keycloak-scim

Author	SHA1	Message	Date
Niko Köbler	5e623f42d4	add the exp claim to the backchannel logout token This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4. As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time. resolves #25753 Signed-off-by: Niko Köbler <niko@n-k.de>	2023-12-22 20:13:40 +01:00
Pedro Igor	ceb085e7b8	Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email Closes #25704 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-20 15:15:06 -03:00
rmartinc	c2e41b0eeb	Make Locale updater generate an event and use the user profile Closes #24369 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-20 15:26:45 +01:00
Daniel Fesenmeyer	baafb670f7	Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java) Closes #25677 Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>	2023-12-20 14:03:35 +01:00
Konstantinos Georgilakis	cf57af1d10	scope parameter in refresh flow Closes #12009 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2023-12-20 14:00:10 +01:00
mposolda	eb184a8554	More info on UserProfileContext closes #25691 Signed-off-by: mposolda <mposolda@gmail.com>	2023-12-19 13:00:31 -03:00
Pedro Igor	810ebf4efd	Migration steps for enabling user profile by default Closes #25528 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-19 10:19:45 -03:00
Joshua Sorah	d411eafc42	Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207 Closes keycloak/keycloak#25584 Signed-off-by: Joshua Sorah <jsorah@redhat.com>	2023-12-19 10:38:05 +01:00
Ricardo Martin	2ba7a51da6	Escape action in the form_post response mode (#60 ) Closes keycloak/keycloak-private#31 Closes https://issues.redhat.com/browse/RHBK-652 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis	ba8c22eaf0	Scope parameter in Oauth 2.0 token exchange Closes #21578 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2023-12-18 15:44:26 -03:00
Pedro Igor	778847a3ce	Updating theme templates to render user attributes based on the user profile configuration Closes #25149 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-18 15:35:52 -03:00
rmartinc	d841971ff4	Updating the UP configuration needs to trigger an admin event Close #23896 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-18 19:24:30 +01:00
Steven Hawkins	ec28b68554	fix: improve group matching (#25627 ) closes #25451 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2023-12-18 11:46:02 +01:00
mposolda	cd154cf318	User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect closes #25475 Signed-off-by: mposolda <mposolda@gmail.com>	2023-12-18 11:32:27 +01:00
Takashi Norimatsu	59536becec	Client policies : executor for enforcing DPoP closes #25315 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2023-12-18 10:45:18 +01:00
Joshua Sorah	a10149bbe9	For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs Closes keycloak#25544 Signed-off-by: Joshua Sorah <jsorah@redhat.com>	2023-12-18 09:05:51 +01:00
Ricardo Martin	ae04b954a6	Fix for test SSSDUserProfileTest.test05MixedInternalDBUserProfile (#25570 ) Closes #25566 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-15 18:57:31 +00:00
Martin Bartoš	14fd61bacc	PubKeySignRegisterTest failures in WebAuthn tests Fixes #9693 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2023-12-15 14:52:05 +01:00
Erwin Rooijakkers	860978b15a	Change arg of getSubGroups to briefRepresentation Parameter name briefRepresentation should mean briefRepresentation, not full. This way callers will by default get the full representation, unless true is passed as value for briefRepresentation. Fixes #25096 Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>	2023-12-14 17:23:27 +01:00
Steven Hawkins	08751001db	enhance: adds truststores to the keycloak cr (#25215 ) also generally correcting the misspelling trustore closes: #24798 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2023-12-14 11:15:06 -03:00
mposolda	c81b533cf6	Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration closes #25416 Signed-off-by: mposolda <mposolda@gmail.com>	2023-12-14 14:43:28 +01:00
Tomas Ondrusko	26342d829c	Update web elements of the Instagram login page Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-12-14 14:03:53 +01:00
rmartinc	c14bc6f2b0	Create terms and conditions execution when registration form is added Closes #21730 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-13 15:32:58 +01:00
Pedro Igor	fa79b686b6	Refactoring user profile interfaces and consolidating user representation for both admin and account context Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-13 08:27:55 +01:00
VR	1545b32a64	Revert changes related to map store in test classes in base testsuite Closes #24567 Signed-off-by: VR <vramik@redhat.com>	2023-12-12 16:16:38 +01:00
Thomas Darimont	0f5bbae75c	Add support for POST logout in Keycloak JS (#25348 ) Closes #25167 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-12-11 14:55:48 +01:00
Pedro Igor	78ba7d4a38	Do not allow removing username and email from user profile configuration Closes #25147 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-11 08:30:28 +01:00
Ricardo Martin	f78c54fa42	Fixes for LDAP group membership and search in chunks Closes #23966	2023-12-08 17:55:17 +01:00
mposolda	90bf88c540	Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers closes #24718 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-12-08 12:26:35 +01:00
Lukas Hanusovsky	baf6186863	25208 MSSQL startup message - fix (#25378 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2023-12-07 16:27:16 +01:00
Vlasta Ramik	df465456b8	Map Store Removal: Remove `LockObjectsForModification` (#25323 ) Signed-off-by: vramik <vramik@redhat.com> Closes #24793	2023-12-07 12:43:43 +00:00
Pedro Igor	b1626172aa	Removing unnecessary property from auth-server-migration maven profile Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-06 15:35:29 -03:00
rmartinc	522e8d2887	Workaround to allow percent chars in getGroupByPath via PathSegment Closes #25111 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-06 14:22:34 -03:00
Peter Zaoral	340eb99412	Unable to use < as part of a password (admin-cli) (#24939 ) * escaped angle bracket characters in password Closes #21951 Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-12-06 17:27:44 +01:00
Pedro Igor	ab1173182c	Make sure realm is available from session when migrating to 23 Closes #25183 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-06 07:42:54 -03:00
rmartinc	d004e9295f	Do not allow remove a credential in account endpoint if provider marks it as not removable Closes #25220 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-05 17:11:57 +01:00
Vlasta Ramik	6f37fefd8d	Delete container providers from the base testsuite (#25168 ) Closes #24097 Signed-off-by: vramik <vramik@redhat.com>	2023-12-04 14:44:35 +01:00
Alfredo Moises Boullosa	0b48bef0b1	Update springboot version Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>	2023-12-04 11:15:51 +01:00
Michal Hajas	ec061e77ed	Remove GlobalLockProviderSpi (#25206 ) Closes #24103 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-12-01 16:40:56 +00:00
rmartinc	31b7c9d2c3	Add UP decorator to SSSD provider Closes https://github.com/keycloak/keycloak/issues/25075 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-01 15:41:05 +01:00
mposolda	3fa2d155ca	Decouple factory methods from the provider methods on UserProfileProvider implementation closes #25146 Signed-off-by: mposolda <mposolda@gmail.com>	2023-12-01 10:30:57 -03:00
Pedro Igor	c5bcdbdc3f	Make sure username is lowercase when normalizing attributes Closes #25173 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-01 12:16:13 +01:00
Martin Kanis	4279bbc6b5	Map Store Removal: Delete map profiles from testsuite Closes #24094 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2023-11-30 14:59:02 +01:00
vramik	587cef7de4	Delete `Profile.Feature.MAP_STORAGE` Signed-off-by: vramik <vramik@redhat.com> Closes #24102	2023-11-30 13:04:39 +01:00
Pedro Igor	c7f63d5843	Add options to change behavior on how unmanaged attributes are managed Closes #24934 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-11-30 06:58:21 -03:00
Steven Hawkins	8c3df19722	feature: add option for creating a global truststore (#24473 ) closes #24148 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2023-11-30 08:57:17 +01:00
Douglas Palmer	d0b86d2f64	Register event not triggered on external to internal token exchange Closes #9684 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2023-11-29 15:30:47 -03:00
mposolda	479e6bc86b	Update Kerberos provider for user-profile closes #25074 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-29 15:21:26 -03:00
rmartinc	16afecd6b4	Allow automatic download of SAML certificates in the identity provider Closes https://github.com/keycloak/keycloak/issues/24424 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-29 18:03:31 +01:00
rmartinc	3bc028fe2d	Remove lowercase for the hostname as recommended/advised by OAuth spec Closes https://github.com/keycloak/keycloak/issues/25001 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-29 10:26:00 -03:00
Martin Bartoš	e71d850a03	Run SAML adapter tests with EAP 8 Closes #24168 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2023-11-28 14:07:44 +01:00
Pedro Igor	2c611cb8fc	User profile configuration scoped to user-federation provider closes #23878 Co-Authored-By: mposolda <mposolda@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-27 14:45:44 +01:00
Stian Thorgersen	a32b58d337	Escape ldap id when using normal attribute syntax (#25 ) (#25036 ) Closes https://github.com/keycloak/security/issues/46 Co-authored-by: Ricardo Martin <rmartinc@redhat.com>	2023-11-27 11:38:14 +01:00
Takashi Norimatsu	1f5ee9bf80	NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token closes #25022 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2023-11-27 08:49:48 +01:00
Thomas Darimont	8888e3d41c	Avoid deprecated API usage in testsuite/integration-arquillian/tests/base (#24904 ) - Removed unused imports - Avoided deprecated junit/hamcrest API - Avoid usage of JDK API scheduled for removal This should reduce the number of compiler warnings in the logs quite a bit closes #24995 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-24 09:37:34 +01:00
Sebastian Schuster	030f42ec83	More efficient listing of assigned and available client role mappings Closes #23404 Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2023-11-22 14:10:11 +01:00
Thomas Darimont	cd1e0e06c6	Avoid deprecated API usage in testsuite/integration-arquillian/util (#24870 ) Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-21 12:45:58 +01:00
Martin Bartoš	87ed656685	Start of MS-SQL fails in CI Closes #24846 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2023-11-20 15:09:11 +01:00
Thomas Darimont	d30d692335	Introduce MaxAuthAge Password policy (#12943 ) This policy allows to specify the maximum age of an authentication with which a password may be changed without re-authentication. Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible. A value of 0 will always require reauthentication to update the password. Add documentation for MaxAuthAgePasswordPolicy to server_admin Fixes #12943 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-20 14:48:17 +01:00
rmartinc	5fad76070a	Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience Closes https://github.com/keycloak/keycloak/issues/24659 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-16 18:22:16 +01:00
Vlasta Ramik	d86e062a0e	Removal of retry blocks introduced for CRDB Closes #24095 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-11-16 13:50:56 +01:00
rmartinc	cca33baac3	Avoid NPE if RelayState is null and return a proper error Closes https://github.com/keycloak/keycloak/issues/24079 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-16 12:56:49 +01:00
rmartinc	e3b2eec1ba	Make user profile validation success if the attribute was already wrong and read-only in the context Closes https://github.com/keycloak/keycloak/issues/24697 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-14 03:07:00 -08:00
Erik Jan de Wit	89abc094d1	userprofile shared (#23600 ) * move account ui user profile to shared * use ui-shared on admin same error handling also introduce optional renderer for added component * move scroll form to ui-shared * merged with main * fix lock file * fixed merge error * fixed merge errors * fixed tests * moved user profile types to admin client * fixed more types * pr comments * fixed some types	2023-11-14 08:04:55 -03:00
Réda Housni Alaoui	3f014c7299	Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058 ) closes #21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>	2023-11-13 19:13:01 +01:00
vramik	71b6757c2f	Remove quarkus options related to map store Signed-off-by: vramik <vramik@redhat.com> Closes #24098	2023-11-13 12:34:52 +01:00
vramik	926be135e8	Remove map related modules Signed-off-by: vramik <vramik@redhat.com> Closes #24100	2023-11-13 12:34:52 +01:00
vramik	76affa45c6	Delete removed `spi-events-store-jpa-max-detail-length` property from keycloak.conf in testsuite Signed-off-by: vramik <vramik@redhat.com> Fixes #17258	2023-11-13 08:34:09 +01:00
Hynek Mlnařík	0ceaed0e2e	Transient users: Consents (#24496 ) closes #24494	2023-11-10 11:18:27 +01:00
rmartinc	6963364514	Keep same name on update for LDAP attributes Closes https://github.com/keycloak/keycloak/issues/23888	2023-11-09 23:54:45 +01:00
mposolda	64836680d7	Failing test X509OCSPResponderTest due expired certificate closes #24650 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-09 13:34:51 +01:00
Alexander Schwartz	26e2fde115	Avoid reseting cachemanger to null to avoid a re-initialization (#24086 ) Also follow best practices of using volatile variables for double-locking, and not using shutdown caches. Closes #24085	2023-11-08 11:33:44 -05:00
vramik	6fa26d7ff4	Delete map dependencies from dependency management Closes #24101	2023-11-08 13:53:17 +01:00
mposolda	7863c3e563	Moving UPConfig and related classes from keycloak-services closes #24535 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-07 12:41:29 +01:00
Peter Skopek	e5eded0eab	Add possibility to override fileName and base directory of Keycloak Quarkus distribution ZIP archive (#24284 ) Closes #24283 Signed-off-by: Peter Skopek <pskopek@redhat.com>	2023-11-07 10:31:58 +01:00
Joshua Sorah	7ca00975d4	Feature flag DPoP metadata in OIDC Well Known endpoint Closes keycloak/keycloak#24547 Signed-off-by: Joshua Sorah <jsorah@gmail.com>	2023-11-06 03:13:57 -08:00
vramik	593c14cd26	Data too long for column 'DETAILS_JSON' Closes #17258	2023-11-02 20:29:35 +01:00
Oliver	563ae104fd	[issue-14134] test partial import user with id Fix #14134	2023-11-02 05:56:12 -07:00
Martin Kanis	e05effe62d	Map Store Removal: Delete map profiles and scopes from model tests Closes #24093	2023-11-02 11:33:00 +01:00
Jon Koops	fe0a9459dd	Remove UTF-8 encoding header from property files (#24471 )	2023-11-01 16:03:26 -04:00
rmartinc	d7bb59461d	Escape $ sign when replacing clientId in the role mappers Closes https://github.com/keycloak/keycloak/issues/23692	2023-11-01 20:47:15 +01:00
Pedro Igor	be65ba8689	Make sure optional default attributes are removed when decorating the user-define user profile configuration Closes #24420	2023-11-01 14:54:09 +01:00
mposolda	0bd2b342d7	Update per review	2023-10-31 12:56:46 -07:00
mposolda	6f992915d7	Move some UserProfile and Validation classes into keycloak-server-spi closes #24387	2023-10-31 12:56:46 -07:00
Aboullos	75440abb5f	Fix compilation error on springboot (#24437 )	2023-10-31 19:29:05 +00:00
Justin Tay	3ff0476cc3	Allow customization of aud claim with JWT Authentication Closes #21445	2023-10-31 11:33:47 -07:00
rmartinc	1b630326b2	Fixes in LDAP tests when using AD Closing https://github.com/keycloak/keycloak/issues/24357	2023-10-31 13:34:37 +01:00
rmartinc	7deb4ca545	Group count and PartialExport permission fixes Closes https://github.com/keycloak/keycloak/issues/12171	2023-10-31 01:40:21 -07:00
Aboullos	c23e1e0e2b	Fix springboot tests (#24254 ) Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-31 09:06:09 +01:00
rmartinc	6484a3e705	Add userProfileEnabled attribute to realm response if admin can view users closes https://github.com/keycloak/keycloak/issues/19093	2023-10-30 07:39:03 -07:00
rmartinc	ea398c21da	Add a property to the User Profile Email Validator for max length of the local part Closes https://github.com/keycloak/keycloak/issues/24273	2023-10-27 15:09:42 +02:00
Alice	69497382d8	Group scalability upgrades (#22700 ) closes #22372 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-26 16:50:45 +02:00
Thomas Darimont	d56baa80b3	Add support for passing acr_values in auth requests in keycloak.js (#9383 ) (#24259 ) Fixes #9383	2023-10-25 15:33:39 +02:00
Hynek Mlnarik	c036980c37	Add TRANSIENT_USERS feature flag	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	d59ceb17e9	Add tests for offline access, introspection and userinfo endpoint	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	d70735f64d	Tests Part-of: Add support for not importing brokered user into Keycloak database Closes: #11334	2023-10-25 12:02:35 +02:00
ggraziano	84112f57b5	Verification of iss at refresh token request Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method. Closes #22191	2023-10-24 23:42:11 +02:00
Marek Posolda	1bd6aca629	Remove RegistrationProfile class and handle migration (#24215 ) closes #24182 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-10-24 20:19:33 +02:00
Martin Kanis	10a2c96c72	Users in role Rest API returns empty when User federation used (#23318 ) * Users in role Rest API returns empty when User federation used Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com> Co-authored-by: Martin Kanis <mkanis@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-24 11:10:20 -04:00
Martin Bartoš	9627187447	Adapter tests failing with Jakarta error (#24177 ) Fixes #24176	2023-10-24 10:11:48 -04:00
rmartinc	ad01ed1497	Do not reset the user profile configuration on disable Closes https://github.com/keycloak/keycloak/issues/23527	2023-10-24 03:05:34 -07:00
Thomas Darimont	e567210ed1	Add dedicated feature flag for oauth device grant flow (#23892 ) Closes #23891	2023-10-24 10:09:26 +02:00
Håvar Nøvik	bc55846809	Fixes a NullPointerException after import validation (#20151 ) * Fixes a NullPointerException after import validation If the import validation (when getting a user by email) returns null, indicating that the user entity should be removed from local storage, an email equality check results in a NullPointerException. This commit fixes this issue by explicitly checking for null. Closes #20150 --------- Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-23 17:19:25 -04:00
vramik	a0f04fa2be	Declarative User Profile export Closes #12062 Resolves #20885	2023-10-21 19:21:20 +02:00
Pedro Igor	e47389f199	Username now shown when creating a user and edit username is not allowed Closes #24183	2023-10-20 10:22:31 -07:00
Steven Hawkins	f4d1dd9b7f	improvement: validates the expected values of non-cli properties (#23797 ) also adds better messages for unknown options closes #13608	2023-10-20 17:21:03 +00:00
Pedro Igor	d4a5391013	Making sure public clients can RPT tokens Closes #14165	2023-10-20 17:53:10 +02:00
Pedro Igor	55a5a8c0eb	Ignore custom attributes when processing attributes in verify profile action Closes #24077	2023-10-20 17:51:40 +02:00
mposolda	c18e8ff535	User profile tweaks in registration forms closes #24024	2023-10-20 06:31:21 -07:00
kaustubh-rh	1ac2c0997d	Inconsistent handling of parenthesis in auth flow name (#24113 ) closes #16379	2023-10-20 10:00:46 +02:00
mposolda	04777299b0	After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly closes #23880	2023-10-19 19:23:50 +02:00
Vlasta Ramik	f6d582c761	Import migration step for kc22 Closes #24031 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-10-19 09:00:49 +02:00
rmartinc	d10ccc7245	Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions Closes: https://github.com/keycloak/keycloak/issues/21797 Closes: https://github.com/keycloak/keycloak/issues/21818	2023-10-19 08:31:49 +02:00
Pedro Igor	e91a0afca2	The username in account is required and don't change when email as username is enabled Closes #23976	2023-10-17 16:43:44 -03:00
wojnarfilip	b5ec155b64	Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin Closes #23960	2023-10-17 16:59:09 +02:00
shigeyuki kabano	6112b25648	Enhancing Light Weight Token(#22148 ) Closes #21183	2023-10-17 13:12:36 +02:00
Alexander Schwartz	50916d58b1	Clean up created test user to avoid conflict with other tests Closes #23804	2023-10-16 19:10:52 +02:00
wojnarfilip	f9386bd62b	Update login flow in OCP social login	2023-10-16 10:45:38 -03:00
Pedro Igor	9c19a8972b	Removing the default cache metadata Closes #23910	2023-10-13 16:32:55 +02:00
Lex Cao	eedc4ceb18	Fix unexpected expiration when import offline client session Closes #23397	2023-10-13 15:45:07 +02:00
Moritz Becker	e9f08b6500	Do not return empty scope field in token introspection response Closes #16526	2023-10-13 08:36:12 +02:00
Steven Hawkins	478ceb0b34	modification of kc.sh to remove param eval (#22585 ) * test * modification of kc.sh to remove eval of env/args Closes #22337 --------- Co-authored-by: rmartinc <rmartinc@redhat.com>	2023-10-12 17:10:53 +02:00
Vojtěch Boček	8871983b33	Add support for single-tenant mode to Microsoft Identity Provider (#20699 ) * Add support for single-tenant mode to Microsoft Identity Provider Fixes #20695 Closes #11207 * Add SocialLoginTest for Microsoft single-tenant variant	2023-10-10 16:35:36 -04:00
Marek Posolda	a6609bd969	Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517 ) Closes #12406 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-10 21:54:37 +02:00
Pedro Igor	7385ed56c7	Avoid creating the component when there is no component and configuration is not provided Closes #20970 Co-authored-by: Pedro Igor <psilva@redhat.com>	2023-10-10 13:28:48 +02:00
Tero Saarni	22d093f5c0	Fix multi-valued LDAP attribute support FullName LDAP storage mapper was delegating to single-valued setter even when multi-valued setter was called. Closes #22091 Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2023-10-06 14:36:02 +00:00
mposolda	cdb61215c9	UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed closes #23749	2023-10-06 11:27:48 -03:00
Pedro Igor	290bee0787	Resolve several usability issues around User Profile (#23537 ) Closes #23507, #23584, #23740, #23774 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-06 10:15:39 -03:00
rmartinc	890600c33c	Remove backward compatibility for ECDSA tokens Closes https://github.com/keycloak/keycloak/issues/23734	2023-10-06 14:24:48 +02:00
Martin Kanis	0853d484ec	Remove transaction in InfinispanSingleUseObjectProvider#remove (#23708 ) Co-authored-by: mposolda <mposolda@gmail.com>	2023-10-06 10:00:04 +02:00
Garth	2dfbbff343	added AccountResource SPI, Provider and ProviderFactory. (#22317 ) Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.	2023-10-05 15:08:01 +02:00
vramik	7f2f4aae67	Upgrade liquibase version to avoid a bug where a changeset is executed twice Closes #23220	2023-10-05 13:35:05 +02:00
Tomas Ondrusko	58131f1dcc	Update the Instagram login process Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-10-05 09:33:05 +02:00
Steven Hawkins	9a93b9a273	allows csv output to handle missing requested fields (#23459 ) * allows csv output to handle missing requested fields Closes #12330 * fixes the handling of the content type also makes it more explicit the expectation of applying csv and return fields * fix: consolidating the logic dealing with the content-type Closes #23580	2023-10-04 15:49:19 +02:00
Dmitry Telegin	085d0d73c9	Fix nonce/scope typo	2023-10-02 22:36:51 +02:00
Tomas Ondrusko	fcb91a83ba	Ignore query parameters while testing the LinkedIn profile picture URL (#23557 ) Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-10-02 14:36:17 +02:00
Tomas Ondrusko	3d42573813	Update PayPal social login flow to use 127.0.0.1 instead of localhost (#23532 ) Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-09-28 09:34:45 +00:00
fwojnar	56082cdd2d	Fixes issue in login flow of SocialLoginTest#twitterLogin (#23122 ) Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2023-09-28 10:21:59 +02:00
Lucas Hedding	de5aa2e74d	Add createTimestamp to REST service (#23293 ) Closes #14009	2023-09-27 13:38:16 +02:00
rmartinc	10c1e3ba6d	Client roles should be mapped to any claim name Closes https://github.com/keycloak/keycloak/issues/22349	2023-09-27 08:11:22 -03:00
rmartinc	d90640b5a3	Change email checkserveridentity prop as angus mail sets it to true by default Closes https://github.com/keycloak/keycloak/issues/22395	2023-09-26 09:11:16 +02:00
Maria Arias de Reyna	c15753266f	fix(Closes #21236 ): Adding client-id to logout event	2023-09-25 13:20:26 +02:00
Pedro Igor	741f76887c	Allow updating email when email as username is set and edit username disabed #23438	2023-09-25 08:19:01 -03:00
Michal Hajas	496c5ad989	Use new findGroupByPath implementation and remove the old one Closes #23344 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-09-25 10:44:24 +02:00
Jon Koops	47d9ae71c4	Revert the new welcome screen experience (#23446 ) This reverts commit `bcab75a7ef`.	2023-09-21 16:03:00 +00:00
Justin Tay	7d3104ee76	Allow public clients to use PAR endpoint Closes #8939	2023-09-21 13:57:42 +02:00
rmartinc	7afd90982d	Align wildfly-core and wildfly version for tests Closes https://github.com/keycloak/keycloak/issues/23342	2023-09-21 10:53:57 +02:00
Michal Hajas	533f9e7093	Disable CockroachDB model tests since they are flaky (#23391 ) Closes #22645 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-09-20 16:04:11 +00:00
Bernd Bohmann	bb2f59df87	Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430 ) Closes #14820 --------- Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-09-20 17:20:43 +02:00
Jon Koops	e86bf1f0b2	Remove `P3P` header from authentication flow Closes #23348	2023-09-19 08:50:33 -03:00
rmartinc	743bb696d9	Allow duplicated keys in advanced claim mappers Closes https://github.com/keycloak/keycloak/issues/22638	2023-09-19 07:49:34 -03:00
wojnarfilip	5603ee7b46	Fixes login flow in Microsoft social login test Closes #22657	2023-09-18 14:21:41 +02:00
Pedro Igor	217a09ce46	Switch to Resteasy Reactive Closes #10713	2023-09-18 09:19:03 -03:00
Alexander Schwartz	798846df6f	Remove legacy code which isn't used anymore and was deprecated for some time (#23264 ) Closes #23263	2023-09-18 11:04:02 +02:00
paul	f684a70048	KEYCLOAK-15985 Add Brute Force Detection Lockout Event	2023-09-15 10:32:07 -03:00
Jon Koops	bcab75a7ef	Add new version of Welcome theme based on PatternFly 5 (#23008 )	2023-09-14 08:24:17 -04:00
Andreas Blaettlinger	86c0e338d9	Toggle visibility of password input fields in login-ftl-based pages Closes #22067	2023-09-14 08:04:35 -03:00
Pedro Igor	1442f14c45	Registration page not showing username when edit username is not enabled Closes #23185	2023-09-14 07:32:39 -03:00
Justin Tay	658c0ef19f	Send Client ID in token request with JWT Authentication Closes #21444	2023-09-14 10:57:32 +02:00
Pedro Igor	5958c7948d	Ignore attributes when they are not prefixed with user.attributes prefix (#23184 ) Co-authored-by: mposolda <mposolda@gmail.com> Co-authored-by: stianst <stianst@gmail.com>	2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer	a68ad55a37	Support to define compatible mappers for (new) Identity Providers - Also allows to use existing mappers for custom Identity Providers without having to change those mappers Closes #21154	2023-09-13 17:19:06 -03:00
Jacek Kowalski	f5182deb30	Fix valid redirect URIs for built-in account-console client on realm rename (#20894 ) Closes #9541 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-09-13 15:28:07 +02:00
Konstantinos Georgilakis	0044472f87	Add regex support in 'Condition - User attribute' execution Closes #265	2023-09-13 08:36:45 +02:00
rmartinc	48ab2b1688	FullNameLDAPStoreMapper removes values for other attributes Closes https://github.com/keycloak/keycloak/issues/22526	2023-09-13 08:11:32 +02:00
vramik	d34a371971	Enable ZeroDowntimeTest Closes #21825	2023-09-11 19:09:30 +02:00
Pedro Igor	04dd9afc5e	Do not store empty attributes when updating user profile Closes #22960	2023-09-11 07:47:31 -03:00
kaustubh-rh	62927433dc	Fix for Keycloak 22.0.1 unable to create user with long email address (#23109 ) Closes #22825	2023-09-11 08:56:13 +02:00
rmartinc	7da52a43bd	Add old LinkedIn provider to the deprecated profile Closes https://github.com/keycloak/keycloak/issues/23067	2023-09-08 10:05:17 +02:00
Marek Posolda	506e2537ac	Registration flow fixed (#23064 ) Closes #21514 Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-09-08 08:05:05 +02:00
Pedro Igor	bc31fde4c0	Broker claim mapper not recognizing claims from user info endpoint Closes #12137	2023-09-07 16:34:45 +02:00
Alexander Schwartz	2eb37dbe4f	Remove MS SQL JDBC driver from the Keycloak product Closes #22983	2023-09-07 15:30:34 +02:00
Peter Skopek	ef272f7668	SAML Adapter fix for EAP8 and WF29 Signed-off-by: Peter Skopek <pskopek@redhat.com>	2023-09-07 13:32:25 +02:00
Kaustubh B	5ee2ba9372	Added tests	2023-09-07 08:43:35 +02:00
Martin Bartoš	6ca78b7554	Return Oracle JDBC driver to the upstream Closes #22999	2023-09-06 19:11:29 +02:00
rmartinc	8887be7887	Add a new identity provider for LinkedIn based on OIDC Closes https://github.com/keycloak/keycloak/issues/22383	2023-09-06 16:13:31 +02:00
Pedro Igor	13e5a02b9f	Role mappers must return a single value when they are not multivalued Closes #20218	2023-08-31 19:16:12 +02:00
mposolda	57e51e9dd4	Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation closes #20045	2023-08-30 13:24:48 +02:00
vramik	4cd34f8423	Update logging properties for showing SQL statements and JDBC parameters Closes #22815	2023-08-30 12:52:08 +02:00
Marek Posolda	6f989fc132	Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531 ) closes #22352 #9422	2023-08-29 11:21:01 +00:00
Pedro Igor	ea3225a6e1	Decoupling legacy and dynamic user profiles and exposing metadata from admin api Closes #22532 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2023-08-29 08:14:47 -03:00
Pedro Igor	b779df6a55	Parsing response from user info rather than the access token Closes #22581	2023-08-29 12:23:56 +02:00
Tomas Ondrusko	e70ffd0105	Handle GitHub logout properly (#22463 ) Add profile info update to GitHub login test cases Closes #22461 Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-08-28 10:06:12 +02:00
Michal Hajas	94089bd492	Clean LDAP between test method executions Closes #22602 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-08-23 04:15:32 -03:00
Martin Bartoš	fcf65389ea	Remove Oracle Database JDBC driver from the Keycloak distribution (#22577 ) * Remove Oracle Database JDBC driver from the Keycloak distribution Closes #22452 * Remove profile for proprietary Oracle JDBC driver --------- Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-08-21 15:13:49 +00:00
t0xicCode	822c13ff6f	Switch Trusted Host policy redirect verification to URI Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI. The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used. In contrast, the URI class simply parses the string, ensuring the format is valid. The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs. See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation. Closes #22309	2023-08-14 10:20:23 +02:00
Pedro Igor	baac060eb1	Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts Closes #21751	2023-08-11 13:32:16 +02:00
Erik Jan de Wit	874d2063b8	only add realm access to the current realm (#21554 ) fixes: #21553	2023-08-10 12:43:15 +02:00
wojnarfilip	6c070d587f	Closes #22282	2023-08-10 12:05:20 +02:00
Todor Staykovski	dffa7a31cb	Add subgroups sorting (#22295 ) * Review comments to add a test, update the API description and adjust the map storage. Closes #19348 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-08-07 21:18:09 +02:00
Takashi Norimatsu	258711ef4f	DPoP verification in UserInfo endpoint closes #22215	2023-08-07 10:49:33 +02:00
Takashi Norimatsu	9d0960d405	Using DPoP token type in the access-token and as token_type in introspection response closes #21919	2023-08-07 10:40:18 +02:00
Alex Szczuczko	92bec0214f	Add -DdeployTestsuite profile to testsuite Closes #22258	2023-08-04 20:54:59 +02:00
Marek Posolda	4dc929abb3	Missing client_id validation match when authenticating client with JW… (#22178 ) Closes #22177	2023-08-03 11:47:55 +02:00
Takashi Norimatsu	ee998fee66	Add FAPI 2.0 security profile as default profile of client policies closes #21181	2023-08-03 09:26:16 +02:00
Ricardo Martin	a8bca522c1	Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627 ) Closes #9004 Co-authored-by: Armel Soro <armel@rm3l.org>	2023-08-02 09:36:50 +02:00
Thomas Darimont	82269f789a	Avoid using deprecated junit APIs in tests - Replaced usage of Assert.assertThat with static import - Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat Fixes: #22111	2023-08-01 11:44:25 +02:00
mposolda	6f6b5e8e84	Fix authenticatorConfig for javascript providers Closes #20005	2023-07-31 19:28:25 +02:00
Vlasta Ramik	29b67fc8df	Inconsistent Wildcard handling for JPA (#21671 ) * Inconsistent Wildcard handling for JPA Closes #20610 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-07-27 17:03:22 +02:00
rmartinc	0a7fcf43fd	Initial pagination in the admin REST API for identity providers Closes https://github.com/keycloak/keycloak/issues/21073	2023-07-27 14:48:02 +02:00
Martin Bartoš	4b36da03db	Profile activation for WF app server doesn't properly work for Windows Fixes #21284	2023-07-27 12:09:00 +02:00

... 2 3 4 5 6 ...

6501 commits