vramik
649b35929e
Make sure users created through a registration link are managed members
...
Closes #30743
Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential ( #30920 )
...
closes #30918
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-07-18 09:52:02 +02:00
Martin Kanis
e5848bdcf9
Cannot set unmanagedAttributePolicy without profile attributes
...
Closes #31153
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-17 09:53:59 -03:00
mposolda
1864cf1827
Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25
...
closes #31224
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-15 18:30:35 +02:00
mposolda
3c3f59f861
Move some server related logic from info representation classes to server codebase
...
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 11:00:30 +02:00
Douglas Palmer
5af3001122
Check if OSGI metadata can be removed entirely
...
Closes #29104
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-25 14:12:33 +02:00
Andre F de M
0f061a75e2
Issue: 26568 - bcfips version bump and fixes
...
* bump BCFIPS to 1.0.2.5
* fix bc-fips related test error
* remove unused imports
Closes : #26568
Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
2024-06-25 11:07:27 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM ( #29927 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
Pedro Igor
a0ad680346
Adding an alias to organization and exposing them to templates
...
Closes #30312
Closes #30313
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
rmartinc
c51640546d
Improvements for ldap test authentication
...
Closes #30434
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-15 10:01:24 +02:00
Jon Koops
c7361ccf6e
Run the Vite dev server through the Keycloak server ( #27311 )
...
Closes #19750
Closes #28643
Closes #30115
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-12 11:55:14 +02:00
Patrick Jennings
75925dcf6c
Client type configuration inheritance ( #30056 )
...
closes #30213
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-06-10 18:59:08 +02:00
mposolda
0bf613782f
Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error
...
closes #30102
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-05 13:55:02 +02:00
Pedro Igor
f8d55ca7cd
Export import realm with organizations
...
Closes #30006
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-05 09:50:03 +02:00
mposolda
9074696382
Editing built-in client policy profiles are silently reverted
...
closes #27184
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-03 14:00:37 +02:00
Andrejs Mivreniks
1cf87407fe
Allow setting authentication flow execution priority value via Admin API
...
Closes #20747
Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>
2024-05-30 19:17:45 +02:00
Francis Pouatcha
2683c0a7d1
JWSBuilder when used directly with AsymmetricSignatureSignerContext produces non compliant ECDSA signed JWT ( #29333 )
...
closes #29309
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-05-27 13:45:42 +02:00
Thomas Darimont
ab376d9101
Make required actions configurable ( #28400 )
...
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata
Fixes #28400
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
vramik
278341aff9
Add organizations enabled/disabled capability
...
Closes #28804
Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Patrick Jennings
84acc953dd
Client type OIDC base read only defaults ( #29706 )
...
closes #29742
closes #29422
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-22 09:07:19 +02:00
Stefan Guilhen
aa945d5636
Add description field to OrganizationEntity
...
Closes #29356
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 10:35:51 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc ( #28971 )
...
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d
Add enabled field to OrganizationEntity
...
Closes #28891
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-06 14:46:56 -03:00
Pedro Igor
32d25f43d0
Support for mutiple identity providers
...
Closes #28840
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-04 16:19:27 +02:00
Justin Tay
7bd48e9f9f
Set logout token type to logout+jwt
...
Closes #28939
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-05-03 14:51:10 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Pedro Igor
8e48bac278
Ordering the group and role ids in the policy representation
...
Closes #28824
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-22 20:28:47 +02:00
Thomas Darimont
68617180a2
Show indicator for transient user in user sessions list in admin ui (28879)
...
For transient users a transient label is now shown in the realm sessions and client sessions list in the admin ui.
Fixes #28879
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-19 09:48:41 +02:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint ( #146 ) ( #28866 )
...
Closes #47
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Conflicts:
core/src/main/java/org/keycloak/util/TokenUtil.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 14:11:05 +02:00
Pedro Igor
61b1eec504
Prevent members with an email other than the domain set to an organization
...
Closes #28644
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Stefan Guilhen
9a466f90ab
Add ability to set one or more internet domain to an organization.
...
Closed #28274
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00
Martin Kanis
51fa054ba7
Manage organization attributes
...
Closes #28253
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-10 09:10:49 -03:00
rmartinc
41b706bb6a
Initial security profile SPI to integrate default client policies
...
Closes #27189
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-10 11:19:56 +02:00
Giuseppe Graziano
c76cbc94d8
Add sub via protocol mapper to access token
...
Closes #21185
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-10 10:40:42 +02:00
vibrown
3fffc5182e
Added ClientType implementation from Marek's prototype
...
Signed-off-by: vibrown <vibrown@redhat.com>
More updates
Signed-off-by: vibrown <vibrown@redhat.com>
Added client type logic from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Justin Tay
e765932df3
Skip unsupported keys in JWKS
...
Closes #16064
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-08 08:42:31 +02:00
Giuseppe Graziano
b4f791b632
Remove session_state from tokens
...
Closes #27624
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-08 08:12:51 +02:00
vramik
fa1571f231
Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member
...
Closes #27993
Signed-off-by: vramik <vramik@redhat.com>
2024-03-26 14:02:09 -03:00
Stian Thorgersen
3f9cebca39
Ability to set the default provider for an SPI ( #28135 )
...
Closes #28134
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:45:08 +01:00
Pedro Igor
7fc2269ba5
The bare minimum implementation for organization
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
2024-03-15 11:06:43 -03:00
Pedro Igor
fa8485e10e
User locale in server info has language and country switched around ( #27680 )
...
Closes #17154
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-15 13:30:32 +00:00
Stefan Wiedemann
6fc69b6a01
Issue Verifiable Credentials in the SD-JWT-VC format ( #27207 )
...
closes #25942
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-03-11 08:55:28 +01:00
Pedro Igor
d12711e858
Allow fetching roles when evaluating role licies
...
Closes #20736
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
...
Closes #25823
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
Pedro Igor
604274fb76
Allow setting an attribute as multivalued
...
Closes #23539
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Francis Pouatcha
f7e60b4338
OID4VC: Keycloak native support of SD-JWT ( #25829 )
...
Closes #25638
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-02-19 17:56:18 +01:00
vibrown
161d03efd2
Added SPIs for ClientType and ClientTypeManager
...
Grabbed the SPIs for ClientType and ClientTypeManager from Marek's Client Type prototype.
Closes #26431
Signed-off-by: vibrown <vibrown@redhat.com>
Cleaned up TODOs
Signed-off-by: vibrown <vibrown@redhat.com>
Added isSupported methods
Signed-off-by: vibrown <vibrown@redhat.com>
2024-02-13 19:26:19 +01:00
Takashi Norimatsu
b99f45ed3d
Supporting EdDSA
...
closes #15714
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: Muhammad Zakwan Bin Mohd Zahid <muhammadzakwan.mohdzahid.fg@hitachi.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-01-24 12:10:41 +01:00
MikeTangoEcho
c2b132171d
Add X509 thumbprint to JWT when using private_key_jwt
...
Closes keycloak#12946
Signed-off-by: MikeTangoEcho <mathieu.thine@gmail.com>
2024-01-12 16:01:01 +01:00