Commit graph

6188 commits

Author SHA1 Message Date
rmartinc
48ab2b1688 FullNameLDAPStoreMapper removes values for other attributes
Closes https://github.com/keycloak/keycloak/issues/22526
2023-09-13 08:11:32 +02:00
vramik
d34a371971 Enable ZeroDowntimeTest
Closes #21825
2023-09-11 19:09:30 +02:00
Pedro Igor
04dd9afc5e Do not store empty attributes when updating user profile
Closes #22960
2023-09-11 07:47:31 -03:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address (#23109)
Closes #22825
2023-09-11 08:56:13 +02:00
rmartinc
7da52a43bd Add old LinkedIn provider to the deprecated profile
Closes https://github.com/keycloak/keycloak/issues/23067
2023-09-08 10:05:17 +02:00
Marek Posolda
506e2537ac
Registration flow fixed (#23064)
Closes #21514


Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-09-08 08:05:05 +02:00
Pedro Igor
bc31fde4c0 Broker claim mapper not recognizing claims from user info endpoint
Closes #12137
2023-09-07 16:34:45 +02:00
Alexander Schwartz
2eb37dbe4f Remove MS SQL JDBC driver from the Keycloak product
Closes #22983
2023-09-07 15:30:34 +02:00
Peter Skopek
ef272f7668 SAML Adapter fix for EAP8 and WF29
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-09-07 13:32:25 +02:00
Kaustubh B
5ee2ba9372 Added tests 2023-09-07 08:43:35 +02:00
Martin Bartoš
6ca78b7554 Return Oracle JDBC driver to the upstream
Closes #22999
2023-09-06 19:11:29 +02:00
rmartinc
8887be7887 Add a new identity provider for LinkedIn based on OIDC
Closes https://github.com/keycloak/keycloak/issues/22383
2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f Role mappers must return a single value when they are not multivalued
Closes #20218
2023-08-31 19:16:12 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation
closes #20045
2023-08-30 13:24:48 +02:00
vramik
4cd34f8423 Update logging properties for showing SQL statements and JDBC parameters
Closes #22815
2023-08-30 12:52:08 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531)
closes #22352 #9422
2023-08-29 11:21:01 +00:00
Pedro Igor
ea3225a6e1 Decoupling legacy and dynamic user profiles and exposing metadata from admin api
Closes #22532

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-08-29 08:14:47 -03:00
Pedro Igor
b779df6a55 Parsing response from user info rather than the access token
Closes #22581
2023-08-29 12:23:56 +02:00
Tomas Ondrusko
e70ffd0105
Handle GitHub logout properly (#22463)
Add profile info update to GitHub login test cases

Closes #22461

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-08-28 10:06:12 +02:00
Michal Hajas
94089bd492 Clean LDAP between test method executions
Closes #22602

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-08-23 04:15:32 -03:00
Martin Bartoš
fcf65389ea
Remove Oracle Database JDBC driver from the Keycloak distribution (#22577)
* Remove Oracle Database JDBC driver from the Keycloak distribution

Closes #22452

* Remove profile for proprietary Oracle JDBC driver

---------

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-21 15:13:49 +00:00
t0xicCode
822c13ff6f Switch Trusted Host policy redirect verification to URI
Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI.
The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used.
In contrast, the URI class simply parses the string, ensuring the format is valid.
The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs.
See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation.

Closes #22309
2023-08-14 10:20:23 +02:00
Pedro Igor
baac060eb1 Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts
Closes #21751
2023-08-11 13:32:16 +02:00
Erik Jan de Wit
874d2063b8
only add realm access to the current realm (#21554)
fixes: #21553
2023-08-10 12:43:15 +02:00
wojnarfilip
6c070d587f Closes #22282 2023-08-10 12:05:20 +02:00
Todor Staykovski
dffa7a31cb
Add subgroups sorting (#22295)
* Review comments to add a test, update the API description and adjust the map storage.

Closes #19348

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-07 21:18:09 +02:00
Takashi Norimatsu
258711ef4f DPoP verification in UserInfo endpoint
closes #22215
2023-08-07 10:49:33 +02:00
Takashi Norimatsu
9d0960d405 Using DPoP token type in the access-token and as token_type in introspection response
closes #21919
2023-08-07 10:40:18 +02:00
Alex Szczuczko
92bec0214f Add -DdeployTestsuite profile to testsuite
Closes #22258
2023-08-04 20:54:59 +02:00
Marek Posolda
4dc929abb3
Missing client_id validation match when authenticating client with JW… (#22178)
Closes #22177
2023-08-03 11:47:55 +02:00
Takashi Norimatsu
ee998fee66 Add FAPI 2.0 security profile as default profile of client policies
closes #21181
2023-08-03 09:26:16 +02:00
Ricardo Martin
a8bca522c1
Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627)
Closes #9004


Co-authored-by: Armel Soro <armel@rm3l.org>
2023-08-02 09:36:50 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
2023-08-01 11:44:25 +02:00
mposolda
6f6b5e8e84 Fix authenticatorConfig for javascript providers
Closes #20005
2023-07-31 19:28:25 +02:00
Vlasta Ramik
29b67fc8df
Inconsistent Wildcard handling for JPA (#21671)
* Inconsistent Wildcard handling for JPA

Closes #20610

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-07-27 17:03:22 +02:00
rmartinc
0a7fcf43fd Initial pagination in the admin REST API for identity providers
Closes https://github.com/keycloak/keycloak/issues/21073
2023-07-27 14:48:02 +02:00
Martin Bartoš
4b36da03db Profile activation for WF app server doesn't properly work for Windows
Fixes #21284
2023-07-27 12:09:00 +02:00
Takashi Norimatsu
9a921441cc Adjustements to the behaviour of dpop_bound_access_tokens switch
closes #21920
2023-07-27 11:30:01 +02:00
Takashi Norimatsu
6498b5baf3 DPoP: OIDC client registration support
closes #21918
2023-07-26 13:00:35 +02:00
Ricardo Martin
ee35cfe478
Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages (#21897)
* Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page
Closes #10232
2023-07-26 11:34:19 +02:00
Marek Posolda
bb8ba1af5a
Fix script tests on windows (#21942)
Closes #21778 #21779 #21780
2023-07-25 12:37:21 +00:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase (#21202)
closes #21200


Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2023-07-24 16:44:24 +02:00
Takashi Norimatsu
05b8b9ee51 Enhancing Pluggable Features of Token Manager
closes #21182
2023-07-24 09:16:29 +02:00
Takashi Norimatsu
2efd79f982 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
Closes #20584
2023-07-24 09:11:30 +02:00
Martin Kanis
6907134f17 Removing workaround for state transfer never completes
Closes #21256
2023-07-21 18:21:00 +02:00
rmartinc
7336ff07ac Check RDN attribute for DN membership
Closes https://github.com/keycloak/keycloak/issues/20718
2023-07-21 11:13:45 +02:00
todor
897965f604 KEYCLOAK-20343 Add message bundle to export/import
Closes #20343
2023-07-20 23:00:28 +02:00
Alexander Schwartz
7c9593f88a
Upgrade Infinispan to 14.0.13.Final (#21565)
Closes #21564
2023-07-20 16:59:19 +00:00
Václav Muzikář
776bcbcbd4
Update bcpkix and bcprov dependencies (#21543)
Closes #21360
2023-07-20 11:57:18 +02:00
vramik
13d412989c Disable ZeroDowntimeTest
Closes #21823
2023-07-19 20:35:08 +02:00