libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24344 commits 4 branches 5 tags 480 MiB
Commit graph

6495 commits

Author SHA1 Message Date
Thomas Darimont
cd1e0e06c6
Avoid deprecated API usage in testsuite/integration-arquillian/util (#24870) 
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-21 12:45:58 +01:00
Martin Bartoš
87ed656685 Start of MS-SQL fails in CI 
Closes #24846

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-20 15:09:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943) 
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-20 14:48:17 +01:00
rmartinc
5fad76070a Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience 
Closes https://github.com/keycloak/keycloak/issues/24659

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-16 18:22:16 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB 
Closes #24095

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-11-16 13:50:56 +01:00
rmartinc
cca33baac3 Avoid NPE if RelayState is null and return a proper error 
Closes https://github.com/keycloak/keycloak/issues/24079

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-16 12:56:49 +01:00
rmartinc
e3b2eec1ba Make user profile validation success if the attribute was already wrong and read-only in the context 
Closes https://github.com/keycloak/keycloak/issues/24697

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-14 03:07:00 -08:00
Erik Jan de Wit
89abc094d1
userprofile shared (#23600) 
* move account ui user profile to shared

* use ui-shared on admin same error handling

also introduce optional renderer for added component

* move scroll form to ui-shared

* merged with main

* fix lock file

* fixed merge error

* fixed merge errors

* fixed tests

* moved user profile types to admin client

* fixed more types

* pr comments

* fixed some types
 2023-11-14 08:04:55 -03:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2023-11-13 19:13:01 +01:00
vramik
71b6757c2f Remove quarkus options related to map store 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24098
 2023-11-13 12:34:52 +01:00
vramik
926be135e8 Remove map related modules 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24100
 2023-11-13 12:34:52 +01:00
vramik
76affa45c6 Delete removed spi-events-store-jpa-max-detail-length property from keycloak.conf in testsuite 
Signed-off-by: vramik <vramik@redhat.com>

Fixes #17258
 2023-11-13 08:34:09 +01:00
Hynek Mlnařík
0ceaed0e2e
Transient users: Consents (#24496) 
closes #24494
 2023-11-10 11:18:27 +01:00
rmartinc
6963364514 Keep same name on update for LDAP attributes 
Closes https://github.com/keycloak/keycloak/issues/23888
 2023-11-09 23:54:45 +01:00
mposolda
64836680d7 Failing test X509OCSPResponderTest due expired certificate 
closes #24650

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-09 13:34:51 +01:00
Alexander Schwartz
26e2fde115
Avoid reseting cachemanger to null to avoid a re-initialization (#24086) 
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.

Closes #24085
 2023-11-08 11:33:44 -05:00
vramik
6fa26d7ff4 Delete map dependencies from dependency management 
Closes #24101
 2023-11-08 13:53:17 +01:00
mposolda
7863c3e563 Moving UPConfig and related classes from keycloak-services 
closes #24535

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-07 12:41:29 +01:00
Peter Skopek
e5eded0eab
Add possibility to override fileName and base directory of Keycloak Quarkus distribution ZIP archive (#24284) 
Closes #24283

Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2023-11-07 10:31:58 +01:00
Joshua Sorah
7ca00975d4 Feature flag DPoP metadata in OIDC Well Known endpoint 
Closes keycloak/keycloak#24547

Signed-off-by: Joshua Sorah <jsorah@gmail.com>
 2023-11-06 03:13:57 -08:00
vramik
593c14cd26 Data too long for column 'DETAILS_JSON' 
Closes #17258
 2023-11-02 20:29:35 +01:00
Oliver
563ae104fd [issue-14134] test partial import user with id 
Fix #14134
 2023-11-02 05:56:12 -07:00
Martin Kanis
e05effe62d Map Store Removal: Delete map profiles and scopes from model tests 
Closes #24093
 2023-11-02 11:33:00 +01:00
Jon Koops
fe0a9459dd
Remove UTF-8 encoding header from property files (#24471) 2023-11-01 16:03:26 -04:00
rmartinc
d7bb59461d Escape $ sign when replacing clientId in the role mappers 
Closes https://github.com/keycloak/keycloak/issues/23692
 2023-11-01 20:47:15 +01:00
Pedro Igor
be65ba8689 Make sure optional default attributes are removed when decorating the user-define user profile configuration 
Closes #24420
 2023-11-01 14:54:09 +01:00
mposolda
0bd2b342d7 Update per review 2023-10-31 12:56:46 -07:00
mposolda
6f992915d7 Move some UserProfile and Validation classes into keycloak-server-spi 
closes #24387
 2023-10-31 12:56:46 -07:00
Aboullos
75440abb5f
Fix compilation error on springboot (#24437) 2023-10-31 19:29:05 +00:00
Justin Tay
3ff0476cc3 Allow customization of aud claim with JWT Authentication 
Closes #21445
 2023-10-31 11:33:47 -07:00
rmartinc
1b630326b2 Fixes in LDAP tests when using AD 
Closing https://github.com/keycloak/keycloak/issues/24357
 2023-10-31 13:34:37 +01:00
rmartinc
7deb4ca545 Group count and PartialExport permission fixes 
Closes https://github.com/keycloak/keycloak/issues/12171
 2023-10-31 01:40:21 -07:00
Aboullos
c23e1e0e2b
Fix springboot tests (#24254) 
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-31 09:06:09 +01:00
rmartinc
6484a3e705 Add userProfileEnabled attribute to realm response if admin can view users 
closes https://github.com/keycloak/keycloak/issues/19093
 2023-10-30 07:39:03 -07:00
rmartinc
ea398c21da Add a property to the User Profile Email Validator for max length of the local part 
Closes https://github.com/keycloak/keycloak/issues/24273
 2023-10-27 15:09:42 +02:00
Alice
69497382d8
Group scalability upgrades (#22700) 
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-26 16:50:45 +02:00
Thomas Darimont
d56baa80b3
Add support for passing acr_values in auth requests in keycloak.js (#9383) (#24259) 
Fixes #9383
 2023-10-25 15:33:39 +02:00
Hynek Mlnarik
c036980c37 Add TRANSIENT_USERS feature flag 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d59ceb17e9 Add tests for offline access, introspection and userinfo endpoint 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d70735f64d Tests 
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
 2023-10-25 12:02:35 +02:00
ggraziano
84112f57b5 Verification of iss at refresh token request 
Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method.

Closes #22191
 2023-10-24 23:42:11 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration (#24215) 
closes #24182


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-10-24 20:19:33 +02:00
Martin Kanis
10a2c96c72
Users in role Rest API returns empty when User federation used (#23318) 
* Users in role Rest API returns empty when User federation used

Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-24 11:10:20 -04:00
Martin Bartoš
9627187447
Adapter tests failing with Jakarta error (#24177) 
Fixes #24176
 2023-10-24 10:11:48 -04:00
rmartinc
ad01ed1497 Do not reset the user profile configuration on disable 
Closes https://github.com/keycloak/keycloak/issues/23527
 2023-10-24 03:05:34 -07:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow (#23892) 
Closes #23891
 2023-10-24 10:09:26 +02:00
Håvar Nøvik
bc55846809
Fixes a NullPointerException after import validation (#20151) 
* Fixes a NullPointerException after import validation

If the import validation (when getting a user by email)
returns null, indicating that the user entity should be
removed from local storage, an email equality check results
in a NullPointerException.

This commit fixes this issue by explicitly checking for null.

Closes #20150

---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-23 17:19:25 -04:00
vramik
a0f04fa2be Declarative User Profile export 
Closes #12062
Resolves #20885
 2023-10-21 19:21:20 +02:00
Pedro Igor
e47389f199 Username now shown when creating a user and edit username is not allowed 
Closes #24183
 2023-10-20 10:22:31 -07:00
Steven Hawkins
f4d1dd9b7f
improvement: validates the expected values of non-cli properties (#23797) 
also adds better messages for unknown options

closes #13608
 2023-10-20 17:21:03 +00:00
Pedro Igor
d4a5391013 Making sure public clients can RPT tokens 
Closes #14165
 2023-10-20 17:53:10 +02:00
Pedro Igor
55a5a8c0eb Ignore custom attributes when processing attributes in verify profile action 
Closes #24077
 2023-10-20 17:51:40 +02:00
mposolda
c18e8ff535 User profile tweaks in registration forms 
closes #24024
 2023-10-20 06:31:21 -07:00
kaustubh-rh
1ac2c0997d
Inconsistent handling of parenthesis in auth flow name (#24113) 
closes #16379
 2023-10-20 10:00:46 +02:00
mposolda
04777299b0 After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly 
closes #23880
 2023-10-19 19:23:50 +02:00
Vlasta Ramik
f6d582c761
Import migration step for kc22 
Closes #24031

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-10-19 09:00:49 +02:00
rmartinc
d10ccc7245 Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions 
Closes: https://github.com/keycloak/keycloak/issues/21797
Closes: https://github.com/keycloak/keycloak/issues/21818
 2023-10-19 08:31:49 +02:00
Pedro Igor
e91a0afca2 The username in account is required and don't change when email as username is enabled 
Closes #23976
 2023-10-17 16:43:44 -03:00
wojnarfilip
b5ec155b64 Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin 
Closes #23960
 2023-10-17 16:59:09 +02:00
shigeyuki kabano
6112b25648 Enhancing Light Weight Token(#22148) 
Closes #21183
 2023-10-17 13:12:36 +02:00
Alexander Schwartz
50916d58b1 Clean up created test user to avoid conflict with other tests 
Closes #23804
 2023-10-16 19:10:52 +02:00
wojnarfilip
f9386bd62b Update login flow in OCP social login 2023-10-16 10:45:38 -03:00
Pedro Igor
9c19a8972b Removing the default cache metadata 
Closes #23910
 2023-10-13 16:32:55 +02:00
Lex Cao
eedc4ceb18 Fix unexpected expiration when import offline client session 
Closes #23397
 2023-10-13 15:45:07 +02:00
Moritz Becker
e9f08b6500 Do not return empty scope field in token introspection response 
Closes #16526
 2023-10-13 08:36:12 +02:00
Steven Hawkins
478ceb0b34
modification of kc.sh to remove param eval (#22585) 
* test

* modification of kc.sh to remove eval of env/args

Closes #22337

---------

Co-authored-by: rmartinc <rmartinc@redhat.com>
 2023-10-12 17:10:53 +02:00
Vojtěch Boček
8871983b33
Add support for single-tenant mode to Microsoft Identity Provider (#20699) 
* Add support for single-tenant mode to Microsoft Identity Provider

Fixes #20695
Closes #11207

* Add SocialLoginTest for Microsoft single-tenant variant
 2023-10-10 16:35:36 -04:00
Marek Posolda
a6609bd969
Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517) 
Closes #12406


Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-10-10 21:54:37 +02:00
Pedro Igor
7385ed56c7 Avoid creating the component when there is no component and configuration is not provided 
Closes #20970

Co-authored-by: Pedro Igor <psilva@redhat.com>
 2023-10-10 13:28:48 +02:00
Tero Saarni
22d093f5c0
Fix multi-valued LDAP attribute support 
FullName LDAP storage mapper was delegating to single-valued setter even
when multi-valued setter was called.

Closes #22091

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2023-10-06 14:36:02 +00:00
mposolda
cdb61215c9 UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed 
closes #23749
 2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile (#23537) 
Closes #23507, #23584, #23740, #23774

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-10-06 10:15:39 -03:00
rmartinc
890600c33c Remove backward compatibility for ECDSA tokens 
Closes https://github.com/keycloak/keycloak/issues/23734
 2023-10-06 14:24:48 +02:00
Martin Kanis
0853d484ec
Remove transaction in InfinispanSingleUseObjectProvider#remove (#23708) 
Co-authored-by: mposolda <mposolda@gmail.com>
 2023-10-06 10:00:04 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. (#22317) 
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
 2023-10-05 15:08:01 +02:00
vramik
7f2f4aae67 Upgrade liquibase version to avoid a bug where a changeset is executed twice 
Closes #23220
 2023-10-05 13:35:05 +02:00
Tomas Ondrusko
58131f1dcc Update the Instagram login process 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-10-05 09:33:05 +02:00
Steven Hawkins
9a93b9a273
allows csv output to handle missing requested fields (#23459) 
* allows csv output to handle missing requested fields

Closes #12330

* fixes the handling of the content type

also makes it more explicit the expectation of applying csv and return
fields

* fix: consolidating the logic dealing with the content-type

Closes #23580
 2023-10-04 15:49:19 +02:00
Dmitry Telegin
085d0d73c9 Fix nonce/scope typo 2023-10-02 22:36:51 +02:00
Tomas Ondrusko
fcb91a83ba
Ignore query parameters while testing the LinkedIn profile picture URL (#23557) 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-10-02 14:36:17 +02:00
Tomas Ondrusko
3d42573813
Update PayPal social login flow to use 127.0.0.1 instead of localhost (#23532) 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-09-28 09:34:45 +00:00
fwojnar
56082cdd2d
Fixes issue in login flow of SocialLoginTest#twitterLogin (#23122) 
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2023-09-28 10:21:59 +02:00
Lucas Hedding
de5aa2e74d
Add createTimestamp to REST service (#23293) 
Closes #14009
 2023-09-27 13:38:16 +02:00
rmartinc
10c1e3ba6d Client roles should be mapped to any claim name 
Closes https://github.com/keycloak/keycloak/issues/22349
 2023-09-27 08:11:22 -03:00
rmartinc
d90640b5a3 Change email checkserveridentity prop as angus mail sets it to true by default 
Closes https://github.com/keycloak/keycloak/issues/22395
 2023-09-26 09:11:16 +02:00
Maria Arias de Reyna
c15753266f fix(Closes #21236): Adding client-id to logout event 2023-09-25 13:20:26 +02:00
Pedro Igor
741f76887c Allow updating email when email as username is set and edit username disabed 
#23438
 2023-09-25 08:19:01 -03:00
Michal Hajas
496c5ad989 Use new findGroupByPath implementation and remove the old one 
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-09-25 10:44:24 +02:00
Jon Koops
47d9ae71c4
Revert the new welcome screen experience (#23446) 
This reverts commit bcab75a7ef.
 2023-09-21 16:03:00 +00:00
Justin Tay
7d3104ee76 Allow public clients to use PAR endpoint 
Closes #8939
 2023-09-21 13:57:42 +02:00
rmartinc
7afd90982d Align wildfly-core and wildfly version for tests 
Closes https://github.com/keycloak/keycloak/issues/23342
 2023-09-21 10:53:57 +02:00
Michal Hajas
533f9e7093
Disable CockroachDB model tests since they are flaky (#23391) 
Closes #22645

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-09-20 16:04:11 +00:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430) 
Closes #14820 
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-09-20 17:20:43 +02:00
Jon Koops
e86bf1f0b2 Remove P3P header from authentication flow 
Closes #23348
 2023-09-19 08:50:33 -03:00
rmartinc
743bb696d9 Allow duplicated keys in advanced claim mappers 
Closes https://github.com/keycloak/keycloak/issues/22638
 2023-09-19 07:49:34 -03:00
wojnarfilip
5603ee7b46 Fixes login flow in Microsoft social login test 
Closes #22657
 2023-09-18 14:21:41 +02:00
Pedro Igor
217a09ce46 Switch to Resteasy Reactive 
Closes #10713
 2023-09-18 09:19:03 -03:00
Alexander Schwartz
798846df6f
Remove legacy code which isn't used anymore and was deprecated for some time (#23264) 
Closes #23263
 2023-09-18 11:04:02 +02:00
paul
f684a70048 KEYCLOAK-15985 Add Brute Force Detection Lockout Event 2023-09-15 10:32:07 -03:00
Jon Koops
bcab75a7ef
Add new version of Welcome theme based on PatternFly 5 (#23008) 2023-09-14 08:24:17 -04:00
Andreas Blaettlinger
86c0e338d9 Toggle visibility of password input fields in login-ftl-based pages 
Closes #22067
 2023-09-14 08:04:35 -03:00
Pedro Igor
1442f14c45 Registration page not showing username when edit username is not enabled 
Closes #23185
 2023-09-14 07:32:39 -03:00
Justin Tay
658c0ef19f Send Client ID in token request with JWT Authentication 
Closes #21444
 2023-09-14 10:57:32 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix (#23184) 
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
 2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer
a68ad55a37 Support to define compatible mappers for (new) Identity Providers 
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers

Closes #21154
 2023-09-13 17:19:06 -03:00
Jacek Kowalski
f5182deb30
Fix valid redirect URIs for built-in account-console client on realm rename (#20894) 
Closes #9541

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-09-13 15:28:07 +02:00
Konstantinos Georgilakis
0044472f87 Add regex support in 'Condition - User attribute' execution 
Closes #265
 2023-09-13 08:36:45 +02:00
rmartinc
48ab2b1688 FullNameLDAPStoreMapper removes values for other attributes 
Closes https://github.com/keycloak/keycloak/issues/22526
 2023-09-13 08:11:32 +02:00
vramik
d34a371971 Enable ZeroDowntimeTest 
Closes #21825
 2023-09-11 19:09:30 +02:00
Pedro Igor
04dd9afc5e Do not store empty attributes when updating user profile 
Closes #22960
 2023-09-11 07:47:31 -03:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address (#23109) 
Closes #22825
 2023-09-11 08:56:13 +02:00
rmartinc
7da52a43bd Add old LinkedIn provider to the deprecated profile 
Closes https://github.com/keycloak/keycloak/issues/23067
 2023-09-08 10:05:17 +02:00
Marek Posolda
506e2537ac
Registration flow fixed (#23064) 
Closes #21514


Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-09-08 08:05:05 +02:00
Pedro Igor
bc31fde4c0 Broker claim mapper not recognizing claims from user info endpoint 
Closes #12137
 2023-09-07 16:34:45 +02:00
Alexander Schwartz
2eb37dbe4f Remove MS SQL JDBC driver from the Keycloak product 
Closes #22983
 2023-09-07 15:30:34 +02:00
Peter Skopek
ef272f7668 SAML Adapter fix for EAP8 and WF29 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2023-09-07 13:32:25 +02:00
Kaustubh B
5ee2ba9372 Added tests 2023-09-07 08:43:35 +02:00
Martin Bartoš
6ca78b7554 Return Oracle JDBC driver to the upstream 
Closes #22999
 2023-09-06 19:11:29 +02:00
rmartinc
8887be7887 Add a new identity provider for LinkedIn based on OIDC 
Closes https://github.com/keycloak/keycloak/issues/22383
 2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f Role mappers must return a single value when they are not multivalued 
Closes #20218
 2023-08-31 19:16:12 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation 
closes #20045
 2023-08-30 13:24:48 +02:00
vramik
4cd34f8423 Update logging properties for showing SQL statements and JDBC parameters 
Closes #22815
 2023-08-30 12:52:08 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531) 
closes #22352 #9422
 2023-08-29 11:21:01 +00:00
Pedro Igor
ea3225a6e1 Decoupling legacy and dynamic user profiles and exposing metadata from admin api 
Closes #22532

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-08-29 08:14:47 -03:00
Pedro Igor
b779df6a55 Parsing response from user info rather than the access token 
Closes #22581
 2023-08-29 12:23:56 +02:00
Tomas Ondrusko
e70ffd0105
Handle GitHub logout properly (#22463) 
Add profile info update to GitHub login test cases

Closes #22461

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-08-28 10:06:12 +02:00
Michal Hajas
94089bd492 Clean LDAP between test method executions 
Closes #22602

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-08-23 04:15:32 -03:00
Martin Bartoš
fcf65389ea
Remove Oracle Database JDBC driver from the Keycloak distribution (#22577) 
* Remove Oracle Database JDBC driver from the Keycloak distribution

Closes #22452

* Remove profile for proprietary Oracle JDBC driver

---------

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-08-21 15:13:49 +00:00
t0xicCode
822c13ff6f Switch Trusted Host policy redirect verification to URI 
Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI.
The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used.
In contrast, the URI class simply parses the string, ensuring the format is valid.
The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs.
See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation.

Closes #22309
 2023-08-14 10:20:23 +02:00
Pedro Igor
baac060eb1 Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts 
Closes #21751
 2023-08-11 13:32:16 +02:00
Erik Jan de Wit
874d2063b8
only add realm access to the current realm (#21554) 
fixes: #21553
 2023-08-10 12:43:15 +02:00
wojnarfilip
6c070d587f Closes #22282 2023-08-10 12:05:20 +02:00
Todor Staykovski
dffa7a31cb
Add subgroups sorting (#22295) 
* Review comments to add a test, update the API description and adjust the map storage.

Closes #19348

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-08-07 21:18:09 +02:00
Takashi Norimatsu
258711ef4f DPoP verification in UserInfo endpoint 
closes #22215
 2023-08-07 10:49:33 +02:00
Takashi Norimatsu
9d0960d405 Using DPoP token type in the access-token and as token_type in introspection response 
closes #21919
 2023-08-07 10:40:18 +02:00
Alex Szczuczko
92bec0214f Add -DdeployTestsuite profile to testsuite 
Closes #22258
 2023-08-04 20:54:59 +02:00
Marek Posolda
4dc929abb3
Missing client_id validation match when authenticating client with JW… (#22178) 
Closes #22177
 2023-08-03 11:47:55 +02:00
Takashi Norimatsu
ee998fee66 Add FAPI 2.0 security profile as default profile of client policies 
closes #21181
 2023-08-03 09:26:16 +02:00
Ricardo Martin
a8bca522c1
Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627) 
Closes #9004


Co-authored-by: Armel Soro <armel@rm3l.org>
 2023-08-02 09:36:50 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests 
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
 2023-08-01 11:44:25 +02:00
mposolda
6f6b5e8e84 Fix authenticatorConfig for javascript providers 
Closes #20005
 2023-07-31 19:28:25 +02:00
Vlasta Ramik
29b67fc8df
Inconsistent Wildcard handling for JPA (#21671) 
* Inconsistent Wildcard handling for JPA

Closes #20610

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-07-27 17:03:22 +02:00
rmartinc
0a7fcf43fd Initial pagination in the admin REST API for identity providers 
Closes https://github.com/keycloak/keycloak/issues/21073
 2023-07-27 14:48:02 +02:00
Martin Bartoš
4b36da03db Profile activation for WF app server doesn't properly work for Windows 
Fixes #21284
 2023-07-27 12:09:00 +02:00
Takashi Norimatsu
9a921441cc Adjustements to the behaviour of dpop_bound_access_tokens switch 
closes #21920
 2023-07-27 11:30:01 +02:00
Takashi Norimatsu
6498b5baf3 DPoP: OIDC client registration support 
closes #21918
 2023-07-26 13:00:35 +02:00
Ricardo Martin
ee35cfe478
Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages (#21897) 
* Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page
Closes #10232
 2023-07-26 11:34:19 +02:00
Marek Posolda
bb8ba1af5a
Fix script tests on windows (#21942) 
Closes #21778 #21779 #21780
 2023-07-25 12:37:21 +00:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase (#21202) 
closes #21200


Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2023-07-24 16:44:24 +02:00
Takashi Norimatsu
05b8b9ee51 Enhancing Pluggable Features of Token Manager 
closes #21182
 2023-07-24 09:16:29 +02:00
Takashi Norimatsu
2efd79f982 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification 
Closes #20584
 2023-07-24 09:11:30 +02:00
Martin Kanis
6907134f17 Removing workaround for state transfer never completes 
Closes #21256
 2023-07-21 18:21:00 +02:00
rmartinc
7336ff07ac Check RDN attribute for DN membership 
Closes https://github.com/keycloak/keycloak/issues/20718
 2023-07-21 11:13:45 +02:00
todor
897965f604 KEYCLOAK-20343 Add message bundle to export/import 
Closes #20343
 2023-07-20 23:00:28 +02:00
Alexander Schwartz
7c9593f88a
Upgrade Infinispan to 14.0.13.Final (#21565) 
Closes #21564
 2023-07-20 16:59:19 +00:00
Václav Muzikář
776bcbcbd4
Update bcpkix and bcprov dependencies (#21543) 
Closes #21360
 2023-07-20 11:57:18 +02:00
vramik
13d412989c Disable ZeroDowntimeTest 
Closes #21823
 2023-07-19 20:35:08 +02:00
Lukas Hanusovsky
086b85fad4
[20455] Arquillian reflection bug -> using different setter to avoid overloading. (#21806) 2023-07-19 14:43:36 +02:00
rmartinc
ed1934d73a Ensure that the flow tested to be deleted is a built in flow 
Closes https://github.com/keycloak/keycloak/issues/20763
 2023-07-19 08:56:32 +02:00
Pedro Igor
d2cdd78655
Add Java Distribution IT for Windows (#21675) 
Co-authored-by: Miquel Simon <msimonma@redhat.com>
 2023-07-18 12:15:56 +02:00
mposolda
03716ed452 Keycloak forgets ui_locales parameter when using reset password 
closes #10981
 2023-07-18 09:24:12 +02:00
Martin Kanis
67b20dfd9b Introduce delay in SessionTimeoutsTest to allow xsite replication to finish 
Fixes #20983
 2023-07-17 15:46:33 +02:00
rmartinc
630e3b2312 Revert emailVerified to false if email modified on force-sync non-trusted broker 
Closes https://github.com/keycloak/security/issues/48
 2023-07-17 13:13:47 +02:00
Michal Hajas
07c27336aa Check whether realm has store enabled for immediately sent events 
Closes #21698

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-07-14 20:50:33 +02:00
Stian Thorgersen
5a411d8931
Allow setting context-path for KeycloakServer (#21590) 
Closes #21589
 2023-07-11 14:24:07 +00:00
Martin Kanis
2bd7de6e8a UserSessionConcurrencyTest#testConcurrentNotesChange fails intermittently 
Closes #21290
 2023-07-11 13:12:38 +02:00
Pedro Igor
57423bca2b
Additional test for logout when using multiple tabs (#21518) 
Closes #21451
 2023-07-11 11:22:20 +02:00
Pedro Igor
376d20c285
Remove user credentials from admin event representation (#21561) 
Closes #17470
 2023-07-11 08:26:29 +02:00
rmartinc
13870f3a69 Improve error management in the github provider 
Closes https://github.com/keycloak/keycloak/issues/9429
 2023-07-10 16:09:08 -03:00
Pedro Igor
94074f4a98
Remove unnecessary tests (#21551) 
Closes #21099
 2023-07-10 13:36:21 +00:00
Daniele Martinoli
75741d17ab Updated test case in RequiredActionResetPasswordTest 2023-07-10 08:31:47 -03:00
Patrick Jennings
399a23bd56
Find an appropriate key based on the given KID and JWA (#21160) 
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.

Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.

* Update js/apps/admin-ui/public/locales/en/clients.json

Co-authored-by: Marek Posolda <mposolda@gmail.com>

* Updating boolean variable name based on suggestions by Marek.

* Adding integration test specifically for the JWT parameters for regression #20847.

---------

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-07-10 13:28:55 +02:00
Daniele Martinoli
7b8dcb42ea Using "Account is disabled" message (and also added new test case) 2023-07-07 12:16:38 -03:00
Daniele Martinoli
2a95e2c245 updated failed login test case with new error message 2023-07-07 09:00:51 -03:00
Daniele Martinoli
44570d12ee fixed error in IdentityProviderTest 2023-07-07 08:59:36 -03:00
Daniele Martinoli
83d88f6bb5 added Hardcoded Group mapper to IDP configuration 2023-07-07 08:59:36 -03:00
A. Tammy
497d08af1c
make cli usable on OpenBSD (#16462) 
Signed-off-by: Aisha Tammy <aisha@bsd.ac>
Co-authored-by: Aisha Tammy <aisha@bsd.ac>
 2023-07-07 08:58:41 +02:00
Peter Zaoral
2b1c29a6f2 Use Quarkus Platform BOM 
Closes #20570
Closes #15870

Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
 2023-07-06 12:45:48 -03:00
Martin Kanis
a07ec20be9 UserSessionProviderModelTest#testRemoteCachesParallel sessions are not removed after the test 
Closes #21295
 2023-07-06 12:39:30 +02:00
Martin Bartoš
a1a80433e3
Fix flaky OfflineServletsAdapterTest test (#21416) 
Fixes #20013
 2023-07-04 10:57:20 +00:00
rmartinc
09e30b3c99 Support for JWE IDToken and UserInfo tokens in OIDC brokers 
Closes https://github.com/keycloak/keycloak/issues/21254
 2023-07-03 21:25:46 -03:00
mposolda
ccbddb2258 Fix updating locale on info/error page after authenticationSession was already removed 
Closes #13922
 2023-07-03 18:57:36 -03:00
Martin Bartoš
e3e123b577 JavascriptAdapterTest is broken due to the multiple initialization of JS adapter 
Fixes #21412
 2023-07-03 16:44:22 -03:00
Miquel Simon
96b98dd246
Fix EAP adapter tests when running on Windows and JDK 17. (#21278) 2023-06-30 11:54:33 +02:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider (#20188) 
Closes #20191


Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-06-29 18:44:15 +02:00
Marek Posolda
51a9712e59 Improper Client Certificate Validation for OAuth/OpenID clients (#20) 
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2023-06-28 17:52:48 -03:00
Ricardo Martin
1973d0f0d4 Check the redirect URI is http(s) when used for a form Post (#22) 
Closes https://github.com/keycloak/security/issues/22

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2023-06-28 17:52:48 -03:00
Pedro Igor
28aa1d730d Verify holder of the device code (#21) 
Closes https://github.com/keycloak/security/issues/32

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
    services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
 2023-06-28 15:45:26 +02:00
rmartinc
4bc11bdf7f Do not return an error when moving a group to the current parent 
Closes https://github.com/keycloak/keycloak/issues/21242
 2023-06-28 10:34:15 +02:00
rmartinc
a5a2753d11 Don't allow impersonate disabled users or service accounts 
Closes https://github.com/keycloak/keycloak/issues/21106
 2023-06-28 10:18:21 +02:00
Hynek Mlnarik
c092c76ae8 Remove ldapsOnly (Java) 
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.

Closes: #9313
 2023-06-28 08:30:09 +02:00
Pedro Igor
d0691b0884 Support for the locale user attribute 
Closes #21163
 2023-06-27 09:21:08 -03:00
Martin Kanis
db9b6c2152 Make awaitInitialTransfer for ISPN configurable 
Closes #16671
 2023-06-27 14:04:03 +02:00
Miquel Simon
46fa7d2e6c Enable back a few tests that have been fixed to run on Firefox and Chrome. 2023-06-26 11:25:07 -03:00
Pavel Drozd
216bbe512f Add tests and profiles for testing EAP6, SpringBoot and Fuse adapters 2023-06-26 11:24:02 -03:00
eatik
6d0636987e keeping VIEW_USERS related tests in PermissionTest 
Closes #20783
 2023-06-26 11:05:35 -03:00
eatik
7cfa012427 adding test code 
Closes #20783
 2023-06-26 11:05:35 -03:00
Takashi Norimatsu
f6ecc3f3f8 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request 
closes #20710
 2023-06-26 12:09:25 +02:00
vramik
7fe7dfc529 ResourceType lost during clonning 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #20947
 2023-06-23 09:31:44 +02:00
Pedro Igor
aff6cc1cbd Running mappers during account linking 
Closes #11195

Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: toddkazakov
 2023-06-22 17:41:31 +02:00
Pedro Igor
eb5edb3a9b Support reading base32 encoded OTP secret 
Closes #9434
Closes #11561
 2023-06-22 08:08:13 -03:00
mposolda
137f8d807a Account Console II doesn't remove TOTP from UserStorage 
closes #19575
 2023-06-22 07:56:44 +02:00
Pedro Igor
0dd7c4a515 Fixing auth-server-quarkus-embedded 2023-06-21 17:18:26 +02:00
danielFesenmeyer
60b838675d Extend admin-client GroupsResource: Support the query functionality to be used in combination with the parameters first, max and briefRepresentation 
Closes #20016
 2023-06-21 12:13:22 -03:00
Gilvan Filho
2493f11331 count users by custom user attribute 
closes #14747
 2023-06-21 11:56:22 -03:00
mposolda
dc3b037e3a Incorrect Signature algorithms presented by Client Authenticator 
closes #15853

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-06-21 08:55:58 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console (#21098) 
Co-authored-by: Jon Koops <jonkoops@gmail.com>

Closes #9864
 2023-06-20 20:46:57 +02:00
fwojnar
a36be17a5c
Remove account package from testsuite (#20990) 
* Removal of testsuite account package

Related to #19668
Also closes #20527

* Fix failures + remove login folder from base-ui

---------

Co-authored-by: Ivan Khomyn <ikhomyn@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2023-06-20 08:50:39 +02:00
Daniele Martinoli
d9b271c22a
Extends the conditional user attribute authenticator to check the attributes of the joined groups (#20189) 
Closes #20007
 2023-06-19 15:22:35 +02:00
Miquel Simon
3daeee15f6
Add Forms IT (#20528) 
Closes #20519
 2023-06-19 14:44:20 +02:00
Jon Koops
29f9523646
Ensure RegisterTest runs in Chrome and Firefox (#21036) 2023-06-16 08:00:04 -04:00
Martin Bartoš
c6995f5ded Save ~2s for Keycloak startup in the testsuite 
Relates to #21033
 2023-06-16 10:47:28 +02:00
Alexander Schwartz
e410a76c42 Avoid caching the list of clientscopes in two places 
Closes #20426

Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2023-06-13 21:33:21 +02:00
rmartinc
ecf52285bc Simplify TokenManager expiration calculations using SessionExpirationUtils 
Closes https://github.com/keycloak/keycloak/issues/20794
 2023-06-13 10:09:47 +02:00
Pedro Igor
af975d20f1 Avoid iterating indefinetly when checking CRLs 
Closes #20725
 2023-06-12 17:50:16 +02:00
vramik
535bba5792 Update UserQueryProvider methods 
Closes #20438
 2023-06-12 16:04:26 +02:00
Arnaud Martin
ae5a47d548 Impossible to update a federated user credential label 
Closes #16613
 2023-06-12 15:39:52 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces 
Fixes #20877

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json (#19394) 
Closes #19373
 2023-06-09 10:46:28 +02:00
rmartinc
61968bf747 Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper 
Closes https://github.com/keycloak/keycloak/issues/19767
 2023-06-08 11:12:24 -03:00
Réda Housni Alaoui
eb9bb281ec Require user to agree to 'terms and conditions' during registration 2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators (#20731) 
closes #20497


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-08 14:52:34 +02:00
Hynek Mlnarik
12dd3edb10 Fix pagination issue with H6 
With Hibernate ORM 6, pagination started to be unreliable: When
setting the max results only if the first row was 0 has randomly
affected other threads where first row was greater than 0. The
latter thread sometimes produced query which did *not* account
for the offset (cf. threads `-t1` and `-t2` below, while `-t2`
missed the `offset ? rows` part whic `-t3` has).

This has been fixed by setting the first row offset unconditionally.

Closes: #20202
Closes: #16570

```
2023-06-02 10:19:03.855000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t1) Running computation for segment 0 with worker 0
2023-06-02 10:19:03.856000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t1) Loading sessions for segment=0 lastSessionId=00000000-0000-0000-0000-000000000000 first=0
2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@2fb60f8b
2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) After pagination: 0, 64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t2) Running computation for segment 1 with worker 1
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t2) Loading sessions for segment=1 lastSessionId=00000000-0000-0000-0000-000000000000 first=64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t3) Running computation for segment 2 with worker 2
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set first to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) After pagination: 64, 64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t3) Loading sessions for segment=2 lastSessionId=00000000-0000-0000-0000-000000000000 first=128
10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t1)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID fetch first ? rows only
10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t2)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID fetch first ? rows only
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [1] as [VARCHAR] - [1]
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [2] as [VARCHAR] - [00000000-0000-0000-0000-000000000000]
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [3] as [INTEGER] - [64]
10:19:03,860 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t3)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID offset ? rows fetch first ? rows only
2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [3] as [INTEGER] - [128]
2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [4] as [INTEGER] - [64]
```

Co-authored-by: mkanis <mkanis@redhat.com>
 2023-06-07 20:45:34 +02:00
Saman-jafari
31db84e924 fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality 
test also added to check the availability of issueFor(azp) and redirect uri in Action
Fixes #14860
Fixes #15136
 2023-06-07 12:19:46 -03:00
Zvi Grinberg
ace83231ee Update RegexPolicyTest.java 
Add forgotten imports
 2023-06-07 10:18:10 -03:00
Zvi Grinberg
b29ce53f6e Fix bug in regex policy evaluation that it ignored flatted user claims that are mapped by protocol mappers to complex JSON structure in access token( in the access token JWT it's key and value is a JSON by itself) 
fixes: #20436
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
 2023-06-07 10:18:10 -03:00
Alice Wood
7e56938b74 Extend group search attribute functionality to account for use case where only the leaf group is required 2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705 EventBuilder fixes to copy the store and session context 
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
 2023-06-07 08:34:27 -03:00
Jon Koops
9a8d1ca1f3
Stop waiting page load when calling assertCurrent() (#20786) 2023-06-07 13:13:46 +02:00
Pedro Hos
9ebd94a3a8 Userinfo endpoint doesn't accept charset #20671 
Closes 20671
 2023-06-07 08:08:05 +02:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator (#20572) 
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.

Closes #8753
---------

Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
 2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc Fix and correlate session timeout calculations in legacy and new map implementations 
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
 2023-06-05 18:46:23 +02:00
Jon Koops
8eee3f434b
Fix test for brute force detection of recovery codes (#20784) 2023-06-05 11:55:30 -04:00
rmartinc
d80094793b Manage elytron configuration if configured for JDK-17 
Closes https://github.com/keycloak/keycloak/issues/20385
 2023-06-05 13:50:28 +02:00
Jon Koops
7ce96bb6d5
Remove workaround for legacy consoles from waitForPageToLoad (#20754) 2023-06-05 07:48:08 -04:00
Aboullos
612fe33ade
Remove AccountUpdateProfilePage from the testsuite (#19362) 
closes #15202
 2023-06-02 11:46:49 +02:00
Pedro Igor
f69ff5d270 Execution config not duplicated when duplicating flows 
Closes #12012
 2023-06-01 16:12:06 +02:00
mposolda
bf9c5821cb Fix for certificate revalidation 
closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542
 2023-05-31 15:42:37 +02:00
Alexander Schwartz
512e30b210 Add escaping for fields with wildcard search 
Closes #20510
 2023-05-31 14:38:04 +02:00
Takashi Norimatsu
a29c30ccd5 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request 
closes #20623
 2023-05-31 14:02:44 +02:00
vramik
a175efcb72 Split UserQueryProvider into UserQueryMethods and UserCountMethods and make LdapStorageProvider implement only UserQueryMethods 
Co-authored-by: mhajas <mhajas@redhat.com>

Closed #20156
 2023-05-31 11:47:54 +02:00
Jay Linski
403632438a
Improve a11y by providing the current language (#20213) 2023-05-30 13:46:14 -04:00
Takashi Norimatsu
6b42c2b4d0 FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error 
Closes #20622
 2023-05-30 18:24:50 +02:00
stianst
0832992e59 Removing OpenShift integration and moving to separate extension 
closes #20496

Co-authored-by: mposolda <mposolda@gmail.com>
 2023-05-30 17:39:32 +02:00
Pedro Igor
17c3804402 Tests for user property mapper 
Closes #20534
 2023-05-29 14:21:03 +02:00
Yoshiyuki Tabata
bd37875a66 allow specifying format of "permission" parameter in the UMA grant token 
endpoint (#15947)
 2023-05-29 08:56:39 -03:00
Martin Bartoš
b438776b94
Introduced additional dependencies in the testsuite (#20600) 
Fixes #20599

Fixes #20384
 2023-05-26 15:41:45 +02:00
Hynek Mlnarik
54c9403cc0 Fix CacheExpirationTest 
Sometimes the initialization of keycloak session factory
took longer than the expiration was set on the elements,
so they were not found in the cache where they were awaited.
This is fixed by adding an assumption on the time, and if the
time is over the expiration, the remainder of the test is skipped.
The timeout is set in order to run fully most of the time in GHA.

Closes: #20269
 2023-05-26 15:07:51 +02:00
Jon Koops
98e5e9799b Improve third-party storage access detection and cookie fallback 2023-05-25 22:16:59 -03:00
Douglas Palmer
1b8901f5a2 Changing the email address has no impact at username regardless "Email as username" toggle 
closes #20459
 2023-05-25 07:54:03 -03:00