Commit graph

4330 commits

Author SHA1 Message Date
Stefan Guilhen
900c496ffe
Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead
Closes #32209

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-20 16:08:55 +02:00
Stefan Guilhen
42cde0cfdd
Fix various issues holding up CI (#33086)
- Disables the remote operator tests, which will have to be fixed later.
- Fixes the action expired error which occurs when accessing regular registration page with Organizations enabled.
- Fixes a race condition in the test suite causing sporadic failures.

Closes #33064

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-19 21:23:21 +02:00
vramik
fcb31a5aa6 Implement invitation-only self-registration for realm users
Closes #31643

Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 13:50:23 +02:00
Erik Jan de Wit
1f573eded0
added username field like suggested in issue comment (#32866)
related: #32522

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-18 13:03:03 +02:00
Vlasta Ramik
4ce40be1af
Make the ORGANIZATION a default feature (#32404)
Closes #32395

Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 12:19:28 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin (#32918)
Closes #32573

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-18 09:05:57 +02:00
rmartinc
5fe916861d Return 404 on invalid theme type
Closes #32798

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-17 09:09:34 +02:00
Giuseppe Graziano
e6c5ee31e4 Admin API with Lightweight access token and transient session
Closes #32802

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-16 09:30:15 +02:00
Ricardo Martin
9c780e9190 Honor turnOffChangeSessionIdOnLogin in SAML adapter (#185)
Closes keycloak/keycloak-private#183

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-16 09:21:07 +02:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Stefan Guilhen
92e435f192 Do not automatically re-import users if they already exist locally when searching by attributes
Closes #32870

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-13 08:54:44 +02:00
Erik Jan de Wit
9aad6f650d
added more style fixes for the login.v2 (#32708)
* added more style fixes for the login.v2

related: #32522
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed grant screen

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* test fixes

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix for code.ftl

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* test fixes

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed tests

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-11 14:52:49 -04:00
mposolda
125124c2d9 Error when deploying SAML application with the keys in PEM format inside keycloak-saml.xml
closes #32817

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-11 19:03:10 +02:00
Thomas Darimont
445a7da902 Ensure realm attributes import happens before client import
Fixes #32799

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-11 15:14:33 +02:00
rmartinc
b60621d819 Allow brute force to have http request/response and send emails
Closes #29542

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-11 08:35:03 +02:00
cgeorgilakis-grnet
f8b1b3ee03 Search Identity Providers by alias or display name
Closes #32588

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-09-10 21:52:59 +02:00
Erik Jan de Wit
d2e7c15f2f
added text and tooltip to idp (#32411)
* added text and tooltip to idp

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-09-10 13:05:14 +02:00
Thomas Darimont
6b83a45b2e
Propagate locale when using app initiated registration URL
Fixes #13505

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-10 12:25:17 +02:00
Martin Kanis
ccb166d0e9 Add caching when querying brokers by organization
Closes #32574

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-09-09 09:24:43 -03:00
mposolda
03e0fb0601 Fix ResetOtpTest
closes #32615

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-09 10:19:37 +02:00
Alexander Schwartz
b88ecc0237
Removing the extra two-minute Window for persistent user sessions (#32660)
Closes #28418

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-09-09 09:28:48 +02:00
mposolda
e1d5f0c871 Fix ResetPasswordTest on chrome 128
closes #32514
closes #32478
closes #32477
closes #32678
closes #32542
closes #32678
closes #32541

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-06 20:19:50 +02:00
Steven Hawkins
58d742bb5c
fix: refining v2 hostname validation (#32659)
closes: #32643

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-09-06 17:49:25 +02:00
Giuseppe Graziano
a14548a7a2
Lightweight access tokens for Admin REST API (#32347)
* Lightweight access tokens for Admin REST API

Closes #31513


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-04 18:04:23 +02:00
Stefan Guilhen
e7a4635620 Filter out org brokers from the account console
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination

Closes #31944

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 09:00:52 -03:00
Alexander Schwartz
4d1e1e0bcb
Show details for error messages where they were missing (#32534)
Closes #32533

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-04 07:23:54 -04:00
Stefan Guilhen
557d7e87b2 Avoid iterating through all mappers when running the config event listeners
Closes #32233

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 07:40:58 -03:00
Theresa Henze
a1c23fef8c introduce event types to update/remove credentials
Closes #10114

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
2024-09-03 18:27:27 +02:00
Thomas Darimont
88a5c96fff
Add kc_action to redirect URI after a required action is cancelled (#31925)
Closes #31894

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-03 14:26:23 +00:00
Martin Bartoš
db7694e7be
Update the welcome page to create a temporary admin user (#32283)
Closes #30010

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
2024-09-03 09:43:41 +02:00
Pedro Igor
4b5b1a4c25 Unignore backchannel logout tests
Closes #20643

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-02 08:34:21 +02:00
Jon Koops
2d17024b14
Remove redirect_uri support from OIDC logout endpoint
Closes #10983

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-08-30 12:52:49 +00:00
Martin Kanis
e7d71d43c3 Identity Provider secret visible in Organization tab (API request)
Closes #32486

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-30 09:26:25 -03:00
Douglas Palmer
0b7ab47cf2 Flaky test BruteForceTest.testPermanentLockout()
Closes #32498

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-08-30 10:14:05 +02:00
Douglas Palmer
ecbd856176 Brute force protection: Lockout permanently uses parameters configured under lockout temporarily
Closes #30969

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-08-29 16:30:22 +02:00
Stefan Guilhen
a41b622aa5 Set the correct realm when setting up client exchange permissions
Closes #32465

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-29 16:09:23 +02:00
Erik Jan de Wit
e410a83c3c Made the login more modular
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-29 07:18:24 -04:00
Martin Kanis
7e6dd682d4 Validate organization alias for forbidden chars
Closes #32392

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-28 21:59:38 +02:00
mposolda
cd947ce3bc Removing policy-enforcer from Keycloak repository
closes #32191

Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-28 07:40:20 -03:00
Pedro Igor
449557290b More options to organization scope mapper including adding organization attributes to tokens
Closes #31642

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-27 09:40:55 -03:00
Giuseppe Graziano
c2c74faec0 Removing BOM character from SAML entity descriptor
Closes #30604

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-26 10:59:05 +02:00
Erik Jan de Wit
776a491989
added organizations table to account (#32311)
* added organizations table to account

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-22 15:44:03 -03:00
Michal Hajas
f5b2775939 Enable persistent sessions by default
Run CI with the feature disabled to test also the old settings
Closes #32265

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-21 17:37:54 +02:00
Erik Jan de Wit
e2d7a94459 Hynek's notes
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-21 08:50:01 -04:00
Pedro Igor
c1f6d5ca64 Support for selecting an organization when requesting the organization scope
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-21 13:04:58 +02:00
Pedro Igor
4376a3c757 Add an endpoint to the organizations endpoint to return the organizations for a given user
Closes #32158

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:27:22 +02:00
Martin Bartoš
bf5cf47351
Management Interface is turned on even though nothing is exposed on it (#31938)
* Management Interface is turned on even though nothing is exposed on it

Fixes #31818

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove conditional enablement, add relevancy description

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-19 15:52:59 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
6e7b36e82f Add migration tests for the IDP changes
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00