libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23375 commits 4 branches 5 tags 480 MiB
Commit graph

6297 commits

Author SHA1 Message Date
vramik
7fe7dfc529 ResourceType lost during clonning 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #20947
 2023-06-23 09:31:44 +02:00
Pedro Igor
aff6cc1cbd Running mappers during account linking 
Closes #11195

Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: toddkazakov
 2023-06-22 17:41:31 +02:00
Pedro Igor
eb5edb3a9b Support reading base32 encoded OTP secret 
Closes #9434
Closes #11561
 2023-06-22 08:08:13 -03:00
mposolda
137f8d807a Account Console II doesn't remove TOTP from UserStorage 
closes #19575
 2023-06-22 07:56:44 +02:00
Pedro Igor
0dd7c4a515 Fixing auth-server-quarkus-embedded 2023-06-21 17:18:26 +02:00
danielFesenmeyer
60b838675d Extend admin-client GroupsResource: Support the query functionality to be used in combination with the parameters first, max and briefRepresentation 
Closes #20016
 2023-06-21 12:13:22 -03:00
Gilvan Filho
2493f11331 count users by custom user attribute 
closes #14747
 2023-06-21 11:56:22 -03:00
mposolda
dc3b037e3a Incorrect Signature algorithms presented by Client Authenticator 
closes #15853

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-06-21 08:55:58 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console (#21098) 
Co-authored-by: Jon Koops <jonkoops@gmail.com>

Closes #9864
 2023-06-20 20:46:57 +02:00
fwojnar
a36be17a5c
Remove account package from testsuite (#20990) 
* Removal of testsuite account package

Related to #19668
Also closes #20527

* Fix failures + remove login folder from base-ui

---------

Co-authored-by: Ivan Khomyn <ikhomyn@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2023-06-20 08:50:39 +02:00
Daniele Martinoli
d9b271c22a
Extends the conditional user attribute authenticator to check the attributes of the joined groups (#20189) 
Closes #20007
 2023-06-19 15:22:35 +02:00
Miquel Simon
3daeee15f6
Add Forms IT (#20528) 
Closes #20519
 2023-06-19 14:44:20 +02:00
Jon Koops
29f9523646
Ensure RegisterTest runs in Chrome and Firefox (#21036) 2023-06-16 08:00:04 -04:00
Martin Bartoš
c6995f5ded Save ~2s for Keycloak startup in the testsuite 
Relates to #21033
 2023-06-16 10:47:28 +02:00
Alexander Schwartz
e410a76c42 Avoid caching the list of clientscopes in two places 
Closes #20426

Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2023-06-13 21:33:21 +02:00
rmartinc
ecf52285bc Simplify TokenManager expiration calculations using SessionExpirationUtils 
Closes https://github.com/keycloak/keycloak/issues/20794
 2023-06-13 10:09:47 +02:00
Pedro Igor
af975d20f1 Avoid iterating indefinetly when checking CRLs 
Closes #20725
 2023-06-12 17:50:16 +02:00
vramik
535bba5792 Update UserQueryProvider methods 
Closes #20438
 2023-06-12 16:04:26 +02:00
Arnaud Martin
ae5a47d548 Impossible to update a federated user credential label 
Closes #16613
 2023-06-12 15:39:52 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces 
Fixes #20877

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json (#19394) 
Closes #19373
 2023-06-09 10:46:28 +02:00
rmartinc
61968bf747 Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper 
Closes https://github.com/keycloak/keycloak/issues/19767
 2023-06-08 11:12:24 -03:00
Réda Housni Alaoui
eb9bb281ec Require user to agree to 'terms and conditions' during registration 2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators (#20731) 
closes #20497


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-08 14:52:34 +02:00
Hynek Mlnarik
12dd3edb10 Fix pagination issue with H6 
With Hibernate ORM 6, pagination started to be unreliable: When
setting the max results only if the first row was 0 has randomly
affected other threads where first row was greater than 0. The
latter thread sometimes produced query which did *not* account
for the offset (cf. threads `-t1` and `-t2` below, while `-t2`
missed the `offset ? rows` part whic `-t3` has).

This has been fixed by setting the first row offset unconditionally.

Closes: #20202
Closes: #16570

```
2023-06-02 10:19:03.855000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t1) Running computation for segment 0 with worker 0
2023-06-02 10:19:03.856000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t1) Loading sessions for segment=0 lastSessionId=00000000-0000-0000-0000-000000000000 first=0
2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@2fb60f8b
2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) After pagination: 0, 64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t2) Running computation for segment 1 with worker 1
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t2) Loading sessions for segment=1 lastSessionId=00000000-0000-0000-0000-000000000000 first=64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t3) Running computation for segment 2 with worker 2
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set first to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) After pagination: 64, 64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t3) Loading sessions for segment=2 lastSessionId=00000000-0000-0000-0000-000000000000 first=128
10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t1)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID fetch first ? rows only
10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t2)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID fetch first ? rows only
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [1] as [VARCHAR] - [1]
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [2] as [VARCHAR] - [00000000-0000-0000-0000-000000000000]
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [3] as [INTEGER] - [64]
10:19:03,860 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t3)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID offset ? rows fetch first ? rows only
2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [3] as [INTEGER] - [128]
2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [4] as [INTEGER] - [64]
```

Co-authored-by: mkanis <mkanis@redhat.com>
 2023-06-07 20:45:34 +02:00
Saman-jafari
31db84e924 fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality 
test also added to check the availability of issueFor(azp) and redirect uri in Action
Fixes #14860
Fixes #15136
 2023-06-07 12:19:46 -03:00
Zvi Grinberg
ace83231ee Update RegexPolicyTest.java 
Add forgotten imports
 2023-06-07 10:18:10 -03:00
Zvi Grinberg
b29ce53f6e Fix bug in regex policy evaluation that it ignored flatted user claims that are mapped by protocol mappers to complex JSON structure in access token( in the access token JWT it's key and value is a JSON by itself) 
fixes: #20436
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
 2023-06-07 10:18:10 -03:00
Alice Wood
7e56938b74 Extend group search attribute functionality to account for use case where only the leaf group is required 2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705 EventBuilder fixes to copy the store and session context 
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
 2023-06-07 08:34:27 -03:00
Jon Koops
9a8d1ca1f3
Stop waiting page load when calling assertCurrent() (#20786) 2023-06-07 13:13:46 +02:00
Pedro Hos
9ebd94a3a8 Userinfo endpoint doesn't accept charset #20671 
Closes 20671
 2023-06-07 08:08:05 +02:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator (#20572) 
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.

Closes #8753
---------

Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
 2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc Fix and correlate session timeout calculations in legacy and new map implementations 
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
 2023-06-05 18:46:23 +02:00
Jon Koops
8eee3f434b
Fix test for brute force detection of recovery codes (#20784) 2023-06-05 11:55:30 -04:00
rmartinc
d80094793b Manage elytron configuration if configured for JDK-17 
Closes https://github.com/keycloak/keycloak/issues/20385
 2023-06-05 13:50:28 +02:00
Jon Koops
7ce96bb6d5
Remove workaround for legacy consoles from waitForPageToLoad (#20754) 2023-06-05 07:48:08 -04:00
Aboullos
612fe33ade
Remove AccountUpdateProfilePage from the testsuite (#19362) 
closes #15202
 2023-06-02 11:46:49 +02:00
Pedro Igor
f69ff5d270 Execution config not duplicated when duplicating flows 
Closes #12012
 2023-06-01 16:12:06 +02:00
mposolda
bf9c5821cb Fix for certificate revalidation 
closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542
 2023-05-31 15:42:37 +02:00
Alexander Schwartz
512e30b210 Add escaping for fields with wildcard search 
Closes #20510
 2023-05-31 14:38:04 +02:00
Takashi Norimatsu
a29c30ccd5 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request 
closes #20623
 2023-05-31 14:02:44 +02:00
vramik
a175efcb72 Split UserQueryProvider into UserQueryMethods and UserCountMethods and make LdapStorageProvider implement only UserQueryMethods 
Co-authored-by: mhajas <mhajas@redhat.com>

Closed #20156
 2023-05-31 11:47:54 +02:00
Jay Linski
403632438a
Improve a11y by providing the current language (#20213) 2023-05-30 13:46:14 -04:00
Takashi Norimatsu
6b42c2b4d0 FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error 
Closes #20622
 2023-05-30 18:24:50 +02:00
stianst
0832992e59 Removing OpenShift integration and moving to separate extension 
closes #20496

Co-authored-by: mposolda <mposolda@gmail.com>
 2023-05-30 17:39:32 +02:00
Pedro Igor
17c3804402 Tests for user property mapper 
Closes #20534
 2023-05-29 14:21:03 +02:00
Yoshiyuki Tabata
bd37875a66 allow specifying format of "permission" parameter in the UMA grant token 
endpoint (#15947)
 2023-05-29 08:56:39 -03:00
Martin Bartoš
b438776b94
Introduced additional dependencies in the testsuite (#20600) 
Fixes #20599

Fixes #20384
 2023-05-26 15:41:45 +02:00
Hynek Mlnarik
54c9403cc0 Fix CacheExpirationTest 
Sometimes the initialization of keycloak session factory
took longer than the expiration was set on the elements,
so they were not found in the cache where they were awaited.
This is fixed by adding an assumption on the time, and if the
time is over the expiration, the remainder of the test is skipped.
The timeout is set in order to run fully most of the time in GHA.

Closes: #20269
 2023-05-26 15:07:51 +02:00
Jon Koops
98e5e9799b Improve third-party storage access detection and cookie fallback 2023-05-25 22:16:59 -03:00
Douglas Palmer
1b8901f5a2 Changing the email address has no impact at username regardless "Email as username" toggle 
closes #20459
 2023-05-25 07:54:03 -03:00
Hynek Mlnarik
fc0e47caa4 Fix KcCustomOidcBrokerTest 
Fixes: #20541
 2023-05-25 10:20:36 +02:00
Peter Zaoral
72b238fb48
Keystore vault (#19644) 
* KeystoreVault SPI

* added KeystoreVault - a Vault SPI implementation (#19281)

Closes #17252

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-05-24 16:20:30 +00:00
Jon Koops
90d2a01619
Replace ChromeJavascriptBrowser annotation with JavascriptBrowser (#20535) 2023-05-24 11:23:15 +00:00
Hynek Mlnarik
4950f7bebe Target correct user resource 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
b9983cc5f6 Fix BrokerTest 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
ac59c551c3 Fix transaction boundaries in tests 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
38442ee0a6 Fix event tests 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
3e58d3da8d Proper cleanup 2023-05-23 20:53:30 +02:00
vramik
bdbbd2959d User search with LDAP federation not consistent 
Closes #10195
 2023-05-23 11:48:33 +02:00
wojnarfilip
34b9eed8f0 Removes AccountFederatedIdentityPage from testsuite 
Closes #15199
 2023-05-22 11:07:48 -03:00
i7a7467
e41e1a971a SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata 
Closes #11079
 2023-05-22 10:05:17 +02:00
vramik
fd6a6ec3ad Make LDAP searchForUsersStream consistent with other storages 
Co-authored-by: mhajas <mhajas@redhat.com>

Closes #17294
 2023-05-19 08:40:41 +02:00
Artur Baltabayev
33215ab6f4
Added User-Session Note Idp mapper. (#19062) 
Closes #17659


Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
Co-authored-by: Sebastian Schuster <sebastian.schuster@bosch.io>
 2023-05-18 13:47:10 +02:00
Lukas Hanusovsky
eb77dcf014 Removing PHOTOZ client and related tests testing UI. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
d9b95e0240 Testsuite with Undertow and OpenJDK17 - Nashorn library support. 
GH Actions failures - refactoring.
 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
406aa21b0b UserStorageTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
b8b9adbea2 CookieTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
29deaca3f5 DemoServletsAdapterTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
47fd10469f Old account console dependencies removed - refactoring. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
130807fa7b AbstractCustomAccountManagementTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
2ad8f7dd62 Old account console dependencies removed. Closes #19668 
* LoginTest
* SessionServletAdapterTest
* ClientRedirectTest
* TrustStoreEmailTest
* BrowserFlowTest
* SocialLoginTest
* JavascriptAdapterTest
 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
c685366169 CookiesPathTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
5e323ae173 Old account console dependencies removed. Closes #19668 
* ConsentsTest
* UserTest
* SessionTest
* LoginEventsTest
* AbstractKeycloakTest
 2023-05-18 13:09:51 +02:00
danielFesenmeyer
d543ba5b56 Consistent message resolving regarding language fallbacks for all themes 
- the prio of messages is now as follows for all themes (RL = realm localization, T = Theme i18n files): RL <variant> > T <variant> > RL <region> > T <region> > RL <language> > T <language> > RL en > T en
- centralize the message resolving logic in helper methods in LocaleUtil and use it for all themes, add unit tests in LocaleUtilTest
- add basic integration tests to check whether realm localization can be used in all supported contexts:
  - Account UI V2: org.keycloak.testsuite.ui.account2.InternationalizationTest
  - Login theme: LoginPageTest
  - Email theme: EmailTest
- deprecate the param useRealmDefaultLocaleFallback=true of endpoint /admin/realms/{realm}/localization/{locale}, because it does not resolve fallbacks as expected and is no longer used in admin-ui v2
- fix locale selection in DefaultLocaleSelectorProvider that a supported region (like "de-CH") will no longer selected instead of a supported language (like "de"), when just the language is requested, add corresponding unit tests
- improvements regarding message resolving in Admin UI V2:
  - add cypress test i18n_test.spec.ts, which checks the fallback implementation
  - log a warning instead of an error, when messages for some languages/namespaces cannot be loaded (the page will probably work with fallbacks in that case)

Closes #15845
 2023-05-17 15:00:32 +02:00
Dominik Schlosser
8c58f39a49 Updates Datastore provider to contain full data model 
Closes #15490
 2023-05-16 15:05:10 +02:00
Takashi Norimatsu
7f5e94db87 KEYCLOAK-19539 FAPI 2.0 Baseline : Reject Implicit Grant 2023-05-16 14:17:29 +02:00
Hynek Mlnařík
edb292664c
File store freeze 
* File store: Fix ID determination

* Forbid changing ID (other setters)

* Improve handling of null values

* Support convertible keys in maps

* Fix writing empty values

* Fix updated flag

* Proceed if an object has been deleted in the same tx

* Fix condition

Co-authored-by: Michal Hajas <mhajas@redhat.com>

---------

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-05-16 12:03:59 +02:00
Alexander Schwartz
8cfe8b1411
Update the docs on passthrough proxy (#20072) 
Closes #20070
 2023-05-15 15:44:47 +00:00
Miquel Simon
e959e20e1a Upgrade tested DB versions 2023-05-15 12:36:27 -03:00
Martin Bartoš
a68aadd9d0 Conditionally build WildFly adapters for our testsuite 
Fixes #20077

Revert once https://github.com/keycloak/keycloak/issues/19299 is solved
 2023-05-15 14:58:49 +02:00
Miquel Simon
90bc5835ea
Due to a bug in chromedriver version < 113.0.5672.92, temporarily ignoring some tests. (#20347) 2023-05-15 14:40:08 +02:00
rmartinc
025778fe9c SSSD User Federation integration for quarkus distribution 
Closes https://github.com/keycloak/keycloak/issues/16165
 2023-05-09 11:32:52 +02:00
Jon Koops
6f4b9885ca
Use Chrome as the default JavaScript browser (#14702) 2023-05-08 08:40:27 +02:00
Martin Bartoš
960e3503ec
Artifact SLF4J LOG4J-12 has been relocated (#20113) 2023-05-05 13:57:45 +02:00
vramik
d1ab921c50 JpaUserProvider count methods are inconsistent with searchForUser's param filter handling 
Closes #17581
 2023-05-05 08:22:05 +02:00
rmartinc
d9025db536 Migrate realms if configured to use RH-SSO themes 
Closes https://github.com/keycloak/keycloak/issues/17484
 2023-05-02 15:38:33 +02:00
Martin Bartoš
3f6925143a
Support JavaEE for Admin client (#19988) 2023-04-28 16:35:31 +02:00
Martin Bartoš
b87b70a35d Ignore particular legacy clustering tests 
Revert once https://github.com/keycloak/keycloak/issues/19834 issue is resolved
 2023-04-27 13:36:54 +02:00
Martin Bartoš
79178b5a23 Use WildFly as the default app server 2023-04-27 13:36:54 +02:00
Martin Bartoš
9d40f77746 Ignore DemoFilterServletAdapterTestForCustomizedIdMapper test 
Revert once https://github.com/keycloak/keycloak/issues/19809 issue is resolved
 2023-04-27 13:36:54 +02:00
Martin Bartoš
b96328868c Fix for Java distribution tests and JDK 17+ 2023-04-27 13:36:54 +02:00
Martin Bartoš
60fd7e63d9 Fix OfflineServletsAdapterTest 2023-04-27 13:36:54 +02:00
Martin Bartoš
8d5a4f2677 Fix FIPS tests 2023-04-27 13:36:54 +02:00
Martin Bartoš
c1cced9f31 Fix CorsExampleAdapterTest 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java - Modified
 2023-04-27 13:36:54 +02:00
Peter Zaoral
72663060c9 Quarkus3 branch sync no. 13 
11.4.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Martin Bartoš
5b7e9a2603 Remove WF dependencies, add Jakarta SOAP, fix tests 
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
IdeaProjects/keycloak/quarkus/pom.xml - Modified
IdeaProjects/keycloak/quarkus/runtime/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
8fb7fb0de9 Integrate Quarkus 3.0.0.Alpha6 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
bc43e4f435 Integrate Jakarta Mail API 2.1.0 2023-04-27 13:36:54 +02:00
Martin Bartoš
de663dbf93 Quarkus3 branch sync no. 9 
10.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* changed version from 999-SNAPSHOT to 999.0.0-SNAPSHOT
 2023-04-27 13:36:54 +02:00
Martin Bartoš
952faed4c9 Run Adapter tests with JavaEE support 
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/.github/actions/build-keycloak/action.yml - Modified
 2023-04-27 13:36:54 +02:00
Peter Zaoral
0b4f40f89b Quarkus3 branch sync no. 8 
3.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Martin Bartoš
abf765185d Fix WebAuthn tests 2023-04-27 13:36:54 +02:00
Martin Bartoš
64738ea708 Fix issues with JakartaEE Mail dependencies 
This reverts commit da4644844ed88818c05d777460624403326ab01c

---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
 2023-04-27 13:36:54 +02:00
Peter Zaoral
5ebe4ca7c8 Quarkus3 branch sync no. 6 
17.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Peter Zaoral
946eacd5b6 Quarkus3 branch sync no. 5 
10.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Martin Bartoš
2cb7c9f5ec Fix account console tests 2023-04-27 13:36:54 +02:00
Stefan Guilhen
3409a0c840 Fixes SAML tests in testsuite 
- adds dependency to saaj-impl in saml core public
- updates test apps' web.xml files to use jakarta namespaces
- small cleanup in main pom
- changes order of e-mail servers in testsuite pom to enforce usage of greenmail (changes order in Undertow's classpath)

Closes #16711
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
4bdf2fe21d Fixing parameter which should be a string plus dependencies 
Closes #16649
 2023-04-27 13:36:54 +02:00
Peter Zaoral
028c3dd26e uarkus3 branch sync no. 13 (11.4.2023) 
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/transaction/StorageTransactionTest.java - Modified
---
27.1.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
vramik
fa3ba6331e Remove JsonbPostgreSQL95Dialect from keycloak-server.json from testsuite utils 
Fixes #16336
 2023-04-27 13:36:54 +02:00
Martin Bartoš
b1da7bd613 Revert Mail API 
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/quarkus/pom.xml - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
1f126647fe Update dependencies 2023-04-27 13:36:54 +02:00
Martin Bartoš
c0b82ae72b Upgrade Arquillian Undertow embedded 2023-04-27 13:36:54 +02:00
Hynek Mlnarik
4189edc9f1 Fix dependency 
Fixes: #16538
 2023-04-27 13:36:54 +02:00
vramik
60e6fb9dae Register custom functions FunctionContributor 
Closes #16336

---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
 2023-04-27 13:36:54 +02:00
Peter Zaoral
4ff2de7f46 Quarkus3 branch sync 
18.1.2023:
* applied Quarkus 3 OpenRewrite recipe
* fixed the parts that were missed by the script

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Martin Bartoš
77a494d3be Undertow JakartaEE adapter in the testsuite 2023-04-27 13:36:54 +02:00
Martin Bartoš
124591ce1a Adapters can still use Java EE 
- Provided all JavaEE dependencies for adapters
- Automatically build Undertow Jakarta EE for testsuite (missing SAML)
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Stefan Guilhen
ab6ca6e63d Enable KeycloakServer again by re-enabling undertow adapters 
---
Quarkus3 branch sync #2 (20.1.2023)
Resolved conflicts:
keycloak/testsuite/utils/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
40c38e0133 Fix dependencies in testsuite, adapters and Quarkus module 
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Stefan Guilhen
384d7c17f7 - Fix issues in legacy store 
- Testsuite (switch undertow-embedded.version)
 2023-04-27 13:36:54 +02:00
Martin Bartoš
6118e5cfb7 Use JakartaEE dependencies 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.* 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
 2023-04-27 13:36:54 +02:00
Hynek Mlnarik
d7d50634b3 Do not impose assumptions on ID format 
Closes: #19814
 2023-04-26 15:37:50 +02:00
Hynek Mlnarik
80ba42a0b4 Tests: Determine IDs from Keycloak 
Instead of assuming that the ID of created objects is honored,
the tests are rewritten in the way which obtains the ID from
the created objects. This is to account for storages where
ID is not necessarily an UUID and cannot be thus prescribed.

Closes: #19814
 2023-04-26 15:37:50 +02:00
rmartinc
04ac3a64ee Adding support for rsa-oaep for SAML encryption 
Closes https://github.com/keycloak/keycloak/issues/19689
 2023-04-26 10:46:10 +02:00
mposolda
a3f2ebb193 Ability to override default/built-in providers with same providerId. Using ProviderFactory.order() for choosing priority providers 
Closes #19867
 2023-04-25 18:04:58 +02:00
Peter Zaoral
78958ae434
Fix Base Testsuite timeouts on Windows 2023-04-25 16:01:08 +02:00
Lukas Hanusovsky
30d976d64c
RequiredActionEmailVerificationTest - old account console dependencies removed. (#19843) 
Closes #19668
 2023-04-25 08:19:43 +02:00
Hynek Mlnarik
3161c4424c Fix export / import tests relict 
Closes: #19812
 2023-04-19 22:17:49 +02:00
Hynek Mlnarik
0ddc71d987 Properly encode id in URL 
Closes: #19816
 2023-04-19 15:10:04 -03:00
rmartinc
8e55a63f31 Do not allow add sub-flow to built-in workflow 
Closes https://github.com/keycloak/keycloak/issues/15536
 2023-04-19 11:12:49 +02:00
rmartinc
f051a0cdb3 Improve SessionCodeChecks to detect better the ALREADY_LOGGED_IN situation 
Closes https://github.com/keycloak/keycloak/issues/19677
 2023-04-18 10:35:47 -03:00
Lukas Hanusovsky
4a8510f7d9
Stop disabling Account Console v2 for tests that run fine (#19728) 
Works towards closing #19668
 2023-04-17 16:26:32 -03:00
Marek Posolda
8d01109158
Invalid parameter redirect_uri when using an invalid client_id (#19731) 
closes #19662
 2023-04-17 15:12:59 +02:00
Hynek Mlnarik
21510dff0c Add FILE constant to StoreProvider 2023-04-17 08:29:49 +02:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts 
Closes #17359
 2023-04-16 17:41:22 +02:00
Alexander Schwartz
d7c3678096
Add missing UI dependencies for interactive tests (#19736) 
Closes #19735
 2023-04-15 16:58:55 -04:00
danielFesenmeyer
5554c62bea Change locale of user profile validation message to be resolved from authenticated user instead of validated user 
Closes #19707
 2023-04-14 11:51:15 -03:00
Stian Thorgersen
f4cabea08c
Make sure the code is bound to the user session (#18) (#17380) (#17389) 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-04-14 14:42:12 +02:00
Lukas Hanusovsky
556758943f
Old Account Console removal - cleanup imports (#19700) 
Part of #19668
 2023-04-13 14:57:28 +00:00
Jon Koops
a2eb619e0e
Include Account Console version 3 as a theme (#19641) 2023-04-13 09:41:40 -04:00
Vladislav Plemyannik
ca9c6dddc1 Fix of ant configure.xml to be able to build integration-arquillian-servers-auth-server-quarkus module on Windows 
Closes #19591
 2023-04-13 09:24:53 -03:00
vramik
2b890eb79d Zero downtime smoke tests 
Closes #16481
 2023-04-12 11:24:35 +02:00
Michal Hajas
b730d861e7
Refactor map storage transaction initialization 
* Refactor transaction to be enlisted in MapStorageProvider instead of area provider

* Make KeycloakTransaction methods optional for MapKeycloakTransaction

* Remove MapStorage interface that contained only createTransaction method

* Rename *MapStorage to *CrudOperations

* Adjust File store to new structure

* Rename MapKeycloakTransaction to MapStorage

* Rename getEnlistedTransaction to getMapStorage in AbstractMapProviderFactory

* Rename variables tx and transaction to store

* Add createMapStorageIfAbsent to JpaMapStorageProvider

* Update JavaDoc

Co-authored-by:  Hynek Mlnarik <hmlnarik@redhat.com>
 2023-04-12 11:21:14 +02:00
Pedro Igor
83676bf927 Extract JUnit5 support in the distributoin testsuite to a separate module 
Closes #19552
 2023-04-11 10:48:56 +02:00
Martin Kanis
37af5fbffe Introduce optimistic locking for HotRod storage 
Closes #15402
 2023-04-11 09:33:01 +02:00
Lukas Hanusovsky
9bb18400ad
Remove AccountTotpPage from the testsuite (#17657) 
Closes #15201
 2023-04-06 11:49:29 +02:00
fwojnar
f55794f8bf
Removes AccountApplicationsPage (#17651) 
Closes #15198 


Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2023-04-05 16:54:16 +02:00
mposolda
c6f13363b9 Add nashorn javascript engine to Keycloak server 
closes #17671
 2023-04-04 14:56:46 +02:00
rmartinc
99330dbb6d Manage JsonProcessingException to not return error 500 when json data is wrong 
Closes https://github.com/keycloak/keycloak/issues/11517
 2023-04-03 18:07:34 +02:00
mposolda
4d8d6f8cd8 Preserve authentication flow IDs after import 
closes #9564
 2023-04-03 16:01:52 +02:00
Jon Koops
bdc019b02c
Fully deprecate function-style constructor for Keycloak JS (#19438) 2023-04-03 14:45:55 +02:00
Hynek Mlnarik
85c0b47c31 Fix ClientPoliciesExtendedEventTest 
Closes: #19487
 2023-04-03 14:43:50 +02:00
Hynek Mlnarik
0d5363d0d5 Throw an exception rather than returning response 
Closes: #17644
 2023-04-03 14:43:50 +02:00
Alexander Schwartz
d210980988 Close factory when creation fails 
Closes #16671
 2023-03-31 10:19:29 +02:00
Pedro Igor
6086201fe0 Do not verify identity cookie when processing required actions 
Closes #17539
 2023-03-31 09:56:27 +02:00
rmartinc
89dfeeec38 The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties 
Closes https://github.com/keycloak/keycloak/issues/10412
 2023-03-30 21:45:07 +02:00
mposolda
709c6b5a47 Regressions in redirect URL verification when redirect_uri has encoded path or default port 
closes #16851
closes #16587
 2023-03-30 14:20:10 +02:00
Pedro Igor
48082d08ec Email visible on registration page when edit username is not allowed 
Closes #17439
 2023-03-30 08:11:30 +02:00
Douglas Palmer
ff27f6c77c Fix SSSDTest 
closes #19397
 2023-03-29 21:54:00 +02:00
Jon Koops
8f627517cb
Remove legacy Promise APIs from Keycloak JS (#19389) 2023-03-29 16:29:27 +00:00
Michal Hajas
e49dfe534e Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store 
Closes #17277
 2023-03-29 16:43:01 +02:00
Daniel Kobras
a45b5dcd90 Prefer cert over pubkey in SAML metadata 
If SAML key material was given as a certificate, consistently
expose the certificate rather than just the public key when
presenting SAML metadata info. This change ensures that the
client obtains sufficient information (eg. issuer) to close
the trust chain.

Closes: #17549

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
 2023-03-29 11:17:24 +02:00
Marek Posolda
032ece9f7b
Clarify user session limits documentation and test SSO scenario (#19372) 
Closes #17374


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-03-29 10:08:45 +02:00
rmartinc
2bb9de1a8c Allow application/jwt media type for userinfo endpoint 
Closes: https://github.com/keycloak/keycloak/issues/19346
 2023-03-28 08:47:35 -03:00
Michal Hajas
beca22311b Add RefreshTokenTest to database suite so it can catch some expiration issues similar to #17570 2023-03-28 08:32:31 +02:00
Michal Hajas
2a5b5c4a40 Fix stale client session is present in user session 
Closes #17570
 2023-03-28 08:32:31 +02:00
Pedro Igor
a9c605750d Returning email as username setting for admins 
Fixes #17591
 2023-03-27 16:33:44 -03:00
Alexander Schwartz
251f6151e8 Rework the Import SPI to be configurable via the Config API 
Also rework the export/import CLI for Quarkus, so that runtime options are available.

Closes #17663
 2023-03-24 15:28:55 -03:00
Pedro Hos
bd0a23a865 /users/count endpoint with search field has different behavior than /users query endpoint #17620 
closes #17620
 2023-03-24 13:43:47 +01:00
Klajdi Paja
cf61a65198 Return a user friendly message when a group name already exists on the same level. 
Closes #16888
 2023-03-24 08:13:49 +01:00
rmartinc
8bc5273792 EAP7 and wildfly adapter tests fixes. Execute enable-elytron-se17.cli for EAP7 and JDK-17. 
Closes https://github.com/keycloak/keycloak/issues/19273
 2023-03-23 17:02:39 -03:00
Ayrat Hudaygulov
f578f91a0b Fix ID token not being sent after expiration for OIDC logout 
Closes #10164
 2023-03-23 13:01:02 +01:00
Hiroyuki Wada
46eb2e1b84 Fix attribute deleted from LDAP is not immediately reflected even if it is "Always Read Value From LDAP" 2023-03-21 10:28:41 +01:00
Ricardo Martin
1a622e707f
Flaky tests org.keycloak.testsuite.federation.sync.SyncFederationTest (#19095) 
Closes: https://github.com/keycloak/keycloak/issues/17430
Closes: https://github.com/keycloak/keycloak/issues/17431
 2023-03-21 08:30:42 +01:00
Alexander Schwartz
513bb809f3 Add a map storage global locking implementation for JPA 
Closes #14734
 2023-03-21 08:21:11 +01:00
rmartinc
bef0a4a6f1 Check frontendUrl in the hostname providers 
Closes https://github.com/keycloak/keycloak/issues/17686
 2023-03-20 18:54:58 -03:00
Miquel Simon
80d3cc5dea Added option for Chrome driver needed for version >= 111. 
Closes #19137
 2023-03-20 13:09:23 +01:00
Pedro Igor
a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library 
Closes keycloak#17353
 2023-03-17 11:40:51 +01:00
rmartinc
cab7e50410 Better handling for SAML signatures in POST and REDIRECT bindings 
Closes https://github.com/keycloak/keycloak/issues/17456
 2023-03-15 09:06:59 -03:00
Martin Kanis
5e7793b64d Unexpected invalid_grant error on offline session refresh when client session is not in the cache 
Closes #9959

Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Lex Cao <lexcao@foxmail.com>
 2023-03-15 12:39:43 +01:00
Jon Koops
96aa4b3394
Add Maven build for the Admin UI (#17552) 2023-03-13 18:16:12 +00:00
Hynek Mlnarik
fe5d89295f Fix client (scope) model test placement 
Fixes: #17212
 2023-03-13 14:35:14 +01:00
Pedro Igor
af475ffe23 Fixing classloading issue due to the curated application being eagerly closed 2023-03-13 09:34:49 +01:00
Alexander Schwartz
0b2802fa18 Fixing compile time warnings 
Avoiding calling deprecated methods, and adding compile time dependencies for annotations.

Closes #17499
 2023-03-09 15:42:55 +01:00
vramik
31e4c5cb7e Add storage-jpa-db property into Quarkus. Distinguish postgres and crdb for jpa map store. 
Closes #17305
 2023-03-09 11:09:56 +01:00
Tero Saarni
9052ec2b02
Add admin events for realm create/delete. (#10831) 
Closes #10733
 2023-03-07 15:57:06 +01:00
Simon Levermann
96c1cf3c49 Allow mapping of UserSessionNotes into UserInfo 
Fixes #15369
 2023-03-07 15:25:14 +01:00
rmartinc
a56b38c5a6 Don't remove session and don't reset restart cookie if passive check error 
Closes https://github.com/keycloak/keycloak/issues/11340
 2023-03-07 15:10:09 +01:00
rmartinc
06ff8b016c Don't set REMEMBER_ME if it's disabled at realm level 
Closes https://github.com/keycloak/keycloak/issues/11330
 2023-03-07 15:01:58 +01:00
Michal Hajas
837c64de3d Add support for pessimistic locking to HotRod 
Closes #13273
 2023-03-07 10:44:31 +01:00
Alexander Schwartz
f6f179eaca Rework the export to use CLI options and property mappers 
Also, adding the wiring to support Model tests for the export.

Closes #13613
 2023-03-07 08:22:12 +01:00
mposolda
a0192d61cc Redirect loop with authentication success but access denied at default identity provider 
closes #17441
 2023-03-06 10:45:01 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer 
Closes #17336
 2023-03-03 17:58:34 +01:00
Zakaria Amine
fb5a7f654b
trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100) 
closes #15098
 2023-03-03 17:49:27 +01:00
Jon Koops
6d2e57f93a
Move Keycloak JS into the NPM workspace (#17401) 2023-03-03 13:56:53 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Alexander Schwartz
95a6effcef Increase memory for the model tests to avoid an OOM error 
Closes #17427
 2023-03-03 10:55:03 +01:00
Alexander Schwartz
1e4401f521 Avoid returning the same entity multiple times from separate searches 
Closes #15604
 2023-03-02 08:21:38 +01:00
mposolda
b28bde542f referrer_url is not correctly computed in account console 
closes #16484
 2023-03-01 20:49:15 +01:00
Marek Posolda
59f4fe1c60
NPE on Theme after upgrade to 21 when parent or import theme not exists (#17350) 
* NPE on Theme after upgrade to 21 when parent or import theme not exists
closes #17313

* Update per review
 2023-03-01 15:46:37 +00:00
Michal Hajas
e02c95f9d3 Fix testReleaseAllLocksMethod timing out intermittently 
Closes #17337
 2023-03-01 14:55:50 +01:00
rmartinc
5cdf4d5791 Read-Only attributes should be modified if creation is delayed for LDAP 
Closes https://github.com/keycloak/keycloak/issues/16848
 2023-03-01 11:26:57 +01:00
Michal Hajas
7899c6c80a Make DeviceRepresentationProvider available for all model test profiles 
Closes #17329
 2023-02-28 14:55:48 +01:00
Pedro Igor
fbf5541802 Remove duplicated set-cookie header from response when expiring cookies 
Closes #17192
 2023-02-27 14:17:27 -03:00
lpa
3cd413dee1 SOAP backchannel logout for SAML protocol 
Closes #16293
 2023-02-27 14:24:12 +01:00
rmartinc
38a46726e4 Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers 
Closes https://github.com/keycloak/keycloak/issues/15624
 2023-02-27 10:14:48 -03:00
Miquel Simon
923a321a55
Run WebAuthn IT with Chrome. (#17256) 2023-02-23 20:58:13 +00:00
Václav Muzikář
557a22968c
Stabilize Account Console UI tests (#17243) 
Closes #17178
Closes #17102
Closes #17070
Closes #17045
Closes #17044
Closes #16875
Closes #16870
Closes #16715
Closes #16670
Closes #16646
Closes #16627
Closes #16620
 2023-02-23 12:35:08 +01:00
Marek Posolda
b9ab942ef8
FIPS related docs (#17196) 
* FIPS related docs
Closes #16444 #12432 #12429

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-02-22 12:47:15 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview (#17228) 
* Polish fips-mode switch for preview
Closes #17208 #17210 


Co-authored-by: mposolda <mposolda@gmail.com>
 2023-02-22 12:12:52 +01:00
mposolda
5ac8f7c1ef Link 'Sign out' incorrectly hardcoded to localhost in the authz example applications 
closes #17216
 2023-02-21 15:49:20 +01:00
Douglas Palmer
1d75000a0e Create an SPI for DeviceActivityManager 
closes #17134
 2023-02-20 09:29:11 +01:00
drohwer89
4ff180da64
Terminating all sessions above the session limit (#16068) 
Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit.

Closes #14689

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-02-16 17:56:59 +01:00
rmartinc
9995a3cdd4 lastSync value into COMPONENT_CONFIG is always updated 
Closes https://github.com/keycloak/keycloak/issues/17022
 2023-02-16 17:48:49 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode 
Closes #17119
 2023-02-16 08:00:21 -03:00
sui.jieqiang
1f6fa0501c Fix search user groups without limit 
Closes #12649
 2023-02-15 15:50:46 +01:00
rmartinc
fbc9177f27 Doublecheck if we need to override properties in java.security 
Closes https://github.com/keycloak/keycloak/issues/16702
 2023-02-15 12:33:48 +01:00
vramik
7b604d6784 Sync properties in map-storage-jpa-cocroach with other profiles 
Closes #17107
 2023-02-15 10:49:22 +01:00
Michal Hajas
1f929c78af Make lockTimeout more friendly for JPA map storage 
Closes #16616
 2023-02-15 10:38:18 +01:00
Hynek Mlnarik
bb0eb899a7 Add ability to run arq testsuite with file store 
Fixes: #17032
 2023-02-15 10:17:23 +01:00
Hynek Mlnarik
2665fb01a6 File storage: Fix path traversal 
Fixes: #17029
 2023-02-14 14:30:14 +01:00
Pedro Igor
9e46b9e43f Handling events after transaction completion using a separate session 
Closes #15656
 2023-02-14 13:10:57 +01:00
Václav Muzikář
a57821ed80 Fix JDK 17 InaccessibleObjectException with infinispan 2023-02-13 17:09:36 -03:00
Miquel Simon
48a22ff2f3
Added WebAuthn integration tests to CI workflow. (#16608) 2023-02-13 12:28:25 +00:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML 
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
 2023-02-10 12:06:49 +01:00
Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite (#16970) 
Closes #16969
 2023-02-09 12:21:33 +01:00
Pedro Igor
017ddc670b Removing references to old admin console test artifacts 2023-02-08 17:22:45 -03:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest (#16914) 
Closes #16896
 2023-02-08 14:49:49 +00:00
Dmitry Telegin
5f39aeb590 Pre-authorization hook for client policies 
Closes #9017
 2023-02-08 15:06:32 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction 
Closes #13280
 2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme (#16864) 
Closes #16862
 2023-02-08 09:22:39 +01:00
Hynek Mlnařík
f71ab092de
File store basis 
Fixes: #16676

---

* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite

---------

Co-authored-by: vramik <vramik@redhat.com>
 2023-02-07 14:59:23 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861) 
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
 2023-02-07 12:59:35 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens 
Closes #8833
 2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92 Revise blacklist password policy provider #8982 
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-02-07 10:36:39 +01:00
Martin Kanis
5ba004b447 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage 2023-02-07 10:01:32 +01:00
Stian Thorgersen
fc075a3d35
Remove old admin console tests (#16859) 
Closes #16858
 2023-02-07 08:51:36 +01:00
Denis Bernard
5db64133b8 Add Attribute to Group Mapper for SAML IDP 
Cleansing code as PR Comment

Add test for Advanced Attribute to Group Mapper

Closes #12950
 2023-02-06 10:58:48 -03:00
Pedro Igor
1a1ee78dbd Removing tests from base group broker mapper test classes 2023-02-06 10:58:48 -03:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798) 
Closes #16797
 2023-02-03 15:31:25 +01:00
rmartinc
f8f112d8d2
Upgrade twitter4j (#16828) 
Closes https://github.com/keycloak/keycloak/issues/16731
 2023-02-03 15:28:37 +01:00
mposolda
0e374c7a45 Any tests using PhantomJS failing in some linux environments 
closes #16818
 2023-02-03 15:19:57 +01:00
Stian Thorgersen
0fa209c29a
WelcomeScreenTest#resourcesTest (#16761) 
* Fix WelcomeScreenTest#resourcesTest

Closes #16669

* Add one more retry
 2023-02-03 09:41:48 +01:00
Marek Posolda
51bed81814
Fixes for OOB endpoint and KeycloakSanitizer (#16773) 
(cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)
 2023-02-02 08:34:50 +01:00
Pedro Igor
e3c41ec3a0 Ignoring test methods from parent classes 
Closes #15687
 2023-02-01 14:58:03 -08:00
Stian Thorgersen
d9025231f9
HTML Injection in Keycloak Admin REST API (#16765) 
Resolves #GHSA-m4fv-gm5m-4725

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-02-01 14:34:15 +01:00