libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
22789 commits 4 branches 5 tags 480 MiB
Commit graph

6181 commits

Author SHA1 Message Date
Marek Posolda
032ece9f7b
Clarify user session limits documentation and test SSO scenario (#19372) 
Closes #17374


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-03-29 10:08:45 +02:00
rmartinc
2bb9de1a8c Allow application/jwt media type for userinfo endpoint 
Closes: https://github.com/keycloak/keycloak/issues/19346
 2023-03-28 08:47:35 -03:00
Michal Hajas
beca22311b Add RefreshTokenTest to database suite so it can catch some expiration issues similar to #17570 2023-03-28 08:32:31 +02:00
Michal Hajas
2a5b5c4a40 Fix stale client session is present in user session 
Closes #17570
 2023-03-28 08:32:31 +02:00
Pedro Igor
a9c605750d Returning email as username setting for admins 
Fixes #17591
 2023-03-27 16:33:44 -03:00
Alexander Schwartz
251f6151e8 Rework the Import SPI to be configurable via the Config API 
Also rework the export/import CLI for Quarkus, so that runtime options are available.

Closes #17663
 2023-03-24 15:28:55 -03:00
Pedro Hos
bd0a23a865 /users/count endpoint with search field has different behavior than /users query endpoint #17620 
closes #17620
 2023-03-24 13:43:47 +01:00
Klajdi Paja
cf61a65198 Return a user friendly message when a group name already exists on the same level. 
Closes #16888
 2023-03-24 08:13:49 +01:00
rmartinc
8bc5273792 EAP7 and wildfly adapter tests fixes. Execute enable-elytron-se17.cli for EAP7 and JDK-17. 
Closes https://github.com/keycloak/keycloak/issues/19273
 2023-03-23 17:02:39 -03:00
Ayrat Hudaygulov
f578f91a0b Fix ID token not being sent after expiration for OIDC logout 
Closes #10164
 2023-03-23 13:01:02 +01:00
Hiroyuki Wada
46eb2e1b84 Fix attribute deleted from LDAP is not immediately reflected even if it is "Always Read Value From LDAP" 2023-03-21 10:28:41 +01:00
Ricardo Martin
1a622e707f
Flaky tests org.keycloak.testsuite.federation.sync.SyncFederationTest (#19095) 
Closes: https://github.com/keycloak/keycloak/issues/17430
Closes: https://github.com/keycloak/keycloak/issues/17431
 2023-03-21 08:30:42 +01:00
Alexander Schwartz
513bb809f3 Add a map storage global locking implementation for JPA 
Closes #14734
 2023-03-21 08:21:11 +01:00
rmartinc
bef0a4a6f1 Check frontendUrl in the hostname providers 
Closes https://github.com/keycloak/keycloak/issues/17686
 2023-03-20 18:54:58 -03:00
Miquel Simon
80d3cc5dea Added option for Chrome driver needed for version >= 111. 
Closes #19137
 2023-03-20 13:09:23 +01:00
Pedro Igor
a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library 
Closes keycloak#17353
 2023-03-17 11:40:51 +01:00
rmartinc
cab7e50410 Better handling for SAML signatures in POST and REDIRECT bindings 
Closes https://github.com/keycloak/keycloak/issues/17456
 2023-03-15 09:06:59 -03:00
Martin Kanis
5e7793b64d Unexpected invalid_grant error on offline session refresh when client session is not in the cache 
Closes #9959

Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Lex Cao <lexcao@foxmail.com>
 2023-03-15 12:39:43 +01:00
Jon Koops
96aa4b3394
Add Maven build for the Admin UI (#17552) 2023-03-13 18:16:12 +00:00
Hynek Mlnarik
fe5d89295f Fix client (scope) model test placement 
Fixes: #17212
 2023-03-13 14:35:14 +01:00
Pedro Igor
af475ffe23 Fixing classloading issue due to the curated application being eagerly closed 2023-03-13 09:34:49 +01:00
Alexander Schwartz
0b2802fa18 Fixing compile time warnings 
Avoiding calling deprecated methods, and adding compile time dependencies for annotations.

Closes #17499
 2023-03-09 15:42:55 +01:00
vramik
31e4c5cb7e Add storage-jpa-db property into Quarkus. Distinguish postgres and crdb for jpa map store. 
Closes #17305
 2023-03-09 11:09:56 +01:00
Tero Saarni
9052ec2b02
Add admin events for realm create/delete. (#10831) 
Closes #10733
 2023-03-07 15:57:06 +01:00
Simon Levermann
96c1cf3c49 Allow mapping of UserSessionNotes into UserInfo 
Fixes #15369
 2023-03-07 15:25:14 +01:00
rmartinc
a56b38c5a6 Don't remove session and don't reset restart cookie if passive check error 
Closes https://github.com/keycloak/keycloak/issues/11340
 2023-03-07 15:10:09 +01:00
rmartinc
06ff8b016c Don't set REMEMBER_ME if it's disabled at realm level 
Closes https://github.com/keycloak/keycloak/issues/11330
 2023-03-07 15:01:58 +01:00
Michal Hajas
837c64de3d Add support for pessimistic locking to HotRod 
Closes #13273
 2023-03-07 10:44:31 +01:00
Alexander Schwartz
f6f179eaca Rework the export to use CLI options and property mappers 
Also, adding the wiring to support Model tests for the export.

Closes #13613
 2023-03-07 08:22:12 +01:00
mposolda
a0192d61cc Redirect loop with authentication success but access denied at default identity provider 
closes #17441
 2023-03-06 10:45:01 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer 
Closes #17336
 2023-03-03 17:58:34 +01:00
Zakaria Amine
fb5a7f654b
trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100) 
closes #15098
 2023-03-03 17:49:27 +01:00
Jon Koops
6d2e57f93a
Move Keycloak JS into the NPM workspace (#17401) 2023-03-03 13:56:53 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Alexander Schwartz
95a6effcef Increase memory for the model tests to avoid an OOM error 
Closes #17427
 2023-03-03 10:55:03 +01:00
Alexander Schwartz
1e4401f521 Avoid returning the same entity multiple times from separate searches 
Closes #15604
 2023-03-02 08:21:38 +01:00
mposolda
b28bde542f referrer_url is not correctly computed in account console 
closes #16484
 2023-03-01 20:49:15 +01:00
Marek Posolda
59f4fe1c60
NPE on Theme after upgrade to 21 when parent or import theme not exists (#17350) 
* NPE on Theme after upgrade to 21 when parent or import theme not exists
closes #17313

* Update per review
 2023-03-01 15:46:37 +00:00
Michal Hajas
e02c95f9d3 Fix testReleaseAllLocksMethod timing out intermittently 
Closes #17337
 2023-03-01 14:55:50 +01:00
rmartinc
5cdf4d5791 Read-Only attributes should be modified if creation is delayed for LDAP 
Closes https://github.com/keycloak/keycloak/issues/16848
 2023-03-01 11:26:57 +01:00
Michal Hajas
7899c6c80a Make DeviceRepresentationProvider available for all model test profiles 
Closes #17329
 2023-02-28 14:55:48 +01:00
Pedro Igor
fbf5541802 Remove duplicated set-cookie header from response when expiring cookies 
Closes #17192
 2023-02-27 14:17:27 -03:00
lpa
3cd413dee1 SOAP backchannel logout for SAML protocol 
Closes #16293
 2023-02-27 14:24:12 +01:00
rmartinc
38a46726e4 Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers 
Closes https://github.com/keycloak/keycloak/issues/15624
 2023-02-27 10:14:48 -03:00
Miquel Simon
923a321a55
Run WebAuthn IT with Chrome. (#17256) 2023-02-23 20:58:13 +00:00
Václav Muzikář
557a22968c
Stabilize Account Console UI tests (#17243) 
Closes #17178
Closes #17102
Closes #17070
Closes #17045
Closes #17044
Closes #16875
Closes #16870
Closes #16715
Closes #16670
Closes #16646
Closes #16627
Closes #16620
 2023-02-23 12:35:08 +01:00
Marek Posolda
b9ab942ef8
FIPS related docs (#17196) 
* FIPS related docs
Closes #16444 #12432 #12429

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-02-22 12:47:15 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview (#17228) 
* Polish fips-mode switch for preview
Closes #17208 #17210 


Co-authored-by: mposolda <mposolda@gmail.com>
 2023-02-22 12:12:52 +01:00
mposolda
5ac8f7c1ef Link 'Sign out' incorrectly hardcoded to localhost in the authz example applications 
closes #17216
 2023-02-21 15:49:20 +01:00
Douglas Palmer
1d75000a0e Create an SPI for DeviceActivityManager 
closes #17134
 2023-02-20 09:29:11 +01:00
drohwer89
4ff180da64
Terminating all sessions above the session limit (#16068) 
Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit.

Closes #14689

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-02-16 17:56:59 +01:00
rmartinc
9995a3cdd4 lastSync value into COMPONENT_CONFIG is always updated 
Closes https://github.com/keycloak/keycloak/issues/17022
 2023-02-16 17:48:49 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode 
Closes #17119
 2023-02-16 08:00:21 -03:00
sui.jieqiang
1f6fa0501c Fix search user groups without limit 
Closes #12649
 2023-02-15 15:50:46 +01:00
rmartinc
fbc9177f27 Doublecheck if we need to override properties in java.security 
Closes https://github.com/keycloak/keycloak/issues/16702
 2023-02-15 12:33:48 +01:00
vramik
7b604d6784 Sync properties in map-storage-jpa-cocroach with other profiles 
Closes #17107
 2023-02-15 10:49:22 +01:00
Michal Hajas
1f929c78af Make lockTimeout more friendly for JPA map storage 
Closes #16616
 2023-02-15 10:38:18 +01:00
Hynek Mlnarik
bb0eb899a7 Add ability to run arq testsuite with file store 
Fixes: #17032
 2023-02-15 10:17:23 +01:00
Hynek Mlnarik
2665fb01a6 File storage: Fix path traversal 
Fixes: #17029
 2023-02-14 14:30:14 +01:00
Pedro Igor
9e46b9e43f Handling events after transaction completion using a separate session 
Closes #15656
 2023-02-14 13:10:57 +01:00
Václav Muzikář
a57821ed80 Fix JDK 17 InaccessibleObjectException with infinispan 2023-02-13 17:09:36 -03:00
Miquel Simon
48a22ff2f3
Added WebAuthn integration tests to CI workflow. (#16608) 2023-02-13 12:28:25 +00:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML 
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
 2023-02-10 12:06:49 +01:00
Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite (#16970) 
Closes #16969
 2023-02-09 12:21:33 +01:00
Pedro Igor
017ddc670b Removing references to old admin console test artifacts 2023-02-08 17:22:45 -03:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest (#16914) 
Closes #16896
 2023-02-08 14:49:49 +00:00
Dmitry Telegin
5f39aeb590 Pre-authorization hook for client policies 
Closes #9017
 2023-02-08 15:06:32 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction 
Closes #13280
 2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme (#16864) 
Closes #16862
 2023-02-08 09:22:39 +01:00
Hynek Mlnařík
f71ab092de
File store basis 
Fixes: #16676

---

* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite

---------

Co-authored-by: vramik <vramik@redhat.com>
 2023-02-07 14:59:23 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861) 
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
 2023-02-07 12:59:35 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens 
Closes #8833
 2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92 Revise blacklist password policy provider #8982 
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-02-07 10:36:39 +01:00
Martin Kanis
5ba004b447 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage 2023-02-07 10:01:32 +01:00
Stian Thorgersen
fc075a3d35
Remove old admin console tests (#16859) 
Closes #16858
 2023-02-07 08:51:36 +01:00
Denis Bernard
5db64133b8 Add Attribute to Group Mapper for SAML IDP 
Cleansing code as PR Comment

Add test for Advanced Attribute to Group Mapper

Closes #12950
 2023-02-06 10:58:48 -03:00
Pedro Igor
1a1ee78dbd Removing tests from base group broker mapper test classes 2023-02-06 10:58:48 -03:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798) 
Closes #16797
 2023-02-03 15:31:25 +01:00
rmartinc
f8f112d8d2
Upgrade twitter4j (#16828) 
Closes https://github.com/keycloak/keycloak/issues/16731
 2023-02-03 15:28:37 +01:00
mposolda
0e374c7a45 Any tests using PhantomJS failing in some linux environments 
closes #16818
 2023-02-03 15:19:57 +01:00
Stian Thorgersen
0fa209c29a
WelcomeScreenTest#resourcesTest (#16761) 
* Fix WelcomeScreenTest#resourcesTest

Closes #16669

* Add one more retry
 2023-02-03 09:41:48 +01:00
Marek Posolda
51bed81814
Fixes for OOB endpoint and KeycloakSanitizer (#16773) 
(cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)
 2023-02-02 08:34:50 +01:00
Pedro Igor
e3c41ec3a0 Ignoring test methods from parent classes 
Closes #15687
 2023-02-01 14:58:03 -08:00
Stian Thorgersen
d9025231f9
HTML Injection in Keycloak Admin REST API (#16765) 
Resolves #GHSA-m4fv-gm5m-4725

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-02-01 14:34:15 +01:00
Alexander Schwartz
c6aba2e3de Make LockAcquiringTimeoutException a RuntimeException 
Closes #16690
 2023-01-31 08:21:32 +01:00
Marek Posolda
33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode (#16699) 
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
 2023-01-30 16:01:57 +01:00
mposolda
7f017f540e BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication 
Closes #16678
 2023-01-30 08:40:46 +01:00
Martin Kanis
c4255e7301 Wrong property for events in map-storage-hot-rod on Undertow 2023-01-27 14:24:34 +01:00
mposolda
5591b5198b Still test failures with BCFIPS approved mode due the hardcoded keys 
Closes #16643
 2023-01-26 15:50:29 +01:00
Pedro Igor
f6602e611b Allow managing the username idn homograph validator 
Closes #13346
 2023-01-26 04:55:43 -08:00
Michal Hajas
eb59fdb772 Add transaction tests to model tests 
Closes: #15890
 2023-01-26 12:55:22 +01:00
mposolda
a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS 
closes #14966
 2023-01-25 18:38:46 +01:00
mposolda
16888eaeab Only available RSA key sizes should be shown in admin console 
Closes #16437
 2023-01-25 13:15:07 +01:00
mposolda
29888dbf1a Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant 
Closes #12420
 2023-01-25 08:26:15 +01:00
Miquel Simon
83147a67a0
Added New Account Console Tests to CI workflow. (#16547) 2023-01-24 16:01:03 +01:00
Hynek Mlnarik
977cc473bb Fix linebreaks in XML / SAML signatures 
See https://bugs.openjdk.org/browse/JDK-8264194
See https://issues.apache.org/jira/browse/SANTUARIO-482

Fixes: #14529
 2023-01-23 15:39:10 +01:00
Martin Bartoš
7d6e22bedd
DateTimeParse failures in New Account Console tests (#16531) 
Fixes #16514
 2023-01-19 09:39:03 -05:00
Stian Thorgersen
8d05895adb
Move Admin REST extension to main repository (#16530) 
Closes #16529
 2023-01-19 13:06:21 +01:00
Konstantinos Georgilakis
c73859794e Short verification_uri for Device Authorization Request 
Closes #16107
 2023-01-18 08:34:52 +01:00
Pedro Igor
33cb1ad7cd Support runnning tests using an embedded distribution 
Closes #16420
 2023-01-13 12:03:36 -08:00
Hynek Mlnarik
3119566407 Prevent endless loop in case of split-brain 
Fixes: #16427
 2023-01-13 16:23:18 +01:00
mposolda
79fa6bb3c9 Initial support for running testsuite in BCFIPS approved mode 
Closes #16429
 2023-01-13 02:59:06 -08:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
cc6597967a Refactoring ClientPoliciesTest 
Closes #14795
 2023-01-12 09:38:12 +01:00
Pedro Igor
9945135861
Verify if token is revoked when validating bearer tokens (#16394) 
Closes #16388
 2023-01-11 14:42:29 +01:00
mposolda
ac490a666c Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key 
Closes #16324
 2023-01-10 20:39:59 +01:00
Miquel Simon
7bd78f604a
Added MariaDB to Legacy Store IT. (#16157) 2023-01-10 17:37:27 +01:00
Pedro Igor
d797d07d8f Ignore user profile attributes for service accounts 
Closes #13236
 2023-01-10 16:26:53 +01:00
mposolda
4d55c6a647 Adding SAML tests for FIPS - with addition of XMLDSig security provider 
Closes #14969
 2023-01-10 08:37:03 +01:00
Pedro Igor
53ee95764e Do not show username field when updating profile if UPDATE_EMAIL feature is enabled and email as username is enabled 
Closes #16263
 2023-01-06 14:12:47 +01:00
Réda Housni Alaoui
141c9dd803
update-email: email change does not affect the username when "Email as username" option is checked (#15583) 
Closes #13988
 2023-01-06 14:04:48 +01:00
Miquel Simon
c2682157fb
Added MS SQL Server to Legacy Store IT. (#16121) 
* Added MS SQL Server to Legacy Store IT.

* Update testsuite/integration-arquillian/pom.xml

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-01-06 08:55:09 +01:00
Réda Housni Alaoui
dbe0c27bcf Allowing client registration access token rotation deactivation 2023-01-05 20:53:57 +01:00
mposolda
e374e309c6 Deprecate SHA1 based algorithms for sign SAML documents and assertions 
Closes #16240
 2023-01-05 20:45:20 +01:00
Michal Hajas
6566b58be1 Introduce Infinispan GlobalLock implementation 
Closes #14721
 2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41 Move transaction processing into session close 
Fixes: #15223
 2023-01-05 16:12:32 +01:00
Stian Thorgersen
6c1f981eec
Fix UserTest.sendResetPasswordEmailWithCustomLifespan (#16233) 
Closes #16232
 2023-01-04 13:03:33 +01:00
Stian Thorgersen
7dc16c69cb
Force refreshing token for admin client if time offset is set (#16242) 
Closes #16143
 2023-01-04 13:03:10 +01:00
mposolda
496c6d598e Some authorization adapter test failing on Java 17 
Closes #16216
 2023-01-03 13:03:26 +01:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
ce6b737e33 NPE in userinfo endpoint 
Closes #15429
 2023-01-02 13:53:29 +01:00
Stian Thorgersen
669086acd6
Suspend scheduled tasks if time offset is set to a large value (#16144) 2022-12-21 15:12:57 +01:00
Martin Kanis
c0e103dc95 Replace old HotRod index annotation with new one 2022-12-21 12:50:08 +01:00
Miquel Simon
9bb5b08015
Added Oracle to Legacy Store IT. (#16097) 2022-12-21 08:15:38 +01:00
mposolda
36bd76957d Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL 
Closes #15721
 2022-12-20 21:03:55 +01:00
Michal Hajas
c79d29e68c Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile 
Closes #16046
 2022-12-20 17:51:40 +01:00
Alexander Schwartz
fffde1407c Enable retryable transactions for CockroachDB model tests 
Also made the test setup of the realm more idempotent to clean up a realm left-over from a previous test.

Closes #16078
 2022-12-20 15:49:07 +01:00
Alexander Schwartz
0fee33bb95 Normalize JVM heap usage in tests and handle OOM situations 
Closes #16089
 2022-12-20 13:26:07 +01:00
Alexander Schwartz
6d0e112bf1 Ensure lock table has its primary key created, and re-enable the DBLockTest 
Closes #15487
 2022-12-20 08:50:14 +01:00
Alexander Schwartz
1d758fac2b
Adding CRDB into GHA for the new store (#16021) 
The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds.

Closes #16020
 2022-12-17 08:50:21 +01:00
Pedro Igor
857b02be63 Allow managing the required settigs for the email attribute 
Closes #15026
 2022-12-15 13:11:06 -08:00
Pedro Igor
782d145cef Allow updating authz settings via default client registration provider 
Closes #9008
 2022-12-15 20:43:43 +01:00
Alexander Schwartz
bd4acfe4c6
Removing testsuite/performance from main Keycloak repository (#15950) 
There's a separate repository keycloak-benchmark for this.

Closes #14192
 2022-12-15 14:43:24 +01:00
Stian Thorgersen
c1b0f2a6ab
Rebalanace BaseIT test groups (#16007) 2022-12-15 08:52:30 +01:00
Stian Thorgersen
a5670af745
Keycloak CI workflow refactoring (#15968) 
* Keycloak CI workflow refactoring

Closes #15861

* Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update CodeQL actions

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
 2022-12-14 16:12:23 +01:00
Stian Thorgersen
0f2ca3bfdd
fixes from release/20 (#15982) 
* Avoid path traversal vis double-url encoding of redirect URI (#8)

(cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f)

* Do not resolve user session if corresponding auth session does not exist (#7)

* Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9)

Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2022-12-14 07:46:17 +01:00
Stian Thorgersen
30cc16e648
Move authorization tests into authz package (#15957) 
Closes #15956
 2022-12-12 18:09:11 +01:00
Peter Zaoral
1073a342cf Cleanup dependencies and align with Quarkus 
* aligned parent POM dependency versions with the Quarkus BOM

Closes #15325

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2022-12-09 09:10:30 -03:00
Hynek Mlnařík
208affe000 Update generator to record the entity to fields mapping 
Fixes: #15677
 2022-12-08 15:40:28 +01:00
Michal Hajas
de7dd77aeb Change id of TermsAndConditions required actions to uppercase 
Closes #9991
 2022-12-07 10:51:37 -03:00
mposolda
f4e91a5312 The redirect URI cannot be verified during logout in the case when client was removed 
closes #15866
 2022-12-07 08:20:30 +01:00
mposolda
264c5a6cdb Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms 
Closes #14968
 2022-12-06 13:02:46 +01:00
Pedro Igor
022d2864a6 Make sure JAX-RS resource methods are advertizing the media type they support 
Closes #15811
Closes #15810
 2022-12-06 08:13:43 -03:00
Stian Thorgersen
2f0d8cd895
Move hok, par, and rar tests to oauth package (#15834) 
Closes #15833
 2022-12-05 15:42:20 +01:00
Michal Hajas
59ccae76cb
Fix flaky JS test (#15804) 
Closes #15761

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-12-05 13:16:04 +01:00
Pedro Igor
168734b817 Removing references to request and response from Resteasy 
Closes #15374
 2022-12-01 08:38:24 -03:00
Stian Thorgersen
8e6437e596
Fix Flaky test: RequiredActionTotpSetupTest.setupTotpExistingReusableCodeDisabled (#15779) 
Closes #15564
 2022-12-01 10:41:46 +01:00
Hynek Mlnařík
60ce949304 Ignore unknown clients in LDAP role mapper 
Fixes: #10958
 2022-12-01 09:51:05 +01:00
Stian Thorgersen
c24bc1bab0
Tweak time offset in RefreshTokenTest (#15760) 
Closes #15718
 2022-11-30 16:11:46 +01:00
Stian Thorgersen
c3c858c88a
Fix OpenshiftClientStorageTest.testCodeGrantFlowWithServiceAccountUsingOAuthRedirectReference (#15741) 
Closes #15565
 2022-11-29 14:20:21 +01:00
dependabot[bot]
82f08b709c Bump sshd-core in /testsuite/integration-arquillian/util 
Bumps [sshd-core](https://github.com/apache/mina-sshd) from 2.3.0 to 2.7.0.
- [Release notes](https://github.com/apache/mina-sshd/releases)
- [Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](https://github.com/apache/mina-sshd/compare/sshd-2.3.0...sshd-2.7.0)

---
updated-dependencies:
- dependency-name: org.apache.sshd:sshd-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-28 12:04:15 -03:00
dependabot[bot]
3a35b05253 Bump ant in /testsuite/integration-arquillian/tests 
Bumps ant from 1.9.15 to 1.10.11.

---
updated-dependencies:
- dependency-name: org.apache.ant:ant
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-28 12:03:47 -03:00
dependabot[bot]
17be19d4d3 Bump commons-io in /testsuite/integration-arquillian/util 
Bumps commons-io from 2.6 to 2.7.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-28 12:03:20 -03:00
Miquel Simon
88bc5e2307 Use different Postgres image in Testcontainers. Upgraded Testcontainers dependency to 1.17.5. 2022-11-28 10:57:14 +01:00
mposolda
3e9c729f9e X.509 authentication fixes for FIPS 
Closes #14967
 2022-11-25 11:50:30 +01:00
Stefan Guilhen
5c2a5fac31 Enable all test methods in ConcurrentLoginTest for JPA Map Storage 
- Tests still disabled for Hotrod and CHM
- Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB.

Closes #12707
Closes #13210
 2022-11-24 13:36:22 +01:00
Lex Cao
dd03137ea7 Strip secret of user when creating from admin API 
Closes #14843
 2022-11-24 11:38:42 +01:00
Alexander Schwartz
410b5ab57f Make tests run on Oracle DB on the internal pipeline 
Closes #15643
 2022-11-23 13:49:01 +01:00
Nagy Vilmos
4b6b607fe9
Should not hide IDP from login page (#14174) 
Closes #14173
 2022-11-23 10:49:21 +01:00
rmartinc
b7188c3891
Unknown bind DN using LDAP anonymous bind aka bind type none (#15546) 
Closes #15497
 2022-11-23 10:23:46 +01:00
danielFesenmeyer
18381ecd2e Fix update of group mappers on certain changes of the group path 
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed

Closes #15614
 2022-11-23 10:12:34 +01:00
Alexander Schwartz
fb315b57c3 Use the same Oracle driver for the tests and Undertow like for Quarkus 
Closes #15576
 2022-11-23 09:26:18 +01:00
cgeorgilakis-grnet
085dd24875 Client registration service do not check client protocol for Bearer token 
Closes #15612
 2022-11-23 08:49:13 +01:00
Pedro Igor
28fc5b4574 Removing injection points for Resteasy objects and resolving instances from keycloak context instead 
Relates #15374
 2022-11-21 19:47:25 +01:00
Alexander Schwartz
0bad673219 Disabling unstable test until further analysis is complete 
Relates to #15487
 2022-11-21 16:46:25 +01:00
Stefan Guilhen
f8df04b3b8 Fix UserSessionProviderTest.testOnClientRemoved on CRDB 
Closes #15558
 2022-11-21 13:05:11 +01:00
Michal Hajas
6d683824a4 Deprecate DBLockProvider and replace it with new GlobalLockProvider 
Closes #9388
 2022-11-16 16:13:25 +01:00
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
Alexander Schwartz
80dab89468 Disabling unstable test until further analysis is complete 
Relates to #15487
 2022-11-15 16:12:20 +01:00
Douglas Palmer
9f532eecaf Weird export/re-import behaviour regarding post.logout.redirect.uris 
Closes #14884
 2022-11-15 09:24:32 +01:00
Michal Hajas
9944a594eb Use DELETE statement instead of deleting one by one for HotRod store 
Closes #9420
 2022-11-11 13:51:03 +01:00
vramik
021189f190 Make GHA Map-JPA base testsuite running with Quarkus 
Co-authored-by: Martin Batros <mabartos@redhat.com>

Closes #13725
 2022-11-10 10:08:14 +01:00
Jia Chen
c3d53ae6e0 Returns an empty groups stream without querying the database if a user doesn't belong to any groups 
Closes #12567
 2022-11-09 13:07:42 +01:00
Michal Hajas
dc007eab6f Ignore test until the intermittent failure from #14917 is resolved 2022-11-07 20:47:39 +01:00
Michal Hajas
d9dcb6c60a Fix Infinispan adapter not checking updated value in getAttribute methods 
Closes #12819
 2022-11-07 20:44:43 +01:00
danielFesenmeyer
ec30c52a00 Fix paging on the "Users in role" endpoint, when JPA persistence is used 
- add order-by-clause to the corresponding JPA query (ordering by username ASC)
- adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles)
- adjust tests to use the new method and check that the expected order is returned

Closes #14772
 2022-11-07 20:44:06 +01:00
stianst
1de9c201c6 Refactor Profile 
Closes #15206
 2022-11-07 07:28:11 -03:00
Marek Posolda
c0c0d3a6ba
Short passwords with PBKDF2 mode working (#14437) 
* Short passwords with PBKDF2 mode working
Closes #14314

* Add config option to Pbkdf2 provider to control max padding

* Update according to PR review - more testing for padding and for non-fips mode
 2022-11-06 14:49:50 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299) 
closes #14965
 2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114) 
Closes #14794
 2022-11-03 09:32:45 +01:00
vramik
6bbcdd44a5 Run map-jpa model tests profile in GHA 
Closes #13573
 2022-11-02 15:30:08 +01:00
Stian Thorgersen
cf913af823
Add support for Microsoft Authenticator (#15272) 
Closes #15271
 2022-11-02 12:56:07 +01:00
Stian Thorgersen
cac4c43052
Remove AccountPasswordPage from testsuite (#15204) 
Closes #15200
 2022-11-02 06:20:39 +01:00
Alexander Schwartz
dd5a60c321 Allow a partial import to overwrite the default role 
Closes #9891
 2022-11-01 15:35:02 -03:00
Pedro Igor
f6985949b6
Close the session within resteasy boundaries (#15193) 
Closes #15192
 2022-11-01 11:06:34 +01:00
Stian Thorgersen
17117820cc
Remove AccountFormServiceTest (#15197) 
Closes #15196
 2022-10-28 12:26:59 +02:00
Master_Sky
164465861b
fix(sec): upgrade org.apache.tomcat:tomcat-catalina to 8.5.76 (#14950) 
Co-authored-by: stianst <stianst@gmail.com>
 2022-10-25 09:30:28 -03:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models 
Closes #14720
 2022-10-25 09:01:33 +02:00
Alexander Schwartz
9b80bad391 Stabilize test testAccountManagementLinkIdentity by waiting for username to appear 
Closes #15054
 2022-10-24 19:19:27 +02:00
Stian Thorgersen
29b8294dd6
Filter list of supported OTP applications by current policy (#15113) 
Closes #15112
 2022-10-24 16:47:16 +02:00
mposolda
55c514ad56 More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS 
Closes #14964
 2022-10-24 08:36:37 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697) 
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
 2022-10-18 14:43:04 +02:00
Marek Posolda
0756ef9a75
Initial integration tests with BCFIPS distribution (#14895) 
Closes #14886
 2022-10-17 23:33:22 +02:00
Stian Thorgersen
f7490b7f7c
Fix issue where admin2 was not enabled by default if account2 was disabled (#14914) 
Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation

Closes #14889
 2022-10-17 15:17:54 +02:00
Alexander Schwartz
97c4495c4f Updating H2 database to 2.x 
Closes #12607

Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2022-10-14 11:52:34 +02:00
vramik
f49582cf63 MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable 
Closes #14678
 2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0 Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving 
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
   - moving a group
   - renaming a group
   - renaming a role
   - renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior

Closes #11236
 2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677) 
Closes #13334
 2022-10-13 09:26:44 +02:00
Lex Cao
8ea3f30d82 Support profile projection parameter for LinkedIn IDP 
Closes #13384
 2022-10-11 15:22:00 -03:00
Takashi Norimatsu
148c7695ff Pluggable Features of Token Manager 
Closes #12065
 2022-10-07 08:43:34 +02:00
Marek Posolda
425b6b8df2
Parameters 'client_id' and 'response_type' not strictly required in O… (#14679) 
* Parameters 'client_id' and 'response_type' not strictly required in OIDC request object
Closes #14255
 2022-10-05 11:20:15 +02:00
Douglas Palmer
44aae52fb4
Fixed locale switcher on error page (#14728) 
Closes #14205
 2022-10-05 10:30:07 +02:00
Marek Posolda
c59660ca86
KEYCLOAK_SESSION not working for some user federation setups when user ID has special chars (#14560) 
closes #14354
 2022-10-05 08:59:30 +02:00
Marek Posolda
fb24c86a3b
offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 (#14658) 
closes #13706
 2022-10-03 12:54:12 +02:00
Stian Thorgersen
390c7485c7
Remove WildFly dist modules (#14675) 
Closes #14307
 2022-09-30 14:26:55 +02:00
Alice Wood
1eb7e95b97 enhance existing group search functionality allow exact name search keycloak/keycloak#13973 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
 2022-09-30 10:37:52 +02:00
Martin Bartoš
a20d6e2f1f
Remove JBoss-based auth servers from the testsuite (#14317) 
Closes #14299
 2022-09-30 09:41:57 +02:00
Marcelo Daniel Silva Sales
22713bc144
Incorrect error message OIDC client authentication (#14656) 
closes #12162


Co-authored-by: Pedro Hos <pedro-hos@outlook.com>
 2022-09-30 09:40:05 +02:00
Martin Kanis
42ad95af4d Stabilize testPersistenceMultipleNodesClientSessionsAtRandomNode model test 2022-09-27 21:01:35 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron (#14415) 
Closes #12702
 2022-09-27 08:53:46 +02:00
Alexander Schwartz
be2deb0517 Modify RealmsAdminResource.importRealm to work with InputStream 
Closes #13609
 2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b enhance group search to allow searching for groups via attribute keycloak/keycloak#12964 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-09-19 15:19:36 +02:00
Takashi Norimatsu
0a832fc744 Intent support before issuing tokens (UK OpenBanking) 
Closes #12883
 2022-09-19 12:15:00 +02:00
Martin Bartoš
d4130b0c6b
Admin Console tests failing (#14404) 
Fixes #10997
 2022-09-17 08:23:19 +02:00
rmartinc
cc9326fcad
Delay LDAPObject creation until mandatory attributes are set (#14341) 
Closes #14286
 2022-09-16 20:35:50 +02:00
Dmitry Telegin
cc2117bf7c UserInfo endpoint not fully standards compliant 
Closes #14184
 2022-09-16 10:15:08 +02:00
danielFesenmeyer
3af1134975 Update IDP link username when sync mode is "force" 
Closes #13049
 2022-09-14 08:02:17 -03:00
Martin Bartoš
ed3d003d65
Remove Legacy migration tests from testsuite (#14310) 
Closes #14300
 2022-09-14 11:29:53 +02:00
Václav Muzikář
e999aeeab8 Fix DefaultHostnameTest on Undertow 2022-09-13 14:41:23 -03:00
Martin Bartoš
aa5a4e3d84
Remove remote WildFly server from the testsuite (#14321) 
Closes #14319
 2022-09-13 12:49:40 +02:00
fwojnar
cee69e1abc
Remove Server Config Migration tests from testsuite (#14334) 
Closes #14303

Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2022-09-13 12:47:35 +02:00
fwojnar
a58f0593a6
Remove Clean Start test from testsuite (#14345) 
Closes #14305

Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2022-09-13 12:46:55 +02:00
Václav Muzikář
490590625d Fix listApplicationsThirdParty 2022-09-13 08:33:31 +02:00
Jurjan-Paul Medema
eb0124e3e1
Mapper option 'Aggregate attribute values' is now applied to group hierarchy (#7871) 
Closes #11255
 2022-09-12 13:34:28 +02:00
Christoph Leistert
7e5b45f999 Issue #8749: Add an option to control the order of the event query and admin event query 2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5 Move UserFederatedStorageProvider into legacy module 
Closes #13627
 2022-09-11 18:37:45 +02:00
Pedro Igor
3518362002 Validate auth time when max_age is sent to brokered OPs 
Closes #14146
 2022-09-09 10:30:51 -03:00
Pedro Igor
a0079b516b
Allow setting response mode (#14104) 
Closes #14083
 2022-09-09 14:28:47 +02:00
Martin Bartoš
0fcf5d3936 Reuse of token in TOTP is possible 
Fixes #13607
 2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default (#14293) 
Closes #14292
 2022-09-09 13:47:51 +02:00
vramik
869ccc82b2 Enable MapUserProvider storing username with the letter case significance 
Closes #10245
Closes #11602
 2022-09-09 11:46:11 +02:00
Dominik Guhr
f2b02f19e6 Closes #13786 2022-09-07 18:29:26 +02:00
cgeorgilakis
07b0df8f62
View groups from account console (#7933) 
Closes #8748
 2022-09-07 11:25:31 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 (#14179) 
Closes #14179
 2022-09-07 10:09:30 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Thomas Peter
19d69169b1 introduce expiration option for admin events 2022-09-06 16:05:53 +02:00
Pedro Igor
a6137b9b86 Do not empty attributes if they are not provided when user profile is enabled 
Closes #11096
 2022-09-06 12:59:05 +02:00
Michal Hajas
f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants 
Closes #14018
 2022-09-06 10:38:28 +02:00
Sergey Ch
860c3fbbd3
KEYCLOAK-17263 Add exact searching for users (#8059) 
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-09-01 19:27:24 +02:00
Thomas Darimont
43623ea9d0 KEYCLOAK-18499 Add max_age support to oauth2 brokered logins 
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
 2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7 Fixed handling of required setting for email in user profile. 
Resolves #13923
 2022-08-31 17:19:19 -03:00
Martin Bartoš
677579fce6 Environment variables for admin creation in testsuite 
Closes #14102
 2022-08-31 07:29:55 -03:00
Nagy Vilmos
f6db484172
Keep the locale related authNotes through the IdentityBroker flow. (#10444) 
Closes #8827
 2022-08-31 09:37:26 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling 
Closes #13189
 2022-08-31 08:42:47 +02:00
Martin Bartoš
94de015440
Cannot build base testsuite due to missing dependency related to WF (#14079) 
Fixes #14072
 2022-08-30 18:52:05 +02:00
Stian Thorgersen
eece543ede
Remove AddUserTest as it was specific to the WildFly distribution (#14091) 
Closes #14072
 2022-08-30 16:57:44 +02:00
Manato Takai
1cdc21f0ff
Add duplicate parameter check for UserInfo endpoint. (#14024) 
Closes #14016
 2022-08-30 14:39:15 +02:00
Pedro Igor
917e8668cb Fixing error when activating webauthn profile 
Related #14005
 2022-08-30 13:55:02 +02:00
Alexander Schwartz
bb6b5abfa1 Remove Infinispan workarounds after upgrading to 13.x 
Closes #13962
 2022-08-30 07:32:19 -03:00
Martin Bartoš
090f7f89d5
Cannot execute Old Admin Console tests (#13887) 
Fixes #14005
 2022-08-29 13:41:22 +02:00
Alexander Schwartz
a364a05cfa Disable unstable scenario for testOfflineSessionLazyLoadingPropagationBetweenNodes 
This only fails when CrossDC and preloadOfflineSessionsFromDatabase are enabled after the upgrade to Infinispan 13.x

Relates to #14020
 2022-08-29 13:01:41 +02:00
Stian Thorgersen
cbfe9b9a3d
Introduce profile (enabled with -DincludeWildFly) to not include WildFly distribution in default builds (#13878) 
* Introduce profile (enabled with -DincludeWildFly) to not include WildFly distribution in default builds

* Fix
 2022-08-27 00:33:45 +02:00
Erik Jan de Wit
93f3d7bf42
Revert "Allow dependencies from keycloak-admin-ui (#13924)" (#13963) 
This reverts commit 332a0dacee.
 2022-08-26 10:04:13 +02:00
Joerg Matysiak
62790b8ce0 Allow permission configuration for username and email in user profile. 
Enhanced Account API to respect access to these attributes.

Resolves #12599
 2022-08-25 21:54:51 -03:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist (#12797) 
Closes #12657

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-08-25 13:52:30 +02:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final (#13910) 
Closes #12306
 2022-08-25 13:09:34 +02:00
Christoph Leistert
5408d25e09
Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm. (#10660) 
* Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm.

* Fixes #10656: Added some tests
 2022-08-25 09:02:07 +02:00
Markus Till
7f999a4629
integration.admin-client: Add exact search for all dedicated user attributes (#13361) 
Closes #13360
 2022-08-25 08:57:31 +02:00
Arnaud Martin
af0d97e534 Delete broker links for federated users when an identity provider is deleted 
Closes #13731
 2022-08-25 08:24:09 +02:00
Pedro Igor
ddcf0f45f9 Run import within the context of the realm being imported 
Closes #12289
 2022-08-25 08:18:43 +02:00
Tero Saarni
74b2541d10
Fix invalid method reference when compiling with JDK17 (#13621) 
Closes #13961
 2022-08-25 08:11:15 +02:00
Pedro Igor
25be07be17 Allow introspecting tokens issued during token exchange with delegation semantics 
Closes #9337
 2022-08-24 09:47:04 -03:00
Tero Saarni
ea4b4b97b4
Bumped maven-war-plugin for JDK17 compatibility (#13619) 
Closes #13960
 2022-08-24 14:44:18 +02:00
Takashi Norimatsu
8c1ea4b47c mTLS binding support for password grant 
Closes #13662
 2022-08-24 11:44:48 +02:00
Alexander Schwartz
332a0dacee
Allow dependencies from keycloak-admin-ui (#13924) 
This prevents exceptions due to missing classes like kotlin/jvm/internal/Intrinsics.

Closes #13918
 2022-08-24 11:31:29 +02:00
Konstantinos Georgilakis
c5b9dc1e7b set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext) 
Closes #13162
 2022-08-23 17:33:07 +02:00
Konstantinos Georgilakis
baa89debd9 Correct isValidScope method of TokenManager for Dynamic scopes 
Closes #13158
 2022-08-23 16:30:04 +02:00
Lex Cao
6b1c64a1a9
Add rememberMe to a user session representation(#13408) (#13765) 
Closes #13408
 2022-08-23 15:28:52 +02:00
Konstantinos Georgilakis
2002fd983b Showing consent screen text instead of scope name in consent part of Application page in Account console 
Closes #13109
 2022-08-23 11:22:31 +02:00
rishabhsvats
c223291a1e Adds REGISTER event when new user login through first broker flow 
Updates KcOidcBrokerEventTest, AbstractFirstBrokerLoginTest to factor in REGISTER event in first broker flow

Closes #11646

Correcting Indentation of AbstractFirstBrokerLoginTest
 2022-08-23 10:43:56 +02:00
Stefan Guilhen
f84fdfa8ef
Fix UserSessionProviderTest failures with CockroachDB (#13891) 
- move assertions to a separate tx due to CRDB's SERIALIZABLE isolation level

Closes #13211
 2022-08-23 09:57:13 +02:00
Sebastian Schuster
53472e097c 13647 fixed wrong feature flag for checking admin fine-grained authz 2022-08-22 09:34:12 -03:00
Stefan Guilhen
5775e7c4ba
Fix ConcurrentTransactionsTest failure with CockroachDB (#13890) 
- realm has to be removed in a separate tx due to CRDB's SERIALIZABLE isolation level

Closes #13211
 2022-08-22 08:39:14 +02:00
Pedro Igor
eda33a0b21 Concurrency issue when caching JS policies 
Closes #12204
 2022-08-17 16:30:32 -03:00
Pedro Igor
15bbb46657 Avoid removing static path config from cache 
Closes #9855
 2022-08-17 16:29:59 -03:00
Martin Bartoš
5a2852530f Fix DB tests for Quarkus 
Fixes #13642
 2022-08-17 10:23:05 -03:00
Pedro Igor
841c65d24f Return 404 when invoking authorization endpoints in case authz settings are disabled 
Closes #10151
 2022-08-16 16:37:44 -03:00
nehachopra27
26de05fa44
Updating RestEasy for Jetty App Server (#13710) 
Co-authored-by: nchopra <nchopra@redhat.com>
 2022-08-16 11:20:24 +02:00
Michal Hajas
ab431e3bd9 Fix KeycloakQuarkusServerDeployableContainer to correctly configure map store 
Closes #13721
 2022-08-11 16:55:06 +02:00
Pedro Igor
e3af0610e2 Support running base testsuite on Windows 
Closes #12648

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
 2022-08-10 20:03:53 -03:00
Markus Till
fa383bf76c
Suppress confirmation screen for logout in oidc (#13471) 
Closes #13469
 2022-08-10 18:25:50 +02:00
Michal Hajas
d55d110ff9 Run Infinispan using Testcontainers in base testsuite 
Closes #13620
 2022-08-10 16:36:44 +02:00
Martin Kanis
57f2f4654a Add limit for authSessions per rootAuthSession in map storage 2022-08-10 12:56:37 +02:00
Marcelo Daniel Silva Sales
e44cea587f
NullPointer during OIDC logout client disabled (#13424) 
closes #12624
 2022-08-08 12:34:09 +02:00
Michal Hajas
ec808d28bb Remove possibility to start embedded HotRod server in hotrod-map module 
Closes #13247
 2022-08-05 21:08:38 +02:00
Tero Saarni
2392af157b Forward quarkus server output to console in testsuite 2022-08-05 09:48:48 -03:00
Pedro Igor
333a4c900f Revert changes that block themes being loaded from custom providers 
Closes #13401
 2022-08-04 13:34:12 +02:00
Sebastian Knauer
21f700679f KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper 2022-08-03 13:07:12 +02:00
Martin Kanis
ff26698053 Stabilize testCreateUserSessionsParallel model test 2022-08-02 08:12:42 +02:00
nehachopra27
c7be78fade
Add admin-ui dependencies to integration-arquillian testsuite 
Co-authored-by: nchopra <nchopra@redhat.com>

Fixes: #13465
 2022-08-01 20:49:11 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup (#13406) 
Closes #13128
 2022-07-29 18:03:56 +02:00
Hynek Mlnarik
143e6bc932 Replace undertow-map with quarkus-map 
Fixes: #12652
 2022-07-27 14:08:38 +02:00
Stian Thorgersen
ae33af92d9
Promote new admin console to default (#13243) 
Closes #13242
 2022-07-27 10:13:49 +02:00
Pedro Hos
ee2c5391bd
Possible client enumeration in the authorization endpoint 
Closes #12164
 2022-07-26 09:10:06 +02:00
Michal Hajas
eb1f31e9dd Optimize user-client session relationship for HotRod storage 
Closes #12818
 2022-07-26 09:00:13 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282) 
Closes #10135
 2022-07-25 10:57:52 +02:00
Dominik Guhr
9bb1299d89 change optimised to optimized 
also: fix kc.bat to not use autobuild in devmode anymore, fix containers.adoc to not use auto_build naming, fix build command cli help as it is not required anymore to run it beforehand.
 2022-07-22 10:29:07 -03:00
Stian Thorgersen
a251d785db
Remove text based login flows (#13249) 
* Remove text based login flows

Closes #8752

* Add display param back in case it's used by some custom authenticators
 2022-07-22 15:15:25 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory 
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
 2022-07-22 08:20:00 +02:00
Douglas Palmer
adeef6c2a0 Partial import feature does not import Identity Provider mappers in Keycloak #12861 2022-07-21 18:04:15 +02:00
Martin Kanis
c2bd01bca0 Add model tests for Hot Rod starting multiple nodes 2022-07-21 12:15:25 +02:00
Stefan Guilhen
e9c55f45e5 Enable action token JPA provider in map-storage-jpa profile 
Closes #13139
 2022-07-20 16:30:20 -03:00