Martin Kanis
887db25f00
Allow auto-redirect existing users federated from organization broker when using the username
...
Closes #30746
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-15 13:48:45 -03:00
Pedro Igor
c33585a5f4
All pubic brokers are shown during authentication rather than only those associated with the current organization
...
Closes #31246
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-12 17:51:39 +02:00
Douglas Palmer
9300903674
page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt
...
Closes #25440
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-07-12 16:24:21 +02:00
Pascal Knüppel
4028ada2a5
Add required default-context value to VerifiableCredential ( #30959 )
...
closes #30958
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-11 18:25:11 +02:00
Pascal Knüppel
96234d42cf
Exchange Enum type of Format for String ( #30875 )
...
closes #30873
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-11 18:18:14 +02:00
Steven Hawkins
4970a9b729
fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD
...
closes : #30658
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-07-11 18:07:57 +02:00
Pedro Igor
0410653e71
Do not send attributes when unlocking the user
...
Closes #31165
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-11 14:16:23 +02:00
rmartinc
096e335a92
Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider
...
Closes #30880
Closes #29755
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-11 12:40:45 +02:00
Pedro Igor
da6c9ab7c1
Bruteforce protector does not work when using organizations
...
Closes #31204
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-11 00:26:47 +02:00
Martin Kanis
922eaa9fc8
Disable username prohibited chars validator when email as username is… ( #31140 )
...
* Disable username prohibited chars validator when email as the username is set
Closes #25339
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 09:46:24 -03:00
Pedro Igor
d475833361
Do not expose kc.org attribute in user representations
...
Closes #31143
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 13:43:23 +02:00
rmartinc
f78a46485d
TE should create a transient session when there is no initial session in client-to-client exchange
...
Closes #30614
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-08 15:44:38 -03:00
Lucy Linder
b4f7487dd3
Fix ReCAPTCHA Enterprise failing due to new properties in response
...
The assessment response added a new field called accountDefenderAssessment.
This commit adds the new property, and also ensures new properties won't be
problematic next time by ignoring unknown properties on the top level object.
Closes : #30917
Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-07-08 16:59:47 +02:00
Thomas Darimont
c460fa7b48
Allow user to configure prompt parameter for google sign-in
...
Closes #16750
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-04 12:01:32 +02:00
Pedro Igor
f010f7df9b
Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-03 11:55:04 -03:00
Martin Kanis
e1b735fc41
Identity-first login flow should be followed by asking for the user credentials
...
Closes #30339
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-03 11:55:04 -03:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user ( #30054 )
...
* fix: adding password and service account based bootstrap and recovery
closes : #29324 , #30002 , #30003
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Fix tests
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-07-03 15:23:40 +02:00
Giuseppe Graziano
02d64d959c
Using _system client when account client is disabled for email actions
...
Closes #17857
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet
20cedb84eb
Check refresh token flow response for offline based on refresh token request parameter
...
Closes #30857
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-07-02 18:13:30 -03:00
Pedro Igor
cc2ccc87b0
Filtering organization groups when managing or processing groups
...
Closes #30589
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-28 10:27:18 -03:00
Thomas Darimont
690c6051bb
Fix scope policy evaluation for client to client token exchange ( #26435 )
...
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.
We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.
We also ensure backwards compatibility for ClientPermissionManagement API.
Fixes #26435
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-06-28 10:33:20 +02:00
Douglas Palmer
601355d517
Flaky test: org.keycloak.testsuite.oauth.TokenIntrospectionTest#testUnsupportedToken
...
Closes #30111
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-27 18:41:48 +02:00
mposolda
3c3f59f861
Move some server related logic from info representation classes to server codebase
...
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 11:00:30 +02:00
Jon Koops
cd0dbdf264
Use the Keycloak server URL for common resources ( #30823 )
...
Closes #30541
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-26 14:52:25 +00:00
Takashi Norimatsu
b0aac487a3
VC issuance in Authz Code flow with considering scope parameter
...
closes #29725
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-24 10:53:19 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM ( #29927 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
mposolda
6a9e60bba0
Flow steps back when changing locale or refreshing page on 'Try another way page'
...
closes #30520
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-21 11:22:15 +02:00
rmartinc
592c2250fc
Add briefRepresentation query parameter to getUsersInRole endpoint
...
Closes #29480
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-21 11:21:02 +02:00
Takashi Norimatsu
6b135ff6e7
client-jwt authentication fails on Token Introspection Endpoint
...
closes #30599
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-21 10:47:25 +02:00
Pedro Igor
a0ad680346
Adding an alias to organization and exposing them to templates
...
Closes #30312
Closes #30313
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
Jon Koops
77fb3c4dd4
Use correct host URL for Admin Console requests ( #30535 )
...
Closes #30432
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-19 15:21:53 +02:00
Francis Pouatcha
d4797e04a2
Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification ( #30420 )
...
closes #30419
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-06-18 17:07:49 +02:00
rmartinc
38d8cf2cb3
Add UPDATE event to the client-roles condition
...
Closes #30284
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-18 15:30:42 +02:00
Thibault Morin
f6fa869b12
feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP ( #29619 )
...
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP
Signed-off-by: tmorin <git@morin.io>
* Adding broker test and minor improvements
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing IdentityProviderTest
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Renaming methods related to idp initiated flows
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing partial_import_test.spec.ts
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---------
Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-14 08:54:49 -03:00
vramik
d355e38424
Provide a cache layer for the organization model
...
Closes #30087
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
Jon Koops
c7361ccf6e
Run the Vite dev server through the Keycloak server ( #27311 )
...
Closes #19750
Closes #28643
Closes #30115
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-12 11:55:14 +02:00
Pedro Igor
e6df8a2866
Allow multiple instances of the same social broker in a realm
...
Closes #30088
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-11 12:44:10 -03:00
Fouad Almalki
780ec71672
Add support of RTL UI in login themes ( #29907 )
...
Closes #29974
Signed-off-by: Fouad Almalki <me@fouad.io>
2024-06-11 07:12:13 -04:00
Patrick Jennings
75925dcf6c
Client type configuration inheritance ( #30056 )
...
closes #30213
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-06-10 18:59:08 +02:00
rmartinc
7d05a7a013
Logout from all clients after IdP logout is performed
...
Closes #25234
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-10 11:58:09 -03:00
e.sergeenko
f00c2f3eb0
Add ability to get realm attributes
...
Closes #30241
Signed-off-by: e.sergeenko <sergeenkoegor@yandex.ru>
2024-06-07 13:05:06 +02:00
rmartinc
760e01b9db
Improvements for openapi annotations in AuthenticationManagementResource
...
Closes #29788
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-07 13:04:00 +02:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs ( #29966 )
...
Closes #14122
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
vickeybrown
c96c6c4feb
Default SAML client type ( #29493 )
...
closes #29492
Signed-off-by: Vickey Brown <vibrown@redhat.com>
2024-06-07 11:43:43 +02:00
Erik Jan de Wit
5897334ddb
Align environment variables between consoles ( #30125 )
...
* change to make authServerUrl the same as authUrl
fixes : #29641
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Remove `authUrl` entirely
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Remove file that is unrelated
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Split out and align environment variables between consoles
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Restore removed variables to preserve backwards compatibility
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Also deprecate the `authUrl` for the Admin Console
Signed-off-by: Jon Koops <jonkoops@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-06-06 08:36:46 +02:00
Pedro Igor
94c194f1f4
Prevent users to unlink from their home identity provider when they are a managed member
...
Closes #30092
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2024-06-05 13:57:01 +02:00
mposolda
0bf613782f
Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error
...
closes #30102
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-05 13:55:02 +02:00
rmartinc
eedfd0ef51
Missing auth checks in some admin endpoints ( #166 )
...
Closes keycloak/keycloak-private#156
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-05 12:04:47 +02:00
Giuseppe Graziano
d5e82356f9
Encrypted KC_RESTART cookie and removed sensitive notes
...
Closes #keycloak/keycloak-private#162
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-05 10:33:44 +02:00
Pedro Igor
f8d55ca7cd
Export import realm with organizations
...
Closes #30006
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-05 09:50:03 +02:00