Commit graph

24766 commits

Author SHA1 Message Date
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393)
Closes #26201.

Signed-off-by: Lex Cao <lexcao@foxmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
Erik Jan de Wit
014b644724
removed use of deprecated dropdown (#28928)
towards: #28197

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-22 08:17:11 +02:00
Erik Jan de Wit
9a418cc53d
remove deprecated component use (#28924)
towards: #28197

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-22 07:21:58 +02:00
Alexander Schwartz
071032a108 Fixing the condition for embedded cache MTLS encryption
Closes #28750

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00
Alexander Schwartz
9d0b1ecee4 Review CLI option change for caching
Closes #28750

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3de5357091 CLI options to disable encryption and authentication to external Infinispan
Closes #28750

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
JN
6977d58d27
Add missing French and Spanish translations (#28807)
Closes #28798

Signed-off-by: JN <xkizokux@gmail.com>
2024-04-20 10:18:49 +00:00
etiksouma
1afd20e4c3 return proper error message for admin users endpoint
closes #28416

Signed-off-by: etiksouma <al@mouskite.com>
2024-04-20 12:17:53 +02:00
agagancarczyk
750ff41691
adll 3 scenarios (#28899)
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2024-04-19 15:40:49 -04:00
Erik Jan de Wit
659f0f583f
changed name and added version number (#28157)
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-19 14:10:34 -04:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Giuseppe Graziano
f6071f680a Avoid the same userSessionId after re-authentication
Closes keycloak/keycloak-private#69

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 14:44:39 +02:00
mposolda
c427e65354 Secondary factor bypass in step-up authentication
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
2024-04-19 14:43:53 +02:00
Giuseppe Graziano
897c44bd1f Validation of providerId during required action registration
Closes #26109

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 13:06:51 +02:00
Hynek Mlnarik
4f30400e07 Relax checking of messages
Related to: #28873
Fixes: #28911

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-19 12:52:40 +02:00
Václav Muzikář
2b8c895f71
Upgrade to Quarkus 3.8.4 (#28884)
Closes #28880

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-19 09:18:46 +00:00
Thomas Darimont
68617180a2 Show indicator for transient user in user sessions list in admin ui (28879)
For transient users a transient label is now shown in the realm sessions and client sessions list in the admin ui.

Fixes #28879

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-19 09:48:41 +02:00
Peter Zaoral
f9e68cdc54
quarkus-next: java.util.NoSuchElementException: No value present causes quarkus-server build failure (#28857)
* resolveFileLogLocation transformer method now checks the location value presence

Closes: #28856

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-19 09:14:19 +02:00
Steven Hawkins
d7ef650623
task: use informer rather than 0 interval polling (#28901)
related to: #28869

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-19 09:05:32 +02:00
Pascal Knüppel
ef45629df4
Add docs for transient-users how to prevent profile-review (#28889)
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>

#relatesTo https://github.com/keycloak/keycloak/discussions/26637
2024-04-18 23:49:51 +02:00
Joerg Matysiak
76a5a27082 Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it
Don't mask secrets at realm export

Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130 Make sure admin events are not referencing sensitive data from their representation
Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Steve Hawkins
0be34d64e7 task: refactor overlap between cli clients
also repackaging to more clearly delineate code roles

closes: #28329

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-18 17:39:16 -03:00
john-gom
808926b63e
Use a typeahead select where there are ten or more options (#28512)
Use typeahead for locale selector



Fix onFilter of SelectControl rather than removing it

Signed-off-by: John Gomersall <thegoms@gmail.com>
2024-04-18 16:18:00 -04:00
cgeorgilakis-grnet
89263f5255 Fix refresh token scope in refresh token flow with scope request parameter
Closes #28463

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-04-18 16:17:46 -03:00
Ricardo Martin
4c2542b91f
Better management of domains in TrustedHostClientRegistrationPolicy (#139) (#28876)
Closes keycloak/keycloak-private#63

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:06:50 +02:00
Ricardo Martin
8daace3f69
Validate Saml URLs inside DefaultClientValidationProvider (#135) (#28873)
Closes keycloak/keycloak-private#62

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:04:13 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872)
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Douglas Palmer
00d4cab55e Flaky test: org.keycloak.testsuite.forms.ResetPasswordTest#resetPasswordLink
Closes #21422

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-18 15:54:30 +02:00
Martin Bartoš
7f74286106 Emphasize the need for setting container limit
Closes #28729

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-18 15:44:27 +02:00
Hynek Mlnarik
9d1433d266 Update URL builder
Fixes: keycloak/keycloak-quickstarts#548

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-18 14:50:10 +02:00
Thomas Darimont
eb2936f655 Add note about using groups with transient-users
Document an additional approach for managing user-roles for transient-users via groups.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-18 14:49:18 +02:00
vramik
860f3b7320 Prevent updating IdP via organization API not linked with the organization
Closes #28833

Signed-off-by: vramik <vramik@redhat.com>
2024-04-18 09:14:54 -03:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint (#146) (#28866)
Closes #47

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Conflicts:
	core/src/main/java/org/keycloak/util/TokenUtil.java
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 14:11:05 +02:00
Stian Thorgersen
cbc4a8c305
Limit requests sent through session status iframe (#132) (#28864)
Closes #116

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-04-18 14:02:37 +02:00
Erik Jan de Wit
2c069433f9
remove use of deprecated components (#28800)
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-18 12:14:53 +02:00
Erik Jan de Wit
6a020d93f1
Moved masthead to ui-shared (#28871)
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-04-18 11:16:06 +02:00
rmartinc
ddacfbdefd Remove deprecated LinkedIn social provider
Closes #23127

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Justin Tay
d807093f63 Fix OCSP nonce handling
Closes #26439

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-18 09:04:46 +02:00
Pedro Igor
f0f8a88489 Automatically fill username when authenticating to through a broker
Closes #28848

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 08:24:34 +02:00
Pedro Igor
1e3837421e Organization member onboarding using the organization identity provider
Closes #28273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Peter Zaoral
e7dd5c1991
Hostname:v2 docs (#28123)
* hostname.adoc now contains the new hostname guide
* the old hostname is now available under hostname-deprecated.adoc

Closes: #27729

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:31:14 +02:00
Martin Bartoš
1fb83bb165
Release notes and Migration guide for Hostname v2 (#28621)
Closes #27730

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:29:59 +02:00
Alexander Schwartz
13af4f44f5
Defer updates of last session updates and batch them (#28502)
Defer updates of last session refreshes and batch them

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-17 09:25:05 +02:00
Erik Jan de Wit
a8d1d6edd7
use filtered times instead of all (#28770)
fixes: #28748

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-17 09:04:41 +02:00
Erik Jan de Wit
e4c4701100
added missing translations (#28775)
fixes: #28746

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-17 09:03:35 +02:00
Jon Koops
4f0298daae
Upgrade PNPM to version 9 (#28811)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-16 15:50:39 +00:00
Jon Koops
3216e7c781
Only allow a known refferer URI for the Account Console (#28743)
Closes #27628

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-16 17:24:22 +02:00
Martin Kanis
f764a9cb4a NPE when listing sessions in UI if associated user is gone
Closes #28801

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-16 11:53:36 -03:00
dependabot[bot]
8832da08fb
Bump vite from 5.2.8 to 5.2.9 (#28810)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.2.8 to 5.2.9.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.2.9/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-16 14:38:28 +00:00