Commit graph

4873 commits

Author SHA1 Message Date
Ricardo Martin
226daa41c7
Add service account mappers via client scope instead of dedicated scope (#34664)
Closes #10417

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
2024-11-07 08:45:11 +01:00
rmartinc
d2e19da64e Avoid using nip.io resolution in RefreshTokenTest#refreshTokenWithDifferentIssuer test
Closes #25675

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-11-06 14:53:19 +01:00
Ricardo Martin
ce454bda47
Remove online session when offline access is requested as the first request (#34346)
Closes #34001

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>

---------

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-11-06 08:33:12 +01:00
fwojnar
b3dd26a7c3
Migrate WelcomeTestPage to testsuite framework (#34543)
* Migrate WelcomeTestPage to testsuite framework

Closes #34491

Signed-off-by: wojnarfilip <fwojnar@redhat.com>

* Refactor welcome page a bit

Signed-off-by: stianst <stianst@gmail.com>

* Fixes for htmlunit

Signed-off-by: stianst <stianst@gmail.com>

* Cleanup imports

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
2024-11-05 10:57:58 +01:00
Giuseppe Graziano
612e2caae1 Refresh the login page when root auth session changes
Closes #32658

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-11-04 18:31:42 +01:00
Bernd Bohmann
7681687e0a
Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener
inspired by
https://github.com/aerogear/keycloak-metrics-spi
https://github.com/please-openit/keycloak-native-metrics

Closes #33043

Signed-off-by: Bernd Bohmann <bommel@apache.org>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-11-04 08:56:24 +01:00
Stefan Guilhen
af434d6bc1 Add checks to prevent GroupLDAPStorageMapper from performing operations on groups it does not manage
Closes #11008
Closes #17593
Closes #19652

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-11-01 15:49:55 -03:00
Thomas Darimont
36b01cbea0 Revise PAR request object parameter handlig (#34352)
We now store the original parameter value as-is, in case only a single parameter value is provided. In case multiple parameter values are provided
for the same parameter, we only retain the first parameter.
This ensures that the original value is retained. Previously the value list from the
`decodedFormParameters` `MultivaluedMap` was converted to a String while replacing '[' and ']'
with an empty string, which corrupted the original parameter values stored.

Fixes #34352

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-31 16:26:31 +01:00
Pedro Igor
db780ed6c7 Trying to make sure there is no active tasks and introduce a timeout
Closes #34432

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-31 12:10:22 +01:00
rmartinc
78aa08941a Fix NPE in ConditionalOtpFormAuthenticator if no configuration
Closes #34298

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-31 07:48:07 -03:00
vramik
b27a5d05b4 Fix error message in test
Signed-off-by: vramik <vramik@redhat.com>
2024-10-30 12:26:03 -03:00
vramik
3d91df42d8 Declining terms and conditions in account-console results in error
Closes #28328

Signed-off-by: vramik <vramik@redhat.com>
2024-10-30 12:26:03 -03:00
Giuseppe Graziano
3d663802bb Fix flaky test for concurrent client creation on H2 database
Closes #29290

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-10-29 20:58:50 -03:00
rmartinc
b52256facc Set client in context for dynamic scopes calculation
Closes #33684

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-28 17:32:06 -03:00
Marek Posolda
3784fd1f67
Attempt to run snapshot Keycloak server against production DB should fail during migration
closes #30364

Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-28 15:02:26 +00:00
Douglas Palmer
c816d5e030 Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP_bruteForceEnabled
Closes #34075

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-28 11:30:38 -03:00
Pedro Ruivo
84f4bd8af1 Client Scope updates are not replicated between Keycloak nodes
Fixes #33731

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-25 11:22:15 +02:00
rmartinc
e41553bcfb Create a new logout session when initiating it for another client
Closes #34207

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-25 10:02:23 +02:00
Douglas Palmer
fd1dd49ade Flaky Test: BrowserFlowTest.testAlternativeNonInteractiveExecutorInSubflow()
Closes #34273

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-24 22:36:11 +02:00
Martin Kanis
4f3ced9560 ConcurrentModificationException when restarting user sessions
Closes #34093

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-24 21:26:50 +02:00
Steven Hawkins
b2ccde29bb
fix: persist build time spi options (#34157)
closes: #33902

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-10-23 16:51:11 +02:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-22 20:19:19 +00:00
Gilvan Filho
c4005d29f0 add linear strategy to brute force
closes #25917

Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
2024-10-22 10:33:22 -03:00
rmartinc
6d52520730 Load client keys using SubjectPublicKeyInfo and upload jwks type into the jwks attributes for OIDC ones
Closes #33820

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-22 14:24:15 +02:00
Martin Kanis
01026fab79 Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP_bruteForceEnabled
Closes #34075

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-22 08:06:56 -03:00
mposolda
703f16ea86 Hide the 'Delete' button in the account console when DeleteCredentialAction is disabled or unavailable
closes #30204

Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-22 11:07:08 +02:00
Pedro Igor
6d5923d560 Tests for role and time policy configuration validation
Closes #28978

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-22 05:43:05 -03:00
Douglas Palmer
271e749c82 ResetPasswordTest.resetPasswordExpiredCode Error -> AbstractKeycloakTest.deleteAllCookiesForRealm:297
Closes #33940

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-22 09:09:16 +02:00
rmartinc
2004467749 Check alias is unique for authenticator config when it is created
Closes #31727

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-21 15:25:32 +02:00
Simon Levermann
dcf1d83199
Enable enforcement of a minimum ACR at the client level (#16884) (#33205)
closes #16884 

Signed-off-by: Simon Levermann <github@simon.slevermann.de>
2024-10-21 13:54:02 +02:00
Douglas Palmer
2dd754533d Flaky Test ResetPasswordTest.resetPasswordLoggedUser:188->openResetPasswordUrlAndDoFlow:252
Closes #34023

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-21 08:36:49 +02:00
Igor Petrov
8e872818c5 feat: eliminate client secret requirement
This commit eliminates neccessity for providing client secret when
constructing client via Admin Client API. The requirement for client
secret became obsolete when Keycloak onboarded a X509 certificate
authorizer.

closes #33755

Signed-off-by: Igor Petrov <igor.petrov-ext@camunda.com>
2024-10-18 16:35:15 +02:00
Pedro Igor
3a9bab35b6 Fixing action token lifespan information in the invitation email
Closes #34049

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-18 09:10:14 +02:00
Pedro Igor
d1dba15964 Do not show domain match message in the identity-first login when no login hint is provided
Closes #34069

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-18 09:05:27 +02:00
Pedro Igor
ee38d551ce Respect the locale set to a user when redering verify email pages
Closes #34063

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-18 09:04:38 +02:00
Stefan Guilhen
7d8ff710c2 Invalidate user session when associated IdP is missing (previously removed)
Closes #31724

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-17 16:30:51 -03:00
Pascal Knüppel
41ee68611f
Allow to create EC certificates if new EC-key-provider is created (#31843)
Closes #31842

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-10-17 16:05:59 +02:00
Thomas Darimont
6a4ec24015 Users have to authenticate first before account-console is loaded
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
Thomas Darimont
c400eff9b0 Account console backend should redirect to login on missing auth (#31469)
Adapted the login redirect logic from the old account console.

Fixes #31469

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
rmartinc
13655007a6 Remove online session for offline access in direct access grants and client credentials
Closes #32650

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-17 10:49:05 +02:00
Martin Kanis
a8a5c96510 Fix unstable testPostBrokerLoginFlowWithOTP_bruteForceEnabled test
Closes #33549

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-15 15:36:05 -03:00
Martin Kanis
8fb5ecaa6c Auth not possible for auth session where user was enabled in the meantime
Closes #33883

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-15 14:28:36 -03:00
Jon Koops
228c21a7a0
Allow Keycloak JS to be initialized without passing options (#33950)
Closes #8935

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-15 17:46:15 +02:00
Pedro Igor
b76f4f9c1b Avoid iterating over user policies when removing users
Closes #19358

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-15 15:01:40 +02:00
Martin Kanis
0ebf862b63 LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and user already exists
Closes #32266

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-11 09:16:17 -03:00
rmartinc
7e5734fd48 Fix incorrect filter in docker protocol
Closes #33776

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-11 08:58:18 +02:00
Pedro Igor
9a3d81c23e Only process organization selection when the user is identified
Closes #33699

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-10 16:24:25 +02:00
rmartinc
a74e60f4d7 Check email with ignorecase when setting basic attributes in IdP
Closes #31848

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-10 09:55:58 +02:00
Jon Koops
3930356c21
Treat unencrypted local origins as an insecure context in Safari (#33700)
Closes #33557

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-09 23:38:03 +02:00
Douglas Palmer
a276b3bb3d Flaky test: org.keycloak.testsuite.forms.BrowserButtonsTest#appInitiatedRegistrationWithBackButton
Closes #32676

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-09 08:00:57 +02:00