rmartinc
ad01ed1497
Do not reset the user profile configuration on disable
...
Closes https://github.com/keycloak/keycloak/issues/23527
2023-10-24 03:05:34 -07:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow ( #23892 )
...
Closes #23891
2023-10-24 10:09:26 +02:00
vramik
a0f04fa2be
Declarative User Profile export
...
Closes #12062
Resolves #20885
2023-10-21 19:21:20 +02:00
Pedro Igor
e47389f199
Username now shown when creating a user and edit username is not allowed
...
Closes #24183
2023-10-20 10:22:31 -07:00
Steven Hawkins
f4d1dd9b7f
improvement: validates the expected values of non-cli properties ( #23797 )
...
also adds better messages for unknown options
closes #13608
2023-10-20 17:21:03 +00:00
Pedro Igor
d4a5391013
Making sure public clients can RPT tokens
...
Closes #14165
2023-10-20 17:53:10 +02:00
Pedro Igor
55a5a8c0eb
Ignore custom attributes when processing attributes in verify profile action
...
Closes #24077
2023-10-20 17:51:40 +02:00
mposolda
c18e8ff535
User profile tweaks in registration forms
...
closes #24024
2023-10-20 06:31:21 -07:00
kaustubh-rh
1ac2c0997d
Inconsistent handling of parenthesis in auth flow name ( #24113 )
...
closes #16379
2023-10-20 10:00:46 +02:00
mposolda
04777299b0
After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly
...
closes #23880
2023-10-19 19:23:50 +02:00
Vlasta Ramik
f6d582c761
Import migration step for kc22
...
Closes #24031
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-10-19 09:00:49 +02:00
rmartinc
d10ccc7245
Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions
...
Closes: https://github.com/keycloak/keycloak/issues/21797
Closes: https://github.com/keycloak/keycloak/issues/21818
2023-10-19 08:31:49 +02:00
Pedro Igor
e91a0afca2
The username in account is required and don't change when email as username is enabled
...
Closes #23976
2023-10-17 16:43:44 -03:00
wojnarfilip
b5ec155b64
Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin
...
Closes #23960
2023-10-17 16:59:09 +02:00
shigeyuki kabano
6112b25648
Enhancing Light Weight Token( #22148 )
...
Closes #21183
2023-10-17 13:12:36 +02:00
Alexander Schwartz
50916d58b1
Clean up created test user to avoid conflict with other tests
...
Closes #23804
2023-10-16 19:10:52 +02:00
wojnarfilip
f9386bd62b
Update login flow in OCP social login
2023-10-16 10:45:38 -03:00
Pedro Igor
9c19a8972b
Removing the default cache metadata
...
Closes #23910
2023-10-13 16:32:55 +02:00
Moritz Becker
e9f08b6500
Do not return empty scope field in token introspection response
...
Closes #16526
2023-10-13 08:36:12 +02:00
Steven Hawkins
478ceb0b34
modification of kc.sh to remove param eval ( #22585 )
...
* test
* modification of kc.sh to remove eval of env/args
Closes #22337
---------
Co-authored-by: rmartinc <rmartinc@redhat.com>
2023-10-12 17:10:53 +02:00
Vojtěch Boček
8871983b33
Add support for single-tenant mode to Microsoft Identity Provider ( #20699 )
...
* Add support for single-tenant mode to Microsoft Identity Provider
Fixes #20695
Closes #11207
* Add SocialLoginTest for Microsoft single-tenant variant
2023-10-10 16:35:36 -04:00
Marek Posolda
a6609bd969
Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate ( #23517 )
...
Closes #12406
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-10 21:54:37 +02:00
Pedro Igor
7385ed56c7
Avoid creating the component when there is no component and configuration is not provided
...
Closes #20970
Co-authored-by: Pedro Igor <psilva@redhat.com>
2023-10-10 13:28:48 +02:00
Tero Saarni
22d093f5c0
Fix multi-valued LDAP attribute support
...
FullName LDAP storage mapper was delegating to single-valued setter even
when multi-valued setter was called.
Closes #22091
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-10-06 14:36:02 +00:00
mposolda
cdb61215c9
UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed
...
closes #23749
2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile ( #23537 )
...
Closes #23507 , #23584 , #23740 , #23774
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-06 10:15:39 -03:00
rmartinc
890600c33c
Remove backward compatibility for ECDSA tokens
...
Closes https://github.com/keycloak/keycloak/issues/23734
2023-10-06 14:24:48 +02:00
Martin Kanis
0853d484ec
Remove transaction in InfinispanSingleUseObjectProvider#remove ( #23708 )
...
Co-authored-by: mposolda <mposolda@gmail.com>
2023-10-06 10:00:04 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. ( #22317 )
...
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
2023-10-05 15:08:01 +02:00
vramik
7f2f4aae67
Upgrade liquibase version to avoid a bug where a changeset is executed twice
...
Closes #23220
2023-10-05 13:35:05 +02:00
Tomas Ondrusko
58131f1dcc
Update the Instagram login process
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-05 09:33:05 +02:00
Steven Hawkins
9a93b9a273
allows csv output to handle missing requested fields ( #23459 )
...
* allows csv output to handle missing requested fields
Closes #12330
* fixes the handling of the content type
also makes it more explicit the expectation of applying csv and return
fields
* fix: consolidating the logic dealing with the content-type
Closes #23580
2023-10-04 15:49:19 +02:00
Dmitry Telegin
085d0d73c9
Fix nonce/scope typo
2023-10-02 22:36:51 +02:00
Tomas Ondrusko
fcb91a83ba
Ignore query parameters while testing the LinkedIn profile picture URL ( #23557 )
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-02 14:36:17 +02:00
Tomas Ondrusko
3d42573813
Update PayPal social login flow to use 127.0.0.1 instead of localhost ( #23532 )
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-09-28 09:34:45 +00:00
fwojnar
56082cdd2d
Fixes issue in login flow of SocialLoginTest#twitterLogin ( #23122 )
...
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-09-28 10:21:59 +02:00
Lucas Hedding
de5aa2e74d
Add createTimestamp to REST service ( #23293 )
...
Closes #14009
2023-09-27 13:38:16 +02:00
rmartinc
10c1e3ba6d
Client roles should be mapped to any claim name
...
Closes https://github.com/keycloak/keycloak/issues/22349
2023-09-27 08:11:22 -03:00
rmartinc
d90640b5a3
Change email checkserveridentity prop as angus mail sets it to true by default
...
Closes https://github.com/keycloak/keycloak/issues/22395
2023-09-26 09:11:16 +02:00
Maria Arias de Reyna
c15753266f
fix( Closes #21236 ): Adding client-id to logout event
2023-09-25 13:20:26 +02:00
Pedro Igor
741f76887c
Allow updating email when email as username is set and edit username disabed
...
#23438
2023-09-25 08:19:01 -03:00
Michal Hajas
496c5ad989
Use new findGroupByPath implementation and remove the old one
...
Closes #23344
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-09-25 10:44:24 +02:00
Jon Koops
47d9ae71c4
Revert the new welcome screen experience ( #23446 )
...
This reverts commit bcab75a7ef
.
2023-09-21 16:03:00 +00:00
Justin Tay
7d3104ee76
Allow public clients to use PAR endpoint
...
Closes #8939
2023-09-21 13:57:42 +02:00
rmartinc
7afd90982d
Align wildfly-core and wildfly version for tests
...
Closes https://github.com/keycloak/keycloak/issues/23342
2023-09-21 10:53:57 +02:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted ( #8430 )
...
Closes #14820
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-09-20 17:20:43 +02:00
Jon Koops
e86bf1f0b2
Remove P3P
header from authentication flow
...
Closes #23348
2023-09-19 08:50:33 -03:00
rmartinc
743bb696d9
Allow duplicated keys in advanced claim mappers
...
Closes https://github.com/keycloak/keycloak/issues/22638
2023-09-19 07:49:34 -03:00
wojnarfilip
5603ee7b46
Fixes login flow in Microsoft social login test
...
Closes #22657
2023-09-18 14:21:41 +02:00
Pedro Igor
217a09ce46
Switch to Resteasy Reactive
...
Closes #10713
2023-09-18 09:19:03 -03:00
paul
f684a70048
KEYCLOAK-15985 Add Brute Force Detection Lockout Event
2023-09-15 10:32:07 -03:00
Jon Koops
bcab75a7ef
Add new version of Welcome theme based on PatternFly 5 ( #23008 )
2023-09-14 08:24:17 -04:00
Andreas Blaettlinger
86c0e338d9
Toggle visibility of password input fields in login-ftl-based pages
...
Closes #22067
2023-09-14 08:04:35 -03:00
Pedro Igor
1442f14c45
Registration page not showing username when edit username is not enabled
...
Closes #23185
2023-09-14 07:32:39 -03:00
Justin Tay
658c0ef19f
Send Client ID in token request with JWT Authentication
...
Closes #21444
2023-09-14 10:57:32 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix ( #23184 )
...
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer
a68ad55a37
Support to define compatible mappers for (new) Identity Providers
...
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers
Closes #21154
2023-09-13 17:19:06 -03:00
Jacek Kowalski
f5182deb30
Fix valid redirect URIs for built-in account-console client on realm rename ( #20894 )
...
Closes #9541
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-09-13 15:28:07 +02:00
Konstantinos Georgilakis
0044472f87
Add regex support in 'Condition - User attribute' execution
...
Closes #265
2023-09-13 08:36:45 +02:00
rmartinc
48ab2b1688
FullNameLDAPStoreMapper removes values for other attributes
...
Closes https://github.com/keycloak/keycloak/issues/22526
2023-09-13 08:11:32 +02:00
vramik
d34a371971
Enable ZeroDowntimeTest
...
Closes #21825
2023-09-11 19:09:30 +02:00
Pedro Igor
04dd9afc5e
Do not store empty attributes when updating user profile
...
Closes #22960
2023-09-11 07:47:31 -03:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address ( #23109 )
...
Closes #22825
2023-09-11 08:56:13 +02:00
rmartinc
7da52a43bd
Add old LinkedIn provider to the deprecated profile
...
Closes https://github.com/keycloak/keycloak/issues/23067
2023-09-08 10:05:17 +02:00
Marek Posolda
506e2537ac
Registration flow fixed ( #23064 )
...
Closes #21514
Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-09-08 08:05:05 +02:00
Pedro Igor
bc31fde4c0
Broker claim mapper not recognizing claims from user info endpoint
...
Closes #12137
2023-09-07 16:34:45 +02:00
Alexander Schwartz
2eb37dbe4f
Remove MS SQL JDBC driver from the Keycloak product
...
Closes #22983
2023-09-07 15:30:34 +02:00
Peter Skopek
ef272f7668
SAML Adapter fix for EAP8 and WF29
...
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-09-07 13:32:25 +02:00
Kaustubh B
5ee2ba9372
Added tests
2023-09-07 08:43:35 +02:00
Martin Bartoš
6ca78b7554
Return Oracle JDBC driver to the upstream
...
Closes #22999
2023-09-06 19:11:29 +02:00
rmartinc
8887be7887
Add a new identity provider for LinkedIn based on OIDC
...
Closes https://github.com/keycloak/keycloak/issues/22383
2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f
Role mappers must return a single value when they are not multivalued
...
Closes #20218
2023-08-31 19:16:12 +02:00
mposolda
57e51e9dd4
Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation
...
closes #20045
2023-08-30 13:24:48 +02:00
vramik
4cd34f8423
Update logging properties for showing SQL statements and JDBC parameters
...
Closes #22815
2023-08-30 12:52:08 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal ( #22531 )
...
closes #22352 #9422
2023-08-29 11:21:01 +00:00
Pedro Igor
ea3225a6e1
Decoupling legacy and dynamic user profiles and exposing metadata from admin api
...
Closes #22532
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-08-29 08:14:47 -03:00
Pedro Igor
b779df6a55
Parsing response from user info rather than the access token
...
Closes #22581
2023-08-29 12:23:56 +02:00
Tomas Ondrusko
e70ffd0105
Handle GitHub logout properly ( #22463 )
...
Add profile info update to GitHub login test cases
Closes #22461
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-08-28 10:06:12 +02:00
Martin Bartoš
fcf65389ea
Remove Oracle Database JDBC driver from the Keycloak distribution ( #22577 )
...
* Remove Oracle Database JDBC driver from the Keycloak distribution
Closes #22452
* Remove profile for proprietary Oracle JDBC driver
---------
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-21 15:13:49 +00:00
t0xicCode
822c13ff6f
Switch Trusted Host policy redirect verification to URI
...
Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI.
The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used.
In contrast, the URI class simply parses the string, ensuring the format is valid.
The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs.
See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation.
Closes #22309
2023-08-14 10:20:23 +02:00
Pedro Igor
baac060eb1
Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts
...
Closes #21751
2023-08-11 13:32:16 +02:00
Erik Jan de Wit
874d2063b8
only add realm access to the current realm ( #21554 )
...
fixes : #21553
2023-08-10 12:43:15 +02:00
wojnarfilip
6c070d587f
Closes #22282
2023-08-10 12:05:20 +02:00
Takashi Norimatsu
258711ef4f
DPoP verification in UserInfo endpoint
...
closes #22215
2023-08-07 10:49:33 +02:00
Takashi Norimatsu
9d0960d405
Using DPoP token type in the access-token and as token_type in introspection response
...
closes #21919
2023-08-07 10:40:18 +02:00
Marek Posolda
4dc929abb3
Missing client_id validation match when authenticating client with JW… ( #22178 )
...
Closes #22177
2023-08-03 11:47:55 +02:00
Takashi Norimatsu
ee998fee66
Add FAPI 2.0 security profile as default profile of client policies
...
closes #21181
2023-08-03 09:26:16 +02:00
Ricardo Martin
a8bca522c1
Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers ( #21627 )
...
Closes #9004
Co-authored-by: Armel Soro <armel@rm3l.org>
2023-08-02 09:36:50 +02:00
Thomas Darimont
82269f789a
Avoid using deprecated junit APIs in tests
...
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat
Fixes : #22111
2023-08-01 11:44:25 +02:00
mposolda
6f6b5e8e84
Fix authenticatorConfig for javascript providers
...
Closes #20005
2023-07-31 19:28:25 +02:00
Vlasta Ramik
29b67fc8df
Inconsistent Wildcard handling for JPA ( #21671 )
...
* Inconsistent Wildcard handling for JPA
Closes #20610
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-07-27 17:03:22 +02:00
rmartinc
0a7fcf43fd
Initial pagination in the admin REST API for identity providers
...
Closes https://github.com/keycloak/keycloak/issues/21073
2023-07-27 14:48:02 +02:00
Martin Bartoš
4b36da03db
Profile activation for WF app server doesn't properly work for Windows
...
Fixes #21284
2023-07-27 12:09:00 +02:00
Takashi Norimatsu
9a921441cc
Adjustements to the behaviour of dpop_bound_access_tokens switch
...
closes #21920
2023-07-27 11:30:01 +02:00
Takashi Norimatsu
6498b5baf3
DPoP: OIDC client registration support
...
closes #21918
2023-07-26 13:00:35 +02:00
Ricardo Martin
ee35cfe478
Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages ( #21897 )
...
* Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page
Closes #10232
2023-07-26 11:34:19 +02:00
Marek Posolda
bb8ba1af5a
Fix script tests on windows ( #21942 )
...
Closes #21778 #21779 #21780
2023-07-25 12:37:21 +00:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase ( #21202 )
...
closes #21200
Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2023-07-24 16:44:24 +02:00
Takashi Norimatsu
05b8b9ee51
Enhancing Pluggable Features of Token Manager
...
closes #21182
2023-07-24 09:16:29 +02:00
Takashi Norimatsu
2efd79f982
FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
...
Closes #20584
2023-07-24 09:11:30 +02:00
rmartinc
7336ff07ac
Check RDN attribute for DN membership
...
Closes https://github.com/keycloak/keycloak/issues/20718
2023-07-21 11:13:45 +02:00
todor
897965f604
KEYCLOAK-20343 Add message bundle to export/import
...
Closes #20343
2023-07-20 23:00:28 +02:00
Alexander Schwartz
7c9593f88a
Upgrade Infinispan to 14.0.13.Final ( #21565 )
...
Closes #21564
2023-07-20 16:59:19 +00:00
Václav Muzikář
776bcbcbd4
Update bcpkix and bcprov dependencies ( #21543 )
...
Closes #21360
2023-07-20 11:57:18 +02:00
vramik
13d412989c
Disable ZeroDowntimeTest
...
Closes #21823
2023-07-19 20:35:08 +02:00
Lukas Hanusovsky
086b85fad4
[20455] Arquillian reflection bug -> using different setter to avoid overloading. ( #21806 )
2023-07-19 14:43:36 +02:00
rmartinc
ed1934d73a
Ensure that the flow tested to be deleted is a built in flow
...
Closes https://github.com/keycloak/keycloak/issues/20763
2023-07-19 08:56:32 +02:00
Pedro Igor
d2cdd78655
Add Java Distribution IT for Windows ( #21675 )
...
Co-authored-by: Miquel Simon <msimonma@redhat.com>
2023-07-18 12:15:56 +02:00
mposolda
03716ed452
Keycloak forgets ui_locales parameter when using reset password
...
closes #10981
2023-07-18 09:24:12 +02:00
rmartinc
630e3b2312
Revert emailVerified to false if email modified on force-sync non-trusted broker
...
Closes https://github.com/keycloak/security/issues/48
2023-07-17 13:13:47 +02:00
Michal Hajas
07c27336aa
Check whether realm has store enabled for immediately sent events
...
Closes #21698
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-07-14 20:50:33 +02:00
Pedro Igor
57423bca2b
Additional test for logout when using multiple tabs ( #21518 )
...
Closes #21451
2023-07-11 11:22:20 +02:00
Pedro Igor
376d20c285
Remove user credentials from admin event representation ( #21561 )
...
Closes #17470
2023-07-11 08:26:29 +02:00
rmartinc
13870f3a69
Improve error management in the github provider
...
Closes https://github.com/keycloak/keycloak/issues/9429
2023-07-10 16:09:08 -03:00
Pedro Igor
94074f4a98
Remove unnecessary tests ( #21551 )
...
Closes #21099
2023-07-10 13:36:21 +00:00
Daniele Martinoli
75741d17ab
Updated test case in RequiredActionResetPasswordTest
2023-07-10 08:31:47 -03:00
Patrick Jennings
399a23bd56
Find an appropriate key based on the given KID and JWA ( #21160 )
...
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.
Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.
* Update js/apps/admin-ui/public/locales/en/clients.json
Co-authored-by: Marek Posolda <mposolda@gmail.com>
* Updating boolean variable name based on suggestions by Marek.
* Adding integration test specifically for the JWT parameters for regression #20847 .
---------
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-07-10 13:28:55 +02:00
Daniele Martinoli
7b8dcb42ea
Using "Account is disabled" message (and also added new test case)
2023-07-07 12:16:38 -03:00
Daniele Martinoli
2a95e2c245
updated failed login test case with new error message
2023-07-07 09:00:51 -03:00
Daniele Martinoli
44570d12ee
fixed error in IdentityProviderTest
2023-07-07 08:59:36 -03:00
Daniele Martinoli
83d88f6bb5
added Hardcoded Group mapper to IDP configuration
2023-07-07 08:59:36 -03:00
A. Tammy
497d08af1c
make cli usable on OpenBSD ( #16462 )
...
Signed-off-by: Aisha Tammy <aisha@bsd.ac>
Co-authored-by: Aisha Tammy <aisha@bsd.ac>
2023-07-07 08:58:41 +02:00
Peter Zaoral
2b1c29a6f2
Use Quarkus Platform BOM
...
Closes #20570
Closes #15870
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2023-07-06 12:45:48 -03:00
Martin Bartoš
a1a80433e3
Fix flaky OfflineServletsAdapterTest test ( #21416 )
...
Fixes #20013
2023-07-04 10:57:20 +00:00
rmartinc
09e30b3c99
Support for JWE IDToken and UserInfo tokens in OIDC brokers
...
Closes https://github.com/keycloak/keycloak/issues/21254
2023-07-03 21:25:46 -03:00
mposolda
ccbddb2258
Fix updating locale on info/error page after authenticationSession was already removed
...
Closes #13922
2023-07-03 18:57:36 -03:00
Martin Bartoš
e3e123b577
JavascriptAdapterTest is broken due to the multiple initialization of JS adapter
...
Fixes #21412
2023-07-03 16:44:22 -03:00
Miquel Simon
96b98dd246
Fix EAP adapter tests when running on Windows and JDK 17. ( #21278 )
2023-06-30 11:54:33 +02:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider ( #20188 )
...
Closes #20191
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-06-29 18:44:15 +02:00
Marek Posolda
51a9712e59
Improper Client Certificate Validation for OAuth/OpenID clients ( #20 )
...
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2023-06-28 17:52:48 -03:00
Ricardo Martin
1973d0f0d4
Check the redirect URI is http(s) when used for a form Post ( #22 )
...
Closes https://github.com/keycloak/security/issues/22
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-06-28 17:52:48 -03:00
Pedro Igor
28aa1d730d
Verify holder of the device code ( #21 )
...
Closes https://github.com/keycloak/security/issues/32
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
2023-06-28 15:45:26 +02:00
rmartinc
4bc11bdf7f
Do not return an error when moving a group to the current parent
...
Closes https://github.com/keycloak/keycloak/issues/21242
2023-06-28 10:34:15 +02:00
rmartinc
a5a2753d11
Don't allow impersonate disabled users or service accounts
...
Closes https://github.com/keycloak/keycloak/issues/21106
2023-06-28 10:18:21 +02:00
Hynek Mlnarik
c092c76ae8
Remove ldapsOnly (Java)
...
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.
Closes : #9313
2023-06-28 08:30:09 +02:00
Pedro Igor
d0691b0884
Support for the locale user attribute
...
Closes #21163
2023-06-27 09:21:08 -03:00
Miquel Simon
46fa7d2e6c
Enable back a few tests that have been fixed to run on Firefox and Chrome.
2023-06-26 11:25:07 -03:00
Pavel Drozd
216bbe512f
Add tests and profiles for testing EAP6, SpringBoot and Fuse adapters
2023-06-26 11:24:02 -03:00
eatik
6d0636987e
keeping VIEW_USERS related tests in PermissionTest
...
Closes #20783
2023-06-26 11:05:35 -03:00
eatik
7cfa012427
adding test code
...
Closes #20783
2023-06-26 11:05:35 -03:00
Takashi Norimatsu
f6ecc3f3f8
FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request
...
closes #20710
2023-06-26 12:09:25 +02:00
vramik
7fe7dfc529
ResourceType lost during clonning
...
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Closes #20947
2023-06-23 09:31:44 +02:00
Pedro Igor
aff6cc1cbd
Running mappers during account linking
...
Closes #11195
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: toddkazakov
2023-06-22 17:41:31 +02:00
Pedro Igor
eb5edb3a9b
Support reading base32 encoded OTP secret
...
Closes #9434
Closes #11561
2023-06-22 08:08:13 -03:00
mposolda
137f8d807a
Account Console II doesn't remove TOTP from UserStorage
...
closes #19575
2023-06-22 07:56:44 +02:00
Pedro Igor
0dd7c4a515
Fixing auth-server-quarkus-embedded
2023-06-21 17:18:26 +02:00
danielFesenmeyer
60b838675d
Extend admin-client GroupsResource: Support the query functionality to be used in combination with the parameters first, max and briefRepresentation
...
Closes #20016
2023-06-21 12:13:22 -03:00
Gilvan Filho
2493f11331
count users by custom user attribute
...
closes #14747
2023-06-21 11:56:22 -03:00
mposolda
dc3b037e3a
Incorrect Signature algorithms presented by Client Authenticator
...
closes #15853
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-06-21 08:55:58 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console ( #21098 )
...
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Closes #9864
2023-06-20 20:46:57 +02:00
fwojnar
a36be17a5c
Remove account package from testsuite ( #20990 )
...
* Removal of testsuite account package
Related to #19668
Also closes #20527
* Fix failures + remove login folder from base-ui
---------
Co-authored-by: Ivan Khomyn <ikhomyn@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-06-20 08:50:39 +02:00
Daniele Martinoli
d9b271c22a
Extends the conditional user attribute authenticator to check the attributes of the joined groups ( #20189 )
...
Closes #20007
2023-06-19 15:22:35 +02:00
Miquel Simon
3daeee15f6
Add Forms IT ( #20528 )
...
Closes #20519
2023-06-19 14:44:20 +02:00
Jon Koops
29f9523646
Ensure RegisterTest
runs in Chrome and Firefox ( #21036 )
2023-06-16 08:00:04 -04:00
Martin Bartoš
c6995f5ded
Save ~2s for Keycloak startup in the testsuite
...
Relates to #21033
2023-06-16 10:47:28 +02:00
rmartinc
ecf52285bc
Simplify TokenManager expiration calculations using SessionExpirationUtils
...
Closes https://github.com/keycloak/keycloak/issues/20794
2023-06-13 10:09:47 +02:00
Pedro Igor
af975d20f1
Avoid iterating indefinetly when checking CRLs
...
Closes #20725
2023-06-12 17:50:16 +02:00
vramik
535bba5792
Update UserQueryProvider methods
...
Closes #20438
2023-06-12 16:04:26 +02:00
Arnaud Martin
ae5a47d548
Impossible to update a federated user credential label
...
Closes #16613
2023-06-12 15:39:52 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces
...
Fixes #20877
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json ( #19394 )
...
Closes #19373
2023-06-09 10:46:28 +02:00
rmartinc
61968bf747
Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper
...
Closes https://github.com/keycloak/keycloak/issues/19767
2023-06-08 11:12:24 -03:00
Réda Housni Alaoui
eb9bb281ec
Require user to agree to 'terms and conditions' during registration
2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators ( #20731 )
...
closes #20497
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-08 14:52:34 +02:00
Saman-jafari
31db84e924
fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality
...
test also added to check the availability of issueFor(azp) and redirect uri in Action
Fixes #14860
Fixes #15136
2023-06-07 12:19:46 -03:00
Zvi Grinberg
ace83231ee
Update RegexPolicyTest.java
...
Add forgotten imports
2023-06-07 10:18:10 -03:00
Zvi Grinberg
b29ce53f6e
Fix bug in regex policy evaluation that it ignored flatted user claims that are mapped by protocol mappers to complex JSON structure in access token( in the access token JWT it's key and value is a JSON by itself)
...
fixes : #20436
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
2023-06-07 10:18:10 -03:00
Alice Wood
7e56938b74
Extend group search attribute functionality to account for use case where only the leaf group is required
2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705
EventBuilder fixes to copy the store and session context
...
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
2023-06-07 08:34:27 -03:00
Jon Koops
9a8d1ca1f3
Stop waiting page load when calling assertCurrent()
( #20786 )
2023-06-07 13:13:46 +02:00
Pedro Hos
9ebd94a3a8
Userinfo endpoint doesn't accept charset #20671
...
Closes 20671
2023-06-07 08:08:05 +02:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator ( #20572 )
...
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.
Closes #8753
---------
Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc
Fix and correlate session timeout calculations in legacy and new map implementations
...
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
2023-06-05 18:46:23 +02:00
Jon Koops
8eee3f434b
Fix test for brute force detection of recovery codes ( #20784 )
2023-06-05 11:55:30 -04:00
rmartinc
d80094793b
Manage elytron configuration if configured for JDK-17
...
Closes https://github.com/keycloak/keycloak/issues/20385
2023-06-05 13:50:28 +02:00
Jon Koops
7ce96bb6d5
Remove workaround for legacy consoles from waitForPageToLoad
( #20754 )
2023-06-05 07:48:08 -04:00
Aboullos
612fe33ade
Remove AccountUpdateProfilePage from the testsuite ( #19362 )
...
closes #15202
2023-06-02 11:46:49 +02:00
Pedro Igor
f69ff5d270
Execution config not duplicated when duplicating flows
...
Closes #12012
2023-06-01 16:12:06 +02:00
mposolda
bf9c5821cb
Fix for certificate revalidation
...
closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542
2023-05-31 15:42:37 +02:00
Alexander Schwartz
512e30b210
Add escaping for fields with wildcard search
...
Closes #20510
2023-05-31 14:38:04 +02:00
Takashi Norimatsu
a29c30ccd5
FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request
...
closes #20623
2023-05-31 14:02:44 +02:00
vramik
a175efcb72
Split UserQueryProvider
into UserQueryMethods
and UserCountMethods
and make LdapStorageProvider
implement only UserQueryMethods
...
Co-authored-by: mhajas <mhajas@redhat.com>
Closed #20156
2023-05-31 11:47:54 +02:00
Jay Linski
403632438a
Improve a11y by providing the current language ( #20213 )
2023-05-30 13:46:14 -04:00
Takashi Norimatsu
6b42c2b4d0
FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error
...
Closes #20622
2023-05-30 18:24:50 +02:00
stianst
0832992e59
Removing OpenShift integration and moving to separate extension
...
closes #20496
Co-authored-by: mposolda <mposolda@gmail.com>
2023-05-30 17:39:32 +02:00
Pedro Igor
17c3804402
Tests for user property mapper
...
Closes #20534
2023-05-29 14:21:03 +02:00
Yoshiyuki Tabata
bd37875a66
allow specifying format of "permission" parameter in the UMA grant token
...
endpoint (#15947 )
2023-05-29 08:56:39 -03:00
Martin Bartoš
b438776b94
Introduced additional dependencies in the testsuite ( #20600 )
...
Fixes #20599
Fixes #20384
2023-05-26 15:41:45 +02:00
Jon Koops
98e5e9799b
Improve third-party storage access detection and cookie fallback
2023-05-25 22:16:59 -03:00
Douglas Palmer
1b8901f5a2
Changing the email address has no impact at username regardless "Email as username" toggle
...
closes #20459
2023-05-25 07:54:03 -03:00
Hynek Mlnarik
fc0e47caa4
Fix KcCustomOidcBrokerTest
...
Fixes : #20541
2023-05-25 10:20:36 +02:00
Peter Zaoral
72b238fb48
Keystore vault ( #19644 )
...
* KeystoreVault SPI
* added KeystoreVault - a Vault SPI implementation (#19281 )
Closes #17252
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-05-24 16:20:30 +00:00
Jon Koops
90d2a01619
Replace ChromeJavascriptBrowser
annotation with JavascriptBrowser
( #20535 )
2023-05-24 11:23:15 +00:00
Hynek Mlnarik
4950f7bebe
Target correct user resource
2023-05-23 20:53:30 +02:00
Hynek Mlnarik
b9983cc5f6
Fix BrokerTest
2023-05-23 20:53:30 +02:00
Hynek Mlnarik
ac59c551c3
Fix transaction boundaries in tests
2023-05-23 20:53:30 +02:00
Hynek Mlnarik
38442ee0a6
Fix event tests
2023-05-23 20:53:30 +02:00
Hynek Mlnarik
3e58d3da8d
Proper cleanup
2023-05-23 20:53:30 +02:00
vramik
bdbbd2959d
User search with LDAP federation not consistent
...
Closes #10195
2023-05-23 11:48:33 +02:00
wojnarfilip
34b9eed8f0
Removes AccountFederatedIdentityPage from testsuite
...
Closes #15199
2023-05-22 11:07:48 -03:00