shigeyuki kabano
67e73d3d4e
Enhancing Lightweight access token M2(keycloak#25716)
...
Closes keycloak#23724
Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
2024-01-09 09:42:30 +01:00
Douglas Palmer
58d167fe59
Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
...
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alice W
cf19c06341
Add logging to the policy providers for general debugging purposes
...
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-01-05 11:56:00 -03:00
Pedro Igor
8ff9e71eae
Do not allow verifying email from a different account
...
Closes #14776
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Ben Cresitello-Dittmar
057d8a00ac
Implement Authentication Method Reference (AMR) claim from OIDC specification
...
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.
This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.
The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.
Closes #19190
Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
2024-01-03 14:59:05 -03:00
mposolda
eb184a8554
More info on UserProfileContext
...
closes #25691
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-19 13:00:31 -03:00
arhine
57cbb391f3
Updates
...
Signed-off-by: arhine <arhine@redhat.com>
2023-12-18 19:18:18 -03:00
arhine
777b3bd410
update method visibility
...
Signed-off-by: arhine <arhine@redhat.com>
2023-12-18 19:18:18 -03:00
Pedro Igor
778847a3ce
Updating theme templates to render user attributes based on the user profile configuration
...
Closes #25149
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
rmartinc
d841971ff4
Updating the UP configuration needs to trigger an admin event
...
Close #23896
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-18 19:24:30 +01:00
mposolda
c81b533cf6
Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration
...
closes #25416
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-14 14:43:28 +01:00
rmartinc
c14bc6f2b0
Create terms and conditions execution when registration form is added
...
Closes #21730
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-13 15:32:58 +01:00
Pedro Igor
fa79b686b6
Refactoring user profile interfaces and consolidating user representation for both admin and account context
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks
...
Closes #23966
2023-12-08 17:55:17 +01:00
mposolda
90bf88c540
Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers
...
closes #24718
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-08 12:26:35 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification
( #25323 )
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24793
2023-12-07 12:43:43 +00:00
rmartinc
522e8d2887
Workaround to allow percent chars in getGroupByPath via PathSegment
...
Closes #25111
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-06 14:22:34 -03:00
Pedro Igor
ab1173182c
Make sure realm is available from session when migrating to 23
...
Closes #25183
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 07:42:54 -03:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi ( #25206 )
...
Closes #24103
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-12-01 16:40:56 +00:00
mposolda
3fa2d155ca
Decouple factory methods from the provider methods on UserProfileProvider implementation
...
closes #25146
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-01 10:30:57 -03:00
Pedro Igor
c5bcdbdc3f
Make sure username is lowercase when normalizing attributes
...
Closes #25173
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-01 12:16:13 +01:00
vramik
587cef7de4
Delete Profile.Feature.MAP_STORAGE
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24102
2023-11-30 13:04:39 +01:00
Pedro Igor
c7f63d5843
Add options to change behavior on how unmanaged attributes are managed
...
Closes #24934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore ( #24473 )
...
closes #24148
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
mposolda
479e6bc86b
Update Kerberos provider for user-profile
...
closes #25074
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4
Allow automatic download of SAML certificates in the identity provider
...
Closes https://github.com/keycloak/keycloak/issues/24424
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
Douglas Palmer
5ce41a462b
NPE in HardcodedUserSessionAttributeMapper on Token Exchange
...
Closes #11996
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 09:35:49 -03:00
Douglas Palmer
7e78d29f8d
NPE in User Session Note mapper on Token Exchange
...
Closes #24200
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 09:35:49 -03:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled
...
Closes #25077
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-29 11:06:41 +00:00
Tero Saarni
ab3758842c
Add configuration option for LDAP referral ( #24852 )
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-11-28 14:06:34 +01:00
Pedro Igor
2c611cb8fc
User profile configuration scoped to user-federation provider
...
closes #23878
Co-Authored-By: mposolda <mposolda@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Thomas Darimont
d30d692335
Introduce MaxAuthAge Password policy ( #12943 )
...
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.
Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin
Fixes #12943
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
vramik
42e5055cfb
Delete SearchableModelField
and its usages
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24722
2023-11-16 18:44:49 +01:00
Hynek Mlnarik
70d0f731f5
Use session ID rather than broker session ID
...
Closes : #24455
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2023-11-16 17:01:40 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB
...
Closes #24095
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-16 13:50:56 +01:00
rmartinc
e3b2eec1ba
Make user profile validation success if the attribute was already wrong and read-only in the context
...
Closes https://github.com/keycloak/keycloak/issues/24697
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-14 03:07:00 -08:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients ( #21058 )
...
closes #21010
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2023-11-13 19:13:01 +01:00
Hynek Mlnařík
0ceaed0e2e
Transient users: Consents ( #24496 )
...
closes #24494
2023-11-10 11:18:27 +01:00
mposolda
7863c3e563
Moving UPConfig and related classes from keycloak-services
...
closes #24535
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-07 12:41:29 +01:00
rokkiter
e1735138cb
clean util * ( #24174 )
...
Signed-off-by: rokkiter <yongen.pan@daocloud.io>
2023-11-01 17:14:11 +01:00
mposolda
0bd2b342d7
Update per review
2023-10-31 12:56:46 -07:00
mposolda
6f992915d7
Move some UserProfile and Validation classes into keycloak-server-spi
...
closes #24387
2023-10-31 12:56:46 -07:00
rmartinc
ea398c21da
Add a property to the User Profile Email Validator for max length of the local part
...
Closes https://github.com/keycloak/keycloak/issues/24273
2023-10-27 15:09:42 +02:00
Alice
69497382d8
Group scalability upgrades ( #22700 )
...
closes #22372
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Hynek Mlnarik
c036980c37
Add TRANSIENT_USERS feature flag
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
26328a7c1e
Support for transient sessions via lightweight users
...
Part-of: Add support for not importing brokered user into Keycloak database
Closes : #11334
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
1ec2a97f92
Create serializable lightweight user adapter
...
Part-of: Add support for not importing brokered user into Keycloak database
Closes : #11334
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
35a226f928
Expose InMemoryUserAdapter to services and model modules
...
Part-of: Add support for not importing brokered user into Keycloak database
Closes : #11334
2023-10-25 12:02:35 +02:00
mposolda
c18e8ff535
User profile tweaks in registration forms
...
closes #24024
2023-10-20 06:31:21 -07:00
Pedro Igor
e91a0afca2
The username in account is required and don't change when email as username is enabled
...
Closes #23976
2023-10-17 16:43:44 -03:00