rmartinc
7deb4ca545
Group count and PartialExport permission fixes
...
Closes https://github.com/keycloak/keycloak/issues/12171
2023-10-31 01:40:21 -07:00
Aboullos
c23e1e0e2b
Fix springboot tests ( #24254 )
...
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-31 09:06:09 +01:00
rmartinc
6484a3e705
Add userProfileEnabled attribute to realm response if admin can view users
...
closes https://github.com/keycloak/keycloak/issues/19093
2023-10-30 07:39:03 -07:00
rmartinc
ea398c21da
Add a property to the User Profile Email Validator for max length of the local part
...
Closes https://github.com/keycloak/keycloak/issues/24273
2023-10-27 15:09:42 +02:00
Alice
69497382d8
Group scalability upgrades ( #22700 )
...
closes #22372
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Thomas Darimont
d56baa80b3
Add support for passing acr_values in auth requests in keycloak.js ( #9383 ) ( #24259 )
...
Fixes #9383
2023-10-25 15:33:39 +02:00
Hynek Mlnarik
c036980c37
Add TRANSIENT_USERS feature flag
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d59ceb17e9
Add tests for offline access, introspection and userinfo endpoint
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d70735f64d
Tests
...
Part-of: Add support for not importing brokered user into Keycloak database
Closes : #11334
2023-10-25 12:02:35 +02:00
ggraziano
84112f57b5
Verification of iss at refresh token request
...
Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method.
Closes #22191
2023-10-24 23:42:11 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration ( #24215 )
...
closes #24182
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-10-24 20:19:33 +02:00
Martin Kanis
10a2c96c72
Users in role Rest API returns empty when User federation used ( #23318 )
...
* Users in role Rest API returns empty when User federation used
Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-24 11:10:20 -04:00
Martin Bartoš
9627187447
Adapter tests failing with Jakarta error ( #24177 )
...
Fixes #24176
2023-10-24 10:11:48 -04:00
rmartinc
ad01ed1497
Do not reset the user profile configuration on disable
...
Closes https://github.com/keycloak/keycloak/issues/23527
2023-10-24 03:05:34 -07:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow ( #23892 )
...
Closes #23891
2023-10-24 10:09:26 +02:00
Håvar Nøvik
bc55846809
Fixes a NullPointerException after import validation ( #20151 )
...
* Fixes a NullPointerException after import validation
If the import validation (when getting a user by email)
returns null, indicating that the user entity should be
removed from local storage, an email equality check results
in a NullPointerException.
This commit fixes this issue by explicitly checking for null.
Closes #20150
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-23 17:19:25 -04:00
vramik
a0f04fa2be
Declarative User Profile export
...
Closes #12062
Resolves #20885
2023-10-21 19:21:20 +02:00
Pedro Igor
e47389f199
Username now shown when creating a user and edit username is not allowed
...
Closes #24183
2023-10-20 10:22:31 -07:00
Steven Hawkins
f4d1dd9b7f
improvement: validates the expected values of non-cli properties ( #23797 )
...
also adds better messages for unknown options
closes #13608
2023-10-20 17:21:03 +00:00
Pedro Igor
d4a5391013
Making sure public clients can RPT tokens
...
Closes #14165
2023-10-20 17:53:10 +02:00
Pedro Igor
55a5a8c0eb
Ignore custom attributes when processing attributes in verify profile action
...
Closes #24077
2023-10-20 17:51:40 +02:00
mposolda
c18e8ff535
User profile tweaks in registration forms
...
closes #24024
2023-10-20 06:31:21 -07:00
kaustubh-rh
1ac2c0997d
Inconsistent handling of parenthesis in auth flow name ( #24113 )
...
closes #16379
2023-10-20 10:00:46 +02:00
mposolda
04777299b0
After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly
...
closes #23880
2023-10-19 19:23:50 +02:00
Vlasta Ramik
f6d582c761
Import migration step for kc22
...
Closes #24031
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-10-19 09:00:49 +02:00
rmartinc
d10ccc7245
Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions
...
Closes: https://github.com/keycloak/keycloak/issues/21797
Closes: https://github.com/keycloak/keycloak/issues/21818
2023-10-19 08:31:49 +02:00
Pedro Igor
e91a0afca2
The username in account is required and don't change when email as username is enabled
...
Closes #23976
2023-10-17 16:43:44 -03:00
wojnarfilip
b5ec155b64
Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin
...
Closes #23960
2023-10-17 16:59:09 +02:00
shigeyuki kabano
6112b25648
Enhancing Light Weight Token( #22148 )
...
Closes #21183
2023-10-17 13:12:36 +02:00
Alexander Schwartz
50916d58b1
Clean up created test user to avoid conflict with other tests
...
Closes #23804
2023-10-16 19:10:52 +02:00
wojnarfilip
f9386bd62b
Update login flow in OCP social login
2023-10-16 10:45:38 -03:00
Pedro Igor
9c19a8972b
Removing the default cache metadata
...
Closes #23910
2023-10-13 16:32:55 +02:00
Lex Cao
eedc4ceb18
Fix unexpected expiration when import offline client session
...
Closes #23397
2023-10-13 15:45:07 +02:00
Moritz Becker
e9f08b6500
Do not return empty scope field in token introspection response
...
Closes #16526
2023-10-13 08:36:12 +02:00
Steven Hawkins
478ceb0b34
modification of kc.sh to remove param eval ( #22585 )
...
* test
* modification of kc.sh to remove eval of env/args
Closes #22337
---------
Co-authored-by: rmartinc <rmartinc@redhat.com>
2023-10-12 17:10:53 +02:00
Vojtěch Boček
8871983b33
Add support for single-tenant mode to Microsoft Identity Provider ( #20699 )
...
* Add support for single-tenant mode to Microsoft Identity Provider
Fixes #20695
Closes #11207
* Add SocialLoginTest for Microsoft single-tenant variant
2023-10-10 16:35:36 -04:00
Marek Posolda
a6609bd969
Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate ( #23517 )
...
Closes #12406
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-10 21:54:37 +02:00
Pedro Igor
7385ed56c7
Avoid creating the component when there is no component and configuration is not provided
...
Closes #20970
Co-authored-by: Pedro Igor <psilva@redhat.com>
2023-10-10 13:28:48 +02:00
Tero Saarni
22d093f5c0
Fix multi-valued LDAP attribute support
...
FullName LDAP storage mapper was delegating to single-valued setter even
when multi-valued setter was called.
Closes #22091
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-10-06 14:36:02 +00:00
mposolda
cdb61215c9
UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed
...
closes #23749
2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile ( #23537 )
...
Closes #23507 , #23584 , #23740 , #23774
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-06 10:15:39 -03:00
rmartinc
890600c33c
Remove backward compatibility for ECDSA tokens
...
Closes https://github.com/keycloak/keycloak/issues/23734
2023-10-06 14:24:48 +02:00
Martin Kanis
0853d484ec
Remove transaction in InfinispanSingleUseObjectProvider#remove ( #23708 )
...
Co-authored-by: mposolda <mposolda@gmail.com>
2023-10-06 10:00:04 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. ( #22317 )
...
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
2023-10-05 15:08:01 +02:00
vramik
7f2f4aae67
Upgrade liquibase version to avoid a bug where a changeset is executed twice
...
Closes #23220
2023-10-05 13:35:05 +02:00
Tomas Ondrusko
58131f1dcc
Update the Instagram login process
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-05 09:33:05 +02:00
Steven Hawkins
9a93b9a273
allows csv output to handle missing requested fields ( #23459 )
...
* allows csv output to handle missing requested fields
Closes #12330
* fixes the handling of the content type
also makes it more explicit the expectation of applying csv and return
fields
* fix: consolidating the logic dealing with the content-type
Closes #23580
2023-10-04 15:49:19 +02:00
Dmitry Telegin
085d0d73c9
Fix nonce/scope typo
2023-10-02 22:36:51 +02:00
Tomas Ondrusko
fcb91a83ba
Ignore query parameters while testing the LinkedIn profile picture URL ( #23557 )
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-02 14:36:17 +02:00
Tomas Ondrusko
3d42573813
Update PayPal social login flow to use 127.0.0.1 instead of localhost ( #23532 )
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-09-28 09:34:45 +00:00
fwojnar
56082cdd2d
Fixes issue in login flow of SocialLoginTest#twitterLogin ( #23122 )
...
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-09-28 10:21:59 +02:00
Lucas Hedding
de5aa2e74d
Add createTimestamp to REST service ( #23293 )
...
Closes #14009
2023-09-27 13:38:16 +02:00
rmartinc
10c1e3ba6d
Client roles should be mapped to any claim name
...
Closes https://github.com/keycloak/keycloak/issues/22349
2023-09-27 08:11:22 -03:00
rmartinc
d90640b5a3
Change email checkserveridentity prop as angus mail sets it to true by default
...
Closes https://github.com/keycloak/keycloak/issues/22395
2023-09-26 09:11:16 +02:00
Maria Arias de Reyna
c15753266f
fix( Closes #21236 ): Adding client-id to logout event
2023-09-25 13:20:26 +02:00
Pedro Igor
741f76887c
Allow updating email when email as username is set and edit username disabed
...
#23438
2023-09-25 08:19:01 -03:00
Michal Hajas
496c5ad989
Use new findGroupByPath implementation and remove the old one
...
Closes #23344
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-09-25 10:44:24 +02:00
Jon Koops
47d9ae71c4
Revert the new welcome screen experience ( #23446 )
...
This reverts commit bcab75a7ef
.
2023-09-21 16:03:00 +00:00
Justin Tay
7d3104ee76
Allow public clients to use PAR endpoint
...
Closes #8939
2023-09-21 13:57:42 +02:00
rmartinc
7afd90982d
Align wildfly-core and wildfly version for tests
...
Closes https://github.com/keycloak/keycloak/issues/23342
2023-09-21 10:53:57 +02:00
Michal Hajas
533f9e7093
Disable CockroachDB model tests since they are flaky ( #23391 )
...
Closes #22645
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-09-20 16:04:11 +00:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted ( #8430 )
...
Closes #14820
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-09-20 17:20:43 +02:00
Jon Koops
e86bf1f0b2
Remove P3P
header from authentication flow
...
Closes #23348
2023-09-19 08:50:33 -03:00
rmartinc
743bb696d9
Allow duplicated keys in advanced claim mappers
...
Closes https://github.com/keycloak/keycloak/issues/22638
2023-09-19 07:49:34 -03:00
wojnarfilip
5603ee7b46
Fixes login flow in Microsoft social login test
...
Closes #22657
2023-09-18 14:21:41 +02:00
Pedro Igor
217a09ce46
Switch to Resteasy Reactive
...
Closes #10713
2023-09-18 09:19:03 -03:00
Alexander Schwartz
798846df6f
Remove legacy code which isn't used anymore and was deprecated for some time ( #23264 )
...
Closes #23263
2023-09-18 11:04:02 +02:00
paul
f684a70048
KEYCLOAK-15985 Add Brute Force Detection Lockout Event
2023-09-15 10:32:07 -03:00
Jon Koops
bcab75a7ef
Add new version of Welcome theme based on PatternFly 5 ( #23008 )
2023-09-14 08:24:17 -04:00
Andreas Blaettlinger
86c0e338d9
Toggle visibility of password input fields in login-ftl-based pages
...
Closes #22067
2023-09-14 08:04:35 -03:00
Pedro Igor
1442f14c45
Registration page not showing username when edit username is not enabled
...
Closes #23185
2023-09-14 07:32:39 -03:00
Justin Tay
658c0ef19f
Send Client ID in token request with JWT Authentication
...
Closes #21444
2023-09-14 10:57:32 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix ( #23184 )
...
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer
a68ad55a37
Support to define compatible mappers for (new) Identity Providers
...
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers
Closes #21154
2023-09-13 17:19:06 -03:00
Jacek Kowalski
f5182deb30
Fix valid redirect URIs for built-in account-console client on realm rename ( #20894 )
...
Closes #9541
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-09-13 15:28:07 +02:00
Konstantinos Georgilakis
0044472f87
Add regex support in 'Condition - User attribute' execution
...
Closes #265
2023-09-13 08:36:45 +02:00
rmartinc
48ab2b1688
FullNameLDAPStoreMapper removes values for other attributes
...
Closes https://github.com/keycloak/keycloak/issues/22526
2023-09-13 08:11:32 +02:00
vramik
d34a371971
Enable ZeroDowntimeTest
...
Closes #21825
2023-09-11 19:09:30 +02:00
Pedro Igor
04dd9afc5e
Do not store empty attributes when updating user profile
...
Closes #22960
2023-09-11 07:47:31 -03:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address ( #23109 )
...
Closes #22825
2023-09-11 08:56:13 +02:00
rmartinc
7da52a43bd
Add old LinkedIn provider to the deprecated profile
...
Closes https://github.com/keycloak/keycloak/issues/23067
2023-09-08 10:05:17 +02:00
Marek Posolda
506e2537ac
Registration flow fixed ( #23064 )
...
Closes #21514
Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-09-08 08:05:05 +02:00
Pedro Igor
bc31fde4c0
Broker claim mapper not recognizing claims from user info endpoint
...
Closes #12137
2023-09-07 16:34:45 +02:00
Alexander Schwartz
2eb37dbe4f
Remove MS SQL JDBC driver from the Keycloak product
...
Closes #22983
2023-09-07 15:30:34 +02:00
Peter Skopek
ef272f7668
SAML Adapter fix for EAP8 and WF29
...
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-09-07 13:32:25 +02:00
Kaustubh B
5ee2ba9372
Added tests
2023-09-07 08:43:35 +02:00
Martin Bartoš
6ca78b7554
Return Oracle JDBC driver to the upstream
...
Closes #22999
2023-09-06 19:11:29 +02:00
rmartinc
8887be7887
Add a new identity provider for LinkedIn based on OIDC
...
Closes https://github.com/keycloak/keycloak/issues/22383
2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f
Role mappers must return a single value when they are not multivalued
...
Closes #20218
2023-08-31 19:16:12 +02:00
mposolda
57e51e9dd4
Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation
...
closes #20045
2023-08-30 13:24:48 +02:00
vramik
4cd34f8423
Update logging properties for showing SQL statements and JDBC parameters
...
Closes #22815
2023-08-30 12:52:08 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal ( #22531 )
...
closes #22352 #9422
2023-08-29 11:21:01 +00:00
Pedro Igor
ea3225a6e1
Decoupling legacy and dynamic user profiles and exposing metadata from admin api
...
Closes #22532
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-08-29 08:14:47 -03:00
Pedro Igor
b779df6a55
Parsing response from user info rather than the access token
...
Closes #22581
2023-08-29 12:23:56 +02:00
Tomas Ondrusko
e70ffd0105
Handle GitHub logout properly ( #22463 )
...
Add profile info update to GitHub login test cases
Closes #22461
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-08-28 10:06:12 +02:00
Michal Hajas
94089bd492
Clean LDAP between test method executions
...
Closes #22602
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-08-23 04:15:32 -03:00
Martin Bartoš
fcf65389ea
Remove Oracle Database JDBC driver from the Keycloak distribution ( #22577 )
...
* Remove Oracle Database JDBC driver from the Keycloak distribution
Closes #22452
* Remove profile for proprietary Oracle JDBC driver
---------
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-21 15:13:49 +00:00
t0xicCode
822c13ff6f
Switch Trusted Host policy redirect verification to URI
...
Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI.
The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used.
In contrast, the URI class simply parses the string, ensuring the format is valid.
The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs.
See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation.
Closes #22309
2023-08-14 10:20:23 +02:00
Pedro Igor
baac060eb1
Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts
...
Closes #21751
2023-08-11 13:32:16 +02:00
Erik Jan de Wit
874d2063b8
only add realm access to the current realm ( #21554 )
...
fixes : #21553
2023-08-10 12:43:15 +02:00