Commit graph

6461 commits

Author SHA1 Message Date
Tomas Ondrusko
e4fa5c034a
Update web element of the LinkedIn login page (#25905)
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2024-01-08 11:32:45 +01:00
Pedro Igor
d540584449 Using a valid URI when deleting cookies before/after running tests
Closes #22691

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 15:13:12 -03:00
atharva kshirsagar
d7542c9344 Fix for empty realm name issue
Throw ModelException if name is empty when creating/updating a realm

Closes #17449

Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-05 14:23:42 +01:00
Pedro Igor
8ff9e71eae Do not allow verifying email from a different account
Closes #14776

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Pedro Igor
f476a42d66 Fixing the registration_client_uri to point to a valid URI after updating a client
Closes #23229

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:41:36 +01:00
Ben Cresitello-Dittmar
057d8a00ac Implement Authentication Method Reference (AMR) claim from OIDC specification
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.

This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.

The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.

Closes #19190

Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
2024-01-03 14:59:05 -03:00
Jon Koops
07f9ead128 Upgrade Welcome theme to PatternFly 5
Closes #21343

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-03 14:46:01 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features (#24811)
also adding a common PropertyMapper validation method

closes #24668

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-01-03 17:56:31 +01:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-02 09:06:55 -03:00
Alexander Schwartz
9e890264df Adding a test case to check that the expiration time is set on logout tokens
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-22 20:13:40 +01:00
Niko Köbler
5e623f42d4 add the exp claim to the backchannel logout token
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.

As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.

resolves #25753

Signed-off-by: Niko Köbler <niko@n-k.de>
2023-12-22 20:13:40 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
rmartinc
c2e41b0eeb Make Locale updater generate an event and use the user profile
Closes #24369

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-20 15:26:45 +01:00
Daniel Fesenmeyer
baafb670f7 Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java)
Closes #25677

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2023-12-20 14:03:35 +01:00
Konstantinos Georgilakis
cf57af1d10 scope parameter in refresh flow
Closes #12009

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-20 14:00:10 +01:00
mposolda
eb184a8554 More info on UserProfileContext
closes #25691

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-19 13:00:31 -03:00
Pedro Igor
810ebf4efd Migration steps for enabling user profile by default
Closes #25528

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-19 10:19:45 -03:00
Joshua Sorah
d411eafc42 Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207
Closes keycloak/keycloak#25584

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2023-12-19 10:38:05 +01:00
Ricardo Martin
2ba7a51da6 Escape action in the form_post response mode (#60)
Closes keycloak/keycloak-private#31
Closes https://issues.redhat.com/browse/RHBK-652

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis
ba8c22eaf0 Scope parameter in Oauth 2.0 token exchange
Closes #21578

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
rmartinc
d841971ff4 Updating the UP configuration needs to trigger an admin event
Close #23896

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-18 19:24:30 +01:00
Steven Hawkins
ec28b68554
fix: improve group matching (#25627)
closes #25451

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-18 11:46:02 +01:00
mposolda
cd154cf318 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-18 11:32:27 +01:00
Takashi Norimatsu
59536becec Client policies : executor for enforcing DPoP
closes #25315

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-18 10:45:18 +01:00
Joshua Sorah
a10149bbe9 For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs
Closes keycloak#25544

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2023-12-18 09:05:51 +01:00
Ricardo Martin
ae04b954a6
Fix for test SSSDUserProfileTest.test05MixedInternalDBUserProfile (#25570)
Closes #25566

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-15 18:57:31 +00:00
Martin Bartoš
14fd61bacc PubKeySignRegisterTest failures in WebAuthn tests
Fixes #9693

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2023-12-15 14:52:05 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215)
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6 Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration
closes #25416

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-14 14:43:28 +01:00
Tomas Ondrusko
26342d829c Update web elements of the Instagram login page
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-12-14 14:03:53 +01:00
rmartinc
c14bc6f2b0 Create terms and conditions execution when registration form is added
Closes #21730

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-13 15:32:58 +01:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
VR
1545b32a64 Revert changes related to map store in test classes in base testsuite
Closes #24567

Signed-off-by: VR <vramik@redhat.com>
2023-12-12 16:16:38 +01:00
Thomas Darimont
0f5bbae75c
Add support for POST logout in Keycloak JS (#25348)
Closes #25167

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-11 14:55:48 +01:00
Pedro Igor
78ba7d4a38 Do not allow removing username and email from user profile configuration
Closes #25147

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-11 08:30:28 +01:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks
Closes #23966
2023-12-08 17:55:17 +01:00
mposolda
90bf88c540 Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers
closes #24718

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-08 12:26:35 +01:00
Lukas Hanusovsky
baf6186863
25208 MSSQL startup message - fix (#25378)
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2023-12-07 16:27:16 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification (#25323)
Signed-off-by: vramik <vramik@redhat.com>

Closes #24793
2023-12-07 12:43:43 +00:00
Pedro Igor
b1626172aa Removing unnecessary property from auth-server-migration maven profile
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 15:35:29 -03:00
rmartinc
522e8d2887 Workaround to allow percent chars in getGroupByPath via PathSegment
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-06 14:22:34 -03:00
Peter Zaoral
340eb99412
Unable to use < as part of a password (admin-cli) (#24939)
* escaped angle bracket characters in password

Closes #21951

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-12-06 17:27:44 +01:00
Pedro Igor
ab1173182c Make sure realm is available from session when migrating to 23
Closes #25183

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 07:42:54 -03:00
rmartinc
d004e9295f Do not allow remove a credential in account endpoint if provider marks it as not removable
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-05 17:11:57 +01:00
Vlasta Ramik
6f37fefd8d
Delete container providers from the base testsuite (#25168)
Closes #24097

Signed-off-by: vramik <vramik@redhat.com>
2023-12-04 14:44:35 +01:00
Alfredo Moises Boullosa
0b48bef0b1 Update springboot version
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
2023-12-04 11:15:51 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi (#25206)
Closes #24103

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-12-01 16:40:56 +00:00
rmartinc
31b7c9d2c3 Add UP decorator to SSSD provider
Closes https://github.com/keycloak/keycloak/issues/25075

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-01 15:41:05 +01:00
mposolda
3fa2d155ca Decouple factory methods from the provider methods on UserProfileProvider implementation
closes #25146

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-01 10:30:57 -03:00
Pedro Igor
c5bcdbdc3f Make sure username is lowercase when normalizing attributes
Closes #25173

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-01 12:16:13 +01:00
Martin Kanis
4279bbc6b5 Map Store Removal: Delete map profiles from testsuite
Closes #24094

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2023-11-30 14:59:02 +01:00
vramik
587cef7de4 Delete Profile.Feature.MAP_STORAGE
Signed-off-by: vramik <vramik@redhat.com>

Closes #24102
2023-11-30 13:04:39 +01:00
Pedro Igor
c7f63d5843 Add options to change behavior on how unmanaged attributes are managed
Closes #24934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473)
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
Douglas Palmer
d0b86d2f64 Register event not triggered on external to internal token exchange
Closes #9684

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 15:30:47 -03:00
mposolda
479e6bc86b Update Kerberos provider for user-profile
closes #25074

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d Remove lowercase for the hostname as recommended/advised by OAuth spec
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Martin Bartoš
e71d850a03 Run SAML adapter tests with EAP 8
Closes #24168

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2023-11-28 14:07:44 +01:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax (#25) (#25036)
Closes https://github.com/keycloak/security/issues/46

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2023-11-27 11:38:14 +01:00
Takashi Norimatsu
1f5ee9bf80 NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token
closes #25022

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-11-27 08:49:48 +01:00
Thomas Darimont
8888e3d41c
Avoid deprecated API usage in testsuite/integration-arquillian/tests/base (#24904)
- Removed unused imports
- Avoided deprecated junit/hamcrest API
- Avoid usage of JDK API scheduled for removal

This should reduce the number of compiler warnings in the logs quite a bit

closes #24995 

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-24 09:37:34 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2023-11-22 14:10:11 +01:00
Thomas Darimont
cd1e0e06c6
Avoid deprecated API usage in testsuite/integration-arquillian/util (#24870)
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-21 12:45:58 +01:00
Martin Bartoš
87ed656685 Start of MS-SQL fails in CI
Closes #24846

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2023-11-20 15:09:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943)
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
rmartinc
5fad76070a Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience
Closes https://github.com/keycloak/keycloak/issues/24659

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 18:22:16 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB
Closes #24095

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-16 13:50:56 +01:00
rmartinc
cca33baac3 Avoid NPE if RelayState is null and return a proper error
Closes https://github.com/keycloak/keycloak/issues/24079

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 12:56:49 +01:00
rmartinc
e3b2eec1ba Make user profile validation success if the attribute was already wrong and read-only in the context
Closes https://github.com/keycloak/keycloak/issues/24697

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-14 03:07:00 -08:00
Erik Jan de Wit
89abc094d1
userprofile shared (#23600)
* move account ui user profile to shared

* use ui-shared on admin same error handling

also introduce optional renderer for added component

* move scroll form to ui-shared

* merged with main

* fix lock file

* fixed merge error

* fixed merge errors

* fixed tests

* moved user profile types to admin client

* fixed more types

* pr comments

* fixed some types
2023-11-14 08:04:55 -03:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058)
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2023-11-13 19:13:01 +01:00
vramik
71b6757c2f Remove quarkus options related to map store
Signed-off-by: vramik <vramik@redhat.com>

Closes #24098
2023-11-13 12:34:52 +01:00
vramik
926be135e8 Remove map related modules
Signed-off-by: vramik <vramik@redhat.com>

Closes #24100
2023-11-13 12:34:52 +01:00
vramik
76affa45c6 Delete removed spi-events-store-jpa-max-detail-length property from keycloak.conf in testsuite
Signed-off-by: vramik <vramik@redhat.com>

Fixes #17258
2023-11-13 08:34:09 +01:00
Hynek Mlnařík
0ceaed0e2e
Transient users: Consents (#24496)
closes #24494
2023-11-10 11:18:27 +01:00
rmartinc
6963364514 Keep same name on update for LDAP attributes
Closes https://github.com/keycloak/keycloak/issues/23888
2023-11-09 23:54:45 +01:00
mposolda
64836680d7 Failing test X509OCSPResponderTest due expired certificate
closes #24650

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-09 13:34:51 +01:00
Alexander Schwartz
26e2fde115
Avoid reseting cachemanger to null to avoid a re-initialization (#24086)
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.

Closes #24085
2023-11-08 11:33:44 -05:00
vramik
6fa26d7ff4 Delete map dependencies from dependency management
Closes #24101
2023-11-08 13:53:17 +01:00
mposolda
7863c3e563 Moving UPConfig and related classes from keycloak-services
closes #24535

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-07 12:41:29 +01:00
Peter Skopek
e5eded0eab
Add possibility to override fileName and base directory of Keycloak Quarkus distribution ZIP archive (#24284)
Closes #24283

Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-11-07 10:31:58 +01:00
Joshua Sorah
7ca00975d4 Feature flag DPoP metadata in OIDC Well Known endpoint
Closes keycloak/keycloak#24547

Signed-off-by: Joshua Sorah <jsorah@gmail.com>
2023-11-06 03:13:57 -08:00
vramik
593c14cd26 Data too long for column 'DETAILS_JSON'
Closes #17258
2023-11-02 20:29:35 +01:00
Oliver
563ae104fd [issue-14134] test partial import user with id
Fix #14134
2023-11-02 05:56:12 -07:00
Martin Kanis
e05effe62d Map Store Removal: Delete map profiles and scopes from model tests
Closes #24093
2023-11-02 11:33:00 +01:00
Jon Koops
fe0a9459dd
Remove UTF-8 encoding header from property files (#24471) 2023-11-01 16:03:26 -04:00
rmartinc
d7bb59461d Escape $ sign when replacing clientId in the role mappers
Closes https://github.com/keycloak/keycloak/issues/23692
2023-11-01 20:47:15 +01:00
Pedro Igor
be65ba8689 Make sure optional default attributes are removed when decorating the user-define user profile configuration
Closes #24420
2023-11-01 14:54:09 +01:00
mposolda
0bd2b342d7 Update per review 2023-10-31 12:56:46 -07:00
mposolda
6f992915d7 Move some UserProfile and Validation classes into keycloak-server-spi
closes #24387
2023-10-31 12:56:46 -07:00
Aboullos
75440abb5f
Fix compilation error on springboot (#24437) 2023-10-31 19:29:05 +00:00
Justin Tay
3ff0476cc3 Allow customization of aud claim with JWT Authentication
Closes #21445
2023-10-31 11:33:47 -07:00
rmartinc
1b630326b2 Fixes in LDAP tests when using AD
Closing https://github.com/keycloak/keycloak/issues/24357
2023-10-31 13:34:37 +01:00
rmartinc
7deb4ca545 Group count and PartialExport permission fixes
Closes https://github.com/keycloak/keycloak/issues/12171
2023-10-31 01:40:21 -07:00
Aboullos
c23e1e0e2b
Fix springboot tests (#24254)
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-31 09:06:09 +01:00
rmartinc
6484a3e705 Add userProfileEnabled attribute to realm response if admin can view users
closes https://github.com/keycloak/keycloak/issues/19093
2023-10-30 07:39:03 -07:00
rmartinc
ea398c21da Add a property to the User Profile Email Validator for max length of the local part
Closes https://github.com/keycloak/keycloak/issues/24273
2023-10-27 15:09:42 +02:00
Alice
69497382d8
Group scalability upgrades (#22700)
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Thomas Darimont
d56baa80b3
Add support for passing acr_values in auth requests in keycloak.js (#9383) (#24259)
Fixes #9383
2023-10-25 15:33:39 +02:00
Hynek Mlnarik
c036980c37 Add TRANSIENT_USERS feature flag 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d59ceb17e9 Add tests for offline access, introspection and userinfo endpoint 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d70735f64d Tests
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
2023-10-25 12:02:35 +02:00
ggraziano
84112f57b5 Verification of iss at refresh token request
Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method.

Closes #22191
2023-10-24 23:42:11 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration (#24215)
closes #24182


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-10-24 20:19:33 +02:00
Martin Kanis
10a2c96c72
Users in role Rest API returns empty when User federation used (#23318)
* Users in role Rest API returns empty when User federation used

Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-24 11:10:20 -04:00
Martin Bartoš
9627187447
Adapter tests failing with Jakarta error (#24177)
Fixes #24176
2023-10-24 10:11:48 -04:00
rmartinc
ad01ed1497 Do not reset the user profile configuration on disable
Closes https://github.com/keycloak/keycloak/issues/23527
2023-10-24 03:05:34 -07:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow (#23892)
Closes #23891
2023-10-24 10:09:26 +02:00
Håvar Nøvik
bc55846809
Fixes a NullPointerException after import validation (#20151)
* Fixes a NullPointerException after import validation

If the import validation (when getting a user by email)
returns null, indicating that the user entity should be
removed from local storage, an email equality check results
in a NullPointerException.

This commit fixes this issue by explicitly checking for null.

Closes #20150

---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-23 17:19:25 -04:00
vramik
a0f04fa2be Declarative User Profile export
Closes #12062
Resolves #20885
2023-10-21 19:21:20 +02:00
Pedro Igor
e47389f199 Username now shown when creating a user and edit username is not allowed
Closes #24183
2023-10-20 10:22:31 -07:00
Steven Hawkins
f4d1dd9b7f
improvement: validates the expected values of non-cli properties (#23797)
also adds better messages for unknown options

closes #13608
2023-10-20 17:21:03 +00:00
Pedro Igor
d4a5391013 Making sure public clients can RPT tokens
Closes #14165
2023-10-20 17:53:10 +02:00
Pedro Igor
55a5a8c0eb Ignore custom attributes when processing attributes in verify profile action
Closes #24077
2023-10-20 17:51:40 +02:00
mposolda
c18e8ff535 User profile tweaks in registration forms
closes #24024
2023-10-20 06:31:21 -07:00
kaustubh-rh
1ac2c0997d
Inconsistent handling of parenthesis in auth flow name (#24113)
closes #16379
2023-10-20 10:00:46 +02:00
mposolda
04777299b0 After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly
closes #23880
2023-10-19 19:23:50 +02:00
Vlasta Ramik
f6d582c761
Import migration step for kc22
Closes #24031

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-10-19 09:00:49 +02:00
rmartinc
d10ccc7245 Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions
Closes: https://github.com/keycloak/keycloak/issues/21797
Closes: https://github.com/keycloak/keycloak/issues/21818
2023-10-19 08:31:49 +02:00
Pedro Igor
e91a0afca2 The username in account is required and don't change when email as username is enabled
Closes #23976
2023-10-17 16:43:44 -03:00
wojnarfilip
b5ec155b64 Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin
Closes #23960
2023-10-17 16:59:09 +02:00
shigeyuki kabano
6112b25648 Enhancing Light Weight Token(#22148)
Closes #21183
2023-10-17 13:12:36 +02:00
Alexander Schwartz
50916d58b1 Clean up created test user to avoid conflict with other tests
Closes #23804
2023-10-16 19:10:52 +02:00
wojnarfilip
f9386bd62b Update login flow in OCP social login 2023-10-16 10:45:38 -03:00
Pedro Igor
9c19a8972b Removing the default cache metadata
Closes #23910
2023-10-13 16:32:55 +02:00
Lex Cao
eedc4ceb18 Fix unexpected expiration when import offline client session
Closes #23397
2023-10-13 15:45:07 +02:00
Moritz Becker
e9f08b6500 Do not return empty scope field in token introspection response
Closes #16526
2023-10-13 08:36:12 +02:00
Steven Hawkins
478ceb0b34
modification of kc.sh to remove param eval (#22585)
* test

* modification of kc.sh to remove eval of env/args

Closes #22337

---------

Co-authored-by: rmartinc <rmartinc@redhat.com>
2023-10-12 17:10:53 +02:00
Vojtěch Boček
8871983b33
Add support for single-tenant mode to Microsoft Identity Provider (#20699)
* Add support for single-tenant mode to Microsoft Identity Provider

Fixes #20695
Closes #11207

* Add SocialLoginTest for Microsoft single-tenant variant
2023-10-10 16:35:36 -04:00
Marek Posolda
a6609bd969
Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517)
Closes #12406


Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-10 21:54:37 +02:00
Pedro Igor
7385ed56c7 Avoid creating the component when there is no component and configuration is not provided
Closes #20970

Co-authored-by: Pedro Igor <psilva@redhat.com>
2023-10-10 13:28:48 +02:00
Tero Saarni
22d093f5c0
Fix multi-valued LDAP attribute support
FullName LDAP storage mapper was delegating to single-valued setter even
when multi-valued setter was called.

Closes #22091

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-10-06 14:36:02 +00:00
mposolda
cdb61215c9 UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed
closes #23749
2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile (#23537)
Closes #23507, #23584, #23740, #23774

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-06 10:15:39 -03:00
rmartinc
890600c33c Remove backward compatibility for ECDSA tokens
Closes https://github.com/keycloak/keycloak/issues/23734
2023-10-06 14:24:48 +02:00
Martin Kanis
0853d484ec
Remove transaction in InfinispanSingleUseObjectProvider#remove (#23708)
Co-authored-by: mposolda <mposolda@gmail.com>
2023-10-06 10:00:04 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. (#22317)
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
2023-10-05 15:08:01 +02:00
vramik
7f2f4aae67 Upgrade liquibase version to avoid a bug where a changeset is executed twice
Closes #23220
2023-10-05 13:35:05 +02:00
Tomas Ondrusko
58131f1dcc Update the Instagram login process
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-05 09:33:05 +02:00
Steven Hawkins
9a93b9a273
allows csv output to handle missing requested fields (#23459)
* allows csv output to handle missing requested fields

Closes #12330

* fixes the handling of the content type

also makes it more explicit the expectation of applying csv and return
fields

* fix: consolidating the logic dealing with the content-type

Closes #23580
2023-10-04 15:49:19 +02:00
Dmitry Telegin
085d0d73c9 Fix nonce/scope typo 2023-10-02 22:36:51 +02:00
Tomas Ondrusko
fcb91a83ba
Ignore query parameters while testing the LinkedIn profile picture URL (#23557)
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-02 14:36:17 +02:00
Tomas Ondrusko
3d42573813
Update PayPal social login flow to use 127.0.0.1 instead of localhost (#23532)
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-09-28 09:34:45 +00:00
fwojnar
56082cdd2d
Fixes issue in login flow of SocialLoginTest#twitterLogin (#23122)
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-09-28 10:21:59 +02:00
Lucas Hedding
de5aa2e74d
Add createTimestamp to REST service (#23293)
Closes #14009
2023-09-27 13:38:16 +02:00
rmartinc
10c1e3ba6d Client roles should be mapped to any claim name
Closes https://github.com/keycloak/keycloak/issues/22349
2023-09-27 08:11:22 -03:00