libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
26538 commits 4 branches 5 tags 480 MiB
Commit graph

4860 commits

Author SHA1 Message Date
Justin Tay
f537343545 Allow empty key use in JWKS from identity provider 
Closes #31823

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-02 11:39:43 +02:00
rmartinc
773e309f75 Parse saml urls correctly if the bindings are different 
Closes #31780

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-02 11:34:06 +02:00
Thomas Darimont
282260dc95 Ensure issued_client_type is always added to successful token-exchange response (#31548) 
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1)
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type

Fixes #31548

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-30 18:33:51 +02:00
rmartinc
a6c70d65ee Do not generate secret when client rep do not specifiy public or bearer 
Closes #31444

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-30 18:32:15 +02:00
Pedro Igor
a79761a447 Support for blocking concurrent requests when brute force is enabled 
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-30 10:01:48 +02:00
Hynek Mlnarik
183cd6c957 Run tests with keycloak.v2 login theme 
The fixes (mostly selectors) are needed for tests.

In the future, to switch the keycloak.v2 to the default theme, do
the following:

- Update `ThemeSelectorProvider`: Uncomment relevant lines
- Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property
- Update `ThemeSelectorTest` per comment

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-30 10:01:17 +02:00
Martin Kanis
d91d6d18d5 Can not update organization group error when trying to create organisation from REST API 
Closes #31144

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes (#29967) 
fixes #30179
fixes #30181


Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-29 16:30:54 +02:00
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs (#31620) 
closes #31581 


Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645 Respect the username value format when processing federated users 
Closes #31240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators (#31549) 
Closes #30476

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:03:21 +02:00
Pedro Igor
04bd6653ec Invalidating domain cache and introducing cache for more query methods 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations 
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Giuseppe Graziano
12732333c8 Client scope assignment for client registration 
Closes #31062

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-26 17:33:49 +02:00
Stefan Guilhen
c9f5a0aa32 Testsuite: ensure realm is set in session context 
Closes #31636

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-26 11:11:44 -03:00
Lex Cao
3818f8f575 Prevent removing flow that used by client flow overrides 
Closes #30707

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-07-26 16:05:29 +02:00
vramik
01f5747eed If the user is federated before the broker is associated with an organization this user is not a managed user 
Closes #30744

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy 
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
 2024-07-24 15:12:16 -03:00
Kamesh Akella
33b3fd313c
Add migration tests for AuroraDB (#31396) 
Fixes #31024
Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
 2024-07-24 16:45:02 +02:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation(#30692) 
closes #30525 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-24 13:45:39 +02:00
Miquel Simon
aab7a912c4
Updated connection configuration for MSSQL test container 
Closes #31558

Signed-off-by: Miquel Simon <msimonma@redhat.com>
 2024-07-24 09:12:58 +00:00
Hynek Mlnarik
a7374f92be Update login theme to login v2 
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
Hynek Mlnarik
ab6ca323db Run docker tests with proper theme and fix chromedriver path 
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
mposolda
3110bb8989 Missing Cache-Control header when response_type parameter is missing in login request 
closes #29866

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-18 10:17:52 +02:00
rmartinc
5ea3becef5 Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest 
Closes #30188
Closes #30641

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-18 10:03:13 +02:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential (#30920) 
closes #30918

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-07-18 09:52:02 +02:00
mposolda
06f6173c8a Add suffix to keycloak-authz-client artifact in keycloak repository 
closes #30926

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-17 14:59:09 +02:00
Martin Kanis
e5848bdcf9 Cannot set unmanagedAttributePolicy without profile attributes 
Closes #31153

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-17 09:53:59 -03:00
Ricardo Martin
3d12c05005
Correctly moves to the next required action (#31358) 
Closes #31014

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>


Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-07-17 09:38:29 +02:00
Pedro Igor
de1de06354 Avoid adding organization flows if they are already exist 
Closes #31182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-17 08:28:00 +02:00
Stefano Azzalini
6d67c1f9cc
Normalize default authentication flow descriptions to start with an uppercase letter (#31277) 
Closes #31291

Signed-off-by: Stefano Azzalini <stefano.azzalini@luminator.com>
 2024-07-16 13:49:35 +02:00
Lex Cao
6c71ad2884 Fallback to no override flow when missing in client override 
Closes #30765

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-07-16 11:33:41 +02:00
Thomas Darimont
2140e573f2
Fix test LDAP connection with multiple ldap connection urls 
Previously, the given connection string was check with URI.create(..) which
failed when multiple space separated LDAP URLs were given.

Closes #31267

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-16 08:57:50 +02:00
Martin Kanis
887db25f00 Allow auto-redirect existing users federated from organization broker when using the username 
Closes #30746

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-15 13:48:45 -03:00
mposolda
1864cf1827 Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25 
closes #31224

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-15 18:30:35 +02:00
Pedro Igor
c33585a5f4 All pubic brokers are shown during authentication rather than only those associated with the current organization 
Closes #31246

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-12 17:51:39 +02:00
Giuseppe Graziano
1df60461a9 Avoid race condition when using initial-access-token 
Closes #27294

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-12 16:33:02 +02:00
Douglas Palmer
9300903674 page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt 
Closes #25440

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-07-12 16:24:21 +02:00
Pascal Knüppel
4028ada2a5
Add required default-context value to VerifiableCredential (#30959) 
closes #30958

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-11 18:25:11 +02:00
Steven Hawkins
4970a9b729
fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD 
closes: #30658

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-07-11 18:07:57 +02:00
rmartinc
096e335a92 Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider 
Closes #30880
Closes #29755

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-11 12:40:45 +02:00
Pedro Igor
da6c9ab7c1 Bruteforce protector does not work when using organizations 
Closes #31204

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-11 00:26:47 +02:00
Jon Koops
a0c99a7ae0
Show full error details in admin and account consoles 
Closes #30705

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-07-10 16:20:26 +02:00
Martin Kanis
922eaa9fc8
Disable username prohibited chars validator when email as username is… (#31140) 
* Disable username prohibited chars validator when email as the username is set

Closes #25339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-10 09:46:24 -03:00
Pedro Igor
d475833361 Do not expose kc.org attribute in user representations 
Closes #31143

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-10 13:43:23 +02:00
Alexander Schwartz
d70f78072e
Make persistent sessions co-exist with remote cache feature (#30859) 
Closes #30855

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-09 09:03:36 +02:00
rmartinc
f78a46485d TE should create a transient session when there is no initial session in client-to-client exchange 
Closes #30614

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-08 15:44:38 -03:00
Pedro Igor
ead1b4a851
Testing ldap connection should not process or bind the credentials (#31081) 
Closes #30821

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-08 13:58:02 +02:00
Pedro Igor
cbf7f208fb
Avoid iterating and updating all group policies when removing groups (#31057) 
Closes #31056

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-08 13:57:20 +02:00
wojnarfilip
3c429b7506 Update social login tests login flows 
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
 2024-07-08 08:48:31 +02:00
Pedro Igor
f010f7df9b Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-03 11:55:04 -03:00
Martin Kanis
e1b735fc41 Identity-first login flow should be followed by asking for the user credentials 
Closes #30339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-03 11:55:04 -03:00
Giuseppe Graziano
02d64d959c Using _system client when account client is disabled for email actions 
Closes #17857

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet
20cedb84eb Check refresh token flow response for offline based on refresh token request parameter 
Closes #30857

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-07-02 18:13:30 -03:00
Steven Hawkins
d534860e2b
fix: admin cli client should set the content when performing a merge (#30539) 
closes: #29878

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-06-28 15:56:07 +02:00
Pedro Igor
cc2ccc87b0 Filtering organization groups when managing or processing groups 
Closes #30589

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-28 10:27:18 -03:00
Steven Hawkins
aae1fa1417
fix: addresses cli erroneously wants a secret when env password is set (#30892) 
closes: #30866

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-06-28 11:48:42 +02:00
Thomas Darimont
690c6051bb Fix scope policy evaluation for client to client token exchange (#26435) 
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.

We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.

We also ensure backwards compatibility for ClientPermissionManagement API.

Fixes #26435

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-06-28 10:33:20 +02:00
mposolda
f1b8a983d2 Cleanup mod_auth_mellon from the testsuite 
closes #30869

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-28 08:33:36 +02:00
Douglas Palmer
220f32aa85 Cleanup of adapter pages 
Closes #30870

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-27 18:57:22 +02:00
mposolda
7279f2092e Cleanup of test-apps and related adapter code 
closes #30867

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-27 15:10:31 +02:00
mposolda
e5a4c94f75 Added suffix to keycloak-admin-client artifacts in keycloak repository 
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-27 11:00:30 +02:00
Romain LABAT
6615691c63
Support for service accounts when fetch roles is enabled (#30687) 
Support for service accounts when fetch roles is enabled

Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-25 18:00:26 -03:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5 
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2 Issue: 26568 - bcfips version bump and fixes 
* bump BCFIPS to 1.0.2.5
               * fix bc-fips related test error
               * remove unused imports

               Closes: #26568

Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
 2024-06-25 11:07:27 +02:00
fwojnar
015fefad02
Remove Edge from supported web drivers (#30423) 
Closes #29921

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2024-06-24 17:24:55 +02:00
fwojnar
e30e6cba8e
Remove Safari from supported web drivers (#30424) 
Related to #29921

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2024-06-24 13:27:12 +02:00
fwojnar
640db99c27
Remove Appium from supported web drivers (#30483) 
Related to #29921

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2024-06-24 13:26:33 +02:00
Takashi Norimatsu
b0aac487a3 VC issuance in Authz Code flow with considering scope parameter 
closes #29725

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-06-24 10:53:19 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
mposolda
6a9e60bba0 Flow steps back when changing locale or refreshing page on 'Try another way page' 
closes #30520

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-21 11:22:15 +02:00
rmartinc
592c2250fc Add briefRepresentation query parameter to getUsersInRole endpoint 
Closes #29480

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-21 11:21:02 +02:00
Takashi Norimatsu
6b135ff6e7 client-jwt authentication fails on Token Introspection Endpoint 
closes #30599

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-06-21 10:47:25 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates 
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-20 14:36:14 -03:00
Giuseppe Graziano
6b07b67667 Removed saml filter adapter tests 
Closes #30553

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-20 09:42:59 +02:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072) 
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3 
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e External Infinispan as cache - Part 2 
Includes a new implementation for the providers:

* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory

Closes #28648

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Martin Kanis
dc109381e1 Refactor organization tests 
Closes #30338

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-19 09:34:24 -03:00
Martin Kanis
89f83e9788 Importing organizations failing if there is no broker and members in the representation 
Closes #30305

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-19 08:46:04 -03:00
Pedro Igor
57139cbefc Internal read-only attributes have precedence over unmanaged attribute policy 
Closes #30240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-19 12:05:01 +02:00
Giuseppe Graziano
24aa6e143d
REALM_CLIENT attribute to recognize realm clients (#30433) 
Closes #29413

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-19 10:22:13 +02:00
Stefan Guilhen
db846a792d Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches 
Closes #30414

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-06-18 13:14:28 -03:00
Francis Pouatcha
d4797e04a2
Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification (#30420) 
closes #30419 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-06-18 17:07:49 +02:00
rmartinc
fc65c73106 Upgrade adapters test to use wildfly 28 (jakarta only) via maven plugin 
Closes #30324

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-18 15:40:59 +02:00
rmartinc
38d8cf2cb3 Add UPDATE event to the client-roles condition 
Closes #30284

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-18 15:30:42 +02:00
Martin Bartoš
5ad3abaa96
Enable WebAuthn tests for Firefox (#30374) 
Closes #22075

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-06-18 10:36:01 +02:00
rmartinc
c51640546d Improvements for ldap test authentication 
Closes #30434

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-15 10:01:24 +02:00
Thibault Morin
f6fa869b12
feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619) 
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP

Signed-off-by: tmorin <git@morin.io>

* Adding broker test and minor improvements

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing IdentityProviderTest

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Renaming methods related to idp initiated flows

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing partial_import_test.spec.ts

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-14 08:54:49 -03:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474) 
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-13 18:02:46 +02:00
Lukas Hanusovsky
ca0833b2e4
[#29412] DB Allocator removal - dependency cleanup. (#30406) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2024-06-13 13:31:52 +00:00
vramik
de2fdbe98f cache count 
Signed-off-by: vramik <vramik@redhat.com>
 2024-06-13 08:13:36 -03:00
vramik
d355e38424 Provide a cache layer for the organization model 
Closes #30087

Signed-off-by: vramik <vramik@redhat.com>
 2024-06-13 08:13:36 -03:00
Alfredo Moises Boullosa
a5cd6ed965 Add step to Google Social Login (#30335) 
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
 2024-06-12 17:27:02 +02:00
Stefan Guilhen
c49b5749ef Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP 
Closes #29784

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-06-12 10:42:21 -03:00
Martin Kanis
ae69b3b260 Introduce packages for organization tests 
Closes #30337

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-12 10:02:06 -03:00
rmartinc
7d42ab822b Remove adapter app-server-undertow profile which is not used 
Closes #30347

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-12 14:40:06 +02:00
Patrick Jennings
75925dcf6c
Client type configuration inheritance (#30056) 
closes #30213 

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-06-10 18:59:08 +02:00
rmartinc
7d05a7a013 Logout from all clients after IdP logout is performed 
Closes #25234

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-10 11:58:09 -03:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966) 
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-07 12:02:36 +02:00
Steven Hawkins
c7e9ee2bff
fix: adds handling for all kcadm prompts as env variables (#29430) 
closes: #21961

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-06-06 13:08:23 +00:00
Bruno Oliveira da Silva
f34baf3c24
Update license headers (#29942) 
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
 2024-06-06 14:06:09 +02:00
Alexander Schwartz
97ab0def2c Adding ForkJoinPool for Quarkus to the surefire initialization for embedded Quarkus 
Closes #30206

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-06 12:52:11 +02:00
Pedro Igor
94c194f1f4 Prevent users to unlink from their home identity provider when they are a managed member 
Closes #30092

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2024-06-05 13:57:01 +02:00
mposolda
0bf613782f Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error 
closes #30102

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-05 13:55:02 +02:00
rmartinc
eedfd0ef51 Missing auth checks in some admin endpoints (#166) 
Closes keycloak/keycloak-private#156

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-05 12:04:47 +02:00
Giuseppe Graziano
d5e82356f9 Encrypted KC_RESTART cookie and removed sensitive notes 
Closes #keycloak/keycloak-private#162

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-05 10:33:44 +02:00
Pedro Igor
f8d55ca7cd Export import realm with organizations 
Closes #30006

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-05 09:50:03 +02:00
Martin Kanis
33331788a4 Introduce count method to avoid fetching all organization upon checking for existence 
Closes #29697

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-04 10:45:28 -03:00
Martin Kanis
173f09fa6b Malformed dependency version causing the build failure 
Closes #30134

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-04 13:44:14 +02:00
Thomas Darimont
35a4a17aa5
Add support for application/jwt media-type in token introspection (#29842) 
Fixes #29841

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-06-03 19:06:21 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support (#28518) 
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-06-03 14:17:28 +02:00
mposolda
9074696382 Editing built-in client policy profiles are silently reverted 
closes #27184

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-03 14:00:37 +02:00
Pedro Igor
4c39fcc79d Allow to configure if users are automatically redirected when the email domain matches an organization 
Closes #30050

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-03 13:34:21 +02:00
raff897
6d6131cade Backchannel logout url with curly brackets 
closes #30023

Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
 2024-06-03 09:51:39 +02:00
Ricardo Martin
0cd0d03c08
Remove all adapter-core code moved to util (#30012) 
* Remove all tests that are only executed for undertow app server
* Remove installation steps for OIDC adapter in wildfly/eap app server
* Remove the util adapters package except HttpClientBuilder
* Remove HttpClientBuilder and use plain apache http client
Closes #29912

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-03 09:28:02 +02:00
Pedro Ruivo
ad32f8bdbc
auth-server-feature does not work for auth-server-quarkus-embedded (#30045) 
Fixes #29259

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-03 08:47:52 +02:00
rmartinc
068ce5a61f Modify xpath for account console logout in the webauthn tests 
Closes #30024

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-31 15:14:35 +02:00
Stefan Wiedemann
0f6f9543ba
Add oid4vci to the account console (#29174) 
closes #25945

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>


Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-05-31 15:11:32 +02:00
Patrick Jennings
5144f8d85f
Improve Client Type Integration Tests (#29944) 
closes #30017

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-05-31 09:53:22 +02:00
Andrejs Mivreniks
1cf87407fe Allow setting authentication flow execution priority value via Admin API 
Closes #20747

Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>
 2024-05-30 19:17:45 +02:00
Martin Bartoš
3f49036192
Unify approach for WebAuthn tests (#29781) 
Closes #29780

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-05-30 14:21:27 +02:00
rmartinc
44ce2fb74d Modify authz tests to not depende on adapter-core code 
Closes #29882

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-30 08:02:29 +02:00
Pedro Igor
320f8eb1b4 Improve invitation messages and flow 
Closes #29945

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 17:51:06 +02:00
Erik Jan de Wit
f088b0009c
initial ui for organizations (#29643) 
* initial screen

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* more screens

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added members tab

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added the backend

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added member add / invite models

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* initial version of the identity provider section

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* add link and unlink providers

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* small fix

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* PR comments

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Do not validate broker domain when the domain is an empty string

Closes #29759

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added filter and value

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added first name last name

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* refresh menu when realm organization is changed

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to record

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to form data

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed lint error

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Changing name of invitation parameters

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Chancing name of parameters on the client

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Enable organization at the realm before running tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Domain help message

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Handling model validation errors when creating organizations

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Message key for organizationDetails

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Do not change kc.org attribute on group

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* add realm into the context

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* tests

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Changing button in invitation model to use Send instead of Save

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Better message when validating the organization domain

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Fixing compilation error after rebase

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* removed wait as it no longer required and skip flacky test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* skip tests that are flaky

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* stabilize user create test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 14:34:02 +02:00
Martin Bartoš
76a6733f0a Replace PhantomJS by HtmlUnit 
Closes #9979

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-05-29 11:17:57 +02:00
Martin Bartoš
b1a90972b6 Upgrade Selenium and Arquillian dependencies in testsuite 
Closes #29778

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-05-29 11:17:57 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity 
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 01:58:20 -03:00
Stefan Guilhen
694ffaf289 Allow organizations in different realms to have the same domain 
Closes #29886

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-28 08:02:30 -03:00
Francis Pouatcha
4317a474d1
JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification (#29635) 
closes #29634 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>


Co-authored-by: DYLANE BENGONO <85441363+bengo237@users.noreply.github.com>
 2024-05-28 12:51:56 +02:00
Yutaka Obuchi
68d9dcecb5
Supporting OID4VCI AuthZCode flow: (#29685) 
closes #29724

Signed-off-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com>


Co-authored-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com>
Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-05-28 12:29:31 +02:00
Martin Bartoš
d396dfed6a
Upgrade old Keycloak version for DB migration tests (#29884) 
Closes #29883

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-05-28 11:32:31 +02:00
Jon Koops
66ef3bf2d7
Remove Opera from supported web drivers (#29903) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-05-28 09:01:40 +00:00
Douglas Palmer
b9c04bb8bc Refactor PolicyEnforcer tests to remove dependency on keycloak-adapter-core and remove keycloak-adapter-core 
Closes #29189
Closes #28791

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-27 15:00:13 -03:00
Stefan Wiedemann
5a68056f2a
Fix oid4vc mappers 
Closes #29805

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-05-27 11:28:46 +02:00
mposolda
ea1cdc10bd MigrateTo25_0_0 does not complete within default transaction timeout 
closes #29756

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-27 10:31:39 +02:00
Pedro Igor
2d4d32764c Show a message when confirming an invitation link 
Closes #29794

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-27 08:33:22 +02:00
rmartinc
b258b459d7 Generate RESTART_AUTHENTICATION event on success 
Closes #29385

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-23 19:08:22 +02:00
vramik
0508d279f7 Filter empty domains from OrganizationsRepresentation before running validation 
Closes #29809

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-23 09:53:51 -03:00
Marek Posolda
2efc163b89
Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database 
Closes #27941

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-23 12:00:18 +00:00
Daniel Fesenmeyer
c08621fa63 Always order required actions by priority (regardless of context) 
- AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action
- AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation)
- add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now)
- fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80)

Closes #16873

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
 2024-05-23 09:07:56 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400) 
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-23 08:38:36 +02:00
vramik
278341aff9 Add organizations enabled/disabled capability 
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-22 07:58:26 -03:00
Francis Pouatcha
542fc65923
Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 (#29628) 
closes #29627 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>


Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-05-22 10:30:34 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions 
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-22 10:12:20 +02:00
Case Walker
f32cd91792 Upgrade owasp-java-html-sanitizer, address all fallout 
Signed-off-by: Case Walker <case.b.walker@gmail.com>
 2024-05-22 09:15:25 +02:00
Raffaele Lucca
a5a55dc66e
Protocol now is mandatory during client scope creation. (#29544) 
closes #29027

Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
 2024-05-22 09:10:46 +02:00
Patrick Jennings
84acc953dd
Client type OIDC base read only defaults (#29706) 
closes #29742
closes #29422

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-05-22 09:07:19 +02:00
Pedro Igor
b019cf6129 Support unmanaged attributes for service accounts and make sure they are only managed through the admin api 
Closes #29362

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-21 16:56:18 -03:00
Martin Kanis
97cd5f3b8d Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not 
Closes #29482

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-21 12:29:10 -03:00
rmartinc
3304540855 Allow admin console whoami endpoint to applications that have a special attribute 
Closes #29640

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-20 09:51:07 +02:00
Stefan Guilhen
1aab371912 Fix errors when importing realms with the organization feature enabled 
Closes #29630

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-17 07:25:31 -03:00
Ricardo Martin
74a80997c7
Fix CRL verification failing due to client cert not being in chain (#29582) 
closes #19853

Signed-off-by: Micah Algard <micahalgard@gmail.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Micah Algard <micahalgard@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-05-17 11:28:07 +02:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages (#29326) 
Update resource file and tests accordingly

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
 2024-05-16 09:55:41 +02:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305) 
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
 2024-05-16 07:58:43 +02:00
rmartinc
89d7108558 Restrict access to whoami endpoint for the admin console and users with realm access 
Closes #25219

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-15 19:06:57 +02:00
Stefan Guilhen
c4760b8188 Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org. 
Closes #29481

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-14 15:39:18 -03:00
Martin Kanis
3985157f9f Make sure operations on a organization are based on realm they belong to 
Closes #28841

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-14 10:47:39 -03:00
Pedro Igor
b4d231fd40 Fixing realm removal when removing groups and brokers associated with an organization 
Closes #29495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 14:29:27 +02:00
Pedro Igor
b5a854b68e
Minor improvements to invitation email templates (#29498) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 13:19:02 +02:00
Pedro Igor
1b583a1bab Email validation for managed members should only fail if it does not match the domain set to a broker 
Closes #29460

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 10:46:22 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests 
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-13 16:33:29 +02:00
kaustubh-rh
8a82b6b587
Added a check in ClientInitialAccessResource (#29353) 
closes #29311

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>
 2024-05-13 13:00:36 +02:00
rmartinc
2cc051346d Allow empty CSP header in headers provider 
Closes #29458

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-13 10:51:31 +02:00
Giuseppe Graziano
d735668fcd Fix test failures after @DisableFeature 
Closes #29253

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-05-13 08:20:54 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization 
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-10 21:28:11 -03:00
Stefan Guilhen
f0620353a4 Ensure master realm can't be removed 
Closes #28896

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 16:56:18 -03:00
Stefan Guilhen
ceed7bc120 Add ability to search organizations by attribute 
Closes #29411

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 16:45:41 -03:00
Pedro Igor
77b58275ca Improvements to the organization authentication flow 
Closes #29416
Closes #29417
Closes #29418

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-09 16:07:52 -03:00
Pedro Igor
a65508ca13 Simplifying the CORS SPI and the default implementation 
Closes #27646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-08 12:27:55 -03:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final 
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-08 17:18:39 +02:00
Stefan Guilhen
dde2746595 Improve tests to ensure managed users disabled upon disabling the org can't be updated 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-07 18:11:52 -03:00
Pedro Igor
927ba48f7a Adding tests to cover using SAML brokers in an organization 
Closes #28732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 20:44:38 +02:00
Thore
4b194d00be iso-date validator for the user-profile 
Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker.

Closes #11757

Signed-off-by: Thore <thore@kruess.xyz>
 2024-05-07 11:42:39 -03:00
Martin Kanis
d4b7e1a7d9 Prevent to manage groups associated with organizations from different APIs 
Closes #28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-07 11:16:40 -03:00
Pedro Igor
f8bc74d64f Adding SAML protocol mapper to map organization membership 
Closes #28732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 15:52:35 +02:00
Stefan Guilhen
aa945d5636 Add description field to OrganizationEntity 
Closes #29356

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-07 10:35:51 -03:00
Pedro Igor
c0325c9fdb Do not manage brokers through the Organization API 
Closes #29268

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 09:15:25 -03:00
Dinesh Solanki
2172741eb6
Refactor element identifiers from ID to class (#28690) 
Closes #24462

Signed-off-by: Dinesh Solanki <15937452+DineshSolanki@users.noreply.github.com>
 2024-05-07 13:56:21 +02:00
Alice W
d1549a021e Update invitation changes based on review and revert deleted test from OrganizationMembertest 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
40a283b9e8 Token expiration tests and updates to registration required action 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
158162fb4f Review tests and having invitation related operations in a separate class 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
287f3a44ce registration link tests 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Alice W
ce2e83c7f9 Update test and link formation on invite of new user 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Alice W
18356761db Add test for user invite registration and fix minor bug with registration link generation and email templating 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
e0bdb42d41 adding test and minor updates to cover inviting existing users 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-06 14:46:56 -03:00
Alexander Schwartz
a9532274e3
Generate translations for locales via built-in Java functionality (#29125) 
Closes #29124

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-05-06 09:30:14 +02:00
Giuseppe Graziano
c6d3e56cda Handle reset password flow with logged in user 
Closes #8887

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-05-06 09:10:47 +02:00
Douglas Palmer
00bd6224fa Remove remaining Fuse adapter bits 
Closes #28787

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-06 09:02:26 +02:00
Thomas Darimont
ba43a10a6d
Improve details for user error events in OIDC protocol endpoints 
Closes #29166

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-05-06 08:32:31 +02:00
Pedro Igor
32d25f43d0 Support for mutiple identity providers 
Closes #28840

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-04 16:19:27 +02:00
Douglas Palmer
051c0197db Remove old-WildFly, EAP 7.4 and 6.4 SAML adapters 
Closes #28785

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-03 15:39:05 +02:00
Justin Tay
7bd48e9f9f Set logout token type to logout+jwt 
Closes #28939

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-05-03 14:51:10 +02:00
Giuseppe Graziano
8c3f7cc6e9 Ignore include in token scope for refresh token 
Closes #12326

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-05-03 09:05:03 +02:00
Douglas Palmer
e0176a7e31 Remove Wildfly and EAP OIDC adapters 
Closes #23381

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-02 20:16:55 +02:00
Steven Hawkins
3b1ca46be2
fix: updating docs around -q parameter (#29151) 
closes: #27877

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-05-02 16:48:43 +02:00
Stefan Guilhen
45e5e6cbbf Introduce filtered (and paginated) search for organization members 
Closes #28844

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-02 11:25:43 -03:00
Stefan Wiedemann
3e16af8c0f
Fix oid4vc tests (#29209) 
closes #28982
closes #28983
closes #28984
closes #28985
closes #28986
closes #28987
closes #28988
closes #28989
closes #28990
closes #28991
closes #28992
closes #28993
closes #28994
closes #28995
closes #28996

* only enable/disable features that should

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* use default profile if nothing is set

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

---------

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-05-02 10:57:25 +00:00