Commit graph

25349 commits

Author SHA1 Message Date
Stan Silvert
5d1166b473
OAuth 2.0 Device Polling Interval - Realms settings/Token Tab +- to change value not working (#29767)
* OAuth 2.0 Device Polling Interval - Setting in Realms settings/Token Plus-Minus to change value not working
>
> The input was taking a String type variable. Fixed it by converting it to a number so that numeric calculations can be done on it. Also, applied a condition for Minus button so that the count is never less than zero since the default value is 0.
>
> Closes #29551

Signed-off-by: Ahana Mallik <ahanamallik@gmail.com>

* Satisfy linter.

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: Ahana Mallik <ahanamallik@gmail.com>
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
Co-authored-by: Ahana Mallik <ahanamallik@gmail.com>
2024-05-23 10:11:24 +02:00
Daniel Fesenmeyer
c08621fa63 Always order required actions by priority (regardless of context)
- AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action
- AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation)
- add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now)
- fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80)

Closes #16873

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2024-05-23 09:07:56 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400)
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
Stefan Guilhen
37f85937a7 Move organization authenticator into conditional subflows in the default browser and first broker login flows
Closes #29446

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-22 20:48:29 -03:00
Peter Zaoral
bb1284704d
Enhance StartDevCommandDistTest to detect problems with URI scheme on Windows (#29593)
* added a test - a Windows drive letter within URI can cause issues

Related-to: #29329

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-05-22 17:19:57 +00:00
Alexander Schwartz
f103d595f6 Fix glob pattern in Codeowners for translations
Closes #29729

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 15:14:03 +02:00
Mark Franceschelli
bc82e7eb3c
Fix deprecated wizards (#29453)
* updated wizards

Signed-off-by: mfrances <mfrances@redhat.com>

* fix broken tests

Signed-off-by: mfrances <mfrances@redhat.com>

---------

Signed-off-by: mfrances <mfrances@redhat.com>
2024-05-22 14:18:28 +02:00
Jean Francois Denise
e284972d7a Fix for Issue #29773, Community keycloak-saml-adapter-galleon-pack shouldn't require to be resolved from channel
Signed-off-by: Jean Francois Denise <jdenise@redhat.com>
2024-05-22 13:54:52 +02:00
Ryan Emerson
0f17f0abc5
Require external Infinispan be of version 15 or greater
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 11:26:26 +00:00
vramik
1e597cca3e Split OrganizationResource into OrganizationResource and OrganizationsResource
Closes #29574

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
vramik
55bf4feebc Disable identity provider at the realm level when an organization is disabled
Closes #29483

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
vramik
278341aff9 Add organizations enabled/disabled capability
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 10:30:46 +02:00
Francis Pouatcha
542fc65923
Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 (#29628)
closes #29627 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>


Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-05-22 10:30:34 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Case Walker
f32cd91792 Upgrade owasp-java-html-sanitizer, address all fallout
Signed-off-by: Case Walker <case.b.walker@gmail.com>
2024-05-22 09:15:25 +02:00
Raffaele Lucca
a5a55dc66e
Protocol now is mandatory during client scope creation. (#29544)
closes #29027

Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
2024-05-22 09:10:46 +02:00
Patrick Jennings
84acc953dd
Client type OIDC base read only defaults (#29706)
closes #29742
closes #29422

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-22 09:07:19 +02:00
dependabot[bot]
68b2e40b38 ---
updated-dependencies:
- dependency-name: alpinejs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-22 09:05:36 +02:00
dependabot[bot]
cb8526e48c ---
updated-dependencies:
- dependency-name: react-hook-form
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-22 09:04:45 +02:00
dependabot[bot]
ee0b55d25a ---
updated-dependencies:
- dependency-name: lint-staged
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-22 09:04:05 +02:00
dependabot[bot]
70bdf29f38 ---
updated-dependencies:
- dependency-name: cypress
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-22 09:03:29 +02:00
rmartinc
9dfaab6d82 Invalid default/options in JavaKeystoreKeyProviderFactory algorithm property
Closes #29426

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 08:49:45 +02:00
Stian Thorgersen
ceb70778e4
Update governance model around changes in maintainership (#29292)
* Update governance model around changes in maintainership

Signed-off-by: stianst <stianst@gmail.com>

* Update GOVERNANCE.md

* Update GOVERNANCE.md

Co-authored-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
2024-05-22 08:24:10 +02:00
Pedro Igor
b019cf6129 Support unmanaged attributes for service accounts and make sure they are only managed through the admin api
Closes #29362

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-21 16:56:18 -03:00
Marek Posolda
6dc28bc7b5
Clarify the documentation about step-up authentication (#29735)
closes #28341

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-21 19:46:27 +02:00
Steven Hawkins
a74b084d9d
diagnostic: add a thread dump on failure (#29749)
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-21 16:22:11 +00:00
Martin Kanis
97cd5f3b8d Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not
Closes #29482

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-21 12:29:10 -03:00
Pedro Ruivo
7182bc2125 Infinispan 15.0.4.Final
Closes #29743

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-21 16:47:26 +02:00
Bruno Oliveira da Silva
4a21b44b5f Add documentation about how to handle CVEs on third-party libraries reported by Snyk
Closes #29707

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
2024-05-21 09:08:18 -03:00
秉虎
82ae047231
Update KeysListTab.tsx (#29337)
* Update KeysListTab.tsx

Signed-off-by: 秉虎 <s96016641@gmail.com>

* added missing singular key

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-21 13:56:57 +02:00
Hynek Mlnarik
65fcd44fe1 Use admin console correctly in KeycloakIdentity
Fixes: #29688

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-05-21 13:35:44 +02:00
mposolda
bb5f308e1d Translations for loa-condition-level and loa-max-age
closes #29738

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-21 13:28:35 +02:00
dependabot[bot]
9d16f0e7c0 ---
updated-dependencies:
- dependency-name: i18next
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-21 13:25:46 +02:00
himanshi1099
95d883c76f
Enable user when removing temporary lock (#29618)
Closes #29336

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
2024-05-21 11:21:24 +02:00
Ryan Emerson
5d0cb7959e
Execute Aurora DB cleanup in a separate workflow to prevent timeout on cancel (#29689)
Closes keycloak/keycloak-benchmark#803

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-05-21 09:17:15 +00:00
dependabot[bot]
5f2b9dc016 ---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-21 11:10:40 +02:00
Erik Jan de Wit
1a4b6090d3
add value of unmanagedAttributePolicy to the form (#29645)
fixes: #29644

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-21 10:55:16 +02:00
mposolda
bbd4b60163 Update documentation after adapters removal
closes #28792

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-21 09:34:48 +02:00
Stan Silvert
7a0eec5e19 Skip failing test for now.
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
2024-05-21 09:32:12 +02:00
Stian Thorgersen
ae034fd65f
Fix release labels (#29726) 2024-05-21 07:46:10 +02:00
dependabot[bot]
b7a2c2a834 Bump lightningcss from 1.24.1 to 1.25.0
Bumps [lightningcss](https://github.com/parcel-bundler/lightningcss) from 1.24.1 to 1.25.0.
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.24.1...v1.25.0)

---
updated-dependencies:
- dependency-name: lightningcss
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-20 21:06:58 +02:00
dependabot[bot]
cc558b4090 Bump i18next-http-backend from 2.5.1 to 2.5.2
Bumps [i18next-http-backend](https://github.com/i18next/i18next-http-backend) from 2.5.1 to 2.5.2.
- [Changelog](https://github.com/i18next/i18next-http-backend/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next-http-backend/compare/v2.5.1...v2.5.2)

---
updated-dependencies:
- dependency-name: i18next-http-backend
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-20 17:15:33 +02:00
Bruno Oliveira da Silva
b8f163ec8e Snyk Report is not preventing duplicates
Closes #29699

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
2024-05-20 11:29:25 -03:00
Hynek Mlnarik
5212878e9f Temporarily disable client_authorization_test
Workaround for #29688

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-05-20 14:44:36 +02:00
dependabot[bot]
c5ada9639e Bump @eslint/js from 9.2.0 to 9.3.0
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.2.0 to 9.3.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.3.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-20 10:35:29 +02:00
dependabot[bot]
8557669580 Bump @eslint/eslintrc from 3.0.2 to 3.1.0
Bumps [@eslint/eslintrc](https://github.com/eslint/eslintrc) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/eslint/eslintrc/releases)
- [Changelog](https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslintrc/compare/v3.0.2...v3.1.0)

---
updated-dependencies:
- dependency-name: "@eslint/eslintrc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-20 10:20:38 +02:00
rmartinc
3304540855 Allow admin console whoami endpoint to applications that have a special attribute
Closes #29640

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-20 09:51:07 +02:00
Richard van den Berg
cb3f248d73 Document getGroupById() will not set subGroups in JavaDoc
Closes #27787

Signed-off-by: Richard van den Berg <richard@vdberg.org>
2024-05-17 17:05:25 +02:00
Filipe Roque
e83f3af080 Call super constructor in subclasses of WebApplicationException
Frameworks like Datadog dd-trace-java java agent inspect the known WebApplicationException
and mark the exception as an HTTP 500, because that is the default for the
non argument constructor.

https://github.com/keycloak/keycloak/issues/29451

Signed-off-by: Filipe Roque <froque@premium-minds.com>
2024-05-17 16:25:59 +02:00