Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
rmartinc
2b769e5129
Better management of the CSP header
...
Closes https://github.com/keycloak/keycloak/issues/24568
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-08 08:19:57 +02:00
Gilvan Filho
96db7e3154
fix NotContainsUsernamePasswordPolicyProvider: reversed check
...
closes #28389
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-04-05 10:39:07 -03:00
Pedro Igor
8fb6d43e07
Do not export ids when exporting authorization settings
...
Closes #25975
Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-04 19:26:03 +02:00
Marek Posolda
335a10fead
Handle 'You are already logged in' for expired authentication sessions ( #27793 )
...
closes #24112
Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-04 10:41:03 +02:00
Hynek Mlnarik
8ef3423f4a
Present effective sync mode value
...
When sync mode value is missing in the config of newly created identity
provider, the provider does not store any. When no value is
found, the identity provider behaves as if `LEGACY` was used (#6705 ).
This PR ensures the correct sync mode is returned from the REST endpoint,
regardless of whether it has been stored in the database or not.
Fixes : #26019
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-03 15:49:18 +02:00
Pedro Igor
fefeb83588
Changes the contract to make it simpler and rely on the realm available from the current session
...
Closes #28403
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 14:45:31 +02:00
Garth
91a6fda69c
removed deprecated annotations from ClusterProvider
...
Closes #27515
Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
2024-04-02 20:10:46 +02:00
Giuseppe Graziano
fe06df67c2
New default client scope for 'basic' claims with 'auth_time' protocol mapper
...
Closes #27623
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database ( #27977 )
...
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.
Closes #27976
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-03-28 09:17:07 +01:00
Gilvan Filho
757c524cc5
Password policy for not having username in the password
...
closes #27643
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-03-28 08:29:03 +01:00
Lex Cao
a53cacc0a7
Fire logout event when logout other sessions ( #26658 )
...
Closes #26658
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-03-27 11:13:48 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession ( #28150 )
...
* fix: limit the use of Resteasy to the KeycloakSession
contextualizes other state to the KeycloakSession
close : #28152
2024-03-26 13:43:41 -04:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider ( #28128 )
...
Closes #28120
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 12:44:11 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider ( #28031 )
...
Closes #28030
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
Pedro Igor
32541f19a3
Allow managing members for an organization
...
Closes #27934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-21 10:26:30 -03:00
Pedro Igor
7fc2269ba5
The bare minimum implementation for organization
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
2024-03-15 11:06:43 -03:00
Alexander Schwartz
6de5325d1c
Limit the received content when handling the content as a String
...
Closes #27293
Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 16:43:03 +01:00
Pedro Igor
9ad447390a
Only remove attributes with empty values when updating user profile
...
Closes #27797
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-13 15:03:08 +01:00
vramik
a81d6bb618
Organizations SPI
...
Closes #27829
Signed-off-by: vramik <vramik@redhat.com>
2024-03-13 10:57:02 -03:00
Steve Hawkins
4091baf4c2
fix: accounting for the possibility of null flows from existing realms
...
closes : #23980
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-08 14:25:23 +01:00
rmartinc
ea4155bbcd
Remove recursively when deleting an authentication executor
...
Closes #24795
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 14:43:23 +01:00
Alexander Schwartz
595959398b
Instead of an InputStream that doesn't know about its encoding, use a String
...
Closes #20916
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-07 10:24:36 +00:00
Theresa Henze
653d09f39a
trigger REMOVE_TOTP event on removal of an OTP credential
...
Closes #15403
Signed-off-by: Theresa Henze <theresa.henze@bare.id>
2024-03-06 17:12:50 +01:00
vramik
7adcc98c6c
Map Store Removal: Remove obsolete KeycloakModelUtils.isRealmProviderJpa method
...
Closes #27445
Signed-off-by: vramik <vramik@redhat.com>
2024-03-04 12:22:04 +01:00
vramik
032bb8e9cc
Map Store Removal: Remove obsolete KeycloakModelUtils.isUsernameCaseSensitive
method
...
Closes #27438
Signed-off-by: vramik <vramik@redhat.com>
2024-03-02 04:40:46 +09:00
graziang
082f9ec15b
Update client scopes in Client Update Request in DCR
...
Fix ClientScopesClientRegistrationPolicy.beforeUpdate because it was modifying the original clientRepresentation.
Add updateClientScopes method to set client scopes in Client Update Request in DCR.
Closes #24361
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-03-01 12:32:45 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core ( #27032 )
...
* fix: partial removal of resteasy-core
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: fully removing resteasy-core
closes : #26315
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-29 11:43:13 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
...
Closes #25823
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
Dmitry Telegin
c18c4bbeb8
Remove setContext() + minor cleanup
...
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-02-27 19:11:32 +09:00
Dmitry Telegin
87c2df0ea4
Fix UMA
2024-02-27 19:11:32 +09:00
Dmitry Telegin
be3d0b6202
Split OAuth2GrantType and OAuth2GrantTypeFactory
2024-02-27 19:11:32 +09:00
Dmitry Telegin
c73516ba5b
Revert dynamic grant type resolution
2024-02-27 19:11:32 +09:00
Dmitry Telegin
5f04ce310a
simplify OAuth2GrantType.Context creation
2024-02-27 19:11:32 +09:00
Dmitry Telegin
b81bf85a06
rebase
2024-02-27 19:11:32 +09:00
Dmitry Telegin
854ec17fd3
- rework grant type resolution to use supports() in addition to grant type
...
- replace initialize() with setContext()
- use EnvironmentDependentProviderFactory instead of runtime checks
- move OAuth2GrantTypeManager to server-spi-private
- javadocs, imports, minor fixes
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-02-27 19:11:32 +09:00
Dmitry Telegin
983680ce0e
OAuth 2.0 Grant Type SPI
...
Closes : #26250
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-02-27 19:11:32 +09:00
graziang
cecce40aa5
Avoid regenerating the totpSecret on every reload of the OTP configuration page
...
Using an auth note to store the totpSecret and passing its value in the TotpBean constructor to keep the totpSecret on page reload
Closes #26052
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-02-22 19:09:09 +01:00
Pedro Igor
604274fb76
Allow setting an attribute as multivalued
...
Closes #23539
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Pedro Igor
52fe8b0feb
Allow overriding the default validators added to attributes
...
Closes #27148
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-21 00:13:49 +09:00
Pedro Hos
6b3fa8b7a7
Invalid redirect uri when identity provider alias has spaces ( #22840 )
...
closes #22836
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-02-19 14:40:42 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
mposolda
b4d289c562
Fixing UriValidator
...
closes #26792
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-15 10:30:39 +01:00
rmartinc
4ff4c3f897
Increase internal algorithm security using HS512 and 128 byte hmac keys
...
Closes #13080
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
rmartinc
bc82929e3a
Cors modifications for UserInfo endpoint
...
Closes #26782
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-14 18:24:06 +01:00
vibrown
161d03efd2
Added SPIs for ClientType and ClientTypeManager
...
Grabbed the SPIs for ClientType and ClientTypeManager from Marek's Client Type prototype.
Closes #26431
Signed-off-by: vibrown <vibrown@redhat.com>
Cleaned up TODOs
Signed-off-by: vibrown <vibrown@redhat.com>
Added isSupported methods
Signed-off-by: vibrown <vibrown@redhat.com>
2024-02-13 19:26:19 +01:00
Tero Saarni
ac1780a54f
Added event for temporary lockout for brute force protector ( #26630 )
...
This change adds event for brute force protector when user account is
temporarily disabled.
It also lowers the priority of free-text log for failed login attempts.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 14:13:33 +00:00
Stian Thorgersen
4d9f33efe3
Add cookie type builder ( #26848 )
...
Closes #26847
Signed-off-by: stianst <stianst@gmail.com>
2024-02-07 13:16:04 +01:00
Dmitry Telegin
da69beed4d
CORS SPI - code review
...
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-02-06 15:27:53 -03:00