Commit graph

4632 commits

Author SHA1 Message Date
Stefan Guilhen
bfa4660ecd Add OpenAPI documentation for the Organization API
Closes #29479

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-16 14:59:30 -03:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305)
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
2024-05-16 07:58:43 +02:00
rmartinc
89d7108558 Restrict access to whoami endpoint for the admin console and users with realm access
Closes #25219

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-15 19:06:57 +02:00
Pedro Igor
b4d231fd40 Fixing realm removal when removing groups and brokers associated with an organization
Closes #29495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 14:29:27 +02:00
Pedro Igor
b5a854b68e
Minor improvements to invitation email templates (#29498)
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 13:19:02 +02:00
Pedro Igor
1b583a1bab Email validation for managed members should only fail if it does not match the domain set to a broker
Closes #29460

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 10:46:22 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-13 16:33:29 +02:00
kaustubh-rh
8a82b6b587
Added a check in ClientInitialAccessResource (#29353)
closes #29311

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>
2024-05-13 13:00:36 +02:00
vramik
fbdaf03972 Ensure master realm can't be removed
Fixes #28896

Signed-off-by: vramik <vramik@redhat.com>
2024-05-13 07:47:48 -03:00
rmartinc
2cc051346d Allow empty CSP header in headers provider
Closes #29458

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-13 10:51:31 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-10 21:28:11 -03:00
Stefan Guilhen
f0620353a4 Ensure master realm can't be removed
Closes #28896

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:56:18 -03:00
Stefan Guilhen
ceed7bc120 Add ability to search organizations by attribute
Closes #29411

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:45:41 -03:00
Pedro Igor
77b58275ca Improvements to the organization authentication flow
Closes #29416
Closes #29417
Closes #29418

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-09 16:07:52 -03:00
Pedro Igor
a65508ca13 Simplifying the CORS SPI and the default implementation
Closes #27646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-08 12:27:55 -03:00
Thomas Darimont
6ba8b3faa2 Revise ObjectMapper construction (#16295)
Previously an ObjectMapper was created multiple times during startup:
two times during bootstrap and one additional time for the first request sent to Keycloak.
Additionally jackson modules, e.g. support for JSR310 java.time types
were not registered event-though they are present on the classpath.

This PR revises the initialization of the ObjectMapper.

- Ensure ObjectMapper is only initialized once
- Ensure that jackson modules on the classpath are properly

Fixes #16295

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-05-07 19:04:43 +02:00
Martin Kanis
d4b7e1a7d9 Prevent to manage groups associated with organizations from different APIs
Closes #28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-07 11:16:40 -03:00
Pedro Igor
f8bc74d64f Adding SAML protocol mapper to map organization membership
Closes #28732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 15:52:35 +02:00
Stefan Guilhen
aa945d5636 Add description field to OrganizationEntity
Closes #29356

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 10:35:51 -03:00
Pedro Igor
c0325c9fdb Do not manage brokers through the Organization API
Closes #29268

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 09:15:25 -03:00
Alice W
d1549a021e Update invitation changes based on review and revert deleted test from OrganizationMembertest
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
7553679116 Using a common name for token parameter and setting it to action urls when available from query parameters
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
5359840f10 Reverting changes to login action services
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
6ae8c1e262 Reverting changes to freemarker login forms provider
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
40a283b9e8 Token expiration tests and updates to registration required action
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
158162fb4f Review tests and having invitation related operations in a separate class
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
287f3a44ce registration link tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Alice W
ce2e83c7f9 Update test and link formation on invite of new user
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Alice W
694105da89 Update the handling of invite tokens for new user registration to work with the base level oauth flows and implicit grants
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Alice W
18356761db Add test for user invite registration and fix minor bug with registration link generation and email templating
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
e0bdb42d41 adding test and minor updates to cover inviting existing users
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Alice W
584e92aaba Add support for organizational invites to new and existing users based on tokens
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971)
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-06 14:46:56 -03:00
Alexander Schwartz
2ebad818f9
Provide details in the log when a client credential grant fails (#28927)
Closes #28926

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-06 09:31:25 +02:00
Alexander Schwartz
a9532274e3
Generate translations for locales via built-in Java functionality (#29125)
Closes #29124

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-05-06 09:30:14 +02:00
Giuseppe Graziano
c6d3e56cda Handle reset password flow with logged in user
Closes #8887

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-05-06 09:10:47 +02:00
Thomas Darimont
ba43a10a6d
Improve details for user error events in OIDC protocol endpoints
Closes #29166

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-05-06 08:32:31 +02:00
Pedro Igor
32d25f43d0 Support for mutiple identity providers
Closes #28840

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-04 16:19:27 +02:00
Justin Tay
7bd48e9f9f Set logout token type to logout+jwt
Closes #28939

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-05-03 14:51:10 +02:00
Giuseppe Graziano
8c3f7cc6e9 Ignore include in token scope for refresh token
Closes #12326

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-05-03 09:05:03 +02:00
alexagc
5e00fe8b10 Ignore g-recaptcha-response in user profile validation
Signed-off-by: alexagc <alexcanal@gmail.com>
2024-05-02 17:12:54 -03:00
Steven Hawkins
4697cc956b
further refinement of context handling (#28182)
* fully removing providers and moving the keycloaksession creation / final
cleanup

also deprecated Resteasy utility methods

closes: #29223

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-02 11:21:01 -04:00
Stefan Guilhen
45e5e6cbbf Introduce filtered (and paginated) search for organization members
Closes #28844

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-02 11:25:43 -03:00
Patrick Jennings
64824bb77f
Client type service account default type (#29037)
* Adding additional non-applicable client fields to the default service-account client type configuration.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Creating TypedClientAttribute which maps clientmodel fields to standard client type configurations.

Adding overrides for fields in TypeAwareClientModelDelegate required for
service-account client type.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Splitting client type attribute enum into 3 separate enums, representing
the top level ClientModel fields, the extended attributes through the
client_attributes table, and the composable fields on
ClientRepresentation.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Removing reflection use for client types.

Validation will be done in the RepresentationToModel methods that are responsible for the ClientRepresentation -> ClientModel create and update static methods.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

More updates

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Update client utilzes type aware client property update method.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* If user inputted representation object does not contain non-null value, try to get property value from the client. Type aware client model will return non-applicable or default value to keep fields consistent.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Cleaning up RepresentationToModel

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Fixing issue when updating client secret.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Fixing issue where created clients would not have fullscope allowed, because getter is a boolean and so cannot be null.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Need to be able to clear out client attributes on update as was allowed before and causing failures in integration tests.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Fixing issues with redirectUri and weborigins defaults in type aware clients.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Need to allow client attributes the ability to clear out values during update.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Renaming interface based on PR feedback.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Shall be able to override URI sets with an empty set.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

* Comments around fields that are primitive and may cause problems determining whether to set sane default on create.

Signed-off-by: Patrick Jennings <pajennin@redhat.com>

---------

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-02 12:22:02 +02:00
Ricardo Martin
65bdf1a604
Encode realm name in console URIs (#29102)
Before this fix console uris (including the client redirect uris) did not contain the url encoded realm name and therefore were invalid.

closes #25807

Signed-off-by: Philip Sanetra <code@psanetra.de>
Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Philip Sanetra <code@psanetra.de>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-05-02 10:30:06 +02:00
Stefan Guilhen
02e2ebf258 Add check to prevent deserialization issues when the context token is not an AccessTokenResponse.
- also adds a test for the refresh token on first login scenario.

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-30 12:02:10 -03:00
Geoffrey Fourmis
24d9a22f49 25815 do not remove previous refresh token for federated identity
Signed-off-by: Geoffrey Fourmis <geoffrey.fourmis@gmail.com>
2024-04-30 12:02:10 -03:00
rmartinc
8042cd5d4f Set client in the context for docker protocol
Fix to execute again the docker test
Closes #28649

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-30 10:17:17 +02:00
Pedro Igor
51352622aa Allow adding realm users as an organization member
Closes #29023

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-29 08:37:47 -03:00
Alexander Schwartz
d55a8b0b17 Run validation of email addresses only for new and changed email addresses
Closes #29133

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-29 07:38:26 -03:00
Stefan Guilhen
bfabc291cc 28843 - Introduce filtered (and paginated) searches for organizations
Closes #28843

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-25 12:38:20 -03:00
Stefan Guilhen
8fa2890f68 28818 - Reintroduce search by name for subgroups
Closes #28818

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-25 12:06:07 -03:00
vramik
d65649d5c0 Make sure organization are only manageable by the admin users with the manage-realm role
Closes #28733

Signed-off-by: vramik <vramik@redhat.com>
2024-04-23 12:16:57 -03:00
Steven Hawkins
9486432f3f
fix: removing httpclient override (#28304)
we need to have a dependency on commons-logging-jboss-logging

closes: #21392

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-23 10:09:06 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715)
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
mposolda
337a337bf9 Grant urn:ietf:params:oauth:grant-type:pre-authorized_code was enabled even if oid4vc_vci feature is disabled
closes #28968

Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-22 18:31:46 +02:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-04-22 11:42:18 -03:00
Stefan Guilhen
f1532565b6 Don't use no-arg version of GroupModel.getSubGroupsStream() when fetching the subgroups from the GroupResource endpoint.
- prevents pre-loading all groups; instead use the stream from the JPA adapter to load subgroups one by one and then filter based on the user permissions.

Closes #28935

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:27:29 -03:00
Marek Posolda
b553fc2ae0
Fix compilation error (#28965)
closes #28964

Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-22 11:19:33 +00:00
Erwin Rohde
10544a5a93 socketTimeoutUnits and establishConnectionTimeoutUnits use TimeUnit set in HttpClientBuilder
Closes #28881

Signed-off-by: Erwin Rohde <erwin@rohde.nu>
2024-04-22 08:11:11 -03:00
Douglas Palmer
ed22530d16 Failure reset time is applied to Permanent Lockout
Closes #28821

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-22 11:47:22 +02:00
Stefan Wiedemann
b08c644601
Support credentials issuance through oid4vci (#27931)
closes #25940 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-04-22 11:37:55 +02:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393)
Closes #26201.

Signed-off-by: Lex Cao <lexcao@foxmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
etiksouma
1afd20e4c3 return proper error message for admin users endpoint
closes #28416

Signed-off-by: etiksouma <al@mouskite.com>
2024-04-20 12:17:53 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Giuseppe Graziano
f6071f680a Avoid the same userSessionId after re-authentication
Closes keycloak/keycloak-private#69

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 14:44:39 +02:00
mposolda
c427e65354 Secondary factor bypass in step-up authentication
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
2024-04-19 14:43:53 +02:00
Giuseppe Graziano
897c44bd1f Validation of providerId during required action registration
Closes #26109

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 13:06:51 +02:00
Joerg Matysiak
76a5a27082 Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it
Don't mask secrets at realm export

Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130 Make sure admin events are not referencing sensitive data from their representation
Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
cgeorgilakis-grnet
89263f5255 Fix refresh token scope in refresh token flow with scope request parameter
Closes #28463

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-04-18 16:17:46 -03:00
Ricardo Martin
4c2542b91f
Better management of domains in TrustedHostClientRegistrationPolicy (#139) (#28876)
Closes keycloak/keycloak-private#63

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:06:50 +02:00
Ricardo Martin
8daace3f69
Validate Saml URLs inside DefaultClientValidationProvider (#135) (#28873)
Closes keycloak/keycloak-private#62

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:04:13 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872)
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Hynek Mlnarik
9d1433d266 Update URL builder
Fixes: keycloak/keycloak-quickstarts#548

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-18 14:50:10 +02:00
vramik
860f3b7320 Prevent updating IdP via organization API not linked with the organization
Closes #28833

Signed-off-by: vramik <vramik@redhat.com>
2024-04-18 09:14:54 -03:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint (#146) (#28866)
Closes #47

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Conflicts:
	core/src/main/java/org/keycloak/util/TokenUtil.java
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 14:11:05 +02:00
Stian Thorgersen
cbc4a8c305
Limit requests sent through session status iframe (#132) (#28864)
Closes #116

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-04-18 14:02:37 +02:00
rmartinc
ddacfbdefd Remove deprecated LinkedIn social provider
Closes #23127

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Pedro Igor
f0f8a88489 Automatically fill username when authenticating to through a broker
Closes #28848

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 08:24:34 +02:00
Pedro Igor
1e3837421e Organization member onboarding using the organization identity provider
Closes #28273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Jon Koops
3216e7c781
Only allow a known refferer URI for the Account Console (#28743)
Closes #27628

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-16 17:24:22 +02:00
Pedro Ruivo
63cb137b37 Remove usages of EnvironmentDependentProviderFactory.isSupported
Closes #28751

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-16 09:43:23 +02:00
Stefan Guilhen
2ab8bf852d Add validation for the organization's internet domains.
Closes #28634

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Patrick Jennings
5e0d323304 Log exception when failure to augment client and re-throw instead of returning the raw client.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
551a3db987 Updating validation logic to match our expectations on what applicable should mean.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
03db2e8b56 Integration tests around client type parameter validation. Throw common ClientTypeException with invalid params requested during client creation/update requests. This gets translated into ErrorResponseException in the Resource handlers.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
9814733dd3 DefaultClientType service will now validate all client type default values and respond with bad request message with the affending parameters that attempt to override readonly in the client type config.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
c0f5dab209 If client cannot be augmented due to error, we shall return the un-augmented client entity.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
42202ae45e Translate client type exception during client create into bad request response.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Giuseppe Graziano
4672366eb9
Simplified checks in IntrospectionEndpoint (#28642)
Closes #24466

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
2024-04-12 21:19:04 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper (#28663)
closes #28661


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-12 14:13:03 +02:00
Pedro Igor
61b1eec504 Prevent members with an email other than the domain set to an organization
Closes #28644

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Douglas Palmer
69ba92808d DefaultBruteForceProtector leverages a single thread to write success/failed events
Closes #14084

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-12 09:53:40 +02:00
Pedro Igor
8f8094408e Encapsulate the logic to set attributes into the domain model
Closes #28646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-11 15:32:21 -03:00
Marek Posolda
74faddec8e
Release notes for lightweight access tokens and group together relate… (#28622)
closes #28460

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 20:02:33 +02:00
Giuseppe Graziano
33b747286e Changed userId value for refresh token events
Closes #28567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-11 07:46:44 +02:00
Stefan Guilhen
9a466f90ab Add ability to set one or more internet domain to an organization.
Closed #28274

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00