Commit graph

3941 commits

Author SHA1 Message Date
Pedro Igor
1e3837421e Organization member onboarding using the organization identity provider
Closes #28273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Šimon Vacek
0205262c91
Workflow failure: Fuse adapter tests
Closes: #27021

Signed-off-by: Simon Vacek <simonvacky@email.cz>
2024-04-15 17:28:16 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli (#28276)
* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-15 13:04:58 +00:00
Stefan Guilhen
2ab8bf852d Add validation for the organization's internet domains.
Closes #28634

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Patrick Jennings
551a3db987 Updating validation logic to match our expectations on what applicable should mean.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
03db2e8b56 Integration tests around client type parameter validation. Throw common ClientTypeException with invalid params requested during client creation/update requests. This gets translated into ErrorResponseException in the Resource handlers.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
9814733dd3 DefaultClientType service will now validate all client type default values and respond with bad request message with the affending parameters that attempt to override readonly in the client type config.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
42202ae45e Translate client type exception during client create into bad request response.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Giuseppe Graziano
4672366eb9
Simplified checks in IntrospectionEndpoint (#28642)
Closes #24466

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
2024-04-12 21:19:04 +02:00
rmartinc
92bcd2645c Retry the login in the SAML adapter if response is authentication_expired
Closes #28412

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 14:55:31 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper (#28663)
closes #28661


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-12 14:13:03 +02:00
Pedro Igor
61b1eec504 Prevent members with an email other than the domain set to an organization
Closes #28644

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Martin Bartoš
a3669a6562
Make general cache options runtime (#28542)
Closes #27549

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-12 11:56:11 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Stefan Guilhen
e6b9d287af Add null checks after retrieving user from LDAP for validation to prevent NPE when user is removed in LDAP.
Closes #28523

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-11 14:29:30 -03:00
rmartinc
d31f128ca2 Fix test IdentityProviderTest#testSamlImportWithAnyEncryptionMethod
Closes #28577
Closes #28576
Closes #28575

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-11 18:56:37 +02:00
Steven Hawkins
d059a2af36
task: remove MultiVersionClusterTest (#28520)
closes: #17483

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-11 14:13:52 +02:00
Martin Bartoš
ad4cbf2a14 OrganizationTest.testAttributes fails in GHA CI
Fixes #28606

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-11 11:56:43 +02:00
tqe1999
6e0fc8a774
fix integer overflow with explicit cast
Closes #28564

Signed-off-by: tqe1999 <tqe1999@gmail.com>
2024-04-11 10:58:44 +02:00
Giuseppe Graziano
33b747286e Changed userId value for refresh token events
Closes #28567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-11 07:46:44 +02:00
Stefan Guilhen
9a466f90ab Add ability to set one or more internet domain to an organization.
Closed #28274

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00
devjos
cccddc0810 Fix brute force detection for LDAP read-only users
Closes #28579

Signed-off-by: devjos <github_11837948@feido.de>
2024-04-10 16:36:11 +02:00
vramik
00ce3e34bd Manage a single identity provider for an organization
Closes #28272

Signed-off-by: vramik <vramik@redhat.com>
2024-04-10 09:47:51 -03:00
Martin Kanis
51fa054ba7 Manage organization attributes
Closes #28253

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-10 09:10:49 -03:00
rmartinc
41b706bb6a Initial security profile SPI to integrate default client policies
Closes #27189

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-10 11:19:56 +02:00
Giuseppe Graziano
c76cbc94d8 Add sub via protocol mapper to access token
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-10 10:40:42 +02:00
mposolda
aa619f0170 Redirect error to client right-away when browser tab detects that another browser tab authenticated
closes #27880

Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-09 17:59:34 +02:00
Konstantinos Georgilakis
a40a953644 SAML element EncryptionMethod can consist any element
closes #12585

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-04-09 14:15:56 +02:00
Stian Thorgersen
a499512f35
Set SameSite for all cookies (#28467)
Closes #28465

Signed-off-by: stianst <stianst@gmail.com>
2024-04-09 12:29:19 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 (#26345)
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
vibrown
3fffc5182e Added ClientType implementation from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>

More updates

Signed-off-by: vibrown <vibrown@redhat.com>

Added client type logic from Marek's prototype

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Justin Tay
e765932df3 Skip unsupported keys in JWKS
Closes #16064

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-08 08:42:31 +02:00
rmartinc
2b769e5129 Better management of the CSP header
Closes https://github.com/keycloak/keycloak/issues/24568

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-08 08:19:57 +02:00
Giuseppe Graziano
b4f791b632 Remove session_state from tokens
Closes #27624

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-08 08:12:51 +02:00
MNaaz
811c70d136 Support for searching users based on search filter, enabled attribute, first, max Closes #27241
Signed-off-by: MNaaz <feminity2001@yahoo.com>
2024-04-05 12:10:15 -03:00
Jon Koops
d3c2475041
Upgrade admin and account console to PatternFly 5 (#28196)
Closes #21345
Closes #21344

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Mark Franceschelli <mfrances@redhat.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2024-04-05 16:37:05 +02:00
Gilvan Filho
96db7e3154 fix NotContainsUsernamePasswordPolicyProvider: reversed check
closes #28389

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-04-05 10:39:07 -03:00
Pedro Igor
8fb6d43e07 Do not export ids when exporting authorization settings
Closes #25975

Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-04 19:26:03 +02:00
Justin Tay
30cd40e097 Use realm default signature algorithm for id_token_signed_response_alg
Closes #9695

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-04 11:37:28 +02:00
Justin Tay
89a5da1afd Allow empty key use in JWKS for client authentication
Closes #28004

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-04 10:42:37 +02:00
Marek Posolda
335a10fead
Handle 'You are already logged in' for expired authentication sessions (#27793)
closes #24112

Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-04 10:41:03 +02:00
Martin Bartoš
7f048300fe
Support management port for health and metrics (#27629)
* Support management port for health and metrics

Closes #19334

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Deprecate option

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove relativePath first-class citizen, rename ManagementSpec

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Fix KeycloakDistConfiguratorTest

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-03 16:18:44 +02:00
Hynek Mlnarik
8ef3423f4a Present effective sync mode value
When sync mode value is missing in the config of newly created identity
provider, the provider does not store any. When no value is
found, the identity provider behaves as if `LEGACY` was used (#6705).

This PR ensures the correct sync mode is returned from the REST endpoint,
regardless of whether it has been stored in the database or not.

Fixes: #26019

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-03 15:49:18 +02:00
Pedro Igor
4ec9fea8f7 Adding tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 08:04:17 -03:00
Clemens Zagler
b44252fde9 authz/client: Fix getPermissions returning wrong type
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this

Closes #16520

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Giuseppe Graziano
fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00
Stefan Guilhen
2ca59d4141 Align isEnabled in MSAD mappers to how other properties are processed in UserAttributeLDAPStorageMapper
- user model is updated by onImport with the enabled/disabled status of the LDAP user
- a config option always.read.enabled.value.from.ldap was introduced, in synch to what we have in UserAttributeLDAPStorageMapper
- isEnabled checks the flag to decide if it should always retrieve the value from LDAP, or return the local value.
- setEnabled first updates the LDAP tx, and then calls the delegate to avoid issue #24201

Closes #26695
Closed #24201

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-01 08:20:35 -03:00
Steven Hawkins
e9ad9d0564
fix: replace aesh with picocli (#27458)
* fix: replace aesh with picocli

closes: #27388

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

* splitting the error handling for password input

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a change note about kcadm

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-03-28 14:34:06 +01:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database (#27977)
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.

Closes #27976

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-03-28 09:17:07 +01:00
Gilvan Filho
757c524cc5 Password policy for not having username in the password
closes #27643

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-03-28 08:29:03 +01:00
Pedro Igor
b9a7152a29 Avoid commiting the transaction prematurely when creating users through the User API
Closes #28217

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-27 19:16:09 -03:00
Lex Cao
a53cacc0a7 Fire logout event when logout other sessions (#26658)
Closes #26658

Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-03-27 11:13:48 +01:00
Jon Koops
3382e16954
Remove Account Console version 2 (#27510)
Closes #19664

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-27 10:53:28 +01:00
Tomas Ondrusko
3160116a56
Remove Twitter workaround (#28232)
Relates to #23252

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2024-03-27 10:34:26 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession (#28150)
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
2024-03-26 13:43:41 -04:00
vramik
fa1571f231 Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member
Closes #27993

Signed-off-by: vramik <vramik@redhat.com>
2024-03-26 14:02:09 -03:00
Pedro Igor
a470711dfb Resolve the user federation link as null when decorating the user profile metadata in the LDAP provider
Closes #28100

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-26 10:14:49 -03:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162)
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 13:04:14 +00:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider (#28128)
Closes #28120

Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 12:44:11 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031)
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
Reda Bourial
a41d865600 fix for SMTP email sending fails because of tls certificate verification even with tls-hostname-verifier=ANY (#27756)
Signed-off-by: Reda Bourial <reda.bourial@gmail.com>
2024-03-21 17:06:42 +01:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options (#26833)
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:22:41 +01:00
Giuseppe Graziano
b24d446911 Avoid using wait() to wait for the redirect
Closes #22644

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-03-21 14:36:43 +01:00
Giuseppe Graziano
939420cea1 Always include offline_access scope when refreshing with offline token
Closes #27878

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-03-21 14:32:31 +01:00
Pedro Igor
32541f19a3 Allow managing members for an organization
Closes #27934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-21 10:26:30 -03:00
Martin Kanis
4154d27941 Invalidating offline token is not working from client sessions tab
Closes #27275

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-03-21 09:04:58 -03:00
Sebastian Schuster
0542554984 12671 querying by user attribute no longer forces case insensitivity for keys
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-03-21 08:35:29 -03:00
Pedro Igor
f970deac37 Do not grant scopes not granted for resources owned the resource server itself
Closes #25057

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-20 18:36:41 +01:00
René Zeidler
83a3500ccf Attributes without a group should appear first
In the login theme, user profile attributes that
are not assigned to an attribute group should
appear before all other attributes. This aligns
the login theme (registration, verify profile,
etc.) with the account and admin console.

Fixes #27981

Signed-off-by: René Zeidler <rene.zeidler@gmx.de>
2024-03-19 18:40:01 +01:00
Stefan Wiedemann
67d3e1e467
Issue Verifiable Credentials in the VCDM format #25943 (#27071)
closes #25943


Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-03-18 17:05:53 +01:00
cgeorgilakis-grnet
24f105e8fc successful SAML IdP Logout Request with BaseID or EncryptedID and SessionIndex
Closes #23528

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-03-18 08:19:13 -03:00
Alexander Schwartz
62d24216e3 Remove offline session preloading
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5 The bare minimum implementation for organization
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: vramik <vramik@redhat.com>
2024-03-15 11:06:43 -03:00
Alexander Schwartz
6de5325d1c Limit the received content when handling the content as a String
Closes #27293

Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 16:43:03 +01:00
Pedro Igor
9ad447390a Only remove attributes with empty values when updating user profile
Closes #27797

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-13 15:03:08 +01:00
Réda Housni Alaoui
1bf90321ad
"Allowed Protocol Mapper Types" prevents clients from self-updating via client registration api (#27578)
closes #27558 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-03-13 14:00:34 +01:00
rmartinc
d679c13040 Continue LDAP search if a duplicated user (ModelDuplicateException) is found
Closes #25778

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-13 08:52:58 -03:00
rmartinc
43a5779f6e Do not challenge inside spnego authenticator is FORKED_FLOW
Closes #20637

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-12 14:23:03 +01:00
Pedro Igor
1e48cce3ae Make sure empty configuration resolves to the system default configuration
Closes #27611

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-11 09:01:38 -03:00
Stefan Wiedemann
6fc69b6a01
Issue Verifiable Credentials in the SD-JWT-VC format (#27207)
closes #25942

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>


Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-03-11 08:55:28 +01:00
Steve Hawkins
4091baf4c2 fix: accounting for the possibility of null flows from existing realms
closes: #23980

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-08 14:25:23 +01:00
Pedro Igor
40385061f7 Make sure refresh token expiration is based on the current time when the token is issued
Closes #27180

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-07 15:23:19 +01:00
rmartinc
ea4155bbcd Remove recursively when deleting an authentication executor
Closes #24795

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 14:43:23 +01:00
graziang
54b40d31b6 Revoked token cache expiration fix
Added 1 second to the duration of the cache for revoked tokens to prevent them from still being valid for 1 second after the expiration date of the access token.

Closes #26113

Signed-off-by: graziang <g.graziano94@gmail.com>
2024-03-07 13:33:37 +01:00
rmartinc
dea15e25da Only add the nonce claim to the ID Token (mapper for backwards compatibility)
Closes #26893

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 09:56:57 +01:00
Theresa Henze
653d09f39a trigger REMOVE_TOTP event on removal of an OTP credential
Closes #15403

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
2024-03-06 17:12:50 +01:00
graziang
39299eeb38 Encode role name parameter in the location header uri
The role is encoded to avoid template resolution by the URIBuilder. This fix avoids the exception when creating roles with names containing {patterns}.

Closes #27514

Signed-off-by: graziang <g.graziano94@gmail.com>
2024-03-06 15:59:26 +01:00
rmartinc
82af0b6af6 Initial client policies integration for SAML
Closes #26654

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-06 15:18:35 +01:00
Pedro Igor
d12711e858 Allow fetching roles when evaluating role licies
Closes #20736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
graziang
4fa940a31e Device verification flow always requires consent
Force consent for device verification flow when there are no client scopes to approve by adding a default client scope to approve

Closes #26100

Signed-off-by: graziang <g.graziano94@gmail.com>
2024-03-05 14:14:19 +01:00
Tero Saarni
e06fcbe6ae Change supported criteria for Google Authenticator
List Google Authenticator as supported when
- hash algorithm is SHA256 or SHA512
- number of digits is 8
- OTP type is hotp

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-03-05 11:19:06 +01:00
Tomas Ondrusko
9404b888d1
Update disabled feature status code in social login tests
Closes #27366

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2024-03-05 10:22:51 +01:00
Pavel Drozd
be7775a9be LDAPSyncTest - additional removal of users at the end of the test
Necessary when running with external AD

Closes #27499

Signed-off-by: Pavel Drozd <pdrozd@redhat.com>
2024-03-05 09:54:58 +01:00
Pedro Igor
2c750c8ffb Reverting unrelated changes to templates
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-04 20:28:06 +09:00
Jon Koops
0894642838 Fix up selector for submit button
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-04 20:28:06 +09:00
Lucy Linder
aa6771205a Update ReCAPTCHA and add support for ReCAPTCHA Enterprise
Closes #16138

Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-03-04 20:28:06 +09:00
rmartinc
f970803738 Check email and username for duplicated if isLoginWithEmailAllowed
Closes #27297

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-02 00:14:27 +09:00
Andy
137907f5ef Roles admin REST API: Don't expand composite roles
Additionally:
- Import clean-up
- Added requireMapComposite as in RoleResource.addComposites

Closes #26951

Signed-off-by: synth3 <19573241+synth3@users.noreply.github.com>
2024-03-02 00:03:03 +09:00
Takashi Norimatsu
1792af6850 OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor
closes #27412

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-03-01 14:49:23 +01:00