Commit graph

4743 commits

Author SHA1 Message Date
Pedro Igor
449557290b More options to organization scope mapper including adding organization attributes to tokens
Closes #31642

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-27 09:40:55 -03:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-26 15:10:09 -03:00
Erik Jan de Wit
776a491989
added organizations table to account (#32311)
* added organizations table to account

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-22 15:44:03 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel (#32251)
* Decouple Identity provider mappers from RealmModel

Closes #31731

Signed-off-by: vramik <vramik@redhat.com>
2024-08-22 12:05:19 -03:00
Steven Hawkins
d9a92f5de3
fix: expose bootstrap-admin-* options (#32241)
* fix: expose bootstrap-admin-* options

closes: #32176

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-08-21 15:52:38 +02:00
Peter Zaoral
6ab3b98743
Temporary admin account notice logged to org.keycloak.events (#32307)
* removed the temporary admin accounts logging from JBossLoggingEventListenerProvider

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-08-21 13:31:57 +00:00
Pedro Igor
c1f6d5ca64 Support for selecting an organization when requesting the organization scope
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-21 13:04:58 +02:00
Stefan Guilhen
585d179fe0 Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs.
Closes #32238

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-21 07:49:01 -03:00
Peter Zaoral
1b5fe5437a
Warnings for temporary admin user and service account (#31387)
* UI banner, labels and log messages are shown when temporary admin account is used
* added UI tests that check the elements' presence

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-08-21 09:30:24 +02:00
Pedro Ruivo
4675a4eda9 Deprecate UserSessionCrossDCManager
Fixes #31878

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-21 08:52:39 +02:00
Pedro Igor
e3c0b918bd Returning a full representation when querying organizations
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:11:14 -03:00
Pedro Igor
4376a3c757 Add an endpoint to the organizations endpoint to return the organizations for a given user
Closes #32158

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:27:22 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code.
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-19 08:45:23 -03:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-16 12:17:43 +02:00
Václav Muzikář
cb418b0bfc
Upgrade to Quarkus 3.13.2 (#31678)
* Upgrade to Quarkus 3.13.2

Closes #31676

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-08-16 11:41:34 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values (#32137)
closes #31595

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
2024-08-16 08:58:27 +02:00
Alexander Schwartz
80d235fffb
Handle non-existing client gracefully (#32151)
Closes #32150

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-15 16:08:40 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00 Support for resolving organization based on the organization scope
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac Client Policy - Condition : Client - Client Attribute
Closes https://github.com/keycloak/keycloak/issues/31766

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
2024-08-14 09:56:56 +02:00
kaustubh-rh
cf8905efe8
Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. (#32067)
* Stripping secrets for the credential representation

Signed-off-by: kaustubh B <kbawanka@redhat.com>
2024-08-12 13:47:41 -03:00
Steven Hawkins
b72ddbcc45
fix: add a warning log if a deprecated admin env variable is used (#32038)
closes: #31491

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 08:54:30 +02:00
rmartinc
347f595913 Add ECDH-ES encyption algorithms to the java keystore key provider
Closes #32023

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a Conditionally redirect existing users to a broker based on their credentials
Closes #31006

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-09 07:59:25 -03:00
rmartinc
2a06e1a6db Add SHAKE256 hash provider for Ed448
Closes #31931

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928)
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-08 17:29:35 +02:00
Steven Hawkins
7ce6f12fe3
fix: adds a check for duplicate users/clients to simplify cmd errors (#31583)
also changes temp-admin-service to temp-admin

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:20:33 -04:00
Pedro Igor
3ab2446074 Do not return identity providers when querying the realm representation
Closes #21072

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-07 10:06:51 -03:00
rmartinc
acbbfde4ab Adding upgrading notes for brute force changes
Closes #31960

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-07 14:38:30 +02:00
Pascal Knüppel
f3341390f4
Issuer id must be a URL according to specification (#30961)
fixes #30960

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-08-07 14:35:58 +02:00
Giuseppe Graziano
35c8c09b8d OIDC dynamic client registration with response_type=none
Closes #19564

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-07 10:34:47 +02:00
rmartinc
8a09905e5c Remove the attempt in brute force when the off-thread finishes
Closes #31881

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-06 15:30:49 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC (#31763)
closes #31712 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1 Add a media type to error responses on OID4VC endpoints
Closes #31585

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-02 12:09:09 +02:00
Justin Tay
f537343545 Allow empty key use in JWKS from identity provider
Closes #31823

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-02 11:39:43 +02:00
rmartinc
773e309f75 Parse saml urls correctly if the bindings are different
Closes #31780

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-02 11:34:06 +02:00
Thomas Darimont
282260dc95 Ensure issued_client_type is always added to successful token-exchange response (#31548)
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1)
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type

Fixes #31548

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-30 18:33:51 +02:00
Alexander Schwartz
11b19bc272
For persistent sessions, don't remove user session if there is no session in the remote store (#31756)
Closes #31115

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-30 17:57:09 +02:00
Pedro Igor
a79761a447 Support for blocking concurrent requests when brute force is enabled
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-30 10:01:48 +02:00
Martin Kanis
d91d6d18d5 Can not update organization group error when trying to create organisation from REST API
Closes #31144

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes (#29967)
fixes #30179
fixes #30181


Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-29 16:30:54 +02:00
Stefan Guilhen
f45529de8c Deprecate IDP related methods in RealmModel
- delegate to the new provider

Closes #31253

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Stefan Guilhen
c16e88bcee Make the IDPProvider via session.identityProviders()
Closes #31252

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Alexander Schwartz
6d404b86c9 Trigger clearing the user cache when the duplicate email allowed flag changes
Closes #31045

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 10:37:42 +02:00