keycloak-scim

Author	SHA1	Message	Date
Ott	975bb6762f	Fixed type in invalidPasswordNotContainsUsernameMessage Signed-off-by: Ott <ottalexanderdev@gmail.com>	2024-04-22 08:06:02 -03:00
Douglas Palmer	ed22530d16	Failure reset time is applied to Permanent Lockout Closes #28821 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-22 11:47:22 +02:00
Stefan Wiedemann	b08c644601	Support credentials issuance through oid4vci (#27931 ) closes #25940 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-04-22 11:37:55 +02:00
Lex Cao	7e034dbbe0	Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393 ) Closes #26201. Signed-off-by: Lex Cao <lexcao@foxmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-04-22 11:30:14 +02:00
etiksouma	1afd20e4c3	return proper error message for admin users endpoint closes #28416 Signed-off-by: etiksouma <al@mouskite.com>	2024-04-20 12:17:53 +02:00
Pedro Ruivo	3e0a185070	Remove deprecated EnvironmentDependentProviderFactory.isSupported method Closes #26280 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-04-19 16:36:49 +02:00
Giuseppe Graziano	f6071f680a	Avoid the same userSessionId after re-authentication Closes keycloak/keycloak-private#69 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-19 14:44:39 +02:00
mposolda	c427e65354	Secondary factor bypass in step-up authentication closes #34 Signed-off-by: mposolda <mposolda@gmail.com> (cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)	2024-04-19 14:43:53 +02:00
Giuseppe Graziano	897c44bd1f	Validation of providerId during required action registration Closes #26109 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-19 13:06:51 +02:00
Joerg Matysiak	76a5a27082	Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it Don't mask secrets at realm export Closes #21562 Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>	2024-04-18 18:26:47 -03:00
Pedro Igor	7483bae130	Make sure admin events are not referencing sensitive data from their representation Closes #21562 Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>	2024-04-18 18:26:47 -03:00
Steve Hawkins	0be34d64e7	task: refactor overlap between cli clients also repackaging to more clearly delineate code roles closes: #28329 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-04-18 17:39:16 -03:00
cgeorgilakis-grnet	89263f5255	Fix refresh token scope in refresh token flow with scope request parameter Closes #28463 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-04-18 16:17:46 -03:00
Ricardo Martin	8daace3f69	Validate Saml URLs inside DefaultClientValidationProvider (#135 ) (#28873 ) Closes keycloak/keycloak-private#62 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-18 16:04:13 +02:00
Ricardo Martin	fc6b6f0d94	Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131 ) (#28872 ) Closes keycloak/keycloak-private#113 Closes keycloak/keycloak-private#134 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2024-04-18 16:02:24 +02:00
Douglas Palmer	00d4cab55e	Flaky test: org.keycloak.testsuite.forms.ResetPasswordTest#resetPasswordLink Closes #21422 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-18 15:54:30 +02:00
vramik	860f3b7320	Prevent updating IdP via organization API not linked with the organization Closes #28833 Signed-off-by: vramik <vramik@redhat.com>	2024-04-18 09:14:54 -03:00
Stian Thorgersen	0d60e58029	Restrict the token types that can be verified when not using the user info endpoint (#146 ) (#28866 ) Closes #47 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Conflicts: core/src/main/java/org/keycloak/util/TokenUtil.java testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-18 14:11:05 +02:00
Justin Tay	d807093f63	Fix OCSP nonce handling Closes #26439 Co-authored-by: Ricardo Martin <rmartinc@redhat.com> Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-04-18 09:04:46 +02:00
Pedro Igor	f0f8a88489	Automatically fill username when authenticating to through a broker Closes #28848 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-18 08:24:34 +02:00
Pedro Igor	1e3837421e	Organization member onboarding using the organization identity provider Closes #28273 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-17 07:24:01 -03:00
Alexander Schwartz	13af4f44f5	Defer updates of last session updates and batch them (#28502 ) Defer updates of last session refreshes and batch them Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-04-17 09:25:05 +02:00
Pedro Ruivo	2494ad6950	Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory Closes #28752 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-04-16 10:51:57 +02:00
Pedro Ruivo	63cb137b37	Remove usages of EnvironmentDependentProviderFactory.isSupported Closes #28751 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-04-16 09:43:23 +02:00
Šimon Vacek	0205262c91	Workflow failure: Fuse adapter tests Closes: #27021 Signed-off-by: Simon Vacek <simonvacky@email.cz>	2024-04-15 17:28:16 +02:00
Steven Hawkins	58398d1f69	fix: replaces aesh with picocli (#28276 ) * fix: replaces aesh with picocli closes: #28275 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * fix: replaces aesh with picocli closes: #28275 Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-04-15 13:04:58 +00:00
Stefan Guilhen	2ab8bf852d	Add validation for the organization's internet domains. Closes #28634 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-15 09:03:52 -03:00
Patrick Jennings	551a3db987	Updating validation logic to match our expectations on what applicable should mean. Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-04-15 09:39:34 +02:00
Patrick Jennings	03db2e8b56	Integration tests around client type parameter validation. Throw common ClientTypeException with invalid params requested during client creation/update requests. This gets translated into ErrorResponseException in the Resource handlers. Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-04-15 09:39:34 +02:00
Patrick Jennings	9814733dd3	DefaultClientType service will now validate all client type default values and respond with bad request message with the affending parameters that attempt to override readonly in the client type config. Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-04-15 09:39:34 +02:00
Patrick Jennings	42202ae45e	Translate client type exception during client create into bad request response. Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-04-15 09:39:34 +02:00
Giuseppe Graziano	4672366eb9	Simplified checks in IntrospectionEndpoint (#28642 ) Closes #24466 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2024-04-12 21:19:04 +02:00
rmartinc	92bcd2645c	Retry the login in the SAML adapter if response is authentication_expired Closes #28412 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-12 14:55:31 +02:00
Marek Posolda	e6747bfd23	Adjust priority of SubMapper (#28663 ) closes #28661 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-04-12 14:13:03 +02:00
Pedro Igor	61b1eec504	Prevent members with an email other than the domain set to an organization Closes #28644 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-12 08:33:18 -03:00
Alexander Schwartz	b4cfebd8d5	Persistent sessions code also for offline sessions (#28319 ) Persistent sessions code also for offline sessions Closes #28318 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-04-12 13:15:02 +02:00
Martin Bartoš	a3669a6562	Make general cache options runtime (#28542 ) Closes #27549 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-04-12 11:56:11 +02:00
rmartinc	6d74e6b289	Escape slashes in full group path representation but disabled by default Closes #23900 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-12 10:53:39 +02:00
Stefan Guilhen	e6b9d287af	Add null checks after retrieving user from LDAP for validation to prevent NPE when user is removed in LDAP. Closes #28523 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-11 14:29:30 -03:00
rmartinc	d31f128ca2	Fix test IdentityProviderTest#testSamlImportWithAnyEncryptionMethod Closes #28577 Closes #28576 Closes #28575 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-11 18:56:37 +02:00
Steven Hawkins	d059a2af36	task: remove MultiVersionClusterTest (#28520 ) closes: #17483 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-04-11 14:13:52 +02:00
Martin Bartoš	ad4cbf2a14	OrganizationTest.testAttributes fails in GHA CI Fixes #28606 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-04-11 11:56:43 +02:00
tqe1999	6e0fc8a774	fix integer overflow with explicit cast Closes #28564 Signed-off-by: tqe1999 <tqe1999@gmail.com>	2024-04-11 10:58:44 +02:00
Giuseppe Graziano	33b747286e	Changed userId value for refresh token events Closes #28567 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-11 07:46:44 +02:00
Stefan Guilhen	9a466f90ab	Add ability to set one or more internet domain to an organization. Closed #28274 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-10 13:18:12 -03:00
devjos	cccddc0810	Fix brute force detection for LDAP read-only users Closes #28579 Signed-off-by: devjos <github_11837948@feido.de>	2024-04-10 16:36:11 +02:00
vramik	00ce3e34bd	Manage a single identity provider for an organization Closes #28272 Signed-off-by: vramik <vramik@redhat.com>	2024-04-10 09:47:51 -03:00
Jon Koops	0327787645	Remove legacy Account Console tests Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-04-10 14:34:56 +02:00
vramik	0826a12ca4	Exclude `groovy` artefact from testsuite to avoid version collision Closes #28555 Signed-off-by: vramik <vramik@redhat.com>	2024-04-10 09:16:36 -03:00
Martin Kanis	51fa054ba7	Manage organization attributes Closes #28253 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-04-10 09:10:49 -03:00
rmartinc	41b706bb6a	Initial security profile SPI to integrate default client policies Closes #27189 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-10 11:19:56 +02:00
Giuseppe Graziano	c76cbc94d8	Add sub via protocol mapper to access token Closes #21185 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-10 10:40:42 +02:00
mposolda	aa619f0170	Redirect error to client right-away when browser tab detects that another browser tab authenticated closes #27880 Signed-off-by: mposolda <mposolda@gmail.com>	2024-04-09 17:59:34 +02:00
Konstantinos Georgilakis	a40a953644	SAML element EncryptionMethod can consist any element closes #12585 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-04-09 14:15:56 +02:00
Stian Thorgersen	a499512f35	Set SameSite for all cookies (#28467 ) Closes #28465 Signed-off-by: stianst <stianst@gmail.com>	2024-04-09 12:29:19 +02:00
Václav Muzikář	e4987f10f5	Hostname SPI v2 (#26345 ) * Hostname SPI v2 Closes: #26084 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Address review comment Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Partially revert the previous fix Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Do not polish values Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Remove filtering of denied categories Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-04-09 11:25:19 +02:00
vibrown	3fffc5182e	Added ClientType implementation from Marek's prototype Signed-off-by: vibrown <vibrown@redhat.com> More updates Signed-off-by: vibrown <vibrown@redhat.com> Added client type logic from Marek's prototype Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> Testing to see if skipRestart was cause of test failures in MR	2024-04-08 20:20:37 +02:00
Pedro Igor	52ba9b4b7f	Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user Closes #28248 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-08 09:05:16 -03:00
Justin Tay	e765932df3	Skip unsupported keys in JWKS Closes #16064 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-04-08 08:42:31 +02:00
rmartinc	2b769e5129	Better management of the CSP header Closes https://github.com/keycloak/keycloak/issues/24568 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-08 08:19:57 +02:00
Giuseppe Graziano	b4f791b632	Remove session_state from tokens Closes #27624 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-08 08:12:51 +02:00
MNaaz	811c70d136	Support for searching users based on search filter, enabled attribute, first, max Closes #27241 Signed-off-by: MNaaz <feminity2001@yahoo.com>	2024-04-05 12:10:15 -03:00
Jon Koops	d3c2475041	Upgrade admin and account console to PatternFly 5 (#28196 ) Closes #21345 Closes #21344 Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Mark Franceschelli <mfrances@redhat.com> Co-authored-by: Hynek Mlnařík <hmlnarik@redhat.com> Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>	2024-04-05 16:37:05 +02:00
Gilvan Filho	96db7e3154	fix NotContainsUsernamePasswordPolicyProvider: reversed check closes #28389 Signed-off-by: Gilvan Filho <gfilho@redhat.com>	2024-04-05 10:39:07 -03:00
Pedro Igor	8fb6d43e07	Do not export ids when exporting authorization settings Closes #25975 Co-authored-by: 박시준 <sjpark@logblack.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-04 19:26:03 +02:00
Justin Tay	30cd40e097	Use realm default signature algorithm for id_token_signed_response_alg Closes #9695 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-04-04 11:37:28 +02:00
Justin Tay	89a5da1afd	Allow empty key use in JWKS for client authentication Closes #28004 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-04-04 10:42:37 +02:00
Marek Posolda	335a10fead	Handle 'You are already logged in' for expired authentication sessions (#27793 ) closes #24112 Signed-off-by: mposolda <mposolda@gmail.com>	2024-04-04 10:41:03 +02:00
Martin Bartoš	7f048300fe	Support management port for health and metrics (#27629 ) * Support management port for health and metrics Closes #19334 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Deprecate option Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove relativePath first-class citizen, rename ManagementSpec Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Fix KeycloakDistConfiguratorTest Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-04-03 16:18:44 +02:00
Hynek Mlnarik	8ef3423f4a	Present effective sync mode value When sync mode value is missing in the config of newly created identity provider, the provider does not store any. When no value is found, the identity provider behaves as if `LEGACY` was used (#6705). This PR ensures the correct sync mode is returned from the REST endpoint, regardless of whether it has been stored in the database or not. Fixes: #26019 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-04-03 15:49:18 +02:00
Pedro Igor	4ec9fea8f7	Adding tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-03 08:04:17 -03:00
Clemens Zagler	b44252fde9	authz/client: Fix getPermissions returning wrong type Due to an issue with runtime type erasure, getPermissions returned a List<LinkedHashSet> instead of List<Permission>. Fixed and added test to catch this Closes #16520 Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>	2024-04-02 11:09:43 -03:00
Giuseppe Graziano	fe06df67c2	New default client scope for 'basic' claims with 'auth_time' protocol mapper Closes #27623 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-02 08:44:28 +02:00
Stefan Guilhen	2ca59d4141	Align isEnabled in MSAD mappers to how other properties are processed in UserAttributeLDAPStorageMapper - user model is updated by onImport with the enabled/disabled status of the LDAP user - a config option always.read.enabled.value.from.ldap was introduced, in synch to what we have in UserAttributeLDAPStorageMapper - isEnabled checks the flag to decide if it should always retrieve the value from LDAP, or return the local value. - setEnabled first updates the LDAP tx, and then calls the delegate to avoid issue #24201 Closes #26695 Closed #24201 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-01 08:20:35 -03:00
Steven Hawkins	e9ad9d0564	fix: replace aesh with picocli (#27458 ) * fix: replace aesh with picocli closes: #27388 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java Co-authored-by: Martin Bartoš <mabartos@redhat.com> * splitting the error handling for password input Signed-off-by: Steve Hawkins <shawkins@redhat.com> * adding a change note about kcadm Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc Co-authored-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-03-28 14:34:06 +01:00
Alexander Schwartz	c580c88c93	Persist online sessions to the database (#27977 ) Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one. Closes #27976 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-03-28 09:17:07 +01:00
Gilvan Filho	757c524cc5	Password policy for not having username in the password closes #27643 Signed-off-by: Gilvan Filho <gfilho@redhat.com>	2024-03-28 08:29:03 +01:00
Pedro Igor	b9a7152a29	Avoid commiting the transaction prematurely when creating users through the User API Closes #28217 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-27 19:16:09 -03:00
Lex Cao	a53cacc0a7	Fire logout event when logout other sessions (#26658 ) Closes #26658 Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-03-27 11:13:48 +01:00
Jon Koops	3382e16954	Remove Account Console version 2 (#27510 ) Closes #19664 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-03-27 10:53:28 +01:00
Tomas Ondrusko	3160116a56	Remove Twitter workaround (#28232 ) Relates to #23252 Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2024-03-27 10:34:26 +01:00
Steven Hawkins	be32f8b1bf	fix: limit the use of Resteasy to the KeycloakSession (#28150 ) * fix: limit the use of Resteasy to the KeycloakSession contextualizes other state to the KeycloakSession close: #28152	2024-03-26 13:43:41 -04:00
vramik	fa1571f231	Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member Closes #27993 Signed-off-by: vramik <vramik@redhat.com>	2024-03-26 14:02:09 -03:00
Pedro Igor	a470711dfb	Resolve the user federation link as null when decorating the user profile metadata in the LDAP provider Closes #28100 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-26 10:14:49 -03:00
Stian Thorgersen	c3a98ae387	Use Argon2 as default password hashing algorithm (#28162 ) Closes #28161 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 13:04:14 +00:00
Stian Thorgersen	8cbd39083e	Default password hashing algorithm should be set to default password hash provider (#28128 ) Closes #28120 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 12:44:11 +01:00
Stian Thorgersen	3f9cebca39	Ability to set the default provider for an SPI (#28135 ) Closes #28134 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 07:45:08 +01:00
Stian Thorgersen	cae92cbe8c	Argon2 password hashing provider (#28031 ) Closes #28030 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 07:08:09 +01:00
Reda Bourial	a41d865600	fix for SMTP email sending fails because of tls certificate verification even with tls-hostname-verifier=ANY (#27756 ) Signed-off-by: Reda Bourial <reda.bourial@gmail.com>	2024-03-21 17:06:42 +01:00
Steven Hawkins	7eab019748	task: deprecate WILDCARD and STRICT options (#26833 ) closes: #24893 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-21 16:22:41 +01:00
Steven Hawkins	35b9d8aa49	task: remove usage of resteasy-core-spi (#27387 ) closes: #27242 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-21 15:28:34 +01:00
Giuseppe Graziano	b24d446911	Avoid using wait() to wait for the redirect Closes #22644 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-03-21 14:36:43 +01:00
Giuseppe Graziano	939420cea1	Always include offline_access scope when refreshing with offline token Closes #27878 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-03-21 14:32:31 +01:00
Pedro Igor	32541f19a3	Allow managing members for an organization Closes #27934 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-21 10:26:30 -03:00
Martin Kanis	4154d27941	Invalidating offline token is not working from client sessions tab Closes #27275 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-03-21 09:04:58 -03:00
Sebastian Schuster	0542554984	12671 querying by user attribute no longer forces case insensitivity for keys Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>	2024-03-21 08:35:29 -03:00
Pedro Igor	f970deac37	Do not grant scopes not granted for resources owned the resource server itself Closes #25057 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-20 18:36:41 +01:00
Alexander Schwartz	149e50e1b1	Upgrading to Quarkus 3.8.3 (#28085 ) Closes #28084 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-20 17:16:42 +01:00
Takashi Norimatsu	d5bf79b932	Refactoring JavaScript code of WebAuthn's authenticators to follow the current Keycloak's JavaScript coding convention closes #26713 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-03-20 13:22:48 +01:00
René Zeidler	83a3500ccf	Attributes without a group should appear first In the login theme, user profile attributes that are not assigned to an attribute group should appear before all other attributes. This aligns the login theme (registration, verify profile, etc.) with the account and admin console. Fixes #27981 Signed-off-by: René Zeidler <rene.zeidler@gmx.de>	2024-03-19 18:40:01 +01:00

1 2 3 4 5 ...

6656 commits