The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.
Fixes#30931
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1)
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type
Fixes#31548
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries
On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.
Fixes#31046
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Closes#31726
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
The fixes (mostly selectors) are needed for tests.
In the future, to switch the keycloak.v2 to the default theme, do
the following:
- Update `ThemeSelectorProvider`: Uncomment relevant lines
- Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property
- Update `ThemeSelectorTest` per comment
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
Previously, the given connection string was check with URI.create(..) which
failed when multiple space separated LDAP URLs were given.
Closes#31267
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
closes: #30658
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Closes#30705
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Disable username prohibited chars validator when email as the username is set
Closes#25339
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.
We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.
We also ensure backwards compatibility for ClientPermissionManagement API.
Fixes#26435
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Support for service accounts when fetch roles is enabled
Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
* bump BCFIPS to 1.0.2.5
* fix bc-fips related test error
* remove unused imports
Closes: #26568
Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
Includes a new implementation for the providers:
* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory
Closes#28648
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Part 1 includes
* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature
New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider
Closes#28140
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP
Signed-off-by: tmorin <git@morin.io>
* Adding broker test and minor improvements
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing IdentityProviderTest
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Renaming methods related to idp initiated flows
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing partial_import_test.spec.ts
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---------
Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
* OpenJDK 21 support
Closes#28517
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* x509 SAN UPN other name is not handled in JDK 21 (#904)
closes#29968
Signed-off-by: mposolda <mposolda@gmail.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
* Remove all tests that are only executed for undertow app server
* Remove installation steps for OIDC adapter in wildfly/eap app server
* Remove the util adapters package except HttpClientBuilder
* Remove HttpClientBuilder and use plain apache http client
Closes#29912
Signed-off-by: rmartinc <rmartinc@redhat.com>
Closes: #29491
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
closes#25945
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
* initial screen
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* more screens
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added members tab
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added the backend
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added member add / invite models
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* initial version of the identity provider section
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* add link and unlink providers
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* small fix
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* PR comments
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Do not validate broker domain when the domain is an empty string
Closes#29759
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added filter and value
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added first name last name
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* refresh menu when realm organization is changed
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed to record
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed to form data
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed lint error
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Changing name of invitation parameters
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Chancing name of parameters on the client
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Enable organization at the realm before running tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Domain help message
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Handling model validation errors when creating organizations
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Message key for organizationDetails
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Do not change kc.org attribute on group
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* add realm into the context
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* tests
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Changing button in invitation model to use Send instead of Save
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Better message when validating the organization domain
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Fixing compilation error after rebase
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* removed wait as it no longer required and skip flacky test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* skip tests that are flaky
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* stabilize user create test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
