rmartinc
5fe916861d
Return 404 on invalid theme type
...
Closes #32798
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-17 09:09:34 +02:00
Giuseppe Graziano
e6c5ee31e4
Admin API with Lightweight access token and transient session
...
Closes #32802
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-16 09:30:15 +02:00
Nate Drake
75973157aa
Fix a few typos ( #32929 )
...
Signed-off-by: Nate Drake <ndrake@gmail.com>
2024-09-15 10:12:26 +00:00
Pedro Ruivo
f67bec0417
Rename remote-cache Feature
...
Renamed to "clusterless"
Closes #32596
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Stian Thorgersen
40049f31fa
Remove ProxyClassLoader and PlatformProvider returning script classloader ( #32806 )
...
Closes #32804
Signed-off-by: stianst <stianst@gmail.com>
2024-09-11 17:11:26 +02:00
rmartinc
b60621d819
Allow brute force to have http request/response and send emails
...
Closes #29542
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-11 08:35:03 +02:00
cgeorgilakis-grnet
f8b1b3ee03
Search Identity Providers by alias or display name
...
Closes #32588
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-09-10 21:52:59 +02:00
Thomas Darimont
6b83a45b2e
Propagate locale when using app initiated registration URL
...
Fixes #13505
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-10 12:25:17 +02:00
Garth
7988f026e0
Add a PasswordPoliciesBean to the FreeMarker context.
...
Closes #32553
Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
2024-09-10 12:19:53 +02:00
Alexander Schwartz
b88ecc0237
Removing the extra two-minute Window for persistent user sessions ( #32660 )
...
Closes #28418
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-09-09 09:28:48 +02:00
Steven Hawkins
58d742bb5c
fix: refining v2 hostname validation ( #32659 )
...
closes : #32643
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-09-06 17:49:25 +02:00
Thomas Darimont
211224f613
Use correct error value in Token Exchange error responses
...
The Token Exchange [RFC8693 Section-2.2.2](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.2 ) requires
that the error code for invalid requests is `invalid_request`.
Previously, Keycloak used `invalid_token` as the error code.
Fixes #31547
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-05 18:35:36 +02:00
keshavprashantdeshpande
9f5f8e017e
Improve message for failing partial import of realm ( #32667 )
...
Closes #28017
Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-05 15:12:37 +02:00
mposolda
866101e72e
Optimize LogoutEndpoint.backchannelLogout endpoint
...
closes #32683
Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-05 13:49:31 +02:00
Thomas Darimont
693a63b532
Handle ClientData parsing errors in SessionCodeChecks gracefully
...
- Move ClientData parsing out of SessionCodeChecks ctor
- Respond with a bad request if invalid client data is presented
Closes #32515
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-05 10:50:27 +02:00
Giuseppe Graziano
a14548a7a2
Lightweight access tokens for Admin REST API ( #32347 )
...
* Lightweight access tokens for Admin REST API
Closes #31513
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-04 18:04:23 +02:00
cgeorgilakis-grnet
e6b271895e
Make update IdentityProvider admin REST API more efficient
...
Closes #32388
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-09-04 11:49:32 -03:00
Alexander Schwartz
0e1a7c6f8e
Add information about token expiry to events
...
Closes #28311
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-04 14:44:51 +02:00
Stefan Guilhen
e7a4635620
Filter out org brokers from the account console
...
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination
Closes #31944
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 09:00:52 -03:00
Alexander Schwartz
4d1e1e0bcb
Show details for error messages where they were missing ( #32534 )
...
Closes #32533
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-04 07:23:54 -04:00
Theresa Henze
a1c23fef8c
introduce event types to update/remove credentials
...
Closes #10114
Signed-off-by: Theresa Henze <theresa.henze@bare.id>
2024-09-03 18:27:27 +02:00
Pedro Igor
079242c398
Binding brokering OIDC user sessions with the issuer of the ID Token to avoid looking up sessions by iterating over all brokers in a realm
...
Closes #32091
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-03 17:51:20 +02:00
Thomas Darimont
88a5c96fff
Add kc_action
to redirect URI after a required action is cancelled ( #31925 )
...
Closes #31894
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-03 14:26:23 +00:00
mposolda
dad4477995
Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17
...
closes #32586
Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-03 15:58:57 +02:00
Alexander Schwartz
5bd3da657b
Cache regex patterns in frequently used production code
...
Closes #32428
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-02 08:57:03 -03:00
Jon Koops
2d17024b14
Remove redirect_uri
support from OIDC logout endpoint
...
Closes #10983
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-08-30 12:52:49 +00:00
Martin Kanis
e7d71d43c3
Identity Provider secret visible in Organization tab (API request)
...
Closes #32486
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-30 09:26:25 -03:00
Douglas Palmer
ecbd856176
Brute force protection: Lockout permanently uses parameters configured under lockout temporarily
...
Closes #30969
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-08-29 16:30:22 +02:00
Martin Kanis
7e6dd682d4
Validate organization alias for forbidden chars
...
Closes #32392
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-28 21:59:38 +02:00
Pedro Igor
449557290b
More options to organization scope mapper including adding organization attributes to tokens
...
Closes #31642
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-27 09:40:55 -03:00
Stefan Guilhen
88cca10472
Rename IDPSpi to IdentityProviderStorageSpi
...
Closes #31639
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-26 15:10:09 -03:00
Erik Jan de Wit
776a491989
added organizations table to account ( #32311 )
...
* added organizations table to account
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-22 15:44:03 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel ( #32251 )
...
* Decouple Identity provider mappers from RealmModel
Closes #31731
Signed-off-by: vramik <vramik@redhat.com>
2024-08-22 12:05:19 -03:00
Steven Hawkins
d9a92f5de3
fix: expose bootstrap-admin-* options ( #32241 )
...
* fix: expose bootstrap-admin-* options
closes : #32176
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-08-21 15:52:38 +02:00
Peter Zaoral
6ab3b98743
Temporary admin account notice logged to org.keycloak.events ( #32307 )
...
* removed the temporary admin accounts logging from JBossLoggingEventListenerProvider
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-08-21 13:31:57 +00:00
Pedro Igor
c1f6d5ca64
Support for selecting an organization when requesting the organization scope
...
Closes #31438
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-21 13:04:58 +02:00
Stefan Guilhen
585d179fe0
Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs.
...
Closes #32238
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-21 07:49:01 -03:00
Peter Zaoral
1b5fe5437a
Warnings for temporary admin user and service account ( #31387 )
...
* UI banner, labels and log messages are shown when temporary admin account is used
* added UI tests that check the elements' presence
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-08-21 09:30:24 +02:00
Pedro Ruivo
4675a4eda9
Deprecate UserSessionCrossDCManager
...
Fixes #31878
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-21 08:52:39 +02:00
Pedro Igor
e3c0b918bd
Returning a full representation when querying organizations
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:11:14 -03:00
Pedro Igor
4376a3c757
Add an endpoint to the organizations endpoint to return the organizations for a given user
...
Closes #32158
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43
Make sure federationLink always map to the storage provider associated with federated users
...
Closes #31670
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:27:22 +02:00
Stefan Guilhen
fa7c2b5da6
Address review comments
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65
Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code.
...
Closes #32090
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c
Support for ALL and ANY organization scope values
...
Related #31438
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-19 08:45:23 -03:00
mposolda
3d787727f9
Add acr scope to all clients for those migrating from older than Keycloak 18
...
closes #31107
Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-16 12:17:43 +02:00
Václav Muzikář
cb418b0bfc
Upgrade to Quarkus 3.13.2 ( #31678 )
...
* Upgrade to Quarkus 3.13.2
Closes #31676
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-08-16 11:41:34 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values ( #32137 )
...
closes #31595
Signed-off-by: Himanshi Gupta <higupta@redhat.com>
2024-08-16 08:58:27 +02:00
Alexander Schwartz
80d235fffb
Handle non-existing client gracefully ( #32151 )
...
Closes #32150
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-15 16:08:40 +02:00
Stefan Guilhen
aeb1951aba
Replace calls to deprecated RealmModel IDP methods
...
- use the new provider instead
Closes #31254
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00
Support for resolving organization based on the organization scope
...
Closes #31438
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies
...
Closes #16770
Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db
Add a count method to the OrganizationMembersResource
...
Closes #31388
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac
Client Policy - Condition : Client - Client Attribute
...
Closes https://github.com/keycloak/keycloak/issues/31766
Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
2024-08-14 09:56:56 +02:00
kaustubh-rh
cf8905efe8
Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. ( #32067 )
...
* Stripping secrets for the credential representation
Signed-off-by: kaustubh B <kbawanka@redhat.com>
2024-08-12 13:47:41 -03:00
Steven Hawkins
b72ddbcc45
fix: add a warning log if a deprecated admin env variable is used ( #32038 )
...
closes : #31491
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 08:54:30 +02:00
rmartinc
347f595913
Add ECDH-ES encyption algorithms to the java keystore key provider
...
Closes #32023
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a
Conditionally redirect existing users to a broker based on their credentials
...
Closes #31006
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-09 07:59:25 -03:00
rmartinc
2a06e1a6db
Add SHAKE256 hash provider for Ed448
...
Closes #31931
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider ( #23928 )
...
Closes #23596
Closes #23597
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-08 17:29:35 +02:00
Steven Hawkins
7ce6f12fe3
fix: adds a check for duplicate users/clients to simplify cmd errors ( #31583 )
...
also changes temp-admin-service to temp-admin
closes : #31160
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:20:33 -04:00
Pedro Igor
3ab2446074
Do not return identity providers when querying the realm representation
...
Closes #21072
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-07 10:06:51 -03:00
rmartinc
acbbfde4ab
Adding upgrading notes for brute force changes
...
Closes #31960
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-07 14:38:30 +02:00
Pascal Knüppel
f3341390f4
Issuer id must be a URL according to specification ( #30961 )
...
fixes #30960
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-08-07 14:35:58 +02:00
Giuseppe Graziano
35c8c09b8d
OIDC dynamic client registration with response_type=none
...
Closes #19564
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-07 10:34:47 +02:00
rmartinc
8a09905e5c
Remove the attempt in brute force when the off-thread finishes
...
Closes #31881
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-06 15:30:49 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
...
Closes #31807
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC ( #31763 )
...
closes #31712
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1
Add a media type to error responses on OID4VC endpoints
...
Closes #31585
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-02 12:09:09 +02:00
Justin Tay
f537343545
Allow empty key use in JWKS from identity provider
...
Closes #31823
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-02 11:39:43 +02:00
rmartinc
773e309f75
Parse saml urls correctly if the bindings are different
...
Closes #31780
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-02 11:34:06 +02:00
Thomas Darimont
282260dc95
Ensure issued_client_type is always added to successful token-exchange response ( #31548 )
...
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1 )
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type
Fixes #31548
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-30 18:33:51 +02:00
Alexander Schwartz
11b19bc272
For persistent sessions, don't remove user session if there is no session in the remote store ( #31756 )
...
Closes #31115
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-30 17:57:09 +02:00
Pedro Igor
a79761a447
Support for blocking concurrent requests when brute force is enabled
...
Closes #31726
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-30 10:01:48 +02:00
Martin Kanis
d91d6d18d5
Can not update organization group error when trying to create organisation from REST API
...
Closes #31144
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes ( #29967 )
...
fixes #30179
fixes #30181
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-29 16:30:54 +02:00
Stefan Guilhen
f45529de8c
Deprecate IDP related methods in RealmModel
...
- delegate to the new provider
Closes #31253
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Stefan Guilhen
c16e88bcee
Make the IDPProvider via session.identityProviders()
...
Closes #31252
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Alexander Schwartz
6d404b86c9
Trigger clearing the user cache when the duplicate email allowed flag changes
...
Closes #31045
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 10:37:42 +02:00
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs ( #31620 )
...
closes #31581
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645
Respect the username value format when processing federated users
...
Closes #31240
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators ( #31549 )
...
Closes #30476
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:03:21 +02:00
Pedro Igor
1f8280c71a
Allow members joining multiple organizations
...
Closes #30747
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Giuseppe Graziano
12732333c8
Client scope assignment for client registration
...
Closes #31062
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-26 17:33:49 +02:00
Stian Thorgersen
30cd88fefe
Change default bootstrap admin service account client-id ( #31649 )
...
Closes #31648
Signed-off-by: stianst <stianst@gmail.com>
2024-07-26 10:45:26 +00:00
vramik
649b35929e
Make sure users created through a registration link are managed members
...
Closes #30743
Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071
feature: password age in days policy
...
Closes #30210
Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
2024-07-24 15:12:16 -03:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation( #30692 )
...
closes #30525
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-07-24 13:45:39 +02:00
rmartinc
5db3772d45
Remove TrustedHostClientRegistrationPolicyTest#testGithubDomain
...
Closes #29271
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-23 11:33:38 +02:00
Diego Ramp
ae74d923d2
fix bad debugv({}) in favor of more tolerant debugf(%s)
...
Closes #31368
Signed-off-by: Diego Ramp <diego.ramp@mobi.ch>
2024-07-18 10:34:32 +02:00
mposolda
3110bb8989
Missing Cache-Control header when response_type parameter is missing in login request
...
closes #29866
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-18 10:17:52 +02:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential ( #30920 )
...
closes #30918
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-07-18 09:52:02 +02:00
Captain-P-Goldfish
526286e851
Manipulate OpenID redirect-response with custom implementation
...
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-07-17 17:20:18 +02:00
Martin Kanis
e5848bdcf9
Cannot set unmanagedAttributePolicy without profile attributes
...
Closes #31153
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-17 09:53:59 -03:00
Ricardo Martin
3d12c05005
Correctly moves to the next required action ( #31358 )
...
Closes #31014
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-07-17 09:38:29 +02:00
Pascal Knüppel
8485bc38ef
Make ProofType a string instead of enum ( #31000 )
...
fixes #30999
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-16 11:30:38 +02:00
Martin Kanis
887db25f00
Allow auto-redirect existing users federated from organization broker when using the username
...
Closes #30746
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-15 13:48:45 -03:00
Pedro Igor
c33585a5f4
All pubic brokers are shown during authentication rather than only those associated with the current organization
...
Closes #31246
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-12 17:51:39 +02:00
Douglas Palmer
9300903674
page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt
...
Closes #25440
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-07-12 16:24:21 +02:00
Pascal Knüppel
4028ada2a5
Add required default-context value to VerifiableCredential ( #30959 )
...
closes #30958
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-11 18:25:11 +02:00