Commit graph

13425 commits

Author SHA1 Message Date
Benjamin Weimer
655d66b03f KEYCLOAK-19077 fix login for admin console based scenarios (PKCE is required by default)
* also don't fetch fonts that are not needed/available anymore
2021-09-13 11:01:07 +02:00
Pedro Igor
aa018295c4 [KEYCLOAK-17866] - Upgrade to Quarkus v2 2021-09-10 11:21:09 -03:00
rmartinc
47484c1aed KEYCLOAK-18842: deleteExpiredClientSessions very slow on MariaDB 2021-09-10 08:25:33 +02:00
Dominik
5c3df54e90 KEYCLOAK-17812 extend building.md to prevent build errors 2021-09-08 11:40:23 +02:00
Hynek Mlnarik
4518b3d3d1 KEYCLOAK-19143 Split note for broker and SP SAML request ID 2021-09-07 17:04:30 +02:00
bohmber
0c64d32b9b KEYCLOAK-19183
LDAPDn should use a static Pattern instead calling String.split with a regex
2021-09-06 09:17:26 +02:00
Olivier Boudet
c7f8544b0c KEYCLOAK-18454 Reset password : wrong email instructions when duplicates email is allowed 2021-09-02 14:44:18 +02:00
Martin Bartoš
a25a0d513e KEYCLOAK-19159 KcSamlEncryptedIdTest failure for undertow 2021-09-02 11:22:53 +02:00
vramik
d216f8f748 KEYCLOAK-19104 Add custom ForeignKeySnapshotGenerator 2021-09-02 09:59:26 +02:00
Martin Bartoš
e1a4f7f485 KEYCLOAK-19147 Update Test development section for PRs 2021-09-01 12:31:50 +02:00
Martin Bartoš
7c243c8427 KEYCLOAK-18590 Save Button Enabled For Empty Attributes 2021-09-01 10:51:20 +02:00
Thomas Darimont
fd2787ae7d KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew
Make TimeBasedOTP#clockSkewIndexToDelta private.
2021-09-01 10:45:50 +02:00
Thomas Darimont
af892d469c KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew
Add test case
2021-09-01 10:45:50 +02:00
Thomas Darimont
5898f9c390 KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew
Previously the TimeBasedOTP only looked behind to mitigate clock skew.
We now look around (look ahead + look behind) to better accommodate clock skew.
2021-09-01 10:45:50 +02:00
Braxton Plaxco
1c2752300b KEYCLOAK-19155: Add a .gitleaks.toml
Help ignore false positives during internal code scans

~ B'ezrat Hashem ~
2021-08-31 20:21:28 +02:00
Thomas Darimont
e217e9a175 KEYCLOAK-18818 Add CORS preflight handler to token revocation endpoint 2021-08-31 10:07:32 +02:00
Bruno Oliveira da Silva
c8bee9fac4 [KEYCLOAK-19130] Remove snyk workflow from the Keycloak repository 2021-08-30 09:31:09 +02:00
vramik
5fe675b612 KEYCLOAK-18841 prevent deletion of default role using RoleContainerResource 2021-08-20 12:02:07 +02:00
Martin Bartos
18cef60bbd KEYCLOAK-19037 Problems with validation of Email field that contains uppercase character 2021-08-19 11:13:42 +02:00
bohmber
ba946b54f7 KEYCLOAK-19021
LDAPOperationManager.getFilterById is causing additional call to AD
2021-08-19 09:25:33 +02:00
Thomas Darimont
f9b4e47851 KEYCLOAK-19036 Avoid infinite loop during LDAP sync with OpenLDAP and olcSizeLimit
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 17:42:13 +02:00
mposolda
418d1e3471 KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper 2021-08-18 17:39:19 +02:00
Thomas Darimont
a7fd1bc3a9 KEYCLOAK-18954 Add test for user consent retrieval with offline access consents
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 10:39:44 +02:00
Thomas Darimont
f16eb4d8b9 KEYCLOAK-18954 Refactor user consent list retrieval to avoid ConcurrentModificationException
This avoids a ConcurrentModificationException to be thrown in UserResource.getConsents()
calls that got introduced in 4e8b18f560 by filtering
the resulting stream explicitly instead of removing items from the collection
that we iterate over, which triggered the CME in the first place.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 10:39:44 +02:00
wuweixin
6431afe360 KEYCLOAK-18974 BitbucketIdentityProvider IdentityBrokerException message
github => bitbucket
2021-08-18 10:32:07 +02:00
rmartinc
5ff6ff57a8 [KEYCLOAK-18535] KeycloakSanitizerMethod causes java.lang.IndexOutOfBoundsException when there is more then one href in a sanitized message 2021-08-18 10:19:22 +02:00
Bruno Oliveira da Silva
9e9e716369
Create snyk.yml 2021-08-17 20:10:37 -03:00
mposolda
3e0f8aed30 KEYCLOAK-19038 Reload user after being updated 2021-08-17 19:28:18 +02:00
Vlastimil Elias
afa6e31d36 [KEYCLOAK-19006] User Profile: Patched handling of the "whitespace-only"
texts in pattern and length validators
2021-08-10 08:43:58 -03:00
bal1imb
269b661b8a KEYCLOAK-16633 Prevent deletion of internal clients. 2021-08-09 11:45:03 -03:00
laskasn
62f222291c KEYCLOAK-18491 - Fixing the distribution/server-dist build problem 2021-08-05 19:43:14 +02:00
Martin Kanis
6886bd6651 KEYCLOAK-18941 ExecutionException when computed future - InfinispanCacheInitializer 2021-08-05 18:28:27 +02:00
Martin Kanis
b42f765c2a KEYCLOAK-18982 Token OIDC introspection endpoint should not update any of the timestamps 2021-08-05 18:21:16 +02:00
Denis Richtarik
c49c7d0ffc KEYCLOAK-18970 Update licenses for Keycloak 15 and RH-SSO 7.5.0 2021-08-05 17:22:10 +02:00
Simen Heggestøyl
624a9a3ed7 KEYCLOAK-18509 Fix permission error when deleting client 2021-08-05 11:55:24 -03:00
Yoshiyuki Tabata
b31b60fffe KEYCLOAK-18341 Support JWKS OAuth2 Client Metadata in the "by value" key loading method 2021-08-05 16:52:55 +02:00
Martin Bartoš
3c19fae88b KEYCLOAK-18964 MetricsRestServiceTest contains wrong health check message 2021-08-05 16:01:01 +02:00
Hynek Mlnarik
2acb43a627 KEYCLOAK-18617 Fix index on client attributes 2021-08-05 15:35:55 +02:00
Sebastian Rose
5d9d749fbd KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-05 11:43:56 +02:00
Sebastian Rose
565251d5a6 KEYCLOAK-18380 Fix Groups search by name returns unwanted groups, cleanup test, skip tests on map storage provider feature 2021-08-05 11:43:56 +02:00
Thomas Darimont
17da3ee8d9 KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
Previously the group search did not apply a given search query as filter
for groups along the group path.

We now filter the found groups with the given group search query if present.
2021-08-05 11:43:56 +02:00
Yoshiyuki Tabata
bd55694903 fix README.md of quarkus 2021-08-04 20:16:06 -03:00
mposolda
b1d39aa136 KEYCLOAK-18949 DirectGrant login should fail if authenticationSession contains some required actions 2021-08-04 08:50:27 +02:00
Yang Xie
d8cb279bc4 KEYCLOAK-17693 add config for loading custom IdMapper class 2021-08-03 17:44:47 +02:00
carlChen
a0b01b6ef4 KEYCLOAK-16703 The username returned by token introspect endpoint is null when remove or modify username mapper 2021-08-03 17:38:37 +02:00
Florian Ritterhoff
65480cb5a1 Prevent security flaw using passwordless authentication
If you register without an password or delete your last token your account can be hijacked. This is can be done by simply trying to login in that moment where the account is without a token. You get the "normal" registration dialog and can capture the complete account.
2021-08-03 10:49:45 -03:00
cturkalj
b4536a394a Missing null check for session.userCache() added
NPE when existing user from LDAP is found (same LDAP_ID, but with changed username) and session.userCache() is null.
2021-08-03 13:40:02 +02:00
cedric guindon
1ad34c6ab0 [KEYCLOAK-18498] French i18n contains wrong param 2021-08-03 12:37:13 +02:00
Sebastian Kanzow
4e8e4592ca [KEYCLOAK-18419] Support SAML 2.0 Encrypted IDs in Assertion 2021-08-03 11:55:36 +02:00
Sanket Bhalerao
443bd4a1ba KEYCLOAK-15595: update keycloak js for KEYCLOAK-15595
while working on cordova+angular+ios the keycloak logout is not working. as the user clicks logout the user can again see the app instead of the inappbrowser page for login.
with clearcache=yes in the inappbrowser open the issue appears no more.
2021-08-02 10:56:25 -03:00