Alexander Schwartz
5ae1712f73
Fixing the condition for remote TLS and username/password ( #28950 )
...
Closes #28949
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-22 13:38:46 +02:00
Marek Posolda
b553fc2ae0
Fix compilation error ( #28965 )
...
closes #28964
Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-22 11:19:33 +00:00
Erwin Rohde
10544a5a93
socketTimeoutUnits and establishConnectionTimeoutUnits use TimeUnit set in HttpClientBuilder
...
Closes #28881
Signed-off-by: Erwin Rohde <erwin@rohde.nu>
2024-04-22 08:11:11 -03:00
Dimitri Papadopoulos Orfanos
7c77bb732f
Fix typo found by codespell in shell scripts ( #28957 )
...
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2024-04-22 08:06:24 -03:00
Ott
975bb6762f
Fixed type in invalidPasswordNotContainsUsernameMessage
...
Signed-off-by: Ott <ottalexanderdev@gmail.com>
2024-04-22 08:06:02 -03:00
Douglas Palmer
ed22530d16
Failure reset time is applied to Permanent Lockout
...
Closes #28821
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-22 11:47:22 +02:00
Stefan Wiedemann
b08c644601
Support credentials issuance through oid4vci ( #27931 )
...
closes #25940
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-04-22 11:37:55 +02:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity ( #26393 )
...
Closes #26201 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
Erik Jan de Wit
014b644724
removed use of deprecated dropdown ( #28928 )
...
towards: #28197
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-22 08:17:11 +02:00
Erik Jan de Wit
9a418cc53d
remove deprecated component use ( #28924 )
...
towards: #28197
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-22 07:21:58 +02:00
Alexander Schwartz
071032a108
Fixing the condition for embedded cache MTLS encryption
...
Closes #28750
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00
Alexander Schwartz
9d0b1ecee4
Review CLI option change for caching
...
Closes #28750
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3de5357091
CLI options to disable encryption and authentication to external Infinispan
...
Closes #28750
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
JN
6977d58d27
Add missing French and Spanish translations ( #28807 )
...
Closes #28798
Signed-off-by: JN <xkizokux@gmail.com>
2024-04-20 10:18:49 +00:00
etiksouma
1afd20e4c3
return proper error message for admin users endpoint
...
closes #28416
Signed-off-by: etiksouma <al@mouskite.com>
2024-04-20 12:17:53 +02:00
agagancarczyk
750ff41691
adll 3 scenarios ( #28899 )
...
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2024-04-19 15:40:49 -04:00
Erik Jan de Wit
659f0f583f
changed name and added version number ( #28157 )
...
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-19 14:10:34 -04:00
Pedro Ruivo
3e0a185070
Remove deprecated EnvironmentDependentProviderFactory.isSupported method
...
Closes #26280
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Giuseppe Graziano
f6071f680a
Avoid the same userSessionId after re-authentication
...
Closes keycloak/keycloak-private#69
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 14:44:39 +02:00
mposolda
c427e65354
Secondary factor bypass in step-up authentication
...
closes #34
Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
2024-04-19 14:43:53 +02:00
Giuseppe Graziano
897c44bd1f
Validation of providerId during required action registration
...
Closes #26109
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 13:06:51 +02:00
Hynek Mlnarik
4f30400e07
Relax checking of messages
...
Related to: #28873
Fixes : #28911
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-19 12:52:40 +02:00
Václav Muzikář
2b8c895f71
Upgrade to Quarkus 3.8.4 ( #28884 )
...
Closes #28880
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-19 09:18:46 +00:00
Thomas Darimont
68617180a2
Show indicator for transient user in user sessions list in admin ui (28879)
...
For transient users a transient label is now shown in the realm sessions and client sessions list in the admin ui.
Fixes #28879
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-19 09:48:41 +02:00
Peter Zaoral
f9e68cdc54
quarkus-next: java.util.NoSuchElementException: No value present causes quarkus-server build failure ( #28857 )
...
* resolveFileLogLocation transformer method now checks the location value presence
Closes : #28856
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-19 09:14:19 +02:00
Steven Hawkins
d7ef650623
task: use informer rather than 0 interval polling ( #28901 )
...
related to: #28869
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-19 09:05:32 +02:00
Pascal Knüppel
ef45629df4
Add docs for transient-users how to prevent profile-review ( #28889 )
...
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
#relatesTo https://github.com/keycloak/keycloak/discussions/26637
2024-04-18 23:49:51 +02:00
Joerg Matysiak
76a5a27082
Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it
...
Don't mask secrets at realm export
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130
Make sure admin events are not referencing sensitive data from their representation
...
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Steve Hawkins
0be34d64e7
task: refactor overlap between cli clients
...
also repackaging to more clearly delineate code roles
closes : #28329
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-18 17:39:16 -03:00
john-gom
808926b63e
Use a typeahead select where there are ten or more options ( #28512 )
...
Use typeahead for locale selector
Fix onFilter of SelectControl rather than removing it
Signed-off-by: John Gomersall <thegoms@gmail.com>
2024-04-18 16:18:00 -04:00
cgeorgilakis-grnet
89263f5255
Fix refresh token scope in refresh token flow with scope request parameter
...
Closes #28463
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-04-18 16:17:46 -03:00
Ricardo Martin
4c2542b91f
Better management of domains in TrustedHostClientRegistrationPolicy ( #139 ) ( #28876 )
...
Closes keycloak/keycloak-private#63
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:06:50 +02:00
Ricardo Martin
8daace3f69
Validate Saml URLs inside DefaultClientValidationProvider ( #135 ) ( #28873 )
...
Closes keycloak/keycloak-private#62
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:04:13 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access ( #131 ) ( #28872 )
...
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Douglas Palmer
00d4cab55e
Flaky test: org.keycloak.testsuite.forms.ResetPasswordTest#resetPasswordLink
...
Closes #21422
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-18 15:54:30 +02:00
Martin Bartoš
7f74286106
Emphasize the need for setting container limit
...
Closes #28729
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-18 15:44:27 +02:00
Hynek Mlnarik
9d1433d266
Update URL builder
...
Fixes : keycloak/keycloak-quickstarts#548
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-18 14:50:10 +02:00
Thomas Darimont
eb2936f655
Add note about using groups with transient-users
...
Document an additional approach for managing user-roles for transient-users via groups.
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-18 14:49:18 +02:00
vramik
860f3b7320
Prevent updating IdP via organization API not linked with the organization
...
Closes #28833
Signed-off-by: vramik <vramik@redhat.com>
2024-04-18 09:14:54 -03:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint ( #146 ) ( #28866 )
...
Closes #47
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Conflicts:
core/src/main/java/org/keycloak/util/TokenUtil.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 14:11:05 +02:00
Stian Thorgersen
cbc4a8c305
Limit requests sent through session status iframe ( #132 ) ( #28864 )
...
Closes #116
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-04-18 14:02:37 +02:00
Erik Jan de Wit
2c069433f9
remove use of deprecated components ( #28800 )
...
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-18 12:14:53 +02:00
Erik Jan de Wit
6a020d93f1
Moved masthead to ui-shared ( #28871 )
...
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-04-18 11:16:06 +02:00
rmartinc
ddacfbdefd
Remove deprecated LinkedIn social provider
...
Closes #23127
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Justin Tay
d807093f63
Fix OCSP nonce handling
...
Closes #26439
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-18 09:04:46 +02:00
Pedro Igor
f0f8a88489
Automatically fill username when authenticating to through a broker
...
Closes #28848
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 08:24:34 +02:00
Pedro Igor
1e3837421e
Organization member onboarding using the organization identity provider
...
Closes #28273
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Peter Zaoral
e7dd5c1991
Hostname:v2 docs ( #28123 )
...
* hostname.adoc now contains the new hostname guide
* the old hostname is now available under hostname-deprecated.adoc
Closes : #27729
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:31:14 +02:00
Martin Bartoš
1fb83bb165
Release notes and Migration guide for Hostname v2 ( #28621 )
...
Closes #27730
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:29:59 +02:00