014, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server-subsystem.infinispan">
+
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+
+    <dependencies>
+        <module name="org.infinispan" export="true"/>
+    </dependencies>
+</module>
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml b/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
@@ -20,13 +20,13 @@
                 <include>**/**</include>
             </includes>
         </fileSet>
-        <!--<fileSet>
+        <fileSet>
             <directory>cli</directory>
             <includes>
                 <include>*.cli</include>
             </includes>
             <outputDirectory>bin</outputDirectory>
-        </fileSet>-->
+        </fileSet>
     </fileSets>
 
     <files>

diff --git a/...erver-overlay/cli/keycloak-prepare-ha.cli → ...erver-overlay/cli/keycloak-install-ha.cli b/...erver-overlay/cli/keycloak-prepare-ha.cli → ...erver-overlay/cli/keycloak-install-ha.cli
@@ -5,4 +5,7 @@
 /subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms:add(mode="SYNC")
 /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users:add(mode="SYNC")
 /subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:add(mode="SYNC",owners="1")
-/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:add(mode="SYNC",owners="1")
+/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:add(mode="SYNC",owners="1")
+/extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
+/subsystem=keycloak-server:add(web-context=auth)
+:shutdown(restart=true)
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/cli/keycloak-install.cli b/distribution/server-overlay/eap6/eap6-server-overlay/cli/keycloak-install.cli
@@ -1,2 +1,10 @@
+/subsystem=datasources/data-source=KeycloakDS/:add(connection-url="jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE",driver-name=h2,jndi-name=java:jboss/datasources/KeycloakDS,password=sa,user-name=sa,use-java-context=true,enabled=true)
+/subsystem=logging/logger=org.jboss.resteasy.resteasy_jaxrs.i18n/:add(level=ERROR)
+/subsystem=infinispan/cache-container=keycloak:add(jndi-name="infinispan/Keycloak",start="EAGER")
+/subsystem=infinispan/cache-container=keycloak/local-cache=realms:add()
+/subsystem=infinispan/cache-container=keycloak/local-cache=users:add()
+/subsystem=infinispan/cache-container=keycloak/local-cache=sessions:add()
+/subsystem=infinispan/cache-container=keycloak/local-cache=loginFailures:add()
 /extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
-/subsystem=keycloak-server:add(web-context=auth)
+/subsystem=keycloak-server:add(web-context=auth)
+:shutdown(restart=true)
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/cli/keycloak-prepare.cli b/distribution/server-overlay/eap6/eap6-server-overlay/cli/keycloak-prepare.cli
diff --git a/distribution/server-overlay/wf9-server-overlay/assembly.xml b/distribution/server-overlay/wf9-server-overlay/assembly.xml
@@ -47,13 +47,13 @@
             </includes>
             <outputDirectory></outputDirectory>
         </fileSet>
-        <!--<fileSet>
+        <fileSet>
             <directory>cli</directory>
             <includes>
                 <include>*.cli</include>
             </includes>
             <outputDirectory>bin</outputDirectory>
-        </fileSet>-->
+        </fileSet>
     </fileSets>
 
     <files>

diff --git a/...erver-overlay/cli/keycloak-prepare-ha.cli → ...erver-overlay/cli/keycloak-install-ha.cli b/...erver-overlay/cli/keycloak-prepare-ha.cli → ...erver-overlay/cli/keycloak-install-ha.cli
@@ -4,4 +4,7 @@
 /subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms:add(mode="SYNC")
 /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users:add(mode="SYNC")
 /subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:add(mode="SYNC",owners="1")
-/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:add(mode="SYNC",owners="1")
+/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:add(mode="SYNC",owners="1")
+/extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
+/subsystem=keycloak-server:add(web-context=auth)
+:shutdown(restart=true)
diff --git a/distribution/server-overlay/wf9-server-overlay/cli/keycloak-install.cli b/distribution/server-overlay/wf9-server-overlay/cli/keycloak-install.cli
@@ -1,2 +1,8 @@
+/subsystem=datasources/data-source=KeycloakDS/:add(connection-url="jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE",driver-name=h2,jndi-name=java:jboss/datasources/KeycloakDS,password=sa,user-name=sa,use-java-context=true)
+/subsystem=infinispan/cache-container=keycloak:add(jndi-name="infinispan/Keycloak")
+/subsystem=infinispan/cache-container=keycloak/local-cache=realms:add()
+/subsystem=infinispan/cache-container=keycloak/local-cache=users:add()
+/subsystem=infinispan/cache-container=keycloak/local-cache=sessions:add()
+/subsystem=infinispan/cache-container=keycloak/local-cache=loginFailures:add()
 /extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
 /subsystem=keycloak-server:add(web-context=auth)
diff --git a/distribution/server-overlay/wf9-server-overlay/cli/keycloak-prepare.cli b/distribution/server-overlay/wf9-server-overlay/cli/keycloak-prepare.cli
diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/server-installation.xml b/docbook/auth-server-docs/reference/en/en-US/modules/server-installation.xml
@@ -43,7 +43,7 @@
 
 
         <section id="overlay_install">
-            <title>Install on existing WildFly 9.0.0.Final</title>
+            <title>Install on existing WildFly 9.0.1.Final</title>
             <para>
                 Keycloak can be installed into an existing WildFly 9.0.0.Final server. To do this download
                 <literal>keycloak-overlay-&project.version;.zip</literal> or <literal>keycloak-overlay-&project.version;.tar.gz</literal>.
@@ -59,22 +59,23 @@
                 (username: <emphasis>admin</emphasis> and password: <emphasis>admin</emphasis>). Keycloak will then prompt you to
                 enter in a new password.
             </para>
-            <!--<para>-->
-                <!--To add Keycloak to other sever configurations (standalone.xml, standalone-ha.xml, etc.) start the server with-->
-                <!--the desired server-config. If you are running the server in standalone mode run:-->
-                <!--<programlisting>&lt;WILDFLY_HOME&gt;/bin/jboss-cli.sh -c &#45;&#45;file=keycloak-prepare.cli</programlisting>-->
-                <!--Or if you are running in clustering (HA) mode run:-->
-                <!--<programlisting>&lt;WILDFLY_HOME&gt;/bin/jboss-cli.sh -c &#45;&#45;file=keycloak-prepare-ha.cli</programlisting>-->
-                <!--After that you need to restart the server, you can do this with:-->
-                <!--<programlisting>&lt;WILDFLY_HOME&gt;/bin/jboss-cli.sh -c :reload</programlisting>-->
-                <!--Finally you need to run:-->
-                <!--<programlisting>&lt;WILDFLY_HOME&gt;/bin/jboss-cli.sh -c &#45;&#45;file=keycloak-install.cli</programlisting>-->
-            <!--</para>-->
+            <para>
+                To add Keycloak to other sever configurations (standalone.xml, standalone-ha.xml, etc.) start the server with
+                the desired server-config. If you are running the server in standalone mode run:
+                <programlisting>cd &lt;WILDFLY_HOME&gt;/bin
+                    ./jboss-cli.sh -c --file=keycloak-install.cli</programlisting>
+                Or if you are running in clustering (HA) mode (by having used -c standalone-ha.xml) then run:
+                <programlisting>cd &lt;WILDFLY_HOME&gt;/bin
+                    ./jboss-cli.sh -c --file=keycloak-install-ha.cli</programlisting>
+                You may see exceptions in the server log, but after restarting the server they should be gone.
+                You can restart the server with:
+                <programlisting>&lt;WILDFLY_HOME&gt;/bin/jboss-cli.sh -c :reload</programlisting>
+            </para>
         </section>
         <section>
             <title>Install on existing JBoss EAP 6.4.0.GA</title>
             <para>
-                Same procedure as WildFly 9.0.0.Final, but download <literal>keycloak-overlay-eap6-&project.version;.zip</literal> or <literal>keycloak-overlay-eap6-&project.version;.tar.gz</literal>.
+                Same procedure as WildFly 9.0.1.Final, but download <literal>keycloak-overlay-eap6-&project.version;.zip</literal> or <literal>keycloak-overlay-eap6-&project.version;.tar.gz</literal>.
             </para>
         </section>
         <section>

diff --git a/...s/common-themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/...s/common-themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
@@ -76,6 +76,8 @@ days=Days
 sso-session-max=SSO Session Max
 sso-session-idle.tooltip=Time a session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired.
 sso-session-max.tooltip=Max time before a session is expired. Tokens and browser sessions are invalidated when a session is expired.
+offline-session-idle=Offline Session Idle
+offline-session-idle.tooltip=Time an offline session is allowed to be idle before it expires. You need to use offline token to refresh at least once within this period, otherwise offline session will expire.
 access-token-lifespan=Access Token Lifespan
 access-token-lifespan.tooltip=Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout.
 client-login-timeout=Client login timeout
@@ -336,6 +338,8 @@ offline-tokens.tooltip=Total number of offline tokens for this client.
 show-offline-tokens=Show Offline Tokens
 show-offline-tokens.tooltip=Warning, this is a potentially expensive operation depending on number of offline tokens.
 token-issued=Token Issued
+last-access=Last Access
+last-refresh=Last Refresh
 key-export=Key Export
 key-import=Key Import
 export-saml-key=Export SAML Key

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
@@ -498,6 +498,24 @@ module.config([ '$routeProvider', function($routeProvider) {
             },
             controller : 'UserConsentsCtrl'
         })
+        .when('/realms/:realm/users/:user/offline-sessions/:client', {
+            templateUrl : resourceUrl + '/partials/user-offline-sessions.html',
+            resolve : {
+                realm : function(RealmLoader) {
+                    return RealmLoader();
+                },
+                user : function(UserLoader) {
+                    return UserLoader();
+                },
+                client : function(ClientLoader) {
+                    return ClientLoader();
+                },
+                offlineSessions : function(UserOfflineSessionsLoader) {
+                    return UserOfflineSessionsLoader();
+                }
+            },
+            controller : 'UserOfflineSessionsCtrl'
+        })
         .when('/realms/:realm/users', {
             templateUrl : resourceUrl + '/partials/user-list.html',
             resolve : {