Commit graph

4743 commits

Author SHA1 Message Date
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs (#31620)
closes #31581 


Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645 Respect the username value format when processing federated users
Closes #31240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators (#31549)
Closes #30476

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:03:21 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Giuseppe Graziano
12732333c8 Client scope assignment for client registration
Closes #31062

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-26 17:33:49 +02:00
Stian Thorgersen
30cd88fefe
Change default bootstrap admin service account client-id (#31649)
Closes #31648

Signed-off-by: stianst <stianst@gmail.com>
2024-07-26 10:45:26 +00:00
vramik
649b35929e Make sure users created through a registration link are managed members
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
2024-07-24 15:12:16 -03:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation(#30692)
closes #30525 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-07-24 13:45:39 +02:00
rmartinc
5db3772d45 Remove TrustedHostClientRegistrationPolicyTest#testGithubDomain
Closes #29271

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-23 11:33:38 +02:00
Diego Ramp
ae74d923d2 fix bad debugv({}) in favor of more tolerant debugf(%s)
Closes #31368

Signed-off-by: Diego Ramp <diego.ramp@mobi.ch>
2024-07-18 10:34:32 +02:00
mposolda
3110bb8989 Missing Cache-Control header when response_type parameter is missing in login request
closes #29866

Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-18 10:17:52 +02:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential (#30920)
closes #30918

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-07-18 09:52:02 +02:00
Captain-P-Goldfish
526286e851 Manipulate OpenID redirect-response with custom implementation
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-07-17 17:20:18 +02:00
Martin Kanis
e5848bdcf9 Cannot set unmanagedAttributePolicy without profile attributes
Closes #31153

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-17 09:53:59 -03:00
Ricardo Martin
3d12c05005
Correctly moves to the next required action (#31358)
Closes #31014

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>


Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-07-17 09:38:29 +02:00
Pascal Knüppel
8485bc38ef
Make ProofType a string instead of enum (#31000)
fixes #30999

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-16 11:30:38 +02:00
Martin Kanis
887db25f00 Allow auto-redirect existing users federated from organization broker when using the username
Closes #30746

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-15 13:48:45 -03:00
Pedro Igor
c33585a5f4 All pubic brokers are shown during authentication rather than only those associated with the current organization
Closes #31246

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-12 17:51:39 +02:00
Douglas Palmer
9300903674 page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt
Closes #25440

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-07-12 16:24:21 +02:00
Pascal Knüppel
4028ada2a5
Add required default-context value to VerifiableCredential (#30959)
closes #30958

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-11 18:25:11 +02:00
Pascal Knüppel
96234d42cf
Exchange Enum type of Format for String (#30875)
closes #30873

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-11 18:18:14 +02:00
Steven Hawkins
4970a9b729
fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD
closes: #30658

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-07-11 18:07:57 +02:00
Pedro Igor
0410653e71 Do not send attributes when unlocking the user
Closes #31165

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-11 14:16:23 +02:00
rmartinc
096e335a92 Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider
Closes #30880
Closes #29755

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-11 12:40:45 +02:00
Pedro Igor
da6c9ab7c1 Bruteforce protector does not work when using organizations
Closes #31204

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-11 00:26:47 +02:00
Martin Kanis
922eaa9fc8
Disable username prohibited chars validator when email as username is… (#31140)
* Disable username prohibited chars validator when email as the username is set

Closes #25339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 09:46:24 -03:00
Pedro Igor
d475833361 Do not expose kc.org attribute in user representations
Closes #31143

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 13:43:23 +02:00
rmartinc
f78a46485d TE should create a transient session when there is no initial session in client-to-client exchange
Closes #30614

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-08 15:44:38 -03:00
Lucy Linder
b4f7487dd3 Fix ReCAPTCHA Enterprise failing due to new properties in response
The assessment response added a new field called accountDefenderAssessment.
This commit adds the new property, and also ensures new properties won't be
problematic next time by ignoring unknown properties on the top level object.

Closes: #30917

Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-07-08 16:59:47 +02:00
Thomas Darimont
c460fa7b48
Allow user to configure prompt parameter for google sign-in
Closes #16750

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-04 12:01:32 +02:00
Pedro Igor
f010f7df9b Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-03 11:55:04 -03:00
Martin Kanis
e1b735fc41 Identity-first login flow should be followed by asking for the user credentials
Closes #30339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-03 11:55:04 -03:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user (#30054)
* fix: adding password and service account based bootstrap and recovery

closes: #29324, #30002, #30003

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Fix tests

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-07-03 15:23:40 +02:00
Giuseppe Graziano
02d64d959c Using _system client when account client is disabled for email actions
Closes #17857

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet
20cedb84eb Check refresh token flow response for offline based on refresh token request parameter
Closes #30857

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-07-02 18:13:30 -03:00
Pedro Igor
cc2ccc87b0 Filtering organization groups when managing or processing groups
Closes #30589

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-28 10:27:18 -03:00
Thomas Darimont
690c6051bb Fix scope policy evaluation for client to client token exchange (#26435)
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.

We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.

We also ensure backwards compatibility for ClientPermissionManagement API.

Fixes #26435

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-06-28 10:33:20 +02:00
Douglas Palmer
601355d517 Flaky test: org.keycloak.testsuite.oauth.TokenIntrospectionTest#testUnsupportedToken
Closes #30111

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-27 18:41:48 +02:00
mposolda
3c3f59f861 Move some server related logic from info representation classes to server codebase
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 11:00:30 +02:00
Jon Koops
cd0dbdf264
Use the Keycloak server URL for common resources (#30823)
Closes #30541

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-26 14:52:25 +00:00
Takashi Norimatsu
b0aac487a3 VC issuance in Authz Code flow with considering scope parameter
closes #29725

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-24 10:53:19 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
mposolda
6a9e60bba0 Flow steps back when changing locale or refreshing page on 'Try another way page'
closes #30520

Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-21 11:22:15 +02:00
rmartinc
592c2250fc Add briefRepresentation query parameter to getUsersInRole endpoint
Closes #29480

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-21 11:21:02 +02:00
Takashi Norimatsu
6b135ff6e7 client-jwt authentication fails on Token Introspection Endpoint
closes #30599

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-21 10:47:25 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
Jon Koops
77fb3c4dd4
Use correct host URL for Admin Console requests (#30535)
Closes #30432

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-19 15:21:53 +02:00
Francis Pouatcha
d4797e04a2
Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification (#30420)
closes #30419 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-06-18 17:07:49 +02:00
rmartinc
38d8cf2cb3 Add UPDATE event to the client-roles condition
Closes #30284

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-18 15:30:42 +02:00
Thibault Morin
f6fa869b12
feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619)
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP

Signed-off-by: tmorin <git@morin.io>

* Adding broker test and minor improvements

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing IdentityProviderTest

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Renaming methods related to idp initiated flows

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing partial_import_test.spec.ts

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-14 08:54:49 -03:00
vramik
d355e38424 Provide a cache layer for the organization model
Closes #30087

Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
Jon Koops
c7361ccf6e
Run the Vite dev server through the Keycloak server (#27311)
Closes #19750
Closes #28643
Closes #30115

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-12 11:55:14 +02:00
Pedro Igor
e6df8a2866 Allow multiple instances of the same social broker in a realm
Closes #30088

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-11 12:44:10 -03:00
Fouad Almalki
780ec71672
Add support of RTL UI in login themes (#29907)
Closes #29974

Signed-off-by: Fouad Almalki <me@fouad.io>
2024-06-11 07:12:13 -04:00
Patrick Jennings
75925dcf6c
Client type configuration inheritance (#30056)
closes #30213 

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-06-10 18:59:08 +02:00
rmartinc
7d05a7a013 Logout from all clients after IdP logout is performed
Closes #25234

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-10 11:58:09 -03:00
e.sergeenko
f00c2f3eb0 Add ability to get realm attributes
Closes #30241

Signed-off-by: e.sergeenko <sergeenkoegor@yandex.ru>
2024-06-07 13:05:06 +02:00
rmartinc
760e01b9db Improvements for openapi annotations in AuthenticationManagementResource
Closes #29788

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-07 13:04:00 +02:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966)
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
vickeybrown
c96c6c4feb
Default SAML client type (#29493)
closes #29492 

Signed-off-by: Vickey Brown <vibrown@redhat.com>
2024-06-07 11:43:43 +02:00
Erik Jan de Wit
5897334ddb
Align environment variables between consoles (#30125)
* change to make authServerUrl the same as authUrl

fixes: #29641
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Remove `authUrl` entirely

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Remove file that is unrelated

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Split out and align environment variables between consoles

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Restore removed variables to preserve backwards compatibility

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Also deprecate the `authUrl` for the Admin Console

Signed-off-by: Jon Koops <jonkoops@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-06-06 08:36:46 +02:00
Pedro Igor
94c194f1f4 Prevent users to unlink from their home identity provider when they are a managed member
Closes #30092

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2024-06-05 13:57:01 +02:00
mposolda
0bf613782f Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error
closes #30102

Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-05 13:55:02 +02:00
rmartinc
eedfd0ef51 Missing auth checks in some admin endpoints (#166)
Closes keycloak/keycloak-private#156

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-05 12:04:47 +02:00
Giuseppe Graziano
d5e82356f9 Encrypted KC_RESTART cookie and removed sensitive notes
Closes #keycloak/keycloak-private#162

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-05 10:33:44 +02:00
Pedro Igor
f8d55ca7cd Export import realm with organizations
Closes #30006

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-05 09:50:03 +02:00
Martin Kanis
33331788a4 Introduce count method to avoid fetching all organization upon checking for existence
Closes #29697

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-04 10:45:28 -03:00
Thomas Darimont
35a4a17aa5
Add support for application/jwt media-type in token introspection (#29842)
Fixes #29841

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-06-03 19:06:21 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support (#28518)
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-06-03 14:17:28 +02:00
mposolda
9074696382 Editing built-in client policy profiles are silently reverted
closes #27184

Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-03 14:00:37 +02:00
Pedro Igor
4c39fcc79d Allow to configure if users are automatically redirected when the email domain matches an organization
Closes #30050

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-03 13:34:21 +02:00
vramik
a8ceada973 Fix creation of domains when creating the organization
Closes #29005

Signed-off-by: vramik <vramik@redhat.com>
2024-06-03 10:22:20 +02:00
raff897
6d6131cade Backchannel logout url with curly brackets
closes #30023

Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
2024-06-03 09:51:39 +02:00
Stefan Wiedemann
0f6f9543ba
Add oid4vci to the account console (#29174)
closes #25945

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>


Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-05-31 15:11:32 +02:00
Patrick Jennings
5144f8d85f
Improve Client Type Integration Tests (#29944)
closes #30017

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-31 09:53:22 +02:00
Andrejs Mivreniks
1cf87407fe Allow setting authentication flow execution priority value via Admin API
Closes #20747

Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>
2024-05-30 19:17:45 +02:00
Pedro Igor
320f8eb1b4 Improve invitation messages and flow
Closes #29945

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 17:51:06 +02:00
Erik Jan de Wit
f088b0009c
initial ui for organizations (#29643)
* initial screen

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* more screens

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added members tab

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added the backend

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added member add / invite models

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* initial version of the identity provider section

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* add link and unlink providers

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* small fix

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* PR comments

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Do not validate broker domain when the domain is an empty string

Closes #29759

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added filter and value

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added first name last name

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* refresh menu when realm organization is changed

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to record

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to form data

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed lint error

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Changing name of invitation parameters

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Chancing name of parameters on the client

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Enable organization at the realm before running tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Domain help message

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Handling model validation errors when creating organizations

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Message key for organizationDetails

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Do not change kc.org attribute on group

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* add realm into the context

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* tests

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Changing button in invitation model to use Send instead of Save

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Better message when validating the organization domain

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Fixing compilation error after rebase

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* removed wait as it no longer required and skip flacky test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* skip tests that are flaky

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* stabilize user create test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 14:34:02 +02:00
Thomas Darimont
4edb204777 Add reason details in event before error event is submitted for broken SAML requests (#29948)
Previously the reason was omitted in the details because it was set after the event was already submitted.

Fixes #29948

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-05-29 08:34:28 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 01:58:20 -03:00
mposolda
49a2aaf7bc Adding realmName to be logged by jboss-logging event listener
closes #27506

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-28 18:41:43 +02:00
Francis Pouatcha
583054b929
Enhancement: Add support for RSA encryption key imports in JavaKeystoreKeyProvider (#29853)
closes #29852 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-05-28 13:56:20 +02:00
Stefan Guilhen
694ffaf289 Allow organizations in different realms to have the same domain
Closes #29886

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-28 08:02:30 -03:00
Francis Pouatcha
4317a474d1
JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification (#29635)
closes #29634 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>


Co-authored-by: DYLANE BENGONO <85441363+bengo237@users.noreply.github.com>
2024-05-28 12:51:56 +02:00
Sebastian Prehn
b5d0154bb1 Improve documentation on ClientRolemappingsRessource
Closes #29266

Signed-off-by: Sebastian Prehn <sebastian.prehn@ero.eu>
2024-05-28 09:06:31 +02:00
BaptisteMcd
8d76ce3f54
Fix: Added LDSigningServiceProvider entry for LD-Credentials/VCDM
Closes #29885

Signed-off-by: Baptiste Marchand <baptiste.marchand01@gmail.com>
2024-05-27 14:42:09 +00:00
Stefan Wiedemann
5a68056f2a
Fix oid4vc mappers
Closes #29805

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-05-27 11:28:46 +02:00
Francis Pouatcha
29dee7ec63
Fix: Corrected media type/format string for SD-JWT-VC
Closes #29620

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-05-27 10:13:36 +02:00
Pedro Igor
2d4d32764c Show a message when confirming an invitation link
Closes #29794

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-27 08:33:22 +02:00
rmartinc
b258b459d7 Generate RESTART_AUTHENTICATION event on success
Closes #29385

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-23 19:08:22 +02:00
vramik
0508d279f7 Filter empty domains from OrganizationsRepresentation before running validation
Closes #29809

Signed-off-by: vramik <vramik@redhat.com>
2024-05-23 09:53:51 -03:00
Daniel Fesenmeyer
c08621fa63 Always order required actions by priority (regardless of context)
- AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action
- AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation)
- add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now)
- fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80)

Closes #16873

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2024-05-23 09:07:56 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400)
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
Stefan Guilhen
37f85937a7 Move organization authenticator into conditional subflows in the default browser and first broker login flows
Closes #29446

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-22 20:48:29 -03:00
vramik
1e597cca3e Split OrganizationResource into OrganizationResource and OrganizationsResource
Closes #29574

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
vramik
278341aff9 Add organizations enabled/disabled capability
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Francis Pouatcha
542fc65923
Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 (#29628)
closes #29627 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>


Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-05-22 10:30:34 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Case Walker
f32cd91792 Upgrade owasp-java-html-sanitizer, address all fallout
Signed-off-by: Case Walker <case.b.walker@gmail.com>
2024-05-22 09:15:25 +02:00