rmartinc
09e30b3c99
Support for JWE IDToken and UserInfo tokens in OIDC brokers
...
Closes https://github.com/keycloak/keycloak/issues/21254
2023-07-03 21:25:46 -03:00
mposolda
ccbddb2258
Fix updating locale on info/error page after authenticationSession was already removed
...
Closes #13922
2023-07-03 18:57:36 -03:00
Martin Bartoš
e3e123b577
JavascriptAdapterTest is broken due to the multiple initialization of JS adapter
...
Fixes #21412
2023-07-03 16:44:22 -03:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider ( #20188 )
...
Closes #20191
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-06-29 18:44:15 +02:00
Marek Posolda
51a9712e59
Improper Client Certificate Validation for OAuth/OpenID clients ( #20 )
...
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2023-06-28 17:52:48 -03:00
Ricardo Martin
1973d0f0d4
Check the redirect URI is http(s) when used for a form Post ( #22 )
...
Closes https://github.com/keycloak/security/issues/22
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-06-28 17:52:48 -03:00
Pedro Igor
28aa1d730d
Verify holder of the device code ( #21 )
...
Closes https://github.com/keycloak/security/issues/32
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
2023-06-28 15:45:26 +02:00
rmartinc
4bc11bdf7f
Do not return an error when moving a group to the current parent
...
Closes https://github.com/keycloak/keycloak/issues/21242
2023-06-28 10:34:15 +02:00
rmartinc
a5a2753d11
Don't allow impersonate disabled users or service accounts
...
Closes https://github.com/keycloak/keycloak/issues/21106
2023-06-28 10:18:21 +02:00
Hynek Mlnarik
c092c76ae8
Remove ldapsOnly (Java)
...
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.
Closes : #9313
2023-06-28 08:30:09 +02:00
Pedro Igor
d0691b0884
Support for the locale user attribute
...
Closes #21163
2023-06-27 09:21:08 -03:00
Miquel Simon
46fa7d2e6c
Enable back a few tests that have been fixed to run on Firefox and Chrome.
2023-06-26 11:25:07 -03:00
Pavel Drozd
216bbe512f
Add tests and profiles for testing EAP6, SpringBoot and Fuse adapters
2023-06-26 11:24:02 -03:00
eatik
6d0636987e
keeping VIEW_USERS related tests in PermissionTest
...
Closes #20783
2023-06-26 11:05:35 -03:00
eatik
7cfa012427
adding test code
...
Closes #20783
2023-06-26 11:05:35 -03:00
Takashi Norimatsu
f6ecc3f3f8
FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request
...
closes #20710
2023-06-26 12:09:25 +02:00
vramik
7fe7dfc529
ResourceType lost during clonning
...
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Closes #20947
2023-06-23 09:31:44 +02:00
Pedro Igor
aff6cc1cbd
Running mappers during account linking
...
Closes #11195
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: toddkazakov
2023-06-22 17:41:31 +02:00
Pedro Igor
eb5edb3a9b
Support reading base32 encoded OTP secret
...
Closes #9434
Closes #11561
2023-06-22 08:08:13 -03:00
mposolda
137f8d807a
Account Console II doesn't remove TOTP from UserStorage
...
closes #19575
2023-06-22 07:56:44 +02:00
Pedro Igor
0dd7c4a515
Fixing auth-server-quarkus-embedded
2023-06-21 17:18:26 +02:00
danielFesenmeyer
60b838675d
Extend admin-client GroupsResource: Support the query functionality to be used in combination with the parameters first, max and briefRepresentation
...
Closes #20016
2023-06-21 12:13:22 -03:00
Gilvan Filho
2493f11331
count users by custom user attribute
...
closes #14747
2023-06-21 11:56:22 -03:00
mposolda
dc3b037e3a
Incorrect Signature algorithms presented by Client Authenticator
...
closes #15853
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-06-21 08:55:58 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console ( #21098 )
...
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Closes #9864
2023-06-20 20:46:57 +02:00
fwojnar
a36be17a5c
Remove account package from testsuite ( #20990 )
...
* Removal of testsuite account package
Related to #19668
Also closes #20527
* Fix failures + remove login folder from base-ui
---------
Co-authored-by: Ivan Khomyn <ikhomyn@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-06-20 08:50:39 +02:00
Daniele Martinoli
d9b271c22a
Extends the conditional user attribute authenticator to check the attributes of the joined groups ( #20189 )
...
Closes #20007
2023-06-19 15:22:35 +02:00
Miquel Simon
3daeee15f6
Add Forms IT ( #20528 )
...
Closes #20519
2023-06-19 14:44:20 +02:00
Jon Koops
29f9523646
Ensure RegisterTest
runs in Chrome and Firefox ( #21036 )
2023-06-16 08:00:04 -04:00
Martin Bartoš
c6995f5ded
Save ~2s for Keycloak startup in the testsuite
...
Relates to #21033
2023-06-16 10:47:28 +02:00
rmartinc
ecf52285bc
Simplify TokenManager expiration calculations using SessionExpirationUtils
...
Closes https://github.com/keycloak/keycloak/issues/20794
2023-06-13 10:09:47 +02:00
Pedro Igor
af975d20f1
Avoid iterating indefinetly when checking CRLs
...
Closes #20725
2023-06-12 17:50:16 +02:00
vramik
535bba5792
Update UserQueryProvider methods
...
Closes #20438
2023-06-12 16:04:26 +02:00
Arnaud Martin
ae5a47d548
Impossible to update a federated user credential label
...
Closes #16613
2023-06-12 15:39:52 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces
...
Fixes #20877
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json ( #19394 )
...
Closes #19373
2023-06-09 10:46:28 +02:00
rmartinc
61968bf747
Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper
...
Closes https://github.com/keycloak/keycloak/issues/19767
2023-06-08 11:12:24 -03:00
Réda Housni Alaoui
eb9bb281ec
Require user to agree to 'terms and conditions' during registration
2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators ( #20731 )
...
closes #20497
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-08 14:52:34 +02:00
Saman-jafari
31db84e924
fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality
...
test also added to check the availability of issueFor(azp) and redirect uri in Action
Fixes #14860
Fixes #15136
2023-06-07 12:19:46 -03:00
Zvi Grinberg
ace83231ee
Update RegexPolicyTest.java
...
Add forgotten imports
2023-06-07 10:18:10 -03:00
Zvi Grinberg
b29ce53f6e
Fix bug in regex policy evaluation that it ignored flatted user claims that are mapped by protocol mappers to complex JSON structure in access token( in the access token JWT it's key and value is a JSON by itself)
...
fixes : #20436
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
2023-06-07 10:18:10 -03:00
Alice Wood
7e56938b74
Extend group search attribute functionality to account for use case where only the leaf group is required
2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705
EventBuilder fixes to copy the store and session context
...
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
2023-06-07 08:34:27 -03:00
Jon Koops
9a8d1ca1f3
Stop waiting page load when calling assertCurrent()
( #20786 )
2023-06-07 13:13:46 +02:00
Pedro Hos
9ebd94a3a8
Userinfo endpoint doesn't accept charset #20671
...
Closes 20671
2023-06-07 08:08:05 +02:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator ( #20572 )
...
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.
Closes #8753
---------
Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc
Fix and correlate session timeout calculations in legacy and new map implementations
...
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
2023-06-05 18:46:23 +02:00
Jon Koops
8eee3f434b
Fix test for brute force detection of recovery codes ( #20784 )
2023-06-05 11:55:30 -04:00
rmartinc
d80094793b
Manage elytron configuration if configured for JDK-17
...
Closes https://github.com/keycloak/keycloak/issues/20385
2023-06-05 13:50:28 +02:00