Commit graph

25772 commits

Author SHA1 Message Date
Martin Kanis
e1b735fc41 Identity-first login flow should be followed by asking for the user credentials
Closes #30339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-03 11:55:04 -03:00
Steven Hawkins
2e6506cd3a
fix: add quotes to cygwin condition (#31025)
closes: #30967

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: shawkins <shawkins@shawkins-thinkpadp16vgen1.hsd1.pa.comcast.net>
2024-07-03 15:58:30 +02:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user (#30054)
* fix: adding password and service account based bootstrap and recovery

closes: #29324, #30002, #30003

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Fix tests

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-07-03 15:23:40 +02:00
Giuseppe Graziano
02d64d959c Using _system client when account client is disabled for email actions
Closes #17857

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet
20cedb84eb Check refresh token flow response for offline based on refresh token request parameter
Closes #30857

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-07-02 18:13:30 -03:00
Pedro Aguiar
2316b8d82a
update: fix typo in hostname.adoc (#31007)
- `proxy_name` becomes `project_name`.

Signed-off-by: Pedro Aguiar <contact@codespearhead.com>
2024-07-02 16:50:38 +00:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-02 16:02:35 +00:00
Erik Jan de Wit
a8aa410ad3
also translate the message (#30654)
fixes: #29098

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-07-02 15:31:38 +02:00
Erik Jan de Wit
e3649eb86a
changed to use adminUrl instead (#30441)
* changed to use adminUrl instead

fixes: #19070
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to make use of "frondend url" and "adminUrl"

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-07-02 13:42:07 +02:00
Rishabh Singh
3a156b1a8b This fix allows the LDAP connection pool parameters - maxsize, prefsize, initsize - to be configured using JVM arguments.
Removed the check on connectionPoolingMaxSize, connectionPoolingInitSize and connectionPoolingPrefSize

Closes #30677

Signed-off-by: Rishabh Singh <rishabhsvats@gmail.com>

This fix allows all the LDAP connection pool parameters to be configured using JVM arguments.

Removed all the ldap connection pool parameters

Signed-off-by: Rishabh Singh <rishabhsvats@gmail.com>
2024-07-02 07:47:14 -03:00
Dmitry Telegin
5ff3488c80 Incorrect version comparison in ModelVersion
Closes #30935

Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-07-02 11:52:33 +02:00
mruzicka
53fa901a11
fix: Use correct property for sub-flow name (#30948)
Signed-off-by: Michal Růžička <michal.ruza@gmail.com>
2024-07-01 14:47:54 +01:00
agagancarczyk
4924847676
Enhanced associated roles (#30968)
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2024-07-01 14:38:42 +01:00
agagancarczyk
0d6ecab862
fixed rendering of granted client scopes in User Consents (#30864)
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2024-07-01 15:28:35 +02:00
agagancarczyk
3874a141f1
Added some fun-tuning of Permissions table of Authorization (#30894)
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2024-07-01 15:20:31 +02:00
Peter Zaoral
add45a25a8
Add default CPU limit/request for the operator (#30601)
Closes: #27432

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-07-01 15:12:43 +02:00
Stan Silvert
fd8cb95595
Allow FGA with view-clients to see client roles (#30834)
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
2024-07-01 08:50:30 -04:00
Erik Jan de Wit
ea0f569bd0
changed X to link to organization (#30648)
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-07-01 13:22:46 +02:00
Erik Jan de Wit
213b4ca6d1
reset form instead of adding to it (#30650)
fixes: #30550

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-07-01 10:49:04 +02:00
Erik Jan de Wit
cb048c9700
don't show if there is a displayName set (#30647)
fixes: #30582

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-07-01 10:48:10 +02:00
Hynek Mlnarik
287916997e Show admin console header if serverinfo is forbidden
Fixes: #30683

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-06-28 20:22:16 +02:00
Steven Hawkins
d534860e2b
fix: admin cli client should set the content when performing a merge (#30539)
closes: #29878

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-28 15:56:07 +02:00
Pedro Igor
cc2ccc87b0 Filtering organization groups when managing or processing groups
Closes #30589

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-28 10:27:18 -03:00
Christoph Schulz
657aff787f
Add missing comma to (#30914)
Signed-off-by: Christoph Schulz <mail@ciis0.de>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-06-28 13:13:13 +00:00
Steven Hawkins
aae1fa1417
fix: addresses cli erroneously wants a secret when env password is set (#30892)
closes: #30866

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-28 11:48:42 +02:00
Thomas Darimont
690c6051bb Fix scope policy evaluation for client to client token exchange (#26435)
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.

We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.

We also ensure backwards compatibility for ClientPermissionManagement API.

Fixes #26435

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-06-28 10:33:20 +02:00
Pedro Ruivo
829e12b857 Incorrect order when instantiate ClientRemovedEvent
* Fix incorrect order in ClientRemovedEvent constructor
* Do not send an event if the events list is empty

Closes #30840

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-28 09:51:02 +02:00
Václav Muzikář
bce7a29035
Document how Admin REST API endpoints work with Hostname config
Closes #30537

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-06-28 09:31:41 +02:00
dependabot[bot]
da7de7abd1 Bump vite from 5.3.1 to 5.3.2
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.3.1 to 5.3.2.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.3.2/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-28 08:40:17 +02:00
mposolda
f1b8a983d2 Cleanup mod_auth_mellon from the testsuite
closes #30869

Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-28 08:33:36 +02:00
Stan Silvert
a1445cd93f
Minor doc fix. (#30899)
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
2024-06-27 16:18:32 -04:00
Douglas Palmer
7a8c7502d2 Cleanup of adapter-spi module?
Closes#30871

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-27 19:41:30 +02:00
Pascal Knüppel
c4ebd0cd0c
Add event for ClientScope created (#30715)
closes #30795 

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-06-27 19:05:29 +02:00
Douglas Palmer
220f32aa85 Cleanup of adapter pages
Closes #30870

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-27 18:57:22 +02:00
Douglas Palmer
601355d517 Flaky test: org.keycloak.testsuite.oauth.TokenIntrospectionTest#testUnsupportedToken
Closes #30111

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-27 18:41:48 +02:00
andymunro
30264c7dd4
Remove inclusive language foreword
Closes #30856

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-27 15:22:03 +02:00
mposolda
7279f2092e Cleanup of test-apps and related adapter code
closes #30867

Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 15:10:31 +02:00
Marek Posolda
644bdad2f1 Update integration/admin-client-jee/pom.xml
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-06-27 11:00:30 +02:00
mposolda
3c3f59f861 Move some server related logic from info representation classes to server codebase
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 11:00:30 +02:00
mposolda
e5a4c94f75 Added suffix to keycloak-admin-client artifacts in keycloak repository
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 11:00:30 +02:00
MWarnecke
c5fc9f2962
Use provided scope for maven-plugin dependencies
* use provided scope for maven dependencies

As the maven-plugin-plugin suggests, dependencies to the maven runtime
should be in provided scope.

This gets rid of the according warning which was written during build.

Before Maven 3.9, plexus-utils was injected in the classpath at runtime.
As of Maven 3.9 this is not the case anymore which broke the plugin due
to a usage of said dependency. The only usage is replaced by a visitor
to copy files.

Closes #30542

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>

* Guides need to see maven's Log class

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>

---------

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
2024-06-27 09:50:19 +02:00
dependabot[bot]
fa47d1a416 Bump mocha from 10.5.1 to 10.5.2
Bumps [mocha](https://github.com/mochajs/mocha) from 10.5.1 to 10.5.2.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v10.5.1...v10.5.2)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-27 08:32:58 +02:00
Moises Rodriguez
d924db0b0b
Add REST API error message to NetworkError (#30720)
Closes #30829

Signed-off-by: moises <moises@signot.com>
2024-06-26 21:49:01 +00:00
Lukas Hanusovsky
2915a03c6b
Removing chrome-install dependency from GH actions, and Chrome and Firefox webdriver system property from CI workflow
Closes #30408

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2024-06-26 18:08:07 +00:00
Hynek Mlnarik
f65af84191 Conditionally show Client Offline Session Max
Fixes: #30521

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-06-26 19:06:27 +02:00
Martin Bartoš
0a888512a8
New operator failing on health checks (#30709)
Closes #30355

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-06-26 15:46:48 +00:00
Jon Koops
cd0dbdf264
Use the Keycloak server URL for common resources (#30823)
Closes #30541

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-26 14:52:25 +00:00
jade
261bc41af2
messages: Correct {Client,Realm} Role prefix description to make sense (#30277)
It's unclear from the previous description that this field is used to
prepend things to the names in the token.

Signed-off-by: Jade Lovelace <software@lfcode.ca>
Co-authored-by: agagancarczyk <4890675+agagancarczyk@users.noreply.github.com>
2024-06-26 14:24:58 +01:00
rmartinc
c20dbc5c32 Add availability for features and make kerberos use it
Closes #30730

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-26 14:33:38 +02:00
agagancarczyk
ca26524259
Restored multivalued switch on create attribute (#30811)
* restored multivalued switch

Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>

* small cleanup

Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>

---------

Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2024-06-26 14:30:11 +02:00