Ricardo Martin
65bdf1a604
Encode realm name in console URIs ( #29102 )
...
Before this fix console uris (including the client redirect uris) did not contain the url encoded realm name and therefore were invalid.
closes #25807
Signed-off-by: Philip Sanetra <code@psanetra.de>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Philip Sanetra <code@psanetra.de>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-05-02 10:30:06 +02:00
Michal Hajas
7c427e8d38
Remove offline sessions timeouts adjusters as with persistent session we have bounded caches and it is no longer necessary to adjust time in caches
...
Closes #29140
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 18:03:17 +02:00
Douglas Palmer
8d4d5c1c54
Remove redundant servers from the testsuite
...
Closes #29089
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-30 17:39:32 +02:00
Stefan Guilhen
02e2ebf258
Add check to prevent deserialization issues when the context token is not an AccessTokenResponse.
...
- also adds a test for the refresh token on first login scenario.
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-30 12:02:10 -03:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions
...
All writes for the sessions are handled by a background thread which batches them.
Closes #28862
Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile
Closes #29141
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 14:07:35 +02:00
rmartinc
8042cd5d4f
Set client in the context for docker protocol
...
Fix to execute again the docker test
Closes #28649
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-30 10:17:17 +02:00
Pedro Igor
51352622aa
Allow adding realm users as an organization member
...
Closes #29023
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-29 08:37:47 -03:00
Jon Koops
a6e2ab5523
Remove jaxrs-oauth-client
and OIDC servlet-filter
adapters
...
Closes #28784
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-26 15:56:57 +02:00
Douglas Palmer
cca660067a
Remove JAAS login modules
...
Closes #28789
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
b2f09feebf
Remove servlet filter saml adapters
...
Closes #28786
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
a4a7d023a7
Remove Jetty OIDC adapter
...
Closes #28779
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
c5dbab2740
Remove Jetty SAML adapter
...
Closes #28782
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
bf2c97065f
Remove SpringBoot adapters
...
Closes #28781
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
43aa10e091
Remove Tomcat OIDC adapter
...
Closes #28778
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
98faf6e6a0
Remove Tomcat SAML adapter
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Closes #28783
2024-04-26 09:30:35 +02:00
Stefan Guilhen
bfabc291cc
28843 - Introduce filtered (and paginated) searches for organizations
...
Closes #28843
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-25 12:38:20 -03:00
Stefan Guilhen
8fa2890f68
28818 - Reintroduce search by name for subgroups
...
Closes #28818
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-25 12:06:07 -03:00
vramik
d65649d5c0
Make sure organization are only manageable by the admin users with the manage-realm role
...
Closes #28733
Signed-off-by: vramik <vramik@redhat.com>
2024-04-23 12:16:57 -03:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
mposolda
337a337bf9
Grant urn:ietf:params:oauth:grant-type:pre-authorized_code was enabled even if oid4vc_vci feature is disabled
...
closes #28968
Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-22 18:31:46 +02:00
Ott
975bb6762f
Fixed type in invalidPasswordNotContainsUsernameMessage
...
Signed-off-by: Ott <ottalexanderdev@gmail.com>
2024-04-22 08:06:02 -03:00
Douglas Palmer
ed22530d16
Failure reset time is applied to Permanent Lockout
...
Closes #28821
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-22 11:47:22 +02:00
Stefan Wiedemann
b08c644601
Support credentials issuance through oid4vci ( #27931 )
...
closes #25940
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-04-22 11:37:55 +02:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity ( #26393 )
...
Closes #26201 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
etiksouma
1afd20e4c3
return proper error message for admin users endpoint
...
closes #28416
Signed-off-by: etiksouma <al@mouskite.com>
2024-04-20 12:17:53 +02:00
Pedro Ruivo
3e0a185070
Remove deprecated EnvironmentDependentProviderFactory.isSupported method
...
Closes #26280
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Giuseppe Graziano
f6071f680a
Avoid the same userSessionId after re-authentication
...
Closes keycloak/keycloak-private#69
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 14:44:39 +02:00
mposolda
c427e65354
Secondary factor bypass in step-up authentication
...
closes #34
Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
2024-04-19 14:43:53 +02:00
Giuseppe Graziano
897c44bd1f
Validation of providerId during required action registration
...
Closes #26109
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 13:06:51 +02:00
Joerg Matysiak
76a5a27082
Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it
...
Don't mask secrets at realm export
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130
Make sure admin events are not referencing sensitive data from their representation
...
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Steve Hawkins
0be34d64e7
task: refactor overlap between cli clients
...
also repackaging to more clearly delineate code roles
closes : #28329
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-18 17:39:16 -03:00
cgeorgilakis-grnet
89263f5255
Fix refresh token scope in refresh token flow with scope request parameter
...
Closes #28463
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-04-18 16:17:46 -03:00
Ricardo Martin
8daace3f69
Validate Saml URLs inside DefaultClientValidationProvider ( #135 ) ( #28873 )
...
Closes keycloak/keycloak-private#62
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:04:13 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access ( #131 ) ( #28872 )
...
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Douglas Palmer
00d4cab55e
Flaky test: org.keycloak.testsuite.forms.ResetPasswordTest#resetPasswordLink
...
Closes #21422
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-18 15:54:30 +02:00
vramik
860f3b7320
Prevent updating IdP via organization API not linked with the organization
...
Closes #28833
Signed-off-by: vramik <vramik@redhat.com>
2024-04-18 09:14:54 -03:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint ( #146 ) ( #28866 )
...
Closes #47
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Conflicts:
core/src/main/java/org/keycloak/util/TokenUtil.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 14:11:05 +02:00
Justin Tay
d807093f63
Fix OCSP nonce handling
...
Closes #26439
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-18 09:04:46 +02:00
Pedro Igor
f0f8a88489
Automatically fill username when authenticating to through a broker
...
Closes #28848
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 08:24:34 +02:00
Pedro Igor
1e3837421e
Organization member onboarding using the organization identity provider
...
Closes #28273
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Alexander Schwartz
13af4f44f5
Defer updates of last session updates and batch them ( #28502 )
...
Defer updates of last session refreshes and batch them
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-17 09:25:05 +02:00
Pedro Ruivo
2494ad6950
Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory
...
Closes #28752
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-16 10:51:57 +02:00
Pedro Ruivo
63cb137b37
Remove usages of EnvironmentDependentProviderFactory.isSupported
...
Closes #28751
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-16 09:43:23 +02:00
Šimon Vacek
0205262c91
Workflow failure: Fuse adapter tests
...
Closes : #27021
Signed-off-by: Simon Vacek <simonvacky@email.cz>
2024-04-15 17:28:16 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli ( #28276 )
...
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-15 13:04:58 +00:00
Stefan Guilhen
2ab8bf852d
Add validation for the organization's internet domains.
...
Closes #28634
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Patrick Jennings
551a3db987
Updating validation logic to match our expectations on what applicable should mean.
...
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
03db2e8b56
Integration tests around client type parameter validation. Throw common ClientTypeException with invalid params requested during client creation/update requests. This gets translated into ErrorResponseException in the Resource handlers.
...
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
9814733dd3
DefaultClientType service will now validate all client type default values and respond with bad request message with the affending parameters that attempt to override readonly in the client type config.
...
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00