Commit graph

4279 commits

Author SHA1 Message Date
mposolda
e374e309c6 Deprecate SHA1 based algorithms for sign SAML documents and assertions
Closes #16240
2023-01-05 20:45:20 +01:00
Michal Hajas
6566b58be1 Introduce Infinispan GlobalLock implementation
Closes #14721
2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41 Move transaction processing into session close
Fixes: #15223
2023-01-05 16:12:32 +01:00
Stian Thorgersen
6c1f981eec
Fix UserTest.sendResetPasswordEmailWithCustomLifespan (#16233)
Closes #16232
2023-01-04 13:03:33 +01:00
Stian Thorgersen
7dc16c69cb
Force refreshing token for admin client if time offset is set (#16242)
Closes #16143
2023-01-04 13:03:10 +01:00
mposolda
496c6d598e Some authorization adapter test failing on Java 17
Closes #16216
2023-01-03 13:03:26 +01:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
ce6b737e33 NPE in userinfo endpoint
Closes #15429
2023-01-02 13:53:29 +01:00
Stian Thorgersen
669086acd6
Suspend scheduled tasks if time offset is set to a large value (#16144) 2022-12-21 15:12:57 +01:00
Miquel Simon
9bb5b08015
Added Oracle to Legacy Store IT. (#16097) 2022-12-21 08:15:38 +01:00
mposolda
36bd76957d Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL
Closes #15721
2022-12-20 21:03:55 +01:00
Michal Hajas
c79d29e68c Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile
Closes #16046
2022-12-20 17:51:40 +01:00
Alexander Schwartz
1d758fac2b
Adding CRDB into GHA for the new store (#16021)
The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds.

Closes #16020
2022-12-17 08:50:21 +01:00
Pedro Igor
857b02be63 Allow managing the required settigs for the email attribute
Closes #15026
2022-12-15 13:11:06 -08:00
Pedro Igor
782d145cef Allow updating authz settings via default client registration provider
Closes #9008
2022-12-15 20:43:43 +01:00
Stian Thorgersen
c1b0f2a6ab
Rebalanace BaseIT test groups (#16007) 2022-12-15 08:52:30 +01:00
Stian Thorgersen
a5670af745
Keycloak CI workflow refactoring (#15968)
* Keycloak CI workflow refactoring

Closes #15861

* Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update CodeQL actions

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2022-12-14 16:12:23 +01:00
Stian Thorgersen
0f2ca3bfdd
fixes from release/20 (#15982)
* Avoid path traversal vis double-url encoding of redirect URI (#8)

(cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f)

* Do not resolve user session if corresponding auth session does not exist (#7)

* Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9)

Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2022-12-14 07:46:17 +01:00
Stian Thorgersen
30cc16e648
Move authorization tests into authz package (#15957)
Closes #15956
2022-12-12 18:09:11 +01:00
Peter Zaoral
1073a342cf Cleanup dependencies and align with Quarkus
* aligned parent POM dependency versions with the Quarkus BOM

Closes #15325

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2022-12-09 09:10:30 -03:00
Michal Hajas
de7dd77aeb Change id of TermsAndConditions required actions to uppercase
Closes #9991
2022-12-07 10:51:37 -03:00
mposolda
f4e91a5312 The redirect URI cannot be verified during logout in the case when client was removed
closes #15866
2022-12-07 08:20:30 +01:00
mposolda
264c5a6cdb Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms
Closes #14968
2022-12-06 13:02:46 +01:00
Pedro Igor
022d2864a6 Make sure JAX-RS resource methods are advertizing the media type they support
Closes #15811
Closes #15810
2022-12-06 08:13:43 -03:00
Stian Thorgersen
2f0d8cd895
Move hok, par, and rar tests to oauth package (#15834)
Closes #15833
2022-12-05 15:42:20 +01:00
Michal Hajas
59ccae76cb
Fix flaky JS test (#15804)
Closes #15761

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-12-05 13:16:04 +01:00
Pedro Igor
168734b817 Removing references to request and response from Resteasy
Closes #15374
2022-12-01 08:38:24 -03:00
Stian Thorgersen
8e6437e596
Fix Flaky test: RequiredActionTotpSetupTest.setupTotpExistingReusableCodeDisabled (#15779)
Closes #15564
2022-12-01 10:41:46 +01:00
Hynek Mlnařík
60ce949304 Ignore unknown clients in LDAP role mapper
Fixes: #10958
2022-12-01 09:51:05 +01:00
Stian Thorgersen
c24bc1bab0
Tweak time offset in RefreshTokenTest (#15760)
Closes #15718
2022-11-30 16:11:46 +01:00
Stian Thorgersen
c3c858c88a
Fix OpenshiftClientStorageTest.testCodeGrantFlowWithServiceAccountUsingOAuthRedirectReference (#15741)
Closes #15565
2022-11-29 14:20:21 +01:00
dependabot[bot]
82f08b709c Bump sshd-core in /testsuite/integration-arquillian/util
Bumps [sshd-core](https://github.com/apache/mina-sshd) from 2.3.0 to 2.7.0.
- [Release notes](https://github.com/apache/mina-sshd/releases)
- [Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](https://github.com/apache/mina-sshd/compare/sshd-2.3.0...sshd-2.7.0)

---
updated-dependencies:
- dependency-name: org.apache.sshd:sshd-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 12:04:15 -03:00
dependabot[bot]
3a35b05253 Bump ant in /testsuite/integration-arquillian/tests
Bumps ant from 1.9.15 to 1.10.11.

---
updated-dependencies:
- dependency-name: org.apache.ant:ant
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 12:03:47 -03:00
dependabot[bot]
17be19d4d3 Bump commons-io in /testsuite/integration-arquillian/util
Bumps commons-io from 2.6 to 2.7.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 12:03:20 -03:00
Miquel Simon
88bc5e2307 Use different Postgres image in Testcontainers. Upgraded Testcontainers dependency to 1.17.5. 2022-11-28 10:57:14 +01:00
mposolda
3e9c729f9e X.509 authentication fixes for FIPS
Closes #14967
2022-11-25 11:50:30 +01:00
Stefan Guilhen
5c2a5fac31 Enable all test methods in ConcurrentLoginTest for JPA Map Storage
- Tests still disabled for Hotrod and CHM
- Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB.

Closes #12707
Closes #13210
2022-11-24 13:36:22 +01:00
Lex Cao
dd03137ea7 Strip secret of user when creating from admin API
Closes #14843
2022-11-24 11:38:42 +01:00
Alexander Schwartz
410b5ab57f Make tests run on Oracle DB on the internal pipeline
Closes #15643
2022-11-23 13:49:01 +01:00
Nagy Vilmos
4b6b607fe9
Should not hide IDP from login page (#14174)
Closes #14173
2022-11-23 10:49:21 +01:00
rmartinc
b7188c3891
Unknown bind DN using LDAP anonymous bind aka bind type none (#15546)
Closes #15497
2022-11-23 10:23:46 +01:00
danielFesenmeyer
18381ecd2e Fix update of group mappers on certain changes of the group path
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed

Closes #15614
2022-11-23 10:12:34 +01:00
Alexander Schwartz
fb315b57c3 Use the same Oracle driver for the tests and Undertow like for Quarkus
Closes #15576
2022-11-23 09:26:18 +01:00
cgeorgilakis-grnet
085dd24875 Client registration service do not check client protocol for Bearer token
Closes #15612
2022-11-23 08:49:13 +01:00
Pedro Igor
28fc5b4574 Removing injection points for Resteasy objects and resolving instances from keycloak context instead
Relates #15374
2022-11-21 19:47:25 +01:00
Stefan Guilhen
f8df04b3b8 Fix UserSessionProviderTest.testOnClientRemoved on CRDB
Closes #15558
2022-11-21 13:05:11 +01:00
Michal Hajas
6d683824a4 Deprecate DBLockProvider and replace it with new GlobalLockProvider
Closes #9388
2022-11-16 16:13:25 +01:00
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
Douglas Palmer
9f532eecaf Weird export/re-import behaviour regarding post.logout.redirect.uris
Closes #14884
2022-11-15 09:24:32 +01:00
vramik
021189f190 Make GHA Map-JPA base testsuite running with Quarkus
Co-authored-by: Martin Batros <mabartos@redhat.com>

Closes #13725
2022-11-10 10:08:14 +01:00
Jia Chen
c3d53ae6e0 Returns an empty groups stream without querying the database if a user doesn't belong to any groups
Closes #12567
2022-11-09 13:07:42 +01:00
danielFesenmeyer
ec30c52a00 Fix paging on the "Users in role" endpoint, when JPA persistence is used
- add order-by-clause to the corresponding JPA query (ordering by username ASC)
- adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles)
- adjust tests to use the new method and check that the expected order is returned

Closes #14772
2022-11-07 20:44:06 +01:00
stianst
1de9c201c6 Refactor Profile
Closes #15206
2022-11-07 07:28:11 -03:00
Marek Posolda
c0c0d3a6ba
Short passwords with PBKDF2 mode working (#14437)
* Short passwords with PBKDF2 mode working
Closes #14314

* Add config option to Pbkdf2 provider to control max padding

* Update according to PR review - more testing for padding and for non-fips mode
2022-11-06 14:49:50 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299)
closes #14965
2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114)
Closes #14794
2022-11-03 09:32:45 +01:00
Stian Thorgersen
cf913af823
Add support for Microsoft Authenticator (#15272)
Closes #15271
2022-11-02 12:56:07 +01:00
Stian Thorgersen
cac4c43052
Remove AccountPasswordPage from testsuite (#15204)
Closes #15200
2022-11-02 06:20:39 +01:00
Alexander Schwartz
dd5a60c321 Allow a partial import to overwrite the default role
Closes #9891
2022-11-01 15:35:02 -03:00
Pedro Igor
f6985949b6
Close the session within resteasy boundaries (#15193)
Closes #15192
2022-11-01 11:06:34 +01:00
Stian Thorgersen
17117820cc
Remove AccountFormServiceTest (#15197)
Closes #15196
2022-10-28 12:26:59 +02:00
Master_Sky
164465861b
fix(sec): upgrade org.apache.tomcat:tomcat-catalina to 8.5.76 (#14950)
Co-authored-by: stianst <stianst@gmail.com>
2022-10-25 09:30:28 -03:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models
Closes #14720
2022-10-25 09:01:33 +02:00
Alexander Schwartz
9b80bad391 Stabilize test testAccountManagementLinkIdentity by waiting for username to appear
Closes #15054
2022-10-24 19:19:27 +02:00
Stian Thorgersen
29b8294dd6
Filter list of supported OTP applications by current policy (#15113)
Closes #15112
2022-10-24 16:47:16 +02:00
mposolda
55c514ad56 More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS
Closes #14964
2022-10-24 08:36:37 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697)
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
Marek Posolda
0756ef9a75
Initial integration tests with BCFIPS distribution (#14895)
Closes #14886
2022-10-17 23:33:22 +02:00
Stian Thorgersen
f7490b7f7c
Fix issue where admin2 was not enabled by default if account2 was disabled (#14914)
Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation

Closes #14889
2022-10-17 15:17:54 +02:00
Alexander Schwartz
97c4495c4f Updating H2 database to 2.x
Closes #12607

Co-authored-by: Stian Thorgersen <stian@redhat.com>
2022-10-14 11:52:34 +02:00
vramik
f49582cf63 MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable
Closes #14678
2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0 Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
   - moving a group
   - renaming a group
   - renaming a role
   - renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior

Closes #11236
2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677)
Closes #13334
2022-10-13 09:26:44 +02:00
Lex Cao
8ea3f30d82 Support profile projection parameter for LinkedIn IDP
Closes #13384
2022-10-11 15:22:00 -03:00
Takashi Norimatsu
148c7695ff Pluggable Features of Token Manager
Closes #12065
2022-10-07 08:43:34 +02:00
Marek Posolda
425b6b8df2
Parameters 'client_id' and 'response_type' not strictly required in O… (#14679)
* Parameters 'client_id' and 'response_type' not strictly required in OIDC request object
Closes #14255
2022-10-05 11:20:15 +02:00
Douglas Palmer
44aae52fb4
Fixed locale switcher on error page (#14728)
Closes #14205
2022-10-05 10:30:07 +02:00
Marek Posolda
c59660ca86
KEYCLOAK_SESSION not working for some user federation setups when user ID has special chars (#14560)
closes #14354
2022-10-05 08:59:30 +02:00
Marek Posolda
fb24c86a3b
offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 (#14658)
closes #13706
2022-10-03 12:54:12 +02:00
Stian Thorgersen
390c7485c7
Remove WildFly dist modules (#14675)
Closes #14307
2022-09-30 14:26:55 +02:00
Alice Wood
1eb7e95b97 enhance existing group search functionality allow exact name search keycloak/keycloak#13973
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
2022-09-30 10:37:52 +02:00
Martin Bartoš
a20d6e2f1f
Remove JBoss-based auth servers from the testsuite (#14317)
Closes #14299
2022-09-30 09:41:57 +02:00
Marcelo Daniel Silva Sales
22713bc144
Incorrect error message OIDC client authentication (#14656)
closes #12162


Co-authored-by: Pedro Hos <pedro-hos@outlook.com>
2022-09-30 09:40:05 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron (#14415)
Closes #12702
2022-09-27 08:53:46 +02:00
Alexander Schwartz
be2deb0517 Modify RealmsAdminResource.importRealm to work with InputStream
Closes #13609
2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b enhance group search to allow searching for groups via attribute keycloak/keycloak#12964
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-09-19 15:19:36 +02:00
Takashi Norimatsu
0a832fc744 Intent support before issuing tokens (UK OpenBanking)
Closes #12883
2022-09-19 12:15:00 +02:00
Martin Bartoš
d4130b0c6b
Admin Console tests failing (#14404)
Fixes #10997
2022-09-17 08:23:19 +02:00
rmartinc
cc9326fcad
Delay LDAPObject creation until mandatory attributes are set (#14341)
Closes #14286
2022-09-16 20:35:50 +02:00
Dmitry Telegin
cc2117bf7c UserInfo endpoint not fully standards compliant
Closes #14184
2022-09-16 10:15:08 +02:00
danielFesenmeyer
3af1134975 Update IDP link username when sync mode is "force"
Closes #13049
2022-09-14 08:02:17 -03:00
Martin Bartoš
ed3d003d65
Remove Legacy migration tests from testsuite (#14310)
Closes #14300
2022-09-14 11:29:53 +02:00
Václav Muzikář
e999aeeab8 Fix DefaultHostnameTest on Undertow 2022-09-13 14:41:23 -03:00
Martin Bartoš
aa5a4e3d84
Remove remote WildFly server from the testsuite (#14321)
Closes #14319
2022-09-13 12:49:40 +02:00
fwojnar
cee69e1abc
Remove Server Config Migration tests from testsuite (#14334)
Closes #14303

Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-09-13 12:47:35 +02:00
fwojnar
a58f0593a6
Remove Clean Start test from testsuite (#14345)
Closes #14305

Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-09-13 12:46:55 +02:00
Václav Muzikář
490590625d Fix listApplicationsThirdParty 2022-09-13 08:33:31 +02:00
Jurjan-Paul Medema
eb0124e3e1
Mapper option 'Aggregate attribute values' is now applied to group hierarchy (#7871)
Closes #11255
2022-09-12 13:34:28 +02:00
Christoph Leistert
7e5b45f999 Issue #8749: Add an option to control the order of the event query and admin event query 2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5 Move UserFederatedStorageProvider into legacy module
Closes #13627
2022-09-11 18:37:45 +02:00
Pedro Igor
3518362002 Validate auth time when max_age is sent to brokered OPs
Closes #14146
2022-09-09 10:30:51 -03:00
Pedro Igor
a0079b516b
Allow setting response mode (#14104)
Closes #14083
2022-09-09 14:28:47 +02:00
Martin Bartoš
0fcf5d3936 Reuse of token in TOTP is possible
Fixes #13607
2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default (#14293)
Closes #14292
2022-09-09 13:47:51 +02:00
vramik
869ccc82b2 Enable MapUserProvider storing username with the letter case significance
Closes #10245
Closes #11602
2022-09-09 11:46:11 +02:00
Dominik Guhr
f2b02f19e6 Closes #13786 2022-09-07 18:29:26 +02:00
cgeorgilakis
07b0df8f62
View groups from account console (#7933)
Closes #8748
2022-09-07 11:25:31 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 (#14179)
Closes #14179
2022-09-07 10:09:30 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Thomas Peter
19d69169b1 introduce expiration option for admin events 2022-09-06 16:05:53 +02:00
Pedro Igor
a6137b9b86 Do not empty attributes if they are not provided when user profile is enabled
Closes #11096
2022-09-06 12:59:05 +02:00
Michal Hajas
f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants
Closes #14018
2022-09-06 10:38:28 +02:00
Sergey Ch
860c3fbbd3
KEYCLOAK-17263 Add exact searching for users (#8059)
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-09-01 19:27:24 +02:00
Thomas Darimont
43623ea9d0 KEYCLOAK-18499 Add max_age support to oauth2 brokered logins
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7 Fixed handling of required setting for email in user profile.
Resolves #13923
2022-08-31 17:19:19 -03:00
Martin Bartoš
677579fce6 Environment variables for admin creation in testsuite
Closes #14102
2022-08-31 07:29:55 -03:00
Nagy Vilmos
f6db484172
Keep the locale related authNotes through the IdentityBroker flow. (#10444)
Closes #8827
2022-08-31 09:37:26 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling
Closes #13189
2022-08-31 08:42:47 +02:00
Martin Bartoš
94de015440
Cannot build base testsuite due to missing dependency related to WF (#14079)
Fixes #14072
2022-08-30 18:52:05 +02:00
Stian Thorgersen
eece543ede
Remove AddUserTest as it was specific to the WildFly distribution (#14091)
Closes #14072
2022-08-30 16:57:44 +02:00
Manato Takai
1cdc21f0ff
Add duplicate parameter check for UserInfo endpoint. (#14024)
Closes #14016
2022-08-30 14:39:15 +02:00
Pedro Igor
917e8668cb Fixing error when activating webauthn profile
Related #14005
2022-08-30 13:55:02 +02:00
Martin Bartoš
090f7f89d5
Cannot execute Old Admin Console tests (#13887)
Fixes #14005
2022-08-29 13:41:22 +02:00
Erik Jan de Wit
93f3d7bf42
Revert "Allow dependencies from keycloak-admin-ui (#13924)" (#13963)
This reverts commit 332a0dacee.
2022-08-26 10:04:13 +02:00
Joerg Matysiak
62790b8ce0 Allow permission configuration for username and email in user profile.
Enhanced Account API to respect access to these attributes.

Resolves #12599
2022-08-25 21:54:51 -03:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final (#13910)
Closes #12306
2022-08-25 13:09:34 +02:00
Christoph Leistert
5408d25e09
Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm. (#10660)
* Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm.

* Fixes #10656: Added some tests
2022-08-25 09:02:07 +02:00
Markus Till
7f999a4629
integration.admin-client: Add exact search for all dedicated user attributes (#13361)
Closes #13360
2022-08-25 08:57:31 +02:00
Arnaud Martin
af0d97e534 Delete broker links for federated users when an identity provider is deleted
Closes #13731
2022-08-25 08:24:09 +02:00
Pedro Igor
ddcf0f45f9 Run import within the context of the realm being imported
Closes #12289
2022-08-25 08:18:43 +02:00
Pedro Igor
25be07be17 Allow introspecting tokens issued during token exchange with delegation semantics
Closes #9337
2022-08-24 09:47:04 -03:00
Tero Saarni
ea4b4b97b4
Bumped maven-war-plugin for JDK17 compatibility (#13619)
Closes #13960
2022-08-24 14:44:18 +02:00
Takashi Norimatsu
8c1ea4b47c mTLS binding support for password grant
Closes #13662
2022-08-24 11:44:48 +02:00
Alexander Schwartz
332a0dacee
Allow dependencies from keycloak-admin-ui (#13924)
This prevents exceptions due to missing classes like kotlin/jvm/internal/Intrinsics.

Closes #13918
2022-08-24 11:31:29 +02:00
Konstantinos Georgilakis
c5b9dc1e7b set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext)
Closes #13162
2022-08-23 17:33:07 +02:00
Konstantinos Georgilakis
baa89debd9 Correct isValidScope method of TokenManager for Dynamic scopes
Closes #13158
2022-08-23 16:30:04 +02:00
Lex Cao
6b1c64a1a9
Add rememberMe to a user session representation(#13408) (#13765)
Closes #13408
2022-08-23 15:28:52 +02:00
Konstantinos Georgilakis
2002fd983b Showing consent screen text instead of scope name in consent part of Application page in Account console
Closes #13109
2022-08-23 11:22:31 +02:00
rishabhsvats
c223291a1e Adds REGISTER event when new user login through first broker flow
Updates KcOidcBrokerEventTest, AbstractFirstBrokerLoginTest to factor in REGISTER event in first broker flow

Closes #11646

Correcting Indentation of AbstractFirstBrokerLoginTest
2022-08-23 10:43:56 +02:00
Stefan Guilhen
f84fdfa8ef
Fix UserSessionProviderTest failures with CockroachDB (#13891)
- move assertions to a separate tx due to CRDB's SERIALIZABLE isolation level

Closes #13211
2022-08-23 09:57:13 +02:00
Sebastian Schuster
53472e097c 13647 fixed wrong feature flag for checking admin fine-grained authz 2022-08-22 09:34:12 -03:00
Stefan Guilhen
5775e7c4ba
Fix ConcurrentTransactionsTest failure with CockroachDB (#13890)
- realm has to be removed in a separate tx due to CRDB's SERIALIZABLE isolation level

Closes #13211
2022-08-22 08:39:14 +02:00
Pedro Igor
eda33a0b21 Concurrency issue when caching JS policies
Closes #12204
2022-08-17 16:30:32 -03:00
Pedro Igor
15bbb46657 Avoid removing static path config from cache
Closes #9855
2022-08-17 16:29:59 -03:00
Martin Bartoš
5a2852530f Fix DB tests for Quarkus
Fixes #13642
2022-08-17 10:23:05 -03:00
Pedro Igor
841c65d24f Return 404 when invoking authorization endpoints in case authz settings are disabled
Closes #10151
2022-08-16 16:37:44 -03:00
nehachopra27
26de05fa44
Updating RestEasy for Jetty App Server (#13710)
Co-authored-by: nchopra <nchopra@redhat.com>
2022-08-16 11:20:24 +02:00
Michal Hajas
ab431e3bd9 Fix KeycloakQuarkusServerDeployableContainer to correctly configure map store
Closes #13721
2022-08-11 16:55:06 +02:00
Pedro Igor
e3af0610e2 Support running base testsuite on Windows
Closes #12648

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-08-10 20:03:53 -03:00
Markus Till
fa383bf76c
Suppress confirmation screen for logout in oidc (#13471)
Closes #13469
2022-08-10 18:25:50 +02:00
Michal Hajas
d55d110ff9 Run Infinispan using Testcontainers in base testsuite
Closes #13620
2022-08-10 16:36:44 +02:00
Marcelo Daniel Silva Sales
e44cea587f
NullPointer during OIDC logout client disabled (#13424)
closes #12624
2022-08-08 12:34:09 +02:00
Michal Hajas
ec808d28bb Remove possibility to start embedded HotRod server in hotrod-map module
Closes #13247
2022-08-05 21:08:38 +02:00
Tero Saarni
2392af157b Forward quarkus server output to console in testsuite 2022-08-05 09:48:48 -03:00
Pedro Igor
333a4c900f Revert changes that block themes being loaded from custom providers
Closes #13401
2022-08-04 13:34:12 +02:00
Sebastian Knauer
21f700679f KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper 2022-08-03 13:07:12 +02:00
nehachopra27
c7be78fade
Add admin-ui dependencies to integration-arquillian testsuite
Co-authored-by: nchopra <nchopra@redhat.com>

Fixes: #13465
2022-08-01 20:49:11 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup (#13406)
Closes #13128
2022-07-29 18:03:56 +02:00
Hynek Mlnarik
143e6bc932 Replace undertow-map with quarkus-map
Fixes: #12652
2022-07-27 14:08:38 +02:00
Stian Thorgersen
ae33af92d9
Promote new admin console to default (#13243)
Closes #13242
2022-07-27 10:13:49 +02:00
Pedro Hos
ee2c5391bd
Possible client enumeration in the authorization endpoint
Closes #12164
2022-07-26 09:10:06 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282)
Closes #10135
2022-07-25 10:57:52 +02:00
Dominik Guhr
9bb1299d89 change optimised to optimized
also: fix kc.bat to not use autobuild in devmode anymore, fix containers.adoc to not use auto_build naming, fix build command cli help as it is not required anymore to run it beforehand.
2022-07-22 10:29:07 -03:00
Stian Thorgersen
a251d785db
Remove text based login flows (#13249)
* Remove text based login flows

Closes #8752

* Add display param back in case it's used by some custom authenticators
2022-07-22 15:15:25 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
2022-07-22 08:20:00 +02:00
Douglas Palmer
adeef6c2a0 Partial import feature does not import Identity Provider mappers in Keycloak #12861 2022-07-21 18:04:15 +02:00
Stefan Guilhen
e9c55f45e5 Enable action token JPA provider in map-storage-jpa profile
Closes #13139
2022-07-20 16:30:20 -03:00
Pedro Igor
3631a413d2 Allow token exchange when subjec_token is not associated with a session
Closes #12596
2022-07-20 15:42:26 -03:00
Martin Bartoš
1b9a3bf51a Cannot use WebAuthn with WildFly distribution
Fixes #12762
2022-07-20 09:59:44 -03:00
Lex Cao
f0988a62b8
Use base64 url decoded for client secret when authenticating with Basic Auth (#12486)
Closes #11908
2022-07-16 09:38:41 +02:00
Pedro Igor
89028613d8 Introducing --optimise option
Closes #10737
2022-07-15 15:12:17 -03:00
Marcelo Daniel Silva Sales
f7a80409a9
Add flow to generate secret length based on signature algorithm (#13107)
Closes #9376
2022-07-15 11:06:07 +02:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241)
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
2022-07-14 12:07:02 -03:00
Alexander Schwartz
b8d5e01cf3
Avoid using old legacy-store API in the test suite (#13077) 2022-07-13 09:58:01 -03:00
kz-masa
d26cff270f
Delete unnecessary import statements (#12935) (#12936) 2022-07-12 19:37:15 -03:00
Martin Bartoš
216922233a
Remote base tests don't work with WildFly (#12842)
Fixes #12841
2022-07-12 15:14:09 +02:00
Martin Kanis
4b43612806 Disable WARN logging for Hot Rod RemoteQuery class 2022-07-11 16:48:56 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Martin Bartoš
07ab29378b Make WebAuthn required actions enabled by default
Closes #12723
2022-07-11 15:32:40 +02:00
Michal Hajas
0f86427dd0 Make user->client sessions relationship consistent
Closes #12817
2022-07-11 08:42:28 -03:00
Martin Bartoš
17f1d04960
Possibility to execute DB migration tests for Quarkus distribution (#12688)
Closes #12685
2022-07-11 12:23:41 +02:00
fwojnar
7fccdb10d8
Fixing ClientPoliciesTest failure (#12670)
Closes #10633

Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-07-11 12:22:25 +02:00
Takashi Norimatsu
29aad9dc45 PAR logic affecting /auth endpoint
Closes #9289
2022-07-11 11:56:37 +02:00
Alexander Schwartz
29a501552e Disable the JpaUserFederatedStorageProvider when map storage is enabled
Closes #12895
2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f Move methods from UserStorageUtil to LegacyRealmModel
It is better suited to take methods removed from RealmModel earlier.

Closes #12805
2022-07-07 09:57:17 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation (#12871) 2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider (#12897)
Split PublicKeyStorageProvider

- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates

Resolves #12763

Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-07-05 09:57:51 -03:00
Stefan Guilhen
007fa1f374 Single Use Objects Map JPA implementation
Closes #9852
2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292 Move session persistence package to legacy-private module
Also, disabling the jpa session persister when map storage is enabled.

Closes #12712
2022-07-04 10:05:26 -03:00
Konstantinos Georgilakis
32f8f30f36 Include 'urn:ietf:params:oauth:grant-type:token-exchange' in grant_types_supported field of Keycloak OP metadata, if token-exchange is enabled
closes #10888
2022-06-30 17:13:47 -03:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType
This reverts commit 3b5a578934.
2022-06-30 12:20:51 -03:00
Alexander Schwartz
ddeab744d0 Moving RoleStorageProviderModel to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants
Closes #12485
2022-06-29 13:35:11 +02:00
Lex Cao
c3c8b9f0c8
Add client_secret to response when token_endpoint_auth_method is not private_key_jwt (#12609)
Closes #12565
2022-06-29 10:19:18 +02:00
Clara Fang
4643fd09e3 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
This should reduce GC pressure.

Closes #12644
2022-06-29 08:53:09 +02:00
Konstantinos Georgilakis
ccc0449314 json device code flow error responses
closes #11438
2022-06-29 07:23:02 +02:00
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration (#12692)
Closes #12625
2022-06-29 07:17:09 +02:00
danielFesenmeyer
b6d8c27cac OIDC logout: In "legacy mode", support post_logout_redirect_uri param without requiring id_token_hint param
Closes #12680
2022-06-28 14:36:03 +02:00
leandrobortoli
c5d5659100 Fixed bug on client credentials grant when encryption key not found
Closes #12348
2022-06-27 13:00:21 +02:00
Lex Cao
f8a7c8e160
Validate name of client scope (#12571)
Closes #12553
2022-06-27 12:26:18 +02:00
Pedro Igor
3d2c3fbc6a Support JSON objects when evaluating claims in regex policy
Closes #11514
2022-06-23 14:04:09 -03:00
Pedro Igor
d3a40e8620 Use backend baseURL for UMA-related backend endpoints
Closes #12549
2022-06-23 10:35:26 -03:00
Takashi Norimatsu
a10eef882f DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent
Closes #12455
2022-06-22 13:01:35 +02:00
Takashi Norimatsu
d396ee7d30 CIBA flow : no error on invalid scope
Closes #12589
2022-06-22 12:55:55 +02:00
rmartinc
711440e513 [#11036] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL 2022-06-21 10:52:25 -03:00
Stefan Guilhen
7d96f3ad5a Events Map JPA implementation
Closes #9667
2022-06-21 13:53:48 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
26198e4b0b Disable tests irrelevant for map storage 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
1a227212de Simplify implementation of a federated storage by moving the default implementation to the abstract base class; this will also allow the quickstarts and implementations derived from that to run without changes. 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Alexander Schwartz
850af55edc Ensure that only JDK 8 APIs are used where JDK 8 is still required.
Closes #10842
2022-06-20 14:44:33 -03:00
Martin Bartoš
d8112d7b7e
DB migration tests execution for Quarkus (#12525)
Closes #12524
2022-06-20 10:12:37 +02:00
Alexander Schwartz
71e7982a49 Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest
Also adding try/finally in other places in the integration tests where it was missing.

Closes #12530
2022-06-16 13:42:55 +02:00
nehachopra27
39cff0750c
[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh (#12386)
Co-authored-by: nchopra <nchopra@redhat.com>

Resolves #12385
2022-06-15 11:29:11 -03:00
Martin Bartoš
0fef4305b6 Logout confirm page is failing to log the user out on auth-server-wildfly
Fixes #11753
2022-06-14 10:46:02 +02:00
mposolda
3aefb59d40 Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user
Closes #12458
2022-06-14 10:44:31 +02:00
Alexander Schwartz
c2043da78e When asserting a URL, allow for some time for any redirect to complete.
Closes #12446
2022-06-14 07:30:31 +02:00
Christoph Leistert
442eff0169
Closes #11851: Apply localization text from realm default locale when it is not defined for the requested language. (#11852) 2022-06-10 14:36:11 -04:00
Martin Bartoš
2cf089424a
ClientClientScopesTest failures in the test pipeline (#12440)
Resolves #12439
2022-06-10 09:13:25 -03:00
Alexander Schwartz
361a813d81 Keep a list of model instances in the JPA map session.
This allows removing them from the persistence context on bulk delete.

Closes #12384
2022-06-09 12:39:04 -03:00
Joerg Matysiak
3c19ad627f Repsect permissions configured to firstName and lastName when configured in user profile
Resolves #12109
2022-06-09 10:10:15 -03:00
Pedro Igor
8aecba1795 Fixing how realm frontendurl is cached when resolving the hostname
Closes #11894
2022-06-08 16:41:25 -03:00
Alexander Schwartz
9272c7a5ec Allow for the backend to return granted scopes in any order.
Closes #12395
2022-06-08 08:39:14 -03:00
Pedro Igor
243e63c9f3 Do not set empty permissions to username and email attributes
Closes #11647
2022-06-07 10:59:35 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API (#11199) 2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration (#12244)
Closes #12243
2022-06-07 09:02:00 +02:00
Martin Kanis
df72cf72f2 Hot Rod map storage: Single-use (action token) no-downtime store 2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
Takashi Norimatsu
3889eeda30 Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API
Closes #12295
2022-06-06 11:30:48 +02:00
Michal Hajas
09c0a69a8f Add HotRod no downtime store for events
Closes #9676
2022-06-02 13:30:19 +02:00
mposolda
f90fbb9c71 Changing locale on logout confirmation did not work
Closes #11951
2022-05-31 16:03:58 +02:00
Takashi Norimatsu
d083b6c484 ciba http auth channel sends client_id and client_secret via delegation request
Closes #10993
2022-05-31 08:22:50 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store
Closes #9669
2022-05-30 21:05:34 +02:00
Pedro Igor
ea22989d89 Fixing ClientTokenExchangeTest to also run when TLS is disabled
Closes #11818
2022-05-30 11:23:46 -03:00
Pedro Hos
e121371401 /clients-registrations API doesn't return secret anymore and is not coherent #11116
/clients-registrations API doesn't return secret anymore and is not coherent

fixing merge

/clients-registrations API doesn't return secret anymore and is not coherent

fixing test that was failing

Replace tabs with regular spaces

fixing identation

/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116

fixing test that was failing
2022-05-30 15:18:56 +02:00
mposolda
4222de8f41 OIDC RP-Initiated Logout POST method support
Closes #11958
2022-05-30 14:10:58 +02:00
Marek Posolda
cf386efa40
Support for client_id parameter in OIDC RP-Initiated logout endpoint (#12202)
Closes #12002


Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2022-05-27 14:12:37 +02:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 (#11322)
Closes #9945
2022-05-27 12:28:50 +02:00
Luca Leonardo Scorcia
27650ab816 Fix #10982 SAML Client - Introduce SAML Issuer validation 2022-05-27 10:58:10 +02:00
Martin Bartoš
d8cded994f
WebAuthn test failures in admin console (#12161)
Resolves #12160
2022-05-26 12:55:22 -03:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store
Closes #11947
2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
Martin Bartoš
86f31e8df5 Fix BlacklistPasswordPolicyDefaultPath Failures on Windows
Fixes #11967
2022-05-24 17:26:19 -03:00