- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
* KEYCLOAK-18512: Integrate New Admin Console into Keycloak build
* KEYCLOAK-18512: Integrate New Admin Console into Keycloak build
* Change version to project version. Make experimental.
* Add PAT for reading packages (#12)
* Add PAT for reading packages
* Encode token
* Use generic GH account for installation of packages
* Enable Github packages repo only for snapshots
* KEYCLOAK-18512: Make ADMIN2 experimental instead of preview
* KEYCLOAK-18512: Remove early return
* KEYCLOAK-18512: Fix formatting issue
Co-authored-by: Jon Koops <jonkoops@gmail.com>
* KEYCLOAK-16076 added new warining when cookies are disabled
Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
The specified server principal is eventually passed to
createJaasConfigurationForServer() in
com.sun.security.auth.module.Krb5LoginModule, which accepts a special value of
'*' to indicate that tickets for all service principals contained in the given
keytab file should be accepted. This is the only way to allow more than one
service principal name (eg. for a multi-homes setup), and this setting is not
obvious without knowledge of the underlying API.
Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
- enable "Create" button and "Save" button in Admin Console Users views (list
and details)
The flag used to enable those button is computed as follow, since there's no computed flag
from backend on "admin user has fine grain admin permission on at least 1 group" :
== (existing condition) || (feature "finegrain admin" is enabled && access.queryUsers)
If the admin user hasn't the correct permission on the right groups for the new user he's
trying to create, backend will forbid the creation by returning a 403
This change is following PR #7035, which added the Groups field in the User creation form