Ingrid Kamga
c4d6979907
Scaffold verification of SD-JWT VP token ( #29859 ) ( #33752 )
...
Closes #29859
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-10-25 14:49:25 +02:00
Gilvan Filho
c4005d29f0
add linear strategy to brute force
...
closes #25917
Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
2024-10-22 10:33:22 -03:00
Pascal Knüppel
41ee68611f
Allow to create EC certificates if new EC-key-provider is created ( #31843 )
...
Closes #31842
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-10-17 16:05:59 +02:00
Thomas Darimont
40bdc902f0
Use account-console client for server-side auth check
...
Also generate PKCE verifier and use challenge parameters
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
Thomas Darimont
729417b20a
Use account-console client for server-side auth check
...
- Also generate PKCE verifier and use challenge parameters
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
Ogen Bertrand
304da50efc
Implement SdJwtVP.of(String) with enhanced error handling
...
This update includes validation for missing disclosures, duplicate disclosure digests, and malformed disclosure data, improving overall robustness and error handling during disclosure processing.
Closes #33020
Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
2024-10-07 16:40:54 +02:00
Maksim Zvankovich
35eba8be8c
Add option to include the organization id in the organization claims
...
Closes #32746
Signed-off-by: Maksim Zvankovich <m.zvankovich@nexovagroup.eu>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-03 08:11:36 -03:00
vramik
c1653448f3
[Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link
...
Closes #33201
Signed-off-by: vramik <vramik@redhat.com>
2024-10-02 07:37:48 -03:00
rmartinc
c532751ff4
Downgrade Java for client libraries to 8
...
Closes #33051
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-20 17:01:01 +02:00
Pedro Ruivo
f67bec0417
Rename remote-cache Feature
...
Renamed to "clusterless"
Closes #32596
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Stefan Guilhen
e7a4635620
Filter out org brokers from the account console
...
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination
Closes #31944
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 09:00:52 -03:00
mposolda
dad4477995
Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17
...
closes #32586
Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-03 15:58:57 +02:00
keshavprashantdeshpande
058c2717a0
Add setter for frontChannelLogoutSupported
and frontChannelLogoutSessionSupported
( #32532 )
...
Closes #30178
Signed-off-by: keshavprashantdeshpande <vaidehidabir@gmail.com>
2024-09-02 12:18:01 +00:00
Erik Jan de Wit
776a491989
added organizations table to account ( #32311 )
...
* added organizations table to account
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-22 15:44:03 -03:00
Pedro Igor
eeae50fb43
Make sure federationLink always map to the storage provider associated with federated users
...
Closes #31670
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:27:22 +02:00
Stefan Guilhen
f82159cf65
Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code.
...
Closes #32090
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
mposolda
54a538b3ad
Update RolePolicyRepresentation fields from 'boolean' to 'Boolean'
...
closes #32117
Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-14 13:11:06 +02:00
rmartinc
2a06e1a6db
Add SHAKE256 hash provider for Ed448
...
Closes #31931
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider ( #23928 )
...
Closes #23596
Closes #23597
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-08 17:29:35 +02:00
Ingrid Kamga
36a141007e
Implement advanced verification of SD-JWT in Keycloak ( #30966 )
...
closes #30907
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-05 11:50:03 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes ( #29967 )
...
fixes #30179
fixes #30181
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-29 16:30:54 +02:00
Pascal Knüppel
b20123dcdc
Add x5c and jwk as optional params to JWSBuilder and JWSHeader
...
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-29 09:25:02 +02:00
vramik
649b35929e
Make sure users created through a registration link are managed members
...
Closes #30743
Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential ( #30920 )
...
closes #30918
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-07-18 09:52:02 +02:00
Martin Kanis
e5848bdcf9
Cannot set unmanagedAttributePolicy without profile attributes
...
Closes #31153
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-17 09:53:59 -03:00
mposolda
1864cf1827
Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25
...
closes #31224
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-15 18:30:35 +02:00
mposolda
3c3f59f861
Move some server related logic from info representation classes to server codebase
...
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 11:00:30 +02:00
Pedro Igor
a0ad680346
Adding an alias to organization and exposing them to templates
...
Closes #30312
Closes #30313
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
rmartinc
c51640546d
Improvements for ldap test authentication
...
Closes #30434
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-15 10:01:24 +02:00
Jon Koops
c7361ccf6e
Run the Vite dev server through the Keycloak server ( #27311 )
...
Closes #19750
Closes #28643
Closes #30115
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-12 11:55:14 +02:00
Patrick Jennings
75925dcf6c
Client type configuration inheritance ( #30056 )
...
closes #30213
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-06-10 18:59:08 +02:00
mposolda
0bf613782f
Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error
...
closes #30102
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-05 13:55:02 +02:00
Pedro Igor
f8d55ca7cd
Export import realm with organizations
...
Closes #30006
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-05 09:50:03 +02:00
mposolda
9074696382
Editing built-in client policy profiles are silently reverted
...
closes #27184
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-03 14:00:37 +02:00
Andrejs Mivreniks
1cf87407fe
Allow setting authentication flow execution priority value via Admin API
...
Closes #20747
Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>
2024-05-30 19:17:45 +02:00
Francis Pouatcha
2683c0a7d1
JWSBuilder when used directly with AsymmetricSignatureSignerContext produces non compliant ECDSA signed JWT ( #29333 )
...
closes #29309
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-05-27 13:45:42 +02:00
Thomas Darimont
ab376d9101
Make required actions configurable ( #28400 )
...
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata
Fixes #28400
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
vramik
278341aff9
Add organizations enabled/disabled capability
...
Closes #28804
Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Patrick Jennings
84acc953dd
Client type OIDC base read only defaults ( #29706 )
...
closes #29742
closes #29422
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-22 09:07:19 +02:00
Stefan Guilhen
aa945d5636
Add description field to OrganizationEntity
...
Closes #29356
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 10:35:51 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc ( #28971 )
...
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d
Add enabled field to OrganizationEntity
...
Closes #28891
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-06 14:46:56 -03:00
Pedro Igor
32d25f43d0
Support for mutiple identity providers
...
Closes #28840
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-04 16:19:27 +02:00
Justin Tay
7bd48e9f9f
Set logout token type to logout+jwt
...
Closes #28939
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-05-03 14:51:10 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Pedro Igor
8e48bac278
Ordering the group and role ids in the policy representation
...
Closes #28824
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-22 20:28:47 +02:00
Thomas Darimont
68617180a2
Show indicator for transient user in user sessions list in admin ui (28879)
...
For transient users a transient label is now shown in the realm sessions and client sessions list in the admin ui.
Fixes #28879
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-19 09:48:41 +02:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint ( #146 ) ( #28866 )
...
Closes #47
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Conflicts:
core/src/main/java/org/keycloak/util/TokenUtil.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 14:11:05 +02:00
Pedro Igor
61b1eec504
Prevent members with an email other than the domain set to an organization
...
Closes #28644
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Stefan Guilhen
9a466f90ab
Add ability to set one or more internet domain to an organization.
...
Closed #28274
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00