Václav Muzikář
557a22968c
Stabilize Account Console UI tests ( #17243 )
...
Closes #17178
Closes #17102
Closes #17070
Closes #17045
Closes #17044
Closes #16875
Closes #16870
Closes #16715
Closes #16670
Closes #16646
Closes #16627
Closes #16620
2023-02-23 12:35:08 +01:00
Marek Posolda
b9ab942ef8
FIPS related docs ( #17196 )
...
* FIPS related docs
Closes #16444 #12432 #12429
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-02-22 12:47:15 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview ( #17228 )
...
* Polish fips-mode switch for preview
Closes #17208 #17210
Co-authored-by: mposolda <mposolda@gmail.com>
2023-02-22 12:12:52 +01:00
mposolda
5ac8f7c1ef
Link 'Sign out' incorrectly hardcoded to localhost in the authz example applications
...
closes #17216
2023-02-21 15:49:20 +01:00
Douglas Palmer
1d75000a0e
Create an SPI for DeviceActivityManager
...
closes #17134
2023-02-20 09:29:11 +01:00
drohwer89
4ff180da64
Terminating all sessions above the session limit ( #16068 )
...
Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit.
Closes #14689
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-02-16 17:56:59 +01:00
rmartinc
9995a3cdd4
lastSync value into COMPONENT_CONFIG is always updated
...
Closes https://github.com/keycloak/keycloak/issues/17022
2023-02-16 17:48:49 +01:00
mposolda
4f068fcdcc
Make https-trust-store-type set to bcfks by default in strict-mode
...
Closes #17119
2023-02-16 08:00:21 -03:00
sui.jieqiang
1f6fa0501c
Fix search user groups without limit
...
Closes #12649
2023-02-15 15:50:46 +01:00
rmartinc
fbc9177f27
Doublecheck if we need to override properties in java.security
...
Closes https://github.com/keycloak/keycloak/issues/16702
2023-02-15 12:33:48 +01:00
vramik
7b604d6784
Sync properties in map-storage-jpa-cocroach
with other profiles
...
Closes #17107
2023-02-15 10:49:22 +01:00
Michal Hajas
1f929c78af
Make lockTimeout more friendly for JPA map storage
...
Closes #16616
2023-02-15 10:38:18 +01:00
Hynek Mlnarik
bb0eb899a7
Add ability to run arq testsuite with file store
...
Fixes : #17032
2023-02-15 10:17:23 +01:00
Hynek Mlnarik
2665fb01a6
File storage: Fix path traversal
...
Fixes : #17029
2023-02-14 14:30:14 +01:00
Pedro Igor
9e46b9e43f
Handling events after transaction completion using a separate session
...
Closes #15656
2023-02-14 13:10:57 +01:00
Václav Muzikář
a57821ed80
Fix JDK 17 InaccessibleObjectException with infinispan
2023-02-13 17:09:36 -03:00
Miquel Simon
48a22ff2f3
Added WebAuthn integration tests to CI workflow. ( #16608 )
2023-02-13 12:28:25 +00:00
laskasn
dc8b759c3d
Use encryption keys rather than sig for crypto in SAML
...
Closes #13606
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
2023-02-10 12:06:49 +01:00
Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite ( #16970 )
...
Closes #16969
2023-02-09 12:21:33 +01:00
Pedro Igor
017ddc670b
Removing references to old admin console test artifacts
2023-02-08 17:22:45 -03:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest ( #16914 )
...
Closes #16896
2023-02-08 14:49:49 +00:00
Dmitry Telegin
5f39aeb590
Pre-authorization hook for client policies
...
Closes #9017
2023-02-08 15:06:32 +01:00
Michal Hajas
6fa62e47db
Leverage HotRod client provided transaction
...
Closes #13280
2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme ( #16864 )
...
Closes #16862
2023-02-08 09:22:39 +01:00
Hynek Mlnařík
f71ab092de
File store basis
...
Fixes : #16676
---
* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite
---------
Co-authored-by: vramik <vramik@redhat.com>
2023-02-07 14:59:23 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature ( #16861 )
...
* Remove old admin console feature
Closes #16860
* Update help txt files for Quarkus tests
2023-02-07 12:59:35 +01:00
Pedro Igor
7b58783255
Allow mapping claims to user attributes when exchanging tokens
...
Closes #8833
2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92
Revise blacklist password policy provider #8982
...
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages
Supported syntax variant:
`passwordBlacklist(wordlistFilename)`
Fixes #8982
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-02-07 10:36:39 +01:00
Martin Kanis
5ba004b447
Leverage Infinispan lifespan for ExpirableEntities in HotRod storage
2023-02-07 10:01:32 +01:00
Stian Thorgersen
fc075a3d35
Remove old admin console tests ( #16859 )
...
Closes #16858
2023-02-07 08:51:36 +01:00
Denis Bernard
5db64133b8
Add Attribute to Group Mapper for SAML IDP
...
Cleansing code as PR Comment
Add test for Advanced Attribute to Group Mapper
Closes #12950
2023-02-06 10:58:48 -03:00
Pedro Igor
1a1ee78dbd
Removing tests from base group broker mapper test classes
2023-02-06 10:58:48 -03:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys ( #16798 )
...
Closes #16797
2023-02-03 15:31:25 +01:00
rmartinc
f8f112d8d2
Upgrade twitter4j ( #16828 )
...
Closes https://github.com/keycloak/keycloak/issues/16731
2023-02-03 15:28:37 +01:00
mposolda
0e374c7a45
Any tests using PhantomJS failing in some linux environments
...
closes #16818
2023-02-03 15:19:57 +01:00
Stian Thorgersen
0fa209c29a
WelcomeScreenTest#resourcesTest ( #16761 )
...
* Fix WelcomeScreenTest#resourcesTest
Closes #16669
* Add one more retry
2023-02-03 09:41:48 +01:00
Marek Posolda
51bed81814
Fixes for OOB endpoint and KeycloakSanitizer ( #16773 )
...
(cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)
2023-02-02 08:34:50 +01:00
Pedro Igor
e3c41ec3a0
Ignoring test methods from parent classes
...
Closes #15687
2023-02-01 14:58:03 -08:00
Stian Thorgersen
d9025231f9
HTML Injection in Keycloak Admin REST API ( #16765 )
...
Resolves #GHSA-m4fv-gm5m-4725
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-02-01 14:34:15 +01:00
Alexander Schwartz
c6aba2e3de
Make LockAcquiringTimeoutException a RuntimeException
...
Closes #16690
2023-01-31 08:21:32 +01:00
Marek Posolda
33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode ( #16699 )
...
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
2023-01-30 16:01:57 +01:00
mposolda
7f017f540e
BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication
...
Closes #16678
2023-01-30 08:40:46 +01:00
Martin Kanis
c4255e7301
Wrong property for events in map-storage-hot-rod on Undertow
2023-01-27 14:24:34 +01:00
mposolda
5591b5198b
Still test failures with BCFIPS approved mode due the hardcoded keys
...
Closes #16643
2023-01-26 15:50:29 +01:00
Pedro Igor
f6602e611b
Allow managing the username idn homograph validator
...
Closes #13346
2023-01-26 04:55:43 -08:00
Michal Hajas
eb59fdb772
Add transaction tests to model tests
...
Closes : #15890
2023-01-26 12:55:22 +01:00
mposolda
a804400c84
Added KERBEROS feature. Disable it when running tests on FIPS
...
closes #14966
2023-01-25 18:38:46 +01:00
mposolda
16888eaeab
Only available RSA key sizes should be shown in admin console
...
Closes #16437
2023-01-25 13:15:07 +01:00
mposolda
29888dbf1a
Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant
...
Closes #12420
2023-01-25 08:26:15 +01:00
Miquel Simon
83147a67a0
Added New Account Console Tests to CI workflow. ( #16547 )
2023-01-24 16:01:03 +01:00
Hynek Mlnarik
977cc473bb
Fix linebreaks in XML / SAML signatures
...
See https://bugs.openjdk.org/browse/JDK-8264194
See https://issues.apache.org/jira/browse/SANTUARIO-482
Fixes : #14529
2023-01-23 15:39:10 +01:00
Martin Bartoš
7d6e22bedd
DateTimeParse failures in New Account Console tests ( #16531 )
...
Fixes #16514
2023-01-19 09:39:03 -05:00
Stian Thorgersen
8d05895adb
Move Admin REST extension to main repository ( #16530 )
...
Closes #16529
2023-01-19 13:06:21 +01:00
Konstantinos Georgilakis
c73859794e
Short verification_uri for Device Authorization Request
...
Closes #16107
2023-01-18 08:34:52 +01:00
Pedro Igor
33cb1ad7cd
Support runnning tests using an embedded distribution
...
Closes #16420
2023-01-13 12:03:36 -08:00
Hynek Mlnarik
3119566407
Prevent endless loop in case of split-brain
...
Fixes : #16427
2023-01-13 16:23:18 +01:00
mposolda
79fa6bb3c9
Initial support for running testsuite in BCFIPS approved mode
...
Closes #16429
2023-01-13 02:59:06 -08:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
cc6597967a
Refactoring ClientPoliciesTest
...
Closes #14795
2023-01-12 09:38:12 +01:00
Pedro Igor
9945135861
Verify if token is revoked when validating bearer tokens ( #16394 )
...
Closes #16388
2023-01-11 14:42:29 +01:00
mposolda
ac490a666c
Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key
...
Closes #16324
2023-01-10 20:39:59 +01:00
Miquel Simon
7bd78f604a
Added MariaDB to Legacy Store IT. ( #16157 )
2023-01-10 17:37:27 +01:00
Pedro Igor
d797d07d8f
Ignore user profile attributes for service accounts
...
Closes #13236
2023-01-10 16:26:53 +01:00
mposolda
4d55c6a647
Adding SAML tests for FIPS - with addition of XMLDSig security provider
...
Closes #14969
2023-01-10 08:37:03 +01:00
Pedro Igor
53ee95764e
Do not show username field when updating profile if UPDATE_EMAIL feature is enabled and email as username is enabled
...
Closes #16263
2023-01-06 14:12:47 +01:00
Réda Housni Alaoui
141c9dd803
update-email: email change does not affect the username when "Email as username" option is checked ( #15583 )
...
Closes #13988
2023-01-06 14:04:48 +01:00
Miquel Simon
c2682157fb
Added MS SQL Server to Legacy Store IT. ( #16121 )
...
* Added MS SQL Server to Legacy Store IT.
* Update testsuite/integration-arquillian/pom.xml
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-01-06 08:55:09 +01:00
Réda Housni Alaoui
dbe0c27bcf
Allowing client registration access token rotation deactivation
2023-01-05 20:53:57 +01:00
mposolda
e374e309c6
Deprecate SHA1 based algorithms for sign SAML documents and assertions
...
Closes #16240
2023-01-05 20:45:20 +01:00
Michal Hajas
6566b58be1
Introduce Infinispan GlobalLock implementation
...
Closes #14721
2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41
Move transaction processing into session close
...
Fixes : #15223
2023-01-05 16:12:32 +01:00
Stian Thorgersen
6c1f981eec
Fix UserTest.sendResetPasswordEmailWithCustomLifespan ( #16233 )
...
Closes #16232
2023-01-04 13:03:33 +01:00
Stian Thorgersen
7dc16c69cb
Force refreshing token for admin client if time offset is set ( #16242 )
...
Closes #16143
2023-01-04 13:03:10 +01:00
mposolda
496c6d598e
Some authorization adapter test failing on Java 17
...
Closes #16216
2023-01-03 13:03:26 +01:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
ce6b737e33
NPE in userinfo endpoint
...
Closes #15429
2023-01-02 13:53:29 +01:00
Stian Thorgersen
669086acd6
Suspend scheduled tasks if time offset is set to a large value ( #16144 )
2022-12-21 15:12:57 +01:00
Martin Kanis
c0e103dc95
Replace old HotRod index annotation with new one
2022-12-21 12:50:08 +01:00
Miquel Simon
9bb5b08015
Added Oracle to Legacy Store IT. ( #16097 )
2022-12-21 08:15:38 +01:00
mposolda
36bd76957d
Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL
...
Closes #15721
2022-12-20 21:03:55 +01:00
Michal Hajas
c79d29e68c
Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile
...
Closes #16046
2022-12-20 17:51:40 +01:00
Alexander Schwartz
fffde1407c
Enable retryable transactions for CockroachDB model tests
...
Also made the test setup of the realm more idempotent to clean up a realm left-over from a previous test.
Closes #16078
2022-12-20 15:49:07 +01:00
Alexander Schwartz
0fee33bb95
Normalize JVM heap usage in tests and handle OOM situations
...
Closes #16089
2022-12-20 13:26:07 +01:00
Alexander Schwartz
6d0e112bf1
Ensure lock table has its primary key created, and re-enable the DBLockTest
...
Closes #15487
2022-12-20 08:50:14 +01:00
Alexander Schwartz
1d758fac2b
Adding CRDB into GHA for the new store ( #16021 )
...
The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds.
Closes #16020
2022-12-17 08:50:21 +01:00
Pedro Igor
857b02be63
Allow managing the required settigs for the email attribute
...
Closes #15026
2022-12-15 13:11:06 -08:00
Pedro Igor
782d145cef
Allow updating authz settings via default client registration provider
...
Closes #9008
2022-12-15 20:43:43 +01:00
Alexander Schwartz
bd4acfe4c6
Removing testsuite/performance from main Keycloak repository ( #15950 )
...
There's a separate repository keycloak-benchmark for this.
Closes #14192
2022-12-15 14:43:24 +01:00
Stian Thorgersen
c1b0f2a6ab
Rebalanace BaseIT test groups ( #16007 )
2022-12-15 08:52:30 +01:00
Stian Thorgersen
a5670af745
Keycloak CI workflow refactoring ( #15968 )
...
* Keycloak CI workflow refactoring
Closes #15861
* Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
* Update CodeQL actions
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2022-12-14 16:12:23 +01:00
Stian Thorgersen
0f2ca3bfdd
fixes from release/20 ( #15982 )
...
* Avoid path traversal vis double-url encoding of redirect URI (#8 )
(cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f)
* Do not resolve user session if corresponding auth session does not exist (#7 )
* Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9 )
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2022-12-14 07:46:17 +01:00
Stian Thorgersen
30cc16e648
Move authorization tests into authz package ( #15957 )
...
Closes #15956
2022-12-12 18:09:11 +01:00
Peter Zaoral
1073a342cf
Cleanup dependencies and align with Quarkus
...
* aligned parent POM dependency versions with the Quarkus BOM
Closes #15325
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2022-12-09 09:10:30 -03:00
Hynek Mlnařík
208affe000
Update generator to record the entity to fields mapping
...
Fixes : #15677
2022-12-08 15:40:28 +01:00
Michal Hajas
de7dd77aeb
Change id of TermsAndConditions required actions to uppercase
...
Closes #9991
2022-12-07 10:51:37 -03:00
mposolda
f4e91a5312
The redirect URI cannot be verified during logout in the case when client was removed
...
closes #15866
2022-12-07 08:20:30 +01:00
mposolda
264c5a6cdb
Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms
...
Closes #14968
2022-12-06 13:02:46 +01:00
Pedro Igor
022d2864a6
Make sure JAX-RS resource methods are advertizing the media type they support
...
Closes #15811
Closes #15810
2022-12-06 08:13:43 -03:00
Stian Thorgersen
2f0d8cd895
Move hok, par, and rar tests to oauth package ( #15834 )
...
Closes #15833
2022-12-05 15:42:20 +01:00
Michal Hajas
59ccae76cb
Fix flaky JS test ( #15804 )
...
Closes #15761
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-12-05 13:16:04 +01:00
Pedro Igor
168734b817
Removing references to request and response from Resteasy
...
Closes #15374
2022-12-01 08:38:24 -03:00
Stian Thorgersen
8e6437e596
Fix Flaky test: RequiredActionTotpSetupTest.setupTotpExistingReusableCodeDisabled ( #15779 )
...
Closes #15564
2022-12-01 10:41:46 +01:00