Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs ( #29966 )
...
Closes #14122
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
Pedro Igor
4c39fcc79d
Allow to configure if users are automatically redirected when the email domain matches an organization
...
Closes #30050
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-03 13:34:21 +02:00
mposolda
37c10b4d43
Improve documentation for the case when 'basic' client scope already exists
...
closes #29880
Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-29 13:32:05 +02:00
Pedro Igor
bbb83236f5
Do not lower-case the username from the IdP when creating the federated identity
...
Closes #28495
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 01:58:20 -03:00
Stefan Guilhen
694ffaf289
Allow organizations in different realms to have the same domain
...
Closes #29886
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-28 08:02:30 -03:00
mposolda
ea1cdc10bd
MigrateTo25_0_0 does not complete within default transaction timeout
...
closes #29756
Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-27 10:31:39 +02:00
Pedro Igor
2d4d32764c
Show a message when confirming an invitation link
...
Closes #29794
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-27 08:33:22 +02:00
Daniel Fesenmeyer
c08621fa63
Always order required actions by priority (regardless of context)
...
- AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action
- AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation)
- add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now)
- fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80)
Closes #16873
Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2024-05-23 09:07:56 +02:00
Thomas Darimont
ab376d9101
Make required actions configurable ( #28400 )
...
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata
Fixes #28400
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
vramik
278341aff9
Add organizations enabled/disabled capability
...
Closes #28804
Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions
...
Closes #29375
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 10:30:46 +02:00
rmartinc
f7044ba5c2
Use SessionExpirationUtils for validate user and client sessions
...
Check client session is valid in TokenManager
Closes #24936
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Nicola Beghin
3d1c20b4a5
Add new ProviderConfigProperty
type for URLs in Admin Console ( #27743 )
...
Closes #27673
Signed-off-by: Nicola Beghin <nicolabeghin@gmail.com>
2024-05-14 09:34:49 +00:00
mposolda
d8a7773947
Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests
...
closes #12298
Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-13 16:33:29 +02:00
Pedro Igor
b50d481b10
Make sure organization groups can not be managed but when managing an organization
...
Closes #29431
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-10 21:28:11 -03:00
Stefan Guilhen
aa945d5636
Add description field to OrganizationEntity
...
Closes #29356
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 10:35:51 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc ( #28971 )
...
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d
Add enabled field to OrganizationEntity
...
Closes #28891
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-06 14:46:56 -03:00
Pedro Igor
32d25f43d0
Support for mutiple identity providers
...
Closes #28840
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-04 16:19:27 +02:00
Giuseppe Graziano
8c3f7cc6e9
Ignore include in token scope for refresh token
...
Closes #12326
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-05-03 09:05:03 +02:00
Steven Hawkins
4697cc956b
further refinement of context handling ( #28182 )
...
* fully removing providers and moving the keycloaksession creation / final
cleanup
also deprecated Resteasy utility methods
closes : #29223
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-02 11:21:01 -04:00
Stefan Guilhen
45e5e6cbbf
Introduce filtered (and paginated) search for organization members
...
Closes #28844
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-02 11:25:43 -03:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions
...
All writes for the sessions are handled by a background thread which batches them.
Closes #28862
Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile
Closes #29141
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 14:07:35 +02:00
Pedro Igor
51352622aa
Allow adding realm users as an organization member
...
Closes #29023
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-29 08:37:47 -03:00
mruzicka
ae1aaef96c
Avoid re-creating required action comparator ( #29122 )
...
closes #29130
Signed-off-by: Michal Růžička <michal.ruza@gmail.com>
2024-04-29 09:18:50 +02:00
vramik
d65649d5c0
Make sure organization are only manageable by the admin users with the manage-realm role
...
Closes #28733
Signed-off-by: vramik <vramik@redhat.com>
2024-04-23 12:16:57 -03:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Tero Saarni
64862d568e
Convert database errors to 500 instead of 400.
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-04-22 11:42:18 -03:00
Pedro Igor
1e3837421e
Organization member onboarding using the organization identity provider
...
Closes #28273
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Stefan Guilhen
2ab8bf852d
Add validation for the organization's internet domains.
...
Closes #28634
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Pedro Igor
61b1eec504
Prevent members with an email other than the domain set to an organization
...
Closes #28644
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions ( #28319 )
...
Persistent sessions code also for offline sessions
Closes #28318
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289
Escape slashes in full group path representation but disabled by default
...
Closes #23900
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Pedro Igor
8f8094408e
Encapsulate the logic to set attributes into the domain model
...
Closes #28646
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-11 15:32:21 -03:00
Stefan Guilhen
9a466f90ab
Add ability to set one or more internet domain to an organization.
...
Closed #28274
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00
Martin Kanis
51fa054ba7
Manage organization attributes
...
Closes #28253
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-10 09:10:49 -03:00
rmartinc
41b706bb6a
Initial security profile SPI to integrate default client policies
...
Closes #27189
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-10 11:19:56 +02:00
Alexander Schwartz
63e7523a6d
Avoid unnecessary updates to the sessions during refreshes of tokens
...
Closes #28388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 ( #26345 )
...
* Hostname SPI v2
Closes : #26084
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comment
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Partially revert the previous fix
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Do not polish values
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Remove filtering of denied categories
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
vibrown
3fffc5182e
Added ClientType implementation from Marek's prototype
...
Signed-off-by: vibrown <vibrown@redhat.com>
More updates
Signed-off-by: vibrown <vibrown@redhat.com>
Added client type logic from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Pedro Igor
fefeb83588
Changes the contract to make it simpler and rely on the realm available from the current session
...
Closes #28403
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 14:45:31 +02:00
Pedro Igor
b9a7152a29
Avoid commiting the transaction prematurely when creating users through the User API
...
Closes #28217
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-27 19:16:09 -03:00
Jon Koops
3382e16954
Remove Account Console version 2 ( #27510 )
...
Closes #19664
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-27 10:53:28 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession ( #28150 )
...
* fix: limit the use of Resteasy to the KeycloakSession
contextualizes other state to the KeycloakSession
close : #28152
2024-03-26 13:43:41 -04:00
vramik
fa1571f231
Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member
...
Closes #27993
Signed-off-by: vramik <vramik@redhat.com>
2024-03-26 14:02:09 -03:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider ( #28128 )
...
Closes #28120
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 12:44:11 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider ( #28031 )
...
Closes #28030
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
Pedro Igor
32541f19a3
Allow managing members for an organization
...
Closes #27934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-21 10:26:30 -03:00
Alexander Schwartz
62d24216e3
Remove offline session preloading
...
Closes #27602
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00