keycloak-scim

Author	SHA1	Message	Date
Giuseppe Graziano	a14548a7a2	Lightweight access tokens for Admin REST API (#32347 ) * Lightweight access tokens for Admin REST API Closes #31513 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-09-04 18:04:23 +02:00
Stefan Guilhen	e7a4635620	Filter out org brokers from the account console - org-linked brokers should not be available for login - prepare the endpoint for search/pagination Closes #31944 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-09-04 09:00:52 -03:00
Alexander Schwartz	4d1e1e0bcb	Show details for error messages where they were missing (#32534 ) Closes #32533 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-09-04 07:23:54 -04:00
Stefan Guilhen	557d7e87b2	Avoid iterating through all mappers when running the config event listeners Closes #32233 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-09-04 07:40:58 -03:00
Theresa Henze	a1c23fef8c	introduce event types to update/remove credentials Closes #10114 Signed-off-by: Theresa Henze <theresa.henze@bare.id>	2024-09-03 18:27:27 +02:00
Pedro Ruivo	ba861fc5d7	Remove version() projection from Ickle Queries Closes #32590 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-09-03 18:07:32 +02:00
Thomas Darimont	88a5c96fff	Add `kc_action` to redirect URI after a required action is cancelled (#31925 ) Closes #31894 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-09-03 14:26:23 +00:00
Martin Bartoš	db7694e7be	Update the welcome page to create a temporary admin user (#32283 ) Closes #30010 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Stan Silvert <ssilvert@redhat.com>	2024-09-03 09:43:41 +02:00
Pedro Igor	4b5b1a4c25	Unignore backchannel logout tests Closes #20643 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-09-02 08:34:21 +02:00
Jon Koops	2d17024b14	Remove `redirect_uri` support from OIDC logout endpoint Closes #10983 Signed-off-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2024-08-30 12:52:49 +00:00
Martin Kanis	e7d71d43c3	Identity Provider secret visible in Organization tab (API request) Closes #32486 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-08-30 09:26:25 -03:00
Douglas Palmer	0b7ab47cf2	Flaky test BruteForceTest.testPermanentLockout() Closes #32498 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-08-30 10:14:05 +02:00
Douglas Palmer	ecbd856176	Brute force protection: Lockout permanently uses parameters configured under lockout temporarily Closes #30969 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-08-29 16:30:22 +02:00
Stefan Guilhen	a41b622aa5	Set the correct realm when setting up client exchange permissions Closes #32465 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-29 16:09:23 +02:00
Erik Jan de Wit	e410a83c3c	Made the login more modular Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-08-29 07:18:24 -04:00
Martin Kanis	7e6dd682d4	Validate organization alias for forbidden chars Closes #32392 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-08-28 21:59:38 +02:00
mposolda	cd947ce3bc	Removing policy-enforcer from Keycloak repository closes #32191 Signed-off-by: mposolda <mposolda@gmail.com>	2024-08-28 07:40:20 -03:00
Pedro Igor	449557290b	More options to organization scope mapper including adding organization attributes to tokens Closes #31642 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-27 09:40:55 -03:00
Stefan Guilhen	88cca10472	Rename IDPSpi to IdentityProviderStorageSpi Closes #31639 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-26 15:10:09 -03:00
Giuseppe Graziano	c2c74faec0	Removing BOM character from SAML entity descriptor Closes #30604 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-08-26 10:59:05 +02:00
Erik Jan de Wit	776a491989	added organizations table to account (#32311 ) * added organizations table to account Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-22 15:44:03 -03:00
Michal Hajas	f5b2775939	Enable persistent sessions by default Run CI with the feature disabled to test also the old settings Closes #32265 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-08-21 17:37:54 +02:00
Erik Jan de Wit	e2d7a94459	Hynek's notes Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-08-21 08:50:01 -04:00
Pedro Igor	c1f6d5ca64	Support for selecting an organization when requesting the organization scope Closes #31438 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-21 13:04:58 +02:00
Pedro Igor	4376a3c757	Add an endpoint to the organizations endpoint to return the organizations for a given user Closes #32158 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-20 11:11:14 -03:00
Pedro Igor	eeae50fb43	Make sure federationLink always map to the storage provider associated with federated users Closes #31670 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-20 11:27:22 +02:00
Martin Bartoš	bf5cf47351	Management Interface is turned on even though nothing is exposed on it (#31938 ) * Management Interface is turned on even though nothing is exposed on it Fixes #31818 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove conditional enablement, add relevancy description Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-08-19 15:52:59 +02:00
Stefan Guilhen	fa7c2b5da6	Address review comments Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-19 09:06:35 -03:00
Stefan Guilhen	6e7b36e82f	Add migration tests for the IDP changes Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-19 09:06:35 -03:00
Stefan Guilhen	f82159cf65	Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. Closes #32090 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-19 09:06:35 -03:00
Pedro Igor	8e0436715c	Support for ALL and ANY organization scope values Related #31438 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-19 08:45:23 -03:00
mposolda	3d787727f9	Add acr scope to all clients for those migrating from older than Keycloak 18 closes #31107 Signed-off-by: mposolda <mposolda@gmail.com>	2024-08-16 12:17:43 +02:00
himanshi1099	7459992e40	Realm update validation for incorrect timeout values (#32137 ) closes #31595 Signed-off-by: Himanshi Gupta <higupta@redhat.com>	2024-08-16 08:58:27 +02:00
Stefan Guilhen	aeb1951aba	Replace calls to deprecated RealmModel IDP methods - use the new provider instead Closes #31254 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-15 10:55:36 -03:00
Pedro Igor	96acc62c00	Support for resolving organization based on the organization scope Closes #31438 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-15 10:32:15 -03:00
Stian Thorgersen	310824cc2b	Remove legacy cookies Closes #16770 Signed-off-by: stianst <stianst@gmail.com> Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-08-15 15:27:38 +02:00
Martin Kanis	708a6898db	Add a count method to the OrganizationMembersResource Closes #31388 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata	cb6eb187ac	Client Policy - Condition : Client - Client Attribute Closes https://github.com/keycloak/keycloak/issues/31766 Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>	2024-08-14 09:56:56 +02:00
Pedro Igor	d04d2bb852	Allow removing users federated from a kerberos provider Closes #31603 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-13 18:47:55 +02:00
Pedro Ruivo	e13c9bf462	Retry remote cache operations with back off Implement a retry mechanism for remote cache writes. Fixes #32030 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-08-13 15:55:59 +02:00
rmartinc	a38d3b2f55	SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface Closes #32084 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-08-13 15:53:45 +02:00
Pedro Ruivo	07c92c85cb	Drop AuthenticatedClientSessionStore from user sessions New entities for client and user sessions, more query friendly. The client sessions are found using query instead of storing them in the user session entity. Remove of sessions by its field is done based on queries. Closes #30934 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-08-12 20:35:50 +02:00
rmartinc	347f595913	Add ECDH-ES encyption algorithms to the java keystore key provider Closes #32023 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-08-09 15:57:51 +02:00
Martin Kanis	da0864682a	Conditionally redirect existing users to a broker based on their credentials Closes #31006 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-08-09 07:59:25 -03:00
Alexander Schwartz	07a168cb14	Deleted authentication sessions should not be re-surrected with an update Closes #31829 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-08-09 07:26:05 -03:00
rmartinc	2a06e1a6db	Add SHAKE256 hash provider for Ed448 Closes #31931 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-08-08 17:36:54 +02:00
Justin Tay	966a454548	Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928 ) Closes #23596 Closes #23597 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-08-08 17:29:35 +02:00
Pedro Igor	3ab2446074	Do not return identity providers when querying the realm representation Closes #21072 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-07 10:06:51 -03:00
StephanSchrader	4d64092119	Fix persist config values for custom components (#31862 ) Closes #31858 Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de> Signed-off-by: Stephan Schrader <zstephanz@gmail.com> Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>	2024-08-07 14:40:30 +02:00
Martin Kanis	e750b44e9d	Flaky test: org.keycloak.testsuite.model.DBLockTest#testTwoLocksCurrently Closes #25794 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-08-07 09:00:37 -03:00
Giuseppe Graziano	35c8c09b8d	OIDC dynamic client registration with response_type=none Closes #19564 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-08-07 10:34:47 +02:00
Michal Hajas	50c07c6e7c	Simplify configuration for MULTI_SITE Closes #31807 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-08-06 16:14:33 +00:00
Pedro Ruivo	3fbe26d2e1	Disable SessionTimeoutsTest for old cross-site code The test is disabled for the embedded caches + remote store combination (old cross-site code) due to the async event processing. Events can be handled after the test changes the time offset, causing the test to fail. Fixes #31612 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-08-06 15:33:44 +02:00
Nikos Epping	4080ee2e84	Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper Fixes #31575 Signed-off-by: Nikos Epping <n.epping@evosec.de>	2024-08-05 10:22:22 +02:00
Stefan Wiedemann	6258256c1b	Fix access token issue OID4VC (#31763 ) closes #31712 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-08-04 11:42:40 +02:00
Ingrid Kamga	7c69c857a1	Add a media type to error responses on OID4VC endpoints Closes #31585 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2024-08-02 12:09:09 +02:00
Justin Tay	f537343545	Allow empty key use in JWKS from identity provider Closes #31823 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-08-02 11:39:43 +02:00
rmartinc	773e309f75	Parse saml urls correctly if the bindings are different Closes #31780 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-08-02 11:34:06 +02:00
Pedro Ruivo	fed804160b	Enable ProtoStream encoding for External Infinispan feature The ProtoStream schema is automatically uploaded to the Infinispan server during startup. When the schema is updated, the indexes are updated and re-created. Use the delete statement to delete entities when a realm is removed. Fixes #30931 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-08-01 16:16:19 +02:00
Ryan Emerson	176ac3404a	EmbeddedInfinispanSplitBrainTest fails with "IllegalState Session not bound to a realm" Closes #31828 Signed-off-by: Ryan Emerson <remerson@redhat.com>	2024-08-01 13:58:41 +02:00
Ryan Emerson	8d7e18ec29	Clear local caches on split-brain heal Closes #25837 Signed-off-by: Ryan Emerson <remerson@redhat.com>	2024-07-31 13:59:06 +02:00
Pedro Ruivo	17e30e9ec1	Persist revoke tokens with remote cache feature Stores the revoked tokens into the database and preloads them during startup. Fixes #31760 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-07-31 11:02:38 +02:00
Thomas Darimont	282260dc95	Ensure issued_client_type is always added to successful token-exchange response (#31548 ) - Compute issued_token_type response parameter based on requested_token_type and client configuration - `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1) - Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type Fixes #31548 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-07-30 18:33:51 +02:00
rmartinc	a6c70d65ee	Do not generate secret when client rep do not specifiy public or bearer Closes #31444 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-30 18:32:15 +02:00
Pedro Ruivo	e62604b1ec	ConditionalRemover interface for External Infinispan feature Add a ConditionalRemover interface to remove entries from a RemoteCache based on the key or value fields. The default implementation provided by this PR uses streaming/iteration to test and remove entries On a side change, moved all the transactions to the same package and created one transaction class per entity/cache to simplify code and avoid writing "RemoteChangeLogTransaction" with a long list of types. Fixes #31046 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-07-30 15:16:17 +02:00
Pedro Igor	a79761a447	Support for blocking concurrent requests when brute force is enabled Closes #31726 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Douglas Palmer <dpalmer@redhat.com> Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-30 10:01:48 +02:00
Hynek Mlnarik	183cd6c957	Run tests with keycloak.v2 login theme The fixes (mostly selectors) are needed for tests. In the future, to switch the keycloak.v2 to the default theme, do the following: - Update `ThemeSelectorProvider`: Uncomment relevant lines - Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property - Update `ThemeSelectorTest` per comment Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-07-30 10:01:17 +02:00
Martin Kanis	d91d6d18d5	Can not update organization group error when trying to create organisation from REST API Closes #31144 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-29 17:39:56 +02:00
Pascal Knüppel	94784182df	Implement DPoP for all grantTypes (#29967 ) fixes #30179 fixes #30181 Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de> Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2024-07-29 16:30:54 +02:00
Stefan Guilhen	17c01c9380	Enable new IDP Storage SPI in JPA model tests Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-07-29 16:02:26 +02:00
Francis Pouatcha	cc78fd7ca0	Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs (#31620 ) closes #31581 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-07-29 09:32:48 +02:00
Pedro Igor	87c279d645	Respect the username value format when processing federated users Closes #31240 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:28:43 +02:00
Pedro Igor	4d8c525644	Make sure changes to user profile metadata is not stored when calling decorators (#31549 ) Closes #30476 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:03:21 +02:00
Pedro Igor	04bd6653ec	Invalidating domain cache and introducing cache for more query methods Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:02:36 +02:00
Pedro Igor	1f8280c71a	Allow members joining multiple organizations Closes #30747 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:02:36 +02:00
Giuseppe Graziano	12732333c8	Client scope assignment for client registration Closes #31062 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-26 17:33:49 +02:00
Stefan Guilhen	c9f5a0aa32	Testsuite: ensure realm is set in session context Closes #31636 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-07-26 11:11:44 -03:00
Lex Cao	3818f8f575	Prevent removing flow that used by client flow overrides Closes #30707 Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-07-26 16:05:29 +02:00
Alexander Schwartz	227c71f7f0	Persisting revoked access tokens Closes #31296 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-26 11:46:14 +02:00
vramik	01f5747eed	If the user is federated before the broker is associated with an organization this user is not a managed user Closes #30744 Signed-off-by: vramik <vramik@redhat.com>	2024-07-25 04:30:13 -03:00
vramik	649b35929e	Make sure users created through a registration link are managed members Closes #30743 Signed-off-by: vramik <vramik@redhat.com>	2024-07-25 04:30:13 -03:00
Maciej Mierzwa	97e89e2071	feature: password age in days policy Closes #30210 Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>	2024-07-24 15:12:16 -03:00
Kamesh Akella	33b3fd313c	Add migration tests for AuroraDB (#31396 ) Fixes #31024 Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>	2024-07-24 16:45:02 +02:00
Francis Pouatcha	30be268672	Enhance Verifiable Credential Signing Service Flexibility and Key Rotation(#30692 ) closes #30525 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-07-24 13:45:39 +02:00
Miquel Simon	aab7a912c4	Updated connection configuration for MSSQL test container Closes #31558 Signed-off-by: Miquel Simon <msimonma@redhat.com>	2024-07-24 09:12:58 +00:00
Hynek Mlnarik	a7374f92be	Update login theme to login v2 Fixes: #29009 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-07-18 14:33:22 +02:00
Hynek Mlnarik	ab6ca323db	Run docker tests with proper theme and fix chromedriver path Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-07-18 14:33:22 +02:00
mposolda	3110bb8989	Missing Cache-Control header when response_type parameter is missing in login request closes #29866 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-18 10:17:52 +02:00
rmartinc	5ea3becef5	Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest Closes #30188 Closes #30641 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-18 10:03:13 +02:00
Pascal Knüppel	018a0802bc	Remove java.util.Date from VerifiableCredential (#30920 ) closes #30918 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>	2024-07-18 09:52:02 +02:00
mposolda	06f6173c8a	Add suffix to keycloak-authz-client artifact in keycloak repository closes #30926 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-17 14:59:09 +02:00
Martin Kanis	e5848bdcf9	Cannot set unmanagedAttributePolicy without profile attributes Closes #31153 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-17 09:53:59 -03:00
mposolda	5526976d1c	Add suffix to keycloak-policy-enforcer artifacts in keycloak repository closes #30927 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-17 12:03:23 +02:00
Ricardo Martin	3d12c05005	Correctly moves to the next required action (#31358 ) Closes #31014 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-07-17 09:38:29 +02:00
Pedro Igor	de1de06354	Avoid adding organization flows if they are already exist Closes #31182 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-17 08:28:00 +02:00
Stefano Azzalini	6d67c1f9cc	Normalize default authentication flow descriptions to start with an uppercase letter (#31277 ) Closes #31291 Signed-off-by: Stefano Azzalini <stefano.azzalini@luminator.com>	2024-07-16 13:49:35 +02:00
Lex Cao	6c71ad2884	Fallback to no override flow when missing in client override Closes #30765 Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-07-16 11:33:41 +02:00
Thomas Darimont	2140e573f2	Fix test LDAP connection with multiple ldap connection urls Previously, the given connection string was check with URI.create(..) which failed when multiple space separated LDAP URLs were given. Closes #31267 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-07-16 08:57:50 +02:00
Martin Kanis	887db25f00	Allow auto-redirect existing users federated from organization broker when using the username Closes #30746 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-15 13:48:45 -03:00
mposolda	1864cf1827	Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25 closes #31224 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-15 18:30:35 +02:00
Pedro Igor	c33585a5f4	All pubic brokers are shown during authentication rather than only those associated with the current organization Closes #31246 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-12 17:51:39 +02:00
Giuseppe Graziano	1df60461a9	Avoid race condition when using initial-access-token Closes #27294 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-12 16:33:02 +02:00
Douglas Palmer	9300903674	page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt Closes #25440 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-07-12 16:24:21 +02:00
Pascal Knüppel	4028ada2a5	Add required default-context value to VerifiableCredential (#30959 ) closes #30958 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2024-07-11 18:25:11 +02:00
Steven Hawkins	4970a9b729	fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD closes: #30658 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-07-11 18:07:57 +02:00
rmartinc	096e335a92	Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider Closes #30880 Closes #29755 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-11 12:40:45 +02:00
Pedro Igor	da6c9ab7c1	Bruteforce protector does not work when using organizations Closes #31204 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-11 00:26:47 +02:00
Jon Koops	a0c99a7ae0	Show full error details in admin and account consoles Closes #30705 Signed-off-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-07-10 16:20:26 +02:00
Martin Kanis	922eaa9fc8	Disable username prohibited chars validator when email as username is… (#31140 ) * Disable username prohibited chars validator when email as the username is set Closes #25339 Signed-off-by: Martin Kanis <mkanis@redhat.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-10 09:46:24 -03:00
Pedro Igor	d475833361	Do not expose kc.org attribute in user representations Closes #31143 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-10 13:43:23 +02:00
Alexander Schwartz	d70f78072e	Make persistent sessions co-exist with remote cache feature (#30859 ) Closes #30855 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-09 09:03:36 +02:00
rmartinc	f78a46485d	TE should create a transient session when there is no initial session in client-to-client exchange Closes #30614 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-08 15:44:38 -03:00
Pedro Igor	ead1b4a851	Testing ldap connection should not process or bind the credentials (#31081 ) Closes #30821 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-08 13:58:02 +02:00
Pedro Igor	cbf7f208fb	Avoid iterating and updating all group policies when removing groups (#31057 ) Closes #31056 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-08 13:57:20 +02:00
wojnarfilip	3c429b7506	Update social login tests login flows Signed-off-by: wojnarfilip <fwojnar@redhat.com>	2024-07-08 08:48:31 +02:00
Pedro Igor	f010f7df9b	Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-03 11:55:04 -03:00
Martin Kanis	e1b735fc41	Identity-first login flow should be followed by asking for the user credentials Closes #30339 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-03 11:55:04 -03:00
Giuseppe Graziano	02d64d959c	Using _system client when account client is disabled for email actions Closes #17857 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet	20cedb84eb	Check refresh token flow response for offline based on refresh token request parameter Closes #30857 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-07-02 18:13:30 -03:00
Steven Hawkins	d534860e2b	fix: admin cli client should set the content when performing a merge (#30539 ) closes: #29878 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-28 15:56:07 +02:00
Pedro Igor	cc2ccc87b0	Filtering organization groups when managing or processing groups Closes #30589 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-28 10:27:18 -03:00
Steven Hawkins	aae1fa1417	fix: addresses cli erroneously wants a secret when env password is set (#30892 ) closes: #30866 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-28 11:48:42 +02:00
Thomas Darimont	690c6051bb	Fix scope policy evaluation for client to client token exchange (#26435 ) Previously the scope from the token was not set available in the ClientModelIdentity attributes. This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..) when calling `identity.getAttributes().getValue("scope")`. We now pass the provided decoded AccessToken down to the ClientModelIdentity creation to allow to populate the required scope attribute. We also ensure backwards compatibility for ClientPermissionManagement API. Fixes #26435 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-06-28 10:33:20 +02:00
mposolda	f1b8a983d2	Cleanup mod_auth_mellon from the testsuite closes #30869 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-28 08:33:36 +02:00
Douglas Palmer	7a8c7502d2	Cleanup of adapter-spi module? Closes#30871 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-27 19:41:30 +02:00
Douglas Palmer	220f32aa85	Cleanup of adapter pages Closes #30870 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-27 18:57:22 +02:00
mposolda	7279f2092e	Cleanup of test-apps and related adapter code closes #30867 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-27 15:10:31 +02:00
mposolda	e5a4c94f75	Added suffix to keycloak-admin-client artifacts in keycloak repository Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-27 11:00:30 +02:00
Romain LABAT	6615691c63	Support for service accounts when fetch roles is enabled (#30687 ) Support for service accounts when fetch roles is enabled Signed-off-by: Romain LABAT <contact@romainlabat.fr> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-25 18:00:26 -03:00
rmartinc	e9c9efc3f4	Upgrade bc-fips to 1.0.2.5 Closes #26568 Closes #27884 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-25 11:07:27 +02:00
Andre F de M	0f061a75e2	Issue: 26568 - bcfips version bump and fixes * bump BCFIPS to 1.0.2.5 * fix bc-fips related test error * remove unused imports Closes: #26568 Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>	2024-06-25 11:07:27 +02:00
fwojnar	015fefad02	Remove Edge from supported web drivers (#30423 ) Closes #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 17:24:55 +02:00
fwojnar	e30e6cba8e	Remove Safari from supported web drivers (#30424 ) Related to #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 13:27:12 +02:00
fwojnar	640db99c27	Remove Appium from supported web drivers (#30483 ) Related to #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 13:26:33 +02:00
Takashi Norimatsu	b0aac487a3	VC issuance in Authz Code flow with considering scope parameter closes #29725 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-06-24 10:53:19 +02:00
Jon Koops	df18629ffe	Use a default Java version from root POM (#29927 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-21 14:19:31 +02:00
mposolda	6a9e60bba0	Flow steps back when changing locale or refreshing page on 'Try another way page' closes #30520 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-21 11:22:15 +02:00
rmartinc	592c2250fc	Add briefRepresentation query parameter to getUsersInRole endpoint Closes #29480 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-21 11:21:02 +02:00
Takashi Norimatsu	6b135ff6e7	client-jwt authentication fails on Token Introspection Endpoint closes #30599 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-06-21 10:47:25 +02:00
Pedro Igor	a0ad680346	Adding an alias to organization and exposing them to templates Closes #30312 Closes #30313 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-20 14:36:14 -03:00
rmartinc	f690947cea	Remove the SAML undertow adapter Closes #30554 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-20 09:47:14 +02:00
Giuseppe Graziano	6b07b67667	Removed saml filter adapter tests Closes #30553 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-20 09:42:59 +02:00
Pedro Ruivo	5fc12480fd	External Infinispan as cache - Part 4 (#30072 ) UserSessionProvider implementation to make use of Infinispan remote cache. Closes #28755 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	9006218559	External Infinispan as cache - Part 3 Implementation of UserLoginFailureProvider using remote caches only. Closes #28754 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	833aad661e	External Infinispan as cache - Part 2 Includes a new implementation for the providers: * StickySessionEncoderProviderFactory * LoadBalancerCheckProviderFactory * SingleUseObjectProviderFactory Closes #28648 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	d2ae27a1e2	External Infinispan as cache - Part 1 Part 1 includes * New experimental feature to enable the new code * New providers using RemoteCache only * New test profile to run the tests with the experimental feature New providers' implementation for: * InfinispanConnectionProvider * AuthenticationSessionProvider * ClusterProvider Closes #28140 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Martin Kanis	dc109381e1	Refactor organization tests Closes #30338 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-19 09:34:24 -03:00
Martin Kanis	89f83e9788	Importing organizations failing if there is no broker and members in the representation Closes #30305 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-19 08:46:04 -03:00
Pedro Igor	57139cbefc	Internal read-only attributes have precedence over unmanaged attribute policy Closes #30240 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-19 12:05:01 +02:00
Alexander Schwartz	9ce47fc117	Trying to switch the database Closes #28311 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-19 10:30:36 +02:00

1 2 3 4 5 ...

7006 commits