We now only show organization section in account ui if org support is enabled for realm.
Fixes#33735
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
The previous implementation uses principal as a key for a hashmap storing one certificate per entry. To preserve lookups, the value is now a List of certificates.
Additional logic was added to build certification validation chains using signature verification rather than just principal.
Closes#33125
Signed-off-by: Matt Eaton <git@divinehawk.com>
- Corrected "Map a custom user attribute to a to a SAML attribute." by removing the repeated "to a".
Closes: #33603
Signed-off-by: Pedro Aguiar <contact@codespearhead.com>
also moving initial bootstrapping after import
closes: #32689
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* fix: adds additional info / warnings to hostname v2
closes: #24815
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* refining the proxy-headers language from #33209
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding hostname-strict-https
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* moving removed property check to the quarkus side
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/HostnameV2PropertyMappers.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* Update docs/guides/server/hostname.adoc
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
The expected Destination Path needs to properly point to the client that is created for IDP-initiated SSO flow. This is especially an issue when Keycloak is behind a reverse proxy that terminates TLS.
Signed-off-by: Manish Mehta <ManishMehta@users.noreply.github.com>
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.
Closes#33207
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Closes#32209
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
- Disables the remote operator tests, which will have to be fixed later.
- Fixes the action expired error which occurs when accessing regular registration page with Organizations enabled.
- Fixes a race condition in the test suite causing sporadic failures.
Closes#33064
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
This should reduce deadlocks on the user property table if the users are updated concurrently.
Closes#32852
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>