Stefan Guilhen
45e5e6cbbf
Introduce filtered (and paginated) search for organization members
...
Closes #28844
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-02 11:25:43 -03:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions
...
All writes for the sessions are handled by a background thread which batches them.
Closes #28862
Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile
Closes #29141
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 14:07:35 +02:00
Pedro Igor
51352622aa
Allow adding realm users as an organization member
...
Closes #29023
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-29 08:37:47 -03:00
mruzicka
ae1aaef96c
Avoid re-creating required action comparator ( #29122 )
...
closes #29130
Signed-off-by: Michal Růžička <michal.ruza@gmail.com>
2024-04-29 09:18:50 +02:00
vramik
d65649d5c0
Make sure organization are only manageable by the admin users with the manage-realm role
...
Closes #28733
Signed-off-by: vramik <vramik@redhat.com>
2024-04-23 12:16:57 -03:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Tero Saarni
64862d568e
Convert database errors to 500 instead of 400.
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-04-22 11:42:18 -03:00
Pedro Igor
1e3837421e
Organization member onboarding using the organization identity provider
...
Closes #28273
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Stefan Guilhen
2ab8bf852d
Add validation for the organization's internet domains.
...
Closes #28634
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Pedro Igor
61b1eec504
Prevent members with an email other than the domain set to an organization
...
Closes #28644
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions ( #28319 )
...
Persistent sessions code also for offline sessions
Closes #28318
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289
Escape slashes in full group path representation but disabled by default
...
Closes #23900
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Pedro Igor
8f8094408e
Encapsulate the logic to set attributes into the domain model
...
Closes #28646
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-11 15:32:21 -03:00
Stefan Guilhen
9a466f90ab
Add ability to set one or more internet domain to an organization.
...
Closed #28274
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00
Martin Kanis
51fa054ba7
Manage organization attributes
...
Closes #28253
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-10 09:10:49 -03:00
rmartinc
41b706bb6a
Initial security profile SPI to integrate default client policies
...
Closes #27189
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-10 11:19:56 +02:00
Alexander Schwartz
63e7523a6d
Avoid unnecessary updates to the sessions during refreshes of tokens
...
Closes #28388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 ( #26345 )
...
* Hostname SPI v2
Closes : #26084
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comment
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Partially revert the previous fix
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Do not polish values
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Remove filtering of denied categories
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
vibrown
3fffc5182e
Added ClientType implementation from Marek's prototype
...
Signed-off-by: vibrown <vibrown@redhat.com>
More updates
Signed-off-by: vibrown <vibrown@redhat.com>
Added client type logic from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Pedro Igor
fefeb83588
Changes the contract to make it simpler and rely on the realm available from the current session
...
Closes #28403
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 14:45:31 +02:00
Pedro Igor
b9a7152a29
Avoid commiting the transaction prematurely when creating users through the User API
...
Closes #28217
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-27 19:16:09 -03:00
Jon Koops
3382e16954
Remove Account Console version 2 ( #27510 )
...
Closes #19664
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-27 10:53:28 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession ( #28150 )
...
* fix: limit the use of Resteasy to the KeycloakSession
contextualizes other state to the KeycloakSession
close : #28152
2024-03-26 13:43:41 -04:00
vramik
fa1571f231
Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member
...
Closes #27993
Signed-off-by: vramik <vramik@redhat.com>
2024-03-26 14:02:09 -03:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider ( #28128 )
...
Closes #28120
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 12:44:11 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider ( #28031 )
...
Closes #28030
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
Pedro Igor
32541f19a3
Allow managing members for an organization
...
Closes #27934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-21 10:26:30 -03:00
Alexander Schwartz
62d24216e3
Remove offline session preloading
...
Closes #27602
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5
The bare minimum implementation for organization
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
2024-03-15 11:06:43 -03:00
Peter Keuter
e26a261e4e
Filter subgroups before paginating
...
Closes #27512
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
2024-03-15 10:57:57 +01:00
vramik
66c9f173f2
Organization SPI
...
Fixes #27830
Signed-off-by: vramik <vramik@redhat.com>
2024-03-13 12:25:43 -03:00
vramik
a81d6bb618
Organizations SPI
...
Closes #27829
Signed-off-by: vramik <vramik@redhat.com>
2024-03-13 10:57:02 -03:00
stianst
15717cc152
Remove deprecated cookie code
...
Closes #26813
Signed-off-by: stianst <stianst@gmail.com>
2024-03-12 17:24:14 +01:00
Martin Bartoš
e4aa1b5f95
Conditionally enable and disable CLI options ( #25333 )
...
* Conditionally enable and disable CLI options
Closes #13113
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Support for duplicates in config
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Fix rendering config options in docs
Fixes #26515
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Reorder OptionsDistTest
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-07 20:36:43 +00:00
rmartinc
82af0b6af6
Initial client policies integration for SAML
...
Closes #26654
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-06 15:18:35 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core ( #27032 )
...
* fix: partial removal of resteasy-core
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: fully removing resteasy-core
closes : #26315
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-29 11:43:13 +00:00
Takashi Norimatsu
3db04d8d8d
Replace Security Key with Passkey in WebAuthn UIs and their documents
...
closes #27147
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-29 10:31:05 +01:00
Pedro Igor
326d63ce74
Make sure group searches are cached and entries invalidate accordingly
...
Closes #26983
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-29 05:06:36 +09:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
...
Closes #25823
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
Pedro Igor
604274fb76
Allow setting an attribute as multivalued
...
Closes #23539
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
mposolda
f468885fdd
Empty error message when validation issue due the PersonNameProhibitedValidator validation
...
closes #26750
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-06 12:56:50 -03:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long ( #26729 ) ( #26737 )
...
Resolves #26597 , resolves #26665
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:29:34 +01:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies ( #26558 )
...
Closes #26557
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:14:04 +01:00
Stian Thorgersen
0fb6bdfcac
Cookie Provider - move remaining cookies ( #26531 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-29 11:06:37 +01:00
Stian Thorgersen
bc3c27909e
Cookie Provider ( #26499 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Marek Posolda
651d99db25
Allow selecting attributes from user profile when managing token mappers ( #26415 )
...
* Allow selecting attributes from user profile when managing token mappers
closes #24250
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-01-25 17:01:02 +01:00
Erik Jan de Wit
28c9f98930
moved login screen to patternfly 5 ( #25340 )
...
* moved login screen to patternfly 5
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added Feature flag to enable login v2
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* removed the old css and only include logo and background styles
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed to experimental
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added login2
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added windows help texts
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-01-25 13:45:53 +01:00