Stefan Guilhen
8581886944
Add validation for role and time policies
...
Closes #28978
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-21 15:51:38 -03:00
Pedro Igor
b76f4f9c1b
Avoid iterating over user policies when removing users
...
Closes #19358
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-15 15:01:40 +02:00
mposolda
b95d12a968
Add AuthzClientCryptoProvider to authz-client in keycloak main repository
...
closes #33831
Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-15 08:16:14 +02:00
rmartinc
c532751ff4
Downgrade Java for client libraries to 8
...
Closes #33051
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-20 17:01:01 +02:00
mposolda
4b95b42590
Avoid releasing keycloak-authz-client-test artifact to maven repositories
...
closes #31653
Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-05 11:57:08 +02:00
mposolda
cd947ce3bc
Removing policy-enforcer from Keycloak repository
...
closes #32191
Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-28 07:40:20 -03:00
mposolda
54a538b3ad
Update RolePolicyRepresentation fields from 'boolean' to 'Boolean'
...
closes #32117
Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-14 13:11:06 +02:00
Krishna Kumar
fc80cc75fe
Make createPatSupplier private to public
...
Closes #29986
Signed-off-by: Krishna Kumar <krishnachaurasia1998@gmail.com>
2024-07-23 11:11:42 +00:00
Diego Ramp
ae74d923d2
fix bad debugv({}) in favor of more tolerant debugf(%s)
...
Closes #31368
Signed-off-by: Diego Ramp <diego.ramp@mobi.ch>
2024-07-18 10:34:32 +02:00
mposolda
06f6173c8a
Add suffix to keycloak-authz-client artifact in keycloak repository
...
closes #30926
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-17 14:59:09 +02:00
mposolda
5526976d1c
Add suffix to keycloak-policy-enforcer artifacts in keycloak repository
...
closes #30927
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-17 12:03:23 +02:00
Pedro Igor
cbf7f208fb
Avoid iterating and updating all group policies when removing groups ( #31057 )
...
Closes #31056
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-08 13:57:20 +02:00
Romain LABAT
6615691c63
Support for service accounts when fetch roles is enabled ( #30687 )
...
Support for service accounts when fetch roles is enabled
Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-25 18:00:26 -03:00
Douglas Palmer
5af3001122
Check if OSGI metadata can be removed entirely
...
Closes #29104
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-25 14:12:33 +02:00
Stefan Guilhen
52c9e440d6
Guard against NPE when fetching users associated with user policies.
...
Closes #28915
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:52:25 -03:00
Douglas Palmer
00bd6224fa
Remove remaining Fuse adapter bits
...
Closes #28787
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-06 09:02:26 +02:00
Steven Hawkins
9486432f3f
fix: removing httpclient override ( #28304 )
...
we need to have a dependency on commons-logging-jboss-logging
closes : #21392
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-23 10:09:06 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Pedro Igor
8e48bac278
Ordering the group and role ids in the policy representation
...
Closes #28824
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-22 20:28:47 +02:00
Pedro Igor
4ec9fea8f7
Adding tests
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 08:04:17 -03:00
EnneS
365a3feafa
Remove deleted roles from policy on update
...
Closes #26915
Signed-off-by: EnneS <nathan.soulier26@gmail.com>
2024-04-03 08:04:17 -03:00
Clemens Zagler
b44252fde9
authz/client: Fix getPermissions returning wrong type
...
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this
Closes #16520
Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Pedro Igor
d12711e858
Allow fetching roles when evaluating role licies
...
Closes #20736
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Clemens Zagler
dca50bba3f
Authz-client: fix ClassCast Exception when getting resource permissions
...
(#27483 )
Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-03-04 22:19:36 +09:00
Steven Hawkins
402c7d9b18
Removing version overrides and further aligning with quarkus versions ( #26788 )
...
* elevating wildfly-elytron-http-oidc version management
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing testing dependency overrides
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* further version aligment with quarkus
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding a resteay-core-spi that can be overriden
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing hamcrest override
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* aligning with 3.7.1
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-07 17:57:23 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces ( #26708 )
...
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
remi
b22efeec78
Add a toggle to use context attributes on the regex policy provider
...
Signed-off-by: remi <remi.tuveri@gmail.com>
2024-01-10 16:15:25 -03:00
Douglas Palmer
58d167fe59
Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
...
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alice W
cf19c06341
Add logging to the policy providers for general debugging purposes
...
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-01-05 11:56:00 -03:00
Alice
69497382d8
Group scalability upgrades ( #22700 )
...
closes #22372
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Emilien Bondu
95a45f0910
Set headers before calling sendError() method
...
Closes #23325
2023-09-18 13:05:12 -03:00
Peter Zaoral
2b1c29a6f2
Use Quarkus Platform BOM
...
Closes #20570
Closes #15870
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2023-07-06 12:45:48 -03:00
Yoshiyuki Tabata
bd37875a66
allow specifying format of "permission" parameter in the UMA grant token
...
endpoint (#15947 )
2023-05-29 08:56:39 -03:00
mposolda
1f5d3223ae
Memory leak with PathCache.cache growing due the map was not synchronized
...
closes #19096
2023-05-24 08:16:58 -03:00
Pedro Igor
2cd82b9861
Exposing the authz client
2023-05-05 10:18:55 -03:00
Pedro Igor
79cd47a280
Built-in support for Jakarta Servlet
2023-04-28 08:26:58 +02:00
Hynek Mlnarik
0ddc71d987
Properly encode id in URL
...
Closes : #19816
2023-04-19 15:10:04 -03:00
Pedro Igor
409e1c3581
Policy Enforcer built-in support for Elytron and Jakarta
...
Closes #19540
2023-04-05 17:03:15 +02:00
Pedro Igor
a30b6842a6
Decouple the policy enforcer from adapters and provide a separate library
...
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version ( #17334 )
...
* Use a valid SemVer format for the SNAPSHOT version
* Update pom.xml
* Update pom.xml
---------
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Pedro Igor
712656765e
Authz client not updated with the way of encoding the basic header
...
Closes #15086
2022-10-24 08:45:30 +02:00
Pedro Igor
a0079b516b
Allow setting response mode ( #14104 )
...
Closes #14083
2022-09-09 14:28:47 +02:00
yaokai2
0c654fa53b
Add java logging for auth server response.
...
Closes #13557
2022-08-30 10:12:26 -03:00
yaokai2
df1384f2c6
Revert "Print response from http call to keycloak server"
...
This reverts commit a4cb23ac92ad95c3d06586b1c6ed7f4ccdef165e.
2022-08-30 10:12:26 -03:00
yaokai2
fb57d1972f
Print response from http call to keycloak server
...
Closes #13557
2022-08-30 10:12:26 -03:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist ( #12797 )
...
Closes #12657
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-08-25 13:52:30 +02:00
Pedro Igor
eda33a0b21
Concurrency issue when caching JS policies
...
Closes #12204
2022-08-17 16:30:32 -03:00
Pedro Igor
3d2c3fbc6a
Support JSON objects when evaluating claims in regex policy
...
Closes #11514
2022-06-23 14:04:09 -03:00
Alexander Schwartz
850af55edc
Ensure that only JDK 8 APIs are used where JDK 8 is still required.
...
Closes #10842
2022-06-20 14:44:33 -03:00
Michal Hajas
d3b43a9f59
Make sure there is always Realm or ResourceServer when searching for authz entities
...
Closes #11817
2022-05-11 07:20:01 -03:00