libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
15364 commits 4 branches 5 tags 480 MiB
Commit graph

3462 commits

Author SHA1 Message Date
Martin Bartoš
0fcf5d3936 Reuse of token in TOTP is possible 
Fixes #13607
 2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default (#14293) 
Closes #14292
 2022-09-09 13:47:51 +02:00
vramik
869ccc82b2 Enable MapUserProvider storing username with the letter case significance 
Closes #10245
Closes #11602
 2022-09-09 11:46:11 +02:00
Dominik Guhr
f2b02f19e6 Closes #13786 2022-09-07 18:29:26 +02:00
cgeorgilakis
07b0df8f62
View groups from account console (#7933) 
Closes #8748
 2022-09-07 11:25:31 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 (#14179) 
Closes #14179
 2022-09-07 10:09:30 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Thomas Peter
19d69169b1 introduce expiration option for admin events 2022-09-06 16:05:53 +02:00
Pedro Igor
a6137b9b86 Do not empty attributes if they are not provided when user profile is enabled 
Closes #11096
 2022-09-06 12:59:05 +02:00
Michal Hajas
f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants 
Closes #14018
 2022-09-06 10:38:28 +02:00
Sergey Ch
860c3fbbd3
KEYCLOAK-17263 Add exact searching for users (#8059) 
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-09-01 19:27:24 +02:00
Thomas Darimont
43623ea9d0 KEYCLOAK-18499 Add max_age support to oauth2 brokered logins 
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
 2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7 Fixed handling of required setting for email in user profile. 
Resolves #13923
 2022-08-31 17:19:19 -03:00
Martin Bartoš
677579fce6 Environment variables for admin creation in testsuite 
Closes #14102
 2022-08-31 07:29:55 -03:00
Nagy Vilmos
f6db484172
Keep the locale related authNotes through the IdentityBroker flow. (#10444) 
Closes #8827
 2022-08-31 09:37:26 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling 
Closes #13189
 2022-08-31 08:42:47 +02:00
Stian Thorgersen
eece543ede
Remove AddUserTest as it was specific to the WildFly distribution (#14091) 
Closes #14072
 2022-08-30 16:57:44 +02:00
Manato Takai
1cdc21f0ff
Add duplicate parameter check for UserInfo endpoint. (#14024) 
Closes #14016
 2022-08-30 14:39:15 +02:00
Joerg Matysiak
62790b8ce0 Allow permission configuration for username and email in user profile. 
Enhanced Account API to respect access to these attributes.

Resolves #12599
 2022-08-25 21:54:51 -03:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final (#13910) 
Closes #12306
 2022-08-25 13:09:34 +02:00
Christoph Leistert
5408d25e09
Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm. (#10660) 
* Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm.

* Fixes #10656: Added some tests
 2022-08-25 09:02:07 +02:00
Markus Till
7f999a4629
integration.admin-client: Add exact search for all dedicated user attributes (#13361) 
Closes #13360
 2022-08-25 08:57:31 +02:00
Arnaud Martin
af0d97e534 Delete broker links for federated users when an identity provider is deleted 
Closes #13731
 2022-08-25 08:24:09 +02:00
Pedro Igor
ddcf0f45f9 Run import within the context of the realm being imported 
Closes #12289
 2022-08-25 08:18:43 +02:00
Pedro Igor
25be07be17 Allow introspecting tokens issued during token exchange with delegation semantics 
Closes #9337
 2022-08-24 09:47:04 -03:00
Takashi Norimatsu
8c1ea4b47c mTLS binding support for password grant 
Closes #13662
 2022-08-24 11:44:48 +02:00
Konstantinos Georgilakis
c5b9dc1e7b set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext) 
Closes #13162
 2022-08-23 17:33:07 +02:00
Konstantinos Georgilakis
baa89debd9 Correct isValidScope method of TokenManager for Dynamic scopes 
Closes #13158
 2022-08-23 16:30:04 +02:00
Lex Cao
6b1c64a1a9
Add rememberMe to a user session representation(#13408) (#13765) 
Closes #13408
 2022-08-23 15:28:52 +02:00
Konstantinos Georgilakis
2002fd983b Showing consent screen text instead of scope name in consent part of Application page in Account console 
Closes #13109
 2022-08-23 11:22:31 +02:00
rishabhsvats
c223291a1e Adds REGISTER event when new user login through first broker flow 
Updates KcOidcBrokerEventTest, AbstractFirstBrokerLoginTest to factor in REGISTER event in first broker flow

Closes #11646

Correcting Indentation of AbstractFirstBrokerLoginTest
 2022-08-23 10:43:56 +02:00
Stefan Guilhen
f84fdfa8ef
Fix UserSessionProviderTest failures with CockroachDB (#13891) 
- move assertions to a separate tx due to CRDB's SERIALIZABLE isolation level

Closes #13211
 2022-08-23 09:57:13 +02:00
Sebastian Schuster
53472e097c 13647 fixed wrong feature flag for checking admin fine-grained authz 2022-08-22 09:34:12 -03:00
Stefan Guilhen
5775e7c4ba
Fix ConcurrentTransactionsTest failure with CockroachDB (#13890) 
- realm has to be removed in a separate tx due to CRDB's SERIALIZABLE isolation level

Closes #13211
 2022-08-22 08:39:14 +02:00
Pedro Igor
eda33a0b21 Concurrency issue when caching JS policies 
Closes #12204
 2022-08-17 16:30:32 -03:00
Pedro Igor
15bbb46657 Avoid removing static path config from cache 
Closes #9855
 2022-08-17 16:29:59 -03:00
Martin Bartoš
5a2852530f Fix DB tests for Quarkus 
Fixes #13642
 2022-08-17 10:23:05 -03:00
Pedro Igor
841c65d24f Return 404 when invoking authorization endpoints in case authz settings are disabled 
Closes #10151
 2022-08-16 16:37:44 -03:00
Michal Hajas
ab431e3bd9 Fix KeycloakQuarkusServerDeployableContainer to correctly configure map store 
Closes #13721
 2022-08-11 16:55:06 +02:00
Pedro Igor
e3af0610e2 Support running base testsuite on Windows 
Closes #12648

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
 2022-08-10 20:03:53 -03:00
Markus Till
fa383bf76c
Suppress confirmation screen for logout in oidc (#13471) 
Closes #13469
 2022-08-10 18:25:50 +02:00
Michal Hajas
d55d110ff9 Run Infinispan using Testcontainers in base testsuite 
Closes #13620
 2022-08-10 16:36:44 +02:00
Marcelo Daniel Silva Sales
e44cea587f
NullPointer during OIDC logout client disabled (#13424) 
closes #12624
 2022-08-08 12:34:09 +02:00
Tero Saarni
2392af157b Forward quarkus server output to console in testsuite 2022-08-05 09:48:48 -03:00
Sebastian Knauer
21f700679f KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper 2022-08-03 13:07:12 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup (#13406) 
Closes #13128
 2022-07-29 18:03:56 +02:00
Hynek Mlnarik
143e6bc932 Replace undertow-map with quarkus-map 
Fixes: #12652
 2022-07-27 14:08:38 +02:00
Stian Thorgersen
ae33af92d9
Promote new admin console to default (#13243) 
Closes #13242
 2022-07-27 10:13:49 +02:00
Pedro Hos
ee2c5391bd
Possible client enumeration in the authorization endpoint 
Closes #12164
 2022-07-26 09:10:06 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282) 
Closes #10135
 2022-07-25 10:57:52 +02:00
Dominik Guhr
9bb1299d89 change optimised to optimized 
also: fix kc.bat to not use autobuild in devmode anymore, fix containers.adoc to not use auto_build naming, fix build command cli help as it is not required anymore to run it beforehand.
 2022-07-22 10:29:07 -03:00
Stian Thorgersen
a251d785db
Remove text based login flows (#13249) 
* Remove text based login flows

Closes #8752

* Add display param back in case it's used by some custom authenticators
 2022-07-22 15:15:25 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory 
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
 2022-07-22 08:20:00 +02:00
Douglas Palmer
adeef6c2a0 Partial import feature does not import Identity Provider mappers in Keycloak #12861 2022-07-21 18:04:15 +02:00
Stefan Guilhen
e9c55f45e5 Enable action token JPA provider in map-storage-jpa profile 
Closes #13139
 2022-07-20 16:30:20 -03:00
Pedro Igor
3631a413d2 Allow token exchange when subjec_token is not associated with a session 
Closes #12596
 2022-07-20 15:42:26 -03:00
Lex Cao
f0988a62b8
Use base64 url decoded for client secret when authenticating with Basic Auth (#12486) 
Closes #11908
 2022-07-16 09:38:41 +02:00
Pedro Igor
89028613d8 Introducing --optimise option 
Closes #10737
 2022-07-15 15:12:17 -03:00
Marcelo Daniel Silva Sales
f7a80409a9
Add flow to generate secret length based on signature algorithm (#13107) 
Closes #9376
 2022-07-15 11:06:07 +02:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241) 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
 2022-07-14 12:07:02 -03:00
kz-masa
d26cff270f
Delete unnecessary import statements (#12935) (#12936) 2022-07-12 19:37:15 -03:00
Martin Bartoš
216922233a
Remote base tests don't work with WildFly (#12842) 
Fixes #12841
 2022-07-12 15:14:09 +02:00
Martin Kanis
4b43612806 Disable WARN logging for Hot Rod RemoteQuery class 2022-07-11 16:48:56 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4 
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2022-07-11 12:17:51 -03:00
Martin Bartoš
07ab29378b Make WebAuthn required actions enabled by default 
Closes #12723
 2022-07-11 15:32:40 +02:00
Michal Hajas
0f86427dd0 Make user->client sessions relationship consistent 
Closes #12817
 2022-07-11 08:42:28 -03:00
Martin Bartoš
17f1d04960
Possibility to execute DB migration tests for Quarkus distribution (#12688) 
Closes #12685
 2022-07-11 12:23:41 +02:00
Takashi Norimatsu
29aad9dc45 PAR logic affecting /auth endpoint 
Closes #9289
 2022-07-11 11:56:37 +02:00
Alexander Schwartz
29a501552e Disable the JpaUserFederatedStorageProvider when map storage is enabled 
Closes #12895
 2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f Move methods from UserStorageUtil to LegacyRealmModel 
It is better suited to take methods removed from RealmModel earlier.

Closes #12805
 2022-07-07 09:57:17 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation (#12871) 2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider (#12897) 
Split PublicKeyStorageProvider

- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates

Resolves #12763

Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2022-07-05 09:57:51 -03:00
Stefan Guilhen
007fa1f374 Single Use Objects Map JPA implementation 
Closes #9852
 2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292 Move session persistence package to legacy-private module 
Also, disabling the jpa session persister when map storage is enabled.

Closes #12712
 2022-07-04 10:05:26 -03:00
Konstantinos Georgilakis
32f8f30f36 Include 'urn:ietf:params:oauth:grant-type:token-exchange' in grant_types_supported field of Keycloak OP metadata, if token-exchange is enabled 
closes #10888
 2022-06-30 17:13:47 -03:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType 
This reverts commit 3b5a578934.
 2022-06-30 12:20:51 -03:00
Alexander Schwartz
ddeab744d0 Moving RoleStorageProviderModel to the legacy modules 
Closes #12656
 2022-06-29 20:04:32 +02:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants 
Closes #12485
 2022-06-29 13:35:11 +02:00
Lex Cao
c3c8b9f0c8
Add client_secret to response when token_endpoint_auth_method is not private_key_jwt (#12609) 
Closes #12565
 2022-06-29 10:19:18 +02:00
Clara Fang
4643fd09e3 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() 
This should reduce GC pressure.

Closes #12644
 2022-06-29 08:53:09 +02:00
Konstantinos Georgilakis
ccc0449314 json device code flow error responses 
closes #11438
 2022-06-29 07:23:02 +02:00
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration (#12692) 
Closes #12625
 2022-06-29 07:17:09 +02:00
danielFesenmeyer
b6d8c27cac OIDC logout: In "legacy mode", support post_logout_redirect_uri param without requiring id_token_hint param 
Closes #12680
 2022-06-28 14:36:03 +02:00
leandrobortoli
c5d5659100 Fixed bug on client credentials grant when encryption key not found 
Closes #12348
 2022-06-27 13:00:21 +02:00
Lex Cao
f8a7c8e160
Validate name of client scope (#12571) 
Closes #12553
 2022-06-27 12:26:18 +02:00
Pedro Igor
3d2c3fbc6a Support JSON objects when evaluating claims in regex policy 
Closes #11514
 2022-06-23 14:04:09 -03:00
Pedro Igor
d3a40e8620 Use backend baseURL for UMA-related backend endpoints 
Closes #12549
 2022-06-23 10:35:26 -03:00
Takashi Norimatsu
a10eef882f DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent 
Closes #12455
 2022-06-22 13:01:35 +02:00
Takashi Norimatsu
d396ee7d30 CIBA flow : no error on invalid scope 
Closes #12589
 2022-06-22 12:55:55 +02:00
rmartinc
711440e513 [#11036] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL 2022-06-21 10:52:25 -03:00
Stefan Guilhen
7d96f3ad5a Events Map JPA implementation 
Closes #9667
 2022-06-21 13:53:48 +02:00
Hynek Mlnarik
26198e4b0b Disable tests irrelevant for map storage 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package 
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager(): 
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI 
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Martin Bartoš
d8112d7b7e
DB migration tests execution for Quarkus (#12525) 
Closes #12524
 2022-06-20 10:12:37 +02:00
Alexander Schwartz
71e7982a49 Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest 
Also adding try/finally in other places in the integration tests where it was missing.

Closes #12530
 2022-06-16 13:42:55 +02:00
nehachopra27
39cff0750c
[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh (#12386) 
Co-authored-by: nchopra <nchopra@redhat.com>

Resolves #12385
 2022-06-15 11:29:11 -03:00
Martin Bartoš
0fef4305b6 Logout confirm page is failing to log the user out on auth-server-wildfly 
Fixes #11753
 2022-06-14 10:46:02 +02:00
mposolda
3aefb59d40 Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user 
Closes #12458
 2022-06-14 10:44:31 +02:00
Alexander Schwartz
c2043da78e When asserting a URL, allow for some time for any redirect to complete. 
Closes #12446
 2022-06-14 07:30:31 +02:00
Christoph Leistert
442eff0169
Closes #11851: Apply localization text from realm default locale when it is not defined for the requested language. (#11852) 2022-06-10 14:36:11 -04:00
Alexander Schwartz
361a813d81 Keep a list of model instances in the JPA map session. 
This allows removing them from the persistence context on bulk delete.

Closes #12384
 2022-06-09 12:39:04 -03:00
Joerg Matysiak
3c19ad627f Repsect permissions configured to firstName and lastName when configured in user profile 
Resolves #12109
 2022-06-09 10:10:15 -03:00
Pedro Igor
8aecba1795 Fixing how realm frontendurl is cached when resolving the hostname 
Closes #11894
 2022-06-08 16:41:25 -03:00
Alexander Schwartz
9272c7a5ec Allow for the backend to return granted scopes in any order. 
Closes #12395
 2022-06-08 08:39:14 -03:00
Pedro Igor
243e63c9f3 Do not set empty permissions to username and email attributes 
Closes #11647
 2022-06-07 10:59:35 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API (#11199) 2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration (#12244) 
Closes #12243
 2022-06-07 09:02:00 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
Takashi Norimatsu
3889eeda30 Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API 
Closes #12295
 2022-06-06 11:30:48 +02:00
mposolda
f90fbb9c71 Changing locale on logout confirmation did not work 
Closes #11951
 2022-05-31 16:03:58 +02:00
Takashi Norimatsu
d083b6c484 ciba http auth channel sends client_id and client_secret via delegation request 
Closes #10993
 2022-05-31 08:22:50 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store 
Closes #9669
 2022-05-30 21:05:34 +02:00
Pedro Igor
ea22989d89 Fixing ClientTokenExchangeTest to also run when TLS is disabled 
Closes #11818
 2022-05-30 11:23:46 -03:00
Pedro Hos
e121371401 /clients-registrations API doesn't return secret anymore and is not coherent #11116 
/clients-registrations API doesn't return secret anymore and is not coherent

fixing merge

/clients-registrations API doesn't return secret anymore and is not coherent

fixing test that was failing

Replace tabs with regular spaces

fixing identation

/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116

fixing test that was failing
 2022-05-30 15:18:56 +02:00
mposolda
4222de8f41 OIDC RP-Initiated Logout POST method support 
Closes #11958
 2022-05-30 14:10:58 +02:00
Marek Posolda
cf386efa40
Support for client_id parameter in OIDC RP-Initiated logout endpoint (#12202) 
Closes #12002


Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2022-05-27 14:12:37 +02:00
Luca Leonardo Scorcia
27650ab816 Fix #10982 SAML Client - Introduce SAML Issuer validation 2022-05-27 10:58:10 +02:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store 
Closes #11947
 2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
Martin Bartoš
86f31e8df5 Fix BlacklistPasswordPolicyDefaultPath Failures on Windows 
Fixes #11967
 2022-05-24 17:26:19 -03:00
vramik
24171d2e47 Rename providers from jpa-map-storage to jpa 
Closes #12098
 2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled 
Closes #12118
 2022-05-23 13:01:30 +02:00
vramik
f8ca25d4a4 Add a profiles testsuite for jpa-map storage 
Closes #12045
 2022-05-20 09:17:33 +02:00
Stian Thorgersen
075e284455
Remove legacy (non-Elytron) WildFly adapter (#11789) 
Closes #11683
 2022-05-18 10:34:47 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation 
Closes #11189
 2022-05-17 12:57:35 +02:00
Michal Hajas
b86f205cda Make KeycloakServer runnable with external Infinispan server 
Closes #12011
Closes #12014
 2022-05-16 21:50:35 +02:00
Takashi Norimatsu
9541852a9b ID token encryption without specifying id_token_encrypted_response_enc does not follow OIDC Dynamic Client Registration specification 
Closes #11392
 2022-05-16 09:05:22 +02:00
Takashi Norimatsu
7fa24d247a Deprecated org.keycloak.jose.jws.Algorithm is used in OIDCAdvancedConfigWrapper 
Closes #11394
 2022-05-16 08:56:57 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one 
Fixes first part of: #11173

* Merge single-use token providers into one

* Remove PushedAuthzRequestStoreProvider

* Remove OAuth2DeviceTokenStoreProvider

* Delete SamlArtifactSessionMappingStoreProvider

* SingleUseTokenStoreProvider cleanup

* Addressing Michal's comments

* Add contains method

* Add revoked suffix

* Rename to SingleUseObjectProvider
 2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities 
Closes #11817
 2022-05-11 07:20:01 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing (#7943) 
Closes #11875
 2022-05-09 18:52:22 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services 
Closes #9679
 2022-05-06 15:31:38 +02:00
Stian Thorgersen
491b3262de
Remove Jetty 9.2 and 9.3 adapters (#11792) 
Closes #11791
 2022-05-04 15:24:46 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups 
Closes: 11771

see also KEYCLOAK-18308
 2022-05-02 14:13:37 +02:00
Stian Thorgersen
52ca546cfa
Remove Fuse adapters (#11740) 
Closes #11677
 2022-05-02 09:55:52 +02:00
Stian Thorgersen
b65d76edab
Remove EAP6 and AS7 adapters (#11605) 
Closes #11604
 2022-04-28 11:20:44 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed 
Closes #11076
 2022-04-28 11:09:17 +02:00
Alexander Schwartz
29233f33c8 Clear import/export properties at the end of the test 
This avoids the pollution of system properties that might lead to failures following tests.

Closes #11670
 2022-04-28 11:02:16 +02:00
Douglas Palmer
fdcbc9b27b
Automated test for session-limits authenticator with identity brokering (post-broker login flow) (#11723) 
Closes #11004
 2022-04-28 10:29:41 +02:00
vramik
5248815091 Disable infinispan realm and user cache for map storage tests 
Closes #11213
 2022-04-25 09:38:49 +02:00
Martin Bartoš
53ea60b8d5
Remove support for IE (#11271) 
Closes #11268
 2022-04-22 10:38:41 +02:00
Pedro Igor
76d83f46fa
Avoid clients exchanging tokens using tokens issued to other clients (#11542) 2022-04-20 19:14:55 +02:00
Stian Thorgersen
ac79fd0c23
Disallow special characters in usernames to prevent confusion with similarly looking usernames (#11531) 
Closes #11532

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
 2022-04-20 15:53:15 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117) 
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-04-20 14:25:16 +02:00
Martin Bartoš
3aa3db16ea
Fix error response for invalid characters (#11533) 
Fixes #11530
 2022-04-20 11:26:08 +02:00
Pedro Igor
f1fd7af758
Remove policies when user is deleted (#11385) 
Closes #11284
 2022-04-20 09:23:46 +02:00
m-takai
5f0e27a792 Add duplicate parameters check process in Device Authz Endpoint. 
AuthorizationEndpointRequest class already checks duplicated parameters but DeviceEndpoint class has not checked its error. Thus a check process is added in handleDeviceRequest()

Closes #11294
 2022-04-19 14:20:39 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance (#11220) 
Closes #11148
 2022-04-19 09:10:14 +02:00
Martin Kanis
a2d7cd7a5c Hot Rod map storage: User / client session no-downtime store 2022-04-14 15:34:22 +02:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint (#9842) 
Resolves #10896
 2022-04-13 13:57:22 -03:00
Giacomo Altiero
3b7243cd47
Support for UserInfo response encrypted (#10519) 
Close #10517
 2022-04-12 14:01:14 +02:00
Alexander Schwartz
a6dd9dc0f1 Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests. 
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.

Closes #11211
 2022-04-12 09:12:21 +02:00
Alexander Schwartz
5c810ad0e5 Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST" 
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".

Also implementing a retry logic for all remaining errors regarding LDAP.

Closes #11171
 2022-04-11 10:03:15 +02:00
Pedro Igor
834a276767 NPE when caching policies based on scopes without a resource 
Closes #11180
 2022-04-08 08:43:08 -03:00
Michal Hajas
1f2ebf4cba Add HotRod no downtime store for Realms 
Closes #9670
 2022-04-08 09:36:01 +02:00
Pedro Igor
b4770c30fd Fixing NPE when querying resources by type 
Closes #11137
 2022-04-07 15:10:20 -03:00
Tyler Andor
caebe50d7e
Updates patternfly libs and fixes breaking changes (#10748) 
adding nvmrc

CIAM-1048 Device Activity screen PF updates

CIAM-1046: Personal Info sub-header update

Updates SigningInPage to use EmptyState component when there are no credentials.

rearanged some components used in signing in page

Displays ApplicationPage content in description list.

Updates refresh link on ContentPage, updates Resources screen.

CIAM-1049 Linked Accounts screen PF updates

CIAM-1043-General upstream updates

Updates AccountPage to display form errors.

fix: display Set up Authenticator Application link on large viewport

fix(page structure): rearranges page sections

CIAM-1254/Personal info PF4 updates & Sidebar text updates

updating layouts

updating layout on Signing in and Linked acounts

adding patternfly-additions

adding patternfly-addons styles

Updates Application page based on designs feedback.

moving page description

Updates status label on Applications page to be capitalized.

Updates the copy-fonts script for keycloak.v2 to copy all font directories instead of one.

update Personal info screen - set max width of 600px for form input fields

update Personal info - remove required indicator from input fields

General updates (#2)

* removed the extra lines being shown

* tweaked general spacing

* general alignment and spacer application

* refactor to get proper alignments without css globals

* forgot to add the conditional on displaying the set up buttons

* try and adjust the alignments

Co-authored-by: zwitter <zwitter@redhat.com>

resolve merge conflicts

Device activity updates (#4)

* update text to sentence case

* update device info columns to be dynamic across various viewport sizes

* update signed in device layout

* update based on feedback

Co-authored-by: Jon Szeto <jszeto@redhat.com>

Linked accounts update (#3)

* linked accounts screen - updated icons & Linked/Unlinked Login Providers layout & update text to sentence case

Co-authored-by: Jon Szeto <jszeto@redhat.com>

fixing ts errors

cleaning up fonts and messages

final review updates

message update for Back to admin console link

fixing capitalization on 2fa

updating landing page welcome message

fix: reposition Back to... link

adjusting size for confirm modal

updating spacing and alignment issues

updating resources page

removing unused header class

fixes ts issues and updates node version to match the themes install

npm updates

fixing pf addons

adding chokidar to get babel:watch working

fixing issues from pull request feedback

fixing tests

fixes signingin page test

fixing tests

Co-authored-by: Tyler Andor <tandor@highereducation.com>
 2022-04-06 13:00:38 +02:00
Stian Thorgersen
7c64f28934
Change admin console to load keycloak.js using a relative URL (#11109) 
* Change admin console to load keycloak.js using a relative URL

Closes #11108

* fix tests

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
 2022-04-06 09:35:26 +02:00
Michal Hajas
4c20388eb7 Remove SOAPException from SOAPBindingTest as RunOnServer cannot load it 
Closes #11090
 2022-04-04 15:53:55 +02:00
Martin Kanis
395bd447f2 Hot Rod map storage: Login failure no-downtime store 2022-04-01 20:43:18 +02:00
Douglas Palmer
f57d0dd100
Automated tests for session limits authenticator (browser, direct grant, reset password) (#11046) 
Closes #11003
 2022-04-01 18:44:38 +02:00
Michal Hajas
44000caaf5 KEYCLOAK-19177 Disable ECP flow by default for all Saml clients; ecp flow creates only transient users sessions 2022-03-31 16:06:44 +02:00
Teubner, Malte
b5f70d8a32 Add scope parameter to admin-client TokenManager. 
Closes #10759
 2022-03-31 10:56:08 -03:00
iingawal
6016b461db
Fix for "updatedAt" user attribute in "profile" client scope should use number instead of String (#11020) 
Closes #10081


Co-authored-by: Indrajit Ingawale <iingawal@iingawal.pnq.csb>
 2022-03-31 14:33:03 +02:00
Marek Posolda
aacae9b9ac
Support for frontchannel_logout_session_required OIDC client parameter (#11009) 
* Support for frontchannel_logout_session_required OIDC client parameter
Closes #10137
 2022-03-31 14:25:24 +02:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint (#10887) 
* OIDC RP-Initiated logout endpoint
Closes #10885

Co-Authored-By: Marek Posolda <mposolda@gmail.com>

* Review feedback

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
 2022-03-30 11:55:26 +02:00
Andrea Peruffo
da5db5a813
Fix NPEs during realm import (#10962) 
Closes #10961
 2022-03-29 21:48:37 +02:00
Marcelo Daniel Silva Sales
091b1472ce
Introduce client secret rotation dynamic registration (#10952) 
Closes #10609
 2022-03-28 20:39:11 +02:00
Konstantinos Georgilakis
99fa6275c1 KEYCLOAK-19313 configure the name format in Attribute Importer IdP Mapper 2022-03-25 09:42:22 +01:00
Takashi Norimatsu
9c01d819cb Client Policies : An executor rejecting all requests 
Closes #9097
 2022-03-23 12:45:38 +01:00
Marcelo Daniel Silva Sales
6efa45f93e
Update secret rotation when the policy is enabled using jwt (#10853) 
Closes #10666
 2022-03-23 08:25:58 +01:00
Martin Kanis
e493b08fa7 Add expiration field to root authentication session 2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring 
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
 2022-03-22 20:49:40 +01:00
Alexander Schwartz
fb92b95c33 Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible. 
This reverts commit bc27c7c464.

Closes #10840
 2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6 Hot Rod map storage: Authentication session no-downtime store 2022-03-22 09:05:52 +01:00
Pedro Igor
ffa6df5547
Fixes to hostname (#10820) 
Closes #10627
Closes #10331
 2022-03-22 08:11:50 +01:00
Joaquim Fellmann
92c4e6d585
KEYCLOAK-16134 Allow webauthn idless login flow (#7860) 
Closes #10832
 2022-03-21 11:37:33 +01:00
Clara Fang
bc27c7c464 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() 
Closes #10333
 2022-03-18 11:20:52 +01:00
Michal Hajas
c18a682f50 Do not store undefined values in store 
Closes #10744
 2022-03-17 16:44:33 +01:00
mposolda
9e12587181 Protocol mapper and client scope for 'acr' claim 
Closes #10161
 2022-03-11 09:23:25 +01:00
Martin Bartoš
8ee7ae24de Make WebAuthn feature default for the product version 
Closes #10695
 2022-03-10 19:00:54 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730) 
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
 2022-03-10 15:49:25 +01:00
Martin Bartoš
8a0f1ccb34 Properly execute AuthenticationFlowCallbackProviderTest with Map storage 
Closes #10268, Closes #10225
 2022-03-10 15:00:23 +01:00
rmartinc
a7c8aa1dd3
[#10616] Incorrect username logged for federated accounts (#10662) 
Closes #10616
 2022-03-10 13:21:39 +01:00
Marcelo Daniel Silva Sales
0c25da542c
Update secret rotation when the policy is disabled (#10674) 
Closes #10667
 2022-03-10 13:03:09 +01:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname 
It's always a converter, unless electricity is involved.

Closes #10573
 2022-03-09 08:28:52 -03:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation (#10603) 
Closes #10602
 2022-03-09 00:05:14 +01:00
mposolda
d394e51674 Introduce profile 'feature' for step-up authentication enabled by default 
Closes #10315
 2022-03-08 14:42:46 +01:00
rmartinc
48565832d4 [#10608] Password blacklists folder 2022-03-08 08:22:34 -03:00
mposolda
93bba8e338 Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that. 
Closes #10205
 2022-03-08 10:41:05 +01:00
Martin Bartoš
02d0fe82bc Auth execution 'Condition - User Attribute' missing 
Closes #9895
 2022-03-08 08:24:48 +01:00