keycloak-scim

Author	SHA1	Message	Date
Martin Kanis	33331788a4	Introduce count method to avoid fetching all organization upon checking for existence Closes #29697 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-04 10:45:28 -03:00
Martin Kanis	173f09fa6b	Malformed dependency version causing the build failure Closes #30134 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-04 13:44:14 +02:00
Thomas Darimont	35a4a17aa5	Add support for application/jwt media-type in token introspection (#29842 ) Fixes #29841 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-06-03 19:06:21 +02:00
rmartinc	536534dd25	Remove the transformed output directory before executing JakartaTransformer Closes #30086 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-03 19:03:46 +02:00
Alexander Schwartz	792a3457ff	Use Maven wrapper instead of platform dependent Maven version (#29988 ) Closes #29987 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-03 15:45:39 +02:00
Martin Bartoš	262fc09edc	OpenJDK 21 support (#28518 ) * OpenJDK 21 support Closes #28517 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * x509 SAN UPN other name is not handled in JDK 21 (#904) closes #29968 Signed-off-by: mposolda <mposolda@gmail.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2024-06-03 14:17:28 +02:00
mposolda	9074696382	Editing built-in client policy profiles are silently reverted closes #27184 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-03 14:00:37 +02:00
Pedro Igor	4c39fcc79d	Allow to configure if users are automatically redirected when the email domain matches an organization Closes #30050 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-03 13:34:21 +02:00
raff897	6d6131cade	Backchannel logout url with curly brackets closes #30023 Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>	2024-06-03 09:51:39 +02:00
Ricardo Martin	0cd0d03c08	Remove all adapter-core code moved to util (#30012 ) * Remove all tests that are only executed for undertow app server * Remove installation steps for OIDC adapter in wildfly/eap app server * Remove the util adapters package except HttpClientBuilder * Remove HttpClientBuilder and use plain apache http client Closes #29912 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-03 09:28:02 +02:00
Alexander Schwartz	f6f3b385c5	Improve the cleanup after a failed test to ensure retries work Closes #30018 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-03 08:59:03 +02:00
Pedro Ruivo	ad32f8bdbc	auth-server-feature does not work for auth-server-quarkus-embedded (#30045 ) Fixes #29259 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-03 08:47:52 +02:00
Peter Zaoral	cd2451d58b	Remove Oracle JDBC driver out of the box (#29895 ) Closes: #29491 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2024-05-31 17:21:19 +00:00
rmartinc	068ce5a61f	Modify xpath for account console logout in the webauthn tests Closes #30024 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-31 15:14:35 +02:00
Stefan Wiedemann	0f6f9543ba	Add oid4vci to the account console (#29174 ) closes #25945 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com> Co-authored-by: Erik Jan de Wit <edewit@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-05-31 15:11:32 +02:00
Patrick Jennings	5144f8d85f	Improve Client Type Integration Tests (#29944 ) closes #30017 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-31 09:53:22 +02:00
Andrejs Mivreniks	1cf87407fe	Allow setting authentication flow execution priority value via Admin API Closes #20747 Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>	2024-05-30 19:17:45 +02:00
Martin Bartoš	3f49036192	Unify approach for WebAuthn tests (#29781 ) Closes #29780 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-30 14:21:27 +02:00
rmartinc	44ce2fb74d	Modify authz tests to not depende on adapter-core code Closes #29882 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-30 08:02:29 +02:00
Pedro Igor	320f8eb1b4	Improve invitation messages and flow Closes #29945 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 17:51:06 +02:00
Erik Jan de Wit	f088b0009c	initial ui for organizations (#29643 ) * initial screen Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * more screens Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added members tab Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added the backend Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added member add / invite models Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * initial version of the identity provider section Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * add link and unlink providers Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * small fix Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * PR comments Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Do not validate broker domain when the domain is an empty string Closes #29759 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added filter and value Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added first name last name Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * refresh menu when realm organization is changed Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * changed to record Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * changed to form data Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * fixed lint error Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Changing name of invitation parameters Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Chancing name of parameters on the client Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Enable organization at the realm before running tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Domain help message Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Handling model validation errors when creating organizations Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Message key for organizationDetails Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Do not change kc.org attribute on group Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * add realm into the context Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * tests Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Changing button in invitation model to use Send instead of Save Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Better message when validating the organization domain Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Fixing compilation error after rebase Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * fixed test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * removed wait as it no longer required and skip flacky test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * skip tests that are flaky Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * stabilize user create test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> --------- Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 14:34:02 +02:00
Martin Bartoš	76a6733f0a	Replace PhantomJS by HtmlUnit Closes #9979 Co-authored-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-29 11:17:57 +02:00
Martin Bartoš	b1a90972b6	Upgrade Selenium and Arquillian dependencies in testsuite Closes #29778 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-29 11:17:57 +02:00
Pedro Igor	bbb83236f5	Do not lower-case the username from the IdP when creating the federated identity Closes #28495 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 01:58:20 -03:00
Alexander Schwartz	46f0da43da	Instead of the test blocking for an unknown reason, specify a timeout Closes #29528 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-28 21:06:49 +02:00
Stefan Guilhen	694ffaf289	Allow organizations in different realms to have the same domain Closes #29886 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-28 08:02:30 -03:00
Francis Pouatcha	4317a474d1	JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification (#29635 ) closes #29634 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com> Co-authored-by: DYLANE BENGONO <85441363+bengo237@users.noreply.github.com>	2024-05-28 12:51:56 +02:00
Yutaka Obuchi	68d9dcecb5	Supporting OID4VCI AuthZCode flow: (#29685 ) closes #29724 Signed-off-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com> Co-authored-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com> Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-05-28 12:29:31 +02:00
Martin Bartoš	d396dfed6a	Upgrade old Keycloak version for DB migration tests (#29884 ) Closes #29883 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-28 11:32:31 +02:00
Jon Koops	66ef3bf2d7	Remove Opera from supported web drivers (#29903 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-05-28 09:01:40 +00:00
Douglas Palmer	b9c04bb8bc	Refactor PolicyEnforcer tests to remove dependency on keycloak-adapter-core and remove keycloak-adapter-core Closes #29189 Closes #28791 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-27 15:00:13 -03:00
Stefan Wiedemann	5a68056f2a	Fix oid4vc mappers Closes #29805 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-05-27 11:28:46 +02:00
mposolda	ea1cdc10bd	MigrateTo25_0_0 does not complete within default transaction timeout closes #29756 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-27 10:31:39 +02:00
Pedro Igor	2d4d32764c	Show a message when confirming an invitation link Closes #29794 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-27 08:33:22 +02:00
rmartinc	b258b459d7	Generate RESTART_AUTHENTICATION event on success Closes #29385 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-23 19:08:22 +02:00
vramik	0508d279f7	Filter empty domains from OrganizationsRepresentation before running validation Closes #29809 Signed-off-by: vramik <vramik@redhat.com>	2024-05-23 09:53:51 -03:00
Marek Posolda	2efc163b89	Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database Closes #27941 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-23 12:00:18 +00:00
Daniel Fesenmeyer	c08621fa63	Always order required actions by priority (regardless of context) - AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action - AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation) - add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now) - fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80) Closes #16873 Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>	2024-05-23 09:07:56 +02:00
Thomas Darimont	ab376d9101	Make required actions configurable (#28400 ) - Add tests for crud operations on configurable required actions - Add support exposing the required action configuration via RequiredActionContext - Make configSaveError message reusable in other contexts - Introduced admin-ui specific endpoint for retrieving required actions with config metadata Fixes #28400 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-05-23 08:38:36 +02:00
vramik	278341aff9	Add organizations enabled/disabled capability Closes #28804 Signed-off-by: vramik <vramik@redhat.com>	2024-05-22 07:58:26 -03:00
Alexander Schwartz	80de3a0a71	Allow migration of non-persistent sessions to persistent sessions Closes #29375 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-22 10:30:46 +02:00
Francis Pouatcha	542fc65923	Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 (#29628 ) closes #29627 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com> Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-05-22 10:30:34 +02:00
rmartinc	f7044ba5c2	Use SessionExpirationUtils for validate user and client sessions Check client session is valid in TokenManager Closes #24936 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-22 10:12:20 +02:00
Case Walker	f32cd91792	Upgrade owasp-java-html-sanitizer, address all fallout Signed-off-by: Case Walker <case.b.walker@gmail.com>	2024-05-22 09:15:25 +02:00
Raffaele Lucca	a5a55dc66e	Protocol now is mandatory during client scope creation. (#29544 ) closes #29027 Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>	2024-05-22 09:10:46 +02:00
Patrick Jennings	84acc953dd	Client type OIDC base read only defaults (#29706 ) closes #29742 closes #29422 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-22 09:07:19 +02:00
Pedro Igor	b019cf6129	Support unmanaged attributes for service accounts and make sure they are only managed through the admin api Closes #29362 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-21 16:56:18 -03:00
Martin Kanis	97cd5f3b8d	Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not Closes #29482 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-21 12:29:10 -03:00
rmartinc	3304540855	Allow admin console whoami endpoint to applications that have a special attribute Closes #29640 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-20 09:51:07 +02:00
Stefan Guilhen	1aab371912	Fix errors when importing realms with the organization feature enabled Closes #29630 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-17 07:25:31 -03:00
Ricardo Martin	74a80997c7	Fix CRL verification failing due to client cert not being in chain (#29582 ) closes #19853 Signed-off-by: Micah Algard <micahalgard@gmail.com> Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Micah Algard <micahalgard@gmail.com> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-05-17 11:28:07 +02:00
Dimitri Papadopoulos Orfanos	64a145e960	Fix user-facing typos in error messages (#29326 ) Update resource file and tests accordingly Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>	2024-05-16 09:55:41 +02:00
Takashi Norimatsu	b4e7d9b1aa	Passkeys: Supporting WebAuthn Conditional UI (#24305 ) closes #24264 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2024-05-16 07:58:43 +02:00
rmartinc	89d7108558	Restrict access to whoami endpoint for the admin console and users with realm access Closes #25219 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-15 19:06:57 +02:00
Stefan Guilhen	c4760b8188	Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org. Closes #29481 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-14 15:39:18 -03:00
Martin Kanis	3985157f9f	Make sure operations on a organization are based on realm they belong to Closes #28841 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-14 10:47:39 -03:00
Pedro Igor	b4d231fd40	Fixing realm removal when removing groups and brokers associated with an organization Closes #29495 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-14 14:29:27 +02:00
Pedro Igor	b5a854b68e	Minor improvements to invitation email templates (#29498 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-14 13:19:02 +02:00
Pedro Igor	1b583a1bab	Email validation for managed members should only fail if it does not match the domain set to a broker Closes #29460 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-14 10:46:22 +02:00
mposolda	d8a7773947	Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests closes #12298 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-13 16:33:29 +02:00
kaustubh-rh	8a82b6b587	Added a check in ClientInitialAccessResource (#29353 ) closes #29311 Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>	2024-05-13 13:00:36 +02:00
rmartinc	2cc051346d	Allow empty CSP header in headers provider Closes #29458 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-13 10:51:31 +02:00
Alexander Schwartz	6cc8d653f3	Make SessionWrapper related fields immutable that are part of the equals method The cache replace logic depends on it, as values returned by reference from a local cache must never be modified on those critical fields directly. Closes #28906 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-13 09:59:50 +02:00
Giuseppe Graziano	d735668fcd	Fix test failures after @DisableFeature Closes #29253 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-05-13 08:20:54 +02:00
Pedro Igor	b50d481b10	Make sure organization groups can not be managed but when managing an organization Closes #29431 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-10 21:28:11 -03:00
Stefan Guilhen	f0620353a4	Ensure master realm can't be removed Closes #28896 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-10 16:56:18 -03:00
Stefan Guilhen	ceed7bc120	Add ability to search organizations by attribute Closes #29411 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-10 16:45:41 -03:00
Pedro Igor	77b58275ca	Improvements to the organization authentication flow Closes #29416 Closes #29417 Closes #29418 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-09 16:07:52 -03:00
Pedro Igor	a65508ca13	Simplifying the CORS SPI and the default implementation Closes #27646 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-08 12:27:55 -03:00
Pedro Ruivo	cbce548e71	Infinispan 15.0.3.Final Closes #29068 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-05-08 17:18:39 +02:00
Stefan Guilhen	dde2746595	Improve tests to ensure managed users disabled upon disabling the org can't be updated Closes #28891 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-07 18:11:52 -03:00
Pedro Igor	927ba48f7a	Adding tests to cover using SAML brokers in an organization Closes #28732 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 20:44:38 +02:00
Douglas Palmer	8d628d740e	Can we remove undertow OIDC adapter? Closes #28788 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-07 19:47:46 +02:00
Thore	4b194d00be	iso-date validator for the user-profile Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker. Closes #11757 Signed-off-by: Thore <thore@kruess.xyz>	2024-05-07 11:42:39 -03:00
Martin Kanis	d4b7e1a7d9	Prevent to manage groups associated with organizations from different APIs Closes #28734 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-07 11:16:40 -03:00
Pedro Igor	f8bc74d64f	Adding SAML protocol mapper to map organization membership Closes #28732 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 15:52:35 +02:00
Stefan Guilhen	aa945d5636	Add description field to OrganizationEntity Closes #29356 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-07 10:35:51 -03:00
Pedro Igor	c0325c9fdb	Do not manage brokers through the Organization API Closes #29268 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 09:15:25 -03:00
Dinesh Solanki	2172741eb6	Refactor element identifiers from ID to class (#28690 ) Closes #24462 Signed-off-by: Dinesh Solanki <15937452+DineshSolanki@users.noreply.github.com>	2024-05-07 13:56:21 +02:00
Alice W	d1549a021e	Update invitation changes based on review and revert deleted test from OrganizationMembertest Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	40a283b9e8	Token expiration tests and updates to registration required action Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	158162fb4f	Review tests and having invitation related operations in a separate class Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	287f3a44ce	registration link tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00
Alice W	ce2e83c7f9	Update test and link formation on invite of new user Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>	2024-05-06 17:57:13 -03:00
Alice W	18356761db	Add test for user invite registration and fix minor bug with registration link generation and email templating Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	e0bdb42d41	adding test and minor updates to cover inviting existing users Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00
Stefan Guilhen	dae1eada3d	Add enabled field to OrganizationEntity Closes #28891 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-06 14:46:56 -03:00
Alexander Schwartz	a9532274e3	Generate translations for locales via built-in Java functionality (#29125 ) Closes #29124 Signed-off-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-05-06 09:30:14 +02:00
Giuseppe Graziano	c6d3e56cda	Handle reset password flow with logged in user Closes #8887 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-05-06 09:10:47 +02:00
Douglas Palmer	00bd6224fa	Remove remaining Fuse adapter bits Closes #28787 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-06 09:02:26 +02:00
Michal Hajas	128bba34d3	Remove PERSISTENT_USER_SESSIONS_No_CACHE feature Closes #29264 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-05-06 08:53:39 +02:00
Michal Hajas	8b715d3a31	Do not use LastSessionRefreshPersister with persistent user sessions enabled Closes #29144 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-05-06 08:49:48 +02:00
Thomas Darimont	ba43a10a6d	Improve details for user error events in OIDC protocol endpoints Closes #29166 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-05-06 08:32:31 +02:00
Pedro Igor	32d25f43d0	Support for mutiple identity providers Closes #28840 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-04 16:19:27 +02:00
Douglas Palmer	051c0197db	Remove old-WildFly, EAP 7.4 and 6.4 SAML adapters Closes #28785 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-03 15:39:05 +02:00
Justin Tay	7bd48e9f9f	Set logout token type to logout+jwt Closes #28939 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-05-03 14:51:10 +02:00
Giuseppe Graziano	8c3f7cc6e9	Ignore include in token scope for refresh token Closes #12326 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-05-03 09:05:03 +02:00
Douglas Palmer	e0176a7e31	Remove Wildfly and EAP OIDC adapters Closes #23381 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-02 20:16:55 +02:00
Steven Hawkins	3b1ca46be2	fix: updating docs around -q parameter (#29151 ) closes: #27877 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-05-02 16:48:43 +02:00
Stefan Guilhen	45e5e6cbbf	Introduce filtered (and paginated) search for organization members Closes #28844 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-02 11:25:43 -03:00
Stefan Wiedemann	3e16af8c0f	Fix oid4vc tests (#29209 ) closes #28982 closes #28983 closes #28984 closes #28985 closes #28986 closes #28987 closes #28988 closes #28989 closes #28990 closes #28991 closes #28992 closes #28993 closes #28994 closes #28995 closes #28996 * only enable/disable features that should Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com> * use default profile if nothing is set Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com> --------- Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-05-02 10:57:25 +00:00
Patrick Jennings	64824bb77f	Client type service account default type (#29037 ) * Adding additional non-applicable client fields to the default service-account client type configuration. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Creating TypedClientAttribute which maps clientmodel fields to standard client type configurations. Adding overrides for fields in TypeAwareClientModelDelegate required for service-account client type. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Splitting client type attribute enum into 3 separate enums, representing the top level ClientModel fields, the extended attributes through the client_attributes table, and the composable fields on ClientRepresentation. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Removing reflection use for client types. Validation will be done in the RepresentationToModel methods that are responsible for the ClientRepresentation -> ClientModel create and update static methods. Signed-off-by: Patrick Jennings <pajennin@redhat.com> More updates Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Update client utilzes type aware client property update method. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * If user inputted representation object does not contain non-null value, try to get property value from the client. Type aware client model will return non-applicable or default value to keep fields consistent. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Cleaning up RepresentationToModel Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Fixing issue when updating client secret. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Fixing issue where created clients would not have fullscope allowed, because getter is a boolean and so cannot be null. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Need to be able to clear out client attributes on update as was allowed before and causing failures in integration tests. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Fixing issues with redirectUri and weborigins defaults in type aware clients. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Need to allow client attributes the ability to clear out values during update. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Renaming interface based on PR feedback. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Shall be able to override URI sets with an empty set. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Comments around fields that are primitive and may cause problems determining whether to set sane default on create. Signed-off-by: Patrick Jennings <pajennin@redhat.com> --------- Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-02 12:22:02 +02:00
Ricardo Martin	65bdf1a604	Encode realm name in console URIs (#29102 ) Before this fix console uris (including the client redirect uris) did not contain the url encoded realm name and therefore were invalid. closes #25807 Signed-off-by: Philip Sanetra <code@psanetra.de> Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Philip Sanetra <code@psanetra.de> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-05-02 10:30:06 +02:00
Michal Hajas	7c427e8d38	Remove offline sessions timeouts adjusters as with persistent session we have bounded caches and it is no longer necessary to adjust time in caches Closes #29140 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-04-30 18:03:17 +02:00
Douglas Palmer	8d4d5c1c54	Remove redundant servers from the testsuite Closes #29089 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-30 17:39:32 +02:00
Stefan Guilhen	02e2ebf258	Add check to prevent deserialization issues when the context token is not an AccessTokenResponse. - also adds a test for the refresh token on first login scenario. Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-30 12:02:10 -03:00
Alexander Schwartz	d69872fa11	Batch writes originating from logins/logouts for persistent sessions All writes for the sessions are handled by a background thread which batches them. Closes #28862 Wait for persistent-store to contain update instead of cache which has the change immediately since it is in memory + introduce new model-test profile Closes #29141 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-04-30 14:07:35 +02:00
rmartinc	8042cd5d4f	Set client in the context for docker protocol Fix to execute again the docker test Closes #28649 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-30 10:17:17 +02:00
Pedro Igor	51352622aa	Allow adding realm users as an organization member Closes #29023 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-29 08:37:47 -03:00
Jon Koops	a6e2ab5523	Remove `jaxrs-oauth-client` and OIDC `servlet-filter` adapters Closes #28784 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-04-26 15:56:57 +02:00
Douglas Palmer	cca660067a	Remove JAAS login modules Closes #28789 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	b2f09feebf	Remove servlet filter saml adapters Closes #28786 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	a4a7d023a7	Remove Jetty OIDC adapter Closes #28779 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	c5dbab2740	Remove Jetty SAML adapter Closes #28782 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	bf2c97065f	Remove SpringBoot adapters Closes #28781 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	43aa10e091	Remove Tomcat OIDC adapter Closes #28778 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	98faf6e6a0	Remove Tomcat SAML adapter Signed-off-by: Douglas Palmer <dpalmer@redhat.com> Closes #28783	2024-04-26 09:30:35 +02:00
Stefan Guilhen	bfabc291cc	28843 - Introduce filtered (and paginated) searches for organizations Closes #28843 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-25 12:38:20 -03:00
Stefan Guilhen	8fa2890f68	28818 - Reintroduce search by name for subgroups Closes #28818 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-25 12:06:07 -03:00
vramik	d65649d5c0	Make sure organization are only manageable by the admin users with the manage-realm role Closes #28733 Signed-off-by: vramik <vramik@redhat.com>	2024-04-23 12:16:57 -03:00
Mark Banierink	ad32896725	replaced and removed deprecated token methods (#27715 ) closes #19671 Signed-off-by: Mark Banierink <mark.banierink@nedap.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-23 09:23:37 +02:00
mposolda	337a337bf9	Grant urn:ietf:params:oauth:grant-type:pre-authorized_code was enabled even if oid4vc_vci feature is disabled closes #28968 Signed-off-by: mposolda <mposolda@gmail.com>	2024-04-22 18:31:46 +02:00
Ott	975bb6762f	Fixed type in invalidPasswordNotContainsUsernameMessage Signed-off-by: Ott <ottalexanderdev@gmail.com>	2024-04-22 08:06:02 -03:00
Douglas Palmer	ed22530d16	Failure reset time is applied to Permanent Lockout Closes #28821 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-22 11:47:22 +02:00
Stefan Wiedemann	b08c644601	Support credentials issuance through oid4vci (#27931 ) closes #25940 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-04-22 11:37:55 +02:00
Lex Cao	7e034dbbe0	Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393 ) Closes #26201. Signed-off-by: Lex Cao <lexcao@foxmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-04-22 11:30:14 +02:00
etiksouma	1afd20e4c3	return proper error message for admin users endpoint closes #28416 Signed-off-by: etiksouma <al@mouskite.com>	2024-04-20 12:17:53 +02:00
Pedro Ruivo	3e0a185070	Remove deprecated EnvironmentDependentProviderFactory.isSupported method Closes #26280 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-04-19 16:36:49 +02:00
Giuseppe Graziano	f6071f680a	Avoid the same userSessionId after re-authentication Closes keycloak/keycloak-private#69 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-19 14:44:39 +02:00
mposolda	c427e65354	Secondary factor bypass in step-up authentication closes #34 Signed-off-by: mposolda <mposolda@gmail.com> (cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)	2024-04-19 14:43:53 +02:00
Giuseppe Graziano	897c44bd1f	Validation of providerId during required action registration Closes #26109 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-19 13:06:51 +02:00
Joerg Matysiak	76a5a27082	Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it Don't mask secrets at realm export Closes #21562 Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>	2024-04-18 18:26:47 -03:00
Pedro Igor	7483bae130	Make sure admin events are not referencing sensitive data from their representation Closes #21562 Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>	2024-04-18 18:26:47 -03:00
Steve Hawkins	0be34d64e7	task: refactor overlap between cli clients also repackaging to more clearly delineate code roles closes: #28329 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-04-18 17:39:16 -03:00
cgeorgilakis-grnet	89263f5255	Fix refresh token scope in refresh token flow with scope request parameter Closes #28463 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-04-18 16:17:46 -03:00
Ricardo Martin	8daace3f69	Validate Saml URLs inside DefaultClientValidationProvider (#135 ) (#28873 ) Closes keycloak/keycloak-private#62 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-18 16:04:13 +02:00
Ricardo Martin	fc6b6f0d94	Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131 ) (#28872 ) Closes keycloak/keycloak-private#113 Closes keycloak/keycloak-private#134 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2024-04-18 16:02:24 +02:00
Douglas Palmer	00d4cab55e	Flaky test: org.keycloak.testsuite.forms.ResetPasswordTest#resetPasswordLink Closes #21422 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-18 15:54:30 +02:00
vramik	860f3b7320	Prevent updating IdP via organization API not linked with the organization Closes #28833 Signed-off-by: vramik <vramik@redhat.com>	2024-04-18 09:14:54 -03:00
Stian Thorgersen	0d60e58029	Restrict the token types that can be verified when not using the user info endpoint (#146 ) (#28866 ) Closes #47 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Conflicts: core/src/main/java/org/keycloak/util/TokenUtil.java testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-18 14:11:05 +02:00
Justin Tay	d807093f63	Fix OCSP nonce handling Closes #26439 Co-authored-by: Ricardo Martin <rmartinc@redhat.com> Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-04-18 09:04:46 +02:00
Pedro Igor	f0f8a88489	Automatically fill username when authenticating to through a broker Closes #28848 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-18 08:24:34 +02:00
Pedro Igor	1e3837421e	Organization member onboarding using the organization identity provider Closes #28273 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-17 07:24:01 -03:00
Alexander Schwartz	13af4f44f5	Defer updates of last session updates and batch them (#28502 ) Defer updates of last session refreshes and batch them Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-04-17 09:25:05 +02:00
Pedro Ruivo	2494ad6950	Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory Closes #28752 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-04-16 10:51:57 +02:00
Pedro Ruivo	63cb137b37	Remove usages of EnvironmentDependentProviderFactory.isSupported Closes #28751 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-04-16 09:43:23 +02:00
Šimon Vacek	0205262c91	Workflow failure: Fuse adapter tests Closes: #27021 Signed-off-by: Simon Vacek <simonvacky@email.cz>	2024-04-15 17:28:16 +02:00
Steven Hawkins	58398d1f69	fix: replaces aesh with picocli (#28276 ) * fix: replaces aesh with picocli closes: #28275 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * fix: replaces aesh with picocli closes: #28275 Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-04-15 13:04:58 +00:00
Stefan Guilhen	2ab8bf852d	Add validation for the organization's internet domains. Closes #28634 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-15 09:03:52 -03:00
Patrick Jennings	551a3db987	Updating validation logic to match our expectations on what applicable should mean. Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-04-15 09:39:34 +02:00
Patrick Jennings	03db2e8b56	Integration tests around client type parameter validation. Throw common ClientTypeException with invalid params requested during client creation/update requests. This gets translated into ErrorResponseException in the Resource handlers. Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-04-15 09:39:34 +02:00
Patrick Jennings	9814733dd3	DefaultClientType service will now validate all client type default values and respond with bad request message with the affending parameters that attempt to override readonly in the client type config. Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-04-15 09:39:34 +02:00
Patrick Jennings	42202ae45e	Translate client type exception during client create into bad request response. Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-04-15 09:39:34 +02:00
Giuseppe Graziano	4672366eb9	Simplified checks in IntrospectionEndpoint (#28642 ) Closes #24466 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2024-04-12 21:19:04 +02:00
rmartinc	92bcd2645c	Retry the login in the SAML adapter if response is authentication_expired Closes #28412 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-12 14:55:31 +02:00
Marek Posolda	e6747bfd23	Adjust priority of SubMapper (#28663 ) closes #28661 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-04-12 14:13:03 +02:00
Pedro Igor	61b1eec504	Prevent members with an email other than the domain set to an organization Closes #28644 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-12 08:33:18 -03:00
Alexander Schwartz	b4cfebd8d5	Persistent sessions code also for offline sessions (#28319 ) Persistent sessions code also for offline sessions Closes #28318 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-04-12 13:15:02 +02:00
Martin Bartoš	a3669a6562	Make general cache options runtime (#28542 ) Closes #27549 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-04-12 11:56:11 +02:00
rmartinc	6d74e6b289	Escape slashes in full group path representation but disabled by default Closes #23900 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-12 10:53:39 +02:00
Stefan Guilhen	e6b9d287af	Add null checks after retrieving user from LDAP for validation to prevent NPE when user is removed in LDAP. Closes #28523 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-11 14:29:30 -03:00
rmartinc	d31f128ca2	Fix test IdentityProviderTest#testSamlImportWithAnyEncryptionMethod Closes #28577 Closes #28576 Closes #28575 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-11 18:56:37 +02:00
Steven Hawkins	d059a2af36	task: remove MultiVersionClusterTest (#28520 ) closes: #17483 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-04-11 14:13:52 +02:00
Martin Bartoš	ad4cbf2a14	OrganizationTest.testAttributes fails in GHA CI Fixes #28606 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-04-11 11:56:43 +02:00
tqe1999	6e0fc8a774	fix integer overflow with explicit cast Closes #28564 Signed-off-by: tqe1999 <tqe1999@gmail.com>	2024-04-11 10:58:44 +02:00
Giuseppe Graziano	33b747286e	Changed userId value for refresh token events Closes #28567 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-11 07:46:44 +02:00
Stefan Guilhen	9a466f90ab	Add ability to set one or more internet domain to an organization. Closed #28274 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-10 13:18:12 -03:00
devjos	cccddc0810	Fix brute force detection for LDAP read-only users Closes #28579 Signed-off-by: devjos <github_11837948@feido.de>	2024-04-10 16:36:11 +02:00
vramik	00ce3e34bd	Manage a single identity provider for an organization Closes #28272 Signed-off-by: vramik <vramik@redhat.com>	2024-04-10 09:47:51 -03:00
Jon Koops	0327787645	Remove legacy Account Console tests Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-04-10 14:34:56 +02:00
vramik	0826a12ca4	Exclude `groovy` artefact from testsuite to avoid version collision Closes #28555 Signed-off-by: vramik <vramik@redhat.com>	2024-04-10 09:16:36 -03:00
Martin Kanis	51fa054ba7	Manage organization attributes Closes #28253 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-04-10 09:10:49 -03:00
rmartinc	41b706bb6a	Initial security profile SPI to integrate default client policies Closes #27189 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-10 11:19:56 +02:00
Giuseppe Graziano	c76cbc94d8	Add sub via protocol mapper to access token Closes #21185 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-10 10:40:42 +02:00
mposolda	aa619f0170	Redirect error to client right-away when browser tab detects that another browser tab authenticated closes #27880 Signed-off-by: mposolda <mposolda@gmail.com>	2024-04-09 17:59:34 +02:00
Konstantinos Georgilakis	a40a953644	SAML element EncryptionMethod can consist any element closes #12585 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-04-09 14:15:56 +02:00
Stian Thorgersen	a499512f35	Set SameSite for all cookies (#28467 ) Closes #28465 Signed-off-by: stianst <stianst@gmail.com>	2024-04-09 12:29:19 +02:00
Václav Muzikář	e4987f10f5	Hostname SPI v2 (#26345 ) * Hostname SPI v2 Closes: #26084 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Address review comment Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Partially revert the previous fix Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Do not polish values Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Remove filtering of denied categories Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-04-09 11:25:19 +02:00
vibrown	3fffc5182e	Added ClientType implementation from Marek's prototype Signed-off-by: vibrown <vibrown@redhat.com> More updates Signed-off-by: vibrown <vibrown@redhat.com> Added client type logic from Marek's prototype Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> Testing to see if skipRestart was cause of test failures in MR	2024-04-08 20:20:37 +02:00
Pedro Igor	52ba9b4b7f	Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user Closes #28248 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-08 09:05:16 -03:00
Justin Tay	e765932df3	Skip unsupported keys in JWKS Closes #16064 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-04-08 08:42:31 +02:00
rmartinc	2b769e5129	Better management of the CSP header Closes https://github.com/keycloak/keycloak/issues/24568 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-08 08:19:57 +02:00
Giuseppe Graziano	b4f791b632	Remove session_state from tokens Closes #27624 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-08 08:12:51 +02:00
MNaaz	811c70d136	Support for searching users based on search filter, enabled attribute, first, max Closes #27241 Signed-off-by: MNaaz <feminity2001@yahoo.com>	2024-04-05 12:10:15 -03:00
Jon Koops	d3c2475041	Upgrade admin and account console to PatternFly 5 (#28196 ) Closes #21345 Closes #21344 Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Mark Franceschelli <mfrances@redhat.com> Co-authored-by: Hynek Mlnařík <hmlnarik@redhat.com> Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>	2024-04-05 16:37:05 +02:00
Gilvan Filho	96db7e3154	fix NotContainsUsernamePasswordPolicyProvider: reversed check closes #28389 Signed-off-by: Gilvan Filho <gfilho@redhat.com>	2024-04-05 10:39:07 -03:00
Pedro Igor	8fb6d43e07	Do not export ids when exporting authorization settings Closes #25975 Co-authored-by: 박시준 <sjpark@logblack.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-04 19:26:03 +02:00
Justin Tay	30cd40e097	Use realm default signature algorithm for id_token_signed_response_alg Closes #9695 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-04-04 11:37:28 +02:00
Justin Tay	89a5da1afd	Allow empty key use in JWKS for client authentication Closes #28004 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-04-04 10:42:37 +02:00
Marek Posolda	335a10fead	Handle 'You are already logged in' for expired authentication sessions (#27793 ) closes #24112 Signed-off-by: mposolda <mposolda@gmail.com>	2024-04-04 10:41:03 +02:00
Martin Bartoš	7f048300fe	Support management port for health and metrics (#27629 ) * Support management port for health and metrics Closes #19334 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Deprecate option Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove relativePath first-class citizen, rename ManagementSpec Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Fix KeycloakDistConfiguratorTest Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-04-03 16:18:44 +02:00
Hynek Mlnarik	8ef3423f4a	Present effective sync mode value When sync mode value is missing in the config of newly created identity provider, the provider does not store any. When no value is found, the identity provider behaves as if `LEGACY` was used (#6705). This PR ensures the correct sync mode is returned from the REST endpoint, regardless of whether it has been stored in the database or not. Fixes: #26019 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-04-03 15:49:18 +02:00
Pedro Igor	4ec9fea8f7	Adding tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-03 08:04:17 -03:00
Clemens Zagler	b44252fde9	authz/client: Fix getPermissions returning wrong type Due to an issue with runtime type erasure, getPermissions returned a List<LinkedHashSet> instead of List<Permission>. Fixed and added test to catch this Closes #16520 Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>	2024-04-02 11:09:43 -03:00
Giuseppe Graziano	fe06df67c2	New default client scope for 'basic' claims with 'auth_time' protocol mapper Closes #27623 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-02 08:44:28 +02:00
Stefan Guilhen	2ca59d4141	Align isEnabled in MSAD mappers to how other properties are processed in UserAttributeLDAPStorageMapper - user model is updated by onImport with the enabled/disabled status of the LDAP user - a config option always.read.enabled.value.from.ldap was introduced, in synch to what we have in UserAttributeLDAPStorageMapper - isEnabled checks the flag to decide if it should always retrieve the value from LDAP, or return the local value. - setEnabled first updates the LDAP tx, and then calls the delegate to avoid issue #24201 Closes #26695 Closed #24201 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-01 08:20:35 -03:00
Steven Hawkins	e9ad9d0564	fix: replace aesh with picocli (#27458 ) * fix: replace aesh with picocli closes: #27388 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java Co-authored-by: Martin Bartoš <mabartos@redhat.com> * splitting the error handling for password input Signed-off-by: Steve Hawkins <shawkins@redhat.com> * adding a change note about kcadm Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc Co-authored-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-03-28 14:34:06 +01:00
Alexander Schwartz	c580c88c93	Persist online sessions to the database (#27977 ) Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one. Closes #27976 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-03-28 09:17:07 +01:00
Gilvan Filho	757c524cc5	Password policy for not having username in the password closes #27643 Signed-off-by: Gilvan Filho <gfilho@redhat.com>	2024-03-28 08:29:03 +01:00
Pedro Igor	b9a7152a29	Avoid commiting the transaction prematurely when creating users through the User API Closes #28217 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-27 19:16:09 -03:00
Lex Cao	a53cacc0a7	Fire logout event when logout other sessions (#26658 ) Closes #26658 Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-03-27 11:13:48 +01:00
Jon Koops	3382e16954	Remove Account Console version 2 (#27510 ) Closes #19664 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-03-27 10:53:28 +01:00
Tomas Ondrusko	3160116a56	Remove Twitter workaround (#28232 ) Relates to #23252 Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2024-03-27 10:34:26 +01:00
Steven Hawkins	be32f8b1bf	fix: limit the use of Resteasy to the KeycloakSession (#28150 ) * fix: limit the use of Resteasy to the KeycloakSession contextualizes other state to the KeycloakSession close: #28152	2024-03-26 13:43:41 -04:00
vramik	fa1571f231	Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member Closes #27993 Signed-off-by: vramik <vramik@redhat.com>	2024-03-26 14:02:09 -03:00
Pedro Igor	a470711dfb	Resolve the user federation link as null when decorating the user profile metadata in the LDAP provider Closes #28100 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-26 10:14:49 -03:00
Stian Thorgersen	c3a98ae387	Use Argon2 as default password hashing algorithm (#28162 ) Closes #28161 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 13:04:14 +00:00
Stian Thorgersen	8cbd39083e	Default password hashing algorithm should be set to default password hash provider (#28128 ) Closes #28120 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 12:44:11 +01:00
Stian Thorgersen	3f9cebca39	Ability to set the default provider for an SPI (#28135 ) Closes #28134 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 07:45:08 +01:00
Stian Thorgersen	cae92cbe8c	Argon2 password hashing provider (#28031 ) Closes #28030 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 07:08:09 +01:00
Reda Bourial	a41d865600	fix for SMTP email sending fails because of tls certificate verification even with tls-hostname-verifier=ANY (#27756 ) Signed-off-by: Reda Bourial <reda.bourial@gmail.com>	2024-03-21 17:06:42 +01:00
Steven Hawkins	7eab019748	task: deprecate WILDCARD and STRICT options (#26833 ) closes: #24893 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-21 16:22:41 +01:00
Steven Hawkins	35b9d8aa49	task: remove usage of resteasy-core-spi (#27387 ) closes: #27242 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-21 15:28:34 +01:00
Giuseppe Graziano	b24d446911	Avoid using wait() to wait for the redirect Closes #22644 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-03-21 14:36:43 +01:00
Giuseppe Graziano	939420cea1	Always include offline_access scope when refreshing with offline token Closes #27878 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-03-21 14:32:31 +01:00
Pedro Igor	32541f19a3	Allow managing members for an organization Closes #27934 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-21 10:26:30 -03:00
Martin Kanis	4154d27941	Invalidating offline token is not working from client sessions tab Closes #27275 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-03-21 09:04:58 -03:00
Sebastian Schuster	0542554984	12671 querying by user attribute no longer forces case insensitivity for keys Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>	2024-03-21 08:35:29 -03:00
Pedro Igor	f970deac37	Do not grant scopes not granted for resources owned the resource server itself Closes #25057 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-20 18:36:41 +01:00
Alexander Schwartz	149e50e1b1	Upgrading to Quarkus 3.8.3 (#28085 ) Closes #28084 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-20 17:16:42 +01:00
Takashi Norimatsu	d5bf79b932	Refactoring JavaScript code of WebAuthn's authenticators to follow the current Keycloak's JavaScript coding convention closes #26713 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-03-20 13:22:48 +01:00
René Zeidler	83a3500ccf	Attributes without a group should appear first In the login theme, user profile attributes that are not assigned to an attribute group should appear before all other attributes. This aligns the login theme (registration, verify profile, etc.) with the account and admin console. Fixes #27981 Signed-off-by: René Zeidler <rene.zeidler@gmx.de>	2024-03-19 18:40:01 +01:00
Hynek Mlnařík	9caac3814c	Enable WebAuthn tests for Account v3 (#28029 ) * Re-enable WebAuthn testsuite * Remove reference to Account 2 in UI testsuites Fixes: #26080 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com> --------- Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-03-19 14:26:44 +01:00
Stefan Wiedemann	67d3e1e467	Issue Verifiable Credentials in the VCDM format #25943 (#27071 ) closes #25943 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-03-18 17:05:53 +01:00
cgeorgilakis-grnet	24f105e8fc	successful SAML IdP Logout Request with BaseID or EncryptedID and SessionIndex Closes #23528 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-03-18 08:19:13 -03:00
Alexander Schwartz	62d24216e3	Remove offline session preloading Closes #27602 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-15 15:19:27 +01:00
Pedro Igor	7fc2269ba5	The bare minimum implementation for organization Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: vramik <vramik@redhat.com>	2024-03-15 11:06:43 -03:00
Alexander Schwartz	6de5325d1c	Limit the received content when handling the content as a String Closes #27293 Co-authored-by: rmartinc <rmartinc@redhat.com> Signed-off-by: rmartinc <rmartinc@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-13 16:43:03 +01:00
Pedro Igor	9ad447390a	Only remove attributes with empty values when updating user profile Closes #27797 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-13 15:03:08 +01:00
Réda Housni Alaoui	1bf90321ad	"Allowed Protocol Mapper Types" prevents clients from self-updating via client registration api (#27578 ) closes #27558 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>	2024-03-13 14:00:34 +01:00
rmartinc	d679c13040	Continue LDAP search if a duplicated user (ModelDuplicateException) is found Closes #25778 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-03-13 08:52:58 -03:00
rmartinc	43a5779f6e	Do not challenge inside spnego authenticator is FORKED_FLOW Closes #20637 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-03-12 14:23:03 +01:00
Pedro Igor	1e48cce3ae	Make sure empty configuration resolves to the system default configuration Closes #27611 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-11 09:01:38 -03:00
Stefan Wiedemann	6fc69b6a01	Issue Verifiable Credentials in the SD-JWT-VC format (#27207 ) closes #25942 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com> Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-03-11 08:55:28 +01:00
Steve Hawkins	4091baf4c2	fix: accounting for the possibility of null flows from existing realms closes: #23980 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-08 14:25:23 +01:00
Pedro Igor	40385061f7	Make sure refresh token expiration is based on the current time when the token is issued Closes #27180 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-07 15:23:19 +01:00
rmartinc	ea4155bbcd	Remove recursively when deleting an authentication executor Closes #24795 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-03-07 14:43:23 +01:00
graziang	54b40d31b6	Revoked token cache expiration fix Added 1 second to the duration of the cache for revoked tokens to prevent them from still being valid for 1 second after the expiration date of the access token. Closes #26113 Signed-off-by: graziang <g.graziano94@gmail.com>	2024-03-07 13:33:37 +01:00
rmartinc	dea15e25da	Only add the nonce claim to the ID Token (mapper for backwards compatibility) Closes #26893 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-03-07 09:56:57 +01:00
Pedro Igor	d5a613cd6b	Support for script providers when running in embedded mode Closes #27574 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-06 18:06:09 -03:00
Theresa Henze	653d09f39a	trigger REMOVE_TOTP event on removal of an OTP credential Closes #15403 Signed-off-by: Theresa Henze <theresa.henze@bare.id>	2024-03-06 17:12:50 +01:00
graziang	39299eeb38	Encode role name parameter in the location header uri The role is encoded to avoid template resolution by the URIBuilder. This fix avoids the exception when creating roles with names containing {patterns}. Closes #27514 Signed-off-by: graziang <g.graziano94@gmail.com>	2024-03-06 15:59:26 +01:00
rmartinc	82af0b6af6	Initial client policies integration for SAML Closes #26654 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-03-06 15:18:35 +01:00
Pedro Igor	d12711e858	Allow fetching roles when evaluating role licies Closes #20736 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-05 15:54:02 +01:00
graziang	4fa940a31e	Device verification flow always requires consent Force consent for device verification flow when there are no client scopes to approve by adding a default client scope to approve Closes #26100 Signed-off-by: graziang <g.graziano94@gmail.com>	2024-03-05 14:14:19 +01:00
Tero Saarni	e06fcbe6ae	Change supported criteria for Google Authenticator List Google Authenticator as supported when - hash algorithm is SHA256 or SHA512 - number of digits is 8 - OTP type is hotp Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2024-03-05 11:19:06 +01:00
Tomas Ondrusko	9404b888d1	Update disabled feature status code in social login tests Closes #27366 Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2024-03-05 10:22:51 +01:00
Pavel Drozd	be7775a9be	LDAPSyncTest - additional removal of users at the end of the test Necessary when running with external AD Closes #27499 Signed-off-by: Pavel Drozd <pdrozd@redhat.com>	2024-03-05 09:54:58 +01:00
Pedro Igor	2c750c8ffb	Reverting unrelated changes to templates Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-04 20:28:06 +09:00
Jon Koops	0894642838	Fix up selector for submit button Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-03-04 20:28:06 +09:00

... 3 4 5 6 7 ...

6928 commits