keycloak-scim

Author	SHA1	Message	Date
Ryan Emerson	8d7e18ec29	Clear local caches on split-brain heal Closes #25837 Signed-off-by: Ryan Emerson <remerson@redhat.com>	2024-07-31 13:59:06 +02:00
Pedro Ruivo	17e30e9ec1	Persist revoke tokens with remote cache feature Stores the revoked tokens into the database and preloads them during startup. Fixes #31760 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-07-31 11:02:38 +02:00
Thomas Darimont	282260dc95	Ensure issued_client_type is always added to successful token-exchange response (#31548 ) - Compute issued_token_type response parameter based on requested_token_type and client configuration - `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1) - Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type Fixes #31548 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-07-30 18:33:51 +02:00
rmartinc	a6c70d65ee	Do not generate secret when client rep do not specifiy public or bearer Closes #31444 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-30 18:32:15 +02:00
Pedro Ruivo	e62604b1ec	ConditionalRemover interface for External Infinispan feature Add a ConditionalRemover interface to remove entries from a RemoteCache based on the key or value fields. The default implementation provided by this PR uses streaming/iteration to test and remove entries On a side change, moved all the transactions to the same package and created one transaction class per entity/cache to simplify code and avoid writing "RemoteChangeLogTransaction" with a long list of types. Fixes #31046 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-07-30 15:16:17 +02:00
Pedro Igor	a79761a447	Support for blocking concurrent requests when brute force is enabled Closes #31726 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Douglas Palmer <dpalmer@redhat.com> Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-30 10:01:48 +02:00
Hynek Mlnarik	183cd6c957	Run tests with keycloak.v2 login theme The fixes (mostly selectors) are needed for tests. In the future, to switch the keycloak.v2 to the default theme, do the following: - Update `ThemeSelectorProvider`: Uncomment relevant lines - Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property - Update `ThemeSelectorTest` per comment Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-07-30 10:01:17 +02:00
Martin Kanis	d91d6d18d5	Can not update organization group error when trying to create organisation from REST API Closes #31144 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-29 17:39:56 +02:00
Pascal Knüppel	94784182df	Implement DPoP for all grantTypes (#29967 ) fixes #30179 fixes #30181 Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de> Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2024-07-29 16:30:54 +02:00
Stefan Guilhen	17c01c9380	Enable new IDP Storage SPI in JPA model tests Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-07-29 16:02:26 +02:00
Francis Pouatcha	cc78fd7ca0	Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs (#31620 ) closes #31581 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-07-29 09:32:48 +02:00
Pedro Igor	87c279d645	Respect the username value format when processing federated users Closes #31240 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:28:43 +02:00
Pedro Igor	4d8c525644	Make sure changes to user profile metadata is not stored when calling decorators (#31549 ) Closes #30476 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:03:21 +02:00
Pedro Igor	04bd6653ec	Invalidating domain cache and introducing cache for more query methods Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:02:36 +02:00
Pedro Igor	1f8280c71a	Allow members joining multiple organizations Closes #30747 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:02:36 +02:00
Giuseppe Graziano	12732333c8	Client scope assignment for client registration Closes #31062 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-26 17:33:49 +02:00
Stefan Guilhen	c9f5a0aa32	Testsuite: ensure realm is set in session context Closes #31636 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-07-26 11:11:44 -03:00
Lex Cao	3818f8f575	Prevent removing flow that used by client flow overrides Closes #30707 Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-07-26 16:05:29 +02:00
Alexander Schwartz	227c71f7f0	Persisting revoked access tokens Closes #31296 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-26 11:46:14 +02:00
vramik	01f5747eed	If the user is federated before the broker is associated with an organization this user is not a managed user Closes #30744 Signed-off-by: vramik <vramik@redhat.com>	2024-07-25 04:30:13 -03:00
vramik	649b35929e	Make sure users created through a registration link are managed members Closes #30743 Signed-off-by: vramik <vramik@redhat.com>	2024-07-25 04:30:13 -03:00
Maciej Mierzwa	97e89e2071	feature: password age in days policy Closes #30210 Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>	2024-07-24 15:12:16 -03:00
Kamesh Akella	33b3fd313c	Add migration tests for AuroraDB (#31396 ) Fixes #31024 Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>	2024-07-24 16:45:02 +02:00
Francis Pouatcha	30be268672	Enhance Verifiable Credential Signing Service Flexibility and Key Rotation(#30692 ) closes #30525 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-07-24 13:45:39 +02:00
Miquel Simon	aab7a912c4	Updated connection configuration for MSSQL test container Closes #31558 Signed-off-by: Miquel Simon <msimonma@redhat.com>	2024-07-24 09:12:58 +00:00
Hynek Mlnarik	a7374f92be	Update login theme to login v2 Fixes: #29009 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-07-18 14:33:22 +02:00
Hynek Mlnarik	ab6ca323db	Run docker tests with proper theme and fix chromedriver path Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-07-18 14:33:22 +02:00
mposolda	3110bb8989	Missing Cache-Control header when response_type parameter is missing in login request closes #29866 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-18 10:17:52 +02:00
rmartinc	5ea3becef5	Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest Closes #30188 Closes #30641 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-18 10:03:13 +02:00
Pascal Knüppel	018a0802bc	Remove java.util.Date from VerifiableCredential (#30920 ) closes #30918 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>	2024-07-18 09:52:02 +02:00
mposolda	06f6173c8a	Add suffix to keycloak-authz-client artifact in keycloak repository closes #30926 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-17 14:59:09 +02:00
Martin Kanis	e5848bdcf9	Cannot set unmanagedAttributePolicy without profile attributes Closes #31153 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-17 09:53:59 -03:00
mposolda	5526976d1c	Add suffix to keycloak-policy-enforcer artifacts in keycloak repository closes #30927 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-17 12:03:23 +02:00
Ricardo Martin	3d12c05005	Correctly moves to the next required action (#31358 ) Closes #31014 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-07-17 09:38:29 +02:00
Pedro Igor	de1de06354	Avoid adding organization flows if they are already exist Closes #31182 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-17 08:28:00 +02:00
Stefano Azzalini	6d67c1f9cc	Normalize default authentication flow descriptions to start with an uppercase letter (#31277 ) Closes #31291 Signed-off-by: Stefano Azzalini <stefano.azzalini@luminator.com>	2024-07-16 13:49:35 +02:00
Lex Cao	6c71ad2884	Fallback to no override flow when missing in client override Closes #30765 Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-07-16 11:33:41 +02:00
Thomas Darimont	2140e573f2	Fix test LDAP connection with multiple ldap connection urls Previously, the given connection string was check with URI.create(..) which failed when multiple space separated LDAP URLs were given. Closes #31267 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-07-16 08:57:50 +02:00
Martin Kanis	887db25f00	Allow auto-redirect existing users federated from organization broker when using the username Closes #30746 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-15 13:48:45 -03:00
mposolda	1864cf1827	Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25 closes #31224 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-15 18:30:35 +02:00
Pedro Igor	c33585a5f4	All pubic brokers are shown during authentication rather than only those associated with the current organization Closes #31246 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-12 17:51:39 +02:00
Giuseppe Graziano	1df60461a9	Avoid race condition when using initial-access-token Closes #27294 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-12 16:33:02 +02:00
Douglas Palmer	9300903674	page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt Closes #25440 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-07-12 16:24:21 +02:00
Pascal Knüppel	4028ada2a5	Add required default-context value to VerifiableCredential (#30959 ) closes #30958 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2024-07-11 18:25:11 +02:00
Steven Hawkins	4970a9b729	fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD closes: #30658 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-07-11 18:07:57 +02:00
rmartinc	096e335a92	Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider Closes #30880 Closes #29755 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-11 12:40:45 +02:00
Pedro Igor	da6c9ab7c1	Bruteforce protector does not work when using organizations Closes #31204 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-11 00:26:47 +02:00
Jon Koops	a0c99a7ae0	Show full error details in admin and account consoles Closes #30705 Signed-off-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-07-10 16:20:26 +02:00
Martin Kanis	922eaa9fc8	Disable username prohibited chars validator when email as username is… (#31140 ) * Disable username prohibited chars validator when email as the username is set Closes #25339 Signed-off-by: Martin Kanis <mkanis@redhat.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-10 09:46:24 -03:00
Pedro Igor	d475833361	Do not expose kc.org attribute in user representations Closes #31143 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-10 13:43:23 +02:00
Alexander Schwartz	d70f78072e	Make persistent sessions co-exist with remote cache feature (#30859 ) Closes #30855 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-09 09:03:36 +02:00
rmartinc	f78a46485d	TE should create a transient session when there is no initial session in client-to-client exchange Closes #30614 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-08 15:44:38 -03:00
Pedro Igor	ead1b4a851	Testing ldap connection should not process or bind the credentials (#31081 ) Closes #30821 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-08 13:58:02 +02:00
Pedro Igor	cbf7f208fb	Avoid iterating and updating all group policies when removing groups (#31057 ) Closes #31056 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-08 13:57:20 +02:00
wojnarfilip	3c429b7506	Update social login tests login flows Signed-off-by: wojnarfilip <fwojnar@redhat.com>	2024-07-08 08:48:31 +02:00
Pedro Igor	f010f7df9b	Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-03 11:55:04 -03:00
Martin Kanis	e1b735fc41	Identity-first login flow should be followed by asking for the user credentials Closes #30339 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-03 11:55:04 -03:00
Giuseppe Graziano	02d64d959c	Using _system client when account client is disabled for email actions Closes #17857 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet	20cedb84eb	Check refresh token flow response for offline based on refresh token request parameter Closes #30857 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-07-02 18:13:30 -03:00
Steven Hawkins	d534860e2b	fix: admin cli client should set the content when performing a merge (#30539 ) closes: #29878 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-28 15:56:07 +02:00
Pedro Igor	cc2ccc87b0	Filtering organization groups when managing or processing groups Closes #30589 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-28 10:27:18 -03:00
Steven Hawkins	aae1fa1417	fix: addresses cli erroneously wants a secret when env password is set (#30892 ) closes: #30866 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-28 11:48:42 +02:00
Thomas Darimont	690c6051bb	Fix scope policy evaluation for client to client token exchange (#26435 ) Previously the scope from the token was not set available in the ClientModelIdentity attributes. This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..) when calling `identity.getAttributes().getValue("scope")`. We now pass the provided decoded AccessToken down to the ClientModelIdentity creation to allow to populate the required scope attribute. We also ensure backwards compatibility for ClientPermissionManagement API. Fixes #26435 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-06-28 10:33:20 +02:00
mposolda	f1b8a983d2	Cleanup mod_auth_mellon from the testsuite closes #30869 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-28 08:33:36 +02:00
Douglas Palmer	7a8c7502d2	Cleanup of adapter-spi module? Closes#30871 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-27 19:41:30 +02:00
Douglas Palmer	220f32aa85	Cleanup of adapter pages Closes #30870 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-27 18:57:22 +02:00
mposolda	7279f2092e	Cleanup of test-apps and related adapter code closes #30867 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-27 15:10:31 +02:00
mposolda	e5a4c94f75	Added suffix to keycloak-admin-client artifacts in keycloak repository Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-27 11:00:30 +02:00
Romain LABAT	6615691c63	Support for service accounts when fetch roles is enabled (#30687 ) Support for service accounts when fetch roles is enabled Signed-off-by: Romain LABAT <contact@romainlabat.fr> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-25 18:00:26 -03:00
rmartinc	e9c9efc3f4	Upgrade bc-fips to 1.0.2.5 Closes #26568 Closes #27884 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-25 11:07:27 +02:00
Andre F de M	0f061a75e2	Issue: 26568 - bcfips version bump and fixes * bump BCFIPS to 1.0.2.5 * fix bc-fips related test error * remove unused imports Closes: #26568 Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>	2024-06-25 11:07:27 +02:00
fwojnar	015fefad02	Remove Edge from supported web drivers (#30423 ) Closes #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 17:24:55 +02:00
fwojnar	e30e6cba8e	Remove Safari from supported web drivers (#30424 ) Related to #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 13:27:12 +02:00
fwojnar	640db99c27	Remove Appium from supported web drivers (#30483 ) Related to #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 13:26:33 +02:00
Takashi Norimatsu	b0aac487a3	VC issuance in Authz Code flow with considering scope parameter closes #29725 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-06-24 10:53:19 +02:00
Jon Koops	df18629ffe	Use a default Java version from root POM (#29927 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-21 14:19:31 +02:00
mposolda	6a9e60bba0	Flow steps back when changing locale or refreshing page on 'Try another way page' closes #30520 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-21 11:22:15 +02:00
rmartinc	592c2250fc	Add briefRepresentation query parameter to getUsersInRole endpoint Closes #29480 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-21 11:21:02 +02:00
Takashi Norimatsu	6b135ff6e7	client-jwt authentication fails on Token Introspection Endpoint closes #30599 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-06-21 10:47:25 +02:00
Pedro Igor	a0ad680346	Adding an alias to organization and exposing them to templates Closes #30312 Closes #30313 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-20 14:36:14 -03:00
rmartinc	f690947cea	Remove the SAML undertow adapter Closes #30554 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-20 09:47:14 +02:00
Giuseppe Graziano	6b07b67667	Removed saml filter adapter tests Closes #30553 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-20 09:42:59 +02:00
Pedro Ruivo	5fc12480fd	External Infinispan as cache - Part 4 (#30072 ) UserSessionProvider implementation to make use of Infinispan remote cache. Closes #28755 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	9006218559	External Infinispan as cache - Part 3 Implementation of UserLoginFailureProvider using remote caches only. Closes #28754 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	833aad661e	External Infinispan as cache - Part 2 Includes a new implementation for the providers: * StickySessionEncoderProviderFactory * LoadBalancerCheckProviderFactory * SingleUseObjectProviderFactory Closes #28648 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	d2ae27a1e2	External Infinispan as cache - Part 1 Part 1 includes * New experimental feature to enable the new code * New providers using RemoteCache only * New test profile to run the tests with the experimental feature New providers' implementation for: * InfinispanConnectionProvider * AuthenticationSessionProvider * ClusterProvider Closes #28140 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Martin Kanis	dc109381e1	Refactor organization tests Closes #30338 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-19 09:34:24 -03:00
Martin Kanis	89f83e9788	Importing organizations failing if there is no broker and members in the representation Closes #30305 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-19 08:46:04 -03:00
Pedro Igor	57139cbefc	Internal read-only attributes have precedence over unmanaged attribute policy Closes #30240 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-19 12:05:01 +02:00
Alexander Schwartz	9ce47fc117	Trying to switch the database Closes #28311 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-19 10:30:36 +02:00
Giuseppe Graziano	24aa6e143d	REALM_CLIENT attribute to recognize realm clients (#30433 ) Closes #29413 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-19 10:22:13 +02:00
Stefan Guilhen	db846a792d	Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches Closes #30414 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-06-18 13:14:28 -03:00
Francis Pouatcha	d4797e04a2	Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification (#30420 ) closes #30419 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-06-18 17:07:49 +02:00
rmartinc	fc65c73106	Upgrade adapters test to use wildfly 28 (jakarta only) via maven plugin Closes #30324 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-18 15:40:59 +02:00
rmartinc	38d8cf2cb3	Add UPDATE event to the client-roles condition Closes #30284 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-18 15:30:42 +02:00
Martin Bartoš	5ad3abaa96	Enable WebAuthn tests for Firefox (#30374 ) Closes #22075 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-06-18 10:36:01 +02:00
Jon Koops	08c3bb83f2	Remove Internet Explorer from supported web drivers (#29918 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-17 15:48:58 +00:00
rmartinc	c51640546d	Improvements for ldap test authentication Closes #30434 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-15 10:01:24 +02:00
Thibault Morin	f6fa869b12	feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619 ) * feat: add Artifact Binding on brokering scenarios when Keycloak is SP Signed-off-by: tmorin <git@morin.io> * Adding broker test and minor improvements Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Fixing IdentityProviderTest Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Renaming methods related to idp initiated flows Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Fixing partial_import_test.spec.ts Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> --------- Signed-off-by: tmorin <git@morin.io> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-14 08:54:49 -03:00
Pedro Ruivo	18a6c79011	Infinispan Protostream Marshaller (#29474 ) Closes #29394 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-13 18:02:46 +02:00
Lukas Hanusovsky	ca0833b2e4	[#29412 ] DB Allocator removal - dependency cleanup. (#30406 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2024-06-13 13:31:52 +00:00
vramik	de2fdbe98f	cache count Signed-off-by: vramik <vramik@redhat.com>	2024-06-13 08:13:36 -03:00
vramik	d355e38424	Provide a cache layer for the organization model Closes #30087 Signed-off-by: vramik <vramik@redhat.com>	2024-06-13 08:13:36 -03:00
Alfredo Moises Boullosa	a5cd6ed965	Add step to Google Social Login (#30335 ) Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>	2024-06-12 17:27:02 +02:00
Stefan Guilhen	c49b5749ef	Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP Closes #29784 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-06-12 10:42:21 -03:00
Martin Kanis	ae69b3b260	Introduce packages for organization tests Closes #30337 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-12 10:02:06 -03:00
rmartinc	7d42ab822b	Remove adapter app-server-undertow profile which is not used Closes #30347 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-12 14:40:06 +02:00
Patrick Jennings	75925dcf6c	Client type configuration inheritance (#30056 ) closes #30213 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-06-10 18:59:08 +02:00
rmartinc	7d05a7a013	Logout from all clients after IdP logout is performed Closes #25234 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-10 11:58:09 -03:00
Giuseppe Graziano	6067f93984	Improvements to refresh token rotation with multiple tabs (#29966 ) Closes #14122 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-07 12:02:36 +02:00
Steven Hawkins	c7e9ee2bff	fix: adds handling for all kcadm prompts as env variables (#29430 ) closes: #21961 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-06 13:08:23 +00:00
Bruno Oliveira da Silva	f34baf3c24	Update license headers (#29942 ) Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>	2024-06-06 14:06:09 +02:00
Alexander Schwartz	97ab0def2c	Adding ForkJoinPool for Quarkus to the surefire initialization for embedded Quarkus Closes #30206 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-06 12:52:11 +02:00
Pedro Igor	94c194f1f4	Prevent users to unlink from their home identity provider when they are a managed member Closes #30092 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2024-06-05 13:57:01 +02:00
mposolda	0bf613782f	Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error closes #30102 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-05 13:55:02 +02:00
rmartinc	eedfd0ef51	Missing auth checks in some admin endpoints (#166 ) Closes keycloak/keycloak-private#156 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-05 12:04:47 +02:00
Giuseppe Graziano	d5e82356f9	Encrypted KC_RESTART cookie and removed sensitive notes Closes #keycloak/keycloak-private#162 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-05 10:33:44 +02:00
Pedro Igor	f8d55ca7cd	Export import realm with organizations Closes #30006 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-05 09:50:03 +02:00
Martin Kanis	33331788a4	Introduce count method to avoid fetching all organization upon checking for existence Closes #29697 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-04 10:45:28 -03:00
Martin Kanis	173f09fa6b	Malformed dependency version causing the build failure Closes #30134 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-04 13:44:14 +02:00
Thomas Darimont	35a4a17aa5	Add support for application/jwt media-type in token introspection (#29842 ) Fixes #29841 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-06-03 19:06:21 +02:00
rmartinc	536534dd25	Remove the transformed output directory before executing JakartaTransformer Closes #30086 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-03 19:03:46 +02:00
Alexander Schwartz	792a3457ff	Use Maven wrapper instead of platform dependent Maven version (#29988 ) Closes #29987 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-03 15:45:39 +02:00
Martin Bartoš	262fc09edc	OpenJDK 21 support (#28518 ) * OpenJDK 21 support Closes #28517 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * x509 SAN UPN other name is not handled in JDK 21 (#904) closes #29968 Signed-off-by: mposolda <mposolda@gmail.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2024-06-03 14:17:28 +02:00
mposolda	9074696382	Editing built-in client policy profiles are silently reverted closes #27184 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-03 14:00:37 +02:00
Pedro Igor	4c39fcc79d	Allow to configure if users are automatically redirected when the email domain matches an organization Closes #30050 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-03 13:34:21 +02:00
raff897	6d6131cade	Backchannel logout url with curly brackets closes #30023 Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>	2024-06-03 09:51:39 +02:00
Ricardo Martin	0cd0d03c08	Remove all adapter-core code moved to util (#30012 ) * Remove all tests that are only executed for undertow app server * Remove installation steps for OIDC adapter in wildfly/eap app server * Remove the util adapters package except HttpClientBuilder * Remove HttpClientBuilder and use plain apache http client Closes #29912 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-03 09:28:02 +02:00
Alexander Schwartz	f6f3b385c5	Improve the cleanup after a failed test to ensure retries work Closes #30018 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-03 08:59:03 +02:00
Pedro Ruivo	ad32f8bdbc	auth-server-feature does not work for auth-server-quarkus-embedded (#30045 ) Fixes #29259 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-03 08:47:52 +02:00
Peter Zaoral	cd2451d58b	Remove Oracle JDBC driver out of the box (#29895 ) Closes: #29491 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2024-05-31 17:21:19 +00:00
rmartinc	068ce5a61f	Modify xpath for account console logout in the webauthn tests Closes #30024 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-31 15:14:35 +02:00
Stefan Wiedemann	0f6f9543ba	Add oid4vci to the account console (#29174 ) closes #25945 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com> Co-authored-by: Erik Jan de Wit <edewit@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-05-31 15:11:32 +02:00
Patrick Jennings	5144f8d85f	Improve Client Type Integration Tests (#29944 ) closes #30017 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-31 09:53:22 +02:00
Andrejs Mivreniks	1cf87407fe	Allow setting authentication flow execution priority value via Admin API Closes #20747 Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>	2024-05-30 19:17:45 +02:00
Martin Bartoš	3f49036192	Unify approach for WebAuthn tests (#29781 ) Closes #29780 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-30 14:21:27 +02:00
rmartinc	44ce2fb74d	Modify authz tests to not depende on adapter-core code Closes #29882 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-30 08:02:29 +02:00
Pedro Igor	320f8eb1b4	Improve invitation messages and flow Closes #29945 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 17:51:06 +02:00
Erik Jan de Wit	f088b0009c	initial ui for organizations (#29643 ) * initial screen Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * more screens Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added members tab Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added the backend Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added member add / invite models Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * initial version of the identity provider section Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * add link and unlink providers Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * small fix Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * PR comments Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Do not validate broker domain when the domain is an empty string Closes #29759 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added filter and value Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added first name last name Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * refresh menu when realm organization is changed Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * changed to record Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * changed to form data Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * fixed lint error Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Changing name of invitation parameters Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Chancing name of parameters on the client Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Enable organization at the realm before running tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Domain help message Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Handling model validation errors when creating organizations Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Message key for organizationDetails Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Do not change kc.org attribute on group Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * add realm into the context Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * tests Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Changing button in invitation model to use Send instead of Save Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Better message when validating the organization domain Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Fixing compilation error after rebase Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * fixed test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * removed wait as it no longer required and skip flacky test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * skip tests that are flaky Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * stabilize user create test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> --------- Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 14:34:02 +02:00
Martin Bartoš	76a6733f0a	Replace PhantomJS by HtmlUnit Closes #9979 Co-authored-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-29 11:17:57 +02:00
Martin Bartoš	b1a90972b6	Upgrade Selenium and Arquillian dependencies in testsuite Closes #29778 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-29 11:17:57 +02:00
Pedro Igor	bbb83236f5	Do not lower-case the username from the IdP when creating the federated identity Closes #28495 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 01:58:20 -03:00
Alexander Schwartz	46f0da43da	Instead of the test blocking for an unknown reason, specify a timeout Closes #29528 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-28 21:06:49 +02:00
Stefan Guilhen	694ffaf289	Allow organizations in different realms to have the same domain Closes #29886 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-28 08:02:30 -03:00
Francis Pouatcha	4317a474d1	JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification (#29635 ) closes #29634 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com> Co-authored-by: DYLANE BENGONO <85441363+bengo237@users.noreply.github.com>	2024-05-28 12:51:56 +02:00
Yutaka Obuchi	68d9dcecb5	Supporting OID4VCI AuthZCode flow: (#29685 ) closes #29724 Signed-off-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com> Co-authored-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com> Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-05-28 12:29:31 +02:00
Martin Bartoš	d396dfed6a	Upgrade old Keycloak version for DB migration tests (#29884 ) Closes #29883 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-28 11:32:31 +02:00
Jon Koops	66ef3bf2d7	Remove Opera from supported web drivers (#29903 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-05-28 09:01:40 +00:00
Douglas Palmer	b9c04bb8bc	Refactor PolicyEnforcer tests to remove dependency on keycloak-adapter-core and remove keycloak-adapter-core Closes #29189 Closes #28791 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-27 15:00:13 -03:00
Stefan Wiedemann	5a68056f2a	Fix oid4vc mappers Closes #29805 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-05-27 11:28:46 +02:00
mposolda	ea1cdc10bd	MigrateTo25_0_0 does not complete within default transaction timeout closes #29756 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-27 10:31:39 +02:00
Pedro Igor	2d4d32764c	Show a message when confirming an invitation link Closes #29794 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-27 08:33:22 +02:00
rmartinc	b258b459d7	Generate RESTART_AUTHENTICATION event on success Closes #29385 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-23 19:08:22 +02:00
vramik	0508d279f7	Filter empty domains from OrganizationsRepresentation before running validation Closes #29809 Signed-off-by: vramik <vramik@redhat.com>	2024-05-23 09:53:51 -03:00
Marek Posolda	2efc163b89	Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database Closes #27941 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-23 12:00:18 +00:00
Daniel Fesenmeyer	c08621fa63	Always order required actions by priority (regardless of context) - AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action - AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation) - add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now) - fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80) Closes #16873 Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>	2024-05-23 09:07:56 +02:00
Thomas Darimont	ab376d9101	Make required actions configurable (#28400 ) - Add tests for crud operations on configurable required actions - Add support exposing the required action configuration via RequiredActionContext - Make configSaveError message reusable in other contexts - Introduced admin-ui specific endpoint for retrieving required actions with config metadata Fixes #28400 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-05-23 08:38:36 +02:00
vramik	278341aff9	Add organizations enabled/disabled capability Closes #28804 Signed-off-by: vramik <vramik@redhat.com>	2024-05-22 07:58:26 -03:00
Alexander Schwartz	80de3a0a71	Allow migration of non-persistent sessions to persistent sessions Closes #29375 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-22 10:30:46 +02:00
Francis Pouatcha	542fc65923	Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 (#29628 ) closes #29627 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com> Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-05-22 10:30:34 +02:00
rmartinc	f7044ba5c2	Use SessionExpirationUtils for validate user and client sessions Check client session is valid in TokenManager Closes #24936 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-22 10:12:20 +02:00
Case Walker	f32cd91792	Upgrade owasp-java-html-sanitizer, address all fallout Signed-off-by: Case Walker <case.b.walker@gmail.com>	2024-05-22 09:15:25 +02:00
Raffaele Lucca	a5a55dc66e	Protocol now is mandatory during client scope creation. (#29544 ) closes #29027 Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>	2024-05-22 09:10:46 +02:00
Patrick Jennings	84acc953dd	Client type OIDC base read only defaults (#29706 ) closes #29742 closes #29422 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-22 09:07:19 +02:00
Pedro Igor	b019cf6129	Support unmanaged attributes for service accounts and make sure they are only managed through the admin api Closes #29362 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-21 16:56:18 -03:00
Martin Kanis	97cd5f3b8d	Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not Closes #29482 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-21 12:29:10 -03:00
rmartinc	3304540855	Allow admin console whoami endpoint to applications that have a special attribute Closes #29640 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-20 09:51:07 +02:00
Stefan Guilhen	1aab371912	Fix errors when importing realms with the organization feature enabled Closes #29630 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-17 07:25:31 -03:00
Ricardo Martin	74a80997c7	Fix CRL verification failing due to client cert not being in chain (#29582 ) closes #19853 Signed-off-by: Micah Algard <micahalgard@gmail.com> Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Micah Algard <micahalgard@gmail.com> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-05-17 11:28:07 +02:00
Dimitri Papadopoulos Orfanos	64a145e960	Fix user-facing typos in error messages (#29326 ) Update resource file and tests accordingly Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>	2024-05-16 09:55:41 +02:00
Takashi Norimatsu	b4e7d9b1aa	Passkeys: Supporting WebAuthn Conditional UI (#24305 ) closes #24264 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2024-05-16 07:58:43 +02:00
rmartinc	89d7108558	Restrict access to whoami endpoint for the admin console and users with realm access Closes #25219 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-15 19:06:57 +02:00
Stefan Guilhen	c4760b8188	Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org. Closes #29481 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-14 15:39:18 -03:00
Martin Kanis	3985157f9f	Make sure operations on a organization are based on realm they belong to Closes #28841 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-14 10:47:39 -03:00
Pedro Igor	b4d231fd40	Fixing realm removal when removing groups and brokers associated with an organization Closes #29495 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-14 14:29:27 +02:00
Pedro Igor	b5a854b68e	Minor improvements to invitation email templates (#29498 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-14 13:19:02 +02:00
Pedro Igor	1b583a1bab	Email validation for managed members should only fail if it does not match the domain set to a broker Closes #29460 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-14 10:46:22 +02:00
mposolda	d8a7773947	Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests closes #12298 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-13 16:33:29 +02:00
kaustubh-rh	8a82b6b587	Added a check in ClientInitialAccessResource (#29353 ) closes #29311 Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>	2024-05-13 13:00:36 +02:00
rmartinc	2cc051346d	Allow empty CSP header in headers provider Closes #29458 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-13 10:51:31 +02:00
Alexander Schwartz	6cc8d653f3	Make SessionWrapper related fields immutable that are part of the equals method The cache replace logic depends on it, as values returned by reference from a local cache must never be modified on those critical fields directly. Closes #28906 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-13 09:59:50 +02:00
Giuseppe Graziano	d735668fcd	Fix test failures after @DisableFeature Closes #29253 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-05-13 08:20:54 +02:00
Pedro Igor	b50d481b10	Make sure organization groups can not be managed but when managing an organization Closes #29431 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-10 21:28:11 -03:00
Stefan Guilhen	f0620353a4	Ensure master realm can't be removed Closes #28896 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-10 16:56:18 -03:00
Stefan Guilhen	ceed7bc120	Add ability to search organizations by attribute Closes #29411 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-10 16:45:41 -03:00
Pedro Igor	77b58275ca	Improvements to the organization authentication flow Closes #29416 Closes #29417 Closes #29418 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-09 16:07:52 -03:00
Pedro Igor	a65508ca13	Simplifying the CORS SPI and the default implementation Closes #27646 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-08 12:27:55 -03:00
Pedro Ruivo	cbce548e71	Infinispan 15.0.3.Final Closes #29068 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-05-08 17:18:39 +02:00
Stefan Guilhen	dde2746595	Improve tests to ensure managed users disabled upon disabling the org can't be updated Closes #28891 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-07 18:11:52 -03:00
Pedro Igor	927ba48f7a	Adding tests to cover using SAML brokers in an organization Closes #28732 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 20:44:38 +02:00
Douglas Palmer	8d628d740e	Can we remove undertow OIDC adapter? Closes #28788 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-07 19:47:46 +02:00
Thore	4b194d00be	iso-date validator for the user-profile Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker. Closes #11757 Signed-off-by: Thore <thore@kruess.xyz>	2024-05-07 11:42:39 -03:00
Martin Kanis	d4b7e1a7d9	Prevent to manage groups associated with organizations from different APIs Closes #28734 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-07 11:16:40 -03:00
Pedro Igor	f8bc74d64f	Adding SAML protocol mapper to map organization membership Closes #28732 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 15:52:35 +02:00
Stefan Guilhen	aa945d5636	Add description field to OrganizationEntity Closes #29356 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-07 10:35:51 -03:00
Pedro Igor	c0325c9fdb	Do not manage brokers through the Organization API Closes #29268 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 09:15:25 -03:00
Dinesh Solanki	2172741eb6	Refactor element identifiers from ID to class (#28690 ) Closes #24462 Signed-off-by: Dinesh Solanki <15937452+DineshSolanki@users.noreply.github.com>	2024-05-07 13:56:21 +02:00
Alice W	d1549a021e	Update invitation changes based on review and revert deleted test from OrganizationMembertest Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	40a283b9e8	Token expiration tests and updates to registration required action Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	158162fb4f	Review tests and having invitation related operations in a separate class Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00

... 2 3 4 5 6 ...

6996 commits