Commit graph

3998 commits

Author SHA1 Message Date
Robert Dey
4df73714e0 Fix totp manual link for proxy mode
Closes #11774
2023-03-30 12:03:43 -03:00
mposolda
709c6b5a47 Regressions in redirect URL verification when redirect_uri has encoded path or default port
closes #16851
closes #16587
2023-03-30 14:20:10 +02:00
Pedro Igor
48082d08ec Email visible on registration page when edit username is not allowed
Closes #17439
2023-03-30 08:11:30 +02:00
Michal Hajas
e49dfe534e Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store
Closes #17277
2023-03-29 16:43:01 +02:00
Daniel Kobras
a45b5dcd90 Prefer cert over pubkey in SAML metadata
If SAML key material was given as a certificate, consistently
expose the certificate rather than just the public key when
presenting SAML metadata info. This change ensures that the
client obtains sufficient information (eg. issuer) to close
the trust chain.

Closes: #17549

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
2023-03-29 11:17:24 +02:00
Marek Posolda
032ece9f7b
Clarify user session limits documentation and test SSO scenario (#19372)
Closes #17374


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-03-29 10:08:45 +02:00
rmartinc
2bb9de1a8c Allow application/jwt media type for userinfo endpoint
Closes: https://github.com/keycloak/keycloak/issues/19346
2023-03-28 08:47:35 -03:00
Pedro Igor
a9c605750d Returning email as username setting for admins
Fixes #17591
2023-03-27 16:33:44 -03:00
Alexander Schwartz
ccec3639ff Update provider to create documentation entries for its properties
Closes #17565
2023-03-27 09:03:41 -03:00
Alexander Schwartz
251f6151e8 Rework the Import SPI to be configurable via the Config API
Also rework the export/import CLI for Quarkus, so that runtime options are available.

Closes #17663
2023-03-24 15:28:55 -03:00
Klajdi Paja
cf61a65198 Return a user friendly message when a group name already exists on the same level.
Closes #16888
2023-03-24 08:13:49 +01:00
Douglas Palmer
a48db930fe Theme resource common path is always /keycloak/common
Closes #17569
2023-03-24 08:11:21 +01:00
Ayrat Hudaygulov
f578f91a0b Fix ID token not being sent after expiration for OIDC logout
Closes #10164
2023-03-23 13:01:02 +01:00
Konstantinos Georgilakis
fd28cd2d4b Service Accounts Client must create the Client ID mapper with Token Claim Name as client_id
closes #16329
2023-03-23 11:45:34 +01:00
tomjo
705d20d4a2 AllowAllDockerProtocolMapper now allows multiple resourceScopes delimited by spaces as specified by the docker auth token spec.
Closes #17187
2023-03-23 09:43:43 +01:00
rmartinc
bef0a4a6f1 Check frontendUrl in the hostname providers
Closes https://github.com/keycloak/keycloak/issues/17686
2023-03-20 18:54:58 -03:00
rmartinc
cab7e50410 Better handling for SAML signatures in POST and REDIRECT bindings
Closes https://github.com/keycloak/keycloak/issues/17456
2023-03-15 09:06:59 -03:00
vramik
25d6161ebd Remove ClearExpiredUserSessions, ClearExpiredClientInitialAccessTokens and ClearExpiredEvents from services module
Closes #13835
2023-03-10 09:09:51 +01:00
Douglas Palmer
4a382752aa Reverted back to Parser from CachingParser due to thread safety concerns
closes #16729
2023-03-09 17:50:39 +01:00
Douglas Palmer
181e1b914f Update to UA Parser 1.5.4 and use CachingParser
closes #16729
2023-03-08 11:46:39 +01:00
Tero Saarni
9052ec2b02
Add admin events for realm create/delete. (#10831)
Closes #10733
2023-03-07 15:57:06 +01:00
Simon Levermann
96c1cf3c49 Allow mapping of UserSessionNotes into UserInfo
Fixes #15369
2023-03-07 15:25:14 +01:00
rmartinc
a56b38c5a6 Don't remove session and don't reset restart cookie if passive check error
Closes https://github.com/keycloak/keycloak/issues/11340
2023-03-07 15:10:09 +01:00
rmartinc
06ff8b016c Don't set REMEMBER_ME if it's disabled at realm level
Closes https://github.com/keycloak/keycloak/issues/11330
2023-03-07 15:01:58 +01:00
Alexander Schwartz
f6f179eaca Rework the export to use CLI options and property mappers
Also, adding the wiring to support Model tests for the export.

Closes #13613
2023-03-07 08:22:12 +01:00
mposolda
a0192d61cc Redirect loop with authentication success but access denied at default identity provider
closes #17441
2023-03-06 10:45:01 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer
Closes #17336
2023-03-03 17:58:34 +01:00
Zakaria Amine
fb5a7f654b
trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100)
closes #15098
2023-03-03 17:49:27 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334)
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
mposolda
b28bde542f referrer_url is not correctly computed in account console
closes #16484
2023-03-01 20:49:15 +01:00
Marek Posolda
59f4fe1c60
NPE on Theme after upgrade to 21 when parent or import theme not exists (#17350)
* NPE on Theme after upgrade to 21 when parent or import theme not exists
closes #17313

* Update per review
2023-03-01 15:46:37 +00:00
mghalbi
e19e7bef2d fix error in check mediaType 2023-02-27 14:34:32 -03:00
mghalbi
116b2fed0c Added check for the presence of Content-Type header in the request 2023-02-27 14:34:32 -03:00
Pedro Igor
fbf5541802 Remove duplicated set-cookie header from response when expiring cookies
Closes #17192
2023-02-27 14:17:27 -03:00
lpa
3cd413dee1 SOAP backchannel logout for SAML protocol
Closes #16293
2023-02-27 14:24:12 +01:00
rmartinc
38a46726e4 Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers
Closes https://github.com/keycloak/keycloak/issues/15624
2023-02-27 10:14:48 -03:00
mposolda
f180115d27 Log some details if error happens in CIBA authentication request
Closes #14650
2023-02-23 14:36:28 +01:00
Yohan Siguret
82423f38a1 Add user id to TOKEN_EXCHANGE events
Co-authored-by: thaDude <ogdude@googlemail.com>
2023-02-22 17:13:48 -03:00
Hynek Mlnarik
878debd2ab Forbid changing ID
Closes: #16881
2023-02-22 17:19:22 +01:00
Marek Posolda
b9ab942ef8
FIPS related docs (#17196)
* FIPS related docs
Closes #16444 #12432 #12429

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-02-22 12:47:15 +01:00
Alexander Schwartz
54048f1e6c Callers need to indicate if cookies need to be set at the end of the transaction
Closes #17141
2023-02-21 11:54:32 +01:00
Douglas Palmer
1d75000a0e Create an SPI for DeviceActivityManager
closes #17134
2023-02-20 09:29:11 +01:00
Zakaria Amine
0972edd6a5
Fix label for IdpReviewProfileAuthenticatorFactory (take 2) (#17062)
Use static english text for IdpReviewProfileAuthenticatorFactory label config
Closes #16658
2023-02-16 19:16:00 +01:00
drohwer89
4ff180da64
Terminating all sessions above the session limit (#16068)
Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit.

Closes #14689

Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-02-16 17:56:59 +01:00
summersab
a64f6dcfc2 Update TotpBean.java
Add a `getUsername()` method to the `TotpBean` class so usernames can be used in the TOTP templates.
2023-02-16 08:13:39 -03:00
sui.jieqiang
1f6fa0501c Fix search user groups without limit
Closes #12649
2023-02-15 15:50:46 +01:00
Pedro Igor
9e46b9e43f Handling events after transaction completion using a separate session
Closes #15656
2023-02-14 13:10:57 +01:00
Alexander Schwartz
d4604984d0
Compatibility with Maven4 and parallel builds (#16312)
Closes #16308
2023-02-14 11:44:53 +01:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
2023-02-10 12:06:49 +01:00
Stefan Guilhen
1da6244ec0 Add retry logic to LoginActionsService#authenticate
In addition to that, avoid adding cookies on each retry.

Closes #15849

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-02-09 11:56:15 +01:00