Pedro Igor
243e63c9f3
Do not set empty permissions to username and email attributes
...
Closes #11647
2022-06-07 10:59:35 -03:00
Pedro Igor
5f349195bb
Provide a separate guide for configuring the server truststore
...
Closes #12260
2022-06-07 10:57:37 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API ( #11199 )
2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration ( #12244 )
...
Closes #12243
2022-06-07 09:02:00 +02:00
Martin Kanis
df72cf72f2
Hot Rod map storage: Single-use (action token) no-downtime store
2022-06-06 16:01:18 +02:00
Bruno Oliveira da Silva
a102e28dbb
Update webauthn4j to 0.20.0
...
A new version which contains a couple of
bug fixes plus CVE updates for its dependencies:
Breaking changes
- Add EdDSA support #662
- Correct AuthenticationAlgorithm(0x0011) value #657
Dependency Upgrades
- Bump spring-boot-dependencies from 2.6.7 to 2.7.0 #661
- Bump jacksonVersion from 2.13.2 to 2.13.3 #660
- Bump kerby-asn1 from 2.0.1 to 2.0.2 #659
Bump checker-qual from 3.21.4 to 3.22.0 #654
Resolves #12311
2022-06-06 13:45:17 +02:00
rmartinc
5332a7d435
Issue #9194 : Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256
2022-06-06 12:07:09 +02:00
Alexander Bokovoy
1915f11cba
OAuth2DeviceConfig: fix polling interval defaults
...
Instead of DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL, constant for the
lifespan was used to initialize the default polling interval.
This leads to inability to continuously poll the result as the result
stuck in the actionTokens cache for far longer than expected (600
seconds instead of 5 seconds). As a result, only the first request for
the token succeeds if a resource owner already did grant the access. If
that has not happened, any additional polling within 600 seconds would
get rejected with a 'slow_down' response.
This makes hard to write OAuth 2.0 clients using device code
authorization grant flow against multiple IdPs. Microsoft's
implementation of OAuth 2.0 device code grant flow requires 'nudging'
the Authorization Server's token endpoint before it even starts
recognizing the device code. Keycloak mismatch of the polling interval
default makes this flow impossible.
Closes #12327
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-06-06 11:54:56 +02:00
Takashi Norimatsu
3889eeda30
Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API
...
Closes #12295
2022-06-06 11:30:48 +02:00
Nick Farley
91e88f554e
Replaces instances of himself
with more inclusive language
...
Closes #12300
2022-06-03 12:25:14 -03:00
andreaTP
f9c6ea84ad
Respect http-relative-path
with probes
2022-06-03 12:23:36 -03:00
vramik
c31d37ddf1
Each JpaRootEntity should have its own current schema version
...
Closes #12272
2022-06-02 17:16:34 +02:00
Michal Hajas
09c0a69a8f
Add HotRod no downtime store for events
...
Closes #9676
2022-06-02 13:30:19 +02:00
andreaTP
0a8e132c7c
Refactor the packages structure of the operator
2022-06-01 17:30:47 -03:00
Adam Jones
74870a2ac6
Update issues link to GitHub issues rather than JBoss/RedHat JIRA ( #12218 )
...
* Update welcome page link to GitHub issues rather than JBoss/RedHat JIRA
* Update GOVERNANCE.md
* Update index.ftl
2022-06-01 15:20:36 +02:00
Salih Candir
990df8feb5
fix wrong xRobotsTag label bound ( #12288 )
...
Set the `for` attribute of the xRobotsTag label to `xRobotsTag`
Closes #12286
2022-06-01 15:18:38 +02:00
Martin Kanis
75754eca6b
Extract timestamp from Expirable entity
2022-06-01 13:03:31 +02:00
Alexander Schwartz
6c3d25fd8f
Limit the number of clientSessionIds in the test
...
Before it was 1500 client sessions, now its only 150 client sessions. This should help to keep the test within its time constraint of 60 + 30 seconds.
Closes #12264
2022-05-31 17:10:49 +02:00
mposolda
f90fbb9c71
Changing locale on logout confirmation did not work
...
Closes #11951
2022-05-31 16:03:58 +02:00
andreaTP
8f54f03f17
Fix CodeQl actions syntax
2022-05-31 08:53:42 -03:00
andreaTP
8912b6dc96
Improve Operator CI robustness
2022-05-31 08:52:40 -03:00
Takashi Norimatsu
d083b6c484
ciba http auth channel sends client_id and client_secret via delegation request
...
Closes #10993
2022-05-31 08:22:50 +02:00
vramik
be28e866b9
JPA map storage: Authorization services no-downtime store
...
Closes #9669
2022-05-30 21:05:34 +02:00
andreaTP
7c7588e8db
Make OLM tests Maven build self-contained
2022-05-30 15:23:11 -03:00
Pedro Igor
ea22989d89
Fixing ClientTokenExchangeTest to also run when TLS is disabled
...
Closes #11818
2022-05-30 11:23:46 -03:00
Pedro Hos
e121371401
/clients-registrations API doesn't return secret anymore and is not coherent #11116
...
/clients-registrations API doesn't return secret anymore and is not coherent
fixing merge
/clients-registrations API doesn't return secret anymore and is not coherent
fixing test that was failing
Replace tabs with regular spaces
fixing identation
/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116
fixing test that was failing
2022-05-30 15:18:56 +02:00
mposolda
4222de8f41
OIDC RP-Initiated Logout POST method support
...
Closes #11958
2022-05-30 14:10:58 +02:00
Pedro Igor
c0fd3b89ea
Fixing docs to state that substitution only works when importing at startup
...
Closes #12069
2022-05-30 08:09:00 -03:00
Stefan Guilhen
808738220f
Change CodeGenerateUtil so that it doesn't add/remove the code in an inner transaction
...
Fixes #11617
2022-05-30 12:55:48 +02:00
Michal Hajas
9b36ea0269
Add cascade removal of client session on user session removal for HotRod
...
Closes #12096
2022-05-30 09:58:54 +02:00
Michal Hajas
1a98765fb7
Fix cascade removal of client session on user session removal for CHM
...
Closes #12146
2022-05-30 09:58:54 +02:00
Marek Posolda
cf386efa40
Support for client_id parameter in OIDC RP-Initiated logout endpoint ( #12202 )
...
Closes #12002
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2022-05-27 14:12:37 +02:00
Alexander Schwartz
063960aaa3
Deferred indexes are not available on CockroachDB, therefore, only use them on PostgreSQL
...
Closes #12176
2022-05-27 08:51:20 -03:00
Dmitry Telegin
86883fd68a
Remove org.keycloak.protocol.oidc.TokenManager.RefreshResult ( #12196 )
...
Closes #12194
2022-05-27 13:00:10 +02:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 ( #11322 )
...
Closes #9945
2022-05-27 12:28:50 +02:00
Luca Leonardo Scorcia
27650ab816
Fix #10982 SAML Client - Introduce SAML Issuer validation
2022-05-27 10:58:10 +02:00
Robert Pocklington
c462468577
Fix typo in keycloak.d.ts ( #12197 )
...
Resolves #12212
2022-05-26 15:45:10 -03:00
Martin Bartoš
d8cded994f
WebAuthn test failures in admin console ( #12161 )
...
Resolves #12160
2022-05-26 12:55:22 -03:00
andreaTP
d66710205c
Refactor dist config to a common module
2022-05-26 12:07:03 -03:00
Michal Hajas
bc59fad85b
Unify way how expirable entities are handled in the new store
...
Closes #11947
2022-05-26 13:17:27 +02:00
Ian
78b88765ec
use toString() instead of cast String or it will fail when using Spring configtree ( #10980 )
...
Resolves #10979
Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
2022-05-25 16:41:00 -03:00
Alexander Schwartz
8fe263e7b3
Build operator dependencies first before testing it
...
Closes #11641
2022-05-25 16:40:13 -03:00
Pedro Igor
6156272f39
Persisted config source not loading properties at runtime ( #12157 )
...
Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-05-25 16:29:37 -03:00
Martin Kanis
0cb3c95ed5
Map storage: Single-use objects (action token)
2022-05-25 16:47:10 +02:00
dependabot[bot]
6dda69a634
Update github/codeql-action from 2.1.10 to 2.1.11 ( #12150 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-25 10:51:51 -03:00
Pedro Igor
26c87af9f4
Avoiding unnecessary roundtrips to the database when evaluating permissions
...
Closes #12148
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2022-05-25 12:23:15 +02:00
vramik
ad3da7f5e4
JPA map storage: disable failing on unknown properties when deserializing the object
...
Closes #12173
2022-05-25 09:31:40 +02:00
vramik
2cbc167435
JPA map storage: model tests fails with NPE
...
Closes #12165
2022-05-25 09:28:08 +02:00
andreaTP
756b6c2f87
Filter CodeQL actions to only run on main repo
2022-05-24 17:51:16 -03:00
Martin Bartoš
86f31e8df5
Fix BlacklistPasswordPolicyDefaultPath Failures on Windows
...
Fixes #11967
2022-05-24 17:26:19 -03:00