Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators ( #31549 )
...
Closes #30476
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:03:21 +02:00
Pedro Igor
1f8280c71a
Allow members joining multiple organizations
...
Closes #30747
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Giuseppe Graziano
12732333c8
Client scope assignment for client registration
...
Closes #31062
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-26 17:33:49 +02:00
Stian Thorgersen
30cd88fefe
Change default bootstrap admin service account client-id ( #31649 )
...
Closes #31648
Signed-off-by: stianst <stianst@gmail.com>
2024-07-26 10:45:26 +00:00
vramik
649b35929e
Make sure users created through a registration link are managed members
...
Closes #30743
Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071
feature: password age in days policy
...
Closes #30210
Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
2024-07-24 15:12:16 -03:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation( #30692 )
...
closes #30525
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-07-24 13:45:39 +02:00
rmartinc
5db3772d45
Remove TrustedHostClientRegistrationPolicyTest#testGithubDomain
...
Closes #29271
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-23 11:33:38 +02:00
Diego Ramp
ae74d923d2
fix bad debugv({}) in favor of more tolerant debugf(%s)
...
Closes #31368
Signed-off-by: Diego Ramp <diego.ramp@mobi.ch>
2024-07-18 10:34:32 +02:00
mposolda
3110bb8989
Missing Cache-Control header when response_type parameter is missing in login request
...
closes #29866
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-18 10:17:52 +02:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential ( #30920 )
...
closes #30918
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-07-18 09:52:02 +02:00
Captain-P-Goldfish
526286e851
Manipulate OpenID redirect-response with custom implementation
...
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-07-17 17:20:18 +02:00
Martin Kanis
e5848bdcf9
Cannot set unmanagedAttributePolicy without profile attributes
...
Closes #31153
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-17 09:53:59 -03:00
Ricardo Martin
3d12c05005
Correctly moves to the next required action ( #31358 )
...
Closes #31014
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-07-17 09:38:29 +02:00
Pascal Knüppel
8485bc38ef
Make ProofType a string instead of enum ( #31000 )
...
fixes #30999
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-16 11:30:38 +02:00
Martin Kanis
887db25f00
Allow auto-redirect existing users federated from organization broker when using the username
...
Closes #30746
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-15 13:48:45 -03:00
Pedro Igor
c33585a5f4
All pubic brokers are shown during authentication rather than only those associated with the current organization
...
Closes #31246
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-12 17:51:39 +02:00
Douglas Palmer
9300903674
page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt
...
Closes #25440
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-07-12 16:24:21 +02:00
Pascal Knüppel
4028ada2a5
Add required default-context value to VerifiableCredential ( #30959 )
...
closes #30958
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-11 18:25:11 +02:00
Pascal Knüppel
96234d42cf
Exchange Enum type of Format for String ( #30875 )
...
closes #30873
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-11 18:18:14 +02:00
Steven Hawkins
4970a9b729
fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD
...
closes : #30658
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-07-11 18:07:57 +02:00
Pedro Igor
0410653e71
Do not send attributes when unlocking the user
...
Closes #31165
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-11 14:16:23 +02:00
rmartinc
096e335a92
Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider
...
Closes #30880
Closes #29755
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-11 12:40:45 +02:00
Pedro Igor
da6c9ab7c1
Bruteforce protector does not work when using organizations
...
Closes #31204
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-11 00:26:47 +02:00
Martin Kanis
922eaa9fc8
Disable username prohibited chars validator when email as username is… ( #31140 )
...
* Disable username prohibited chars validator when email as the username is set
Closes #25339
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 09:46:24 -03:00
Pedro Igor
d475833361
Do not expose kc.org attribute in user representations
...
Closes #31143
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 13:43:23 +02:00
rmartinc
f78a46485d
TE should create a transient session when there is no initial session in client-to-client exchange
...
Closes #30614
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-08 15:44:38 -03:00
Lucy Linder
b4f7487dd3
Fix ReCAPTCHA Enterprise failing due to new properties in response
...
The assessment response added a new field called accountDefenderAssessment.
This commit adds the new property, and also ensures new properties won't be
problematic next time by ignoring unknown properties on the top level object.
Closes : #30917
Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-07-08 16:59:47 +02:00
Thomas Darimont
c460fa7b48
Allow user to configure prompt parameter for google sign-in
...
Closes #16750
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-04 12:01:32 +02:00
Pedro Igor
f010f7df9b
Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-03 11:55:04 -03:00
Martin Kanis
e1b735fc41
Identity-first login flow should be followed by asking for the user credentials
...
Closes #30339
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-03 11:55:04 -03:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user ( #30054 )
...
* fix: adding password and service account based bootstrap and recovery
closes : #29324 , #30002 , #30003
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Fix tests
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-07-03 15:23:40 +02:00
Giuseppe Graziano
02d64d959c
Using _system client when account client is disabled for email actions
...
Closes #17857
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet
20cedb84eb
Check refresh token flow response for offline based on refresh token request parameter
...
Closes #30857
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-07-02 18:13:30 -03:00
Pedro Igor
cc2ccc87b0
Filtering organization groups when managing or processing groups
...
Closes #30589
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-28 10:27:18 -03:00
Thomas Darimont
690c6051bb
Fix scope policy evaluation for client to client token exchange ( #26435 )
...
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.
We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.
We also ensure backwards compatibility for ClientPermissionManagement API.
Fixes #26435
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-06-28 10:33:20 +02:00
Douglas Palmer
601355d517
Flaky test: org.keycloak.testsuite.oauth.TokenIntrospectionTest#testUnsupportedToken
...
Closes #30111
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-27 18:41:48 +02:00
mposolda
3c3f59f861
Move some server related logic from info representation classes to server codebase
...
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 11:00:30 +02:00
Jon Koops
cd0dbdf264
Use the Keycloak server URL for common resources ( #30823 )
...
Closes #30541
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-26 14:52:25 +00:00
Takashi Norimatsu
b0aac487a3
VC issuance in Authz Code flow with considering scope parameter
...
closes #29725
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-24 10:53:19 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM ( #29927 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
mposolda
6a9e60bba0
Flow steps back when changing locale or refreshing page on 'Try another way page'
...
closes #30520
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-21 11:22:15 +02:00
rmartinc
592c2250fc
Add briefRepresentation query parameter to getUsersInRole endpoint
...
Closes #29480
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-21 11:21:02 +02:00
Takashi Norimatsu
6b135ff6e7
client-jwt authentication fails on Token Introspection Endpoint
...
closes #30599
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-21 10:47:25 +02:00
Pedro Igor
a0ad680346
Adding an alias to organization and exposing them to templates
...
Closes #30312
Closes #30313
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
Jon Koops
77fb3c4dd4
Use correct host URL for Admin Console requests ( #30535 )
...
Closes #30432
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-19 15:21:53 +02:00
Francis Pouatcha
d4797e04a2
Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification ( #30420 )
...
closes #30419
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-06-18 17:07:49 +02:00
rmartinc
38d8cf2cb3
Add UPDATE event to the client-roles condition
...
Closes #30284
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-18 15:30:42 +02:00
Thibault Morin
f6fa869b12
feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP ( #29619 )
...
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP
Signed-off-by: tmorin <git@morin.io>
* Adding broker test and minor improvements
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing IdentityProviderTest
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Renaming methods related to idp initiated flows
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing partial_import_test.spec.ts
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---------
Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-14 08:54:49 -03:00
vramik
d355e38424
Provide a cache layer for the organization model
...
Closes #30087
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00