Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr ( #25215 )
...
also generally correcting the misspelling trustore
closes : #24798
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6
Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration
...
closes #25416
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-14 14:43:28 +01:00
Douglas Palmer
4b11afa87b
NullPointerException when key is not available in the database ( #25395 )
...
* NullPointerException when key is not available in the database
Closes #24485
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-12-14 09:57:53 +01:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers
option ( #25178 )
...
* Add new `--proxy-headers` option
Closes #23431
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* Address review comments vol. 03
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comments vol. 04
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6
Refactoring user profile interfaces and consolidating user representation for both admin and account context
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
Pedro Igor
78ba7d4a38
Do not allow removing username and email from user profile configuration
...
Closes #25147
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-11 08:30:28 +01:00
Sophie Tauchert
1d56e0371e
Make sure authz endpoints are documented in openapi spec
...
Closes : #25259
Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
2023-12-08 16:45:13 +01:00
mposolda
90bf88c540
Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers
...
closes #24718
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-08 12:26:35 +01:00
saumeen prajapati
d829534237
Remove single quote from log string
...
Closes #25060
Signed-off-by: saumeen prajapati <psaumeen@gmail.com>
2023-12-07 20:08:07 +00:00
wojnarfilip
925c5572ad
Re-enable Federated Access Token in user sessions
...
Closes #25290
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
2023-12-07 19:55:20 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification
( #25323 )
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24793
2023-12-07 12:43:43 +00:00
Fouad Almalki
0e535d2bbe
Retrieve ClientConnection by invoking getConnection() instead of getContextObject()
...
Signed-off-by: Fouad Almalki <me@fouad.io>
2023-12-07 13:11:54 +01:00
Stefan Guilhen
7b63d6d500
Remove ResponseSessionTask
...
- this was tightly related to retriable transactions added to map store and is no longer needed.
Closes #25309
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2023-12-06 19:53:53 +01:00
Stefan Guilhen
8e918c2ebf
Revert changes to OIDCIdentityProvider that enlisted the client logout requests in a separate transaction.
...
Closes #25308
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2023-12-06 19:47:04 +01:00
rmartinc
522e8d2887
Workaround to allow percent chars in getGroupByPath via PathSegment
...
Closes #25111
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-06 14:22:34 -03:00
rmartinc
d004e9295f
Do not allow remove a credential in account endpoint if provider marks it as not removable
...
Closes #25220
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-05 17:11:57 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi ( #25206 )
...
Closes #24103
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-12-01 16:40:56 +00:00
Ricardo Martin
3b26e5d489
Add active RSA key to decryption if deprecated mode ( #25205 )
...
Closes https://github.com/keycloak/keycloak/issues/24652
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-01 13:40:47 +00:00
mposolda
3fa2d155ca
Decouple factory methods from the provider methods on UserProfileProvider implementation
...
closes #25146
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-01 10:30:57 -03:00
Pedro Igor
c7f63d5843
Add options to change behavior on how unmanaged attributes are managed
...
Closes #24934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore ( #24473 )
...
closes #24148
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
Douglas Palmer
d0b86d2f64
Register event not triggered on external to internal token exchange
...
Closes #9684
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 15:30:47 -03:00
mposolda
479e6bc86b
Update Kerberos provider for user-profile
...
closes #25074
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4
Allow automatic download of SAML certificates in the identity provider
...
Closes https://github.com/keycloak/keycloak/issues/24424
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d
Remove lowercase for the hostname as recommended/advised by OAuth spec
...
Closes https://github.com/keycloak/keycloak/issues/25001
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
rmartinc
b6cdcb3c27
Revert "Fix lowerCaseHostname to lower-case scheme and host properly"
...
This reverts commit 1241bd2919
.
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Douglas Palmer
5ce41a462b
NPE in HardcodedUserSessionAttributeMapper on Token Exchange
...
Closes #11996
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 09:35:49 -03:00
Douglas Palmer
7e78d29f8d
NPE in User Session Note mapper on Token Exchange
...
Closes #24200
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 09:35:49 -03:00
hokuda
a83b9d11fa
Fix typo in the balloon help of SAML Username Template Importer
...
closes #25033
Signed-off-by: hokuda <hisanobu.okuda@gmail.com>
2023-11-29 09:32:16 -03:00
Douglas Palmer
e99bd4aa3a
External to Internal Token exchange fails with Null pointer Exception if the user is not yet registered (first time token exchange)
...
Closes #16059
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 09:16:14 -03:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled
...
Closes #25077
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-29 11:06:41 +00:00
Jon Koops
0b9dd21b0a
Attempt to request storage access for cookies ( #25055 )
...
Closes #23872
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-27 18:23:40 +00:00
Pedro Igor
2c611cb8fc
User profile configuration scoped to user-federation provider
...
closes #23878
Co-Authored-By: mposolda <mposolda@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax ( #25 ) ( #25036 )
...
Closes https://github.com/keycloak/security/issues/46
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2023-11-27 11:38:14 +01:00
Takashi Norimatsu
1f5ee9bf80
NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token
...
closes #25022
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-11-27 08:49:48 +01:00
Sophie Tauchert
855aebabc2
Rename clientUuid path parameter to client-uuid for consistency
...
Closes #24960
Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
2023-11-23 16:08:58 +01:00
Sophie Tauchert
496c0e7f03
Rename some path parameter placeholders to avoid duplicating {id} in the path
...
Closes #24960
Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
2023-11-23 16:08:58 +01:00
Sophie Tauchert
3e17cb0452
Add correct annotation for 204 responses to POST methods returning void
...
Closes #24960
Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
2023-11-23 16:08:58 +01:00
Douglas Palmer
efde3adf60
Wrong value for VALIDATED_ID_TOKEN stored in the brokered identity context for external token exchange
...
Closes #23985
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-23 11:52:37 -03:00
Douglas Palmer
2ec1d2f7ea
Fix logic error in AbstractOAuth2IdentityProvider
...
Closes #24943
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-23 11:43:42 -03:00
Tero Saarni
fd58cb1bec
Attempt to remove warning about not using inference
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-11-23 10:49:58 -03:00
Tero Saarni
e35f3d7e87
Fix compilation error with ServerInfoAdminResource
...
This change fixes following type inference error:
* Type mismatch: cannot convert from Map<Boolean,Object> to Map<Boolean,List<String>>
The error comes when opening and compiling on vscode or Eclipse, which uses
Eclipse JDT compiler.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-11-23 10:49:58 -03:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings
...
Closes #23404
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2023-11-22 14:10:11 +01:00
Thomas Darimont
d30d692335
Introduce MaxAuthAge Password policy ( #12943 )
...
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.
Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin
Fixes #12943
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
rmartinc
1241bd2919
Fix lowerCaseHostname to lower-case scheme and host properly
...
Closes https://github.com/keycloak/keycloak/issues/24792
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-20 10:00:50 +01:00
Erik Jan de Wit
941457b805
added theme name as parameter
...
moved messages to theme bundle
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-11-17 08:35:54 +01:00
rmartinc
5fad76070a
Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience
...
Closes https://github.com/keycloak/keycloak/issues/24659
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 18:22:16 +01:00
Hynek Mlnarik
70d0f731f5
Use session ID rather than broker session ID
...
Closes : #24455
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2023-11-16 17:01:40 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB
...
Closes #24095
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-16 13:50:56 +01:00
rmartinc
cca33baac3
Avoid NPE if RelayState is null and return a proper error
...
Closes https://github.com/keycloak/keycloak/issues/24079
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 12:56:49 +01:00