libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23202 commits 4 branches 5 tags 480 MiB
Commit graph

3755 commits

Author SHA1 Message Date
Hynek Mlnarik
ac59c551c3 Fix transaction boundaries in tests 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
38442ee0a6 Fix event tests 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
3e58d3da8d Proper cleanup 2023-05-23 20:53:30 +02:00
vramik
bdbbd2959d User search with LDAP federation not consistent 
Closes #10195
 2023-05-23 11:48:33 +02:00
wojnarfilip
34b9eed8f0 Removes AccountFederatedIdentityPage from testsuite 
Closes #15199
 2023-05-22 11:07:48 -03:00
i7a7467
e41e1a971a SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata 
Closes #11079
 2023-05-22 10:05:17 +02:00
vramik
fd6a6ec3ad Make LDAP searchForUsersStream consistent with other storages 
Co-authored-by: mhajas <mhajas@redhat.com>

Closes #17294
 2023-05-19 08:40:41 +02:00
Artur Baltabayev
33215ab6f4
Added User-Session Note Idp mapper. (#19062) 
Closes #17659


Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
Co-authored-by: Sebastian Schuster <sebastian.schuster@bosch.io>
 2023-05-18 13:47:10 +02:00
Lukas Hanusovsky
eb77dcf014 Removing PHOTOZ client and related tests testing UI. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
d9b95e0240 Testsuite with Undertow and OpenJDK17 - Nashorn library support. 
GH Actions failures - refactoring.
 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
406aa21b0b UserStorageTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
b8b9adbea2 CookieTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
29deaca3f5 DemoServletsAdapterTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
47fd10469f Old account console dependencies removed - refactoring. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
130807fa7b AbstractCustomAccountManagementTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
2ad8f7dd62 Old account console dependencies removed. Closes #19668 
* LoginTest
* SessionServletAdapterTest
* ClientRedirectTest
* TrustStoreEmailTest
* BrowserFlowTest
* SocialLoginTest
* JavascriptAdapterTest
 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
c685366169 CookiesPathTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
5e323ae173 Old account console dependencies removed. Closes #19668 
* ConsentsTest
* UserTest
* SessionTest
* LoginEventsTest
* AbstractKeycloakTest
 2023-05-18 13:09:51 +02:00
danielFesenmeyer
d543ba5b56 Consistent message resolving regarding language fallbacks for all themes 
- the prio of messages is now as follows for all themes (RL = realm localization, T = Theme i18n files): RL <variant> > T <variant> > RL <region> > T <region> > RL <language> > T <language> > RL en > T en
- centralize the message resolving logic in helper methods in LocaleUtil and use it for all themes, add unit tests in LocaleUtilTest
- add basic integration tests to check whether realm localization can be used in all supported contexts:
  - Account UI V2: org.keycloak.testsuite.ui.account2.InternationalizationTest
  - Login theme: LoginPageTest
  - Email theme: EmailTest
- deprecate the param useRealmDefaultLocaleFallback=true of endpoint /admin/realms/{realm}/localization/{locale}, because it does not resolve fallbacks as expected and is no longer used in admin-ui v2
- fix locale selection in DefaultLocaleSelectorProvider that a supported region (like "de-CH") will no longer selected instead of a supported language (like "de"), when just the language is requested, add corresponding unit tests
- improvements regarding message resolving in Admin UI V2:
  - add cypress test i18n_test.spec.ts, which checks the fallback implementation
  - log a warning instead of an error, when messages for some languages/namespaces cannot be loaded (the page will probably work with fallbacks in that case)

Closes #15845
 2023-05-17 15:00:32 +02:00
Dominik Schlosser
8c58f39a49 Updates Datastore provider to contain full data model 
Closes #15490
 2023-05-16 15:05:10 +02:00
Takashi Norimatsu
7f5e94db87 KEYCLOAK-19539 FAPI 2.0 Baseline : Reject Implicit Grant 2023-05-16 14:17:29 +02:00
Miquel Simon
e959e20e1a Upgrade tested DB versions 2023-05-15 12:36:27 -03:00
vramik
d1ab921c50 JpaUserProvider count methods are inconsistent with searchForUser's param filter handling 
Closes #17581
 2023-05-05 08:22:05 +02:00
rmartinc
d9025db536 Migrate realms if configured to use RH-SSO themes 
Closes https://github.com/keycloak/keycloak/issues/17484
 2023-05-02 15:38:33 +02:00
Martin Bartoš
b87b70a35d Ignore particular legacy clustering tests 
Revert once https://github.com/keycloak/keycloak/issues/19834 issue is resolved
 2023-04-27 13:36:54 +02:00
Martin Bartoš
79178b5a23 Use WildFly as the default app server 2023-04-27 13:36:54 +02:00
Martin Bartoš
9d40f77746 Ignore DemoFilterServletAdapterTestForCustomizedIdMapper test 
Revert once https://github.com/keycloak/keycloak/issues/19809 issue is resolved
 2023-04-27 13:36:54 +02:00
Martin Bartoš
60fd7e63d9 Fix OfflineServletsAdapterTest 2023-04-27 13:36:54 +02:00
Martin Bartoš
8d5a4f2677 Fix FIPS tests 2023-04-27 13:36:54 +02:00
Martin Bartoš
c1cced9f31 Fix CorsExampleAdapterTest 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java - Modified
 2023-04-27 13:36:54 +02:00
Peter Zaoral
72663060c9 Quarkus3 branch sync no. 13 
11.4.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Martin Bartoš
5b7e9a2603 Remove WF dependencies, add Jakarta SOAP, fix tests 
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
IdeaProjects/keycloak/quarkus/pom.xml - Modified
IdeaProjects/keycloak/quarkus/runtime/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
de663dbf93 Quarkus3 branch sync no. 9 
10.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* changed version from 999-SNAPSHOT to 999.0.0-SNAPSHOT
 2023-04-27 13:36:54 +02:00
Martin Bartoš
952faed4c9 Run Adapter tests with JavaEE support 
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/.github/actions/build-keycloak/action.yml - Modified
 2023-04-27 13:36:54 +02:00
Peter Zaoral
0b4f40f89b Quarkus3 branch sync no. 8 
3.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Martin Bartoš
64738ea708 Fix issues with JakartaEE Mail dependencies 
This reverts commit da4644844ed88818c05d777460624403326ab01c

---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
 2023-04-27 13:36:54 +02:00
Peter Zaoral
5ebe4ca7c8 Quarkus3 branch sync no. 6 
17.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Peter Zaoral
946eacd5b6 Quarkus3 branch sync no. 5 
10.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Stefan Guilhen
3409a0c840 Fixes SAML tests in testsuite 
- adds dependency to saaj-impl in saml core public
- updates test apps' web.xml files to use jakarta namespaces
- small cleanup in main pom
- changes order of e-mail servers in testsuite pom to enforce usage of greenmail (changes order in Undertow's classpath)

Closes #16711
 2023-04-27 13:36:54 +02:00
Martin Bartoš
b1da7bd613 Revert Mail API 
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/quarkus/pom.xml - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
1f126647fe Update dependencies 2023-04-27 13:36:54 +02:00
vramik
60e6fb9dae Register custom functions FunctionContributor 
Closes #16336

---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
 2023-04-27 13:36:54 +02:00
Peter Zaoral
4ff2de7f46 Quarkus3 branch sync 
18.1.2023:
* applied Quarkus 3 OpenRewrite recipe
* fixed the parts that were missed by the script

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Martin Bartoš
124591ce1a Adapters can still use Java EE 
- Provided all JavaEE dependencies for adapters
- Automatically build Undertow Jakarta EE for testsuite (missing SAML)
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
40c38e0133 Fix dependencies in testsuite, adapters and Quarkus module 
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Stefan Guilhen
384d7c17f7 - Fix issues in legacy store 
- Testsuite (switch undertow-embedded.version)
 2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.* 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
 2023-04-27 13:36:54 +02:00
Hynek Mlnarik
d7d50634b3 Do not impose assumptions on ID format 
Closes: #19814
 2023-04-26 15:37:50 +02:00
Hynek Mlnarik
80ba42a0b4 Tests: Determine IDs from Keycloak 
Instead of assuming that the ID of created objects is honored,
the tests are rewritten in the way which obtains the ID from
the created objects. This is to account for storages where
ID is not necessarily an UUID and cannot be thus prescribed.

Closes: #19814
 2023-04-26 15:37:50 +02:00
rmartinc
04ac3a64ee Adding support for rsa-oaep for SAML encryption 
Closes https://github.com/keycloak/keycloak/issues/19689
 2023-04-26 10:46:10 +02:00
mposolda
a3f2ebb193 Ability to override default/built-in providers with same providerId. Using ProviderFactory.order() for choosing priority providers 
Closes #19867
 2023-04-25 18:04:58 +02:00
Lukas Hanusovsky
30d976d64c
RequiredActionEmailVerificationTest - old account console dependencies removed. (#19843) 
Closes #19668
 2023-04-25 08:19:43 +02:00
Hynek Mlnarik
3161c4424c Fix export / import tests relict 
Closes: #19812
 2023-04-19 22:17:49 +02:00
Hynek Mlnarik
0ddc71d987 Properly encode id in URL 
Closes: #19816
 2023-04-19 15:10:04 -03:00
rmartinc
8e55a63f31 Do not allow add sub-flow to built-in workflow 
Closes https://github.com/keycloak/keycloak/issues/15536
 2023-04-19 11:12:49 +02:00
rmartinc
f051a0cdb3 Improve SessionCodeChecks to detect better the ALREADY_LOGGED_IN situation 
Closes https://github.com/keycloak/keycloak/issues/19677
 2023-04-18 10:35:47 -03:00
Lukas Hanusovsky
4a8510f7d9
Stop disabling Account Console v2 for tests that run fine (#19728) 
Works towards closing #19668
 2023-04-17 16:26:32 -03:00
Marek Posolda
8d01109158
Invalid parameter redirect_uri when using an invalid client_id (#19731) 
closes #19662
 2023-04-17 15:12:59 +02:00
Hynek Mlnarik
21510dff0c Add FILE constant to StoreProvider 2023-04-17 08:29:49 +02:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts 
Closes #17359
 2023-04-16 17:41:22 +02:00
danielFesenmeyer
5554c62bea Change locale of user profile validation message to be resolved from authenticated user instead of validated user 
Closes #19707
 2023-04-14 11:51:15 -03:00
Stian Thorgersen
f4cabea08c
Make sure the code is bound to the user session (#18) (#17380) (#17389) 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-04-14 14:42:12 +02:00
Lukas Hanusovsky
556758943f
Old Account Console removal - cleanup imports (#19700) 
Part of #19668
 2023-04-13 14:57:28 +00:00
vramik
2b890eb79d Zero downtime smoke tests 
Closes #16481
 2023-04-12 11:24:35 +02:00
Pedro Igor
83676bf927 Extract JUnit5 support in the distributoin testsuite to a separate module 
Closes #19552
 2023-04-11 10:48:56 +02:00
Lukas Hanusovsky
9bb18400ad
Remove AccountTotpPage from the testsuite (#17657) 
Closes #15201
 2023-04-06 11:49:29 +02:00
fwojnar
f55794f8bf
Removes AccountApplicationsPage (#17651) 
Closes #15198 


Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2023-04-05 16:54:16 +02:00
rmartinc
99330dbb6d Manage JsonProcessingException to not return error 500 when json data is wrong 
Closes https://github.com/keycloak/keycloak/issues/11517
 2023-04-03 18:07:34 +02:00
mposolda
4d8d6f8cd8 Preserve authentication flow IDs after import 
closes #9564
 2023-04-03 16:01:52 +02:00
Jon Koops
bdc019b02c
Fully deprecate function-style constructor for Keycloak JS (#19438) 2023-04-03 14:45:55 +02:00
Hynek Mlnarik
85c0b47c31 Fix ClientPoliciesExtendedEventTest 
Closes: #19487
 2023-04-03 14:43:50 +02:00
Pedro Igor
6086201fe0 Do not verify identity cookie when processing required actions 
Closes #17539
 2023-03-31 09:56:27 +02:00
rmartinc
89dfeeec38 The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties 
Closes https://github.com/keycloak/keycloak/issues/10412
 2023-03-30 21:45:07 +02:00
mposolda
709c6b5a47 Regressions in redirect URL verification when redirect_uri has encoded path or default port 
closes #16851
closes #16587
 2023-03-30 14:20:10 +02:00
Pedro Igor
48082d08ec Email visible on registration page when edit username is not allowed 
Closes #17439
 2023-03-30 08:11:30 +02:00
Jon Koops
8f627517cb
Remove legacy Promise APIs from Keycloak JS (#19389) 2023-03-29 16:29:27 +00:00
Michal Hajas
e49dfe534e Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store 
Closes #17277
 2023-03-29 16:43:01 +02:00
Daniel Kobras
a45b5dcd90 Prefer cert over pubkey in SAML metadata 
If SAML key material was given as a certificate, consistently
expose the certificate rather than just the public key when
presenting SAML metadata info. This change ensures that the
client obtains sufficient information (eg. issuer) to close
the trust chain.

Closes: #17549

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
 2023-03-29 11:17:24 +02:00
Marek Posolda
032ece9f7b
Clarify user session limits documentation and test SSO scenario (#19372) 
Closes #17374


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-03-29 10:08:45 +02:00
rmartinc
2bb9de1a8c Allow application/jwt media type for userinfo endpoint 
Closes: https://github.com/keycloak/keycloak/issues/19346
 2023-03-28 08:47:35 -03:00
Michal Hajas
beca22311b Add RefreshTokenTest to database suite so it can catch some expiration issues similar to #17570 2023-03-28 08:32:31 +02:00
Pedro Igor
a9c605750d Returning email as username setting for admins 
Fixes #17591
 2023-03-27 16:33:44 -03:00
Pedro Hos
bd0a23a865 /users/count endpoint with search field has different behavior than /users query endpoint #17620 
closes #17620
 2023-03-24 13:43:47 +01:00
Klajdi Paja
cf61a65198 Return a user friendly message when a group name already exists on the same level. 
Closes #16888
 2023-03-24 08:13:49 +01:00
rmartinc
8bc5273792 EAP7 and wildfly adapter tests fixes. Execute enable-elytron-se17.cli for EAP7 and JDK-17. 
Closes https://github.com/keycloak/keycloak/issues/19273
 2023-03-23 17:02:39 -03:00
Ayrat Hudaygulov
f578f91a0b Fix ID token not being sent after expiration for OIDC logout 
Closes #10164
 2023-03-23 13:01:02 +01:00
Ricardo Martin
1a622e707f
Flaky tests org.keycloak.testsuite.federation.sync.SyncFederationTest (#19095) 
Closes: https://github.com/keycloak/keycloak/issues/17430
Closes: https://github.com/keycloak/keycloak/issues/17431
 2023-03-21 08:30:42 +01:00
Alexander Schwartz
513bb809f3 Add a map storage global locking implementation for JPA 
Closes #14734
 2023-03-21 08:21:11 +01:00
rmartinc
bef0a4a6f1 Check frontendUrl in the hostname providers 
Closes https://github.com/keycloak/keycloak/issues/17686
 2023-03-20 18:54:58 -03:00
Pedro Igor
a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library 
Closes keycloak#17353
 2023-03-17 11:40:51 +01:00
rmartinc
cab7e50410 Better handling for SAML signatures in POST and REDIRECT bindings 
Closes https://github.com/keycloak/keycloak/issues/17456
 2023-03-15 09:06:59 -03:00
Pedro Igor
af475ffe23 Fixing classloading issue due to the curated application being eagerly closed 2023-03-13 09:34:49 +01:00
vramik
31e4c5cb7e Add storage-jpa-db property into Quarkus. Distinguish postgres and crdb for jpa map store. 
Closes #17305
 2023-03-09 11:09:56 +01:00
Tero Saarni
9052ec2b02
Add admin events for realm create/delete. (#10831) 
Closes #10733
 2023-03-07 15:57:06 +01:00
Simon Levermann
96c1cf3c49 Allow mapping of UserSessionNotes into UserInfo 
Fixes #15369
 2023-03-07 15:25:14 +01:00
rmartinc
a56b38c5a6 Don't remove session and don't reset restart cookie if passive check error 
Closes https://github.com/keycloak/keycloak/issues/11340
 2023-03-07 15:10:09 +01:00
rmartinc
06ff8b016c Don't set REMEMBER_ME if it's disabled at realm level 
Closes https://github.com/keycloak/keycloak/issues/11330
 2023-03-07 15:01:58 +01:00
Michal Hajas
837c64de3d Add support for pessimistic locking to HotRod 
Closes #13273
 2023-03-07 10:44:31 +01:00
mposolda
a0192d61cc Redirect loop with authentication success but access denied at default identity provider 
closes #17441
 2023-03-06 10:45:01 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer 
Closes #17336
 2023-03-03 17:58:34 +01:00
Zakaria Amine
fb5a7f654b
trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100) 
closes #15098
 2023-03-03 17:49:27 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Alexander Schwartz
1e4401f521 Avoid returning the same entity multiple times from separate searches 
Closes #15604
 2023-03-02 08:21:38 +01:00
Marek Posolda
59f4fe1c60
NPE on Theme after upgrade to 21 when parent or import theme not exists (#17350) 
* NPE on Theme after upgrade to 21 when parent or import theme not exists
closes #17313

* Update per review
 2023-03-01 15:46:37 +00:00
rmartinc
5cdf4d5791 Read-Only attributes should be modified if creation is delayed for LDAP 
Closes https://github.com/keycloak/keycloak/issues/16848
 2023-03-01 11:26:57 +01:00
Pedro Igor
fbf5541802 Remove duplicated set-cookie header from response when expiring cookies 
Closes #17192
 2023-02-27 14:17:27 -03:00
lpa
3cd413dee1 SOAP backchannel logout for SAML protocol 
Closes #16293
 2023-02-27 14:24:12 +01:00
rmartinc
38a46726e4 Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers 
Closes https://github.com/keycloak/keycloak/issues/15624
 2023-02-27 10:14:48 -03:00
Václav Muzikář
557a22968c
Stabilize Account Console UI tests (#17243) 
Closes #17178
Closes #17102
Closes #17070
Closes #17045
Closes #17044
Closes #16875
Closes #16870
Closes #16715
Closes #16670
Closes #16646
Closes #16627
Closes #16620
 2023-02-23 12:35:08 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview (#17228) 
* Polish fips-mode switch for preview
Closes #17208 #17210 


Co-authored-by: mposolda <mposolda@gmail.com>
 2023-02-22 12:12:52 +01:00
drohwer89
4ff180da64
Terminating all sessions above the session limit (#16068) 
Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit.

Closes #14689

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-02-16 17:56:59 +01:00
rmartinc
9995a3cdd4 lastSync value into COMPONENT_CONFIG is always updated 
Closes https://github.com/keycloak/keycloak/issues/17022
 2023-02-16 17:48:49 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode 
Closes #17119
 2023-02-16 08:00:21 -03:00
sui.jieqiang
1f6fa0501c Fix search user groups without limit 
Closes #12649
 2023-02-15 15:50:46 +01:00
vramik
7b604d6784 Sync properties in map-storage-jpa-cocroach with other profiles 
Closes #17107
 2023-02-15 10:49:22 +01:00
Hynek Mlnarik
bb0eb899a7 Add ability to run arq testsuite with file store 
Fixes: #17032
 2023-02-15 10:17:23 +01:00
Pedro Igor
9e46b9e43f Handling events after transaction completion using a separate session 
Closes #15656
 2023-02-14 13:10:57 +01:00
Václav Muzikář
a57821ed80 Fix JDK 17 InaccessibleObjectException with infinispan 2023-02-13 17:09:36 -03:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML 
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
 2023-02-10 12:06:49 +01:00
Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite (#16970) 
Closes #16969
 2023-02-09 12:21:33 +01:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest (#16914) 
Closes #16896
 2023-02-08 14:49:49 +00:00
Dmitry Telegin
5f39aeb590 Pre-authorization hook for client policies 
Closes #9017
 2023-02-08 15:06:32 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction 
Closes #13280
 2023-02-08 10:26:30 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861) 
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
 2023-02-07 12:59:35 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens 
Closes #8833
 2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92 Revise blacklist password policy provider #8982 
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-02-07 10:36:39 +01:00
Martin Kanis
5ba004b447 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage 2023-02-07 10:01:32 +01:00
Stian Thorgersen
fc075a3d35
Remove old admin console tests (#16859) 
Closes #16858
 2023-02-07 08:51:36 +01:00
Denis Bernard
5db64133b8 Add Attribute to Group Mapper for SAML IDP 
Cleansing code as PR Comment

Add test for Advanced Attribute to Group Mapper

Closes #12950
 2023-02-06 10:58:48 -03:00
Pedro Igor
1a1ee78dbd Removing tests from base group broker mapper test classes 2023-02-06 10:58:48 -03:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798) 
Closes #16797
 2023-02-03 15:31:25 +01:00
rmartinc
f8f112d8d2
Upgrade twitter4j (#16828) 
Closes https://github.com/keycloak/keycloak/issues/16731
 2023-02-03 15:28:37 +01:00
Marek Posolda
51bed81814
Fixes for OOB endpoint and KeycloakSanitizer (#16773) 
(cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)
 2023-02-02 08:34:50 +01:00
Pedro Igor
e3c41ec3a0 Ignoring test methods from parent classes 
Closes #15687
 2023-02-01 14:58:03 -08:00
Stian Thorgersen
d9025231f9
HTML Injection in Keycloak Admin REST API (#16765) 
Resolves #GHSA-m4fv-gm5m-4725

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-02-01 14:34:15 +01:00
Marek Posolda
33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode (#16699) 
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
 2023-01-30 16:01:57 +01:00
mposolda
7f017f540e BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication 
Closes #16678
 2023-01-30 08:40:46 +01:00
Martin Kanis
c4255e7301 Wrong property for events in map-storage-hot-rod on Undertow 2023-01-27 14:24:34 +01:00
mposolda
5591b5198b Still test failures with BCFIPS approved mode due the hardcoded keys 
Closes #16643
 2023-01-26 15:50:29 +01:00
Pedro Igor
f6602e611b Allow managing the username idn homograph validator 
Closes #13346
 2023-01-26 04:55:43 -08:00
mposolda
a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS 
closes #14966
 2023-01-25 18:38:46 +01:00
mposolda
16888eaeab Only available RSA key sizes should be shown in admin console 
Closes #16437
 2023-01-25 13:15:07 +01:00
mposolda
29888dbf1a Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant 
Closes #12420
 2023-01-25 08:26:15 +01:00
Hynek Mlnarik
977cc473bb Fix linebreaks in XML / SAML signatures 
See https://bugs.openjdk.org/browse/JDK-8264194
See https://issues.apache.org/jira/browse/SANTUARIO-482

Fixes: #14529
 2023-01-23 15:39:10 +01:00
Konstantinos Georgilakis
c73859794e Short verification_uri for Device Authorization Request 
Closes #16107
 2023-01-18 08:34:52 +01:00
Pedro Igor
33cb1ad7cd Support runnning tests using an embedded distribution 
Closes #16420
 2023-01-13 12:03:36 -08:00
mposolda
79fa6bb3c9 Initial support for running testsuite in BCFIPS approved mode 
Closes #16429
 2023-01-13 02:59:06 -08:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
cc6597967a Refactoring ClientPoliciesTest 
Closes #14795
 2023-01-12 09:38:12 +01:00
Pedro Igor
9945135861
Verify if token is revoked when validating bearer tokens (#16394) 
Closes #16388
 2023-01-11 14:42:29 +01:00
mposolda
ac490a666c Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key 
Closes #16324
 2023-01-10 20:39:59 +01:00
Miquel Simon
7bd78f604a
Added MariaDB to Legacy Store IT. (#16157) 2023-01-10 17:37:27 +01:00
Pedro Igor
d797d07d8f Ignore user profile attributes for service accounts 
Closes #13236
 2023-01-10 16:26:53 +01:00
mposolda
4d55c6a647 Adding SAML tests for FIPS - with addition of XMLDSig security provider 
Closes #14969
 2023-01-10 08:37:03 +01:00
Pedro Igor
53ee95764e Do not show username field when updating profile if UPDATE_EMAIL feature is enabled and email as username is enabled 
Closes #16263
 2023-01-06 14:12:47 +01:00
Réda Housni Alaoui
141c9dd803
update-email: email change does not affect the username when "Email as username" option is checked (#15583) 
Closes #13988
 2023-01-06 14:04:48 +01:00
Miquel Simon
c2682157fb
Added MS SQL Server to Legacy Store IT. (#16121) 
* Added MS SQL Server to Legacy Store IT.

* Update testsuite/integration-arquillian/pom.xml

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-01-06 08:55:09 +01:00
Réda Housni Alaoui
dbe0c27bcf Allowing client registration access token rotation deactivation 2023-01-05 20:53:57 +01:00
mposolda
e374e309c6 Deprecate SHA1 based algorithms for sign SAML documents and assertions 
Closes #16240
 2023-01-05 20:45:20 +01:00
Michal Hajas
6566b58be1 Introduce Infinispan GlobalLock implementation 
Closes #14721
 2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41 Move transaction processing into session close 
Fixes: #15223
 2023-01-05 16:12:32 +01:00
Stian Thorgersen
6c1f981eec
Fix UserTest.sendResetPasswordEmailWithCustomLifespan (#16233) 
Closes #16232
 2023-01-04 13:03:33 +01:00
Stian Thorgersen
7dc16c69cb
Force refreshing token for admin client if time offset is set (#16242) 
Closes #16143
 2023-01-04 13:03:10 +01:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
ce6b737e33 NPE in userinfo endpoint 
Closes #15429
 2023-01-02 13:53:29 +01:00
Miquel Simon
9bb5b08015
Added Oracle to Legacy Store IT. (#16097) 2022-12-21 08:15:38 +01:00
mposolda
36bd76957d Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL 
Closes #15721
 2022-12-20 21:03:55 +01:00
Michal Hajas
c79d29e68c Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile 
Closes #16046
 2022-12-20 17:51:40 +01:00
Alexander Schwartz
1d758fac2b
Adding CRDB into GHA for the new store (#16021) 
The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds.

Closes #16020
 2022-12-17 08:50:21 +01:00
Pedro Igor
857b02be63 Allow managing the required settigs for the email attribute 
Closes #15026
 2022-12-15 13:11:06 -08:00
Pedro Igor
782d145cef Allow updating authz settings via default client registration provider 
Closes #9008
 2022-12-15 20:43:43 +01:00
Stian Thorgersen
c1b0f2a6ab
Rebalanace BaseIT test groups (#16007) 2022-12-15 08:52:30 +01:00
Stian Thorgersen
a5670af745
Keycloak CI workflow refactoring (#15968) 
* Keycloak CI workflow refactoring

Closes #15861

* Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update CodeQL actions

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
 2022-12-14 16:12:23 +01:00
Stian Thorgersen
0f2ca3bfdd
fixes from release/20 (#15982) 
* Avoid path traversal vis double-url encoding of redirect URI (#8)

(cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f)

* Do not resolve user session if corresponding auth session does not exist (#7)

* Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9)

Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2022-12-14 07:46:17 +01:00
Stian Thorgersen
30cc16e648
Move authorization tests into authz package (#15957) 
Closes #15956
 2022-12-12 18:09:11 +01:00
Michal Hajas
de7dd77aeb Change id of TermsAndConditions required actions to uppercase 
Closes #9991
 2022-12-07 10:51:37 -03:00
mposolda
f4e91a5312 The redirect URI cannot be verified during logout in the case when client was removed 
closes #15866
 2022-12-07 08:20:30 +01:00
mposolda
264c5a6cdb Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms 
Closes #14968
 2022-12-06 13:02:46 +01:00
Pedro Igor
022d2864a6 Make sure JAX-RS resource methods are advertizing the media type they support 
Closes #15811
Closes #15810
 2022-12-06 08:13:43 -03:00
Stian Thorgersen
2f0d8cd895
Move hok, par, and rar tests to oauth package (#15834) 
Closes #15833
 2022-12-05 15:42:20 +01:00
Michal Hajas
59ccae76cb
Fix flaky JS test (#15804) 
Closes #15761

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-12-05 13:16:04 +01:00
Stian Thorgersen
8e6437e596
Fix Flaky test: RequiredActionTotpSetupTest.setupTotpExistingReusableCodeDisabled (#15779) 
Closes #15564
 2022-12-01 10:41:46 +01:00
Hynek Mlnařík
60ce949304 Ignore unknown clients in LDAP role mapper 
Fixes: #10958
 2022-12-01 09:51:05 +01:00
Stian Thorgersen
c24bc1bab0
Tweak time offset in RefreshTokenTest (#15760) 
Closes #15718
 2022-11-30 16:11:46 +01:00
Stian Thorgersen
c3c858c88a
Fix OpenshiftClientStorageTest.testCodeGrantFlowWithServiceAccountUsingOAuthRedirectReference (#15741) 
Closes #15565
 2022-11-29 14:20:21 +01:00
Miquel Simon
88bc5e2307 Use different Postgres image in Testcontainers. Upgraded Testcontainers dependency to 1.17.5. 2022-11-28 10:57:14 +01:00
mposolda
3e9c729f9e X.509 authentication fixes for FIPS 
Closes #14967
 2022-11-25 11:50:30 +01:00
Stefan Guilhen
5c2a5fac31 Enable all test methods in ConcurrentLoginTest for JPA Map Storage 
- Tests still disabled for Hotrod and CHM
- Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB.

Closes #12707
Closes #13210
 2022-11-24 13:36:22 +01:00
Lex Cao
dd03137ea7 Strip secret of user when creating from admin API 
Closes #14843
 2022-11-24 11:38:42 +01:00
Nagy Vilmos
4b6b607fe9
Should not hide IDP from login page (#14174) 
Closes #14173
 2022-11-23 10:49:21 +01:00
rmartinc
b7188c3891
Unknown bind DN using LDAP anonymous bind aka bind type none (#15546) 
Closes #15497
 2022-11-23 10:23:46 +01:00
danielFesenmeyer
18381ecd2e Fix update of group mappers on certain changes of the group path 
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed

Closes #15614
 2022-11-23 10:12:34 +01:00
cgeorgilakis-grnet
085dd24875 Client registration service do not check client protocol for Bearer token 
Closes #15612
 2022-11-23 08:49:13 +01:00
Stefan Guilhen
f8df04b3b8 Fix UserSessionProviderTest.testOnClientRemoved on CRDB 
Closes #15558
 2022-11-21 13:05:11 +01:00
Michal Hajas
6d683824a4 Deprecate DBLockProvider and replace it with new GlobalLockProvider 
Closes #9388
 2022-11-16 16:13:25 +01:00
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
Douglas Palmer
9f532eecaf Weird export/re-import behaviour regarding post.logout.redirect.uris 
Closes #14884
 2022-11-15 09:24:32 +01:00
vramik
021189f190 Make GHA Map-JPA base testsuite running with Quarkus 
Co-authored-by: Martin Batros <mabartos@redhat.com>

Closes #13725
 2022-11-10 10:08:14 +01:00
Jia Chen
c3d53ae6e0 Returns an empty groups stream without querying the database if a user doesn't belong to any groups 
Closes #12567
 2022-11-09 13:07:42 +01:00
danielFesenmeyer
ec30c52a00 Fix paging on the "Users in role" endpoint, when JPA persistence is used 
- add order-by-clause to the corresponding JPA query (ordering by username ASC)
- adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles)
- adjust tests to use the new method and check that the expected order is returned

Closes #14772
 2022-11-07 20:44:06 +01:00
stianst
1de9c201c6 Refactor Profile 
Closes #15206
 2022-11-07 07:28:11 -03:00
Marek Posolda
c0c0d3a6ba
Short passwords with PBKDF2 mode working (#14437) 
* Short passwords with PBKDF2 mode working
Closes #14314

* Add config option to Pbkdf2 provider to control max padding

* Update according to PR review - more testing for padding and for non-fips mode
 2022-11-06 14:49:50 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299) 
closes #14965
 2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114) 
Closes #14794
 2022-11-03 09:32:45 +01:00
Stian Thorgersen
cf913af823
Add support for Microsoft Authenticator (#15272) 
Closes #15271
 2022-11-02 12:56:07 +01:00
Stian Thorgersen
cac4c43052
Remove AccountPasswordPage from testsuite (#15204) 
Closes #15200
 2022-11-02 06:20:39 +01:00
Alexander Schwartz
dd5a60c321 Allow a partial import to overwrite the default role 
Closes #9891
 2022-11-01 15:35:02 -03:00
Pedro Igor
f6985949b6
Close the session within resteasy boundaries (#15193) 
Closes #15192
 2022-11-01 11:06:34 +01:00
Stian Thorgersen
17117820cc
Remove AccountFormServiceTest (#15197) 
Closes #15196
 2022-10-28 12:26:59 +02:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models 
Closes #14720
 2022-10-25 09:01:33 +02:00
Alexander Schwartz
9b80bad391 Stabilize test testAccountManagementLinkIdentity by waiting for username to appear 
Closes #15054
 2022-10-24 19:19:27 +02:00
Stian Thorgersen
29b8294dd6
Filter list of supported OTP applications by current policy (#15113) 
Closes #15112
 2022-10-24 16:47:16 +02:00
mposolda
55c514ad56 More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS 
Closes #14964
 2022-10-24 08:36:37 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697) 
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
 2022-10-18 14:43:04 +02:00
Marek Posolda
0756ef9a75
Initial integration tests with BCFIPS distribution (#14895) 
Closes #14886
 2022-10-17 23:33:22 +02:00
Stian Thorgersen
f7490b7f7c
Fix issue where admin2 was not enabled by default if account2 was disabled (#14914) 
Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation

Closes #14889
 2022-10-17 15:17:54 +02:00
vramik
f49582cf63 MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable 
Closes #14678
 2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0 Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving 
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
   - moving a group
   - renaming a group
   - renaming a role
   - renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior

Closes #11236
 2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677) 
Closes #13334
 2022-10-13 09:26:44 +02:00
Lex Cao
8ea3f30d82 Support profile projection parameter for LinkedIn IDP 
Closes #13384
 2022-10-11 15:22:00 -03:00
Takashi Norimatsu
148c7695ff Pluggable Features of Token Manager 
Closes #12065
 2022-10-07 08:43:34 +02:00
Marek Posolda
425b6b8df2
Parameters 'client_id' and 'response_type' not strictly required in O… (#14679) 
* Parameters 'client_id' and 'response_type' not strictly required in OIDC request object
Closes #14255
 2022-10-05 11:20:15 +02:00
Douglas Palmer
44aae52fb4
Fixed locale switcher on error page (#14728) 
Closes #14205
 2022-10-05 10:30:07 +02:00
Marek Posolda
c59660ca86
KEYCLOAK_SESSION not working for some user federation setups when user ID has special chars (#14560) 
closes #14354
 2022-10-05 08:59:30 +02:00
Marek Posolda
fb24c86a3b
offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 (#14658) 
closes #13706
 2022-10-03 12:54:12 +02:00
Stian Thorgersen
390c7485c7
Remove WildFly dist modules (#14675) 
Closes #14307
 2022-09-30 14:26:55 +02:00
Alice Wood
1eb7e95b97 enhance existing group search functionality allow exact name search keycloak/keycloak#13973 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
 2022-09-30 10:37:52 +02:00
Martin Bartoš
a20d6e2f1f
Remove JBoss-based auth servers from the testsuite (#14317) 
Closes #14299
 2022-09-30 09:41:57 +02:00
Marcelo Daniel Silva Sales
22713bc144
Incorrect error message OIDC client authentication (#14656) 
closes #12162


Co-authored-by: Pedro Hos <pedro-hos@outlook.com>
 2022-09-30 09:40:05 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron (#14415) 
Closes #12702
 2022-09-27 08:53:46 +02:00
Alexander Schwartz
be2deb0517 Modify RealmsAdminResource.importRealm to work with InputStream 
Closes #13609
 2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b enhance group search to allow searching for groups via attribute keycloak/keycloak#12964 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-09-19 15:19:36 +02:00
Takashi Norimatsu
0a832fc744 Intent support before issuing tokens (UK OpenBanking) 
Closes #12883
 2022-09-19 12:15:00 +02:00
rmartinc
cc9326fcad
Delay LDAPObject creation until mandatory attributes are set (#14341) 
Closes #14286
 2022-09-16 20:35:50 +02:00
Dmitry Telegin
cc2117bf7c UserInfo endpoint not fully standards compliant 
Closes #14184
 2022-09-16 10:15:08 +02:00
danielFesenmeyer
3af1134975 Update IDP link username when sync mode is "force" 
Closes #13049
 2022-09-14 08:02:17 -03:00
Martin Bartoš
ed3d003d65
Remove Legacy migration tests from testsuite (#14310) 
Closes #14300
 2022-09-14 11:29:53 +02:00
Václav Muzikář
e999aeeab8 Fix DefaultHostnameTest on Undertow 2022-09-13 14:41:23 -03:00
Martin Bartoš
aa5a4e3d84
Remove remote WildFly server from the testsuite (#14321) 
Closes #14319
 2022-09-13 12:49:40 +02:00
Václav Muzikář
490590625d Fix listApplicationsThirdParty 2022-09-13 08:33:31 +02:00
Jurjan-Paul Medema
eb0124e3e1
Mapper option 'Aggregate attribute values' is now applied to group hierarchy (#7871) 
Closes #11255
 2022-09-12 13:34:28 +02:00
Christoph Leistert
7e5b45f999 Issue #8749: Add an option to control the order of the event query and admin event query 2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5 Move UserFederatedStorageProvider into legacy module 
Closes #13627
 2022-09-11 18:37:45 +02:00
Pedro Igor
3518362002 Validate auth time when max_age is sent to brokered OPs 
Closes #14146
 2022-09-09 10:30:51 -03:00
Pedro Igor
a0079b516b
Allow setting response mode (#14104) 
Closes #14083
 2022-09-09 14:28:47 +02:00
Martin Bartoš
0fcf5d3936 Reuse of token in TOTP is possible 
Fixes #13607
 2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default (#14293) 
Closes #14292
 2022-09-09 13:47:51 +02:00
vramik
869ccc82b2 Enable MapUserProvider storing username with the letter case significance 
Closes #10245
Closes #11602
 2022-09-09 11:46:11 +02:00
Dominik Guhr
f2b02f19e6 Closes #13786 2022-09-07 18:29:26 +02:00
cgeorgilakis
07b0df8f62
View groups from account console (#7933) 
Closes #8748
 2022-09-07 11:25:31 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 (#14179) 
Closes #14179
 2022-09-07 10:09:30 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00