Réda Housni Alaoui
dbe0c27bcf
Allowing client registration access token rotation deactivation
2023-01-05 20:53:57 +01:00
mposolda
e374e309c6
Deprecate SHA1 based algorithms for sign SAML documents and assertions
...
Closes #16240
2023-01-05 20:45:20 +01:00
Michal Hajas
6566b58be1
Introduce Infinispan GlobalLock implementation
...
Closes #14721
2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41
Move transaction processing into session close
...
Fixes : #15223
2023-01-05 16:12:32 +01:00
Stian Thorgersen
6c1f981eec
Fix UserTest.sendResetPasswordEmailWithCustomLifespan ( #16233 )
...
Closes #16232
2023-01-04 13:03:33 +01:00
Stian Thorgersen
7dc16c69cb
Force refreshing token for admin client if time offset is set ( #16242 )
...
Closes #16143
2023-01-04 13:03:10 +01:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
ce6b737e33
NPE in userinfo endpoint
...
Closes #15429
2023-01-02 13:53:29 +01:00
Miquel Simon
9bb5b08015
Added Oracle to Legacy Store IT. ( #16097 )
2022-12-21 08:15:38 +01:00
mposolda
36bd76957d
Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL
...
Closes #15721
2022-12-20 21:03:55 +01:00
Michal Hajas
c79d29e68c
Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile
...
Closes #16046
2022-12-20 17:51:40 +01:00
Alexander Schwartz
1d758fac2b
Adding CRDB into GHA for the new store ( #16021 )
...
The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds.
Closes #16020
2022-12-17 08:50:21 +01:00
Pedro Igor
857b02be63
Allow managing the required settigs for the email attribute
...
Closes #15026
2022-12-15 13:11:06 -08:00
Pedro Igor
782d145cef
Allow updating authz settings via default client registration provider
...
Closes #9008
2022-12-15 20:43:43 +01:00
Stian Thorgersen
c1b0f2a6ab
Rebalanace BaseIT test groups ( #16007 )
2022-12-15 08:52:30 +01:00
Stian Thorgersen
a5670af745
Keycloak CI workflow refactoring ( #15968 )
...
* Keycloak CI workflow refactoring
Closes #15861
* Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
* Update CodeQL actions
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2022-12-14 16:12:23 +01:00
Stian Thorgersen
0f2ca3bfdd
fixes from release/20 ( #15982 )
...
* Avoid path traversal vis double-url encoding of redirect URI (#8 )
(cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f)
* Do not resolve user session if corresponding auth session does not exist (#7 )
* Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9 )
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2022-12-14 07:46:17 +01:00
Stian Thorgersen
30cc16e648
Move authorization tests into authz package ( #15957 )
...
Closes #15956
2022-12-12 18:09:11 +01:00
Michal Hajas
de7dd77aeb
Change id of TermsAndConditions required actions to uppercase
...
Closes #9991
2022-12-07 10:51:37 -03:00
mposolda
f4e91a5312
The redirect URI cannot be verified during logout in the case when client was removed
...
closes #15866
2022-12-07 08:20:30 +01:00
mposolda
264c5a6cdb
Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms
...
Closes #14968
2022-12-06 13:02:46 +01:00
Pedro Igor
022d2864a6
Make sure JAX-RS resource methods are advertizing the media type they support
...
Closes #15811
Closes #15810
2022-12-06 08:13:43 -03:00
Stian Thorgersen
2f0d8cd895
Move hok, par, and rar tests to oauth package ( #15834 )
...
Closes #15833
2022-12-05 15:42:20 +01:00
Michal Hajas
59ccae76cb
Fix flaky JS test ( #15804 )
...
Closes #15761
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-12-05 13:16:04 +01:00
Stian Thorgersen
8e6437e596
Fix Flaky test: RequiredActionTotpSetupTest.setupTotpExistingReusableCodeDisabled ( #15779 )
...
Closes #15564
2022-12-01 10:41:46 +01:00
Hynek Mlnařík
60ce949304
Ignore unknown clients in LDAP role mapper
...
Fixes : #10958
2022-12-01 09:51:05 +01:00
Stian Thorgersen
c24bc1bab0
Tweak time offset in RefreshTokenTest ( #15760 )
...
Closes #15718
2022-11-30 16:11:46 +01:00
Stian Thorgersen
c3c858c88a
Fix OpenshiftClientStorageTest.testCodeGrantFlowWithServiceAccountUsingOAuthRedirectReference ( #15741 )
...
Closes #15565
2022-11-29 14:20:21 +01:00
dependabot[bot]
3a35b05253
Bump ant in /testsuite/integration-arquillian/tests
...
Bumps ant from 1.9.15 to 1.10.11.
---
updated-dependencies:
- dependency-name: org.apache.ant:ant
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 12:03:47 -03:00
Miquel Simon
88bc5e2307
Use different Postgres image in Testcontainers. Upgraded Testcontainers dependency to 1.17.5.
2022-11-28 10:57:14 +01:00
mposolda
3e9c729f9e
X.509 authentication fixes for FIPS
...
Closes #14967
2022-11-25 11:50:30 +01:00
Stefan Guilhen
5c2a5fac31
Enable all test methods in ConcurrentLoginTest for JPA Map Storage
...
- Tests still disabled for Hotrod and CHM
- Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB.
Closes #12707
Closes #13210
2022-11-24 13:36:22 +01:00
Lex Cao
dd03137ea7
Strip secret of user when creating from admin API
...
Closes #14843
2022-11-24 11:38:42 +01:00
Nagy Vilmos
4b6b607fe9
Should not hide IDP from login page ( #14174 )
...
Closes #14173
2022-11-23 10:49:21 +01:00
rmartinc
b7188c3891
Unknown bind DN using LDAP anonymous bind aka bind type none ( #15546 )
...
Closes #15497
2022-11-23 10:23:46 +01:00
danielFesenmeyer
18381ecd2e
Fix update of group mappers on certain changes of the group path
...
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed
Closes #15614
2022-11-23 10:12:34 +01:00
cgeorgilakis-grnet
085dd24875
Client registration service do not check client protocol for Bearer token
...
Closes #15612
2022-11-23 08:49:13 +01:00
Stefan Guilhen
f8df04b3b8
Fix UserSessionProviderTest.testOnClientRemoved on CRDB
...
Closes #15558
2022-11-21 13:05:11 +01:00
Michal Hajas
6d683824a4
Deprecate DBLockProvider and replace it with new GlobalLockProvider
...
Closes #9388
2022-11-16 16:13:25 +01:00
Martin Kanis
5e891951f5
Update Infinispan version to 14.0.2.Final
2022-11-16 14:56:45 +01:00
Douglas Palmer
9f532eecaf
Weird export/re-import behaviour regarding post.logout.redirect.uris
...
Closes #14884
2022-11-15 09:24:32 +01:00
vramik
021189f190
Make GHA Map-JPA base testsuite running with Quarkus
...
Co-authored-by: Martin Batros <mabartos@redhat.com>
Closes #13725
2022-11-10 10:08:14 +01:00
Jia Chen
c3d53ae6e0
Returns an empty groups stream without querying the database if a user doesn't belong to any groups
...
Closes #12567
2022-11-09 13:07:42 +01:00
danielFesenmeyer
ec30c52a00
Fix paging on the "Users in role" endpoint, when JPA persistence is used
...
- add order-by-clause to the corresponding JPA query (ordering by username ASC)
- adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles)
- adjust tests to use the new method and check that the expected order is returned
Closes #14772
2022-11-07 20:44:06 +01:00
stianst
1de9c201c6
Refactor Profile
...
Closes #15206
2022-11-07 07:28:11 -03:00
Marek Posolda
c0c0d3a6ba
Short passwords with PBKDF2 mode working ( #14437 )
...
* Short passwords with PBKDF2 mode working
Closes #14314
* Add config option to Pbkdf2 provider to control max padding
* Update according to PR review - more testing for padding and for non-fips mode
2022-11-06 14:49:50 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS ( #15299 )
...
closes #14965
2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS ( #15114 )
...
Closes #14794
2022-11-03 09:32:45 +01:00
Stian Thorgersen
cf913af823
Add support for Microsoft Authenticator ( #15272 )
...
Closes #15271
2022-11-02 12:56:07 +01:00
Stian Thorgersen
cac4c43052
Remove AccountPasswordPage from testsuite ( #15204 )
...
Closes #15200
2022-11-02 06:20:39 +01:00
Alexander Schwartz
dd5a60c321
Allow a partial import to overwrite the default role
...
Closes #9891
2022-11-01 15:35:02 -03:00
Pedro Igor
f6985949b6
Close the session within resteasy boundaries ( #15193 )
...
Closes #15192
2022-11-01 11:06:34 +01:00
Stian Thorgersen
17117820cc
Remove AccountFormServiceTest ( #15197 )
...
Closes #15196
2022-10-28 12:26:59 +02:00
Michal Hajas
883e83e625
Remove deprecated methods from data providers and models
...
Closes #14720
2022-10-25 09:01:33 +02:00
Alexander Schwartz
9b80bad391
Stabilize test testAccountManagementLinkIdentity by waiting for username to appear
...
Closes #15054
2022-10-24 19:19:27 +02:00
Stian Thorgersen
29b8294dd6
Filter list of supported OTP applications by current policy ( #15113 )
...
Closes #15112
2022-10-24 16:47:16 +02:00
mposolda
55c514ad56
More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS
...
Closes #14964
2022-10-24 08:36:37 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream ( #14697 )
...
* Remove Red Hat Single Sign-On product profile from upstream
Closes #14916
* review suggestions: Remove Red Hat Single Sign-On product profile from upstream
Closes #14916
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
Marek Posolda
0756ef9a75
Initial integration tests with BCFIPS distribution ( #14895 )
...
Closes #14886
2022-10-17 23:33:22 +02:00
Stian Thorgersen
f7490b7f7c
Fix issue where admin2 was not enabled by default if account2 was disabled ( #14914 )
...
Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation
Closes #14889
2022-10-17 15:17:54 +02:00
vramik
f49582cf63
MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable
...
Closes #14678
2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0
Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving
...
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
- moving a group
- renaming a group
- renaming a role
- renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior
Closes #11236
2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider ( #13677 )
...
Closes #13334
2022-10-13 09:26:44 +02:00
Lex Cao
8ea3f30d82
Support profile projection parameter for LinkedIn IDP
...
Closes #13384
2022-10-11 15:22:00 -03:00
Takashi Norimatsu
148c7695ff
Pluggable Features of Token Manager
...
Closes #12065
2022-10-07 08:43:34 +02:00
Marek Posolda
425b6b8df2
Parameters 'client_id' and 'response_type' not strictly required in O… ( #14679 )
...
* Parameters 'client_id' and 'response_type' not strictly required in OIDC request object
Closes #14255
2022-10-05 11:20:15 +02:00
Douglas Palmer
44aae52fb4
Fixed locale switcher on error page ( #14728 )
...
Closes #14205
2022-10-05 10:30:07 +02:00
Marek Posolda
c59660ca86
KEYCLOAK_SESSION not working for some user federation setups when user ID has special chars ( #14560 )
...
closes #14354
2022-10-05 08:59:30 +02:00
Marek Posolda
fb24c86a3b
offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 ( #14658 )
...
closes #13706
2022-10-03 12:54:12 +02:00
Stian Thorgersen
390c7485c7
Remove WildFly dist modules ( #14675 )
...
Closes #14307
2022-09-30 14:26:55 +02:00
Alice Wood
1eb7e95b97
enhance existing group search functionality allow exact name search keycloak/keycloak#13973
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
2022-09-30 10:37:52 +02:00
Martin Bartoš
a20d6e2f1f
Remove JBoss-based auth servers from the testsuite ( #14317 )
...
Closes #14299
2022-09-30 09:41:57 +02:00
Marcelo Daniel Silva Sales
22713bc144
Incorrect error message OIDC client authentication ( #14656 )
...
closes #12162
Co-authored-by: Pedro Hos <pedro-hos@outlook.com>
2022-09-30 09:40:05 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron ( #14415 )
...
Closes #12702
2022-09-27 08:53:46 +02:00
Alexander Schwartz
be2deb0517
Modify RealmsAdminResource.importRealm to work with InputStream
...
Closes #13609
2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b
enhance group search to allow searching for groups via attribute keycloak/keycloak#12964
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-09-19 15:19:36 +02:00
Takashi Norimatsu
0a832fc744
Intent support before issuing tokens (UK OpenBanking)
...
Closes #12883
2022-09-19 12:15:00 +02:00
Martin Bartoš
d4130b0c6b
Admin Console tests failing ( #14404 )
...
Fixes #10997
2022-09-17 08:23:19 +02:00
rmartinc
cc9326fcad
Delay LDAPObject creation until mandatory attributes are set ( #14341 )
...
Closes #14286
2022-09-16 20:35:50 +02:00
Dmitry Telegin
cc2117bf7c
UserInfo endpoint not fully standards compliant
...
Closes #14184
2022-09-16 10:15:08 +02:00
danielFesenmeyer
3af1134975
Update IDP link username when sync mode is "force"
...
Closes #13049
2022-09-14 08:02:17 -03:00
Martin Bartoš
ed3d003d65
Remove Legacy migration tests from testsuite ( #14310 )
...
Closes #14300
2022-09-14 11:29:53 +02:00
Václav Muzikář
e999aeeab8
Fix DefaultHostnameTest
on Undertow
2022-09-13 14:41:23 -03:00
Martin Bartoš
aa5a4e3d84
Remove remote WildFly server from the testsuite ( #14321 )
...
Closes #14319
2022-09-13 12:49:40 +02:00
fwojnar
cee69e1abc
Remove Server Config Migration tests from testsuite ( #14334 )
...
Closes #14303
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-09-13 12:47:35 +02:00
fwojnar
a58f0593a6
Remove Clean Start test from testsuite ( #14345 )
...
Closes #14305
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-09-13 12:46:55 +02:00
Václav Muzikář
490590625d
Fix listApplicationsThirdParty
2022-09-13 08:33:31 +02:00
Jurjan-Paul Medema
eb0124e3e1
Mapper option 'Aggregate attribute values' is now applied to group hierarchy ( #7871 )
...
Closes #11255
2022-09-12 13:34:28 +02:00
Christoph Leistert
7e5b45f999
Issue #8749 : Add an option to control the order of the event query and admin event query
2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5
Move UserFederatedStorageProvider into legacy module
...
Closes #13627
2022-09-11 18:37:45 +02:00
Pedro Igor
3518362002
Validate auth time when max_age is sent to brokered OPs
...
Closes #14146
2022-09-09 10:30:51 -03:00
Pedro Igor
a0079b516b
Allow setting response mode ( #14104 )
...
Closes #14083
2022-09-09 14:28:47 +02:00
Martin Bartoš
0fcf5d3936
Reuse of token in TOTP is possible
...
Fixes #13607
2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default ( #14293 )
...
Closes #14292
2022-09-09 13:47:51 +02:00
vramik
869ccc82b2
Enable MapUserProvider storing username with the letter case significance
...
Closes #10245
Closes #11602
2022-09-09 11:46:11 +02:00
Dominik Guhr
f2b02f19e6
Closes #13786
2022-09-07 18:29:26 +02:00
cgeorgilakis
07b0df8f62
View groups from account console ( #7933 )
...
Closes #8748
2022-09-07 11:25:31 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 ( #14179 )
...
Closes #14179
2022-09-07 10:09:30 +02:00
Christoph Leistert
cc2bb96abc
Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.
2022-09-06 21:31:31 +02:00
Thomas Peter
19d69169b1
introduce expiration option for admin events
2022-09-06 16:05:53 +02:00
Pedro Igor
a6137b9b86
Do not empty attributes if they are not provided when user profile is enabled
...
Closes #11096
2022-09-06 12:59:05 +02:00
Michal Hajas
f69497eb28
KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants
...
Closes #14018
2022-09-06 10:38:28 +02:00
Sergey Ch
860c3fbbd3
KEYCLOAK-17263 Add exact searching for users ( #8059 )
...
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-09-01 19:27:24 +02:00
Thomas Darimont
43623ea9d0
KEYCLOAK-18499 Add max_age support to oauth2 brokered logins
...
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7
Fixed handling of required setting for email in user profile.
...
Resolves #13923
2022-08-31 17:19:19 -03:00
Martin Bartoš
677579fce6
Environment variables for admin creation in testsuite
...
Closes #14102
2022-08-31 07:29:55 -03:00
Nagy Vilmos
f6db484172
Keep the locale related authNotes through the IdentityBroker flow. ( #10444 )
...
Closes #8827
2022-08-31 09:37:26 +02:00
Martin Bartoš
e6a5f9c124
Default required action providers are still available after feature disabling
...
Closes #13189
2022-08-31 08:42:47 +02:00
Martin Bartoš
94de015440
Cannot build base testsuite due to missing dependency related to WF ( #14079 )
...
Fixes #14072
2022-08-30 18:52:05 +02:00
Stian Thorgersen
eece543ede
Remove AddUserTest as it was specific to the WildFly distribution ( #14091 )
...
Closes #14072
2022-08-30 16:57:44 +02:00
Manato Takai
1cdc21f0ff
Add duplicate parameter check for UserInfo endpoint. ( #14024 )
...
Closes #14016
2022-08-30 14:39:15 +02:00
Pedro Igor
917e8668cb
Fixing error when activating webauthn profile
...
Related #14005
2022-08-30 13:55:02 +02:00
Martin Bartoš
090f7f89d5
Cannot execute Old Admin Console tests ( #13887 )
...
Fixes #14005
2022-08-29 13:41:22 +02:00
Joerg Matysiak
62790b8ce0
Allow permission configuration for username and email in user profile.
...
Enhanced Account API to respect access to these attributes.
Resolves #12599
2022-08-25 21:54:51 -03:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final ( #13910 )
...
Closes #12306
2022-08-25 13:09:34 +02:00
Christoph Leistert
5408d25e09
Fixes #10656 : Sub realm localization GET endpoints can be called using tokens issued by the master realm. ( #10660 )
...
* Fixes #10656 : Sub realm localization GET endpoints can be called using tokens issued by the master realm.
* Fixes #10656 : Added some tests
2022-08-25 09:02:07 +02:00
Markus Till
7f999a4629
integration.admin-client: Add exact search for all dedicated user attributes ( #13361 )
...
Closes #13360
2022-08-25 08:57:31 +02:00
Arnaud Martin
af0d97e534
Delete broker links for federated users when an identity provider is deleted
...
Closes #13731
2022-08-25 08:24:09 +02:00
Pedro Igor
ddcf0f45f9
Run import within the context of the realm being imported
...
Closes #12289
2022-08-25 08:18:43 +02:00
Pedro Igor
25be07be17
Allow introspecting tokens issued during token exchange with delegation semantics
...
Closes #9337
2022-08-24 09:47:04 -03:00
Takashi Norimatsu
8c1ea4b47c
mTLS binding support for password grant
...
Closes #13662
2022-08-24 11:44:48 +02:00
Konstantinos Georgilakis
c5b9dc1e7b
set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext)
...
Closes #13162
2022-08-23 17:33:07 +02:00
Konstantinos Georgilakis
baa89debd9
Correct isValidScope method of TokenManager for Dynamic scopes
...
Closes #13158
2022-08-23 16:30:04 +02:00
Lex Cao
6b1c64a1a9
Add rememberMe to a user session representation( #13408 ) ( #13765 )
...
Closes #13408
2022-08-23 15:28:52 +02:00
Konstantinos Georgilakis
2002fd983b
Showing consent screen text instead of scope name in consent part of Application page in Account console
...
Closes #13109
2022-08-23 11:22:31 +02:00
rishabhsvats
c223291a1e
Adds REGISTER event when new user login through first broker flow
...
Updates KcOidcBrokerEventTest, AbstractFirstBrokerLoginTest to factor in REGISTER event in first broker flow
Closes #11646
Correcting Indentation of AbstractFirstBrokerLoginTest
2022-08-23 10:43:56 +02:00
Stefan Guilhen
f84fdfa8ef
Fix UserSessionProviderTest failures with CockroachDB ( #13891 )
...
- move assertions to a separate tx due to CRDB's SERIALIZABLE isolation level
Closes #13211
2022-08-23 09:57:13 +02:00
Sebastian Schuster
53472e097c
13647 fixed wrong feature flag for checking admin fine-grained authz
2022-08-22 09:34:12 -03:00
Stefan Guilhen
5775e7c4ba
Fix ConcurrentTransactionsTest failure with CockroachDB ( #13890 )
...
- realm has to be removed in a separate tx due to CRDB's SERIALIZABLE isolation level
Closes #13211
2022-08-22 08:39:14 +02:00
Pedro Igor
eda33a0b21
Concurrency issue when caching JS policies
...
Closes #12204
2022-08-17 16:30:32 -03:00
Pedro Igor
15bbb46657
Avoid removing static path config from cache
...
Closes #9855
2022-08-17 16:29:59 -03:00
Martin Bartoš
5a2852530f
Fix DB tests for Quarkus
...
Fixes #13642
2022-08-17 10:23:05 -03:00
Pedro Igor
841c65d24f
Return 404 when invoking authorization endpoints in case authz settings are disabled
...
Closes #10151
2022-08-16 16:37:44 -03:00
Michal Hajas
ab431e3bd9
Fix KeycloakQuarkusServerDeployableContainer to correctly configure map store
...
Closes #13721
2022-08-11 16:55:06 +02:00
Pedro Igor
e3af0610e2
Support running base testsuite on Windows
...
Closes #12648
Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-08-10 20:03:53 -03:00
Markus Till
fa383bf76c
Suppress confirmation screen for logout in oidc ( #13471 )
...
Closes #13469
2022-08-10 18:25:50 +02:00
Michal Hajas
d55d110ff9
Run Infinispan using Testcontainers in base testsuite
...
Closes #13620
2022-08-10 16:36:44 +02:00
Marcelo Daniel Silva Sales
e44cea587f
NullPointer during OIDC logout client disabled ( #13424 )
...
closes #12624
2022-08-08 12:34:09 +02:00
Tero Saarni
2392af157b
Forward quarkus server output to console in testsuite
2022-08-05 09:48:48 -03:00
Sebastian Knauer
21f700679f
KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper
2022-08-03 13:07:12 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup ( #13406 )
...
Closes #13128
2022-07-29 18:03:56 +02:00
Hynek Mlnarik
143e6bc932
Replace undertow-map with quarkus-map
...
Fixes : #12652
2022-07-27 14:08:38 +02:00
Stian Thorgersen
ae33af92d9
Promote new admin console to default ( #13243 )
...
Closes #13242
2022-07-27 10:13:49 +02:00
Pedro Hos
ee2c5391bd
Possible client enumeration in the authorization endpoint
...
Closes #12164
2022-07-26 09:10:06 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration ( #12282 )
...
Closes #10135
2022-07-25 10:57:52 +02:00
Dominik Guhr
9bb1299d89
change optimised to optimized
...
also: fix kc.bat to not use autobuild in devmode anymore, fix containers.adoc to not use auto_build naming, fix build command cli help as it is not required anymore to run it beforehand.
2022-07-22 10:29:07 -03:00
Stian Thorgersen
a251d785db
Remove text based login flows ( #13249 )
...
* Remove text based login flows
Closes #8752
* Add display param back in case it's used by some custom authenticators
2022-07-22 15:15:25 +02:00
Alexander Schwartz
cb81a17611
Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory
...
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.
Closes #12972
2022-07-22 08:20:00 +02:00
Douglas Palmer
adeef6c2a0
Partial import feature does not import Identity Provider mappers in Keycloak #12861
2022-07-21 18:04:15 +02:00
Stefan Guilhen
e9c55f45e5
Enable action token JPA provider in map-storage-jpa profile
...
Closes #13139
2022-07-20 16:30:20 -03:00
Pedro Igor
3631a413d2
Allow token exchange when subjec_token is not associated with a session
...
Closes #12596
2022-07-20 15:42:26 -03:00
Martin Bartoš
1b9a3bf51a
Cannot use WebAuthn with WildFly distribution
...
Fixes #12762
2022-07-20 09:59:44 -03:00
Lex Cao
f0988a62b8
Use base64 url decoded for client secret when authenticating with Basic Auth ( #12486 )
...
Closes #11908
2022-07-16 09:38:41 +02:00
Pedro Igor
89028613d8
Introducing --optimise option
...
Closes #10737
2022-07-15 15:12:17 -03:00
Marcelo Daniel Silva Sales
f7a80409a9
Add flow to generate secret length based on signature algorithm ( #13107 )
...
Closes #9376
2022-07-15 11:06:07 +02:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store ( #12241 )
...
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Closes #9666
2022-07-14 12:07:02 -03:00
Alexander Schwartz
b8d5e01cf3
Avoid using old legacy-store API in the test suite ( #13077 )
2022-07-13 09:58:01 -03:00
kz-masa
d26cff270f
Delete unnecessary import statements ( #12935 ) ( #12936 )
2022-07-12 19:37:15 -03:00
Martin Bartoš
216922233a
Remote base tests don't work with WildFly ( #12842 )
...
Fixes #12841
2022-07-12 15:14:09 +02:00
Martin Kanis
4b43612806
Disable WARN logging for Hot Rod RemoteQuery class
2022-07-11 16:48:56 -03:00
Pedro Igor
5b48d72730
Upgrade Resteasy v4
...
Closes #10916
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Martin Bartoš
07ab29378b
Make WebAuthn required actions enabled by default
...
Closes #12723
2022-07-11 15:32:40 +02:00
Michal Hajas
0f86427dd0
Make user->client sessions relationship consistent
...
Closes #12817
2022-07-11 08:42:28 -03:00
Martin Bartoš
17f1d04960
Possibility to execute DB migration tests for Quarkus distribution ( #12688 )
...
Closes #12685
2022-07-11 12:23:41 +02:00
fwojnar
7fccdb10d8
Fixing ClientPoliciesTest failure ( #12670 )
...
Closes #10633
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-07-11 12:22:25 +02:00
Takashi Norimatsu
29aad9dc45
PAR logic affecting /auth endpoint
...
Closes #9289
2022-07-11 11:56:37 +02:00
Alexander Schwartz
29a501552e
Disable the JpaUserFederatedStorageProvider when map storage is enabled
...
Closes #12895
2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f
Move methods from UserStorageUtil to LegacyRealmModel
...
It is better suited to take methods removed from RealmModel earlier.
Closes #12805
2022-07-07 09:57:17 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation ( #12871 )
2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider ( #12897 )
...
Split PublicKeyStorageProvider
- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates
Resolves #12763
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-07-05 09:57:51 -03:00
Stefan Guilhen
007fa1f374
Single Use Objects Map JPA implementation
...
Closes #9852
2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292
Move session persistence package to legacy-private module
...
Also, disabling the jpa session persister when map storage is enabled.
Closes #12712
2022-07-04 10:05:26 -03:00
Konstantinos Georgilakis
32f8f30f36
Include 'urn:ietf:params:oauth:grant-type:token-exchange' in grant_types_supported field of Keycloak OP metadata, if token-exchange is enabled
...
closes #10888
2022-06-30 17:13:47 -03:00
Jon Koops
06d1b4faab
Restore enum variant of ResourceType
...
This reverts commit 3b5a578934
.
2022-06-30 12:20:51 -03:00
Alexander Schwartz
ddeab744d0
Moving RoleStorageProviderModel to the legacy modules
...
Closes #12656
2022-06-29 20:04:32 +02:00
vramik
3b5a578934
Change enum ResourceType to interface with String constants
...
Closes #12485
2022-06-29 13:35:11 +02:00
Lex Cao
c3c8b9f0c8
Add client_secret
to response when token_endpoint_auth_method
is not private_key_jwt
( #12609 )
...
Closes #12565
2022-06-29 10:19:18 +02:00
Clara Fang
4643fd09e3
Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
...
This should reduce GC pressure.
Closes #12644
2022-06-29 08:53:09 +02:00
Konstantinos Georgilakis
ccc0449314
json device code flow error responses
...
closes #11438
2022-06-29 07:23:02 +02:00
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration ( #12692 )
...
Closes #12625
2022-06-29 07:17:09 +02:00
danielFesenmeyer
b6d8c27cac
OIDC logout: In "legacy mode", support post_logout_redirect_uri param without requiring id_token_hint param
...
Closes #12680
2022-06-28 14:36:03 +02:00
leandrobortoli
c5d5659100
Fixed bug on client credentials grant when encryption key not found
...
Closes #12348
2022-06-27 13:00:21 +02:00
Lex Cao
f8a7c8e160
Validate name of client scope ( #12571 )
...
Closes #12553
2022-06-27 12:26:18 +02:00
Pedro Igor
3d2c3fbc6a
Support JSON objects when evaluating claims in regex policy
...
Closes #11514
2022-06-23 14:04:09 -03:00
Pedro Igor
d3a40e8620
Use backend baseURL for UMA-related backend endpoints
...
Closes #12549
2022-06-23 10:35:26 -03:00
Takashi Norimatsu
a10eef882f
DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent
...
Closes #12455
2022-06-22 13:01:35 +02:00
Takashi Norimatsu
d396ee7d30
CIBA flow : no error on invalid scope
...
Closes #12589
2022-06-22 12:55:55 +02:00
rmartinc
711440e513
[ #11036 ] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL
2022-06-21 10:52:25 -03:00
Stefan Guilhen
7d96f3ad5a
Events Map JPA implementation
...
Closes #9667
2022-06-21 13:53:48 +02:00
Hynek Mlnarik
26198e4b0b
Disable tests irrelevant for map storage
2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b
Inline deprecated methods in legacy code
2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92
Move LDAP REST Endpoints to LDAP package
...
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e
redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos)
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1
Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
...
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()
Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded
Avoid using methods on UserCredentialStoreManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e
Move User Storage SPI, introduce ExportImportManager
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51
Preparation for moving User Storage SPI
...
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187
Introduce legacy datastore module and update dependencies
2022-06-21 08:53:06 +02:00
Martin Bartoš
d8112d7b7e
DB migration tests execution for Quarkus ( #12525 )
...
Closes #12524
2022-06-20 10:12:37 +02:00
Alexander Schwartz
71e7982a49
Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest
...
Also adding try/finally in other places in the integration tests where it was missing.
Closes #12530
2022-06-16 13:42:55 +02:00
nehachopra27
39cff0750c
[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh ( #12386 )
...
Co-authored-by: nchopra <nchopra@redhat.com>
Resolves #12385
2022-06-15 11:29:11 -03:00