Jon Koops
d60dee7622
Remove the UMD distribution of Keycloak JS ( #33080 )
...
Closes #32826
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-09-30 14:05:18 +02:00
rmartinc
aaf8136c89
Move deleteCookies to before for RecoveryAuthnCodesAuthenticatorTest
...
Closes #26176
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-30 12:05:16 +02:00
rmartinc
1d23c3c720
Use note to detect the IDP verify email action is already done
...
Closes #31563
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-27 09:16:53 +02:00
mposolda
8f038f19dd
Upgrade BCFIPS to 2.0
...
closes #30415
Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-26 06:52:21 +02:00
Stefan Guilhen
6424708695
Ensure organization id is preserved on export/import
...
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.
Closes #33207
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-25 16:07:44 +02:00
Benoît
bf19ec11cf
Fix UserStorageManager.getGroupMembersStream potentially fetching all user ( #33145 )
...
Closes #32761
Signed-off-by: Benoit Messager <benoit.messager@liksi.fr>
Co-authored-by: Benoit Messager <benoit.messager@liksi.fr>
2024-09-24 09:51:35 +02:00
Jon Koops
46b0b6195c
Remove keycloak-js-adapter-jar
artifact ( #33196 )
...
Closes #32824
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-09-23 15:46:56 +00:00
Stian Thorgersen
d778a8551a
Use references to obtain the signed elements in a signature ( #188 ) ( #33190 )
...
Closes keycloak/keycloak-private#191
Closes #33116
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2024-09-23 13:51:46 +02:00
Stian Thorgersen
af5eef57bf
Improve handling for loopback redirect-uri validation ( #195 ) ( #33189 )
...
Closes #33116
Signed-off-by: stianst <stianst@gmail.com>
2024-09-23 13:51:02 +02:00
Jon Koops
5e2f09f66d
Remove statically served Keycloak JS from the server ( #33083 )
...
Closes #32827
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-09-22 19:05:01 +02:00
Giuseppe Graziano
849ca3efb9
Fix amr test
...
Closes #26117
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-20 23:32:55 +02:00
Daniel Fesenmeyer
87da4011f7
Bugfix: "User Profile" attributes not available for Users Attribute search, when admin user does not have view- or manage-realm realm-management role ( #31771 )
...
- UIRealmResource: add "info" sub-resource to get realm-related information, which is visible for ALL admins (users having any realm-management role); for now, only provide the information whether any user profile provider is enabled
- UIRealmResourceTest: test the new endpoint, including permissions check
- UserDataTable.tsx: use this resource to get the info whether user profile providers are enabled, instead of using the realm components resource (which requires "view-realm" permissions)
- .../cypress/e2e/users_attribute_search_test.spec.ts: add cypress test to test the attribute search with minimum access rights
- further small changes for reuse of components, test-code etc
Closes #27536
Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2024-09-20 14:06:08 -04:00
Christian Janker
21f90145ac
Send UserRemovedEvent containing all user attributes
...
Invalidate CachedUserModel before UserRemovedEvent
closes #32194
Signed-off-by: Christian Janker <christian.janker@gmx.at>
2024-09-20 16:22:08 +02:00
Stefan Guilhen
900c496ffe
Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead
...
Closes #32209
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-20 16:08:55 +02:00
Stefan Guilhen
42cde0cfdd
Fix various issues holding up CI ( #33086 )
...
- Disables the remote operator tests, which will have to be fixed later.
- Fixes the action expired error which occurs when accessing regular registration page with Organizations enabled.
- Fixes a race condition in the test suite causing sporadic failures.
Closes #33064
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-19 21:23:21 +02:00
vramik
fcb31a5aa6
Implement invitation-only self-registration for realm users
...
Closes #31643
Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 13:50:23 +02:00
Erik Jan de Wit
1f573eded0
added username field like suggested in issue comment ( #32866 )
...
related: #32522
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-18 13:03:03 +02:00
Vlasta Ramik
4ce40be1af
Make the ORGANIZATION a default feature ( #32404 )
...
Closes #32395
Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 12:19:28 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin ( #32918 )
...
Closes #32573
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-18 09:05:57 +02:00
rmartinc
5fe916861d
Return 404 on invalid theme type
...
Closes #32798
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-17 09:09:34 +02:00
Giuseppe Graziano
e6c5ee31e4
Admin API with Lightweight access token and transient session
...
Closes #32802
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-16 09:30:15 +02:00
Ricardo Martin
9c780e9190
Honor turnOffChangeSessionIdOnLogin in SAML adapter ( #185 )
...
Closes keycloak/keycloak-private#183
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-16 09:21:07 +02:00
Nate Drake
75973157aa
Fix a few typos ( #32929 )
...
Signed-off-by: Nate Drake <ndrake@gmail.com>
2024-09-15 10:12:26 +00:00
Pedro Ruivo
f67bec0417
Rename remote-cache Feature
...
Renamed to "clusterless"
Closes #32596
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Stefan Guilhen
92e435f192
Do not automatically re-import users if they already exist locally when searching by attributes
...
Closes #32870
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-13 08:54:44 +02:00
Erik Jan de Wit
9aad6f650d
added more style fixes for the login.v2 ( #32708 )
...
* added more style fixes for the login.v2
related: #32522
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed grant screen
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* test fixes
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fix for code.ftl
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* test fixes
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed tests
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-11 14:52:49 -04:00
mposolda
125124c2d9
Error when deploying SAML application with the keys in PEM format inside keycloak-saml.xml
...
closes #32817
Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-11 19:03:10 +02:00
Thomas Darimont
445a7da902
Ensure realm attributes import happens before client import
...
Fixes #32799
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-11 15:14:33 +02:00
rmartinc
b60621d819
Allow brute force to have http request/response and send emails
...
Closes #29542
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-11 08:35:03 +02:00
cgeorgilakis-grnet
f8b1b3ee03
Search Identity Providers by alias or display name
...
Closes #32588
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-09-10 21:52:59 +02:00
Erik Jan de Wit
d2e7c15f2f
added text and tooltip to idp ( #32411 )
...
* added text and tooltip to idp
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-09-10 13:05:14 +02:00
Thomas Darimont
6b83a45b2e
Propagate locale when using app initiated registration URL
...
Fixes #13505
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-10 12:25:17 +02:00
Martin Kanis
ccb166d0e9
Add caching when querying brokers by organization
...
Closes #32574
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-09-09 09:24:43 -03:00
mposolda
03e0fb0601
Fix ResetOtpTest
...
closes #32615
Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-09 10:19:37 +02:00
Alexander Schwartz
b88ecc0237
Removing the extra two-minute Window for persistent user sessions ( #32660 )
...
Closes #28418
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-09-09 09:28:48 +02:00
mposolda
e1d5f0c871
Fix ResetPasswordTest on chrome 128
...
closes #32514
closes #32478
closes #32477
closes #32678
closes #32542
closes #32678
closes #32541
Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-06 20:19:50 +02:00
Steven Hawkins
58d742bb5c
fix: refining v2 hostname validation ( #32659 )
...
closes : #32643
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-09-06 17:49:25 +02:00
Giuseppe Graziano
a14548a7a2
Lightweight access tokens for Admin REST API ( #32347 )
...
* Lightweight access tokens for Admin REST API
Closes #31513
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-04 18:04:23 +02:00
Stefan Guilhen
e7a4635620
Filter out org brokers from the account console
...
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination
Closes #31944
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 09:00:52 -03:00
Alexander Schwartz
4d1e1e0bcb
Show details for error messages where they were missing ( #32534 )
...
Closes #32533
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-04 07:23:54 -04:00
Stefan Guilhen
557d7e87b2
Avoid iterating through all mappers when running the config event listeners
...
Closes #32233
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 07:40:58 -03:00
Theresa Henze
a1c23fef8c
introduce event types to update/remove credentials
...
Closes #10114
Signed-off-by: Theresa Henze <theresa.henze@bare.id>
2024-09-03 18:27:27 +02:00
Thomas Darimont
88a5c96fff
Add kc_action
to redirect URI after a required action is cancelled ( #31925 )
...
Closes #31894
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-03 14:26:23 +00:00
Martin Bartoš
db7694e7be
Update the welcome page to create a temporary admin user ( #32283 )
...
Closes #30010
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
2024-09-03 09:43:41 +02:00
Pedro Igor
4b5b1a4c25
Unignore backchannel logout tests
...
Closes #20643
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-02 08:34:21 +02:00
Jon Koops
2d17024b14
Remove redirect_uri
support from OIDC logout endpoint
...
Closes #10983
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-08-30 12:52:49 +00:00
Martin Kanis
e7d71d43c3
Identity Provider secret visible in Organization tab (API request)
...
Closes #32486
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-30 09:26:25 -03:00
Douglas Palmer
0b7ab47cf2
Flaky test BruteForceTest.testPermanentLockout()
...
Closes #32498
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-08-30 10:14:05 +02:00
Douglas Palmer
ecbd856176
Brute force protection: Lockout permanently uses parameters configured under lockout temporarily
...
Closes #30969
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-08-29 16:30:22 +02:00
Stefan Guilhen
a41b622aa5
Set the correct realm when setting up client exchange permissions
...
Closes #32465
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-29 16:09:23 +02:00
Erik Jan de Wit
e410a83c3c
Made the login more modular
...
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-29 07:18:24 -04:00
Martin Kanis
7e6dd682d4
Validate organization alias for forbidden chars
...
Closes #32392
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-28 21:59:38 +02:00
mposolda
cd947ce3bc
Removing policy-enforcer from Keycloak repository
...
closes #32191
Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-28 07:40:20 -03:00
Pedro Igor
449557290b
More options to organization scope mapper including adding organization attributes to tokens
...
Closes #31642
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-27 09:40:55 -03:00
Giuseppe Graziano
c2c74faec0
Removing BOM character from SAML entity descriptor
...
Closes #30604
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-26 10:59:05 +02:00
Erik Jan de Wit
776a491989
added organizations table to account ( #32311 )
...
* added organizations table to account
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-22 15:44:03 -03:00
Michal Hajas
f5b2775939
Enable persistent sessions by default
...
Run CI with the feature disabled to test also the old settings
Closes #32265
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-21 17:37:54 +02:00
Erik Jan de Wit
e2d7a94459
Hynek's notes
...
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-21 08:50:01 -04:00
Pedro Igor
c1f6d5ca64
Support for selecting an organization when requesting the organization scope
...
Closes #31438
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-21 13:04:58 +02:00
Pedro Igor
4376a3c757
Add an endpoint to the organizations endpoint to return the organizations for a given user
...
Closes #32158
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43
Make sure federationLink always map to the storage provider associated with federated users
...
Closes #31670
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:27:22 +02:00
Martin Bartoš
bf5cf47351
Management Interface is turned on even though nothing is exposed on it ( #31938 )
...
* Management Interface is turned on even though nothing is exposed on it
Fixes #31818
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Remove conditional enablement, add relevancy description
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-19 15:52:59 +02:00
Stefan Guilhen
fa7c2b5da6
Address review comments
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
6e7b36e82f
Add migration tests for the IDP changes
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65
Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code.
...
Closes #32090
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c
Support for ALL and ANY organization scope values
...
Related #31438
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-19 08:45:23 -03:00
mposolda
3d787727f9
Add acr scope to all clients for those migrating from older than Keycloak 18
...
closes #31107
Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-16 12:17:43 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values ( #32137 )
...
closes #31595
Signed-off-by: Himanshi Gupta <higupta@redhat.com>
2024-08-16 08:58:27 +02:00
Stefan Guilhen
aeb1951aba
Replace calls to deprecated RealmModel IDP methods
...
- use the new provider instead
Closes #31254
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00
Support for resolving organization based on the organization scope
...
Closes #31438
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies
...
Closes #16770
Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db
Add a count method to the OrganizationMembersResource
...
Closes #31388
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac
Client Policy - Condition : Client - Client Attribute
...
Closes https://github.com/keycloak/keycloak/issues/31766
Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
2024-08-14 09:56:56 +02:00
Pedro Igor
d04d2bb852
Allow removing users federated from a kerberos provider
...
Closes #31603
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-13 18:47:55 +02:00
rmartinc
a38d3b2f55
SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface
...
Closes #32084
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-13 15:53:45 +02:00
rmartinc
347f595913
Add ECDH-ES encyption algorithms to the java keystore key provider
...
Closes #32023
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a
Conditionally redirect existing users to a broker based on their credentials
...
Closes #31006
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-09 07:59:25 -03:00
Alexander Schwartz
07a168cb14
Deleted authentication sessions should not be re-surrected with an update
...
Closes #31829
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-09 07:26:05 -03:00
rmartinc
2a06e1a6db
Add SHAKE256 hash provider for Ed448
...
Closes #31931
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider ( #23928 )
...
Closes #23596
Closes #23597
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-08 17:29:35 +02:00
Pedro Igor
3ab2446074
Do not return identity providers when querying the realm representation
...
Closes #21072
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-07 10:06:51 -03:00
StephanSchrader
4d64092119
Fix persist config values for custom components ( #31862 )
...
Closes #31858
Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de>
Signed-off-by: Stephan Schrader <zstephanz@gmail.com>
Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>
2024-08-07 14:40:30 +02:00
Giuseppe Graziano
35c8c09b8d
OIDC dynamic client registration with response_type=none
...
Closes #19564
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-07 10:34:47 +02:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
...
Closes #31807
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Nikos Epping
4080ee2e84
Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper
...
Fixes #31575
Signed-off-by: Nikos Epping <n.epping@evosec.de>
2024-08-05 10:22:22 +02:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC ( #31763 )
...
closes #31712
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1
Add a media type to error responses on OID4VC endpoints
...
Closes #31585
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-02 12:09:09 +02:00
Justin Tay
f537343545
Allow empty key use in JWKS from identity provider
...
Closes #31823
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-02 11:39:43 +02:00
rmartinc
773e309f75
Parse saml urls correctly if the bindings are different
...
Closes #31780
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-02 11:34:06 +02:00
Thomas Darimont
282260dc95
Ensure issued_client_type is always added to successful token-exchange response ( #31548 )
...
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1 )
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type
Fixes #31548
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-30 18:33:51 +02:00
rmartinc
a6c70d65ee
Do not generate secret when client rep do not specifiy public or bearer
...
Closes #31444
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-30 18:32:15 +02:00
Pedro Igor
a79761a447
Support for blocking concurrent requests when brute force is enabled
...
Closes #31726
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-30 10:01:48 +02:00
Hynek Mlnarik
183cd6c957
Run tests with keycloak.v2 login theme
...
The fixes (mostly selectors) are needed for tests.
In the future, to switch the keycloak.v2 to the default theme, do
the following:
- Update `ThemeSelectorProvider`: Uncomment relevant lines
- Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property
- Update `ThemeSelectorTest` per comment
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-07-30 10:01:17 +02:00
Martin Kanis
d91d6d18d5
Can not update organization group error when trying to create organisation from REST API
...
Closes #31144
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes ( #29967 )
...
fixes #30179
fixes #30181
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-29 16:30:54 +02:00
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs ( #31620 )
...
closes #31581
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645
Respect the username value format when processing federated users
...
Closes #31240
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators ( #31549 )
...
Closes #30476
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:03:21 +02:00
Pedro Igor
04bd6653ec
Invalidating domain cache and introducing cache for more query methods
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a
Allow members joining multiple organizations
...
Closes #30747
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00