Calling parseSessionCode inside the try-catch would result in
ErrorPageException thrown by redirectToErrorPage being caught and
re-reported, resulting in one log entry with `invalidRequestMessage`
and another one with `unexpectedErrorHandlingRequestMessage`.
Additionally, one of ErrorPageException constructors didn't pass the
status to super(), resulting in the logger error message being
"HTTP 500 Internal Server Error" even though the status was actually
something else, like 400. I noticed that ErrorPageException can be
simplified by just passing the response to super(), which is one way of
fixing the problem.
Closes#33232
Signed-off-by: Krzysztof Szafrański <k.p.szafranski@gmail.com>
We now only show organization section in account ui if org support is enabled for realm.
Fixes#33735
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
The previous implementation uses principal as a key for a hashmap storing one certificate per entry. To preserve lookups, the value is now a List of certificates.
Additional logic was added to build certification validation chains using signature verification rather than just principal.
Closes#33125
Signed-off-by: Matt Eaton <git@divinehawk.com>
- Corrected "Map a custom user attribute to a to a SAML attribute." by removing the repeated "to a".
Closes: #33603
Signed-off-by: Pedro Aguiar <contact@codespearhead.com>
also moving initial bootstrapping after import
closes: #32689
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* fix: adds additional info / warnings to hostname v2
closes: #24815
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* refining the proxy-headers language from #33209
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding hostname-strict-https
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* moving removed property check to the quarkus side
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/HostnameV2PropertyMappers.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* Update docs/guides/server/hostname.adoc
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
The expected Destination Path needs to properly point to the client that is created for IDP-initiated SSO flow. This is especially an issue when Keycloak is behind a reverse proxy that terminates TLS.
Signed-off-by: Manish Mehta <ManishMehta@users.noreply.github.com>
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.
Closes#33207
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Closes#32209
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>