Tero Saarni
64862d568e
Convert database errors to 500 instead of 400.
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-04-22 11:42:18 -03:00
Pedro Igor
1e3837421e
Organization member onboarding using the organization identity provider
...
Closes #28273
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Stefan Guilhen
2ab8bf852d
Add validation for the organization's internet domains.
...
Closes #28634
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Pedro Igor
61b1eec504
Prevent members with an email other than the domain set to an organization
...
Closes #28644
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions ( #28319 )
...
Persistent sessions code also for offline sessions
Closes #28318
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289
Escape slashes in full group path representation but disabled by default
...
Closes #23900
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Pedro Igor
8f8094408e
Encapsulate the logic to set attributes into the domain model
...
Closes #28646
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-11 15:32:21 -03:00
Stefan Guilhen
9a466f90ab
Add ability to set one or more internet domain to an organization.
...
Closed #28274
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00
Martin Kanis
51fa054ba7
Manage organization attributes
...
Closes #28253
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-10 09:10:49 -03:00
rmartinc
41b706bb6a
Initial security profile SPI to integrate default client policies
...
Closes #27189
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-10 11:19:56 +02:00
Alexander Schwartz
63e7523a6d
Avoid unnecessary updates to the sessions during refreshes of tokens
...
Closes #28388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 ( #26345 )
...
* Hostname SPI v2
Closes : #26084
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comment
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Partially revert the previous fix
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Do not polish values
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Remove filtering of denied categories
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
vibrown
3fffc5182e
Added ClientType implementation from Marek's prototype
...
Signed-off-by: vibrown <vibrown@redhat.com>
More updates
Signed-off-by: vibrown <vibrown@redhat.com>
Added client type logic from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Pedro Igor
fefeb83588
Changes the contract to make it simpler and rely on the realm available from the current session
...
Closes #28403
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 14:45:31 +02:00
Pedro Igor
b9a7152a29
Avoid commiting the transaction prematurely when creating users through the User API
...
Closes #28217
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-27 19:16:09 -03:00
Jon Koops
3382e16954
Remove Account Console version 2 ( #27510 )
...
Closes #19664
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-27 10:53:28 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession ( #28150 )
...
* fix: limit the use of Resteasy to the KeycloakSession
contextualizes other state to the KeycloakSession
close : #28152
2024-03-26 13:43:41 -04:00
vramik
fa1571f231
Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member
...
Closes #27993
Signed-off-by: vramik <vramik@redhat.com>
2024-03-26 14:02:09 -03:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider ( #28128 )
...
Closes #28120
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 12:44:11 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider ( #28031 )
...
Closes #28030
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
Pedro Igor
32541f19a3
Allow managing members for an organization
...
Closes #27934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-21 10:26:30 -03:00
Alexander Schwartz
62d24216e3
Remove offline session preloading
...
Closes #27602
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5
The bare minimum implementation for organization
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
2024-03-15 11:06:43 -03:00
Peter Keuter
e26a261e4e
Filter subgroups before paginating
...
Closes #27512
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
2024-03-15 10:57:57 +01:00
vramik
66c9f173f2
Organization SPI
...
Fixes #27830
Signed-off-by: vramik <vramik@redhat.com>
2024-03-13 12:25:43 -03:00
vramik
a81d6bb618
Organizations SPI
...
Closes #27829
Signed-off-by: vramik <vramik@redhat.com>
2024-03-13 10:57:02 -03:00
stianst
15717cc152
Remove deprecated cookie code
...
Closes #26813
Signed-off-by: stianst <stianst@gmail.com>
2024-03-12 17:24:14 +01:00
Martin Bartoš
e4aa1b5f95
Conditionally enable and disable CLI options ( #25333 )
...
* Conditionally enable and disable CLI options
Closes #13113
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Support for duplicates in config
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Fix rendering config options in docs
Fixes #26515
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Reorder OptionsDistTest
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-07 20:36:43 +00:00
rmartinc
82af0b6af6
Initial client policies integration for SAML
...
Closes #26654
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-06 15:18:35 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core ( #27032 )
...
* fix: partial removal of resteasy-core
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: fully removing resteasy-core
closes : #26315
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-29 11:43:13 +00:00
Takashi Norimatsu
3db04d8d8d
Replace Security Key with Passkey in WebAuthn UIs and their documents
...
closes #27147
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-29 10:31:05 +01:00
Pedro Igor
326d63ce74
Make sure group searches are cached and entries invalidate accordingly
...
Closes #26983
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-29 05:06:36 +09:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
...
Closes #25823
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
Pedro Igor
604274fb76
Allow setting an attribute as multivalued
...
Closes #23539
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
mposolda
f468885fdd
Empty error message when validation issue due the PersonNameProhibitedValidator validation
...
closes #26750
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-06 12:56:50 -03:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long ( #26729 ) ( #26737 )
...
Resolves #26597 , resolves #26665
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:29:34 +01:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies ( #26558 )
...
Closes #26557
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:14:04 +01:00
Stian Thorgersen
0fb6bdfcac
Cookie Provider - move remaining cookies ( #26531 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-29 11:06:37 +01:00
Stian Thorgersen
bc3c27909e
Cookie Provider ( #26499 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Marek Posolda
651d99db25
Allow selecting attributes from user profile when managing token mappers ( #26415 )
...
* Allow selecting attributes from user profile when managing token mappers
closes #24250
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-01-25 17:01:02 +01:00
Erik Jan de Wit
28c9f98930
moved login screen to patternfly 5 ( #25340 )
...
* moved login screen to patternfly 5
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added Feature flag to enable login v2
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* removed the old css and only include logo and background styles
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed to experimental
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added login2
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added windows help texts
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-01-25 13:45:53 +01:00
Thomas Darimont
e7363905fa
Change password hashing defaults according to OWASP recommendations ( #16629 )
...
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 ):
- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly
Fixes #16629
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
Stian Thorgersen
656e680019
Remove unused HttpResponse.setWriteCookiesOnTransactionComplete ( #26326 )
...
Closes #26325
Signed-off-by: stianst <stianst@gmail.com>
2024-01-20 11:31:10 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading ( #26160 )
...
Closes #25300
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Thomas Darimont
9d429400d4
Avoid calling primitive wrapper constructors in server-spi-private ( #24163 )
...
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-11 11:54:44 +01:00
rmartinc
179ca3fa3a
Sanitize logs in JBossLoggingEventListenerProvider
...
Closes #25078
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 16:50:27 +01:00
Réda Housni Alaoui
98230aa372
Add federated identity ProviderEvent(s)
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-10 11:56:38 -03:00