Commit graph

6983 commits

Author SHA1 Message Date
Christian Janker
21f90145ac Send UserRemovedEvent containing all user attributes
Invalidate CachedUserModel before UserRemovedEvent

closes #32194

Signed-off-by: Christian Janker <christian.janker@gmx.at>
2024-09-20 16:22:08 +02:00
Stefan Guilhen
900c496ffe
Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead
Closes #32209

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-20 16:08:55 +02:00
Michal Hajas
d065be362a
Fix flaky UserSessionPersisterProviderTest
Closes #32892

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-20 13:24:34 +02:00
Stefan Guilhen
42cde0cfdd
Fix various issues holding up CI (#33086)
- Disables the remote operator tests, which will have to be fixed later.
- Fixes the action expired error which occurs when accessing regular registration page with Organizations enabled.
- Fixes a race condition in the test suite causing sporadic failures.

Closes #33064

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-19 21:23:21 +02:00
vramik
fcb31a5aa6 Implement invitation-only self-registration for realm users
Closes #31643

Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 13:50:23 +02:00
Erik Jan de Wit
1f573eded0
added username field like suggested in issue comment (#32866)
related: #32522

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-18 13:03:03 +02:00
Vlasta Ramik
4ce40be1af
Make the ORGANIZATION a default feature (#32404)
Closes #32395

Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 12:19:28 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin (#32918)
Closes #32573

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-18 09:05:57 +02:00
rmartinc
5fe916861d Return 404 on invalid theme type
Closes #32798

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-17 09:09:34 +02:00
Giuseppe Graziano
e6c5ee31e4 Admin API with Lightweight access token and transient session
Closes #32802

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-16 09:30:15 +02:00
Ricardo Martin
9c780e9190 Honor turnOffChangeSessionIdOnLogin in SAML adapter (#185)
Closes keycloak/keycloak-private#183

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-16 09:21:07 +02:00
Nate Drake
75973157aa
Fix a few typos (#32929)
Signed-off-by: Nate Drake <ndrake@gmail.com>
2024-09-15 10:12:26 +00:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Stefan Guilhen
92e435f192 Do not automatically re-import users if they already exist locally when searching by attributes
Closes #32870

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-13 08:54:44 +02:00
Erik Jan de Wit
9aad6f650d
added more style fixes for the login.v2 (#32708)
* added more style fixes for the login.v2

related: #32522
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed grant screen

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* test fixes

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix for code.ftl

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* test fixes

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed tests

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-11 14:52:49 -04:00
mposolda
125124c2d9 Error when deploying SAML application with the keys in PEM format inside keycloak-saml.xml
closes #32817

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-11 19:03:10 +02:00
Stian Thorgersen
40049f31fa
Remove ProxyClassLoader and PlatformProvider returning script classloader (#32806)
Closes #32804

Signed-off-by: stianst <stianst@gmail.com>
2024-09-11 17:11:26 +02:00
Thomas Darimont
445a7da902 Ensure realm attributes import happens before client import
Fixes #32799

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-11 15:14:33 +02:00
rmartinc
b60621d819 Allow brute force to have http request/response and send emails
Closes #29542

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-11 08:35:03 +02:00
cgeorgilakis-grnet
f8b1b3ee03 Search Identity Providers by alias or display name
Closes #32588

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-09-10 21:52:59 +02:00
Erik Jan de Wit
d2e7c15f2f
added text and tooltip to idp (#32411)
* added text and tooltip to idp

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-09-10 13:05:14 +02:00
Thomas Darimont
6b83a45b2e
Propagate locale when using app initiated registration URL
Fixes #13505

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-10 12:25:17 +02:00
Martin Kanis
ccb166d0e9 Add caching when querying brokers by organization
Closes #32574

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-09-09 09:24:43 -03:00
mposolda
03e0fb0601 Fix ResetOtpTest
closes #32615

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-09 10:19:37 +02:00
Alexander Schwartz
b88ecc0237
Removing the extra two-minute Window for persistent user sessions (#32660)
Closes #28418

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-09-09 09:28:48 +02:00
mposolda
e1d5f0c871 Fix ResetPasswordTest on chrome 128
closes #32514
closes #32478
closes #32477
closes #32678
closes #32542
closes #32678
closes #32541

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-06 20:19:50 +02:00
Steven Hawkins
58d742bb5c
fix: refining v2 hostname validation (#32659)
closes: #32643

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-09-06 17:49:25 +02:00
Giuseppe Graziano
a14548a7a2
Lightweight access tokens for Admin REST API (#32347)
* Lightweight access tokens for Admin REST API

Closes #31513


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-04 18:04:23 +02:00
Stefan Guilhen
e7a4635620 Filter out org brokers from the account console
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination

Closes #31944

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 09:00:52 -03:00
Alexander Schwartz
4d1e1e0bcb
Show details for error messages where they were missing (#32534)
Closes #32533

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-04 07:23:54 -04:00
Stefan Guilhen
557d7e87b2 Avoid iterating through all mappers when running the config event listeners
Closes #32233

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 07:40:58 -03:00
Theresa Henze
a1c23fef8c introduce event types to update/remove credentials
Closes #10114

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
2024-09-03 18:27:27 +02:00
Pedro Ruivo
ba861fc5d7 Remove version() projection from Ickle Queries
Closes #32590

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-03 18:07:32 +02:00
Thomas Darimont
88a5c96fff
Add kc_action to redirect URI after a required action is cancelled (#31925)
Closes #31894

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-03 14:26:23 +00:00
Martin Bartoš
db7694e7be
Update the welcome page to create a temporary admin user (#32283)
Closes #30010

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
2024-09-03 09:43:41 +02:00
Pedro Igor
4b5b1a4c25 Unignore backchannel logout tests
Closes #20643

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-02 08:34:21 +02:00
Jon Koops
2d17024b14
Remove redirect_uri support from OIDC logout endpoint
Closes #10983

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-08-30 12:52:49 +00:00
Martin Kanis
e7d71d43c3 Identity Provider secret visible in Organization tab (API request)
Closes #32486

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-30 09:26:25 -03:00
Douglas Palmer
0b7ab47cf2 Flaky test BruteForceTest.testPermanentLockout()
Closes #32498

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-08-30 10:14:05 +02:00
Douglas Palmer
ecbd856176 Brute force protection: Lockout permanently uses parameters configured under lockout temporarily
Closes #30969

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-08-29 16:30:22 +02:00
Stefan Guilhen
a41b622aa5 Set the correct realm when setting up client exchange permissions
Closes #32465

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-29 16:09:23 +02:00
Erik Jan de Wit
e410a83c3c Made the login more modular
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-29 07:18:24 -04:00
Martin Kanis
7e6dd682d4 Validate organization alias for forbidden chars
Closes #32392

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-28 21:59:38 +02:00
mposolda
cd947ce3bc Removing policy-enforcer from Keycloak repository
closes #32191

Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-28 07:40:20 -03:00
Pedro Igor
449557290b More options to organization scope mapper including adding organization attributes to tokens
Closes #31642

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-27 09:40:55 -03:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-26 15:10:09 -03:00
Giuseppe Graziano
c2c74faec0 Removing BOM character from SAML entity descriptor
Closes #30604

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-26 10:59:05 +02:00
Erik Jan de Wit
776a491989
added organizations table to account (#32311)
* added organizations table to account

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-22 15:44:03 -03:00
Michal Hajas
f5b2775939 Enable persistent sessions by default
Run CI with the feature disabled to test also the old settings
Closes #32265

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-21 17:37:54 +02:00
Erik Jan de Wit
e2d7a94459 Hynek's notes
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-21 08:50:01 -04:00
Pedro Igor
c1f6d5ca64 Support for selecting an organization when requesting the organization scope
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-21 13:04:58 +02:00
Pedro Igor
4376a3c757 Add an endpoint to the organizations endpoint to return the organizations for a given user
Closes #32158

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:27:22 +02:00
Martin Bartoš
bf5cf47351
Management Interface is turned on even though nothing is exposed on it (#31938)
* Management Interface is turned on even though nothing is exposed on it

Fixes #31818

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove conditional enablement, add relevancy description

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-19 15:52:59 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
6e7b36e82f Add migration tests for the IDP changes
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code.
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-19 08:45:23 -03:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-16 12:17:43 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values (#32137)
closes #31595

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
2024-08-16 08:58:27 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00 Support for resolving organization based on the organization scope
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac Client Policy - Condition : Client - Client Attribute
Closes https://github.com/keycloak/keycloak/issues/31766

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
2024-08-14 09:56:56 +02:00
Pedro Igor
d04d2bb852 Allow removing users federated from a kerberos provider
Closes #31603

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-13 18:47:55 +02:00
Pedro Ruivo
e13c9bf462 Retry remote cache operations with back off
Implement a retry mechanism for remote cache writes.

Fixes #32030

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-13 15:55:59 +02:00
rmartinc
a38d3b2f55 SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface
Closes #32084

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-13 15:53:45 +02:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-12 20:35:50 +02:00
rmartinc
347f595913 Add ECDH-ES encyption algorithms to the java keystore key provider
Closes #32023

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a Conditionally redirect existing users to a broker based on their credentials
Closes #31006

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-09 07:59:25 -03:00
Alexander Schwartz
07a168cb14 Deleted authentication sessions should not be re-surrected with an update
Closes #31829

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-09 07:26:05 -03:00
rmartinc
2a06e1a6db Add SHAKE256 hash provider for Ed448
Closes #31931

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928)
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-08 17:29:35 +02:00
Pedro Igor
3ab2446074 Do not return identity providers when querying the realm representation
Closes #21072

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-07 10:06:51 -03:00
StephanSchrader
4d64092119
Fix persist config values for custom components (#31862)
Closes #31858

Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de>
Signed-off-by: Stephan Schrader <zstephanz@gmail.com>
Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>
2024-08-07 14:40:30 +02:00
Martin Kanis
e750b44e9d Flaky test: org.keycloak.testsuite.model.DBLockTest#testTwoLocksCurrently
Closes #25794

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-07 09:00:37 -03:00
Giuseppe Graziano
35c8c09b8d OIDC dynamic client registration with response_type=none
Closes #19564

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-07 10:34:47 +02:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Pedro Ruivo
3fbe26d2e1 Disable SessionTimeoutsTest for old cross-site code
The test is disabled for the embedded caches + remote store combination
(old cross-site code) due to the async event processing.

Events can be handled after the test changes the time offset, causing
the test to fail.

Fixes #31612

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-06 15:33:44 +02:00
Nikos Epping
4080ee2e84 Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper
Fixes #31575

Signed-off-by: Nikos Epping <n.epping@evosec.de>
2024-08-05 10:22:22 +02:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC (#31763)
closes #31712 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1 Add a media type to error responses on OID4VC endpoints
Closes #31585

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-02 12:09:09 +02:00
Justin Tay
f537343545 Allow empty key use in JWKS from identity provider
Closes #31823

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-02 11:39:43 +02:00
rmartinc
773e309f75 Parse saml urls correctly if the bindings are different
Closes #31780

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-02 11:34:06 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-01 16:16:19 +02:00
Ryan Emerson
176ac3404a EmbeddedInfinispanSplitBrainTest fails with "IllegalState Session not bound to a realm"
Closes #31828

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-08-01 13:58:41 +02:00
Ryan Emerson
8d7e18ec29 Clear local caches on split-brain heal
Closes #25837

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-31 13:59:06 +02:00
Pedro Ruivo
17e30e9ec1 Persist revoke tokens with remote cache feature
Stores the revoked tokens into the database and preloads them during
startup.

Fixes #31760

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-07-31 11:02:38 +02:00
Thomas Darimont
282260dc95 Ensure issued_client_type is always added to successful token-exchange response (#31548)
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1)
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type

Fixes #31548

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-30 18:33:51 +02:00
rmartinc
a6c70d65ee Do not generate secret when client rep do not specifiy public or bearer
Closes #31444

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-30 18:32:15 +02:00
Pedro Ruivo
e62604b1ec ConditionalRemover interface for External Infinispan feature
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries

On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.

Fixes #31046

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-07-30 15:16:17 +02:00
Pedro Igor
a79761a447 Support for blocking concurrent requests when brute force is enabled
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-30 10:01:48 +02:00
Hynek Mlnarik
183cd6c957 Run tests with keycloak.v2 login theme
The fixes (mostly selectors) are needed for tests.

In the future, to switch the keycloak.v2 to the default theme, do
the following:

- Update `ThemeSelectorProvider`: Uncomment relevant lines
- Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property
- Update `ThemeSelectorTest` per comment

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-07-30 10:01:17 +02:00
Martin Kanis
d91d6d18d5 Can not update organization group error when trying to create organisation from REST API
Closes #31144

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes (#29967)
fixes #30179
fixes #30181


Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-29 16:30:54 +02:00
Stefan Guilhen
17c01c9380 Enable new IDP Storage SPI in JPA model tests
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs (#31620)
closes #31581 


Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645 Respect the username value format when processing federated users
Closes #31240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators (#31549)
Closes #30476

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:03:21 +02:00