Commit graph

330 commits

Author SHA1 Message Date
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
stianst
1de9c201c6 Refactor Profile
Closes #15206
2022-11-07 07:28:11 -03:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114)
Closes #14794
2022-11-03 09:32:45 +01:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models
Closes #14720
2022-10-25 09:01:33 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697)
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
vramik
f49582cf63 MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable
Closes #14678
2022-10-14 09:32:38 +02:00
Alice Wood
1eb7e95b97 enhance existing group search functionality allow exact name search keycloak/keycloak#13973
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
2022-09-30 10:37:52 +02:00
Alice Wood
55a660f50b enhance group search to allow searching for groups via attribute keycloak/keycloak#12964
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-09-19 15:19:36 +02:00
Takashi Norimatsu
0a832fc744 Intent support before issuing tokens (UK OpenBanking)
Closes #12883
2022-09-19 12:15:00 +02:00
Pedro Igor
3518362002 Validate auth time when max_age is sent to brokered OPs
Closes #14146
2022-09-09 10:30:51 -03:00
Thomas Peter
19d69169b1 introduce expiration option for admin events 2022-09-06 16:05:53 +02:00
Pedro Igor
333a4c900f Revert changes that block themes being loaded from custom providers
Closes #13401
2022-08-04 13:34:12 +02:00
Stian Thorgersen
a251d785db
Remove text based login flows (#13249)
* Remove text based login flows

Closes #8752

* Add display param back in case it's used by some custom authenticators
2022-07-22 15:15:25 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
2022-07-22 08:20:00 +02:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType
This reverts commit 3b5a578934.
2022-06-30 12:20:51 -03:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants
Closes #12485
2022-06-29 13:35:11 +02:00
Takashi Norimatsu
a10eef882f DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent
Closes #12455
2022-06-22 13:01:35 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
1a227212de Simplify implementation of a federated storage by moving the default implementation to the abstract base class; this will also allow the quickstarts and implementations derived from that to run without changes. 2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
mposolda
4222de8f41 OIDC RP-Initiated Logout POST method support
Closes #11958
2022-05-30 14:10:58 +02:00
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled
Closes #12118
2022-05-23 13:01:30 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation
Closes #11189
2022-05-17 12:57:35 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups
Closes: 11771

see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117)
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-04-20 14:25:16 +02:00
Martin Bartoš
3aa3db16ea
Fix error response for invalid characters (#11533)
Fixes #11530
2022-04-20 11:26:08 +02:00
Alexander Schwartz
a6dd9dc0f1 Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests.
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.

Closes #11211
2022-04-12 09:12:21 +02:00
Alexander Schwartz
5c810ad0e5 Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST"
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".

Also implementing a retry logic for all remaining errors regarding LDAP.

Closes #11171
2022-04-11 10:03:15 +02:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint (#10887)
* OIDC RP-Initiated logout endpoint
Closes #10885

Co-Authored-By: Marek Posolda <mposolda@gmail.com>

* Review feedback

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
2022-03-30 11:55:26 +02:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Martin Bartoš
02d0fe82bc Auth execution 'Condition - User Attribute' missing
Closes #9895
2022-03-08 08:24:48 +01:00
Marek Posolda
90d4e586b6
Show error in case of an unkown essential acr claim. Make sure correc… (#10088)
* Show error in case of an unkown essential acr claim. Make sure correct acr is set after authentication flow during step-up authentication
Closes #8724

Co-authored-by: Cornelia Lahnsteiner <cornelia.lahnsteiner@prime-sign.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2022-02-15 09:02:05 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
keycloak-bot
9f3d4a7d42 Set version to 17.0.0-SNAPSHOT 2021-12-20 10:50:39 +01:00
Martin Bartoš
b17f0695ee 8793 User Profile multiple implementations 2021-11-15 08:46:34 +01:00
Joerg Matysiak
afc5cb4d14 KEYCLOAK-19617 Simplify creation of custom user profiles
* DeclarativeUserProfileProvider passes its ID to DeclarativeUserProfileModel, so this also works for derived classes.
* Moved creation of declarative user profile model to a protected factory method to allow subclasses to provide their own implementation.
* Added integration tests for custom user profile
* configured declarative-user-profile as default user profile provider in test servers
* Restore previously configured default provider after test with special provider settings
* Some refactoring in SpiProviderSwitchingUtils
2021-10-28 08:26:11 -03:00
R Yamada
891c8e1a12 [KEYCLOAK-17653] - OIDC Frontchannel logout support 2021-10-07 15:27:19 -03:00
Martin Kanis
30b3caee9f KEYCLOAK-18445 Add support for cross-site model tests 2021-10-06 14:37:06 +02:00
Michal Hajas
da0c945475 KEYCLOAK-18940 Add support for searching composite roles 2021-10-01 12:41:19 +02:00
Vlastimil Elias
28e220fa6d KEYCLOAK-18497 - Support different input types in built-in dynamic forms 2021-09-20 09:14:49 -03:00
Takashi Norimatsu
375e47877e KEYCLOAK-18558 Client Policy - Endpoint : support Device Authorization Endpoint 2021-09-20 11:22:58 +02:00
keycloak-bot
262ec3d031 Set version to 16.0.0-SNAPSHOT 2021-07-30 14:56:10 +02:00
mposolda
9b0e1fff8d KEYCLOAK-18903 More customizable OIDC WellKnown provider 2021-07-28 18:03:23 +02:00
mposolda
4520cbd38c KEYCLOAK-18904 Support cert-bound tokens when doing client credentials grant. Client policies support for client credentials grant 2021-07-28 07:24:30 +02:00