Commit graph

4043 commits

Author SHA1 Message Date
Peter Zaoral
72b238fb48
Keystore vault (#19644)
* KeystoreVault SPI

* added KeystoreVault - a Vault SPI implementation (#19281)

Closes #17252

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-05-24 16:20:30 +00:00
Stefan Guilhen
2252b09949 Remove deprecated default roles methods
Closes #15046
2023-05-23 22:32:52 +02:00
i7a7467
e41e1a971a SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata
Closes #11079
2023-05-22 10:05:17 +02:00
Artur Baltabayev
33215ab6f4
Added User-Session Note Idp mapper. (#19062)
Closes #17659


Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
Co-authored-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2023-05-18 13:47:10 +02:00
mkrueger92
256bb84cc4
Avoid NPE while fetching offline sessions (#17577) 2023-05-18 13:32:02 +02:00
Pedro Hos
c939b5b5ac NPE when updating a subflow in an authentication flow
closes #19844
2023-05-17 18:35:40 +02:00
danielFesenmeyer
d543ba5b56 Consistent message resolving regarding language fallbacks for all themes
- the prio of messages is now as follows for all themes (RL = realm localization, T = Theme i18n files): RL <variant> > T <variant> > RL <region> > T <region> > RL <language> > T <language> > RL en > T en
- centralize the message resolving logic in helper methods in LocaleUtil and use it for all themes, add unit tests in LocaleUtilTest
- add basic integration tests to check whether realm localization can be used in all supported contexts:
  - Account UI V2: org.keycloak.testsuite.ui.account2.InternationalizationTest
  - Login theme: LoginPageTest
  - Email theme: EmailTest
- deprecate the param useRealmDefaultLocaleFallback=true of endpoint /admin/realms/{realm}/localization/{locale}, because it does not resolve fallbacks as expected and is no longer used in admin-ui v2
- fix locale selection in DefaultLocaleSelectorProvider that a supported region (like "de-CH") will no longer selected instead of a supported language (like "de"), when just the language is requested, add corresponding unit tests
- improvements regarding message resolving in Admin UI V2:
  - add cypress test i18n_test.spec.ts, which checks the fallback implementation
  - log a warning instead of an error, when messages for some languages/namespaces cannot be loaded (the page will probably work with fallbacks in that case)

Closes #15845
2023-05-17 15:00:32 +02:00
Dominik Schlosser
8c58f39a49 Updates Datastore provider to contain full data model
Closes #15490
2023-05-16 15:05:10 +02:00
Takashi Norimatsu
7f5e94db87 KEYCLOAK-19539 FAPI 2.0 Baseline : Reject Implicit Grant 2023-05-16 14:17:29 +02:00
Alexander Schwartz
bd7f62acc3 Use retry-logic only for the map storage
This is a performance optimization that the retry doesn't affect the legacy store.

Closes #20176
2023-05-15 10:20:35 +02:00
Alexander Schwartz
754aac2f4e Avoid creating a NPE when closing
This is a performance optimization and improved logging so it doesn't hide problems in the future.

Closes #20176
2023-05-15 10:20:35 +02:00
Alexander Schwartz
0f481da77f Avoid creating instances of HashMap to generate a single MapEntry
This is a performance optimization.

Closes #20176
2023-05-15 10:20:35 +02:00
Alexander Schwartz
93373b9398 Cache theme root URI
This is a performance optimization.

Closes #20176
2023-05-15 10:20:35 +02:00
Martin Bartoš
5a96efad11 Do not display error log for initial admin creation
Closes #15789

Co-authored-by: Steve Weixel <steve.weixel@quantum.com>
2023-04-28 14:36:05 +02:00
Martin Bartoš
dcb7c498a4
Cannot find Generated annotation for ServicesLogger (#20021)
Fixes #20020
2023-04-28 11:37:44 +00:00
Peter Zaoral
a020d3f6df Quarkus3 branch sync no. 12
31.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
bc43e4f435 Integrate Jakarta Mail API 2.1.0 2023-04-27 13:36:54 +02:00
Peter Zaoral
0b4f40f89b Quarkus3 branch sync no. 8
3.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Peter Zaoral
c2d1cade8d Quarkus3 branch sync no. 7
27.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
64738ea708 Fix issues with JakartaEE Mail dependencies
This reverts commit da4644844ed88818c05d777460624403326ab01c

---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
946eacd5b6 Quarkus3 branch sync no. 5
10.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
vramik
f18f356a0b Update attribute name in HttpRequestImpl to jakarta.
Closes #16721
2023-04-27 13:36:54 +02:00
Martin Bartoš
b1da7bd613 Revert Mail API
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/quarkus/pom.xml - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
1f126647fe Update dependencies 2023-04-27 13:36:54 +02:00
Martin Bartoš
124591ce1a Adapters can still use Java EE
- Provided all JavaEE dependencies for adapters
- Automatically build Undertow Jakarta EE for testsuite (missing SAML)
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
6118e5cfb7 Use JakartaEE dependencies
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.*
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
2023-04-27 13:36:54 +02:00
rmartinc
04ac3a64ee Adding support for rsa-oaep for SAML encryption
Closes https://github.com/keycloak/keycloak/issues/19689
2023-04-26 10:46:10 +02:00
mposolda
a3f2ebb193 Ability to override default/built-in providers with same providerId. Using ProviderFactory.order() for choosing priority providers
Closes #19867
2023-04-25 18:04:58 +02:00
Hynek Mlnarik
3161c4424c Fix export / import tests relict
Closes: #19812
2023-04-19 22:17:49 +02:00
rmartinc
8e55a63f31 Do not allow add sub-flow to built-in workflow
Closes https://github.com/keycloak/keycloak/issues/15536
2023-04-19 11:12:49 +02:00
rmartinc
f051a0cdb3 Improve SessionCodeChecks to detect better the ALREADY_LOGGED_IN situation
Closes https://github.com/keycloak/keycloak/issues/19677
2023-04-18 10:35:47 -03:00
Marek Posolda
8d01109158
Invalid parameter redirect_uri when using an invalid client_id (#19731)
closes #19662
2023-04-17 15:12:59 +02:00
danielFesenmeyer
5554c62bea Change locale of user profile validation message to be resolved from authenticated user instead of validated user
Closes #19707
2023-04-14 11:51:15 -03:00
Stian Thorgersen
f4cabea08c
Make sure the code is bound to the user session (#18) (#17380) (#17389)
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-04-14 14:42:12 +02:00
Jon Koops
a2eb619e0e
Include Account Console version 3 as a theme (#19641) 2023-04-13 09:41:40 -04:00
eatikrh
396e2ba931
Allow users with 'view-users' permission to see the 'credentials' tab (#19587)
Closes #17174
2023-04-07 14:13:43 +02:00
alwibrm
9f15cf432b
Respecting key use of EC keys in JWKS 2023-04-03 19:06:25 -03:00
rmartinc
99330dbb6d Manage JsonProcessingException to not return error 500 when json data is wrong
Closes https://github.com/keycloak/keycloak/issues/11517
2023-04-03 18:07:34 +02:00
Hynek Mlnarik
0d5363d0d5 Throw an exception rather than returning response
Closes: #17644
2023-04-03 14:43:50 +02:00
Stan Silvert
c595e3430e
Add access to full group tree. Fix access for members tab. Add missing (#19423)
props to Access object.
Fixes #17589
2023-03-31 15:11:13 -04:00
mposolda
17c1b853e0 Custom implemention of OIDC Login Protocol doesn't get executed
closes #19335
2023-03-31 11:54:32 -03:00
rmartinc
c6a1820a47 Use SimpleHttp for SOAP calls
Closes https://github.com/keycloak/keycloak/issues/17139
2023-03-31 10:57:47 -03:00
Pedro Igor
6086201fe0 Do not verify identity cookie when processing required actions
Closes #17539
2023-03-31 09:56:27 +02:00
Robert Dey
044aca0863 Use replacePath() instead of path() 2023-03-30 12:03:43 -03:00
Robert Dey
4df73714e0 Fix totp manual link for proxy mode
Closes #11774
2023-03-30 12:03:43 -03:00
mposolda
709c6b5a47 Regressions in redirect URL verification when redirect_uri has encoded path or default port
closes #16851
closes #16587
2023-03-30 14:20:10 +02:00
Pedro Igor
48082d08ec Email visible on registration page when edit username is not allowed
Closes #17439
2023-03-30 08:11:30 +02:00
Michal Hajas
e49dfe534e Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store
Closes #17277
2023-03-29 16:43:01 +02:00
Daniel Kobras
a45b5dcd90 Prefer cert over pubkey in SAML metadata
If SAML key material was given as a certificate, consistently
expose the certificate rather than just the public key when
presenting SAML metadata info. This change ensures that the
client obtains sufficient information (eg. issuer) to close
the trust chain.

Closes: #17549

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
2023-03-29 11:17:24 +02:00