Commit graph

4282 commits

Author SHA1 Message Date
Sophie Tauchert
3ab24afe93 Add response annotations to resourceserver
Closes: #25604

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
2023-12-15 19:45:39 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215)
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6 Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration
closes #25416

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-14 14:43:28 +01:00
Douglas Palmer
4b11afa87b
NullPointerException when key is not available in the database (#25395)
* NullPointerException when key is not available in the database
Closes #24485
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>


Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-12-14 09:57:53 +01:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers option (#25178)
* Add new `--proxy-headers` option

Closes #23431

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>

* Address review comments vol. 03

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comments vol. 04

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
Pedro Igor
78ba7d4a38 Do not allow removing username and email from user profile configuration
Closes #25147

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-11 08:30:28 +01:00
Sophie Tauchert
1d56e0371e
Make sure authz endpoints are documented in openapi spec
Closes: #25259

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
2023-12-08 16:45:13 +01:00
mposolda
90bf88c540 Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers
closes #24718

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-08 12:26:35 +01:00
saumeen prajapati
d829534237
Remove single quote from log string
Closes #25060

Signed-off-by: saumeen prajapati <psaumeen@gmail.com>
2023-12-07 20:08:07 +00:00
wojnarfilip
925c5572ad Re-enable Federated Access Token in user sessions
Closes #25290

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
2023-12-07 19:55:20 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification (#25323)
Signed-off-by: vramik <vramik@redhat.com>

Closes #24793
2023-12-07 12:43:43 +00:00
Fouad Almalki
0e535d2bbe Retrieve ClientConnection by invoking getConnection() instead of getContextObject()
Signed-off-by: Fouad Almalki <me@fouad.io>
2023-12-07 13:11:54 +01:00
Stefan Guilhen
7b63d6d500 Remove ResponseSessionTask
- this was tightly related to retriable transactions added to map store and is no longer needed.

Closes #25309

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2023-12-06 19:53:53 +01:00
Stefan Guilhen
8e918c2ebf Revert changes to OIDCIdentityProvider that enlisted the client logout requests in a separate transaction.
Closes #25308

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2023-12-06 19:47:04 +01:00
rmartinc
522e8d2887 Workaround to allow percent chars in getGroupByPath via PathSegment
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-06 14:22:34 -03:00
rmartinc
d004e9295f Do not allow remove a credential in account endpoint if provider marks it as not removable
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-05 17:11:57 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi (#25206)
Closes #24103

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-12-01 16:40:56 +00:00
Ricardo Martin
3b26e5d489
Add active RSA key to decryption if deprecated mode (#25205)
Closes https://github.com/keycloak/keycloak/issues/24652

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-01 13:40:47 +00:00
mposolda
3fa2d155ca Decouple factory methods from the provider methods on UserProfileProvider implementation
closes #25146

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-01 10:30:57 -03:00
Pedro Igor
c7f63d5843 Add options to change behavior on how unmanaged attributes are managed
Closes #24934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473)
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
Douglas Palmer
d0b86d2f64 Register event not triggered on external to internal token exchange
Closes #9684

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 15:30:47 -03:00
mposolda
479e6bc86b Update Kerberos provider for user-profile
closes #25074

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d Remove lowercase for the hostname as recommended/advised by OAuth spec
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
rmartinc
b6cdcb3c27 Revert "Fix lowerCaseHostname to lower-case scheme and host properly"
This reverts commit 1241bd2919.

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Douglas Palmer
5ce41a462b NPE in HardcodedUserSessionAttributeMapper on Token Exchange
Closes #11996

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 09:35:49 -03:00
Douglas Palmer
7e78d29f8d NPE in User Session Note mapper on Token Exchange
Closes #24200

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 09:35:49 -03:00
hokuda
a83b9d11fa Fix typo in the balloon help of SAML Username Template Importer
closes #25033

Signed-off-by: hokuda <hisanobu.okuda@gmail.com>
2023-11-29 09:32:16 -03:00
Douglas Palmer
e99bd4aa3a External to Internal Token exchange fails with Null pointer Exception if the user is not yet registered (first time token exchange)
Closes #16059

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 09:16:14 -03:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-29 11:06:41 +00:00
Jon Koops
0b9dd21b0a
Attempt to request storage access for cookies (#25055)
Closes #23872

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-27 18:23:40 +00:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax (#25) (#25036)
Closes https://github.com/keycloak/security/issues/46

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2023-11-27 11:38:14 +01:00
Takashi Norimatsu
1f5ee9bf80 NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token
closes #25022

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-11-27 08:49:48 +01:00
Sophie Tauchert
855aebabc2 Rename clientUuid path parameter to client-uuid for consistency
Closes #24960

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
2023-11-23 16:08:58 +01:00
Sophie Tauchert
496c0e7f03 Rename some path parameter placeholders to avoid duplicating {id} in the path
Closes #24960

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
2023-11-23 16:08:58 +01:00
Sophie Tauchert
3e17cb0452 Add correct annotation for 204 responses to POST methods returning void
Closes #24960

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
2023-11-23 16:08:58 +01:00
Douglas Palmer
efde3adf60 Wrong value for VALIDATED_ID_TOKEN stored in the brokered identity context for external token exchange
Closes #23985

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-23 11:52:37 -03:00
Douglas Palmer
2ec1d2f7ea Fix logic error in AbstractOAuth2IdentityProvider
Closes #24943

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-23 11:43:42 -03:00
Tero Saarni
fd58cb1bec Attempt to remove warning about not using inference
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-11-23 10:49:58 -03:00
Tero Saarni
e35f3d7e87 Fix compilation error with ServerInfoAdminResource
This change fixes following type inference error:
* Type mismatch: cannot convert from Map<Boolean,Object> to Map<Boolean,List<String>>

The error comes when opening and compiling on vscode or Eclipse, which uses
Eclipse JDT compiler.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-11-23 10:49:58 -03:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2023-11-22 14:10:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943)
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
rmartinc
1241bd2919 Fix lowerCaseHostname to lower-case scheme and host properly
Closes https://github.com/keycloak/keycloak/issues/24792

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-20 10:00:50 +01:00
Erik Jan de Wit
941457b805 added theme name as parameter
moved messages to theme bundle

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-11-17 08:35:54 +01:00
rmartinc
5fad76070a Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience
Closes https://github.com/keycloak/keycloak/issues/24659

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 18:22:16 +01:00
Hynek Mlnarik
70d0f731f5 Use session ID rather than broker session ID
Closes: #24455

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2023-11-16 17:01:40 +01:00