Commit graph

6794 commits

Author SHA1 Message Date
Martin Bartoš
87ed656685 Start of MS-SQL fails in CI
Closes #24846

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2023-11-20 15:09:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943)
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
rmartinc
5fad76070a Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience
Closes https://github.com/keycloak/keycloak/issues/24659

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 18:22:16 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB
Closes #24095

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-16 13:50:56 +01:00
rmartinc
cca33baac3 Avoid NPE if RelayState is null and return a proper error
Closes https://github.com/keycloak/keycloak/issues/24079

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 12:56:49 +01:00
rmartinc
e3b2eec1ba Make user profile validation success if the attribute was already wrong and read-only in the context
Closes https://github.com/keycloak/keycloak/issues/24697

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-14 03:07:00 -08:00
Erik Jan de Wit
89abc094d1
userprofile shared (#23600)
* move account ui user profile to shared

* use ui-shared on admin same error handling

also introduce optional renderer for added component

* move scroll form to ui-shared

* merged with main

* fix lock file

* fixed merge error

* fixed merge errors

* fixed tests

* moved user profile types to admin client

* fixed more types

* pr comments

* fixed some types
2023-11-14 08:04:55 -03:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058)
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2023-11-13 19:13:01 +01:00
vramik
71b6757c2f Remove quarkus options related to map store
Signed-off-by: vramik <vramik@redhat.com>

Closes #24098
2023-11-13 12:34:52 +01:00
vramik
926be135e8 Remove map related modules
Signed-off-by: vramik <vramik@redhat.com>

Closes #24100
2023-11-13 12:34:52 +01:00
vramik
76affa45c6 Delete removed spi-events-store-jpa-max-detail-length property from keycloak.conf in testsuite
Signed-off-by: vramik <vramik@redhat.com>

Fixes #17258
2023-11-13 08:34:09 +01:00
Hynek Mlnařík
0ceaed0e2e
Transient users: Consents (#24496)
closes #24494
2023-11-10 11:18:27 +01:00
rmartinc
6963364514 Keep same name on update for LDAP attributes
Closes https://github.com/keycloak/keycloak/issues/23888
2023-11-09 23:54:45 +01:00
mposolda
64836680d7 Failing test X509OCSPResponderTest due expired certificate
closes #24650

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-09 13:34:51 +01:00
Alexander Schwartz
26e2fde115
Avoid reseting cachemanger to null to avoid a re-initialization (#24086)
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.

Closes #24085
2023-11-08 11:33:44 -05:00
vramik
6fa26d7ff4 Delete map dependencies from dependency management
Closes #24101
2023-11-08 13:53:17 +01:00
mposolda
7863c3e563 Moving UPConfig and related classes from keycloak-services
closes #24535

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-07 12:41:29 +01:00
Peter Skopek
e5eded0eab
Add possibility to override fileName and base directory of Keycloak Quarkus distribution ZIP archive (#24284)
Closes #24283

Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-11-07 10:31:58 +01:00
Joshua Sorah
7ca00975d4 Feature flag DPoP metadata in OIDC Well Known endpoint
Closes keycloak/keycloak#24547

Signed-off-by: Joshua Sorah <jsorah@gmail.com>
2023-11-06 03:13:57 -08:00
vramik
593c14cd26 Data too long for column 'DETAILS_JSON'
Closes #17258
2023-11-02 20:29:35 +01:00
Oliver
563ae104fd [issue-14134] test partial import user with id
Fix #14134
2023-11-02 05:56:12 -07:00
Martin Kanis
e05effe62d Map Store Removal: Delete map profiles and scopes from model tests
Closes #24093
2023-11-02 11:33:00 +01:00
Jon Koops
fe0a9459dd
Remove UTF-8 encoding header from property files (#24471) 2023-11-01 16:03:26 -04:00
rmartinc
d7bb59461d Escape $ sign when replacing clientId in the role mappers
Closes https://github.com/keycloak/keycloak/issues/23692
2023-11-01 20:47:15 +01:00
Pedro Igor
be65ba8689 Make sure optional default attributes are removed when decorating the user-define user profile configuration
Closes #24420
2023-11-01 14:54:09 +01:00
mposolda
0bd2b342d7 Update per review 2023-10-31 12:56:46 -07:00
mposolda
6f992915d7 Move some UserProfile and Validation classes into keycloak-server-spi
closes #24387
2023-10-31 12:56:46 -07:00
Aboullos
75440abb5f
Fix compilation error on springboot (#24437) 2023-10-31 19:29:05 +00:00
Justin Tay
3ff0476cc3 Allow customization of aud claim with JWT Authentication
Closes #21445
2023-10-31 11:33:47 -07:00
rmartinc
1b630326b2 Fixes in LDAP tests when using AD
Closing https://github.com/keycloak/keycloak/issues/24357
2023-10-31 13:34:37 +01:00
rmartinc
7deb4ca545 Group count and PartialExport permission fixes
Closes https://github.com/keycloak/keycloak/issues/12171
2023-10-31 01:40:21 -07:00
Aboullos
c23e1e0e2b
Fix springboot tests (#24254)
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-31 09:06:09 +01:00
rmartinc
6484a3e705 Add userProfileEnabled attribute to realm response if admin can view users
closes https://github.com/keycloak/keycloak/issues/19093
2023-10-30 07:39:03 -07:00
rmartinc
ea398c21da Add a property to the User Profile Email Validator for max length of the local part
Closes https://github.com/keycloak/keycloak/issues/24273
2023-10-27 15:09:42 +02:00
Alice
69497382d8
Group scalability upgrades (#22700)
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Thomas Darimont
d56baa80b3
Add support for passing acr_values in auth requests in keycloak.js (#9383) (#24259)
Fixes #9383
2023-10-25 15:33:39 +02:00
Hynek Mlnarik
c036980c37 Add TRANSIENT_USERS feature flag 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d59ceb17e9 Add tests for offline access, introspection and userinfo endpoint 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d70735f64d Tests
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
2023-10-25 12:02:35 +02:00
ggraziano
84112f57b5 Verification of iss at refresh token request
Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method.

Closes #22191
2023-10-24 23:42:11 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration (#24215)
closes #24182


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-10-24 20:19:33 +02:00
Martin Kanis
10a2c96c72
Users in role Rest API returns empty when User federation used (#23318)
* Users in role Rest API returns empty when User federation used

Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-24 11:10:20 -04:00
Martin Bartoš
9627187447
Adapter tests failing with Jakarta error (#24177)
Fixes #24176
2023-10-24 10:11:48 -04:00
rmartinc
ad01ed1497 Do not reset the user profile configuration on disable
Closes https://github.com/keycloak/keycloak/issues/23527
2023-10-24 03:05:34 -07:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow (#23892)
Closes #23891
2023-10-24 10:09:26 +02:00
Håvar Nøvik
bc55846809
Fixes a NullPointerException after import validation (#20151)
* Fixes a NullPointerException after import validation

If the import validation (when getting a user by email)
returns null, indicating that the user entity should be
removed from local storage, an email equality check results
in a NullPointerException.

This commit fixes this issue by explicitly checking for null.

Closes #20150

---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-23 17:19:25 -04:00
vramik
a0f04fa2be Declarative User Profile export
Closes #12062
Resolves #20885
2023-10-21 19:21:20 +02:00
Pedro Igor
e47389f199 Username now shown when creating a user and edit username is not allowed
Closes #24183
2023-10-20 10:22:31 -07:00
Steven Hawkins
f4d1dd9b7f
improvement: validates the expected values of non-cli properties (#23797)
also adds better messages for unknown options

closes #13608
2023-10-20 17:21:03 +00:00
Pedro Igor
d4a5391013 Making sure public clients can RPT tokens
Closes #14165
2023-10-20 17:53:10 +02:00
Pedro Igor
55a5a8c0eb Ignore custom attributes when processing attributes in verify profile action
Closes #24077
2023-10-20 17:51:40 +02:00
mposolda
c18e8ff535 User profile tweaks in registration forms
closes #24024
2023-10-20 06:31:21 -07:00
kaustubh-rh
1ac2c0997d
Inconsistent handling of parenthesis in auth flow name (#24113)
closes #16379
2023-10-20 10:00:46 +02:00
mposolda
04777299b0 After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly
closes #23880
2023-10-19 19:23:50 +02:00
Vlasta Ramik
f6d582c761
Import migration step for kc22
Closes #24031

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-10-19 09:00:49 +02:00
rmartinc
d10ccc7245 Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions
Closes: https://github.com/keycloak/keycloak/issues/21797
Closes: https://github.com/keycloak/keycloak/issues/21818
2023-10-19 08:31:49 +02:00
Pedro Igor
e91a0afca2 The username in account is required and don't change when email as username is enabled
Closes #23976
2023-10-17 16:43:44 -03:00
wojnarfilip
b5ec155b64 Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin
Closes #23960
2023-10-17 16:59:09 +02:00
shigeyuki kabano
6112b25648 Enhancing Light Weight Token(#22148)
Closes #21183
2023-10-17 13:12:36 +02:00
Alexander Schwartz
50916d58b1 Clean up created test user to avoid conflict with other tests
Closes #23804
2023-10-16 19:10:52 +02:00
wojnarfilip
f9386bd62b Update login flow in OCP social login 2023-10-16 10:45:38 -03:00
Pedro Igor
9c19a8972b Removing the default cache metadata
Closes #23910
2023-10-13 16:32:55 +02:00
Lex Cao
eedc4ceb18 Fix unexpected expiration when import offline client session
Closes #23397
2023-10-13 15:45:07 +02:00
Moritz Becker
e9f08b6500 Do not return empty scope field in token introspection response
Closes #16526
2023-10-13 08:36:12 +02:00
Steven Hawkins
478ceb0b34
modification of kc.sh to remove param eval (#22585)
* test

* modification of kc.sh to remove eval of env/args

Closes #22337

---------

Co-authored-by: rmartinc <rmartinc@redhat.com>
2023-10-12 17:10:53 +02:00
Vojtěch Boček
8871983b33
Add support for single-tenant mode to Microsoft Identity Provider (#20699)
* Add support for single-tenant mode to Microsoft Identity Provider

Fixes #20695
Closes #11207

* Add SocialLoginTest for Microsoft single-tenant variant
2023-10-10 16:35:36 -04:00
Marek Posolda
a6609bd969
Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517)
Closes #12406


Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-10 21:54:37 +02:00
Pedro Igor
7385ed56c7 Avoid creating the component when there is no component and configuration is not provided
Closes #20970

Co-authored-by: Pedro Igor <psilva@redhat.com>
2023-10-10 13:28:48 +02:00
Tero Saarni
22d093f5c0
Fix multi-valued LDAP attribute support
FullName LDAP storage mapper was delegating to single-valued setter even
when multi-valued setter was called.

Closes #22091

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-10-06 14:36:02 +00:00
mposolda
cdb61215c9 UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed
closes #23749
2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile (#23537)
Closes #23507, #23584, #23740, #23774

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-06 10:15:39 -03:00
rmartinc
890600c33c Remove backward compatibility for ECDSA tokens
Closes https://github.com/keycloak/keycloak/issues/23734
2023-10-06 14:24:48 +02:00
Martin Kanis
0853d484ec
Remove transaction in InfinispanSingleUseObjectProvider#remove (#23708)
Co-authored-by: mposolda <mposolda@gmail.com>
2023-10-06 10:00:04 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. (#22317)
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
2023-10-05 15:08:01 +02:00
vramik
7f2f4aae67 Upgrade liquibase version to avoid a bug where a changeset is executed twice
Closes #23220
2023-10-05 13:35:05 +02:00
Tomas Ondrusko
58131f1dcc Update the Instagram login process
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-05 09:33:05 +02:00
Steven Hawkins
9a93b9a273
allows csv output to handle missing requested fields (#23459)
* allows csv output to handle missing requested fields

Closes #12330

* fixes the handling of the content type

also makes it more explicit the expectation of applying csv and return
fields

* fix: consolidating the logic dealing with the content-type

Closes #23580
2023-10-04 15:49:19 +02:00
Dmitry Telegin
085d0d73c9 Fix nonce/scope typo 2023-10-02 22:36:51 +02:00
Tomas Ondrusko
fcb91a83ba
Ignore query parameters while testing the LinkedIn profile picture URL (#23557)
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-02 14:36:17 +02:00
Tomas Ondrusko
3d42573813
Update PayPal social login flow to use 127.0.0.1 instead of localhost (#23532)
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-09-28 09:34:45 +00:00
fwojnar
56082cdd2d
Fixes issue in login flow of SocialLoginTest#twitterLogin (#23122)
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-09-28 10:21:59 +02:00
Lucas Hedding
de5aa2e74d
Add createTimestamp to REST service (#23293)
Closes #14009
2023-09-27 13:38:16 +02:00
rmartinc
10c1e3ba6d Client roles should be mapped to any claim name
Closes https://github.com/keycloak/keycloak/issues/22349
2023-09-27 08:11:22 -03:00
rmartinc
d90640b5a3 Change email checkserveridentity prop as angus mail sets it to true by default
Closes https://github.com/keycloak/keycloak/issues/22395
2023-09-26 09:11:16 +02:00
Maria Arias de Reyna
c15753266f fix(Closes #21236): Adding client-id to logout event 2023-09-25 13:20:26 +02:00
Pedro Igor
741f76887c Allow updating email when email as username is set and edit username disabed
#23438
2023-09-25 08:19:01 -03:00
Michal Hajas
496c5ad989 Use new findGroupByPath implementation and remove the old one
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-09-25 10:44:24 +02:00
Jon Koops
47d9ae71c4
Revert the new welcome screen experience (#23446)
This reverts commit bcab75a7ef.
2023-09-21 16:03:00 +00:00
Justin Tay
7d3104ee76 Allow public clients to use PAR endpoint
Closes #8939
2023-09-21 13:57:42 +02:00
rmartinc
7afd90982d Align wildfly-core and wildfly version for tests
Closes https://github.com/keycloak/keycloak/issues/23342
2023-09-21 10:53:57 +02:00
Michal Hajas
533f9e7093
Disable CockroachDB model tests since they are flaky (#23391)
Closes #22645

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-09-20 16:04:11 +00:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430)
Closes #14820 
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-09-20 17:20:43 +02:00
Jon Koops
e86bf1f0b2 Remove P3P header from authentication flow
Closes #23348
2023-09-19 08:50:33 -03:00
rmartinc
743bb696d9 Allow duplicated keys in advanced claim mappers
Closes https://github.com/keycloak/keycloak/issues/22638
2023-09-19 07:49:34 -03:00
wojnarfilip
5603ee7b46 Fixes login flow in Microsoft social login test
Closes #22657
2023-09-18 14:21:41 +02:00
Pedro Igor
217a09ce46 Switch to Resteasy Reactive
Closes #10713
2023-09-18 09:19:03 -03:00
Alexander Schwartz
798846df6f
Remove legacy code which isn't used anymore and was deprecated for some time (#23264)
Closes #23263
2023-09-18 11:04:02 +02:00
paul
f684a70048 KEYCLOAK-15985 Add Brute Force Detection Lockout Event 2023-09-15 10:32:07 -03:00
Jon Koops
bcab75a7ef
Add new version of Welcome theme based on PatternFly 5 (#23008) 2023-09-14 08:24:17 -04:00
Andreas Blaettlinger
86c0e338d9 Toggle visibility of password input fields in login-ftl-based pages
Closes #22067
2023-09-14 08:04:35 -03:00
Pedro Igor
1442f14c45 Registration page not showing username when edit username is not enabled
Closes #23185
2023-09-14 07:32:39 -03:00
Justin Tay
658c0ef19f Send Client ID in token request with JWT Authentication
Closes #21444
2023-09-14 10:57:32 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix (#23184)
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer
a68ad55a37 Support to define compatible mappers for (new) Identity Providers
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers

Closes #21154
2023-09-13 17:19:06 -03:00
Jacek Kowalski
f5182deb30
Fix valid redirect URIs for built-in account-console client on realm rename (#20894)
Closes #9541

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-09-13 15:28:07 +02:00
Konstantinos Georgilakis
0044472f87 Add regex support in 'Condition - User attribute' execution
Closes #265
2023-09-13 08:36:45 +02:00
rmartinc
48ab2b1688 FullNameLDAPStoreMapper removes values for other attributes
Closes https://github.com/keycloak/keycloak/issues/22526
2023-09-13 08:11:32 +02:00
vramik
d34a371971 Enable ZeroDowntimeTest
Closes #21825
2023-09-11 19:09:30 +02:00
Pedro Igor
04dd9afc5e Do not store empty attributes when updating user profile
Closes #22960
2023-09-11 07:47:31 -03:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address (#23109)
Closes #22825
2023-09-11 08:56:13 +02:00
rmartinc
7da52a43bd Add old LinkedIn provider to the deprecated profile
Closes https://github.com/keycloak/keycloak/issues/23067
2023-09-08 10:05:17 +02:00
Marek Posolda
506e2537ac
Registration flow fixed (#23064)
Closes #21514


Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-09-08 08:05:05 +02:00
Pedro Igor
bc31fde4c0 Broker claim mapper not recognizing claims from user info endpoint
Closes #12137
2023-09-07 16:34:45 +02:00
Alexander Schwartz
2eb37dbe4f Remove MS SQL JDBC driver from the Keycloak product
Closes #22983
2023-09-07 15:30:34 +02:00
Peter Skopek
ef272f7668 SAML Adapter fix for EAP8 and WF29
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-09-07 13:32:25 +02:00
Kaustubh B
5ee2ba9372 Added tests 2023-09-07 08:43:35 +02:00
Martin Bartoš
6ca78b7554 Return Oracle JDBC driver to the upstream
Closes #22999
2023-09-06 19:11:29 +02:00
rmartinc
8887be7887 Add a new identity provider for LinkedIn based on OIDC
Closes https://github.com/keycloak/keycloak/issues/22383
2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f Role mappers must return a single value when they are not multivalued
Closes #20218
2023-08-31 19:16:12 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation
closes #20045
2023-08-30 13:24:48 +02:00
vramik
4cd34f8423 Update logging properties for showing SQL statements and JDBC parameters
Closes #22815
2023-08-30 12:52:08 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531)
closes #22352 #9422
2023-08-29 11:21:01 +00:00
Pedro Igor
ea3225a6e1 Decoupling legacy and dynamic user profiles and exposing metadata from admin api
Closes #22532

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-08-29 08:14:47 -03:00
Pedro Igor
b779df6a55 Parsing response from user info rather than the access token
Closes #22581
2023-08-29 12:23:56 +02:00
Tomas Ondrusko
e70ffd0105
Handle GitHub logout properly (#22463)
Add profile info update to GitHub login test cases

Closes #22461

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-08-28 10:06:12 +02:00
Michal Hajas
94089bd492 Clean LDAP between test method executions
Closes #22602

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-08-23 04:15:32 -03:00
Martin Bartoš
fcf65389ea
Remove Oracle Database JDBC driver from the Keycloak distribution (#22577)
* Remove Oracle Database JDBC driver from the Keycloak distribution

Closes #22452

* Remove profile for proprietary Oracle JDBC driver

---------

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-21 15:13:49 +00:00
t0xicCode
822c13ff6f Switch Trusted Host policy redirect verification to URI
Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI.
The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used.
In contrast, the URI class simply parses the string, ensuring the format is valid.
The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs.
See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation.

Closes #22309
2023-08-14 10:20:23 +02:00
Pedro Igor
baac060eb1 Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts
Closes #21751
2023-08-11 13:32:16 +02:00
Erik Jan de Wit
874d2063b8
only add realm access to the current realm (#21554)
fixes: #21553
2023-08-10 12:43:15 +02:00
wojnarfilip
6c070d587f Closes #22282 2023-08-10 12:05:20 +02:00
Todor Staykovski
dffa7a31cb
Add subgroups sorting (#22295)
* Review comments to add a test, update the API description and adjust the map storage.

Closes #19348

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-07 21:18:09 +02:00
Takashi Norimatsu
258711ef4f DPoP verification in UserInfo endpoint
closes #22215
2023-08-07 10:49:33 +02:00
Takashi Norimatsu
9d0960d405 Using DPoP token type in the access-token and as token_type in introspection response
closes #21919
2023-08-07 10:40:18 +02:00
Alex Szczuczko
92bec0214f Add -DdeployTestsuite profile to testsuite
Closes #22258
2023-08-04 20:54:59 +02:00
Marek Posolda
4dc929abb3
Missing client_id validation match when authenticating client with JW… (#22178)
Closes #22177
2023-08-03 11:47:55 +02:00
Takashi Norimatsu
ee998fee66 Add FAPI 2.0 security profile as default profile of client policies
closes #21181
2023-08-03 09:26:16 +02:00
Ricardo Martin
a8bca522c1
Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627)
Closes #9004


Co-authored-by: Armel Soro <armel@rm3l.org>
2023-08-02 09:36:50 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
2023-08-01 11:44:25 +02:00
mposolda
6f6b5e8e84 Fix authenticatorConfig for javascript providers
Closes #20005
2023-07-31 19:28:25 +02:00
Vlasta Ramik
29b67fc8df
Inconsistent Wildcard handling for JPA (#21671)
* Inconsistent Wildcard handling for JPA

Closes #20610

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-07-27 17:03:22 +02:00
rmartinc
0a7fcf43fd Initial pagination in the admin REST API for identity providers
Closes https://github.com/keycloak/keycloak/issues/21073
2023-07-27 14:48:02 +02:00
Martin Bartoš
4b36da03db Profile activation for WF app server doesn't properly work for Windows
Fixes #21284
2023-07-27 12:09:00 +02:00
Takashi Norimatsu
9a921441cc Adjustements to the behaviour of dpop_bound_access_tokens switch
closes #21920
2023-07-27 11:30:01 +02:00
Takashi Norimatsu
6498b5baf3 DPoP: OIDC client registration support
closes #21918
2023-07-26 13:00:35 +02:00
Ricardo Martin
ee35cfe478
Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages (#21897)
* Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page
Closes #10232
2023-07-26 11:34:19 +02:00
Marek Posolda
bb8ba1af5a
Fix script tests on windows (#21942)
Closes #21778 #21779 #21780
2023-07-25 12:37:21 +00:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase (#21202)
closes #21200


Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2023-07-24 16:44:24 +02:00
Takashi Norimatsu
05b8b9ee51 Enhancing Pluggable Features of Token Manager
closes #21182
2023-07-24 09:16:29 +02:00
Takashi Norimatsu
2efd79f982 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
Closes #20584
2023-07-24 09:11:30 +02:00
Martin Kanis
6907134f17 Removing workaround for state transfer never completes
Closes #21256
2023-07-21 18:21:00 +02:00
rmartinc
7336ff07ac Check RDN attribute for DN membership
Closes https://github.com/keycloak/keycloak/issues/20718
2023-07-21 11:13:45 +02:00
todor
897965f604 KEYCLOAK-20343 Add message bundle to export/import
Closes #20343
2023-07-20 23:00:28 +02:00
Alexander Schwartz
7c9593f88a
Upgrade Infinispan to 14.0.13.Final (#21565)
Closes #21564
2023-07-20 16:59:19 +00:00
Václav Muzikář
776bcbcbd4
Update bcpkix and bcprov dependencies (#21543)
Closes #21360
2023-07-20 11:57:18 +02:00
vramik
13d412989c Disable ZeroDowntimeTest
Closes #21823
2023-07-19 20:35:08 +02:00
Lukas Hanusovsky
086b85fad4
[20455] Arquillian reflection bug -> using different setter to avoid overloading. (#21806) 2023-07-19 14:43:36 +02:00
rmartinc
ed1934d73a Ensure that the flow tested to be deleted is a built in flow
Closes https://github.com/keycloak/keycloak/issues/20763
2023-07-19 08:56:32 +02:00
Pedro Igor
d2cdd78655
Add Java Distribution IT for Windows (#21675)
Co-authored-by: Miquel Simon <msimonma@redhat.com>
2023-07-18 12:15:56 +02:00
mposolda
03716ed452 Keycloak forgets ui_locales parameter when using reset password
closes #10981
2023-07-18 09:24:12 +02:00
Martin Kanis
67b20dfd9b Introduce delay in SessionTimeoutsTest to allow xsite replication to finish
Fixes #20983
2023-07-17 15:46:33 +02:00
rmartinc
630e3b2312 Revert emailVerified to false if email modified on force-sync non-trusted broker
Closes https://github.com/keycloak/security/issues/48
2023-07-17 13:13:47 +02:00
Michal Hajas
07c27336aa Check whether realm has store enabled for immediately sent events
Closes #21698

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-07-14 20:50:33 +02:00
Stian Thorgersen
5a411d8931
Allow setting context-path for KeycloakServer (#21590)
Closes #21589
2023-07-11 14:24:07 +00:00
Martin Kanis
2bd7de6e8a UserSessionConcurrencyTest#testConcurrentNotesChange fails intermittently
Closes #21290
2023-07-11 13:12:38 +02:00
Pedro Igor
57423bca2b
Additional test for logout when using multiple tabs (#21518)
Closes #21451
2023-07-11 11:22:20 +02:00
Pedro Igor
376d20c285
Remove user credentials from admin event representation (#21561)
Closes #17470
2023-07-11 08:26:29 +02:00
rmartinc
13870f3a69 Improve error management in the github provider
Closes https://github.com/keycloak/keycloak/issues/9429
2023-07-10 16:09:08 -03:00
Pedro Igor
94074f4a98
Remove unnecessary tests (#21551)
Closes #21099
2023-07-10 13:36:21 +00:00
Daniele Martinoli
75741d17ab Updated test case in RequiredActionResetPasswordTest 2023-07-10 08:31:47 -03:00
Patrick Jennings
399a23bd56
Find an appropriate key based on the given KID and JWA (#21160)
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.

Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.

* Update js/apps/admin-ui/public/locales/en/clients.json

Co-authored-by: Marek Posolda <mposolda@gmail.com>

* Updating boolean variable name based on suggestions by Marek.

* Adding integration test specifically for the JWT parameters for regression #20847.

---------

Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-07-10 13:28:55 +02:00
Daniele Martinoli
7b8dcb42ea Using "Account is disabled" message (and also added new test case) 2023-07-07 12:16:38 -03:00
Daniele Martinoli
2a95e2c245 updated failed login test case with new error message 2023-07-07 09:00:51 -03:00
Daniele Martinoli
44570d12ee fixed error in IdentityProviderTest 2023-07-07 08:59:36 -03:00
Daniele Martinoli
83d88f6bb5 added Hardcoded Group mapper to IDP configuration 2023-07-07 08:59:36 -03:00
A. Tammy
497d08af1c
make cli usable on OpenBSD (#16462)
Signed-off-by: Aisha Tammy <aisha@bsd.ac>
Co-authored-by: Aisha Tammy <aisha@bsd.ac>
2023-07-07 08:58:41 +02:00
Peter Zaoral
2b1c29a6f2 Use Quarkus Platform BOM
Closes #20570
Closes #15870

Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2023-07-06 12:45:48 -03:00
Martin Kanis
a07ec20be9 UserSessionProviderModelTest#testRemoteCachesParallel sessions are not removed after the test
Closes #21295
2023-07-06 12:39:30 +02:00
Martin Bartoš
a1a80433e3
Fix flaky OfflineServletsAdapterTest test (#21416)
Fixes #20013
2023-07-04 10:57:20 +00:00
rmartinc
09e30b3c99 Support for JWE IDToken and UserInfo tokens in OIDC brokers
Closes https://github.com/keycloak/keycloak/issues/21254
2023-07-03 21:25:46 -03:00
mposolda
ccbddb2258 Fix updating locale on info/error page after authenticationSession was already removed
Closes #13922
2023-07-03 18:57:36 -03:00
Martin Bartoš
e3e123b577 JavascriptAdapterTest is broken due to the multiple initialization of JS adapter
Fixes #21412
2023-07-03 16:44:22 -03:00
Miquel Simon
96b98dd246
Fix EAP adapter tests when running on Windows and JDK 17. (#21278) 2023-06-30 11:54:33 +02:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider (#20188)
Closes #20191


Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-06-29 18:44:15 +02:00
Marek Posolda
51a9712e59 Improper Client Certificate Validation for OAuth/OpenID clients (#20)
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2023-06-28 17:52:48 -03:00
Ricardo Martin
1973d0f0d4 Check the redirect URI is http(s) when used for a form Post (#22)
Closes https://github.com/keycloak/security/issues/22

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-06-28 17:52:48 -03:00
Pedro Igor
28aa1d730d Verify holder of the device code (#21)
Closes https://github.com/keycloak/security/issues/32

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
    services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
2023-06-28 15:45:26 +02:00
rmartinc
4bc11bdf7f Do not return an error when moving a group to the current parent
Closes https://github.com/keycloak/keycloak/issues/21242
2023-06-28 10:34:15 +02:00
rmartinc
a5a2753d11 Don't allow impersonate disabled users or service accounts
Closes https://github.com/keycloak/keycloak/issues/21106
2023-06-28 10:18:21 +02:00
Hynek Mlnarik
c092c76ae8 Remove ldapsOnly (Java)
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.

Closes: #9313
2023-06-28 08:30:09 +02:00
Pedro Igor
d0691b0884 Support for the locale user attribute
Closes #21163
2023-06-27 09:21:08 -03:00
Martin Kanis
db9b6c2152 Make awaitInitialTransfer for ISPN configurable
Closes #16671
2023-06-27 14:04:03 +02:00
Miquel Simon
46fa7d2e6c Enable back a few tests that have been fixed to run on Firefox and Chrome. 2023-06-26 11:25:07 -03:00
Pavel Drozd
216bbe512f Add tests and profiles for testing EAP6, SpringBoot and Fuse adapters 2023-06-26 11:24:02 -03:00
eatik
6d0636987e keeping VIEW_USERS related tests in PermissionTest
Closes #20783
2023-06-26 11:05:35 -03:00
eatik
7cfa012427 adding test code
Closes #20783
2023-06-26 11:05:35 -03:00
Takashi Norimatsu
f6ecc3f3f8 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request
closes #20710
2023-06-26 12:09:25 +02:00
vramik
7fe7dfc529 ResourceType lost during clonning
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #20947
2023-06-23 09:31:44 +02:00
Pedro Igor
aff6cc1cbd Running mappers during account linking
Closes #11195

Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: toddkazakov
2023-06-22 17:41:31 +02:00
Pedro Igor
eb5edb3a9b Support reading base32 encoded OTP secret
Closes #9434
Closes #11561
2023-06-22 08:08:13 -03:00
mposolda
137f8d807a Account Console II doesn't remove TOTP from UserStorage
closes #19575
2023-06-22 07:56:44 +02:00
Pedro Igor
0dd7c4a515 Fixing auth-server-quarkus-embedded 2023-06-21 17:18:26 +02:00
danielFesenmeyer
60b838675d Extend admin-client GroupsResource: Support the query functionality to be used in combination with the parameters first, max and briefRepresentation
Closes #20016
2023-06-21 12:13:22 -03:00
Gilvan Filho
2493f11331 count users by custom user attribute
closes #14747
2023-06-21 11:56:22 -03:00
mposolda
dc3b037e3a Incorrect Signature algorithms presented by Client Authenticator
closes #15853

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-06-21 08:55:58 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console (#21098)
Co-authored-by: Jon Koops <jonkoops@gmail.com>

Closes #9864
2023-06-20 20:46:57 +02:00
fwojnar
a36be17a5c
Remove account package from testsuite (#20990)
* Removal of testsuite account package

Related to #19668
Also closes #20527

* Fix failures + remove login folder from base-ui

---------

Co-authored-by: Ivan Khomyn <ikhomyn@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-06-20 08:50:39 +02:00
Daniele Martinoli
d9b271c22a
Extends the conditional user attribute authenticator to check the attributes of the joined groups (#20189)
Closes #20007
2023-06-19 15:22:35 +02:00
Miquel Simon
3daeee15f6
Add Forms IT (#20528)
Closes #20519
2023-06-19 14:44:20 +02:00
Jon Koops
29f9523646
Ensure RegisterTest runs in Chrome and Firefox (#21036) 2023-06-16 08:00:04 -04:00
Martin Bartoš
c6995f5ded Save ~2s for Keycloak startup in the testsuite
Relates to #21033
2023-06-16 10:47:28 +02:00
Alexander Schwartz
e410a76c42 Avoid caching the list of clientscopes in two places
Closes #20426

Co-authored-by: Martin Kanis <mkanis@redhat.com>
2023-06-13 21:33:21 +02:00
rmartinc
ecf52285bc Simplify TokenManager expiration calculations using SessionExpirationUtils
Closes https://github.com/keycloak/keycloak/issues/20794
2023-06-13 10:09:47 +02:00
Pedro Igor
af975d20f1 Avoid iterating indefinetly when checking CRLs
Closes #20725
2023-06-12 17:50:16 +02:00
vramik
535bba5792 Update UserQueryProvider methods
Closes #20438
2023-06-12 16:04:26 +02:00
Arnaud Martin
ae5a47d548 Impossible to update a federated user credential label
Closes #16613
2023-06-12 15:39:52 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces
Fixes #20877

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json (#19394)
Closes #19373
2023-06-09 10:46:28 +02:00
rmartinc
61968bf747 Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper
Closes https://github.com/keycloak/keycloak/issues/19767
2023-06-08 11:12:24 -03:00
Réda Housni Alaoui
eb9bb281ec Require user to agree to 'terms and conditions' during registration 2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators (#20731)
closes #20497


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-08 14:52:34 +02:00
Hynek Mlnarik
12dd3edb10 Fix pagination issue with H6
With Hibernate ORM 6, pagination started to be unreliable: When
setting the max results only if the first row was 0 has randomly
affected other threads where first row was greater than 0. The
latter thread sometimes produced query which did *not* account
for the offset (cf. threads `-t1` and `-t2` below, while `-t2`
missed the `offset ? rows` part whic `-t3` has).

This has been fixed by setting the first row offset unconditionally.

Closes: #20202
Closes: #16570

```
2023-06-02 10:19:03.855000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t1) Running computation for segment 0 with worker 0
2023-06-02 10:19:03.856000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t1) Loading sessions for segment=0 lastSessionId=00000000-0000-0000-0000-000000000000 first=0
2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@2fb60f8b
2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) After pagination: 0, 64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t2) Running computation for segment 1 with worker 1
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t2) Loading sessions for segment=1 lastSessionId=00000000-0000-0000-0000-000000000000 first=64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t3) Running computation for segment 2 with worker 2
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set first to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) After pagination: 64, 64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t3) Loading sessions for segment=2 lastSessionId=00000000-0000-0000-0000-000000000000 first=128
10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t1)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID fetch first ? rows only
10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t2)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID fetch first ? rows only
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [1] as [VARCHAR] - [1]
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [2] as [VARCHAR] - [00000000-0000-0000-0000-000000000000]
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [3] as [INTEGER] - [64]
10:19:03,860 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t3)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID offset ? rows fetch first ? rows only
2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [3] as [INTEGER] - [128]
2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [4] as [INTEGER] - [64]
```

Co-authored-by: mkanis <mkanis@redhat.com>
2023-06-07 20:45:34 +02:00
Saman-jafari
31db84e924 fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality
test also added to check the availability of issueFor(azp) and redirect uri in Action
Fixes #14860
Fixes #15136
2023-06-07 12:19:46 -03:00
Zvi Grinberg
ace83231ee Update RegexPolicyTest.java
Add forgotten imports
2023-06-07 10:18:10 -03:00
Zvi Grinberg
b29ce53f6e Fix bug in regex policy evaluation that it ignored flatted user claims that are mapped by protocol mappers to complex JSON structure in access token( in the access token JWT it's key and value is a JSON by itself)
fixes: #20436
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
2023-06-07 10:18:10 -03:00
Alice Wood
7e56938b74 Extend group search attribute functionality to account for use case where only the leaf group is required 2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705 EventBuilder fixes to copy the store and session context
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
2023-06-07 08:34:27 -03:00
Jon Koops
9a8d1ca1f3
Stop waiting page load when calling assertCurrent() (#20786) 2023-06-07 13:13:46 +02:00
Pedro Hos
9ebd94a3a8 Userinfo endpoint doesn't accept charset #20671
Closes 20671
2023-06-07 08:08:05 +02:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator (#20572)
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.

Closes #8753
---------

Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc Fix and correlate session timeout calculations in legacy and new map implementations
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
2023-06-05 18:46:23 +02:00
Jon Koops
8eee3f434b
Fix test for brute force detection of recovery codes (#20784) 2023-06-05 11:55:30 -04:00
rmartinc
d80094793b Manage elytron configuration if configured for JDK-17
Closes https://github.com/keycloak/keycloak/issues/20385
2023-06-05 13:50:28 +02:00
Jon Koops
7ce96bb6d5
Remove workaround for legacy consoles from waitForPageToLoad (#20754) 2023-06-05 07:48:08 -04:00
Aboullos
612fe33ade
Remove AccountUpdateProfilePage from the testsuite (#19362)
closes #15202
2023-06-02 11:46:49 +02:00
Pedro Igor
f69ff5d270 Execution config not duplicated when duplicating flows
Closes #12012
2023-06-01 16:12:06 +02:00
mposolda
bf9c5821cb Fix for certificate revalidation
closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542
2023-05-31 15:42:37 +02:00
Alexander Schwartz
512e30b210 Add escaping for fields with wildcard search
Closes #20510
2023-05-31 14:38:04 +02:00
Takashi Norimatsu
a29c30ccd5 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request
closes #20623
2023-05-31 14:02:44 +02:00
vramik
a175efcb72 Split UserQueryProvider into UserQueryMethods and UserCountMethods and make LdapStorageProvider implement only UserQueryMethods
Co-authored-by: mhajas <mhajas@redhat.com>

Closed #20156
2023-05-31 11:47:54 +02:00
Jay Linski
403632438a
Improve a11y by providing the current language (#20213) 2023-05-30 13:46:14 -04:00
Takashi Norimatsu
6b42c2b4d0 FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error
Closes #20622
2023-05-30 18:24:50 +02:00
stianst
0832992e59 Removing OpenShift integration and moving to separate extension
closes #20496

Co-authored-by: mposolda <mposolda@gmail.com>
2023-05-30 17:39:32 +02:00
Pedro Igor
17c3804402 Tests for user property mapper
Closes #20534
2023-05-29 14:21:03 +02:00
Yoshiyuki Tabata
bd37875a66 allow specifying format of "permission" parameter in the UMA grant token
endpoint (#15947)
2023-05-29 08:56:39 -03:00
Martin Bartoš
b438776b94
Introduced additional dependencies in the testsuite (#20600)
Fixes #20599

Fixes #20384
2023-05-26 15:41:45 +02:00
Hynek Mlnarik
54c9403cc0 Fix CacheExpirationTest
Sometimes the initialization of keycloak session factory
took longer than the expiration was set on the elements,
so they were not found in the cache where they were awaited.
This is fixed by adding an assumption on the time, and if the
time is over the expiration, the remainder of the test is skipped.
The timeout is set in order to run fully most of the time in GHA.

Closes: #20269
2023-05-26 15:07:51 +02:00
Jon Koops
98e5e9799b Improve third-party storage access detection and cookie fallback 2023-05-25 22:16:59 -03:00
Douglas Palmer
1b8901f5a2 Changing the email address has no impact at username regardless "Email as username" toggle
closes #20459
2023-05-25 07:54:03 -03:00
Hynek Mlnarik
fc0e47caa4 Fix KcCustomOidcBrokerTest
Fixes: #20541
2023-05-25 10:20:36 +02:00
Peter Zaoral
72b238fb48
Keystore vault (#19644)
* KeystoreVault SPI

* added KeystoreVault - a Vault SPI implementation (#19281)

Closes #17252

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-05-24 16:20:30 +00:00
Jon Koops
90d2a01619
Replace ChromeJavascriptBrowser annotation with JavascriptBrowser (#20535) 2023-05-24 11:23:15 +00:00
Hynek Mlnarik
4950f7bebe Target correct user resource 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
b9983cc5f6 Fix BrokerTest 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
ac59c551c3 Fix transaction boundaries in tests 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
38442ee0a6 Fix event tests 2023-05-23 20:53:30 +02:00
Hynek Mlnarik
3e58d3da8d Proper cleanup 2023-05-23 20:53:30 +02:00
vramik
bdbbd2959d User search with LDAP federation not consistent
Closes #10195
2023-05-23 11:48:33 +02:00
wojnarfilip
34b9eed8f0 Removes AccountFederatedIdentityPage from testsuite
Closes #15199
2023-05-22 11:07:48 -03:00
i7a7467
e41e1a971a SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata
Closes #11079
2023-05-22 10:05:17 +02:00
vramik
fd6a6ec3ad Make LDAP searchForUsersStream consistent with other storages
Co-authored-by: mhajas <mhajas@redhat.com>

Closes #17294
2023-05-19 08:40:41 +02:00
Artur Baltabayev
33215ab6f4
Added User-Session Note Idp mapper. (#19062)
Closes #17659


Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
Co-authored-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2023-05-18 13:47:10 +02:00
Lukas Hanusovsky
eb77dcf014 Removing PHOTOZ client and related tests testing UI. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
d9b95e0240 Testsuite with Undertow and OpenJDK17 - Nashorn library support.
GH Actions failures - refactoring.
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
406aa21b0b UserStorageTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
b8b9adbea2 CookieTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
29deaca3f5 DemoServletsAdapterTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
47fd10469f Old account console dependencies removed - refactoring. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
130807fa7b AbstractCustomAccountManagementTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
2ad8f7dd62 Old account console dependencies removed. Closes #19668
* LoginTest
* SessionServletAdapterTest
* ClientRedirectTest
* TrustStoreEmailTest
* BrowserFlowTest
* SocialLoginTest
* JavascriptAdapterTest
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
c685366169 CookiesPathTest - old account console dependencies removed. Closes #19668 2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
5e323ae173 Old account console dependencies removed. Closes #19668
* ConsentsTest
* UserTest
* SessionTest
* LoginEventsTest
* AbstractKeycloakTest
2023-05-18 13:09:51 +02:00
danielFesenmeyer
d543ba5b56 Consistent message resolving regarding language fallbacks for all themes
- the prio of messages is now as follows for all themes (RL = realm localization, T = Theme i18n files): RL <variant> > T <variant> > RL <region> > T <region> > RL <language> > T <language> > RL en > T en
- centralize the message resolving logic in helper methods in LocaleUtil and use it for all themes, add unit tests in LocaleUtilTest
- add basic integration tests to check whether realm localization can be used in all supported contexts:
  - Account UI V2: org.keycloak.testsuite.ui.account2.InternationalizationTest
  - Login theme: LoginPageTest
  - Email theme: EmailTest
- deprecate the param useRealmDefaultLocaleFallback=true of endpoint /admin/realms/{realm}/localization/{locale}, because it does not resolve fallbacks as expected and is no longer used in admin-ui v2
- fix locale selection in DefaultLocaleSelectorProvider that a supported region (like "de-CH") will no longer selected instead of a supported language (like "de"), when just the language is requested, add corresponding unit tests
- improvements regarding message resolving in Admin UI V2:
  - add cypress test i18n_test.spec.ts, which checks the fallback implementation
  - log a warning instead of an error, when messages for some languages/namespaces cannot be loaded (the page will probably work with fallbacks in that case)

Closes #15845
2023-05-17 15:00:32 +02:00
Dominik Schlosser
8c58f39a49 Updates Datastore provider to contain full data model
Closes #15490
2023-05-16 15:05:10 +02:00
Takashi Norimatsu
7f5e94db87 KEYCLOAK-19539 FAPI 2.0 Baseline : Reject Implicit Grant 2023-05-16 14:17:29 +02:00
Hynek Mlnařík
edb292664c
File store freeze
* File store: Fix ID determination

* Forbid changing ID (other setters)

* Improve handling of null values

* Support convertible keys in maps

* Fix writing empty values

* Fix updated flag

* Proceed if an object has been deleted in the same tx

* Fix condition

Co-authored-by: Michal Hajas <mhajas@redhat.com>

---------

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-05-16 12:03:59 +02:00
Alexander Schwartz
8cfe8b1411
Update the docs on passthrough proxy (#20072)
Closes #20070
2023-05-15 15:44:47 +00:00
Miquel Simon
e959e20e1a Upgrade tested DB versions 2023-05-15 12:36:27 -03:00
Martin Bartoš
a68aadd9d0 Conditionally build WildFly adapters for our testsuite
Fixes #20077

Revert once https://github.com/keycloak/keycloak/issues/19299 is solved
2023-05-15 14:58:49 +02:00
Miquel Simon
90bc5835ea
Due to a bug in chromedriver version < 113.0.5672.92, temporarily ignoring some tests. (#20347) 2023-05-15 14:40:08 +02:00
rmartinc
025778fe9c SSSD User Federation integration for quarkus distribution
Closes https://github.com/keycloak/keycloak/issues/16165
2023-05-09 11:32:52 +02:00
Jon Koops
6f4b9885ca
Use Chrome as the default JavaScript browser (#14702) 2023-05-08 08:40:27 +02:00
Martin Bartoš
960e3503ec
Artifact SLF4J LOG4J-12 has been relocated (#20113) 2023-05-05 13:57:45 +02:00
vramik
d1ab921c50 JpaUserProvider count methods are inconsistent with searchForUser's param filter handling
Closes #17581
2023-05-05 08:22:05 +02:00
rmartinc
d9025db536 Migrate realms if configured to use RH-SSO themes
Closes https://github.com/keycloak/keycloak/issues/17484
2023-05-02 15:38:33 +02:00
Martin Bartoš
3f6925143a
Support JavaEE for Admin client (#19988) 2023-04-28 16:35:31 +02:00
Martin Bartoš
b87b70a35d Ignore particular legacy clustering tests
Revert once https://github.com/keycloak/keycloak/issues/19834 issue is resolved
2023-04-27 13:36:54 +02:00
Martin Bartoš
79178b5a23 Use WildFly as the default app server 2023-04-27 13:36:54 +02:00
Martin Bartoš
9d40f77746 Ignore DemoFilterServletAdapterTestForCustomizedIdMapper test
Revert once https://github.com/keycloak/keycloak/issues/19809 issue is resolved
2023-04-27 13:36:54 +02:00
Martin Bartoš
b96328868c Fix for Java distribution tests and JDK 17+ 2023-04-27 13:36:54 +02:00
Martin Bartoš
60fd7e63d9 Fix OfflineServletsAdapterTest 2023-04-27 13:36:54 +02:00
Martin Bartoš
8d5a4f2677 Fix FIPS tests 2023-04-27 13:36:54 +02:00
Martin Bartoš
c1cced9f31 Fix CorsExampleAdapterTest
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
72663060c9 Quarkus3 branch sync no. 13
11.4.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
5b7e9a2603 Remove WF dependencies, add Jakarta SOAP, fix tests
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
IdeaProjects/keycloak/quarkus/pom.xml - Modified
IdeaProjects/keycloak/quarkus/runtime/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
8fb7fb0de9 Integrate Quarkus 3.0.0.Alpha6
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
bc43e4f435 Integrate Jakarta Mail API 2.1.0 2023-04-27 13:36:54 +02:00
Martin Bartoš
de663dbf93 Quarkus3 branch sync no. 9
10.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* changed version from 999-SNAPSHOT to 999.0.0-SNAPSHOT
2023-04-27 13:36:54 +02:00
Martin Bartoš
952faed4c9 Run Adapter tests with JavaEE support
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/.github/actions/build-keycloak/action.yml - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
0b4f40f89b Quarkus3 branch sync no. 8
3.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
abf765185d Fix WebAuthn tests 2023-04-27 13:36:54 +02:00
Martin Bartoš
64738ea708 Fix issues with JakartaEE Mail dependencies
This reverts commit da4644844ed88818c05d777460624403326ab01c

---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
5ebe4ca7c8 Quarkus3 branch sync no. 6
17.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Peter Zaoral
946eacd5b6 Quarkus3 branch sync no. 5
10.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
2cb7c9f5ec Fix account console tests 2023-04-27 13:36:54 +02:00
Stefan Guilhen
3409a0c840 Fixes SAML tests in testsuite
- adds dependency to saaj-impl in saml core public
- updates test apps' web.xml files to use jakarta namespaces
- small cleanup in main pom
- changes order of e-mail servers in testsuite pom to enforce usage of greenmail (changes order in Undertow's classpath)

Closes #16711
2023-04-27 13:36:54 +02:00
Alexander Schwartz
4bdf2fe21d Fixing parameter which should be a string plus dependencies
Closes #16649
2023-04-27 13:36:54 +02:00
Peter Zaoral
028c3dd26e uarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/transaction/StorageTransactionTest.java - Modified
---
27.1.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
vramik
fa3ba6331e Remove JsonbPostgreSQL95Dialect from keycloak-server.json from testsuite utils
Fixes #16336
2023-04-27 13:36:54 +02:00
Martin Bartoš
b1da7bd613 Revert Mail API
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/quarkus/pom.xml - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
1f126647fe Update dependencies 2023-04-27 13:36:54 +02:00
Martin Bartoš
c0b82ae72b Upgrade Arquillian Undertow embedded 2023-04-27 13:36:54 +02:00
Hynek Mlnarik
4189edc9f1 Fix dependency
Fixes: #16538
2023-04-27 13:36:54 +02:00
vramik
60e6fb9dae Register custom functions FunctionContributor
Closes #16336

---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
4ff2de7f46 Quarkus3 branch sync
18.1.2023:
* applied Quarkus 3 OpenRewrite recipe
* fixed the parts that were missed by the script

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
77a494d3be Undertow JakartaEE adapter in the testsuite 2023-04-27 13:36:54 +02:00
Martin Bartoš
124591ce1a Adapters can still use Java EE
- Provided all JavaEE dependencies for adapters
- Automatically build Undertow Jakarta EE for testsuite (missing SAML)
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Stefan Guilhen
ab6ca6e63d Enable KeycloakServer again by re-enabling undertow adapters
---
Quarkus3 branch sync #2 (20.1.2023)
Resolved conflicts:
keycloak/testsuite/utils/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
40c38e0133 Fix dependencies in testsuite, adapters and Quarkus module
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Stefan Guilhen
384d7c17f7 - Fix issues in legacy store
- Testsuite (switch undertow-embedded.version)
2023-04-27 13:36:54 +02:00
Martin Bartoš
6118e5cfb7 Use JakartaEE dependencies
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.*
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
2023-04-27 13:36:54 +02:00
Hynek Mlnarik
d7d50634b3 Do not impose assumptions on ID format
Closes: #19814
2023-04-26 15:37:50 +02:00
Hynek Mlnarik
80ba42a0b4 Tests: Determine IDs from Keycloak
Instead of assuming that the ID of created objects is honored,
the tests are rewritten in the way which obtains the ID from
the created objects. This is to account for storages where
ID is not necessarily an UUID and cannot be thus prescribed.

Closes: #19814
2023-04-26 15:37:50 +02:00
rmartinc
04ac3a64ee Adding support for rsa-oaep for SAML encryption
Closes https://github.com/keycloak/keycloak/issues/19689
2023-04-26 10:46:10 +02:00
mposolda
a3f2ebb193 Ability to override default/built-in providers with same providerId. Using ProviderFactory.order() for choosing priority providers
Closes #19867
2023-04-25 18:04:58 +02:00
Peter Zaoral
78958ae434
Fix Base Testsuite timeouts on Windows 2023-04-25 16:01:08 +02:00
Lukas Hanusovsky
30d976d64c
RequiredActionEmailVerificationTest - old account console dependencies removed. (#19843)
Closes #19668
2023-04-25 08:19:43 +02:00
Hynek Mlnarik
3161c4424c Fix export / import tests relict
Closes: #19812
2023-04-19 22:17:49 +02:00
Hynek Mlnarik
0ddc71d987 Properly encode id in URL
Closes: #19816
2023-04-19 15:10:04 -03:00
rmartinc
8e55a63f31 Do not allow add sub-flow to built-in workflow
Closes https://github.com/keycloak/keycloak/issues/15536
2023-04-19 11:12:49 +02:00
rmartinc
f051a0cdb3 Improve SessionCodeChecks to detect better the ALREADY_LOGGED_IN situation
Closes https://github.com/keycloak/keycloak/issues/19677
2023-04-18 10:35:47 -03:00
Lukas Hanusovsky
4a8510f7d9
Stop disabling Account Console v2 for tests that run fine (#19728)
Works towards closing #19668
2023-04-17 16:26:32 -03:00
Marek Posolda
8d01109158
Invalid parameter redirect_uri when using an invalid client_id (#19731)
closes #19662
2023-04-17 15:12:59 +02:00
Hynek Mlnarik
21510dff0c Add FILE constant to StoreProvider 2023-04-17 08:29:49 +02:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts
Closes #17359
2023-04-16 17:41:22 +02:00
Alexander Schwartz
d7c3678096
Add missing UI dependencies for interactive tests (#19736)
Closes #19735
2023-04-15 16:58:55 -04:00
danielFesenmeyer
5554c62bea Change locale of user profile validation message to be resolved from authenticated user instead of validated user
Closes #19707
2023-04-14 11:51:15 -03:00
Stian Thorgersen
f4cabea08c
Make sure the code is bound to the user session (#18) (#17380) (#17389)
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-04-14 14:42:12 +02:00
Lukas Hanusovsky
556758943f
Old Account Console removal - cleanup imports (#19700)
Part of #19668
2023-04-13 14:57:28 +00:00
Jon Koops
a2eb619e0e
Include Account Console version 3 as a theme (#19641) 2023-04-13 09:41:40 -04:00
Vladislav Plemyannik
ca9c6dddc1 Fix of ant configure.xml to be able to build integration-arquillian-servers-auth-server-quarkus module on Windows
Closes #19591
2023-04-13 09:24:53 -03:00
vramik
2b890eb79d Zero downtime smoke tests
Closes #16481
2023-04-12 11:24:35 +02:00
Michal Hajas
b730d861e7
Refactor map storage transaction initialization
* Refactor transaction to be enlisted in MapStorageProvider instead of area provider

* Make KeycloakTransaction methods optional for MapKeycloakTransaction

* Remove MapStorage interface that contained only createTransaction method

* Rename *MapStorage to *CrudOperations

* Adjust File store to new structure

* Rename MapKeycloakTransaction to MapStorage

* Rename getEnlistedTransaction to getMapStorage in AbstractMapProviderFactory

* Rename variables tx and transaction to store

* Add createMapStorageIfAbsent to JpaMapStorageProvider

* Update JavaDoc

Co-authored-by:  Hynek Mlnarik <hmlnarik@redhat.com>
2023-04-12 11:21:14 +02:00
Pedro Igor
83676bf927 Extract JUnit5 support in the distributoin testsuite to a separate module
Closes #19552
2023-04-11 10:48:56 +02:00
Martin Kanis
37af5fbffe Introduce optimistic locking for HotRod storage
Closes #15402
2023-04-11 09:33:01 +02:00
Lukas Hanusovsky
9bb18400ad
Remove AccountTotpPage from the testsuite (#17657)
Closes #15201
2023-04-06 11:49:29 +02:00
fwojnar
f55794f8bf
Removes AccountApplicationsPage (#17651)
Closes #15198 


Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-04-05 16:54:16 +02:00
mposolda
c6f13363b9 Add nashorn javascript engine to Keycloak server
closes #17671
2023-04-04 14:56:46 +02:00
rmartinc
99330dbb6d Manage JsonProcessingException to not return error 500 when json data is wrong
Closes https://github.com/keycloak/keycloak/issues/11517
2023-04-03 18:07:34 +02:00
mposolda
4d8d6f8cd8 Preserve authentication flow IDs after import
closes #9564
2023-04-03 16:01:52 +02:00
Jon Koops
bdc019b02c
Fully deprecate function-style constructor for Keycloak JS (#19438) 2023-04-03 14:45:55 +02:00
Hynek Mlnarik
85c0b47c31 Fix ClientPoliciesExtendedEventTest
Closes: #19487
2023-04-03 14:43:50 +02:00
Hynek Mlnarik
0d5363d0d5 Throw an exception rather than returning response
Closes: #17644
2023-04-03 14:43:50 +02:00
Alexander Schwartz
d210980988 Close factory when creation fails
Closes #16671
2023-03-31 10:19:29 +02:00
Pedro Igor
6086201fe0 Do not verify identity cookie when processing required actions
Closes #17539
2023-03-31 09:56:27 +02:00
rmartinc
89dfeeec38 The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties
Closes https://github.com/keycloak/keycloak/issues/10412
2023-03-30 21:45:07 +02:00
mposolda
709c6b5a47 Regressions in redirect URL verification when redirect_uri has encoded path or default port
closes #16851
closes #16587
2023-03-30 14:20:10 +02:00
Pedro Igor
48082d08ec Email visible on registration page when edit username is not allowed
Closes #17439
2023-03-30 08:11:30 +02:00
Douglas Palmer
ff27f6c77c Fix SSSDTest
closes #19397
2023-03-29 21:54:00 +02:00
Jon Koops
8f627517cb
Remove legacy Promise APIs from Keycloak JS (#19389) 2023-03-29 16:29:27 +00:00
Michal Hajas
e49dfe534e Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store
Closes #17277
2023-03-29 16:43:01 +02:00
Daniel Kobras
a45b5dcd90 Prefer cert over pubkey in SAML metadata
If SAML key material was given as a certificate, consistently
expose the certificate rather than just the public key when
presenting SAML metadata info. This change ensures that the
client obtains sufficient information (eg. issuer) to close
the trust chain.

Closes: #17549

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
2023-03-29 11:17:24 +02:00
Marek Posolda
032ece9f7b
Clarify user session limits documentation and test SSO scenario (#19372)
Closes #17374


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-03-29 10:08:45 +02:00
rmartinc
2bb9de1a8c Allow application/jwt media type for userinfo endpoint
Closes: https://github.com/keycloak/keycloak/issues/19346
2023-03-28 08:47:35 -03:00
Michal Hajas
beca22311b Add RefreshTokenTest to database suite so it can catch some expiration issues similar to #17570 2023-03-28 08:32:31 +02:00
Michal Hajas
2a5b5c4a40 Fix stale client session is present in user session
Closes #17570
2023-03-28 08:32:31 +02:00
Pedro Igor
a9c605750d Returning email as username setting for admins
Fixes #17591
2023-03-27 16:33:44 -03:00
Alexander Schwartz
251f6151e8 Rework the Import SPI to be configurable via the Config API
Also rework the export/import CLI for Quarkus, so that runtime options are available.

Closes #17663
2023-03-24 15:28:55 -03:00
Pedro Hos
bd0a23a865 /users/count endpoint with search field has different behavior than /users query endpoint #17620
closes #17620
2023-03-24 13:43:47 +01:00
Klajdi Paja
cf61a65198 Return a user friendly message when a group name already exists on the same level.
Closes #16888
2023-03-24 08:13:49 +01:00
rmartinc
8bc5273792 EAP7 and wildfly adapter tests fixes. Execute enable-elytron-se17.cli for EAP7 and JDK-17.
Closes https://github.com/keycloak/keycloak/issues/19273
2023-03-23 17:02:39 -03:00
Ayrat Hudaygulov
f578f91a0b Fix ID token not being sent after expiration for OIDC logout
Closes #10164
2023-03-23 13:01:02 +01:00
Hiroyuki Wada
46eb2e1b84 Fix attribute deleted from LDAP is not immediately reflected even if it is "Always Read Value From LDAP" 2023-03-21 10:28:41 +01:00
Ricardo Martin
1a622e707f
Flaky tests org.keycloak.testsuite.federation.sync.SyncFederationTest (#19095)
Closes: https://github.com/keycloak/keycloak/issues/17430
Closes: https://github.com/keycloak/keycloak/issues/17431
2023-03-21 08:30:42 +01:00
Alexander Schwartz
513bb809f3 Add a map storage global locking implementation for JPA
Closes #14734
2023-03-21 08:21:11 +01:00
rmartinc
bef0a4a6f1 Check frontendUrl in the hostname providers
Closes https://github.com/keycloak/keycloak/issues/17686
2023-03-20 18:54:58 -03:00
Miquel Simon
80d3cc5dea Added option for Chrome driver needed for version >= 111.
Closes #19137
2023-03-20 13:09:23 +01:00
Pedro Igor
a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
rmartinc
cab7e50410 Better handling for SAML signatures in POST and REDIRECT bindings
Closes https://github.com/keycloak/keycloak/issues/17456
2023-03-15 09:06:59 -03:00
Martin Kanis
5e7793b64d Unexpected invalid_grant error on offline session refresh when client session is not in the cache
Closes #9959

Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Lex Cao <lexcao@foxmail.com>
2023-03-15 12:39:43 +01:00
Jon Koops
96aa4b3394
Add Maven build for the Admin UI (#17552) 2023-03-13 18:16:12 +00:00
Hynek Mlnarik
fe5d89295f Fix client (scope) model test placement
Fixes: #17212
2023-03-13 14:35:14 +01:00
Pedro Igor
af475ffe23 Fixing classloading issue due to the curated application being eagerly closed 2023-03-13 09:34:49 +01:00
Alexander Schwartz
0b2802fa18 Fixing compile time warnings
Avoiding calling deprecated methods, and adding compile time dependencies for annotations.

Closes #17499
2023-03-09 15:42:55 +01:00
vramik
31e4c5cb7e Add storage-jpa-db property into Quarkus. Distinguish postgres and crdb for jpa map store.
Closes #17305
2023-03-09 11:09:56 +01:00
Tero Saarni
9052ec2b02
Add admin events for realm create/delete. (#10831)
Closes #10733
2023-03-07 15:57:06 +01:00
Simon Levermann
96c1cf3c49 Allow mapping of UserSessionNotes into UserInfo
Fixes #15369
2023-03-07 15:25:14 +01:00
rmartinc
a56b38c5a6 Don't remove session and don't reset restart cookie if passive check error
Closes https://github.com/keycloak/keycloak/issues/11340
2023-03-07 15:10:09 +01:00
rmartinc
06ff8b016c Don't set REMEMBER_ME if it's disabled at realm level
Closes https://github.com/keycloak/keycloak/issues/11330
2023-03-07 15:01:58 +01:00
Michal Hajas
837c64de3d Add support for pessimistic locking to HotRod
Closes #13273
2023-03-07 10:44:31 +01:00
Alexander Schwartz
f6f179eaca Rework the export to use CLI options and property mappers
Also, adding the wiring to support Model tests for the export.

Closes #13613
2023-03-07 08:22:12 +01:00
mposolda
a0192d61cc Redirect loop with authentication success but access denied at default identity provider
closes #17441
2023-03-06 10:45:01 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer
Closes #17336
2023-03-03 17:58:34 +01:00
Zakaria Amine
fb5a7f654b
trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100)
closes #15098
2023-03-03 17:49:27 +01:00
Jon Koops
6d2e57f93a
Move Keycloak JS into the NPM workspace (#17401) 2023-03-03 13:56:53 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334)
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Alexander Schwartz
95a6effcef Increase memory for the model tests to avoid an OOM error
Closes #17427
2023-03-03 10:55:03 +01:00
Alexander Schwartz
1e4401f521 Avoid returning the same entity multiple times from separate searches
Closes #15604
2023-03-02 08:21:38 +01:00
mposolda
b28bde542f referrer_url is not correctly computed in account console
closes #16484
2023-03-01 20:49:15 +01:00
Marek Posolda
59f4fe1c60
NPE on Theme after upgrade to 21 when parent or import theme not exists (#17350)
* NPE on Theme after upgrade to 21 when parent or import theme not exists
closes #17313

* Update per review
2023-03-01 15:46:37 +00:00
Michal Hajas
e02c95f9d3 Fix testReleaseAllLocksMethod timing out intermittently
Closes #17337
2023-03-01 14:55:50 +01:00
rmartinc
5cdf4d5791 Read-Only attributes should be modified if creation is delayed for LDAP
Closes https://github.com/keycloak/keycloak/issues/16848
2023-03-01 11:26:57 +01:00
Michal Hajas
7899c6c80a Make DeviceRepresentationProvider available for all model test profiles
Closes #17329
2023-02-28 14:55:48 +01:00
Pedro Igor
fbf5541802 Remove duplicated set-cookie header from response when expiring cookies
Closes #17192
2023-02-27 14:17:27 -03:00
lpa
3cd413dee1 SOAP backchannel logout for SAML protocol
Closes #16293
2023-02-27 14:24:12 +01:00
rmartinc
38a46726e4 Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers
Closes https://github.com/keycloak/keycloak/issues/15624
2023-02-27 10:14:48 -03:00
Miquel Simon
923a321a55
Run WebAuthn IT with Chrome. (#17256) 2023-02-23 20:58:13 +00:00
Václav Muzikář
557a22968c
Stabilize Account Console UI tests (#17243)
Closes #17178
Closes #17102
Closes #17070
Closes #17045
Closes #17044
Closes #16875
Closes #16870
Closes #16715
Closes #16670
Closes #16646
Closes #16627
Closes #16620
2023-02-23 12:35:08 +01:00
Marek Posolda
b9ab942ef8
FIPS related docs (#17196)
* FIPS related docs
Closes #16444 #12432 #12429

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-02-22 12:47:15 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview (#17228)
* Polish fips-mode switch for preview
Closes #17208 #17210 


Co-authored-by: mposolda <mposolda@gmail.com>
2023-02-22 12:12:52 +01:00
mposolda
5ac8f7c1ef Link 'Sign out' incorrectly hardcoded to localhost in the authz example applications
closes #17216
2023-02-21 15:49:20 +01:00
Douglas Palmer
1d75000a0e Create an SPI for DeviceActivityManager
closes #17134
2023-02-20 09:29:11 +01:00
drohwer89
4ff180da64
Terminating all sessions above the session limit (#16068)
Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit.

Closes #14689

Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-02-16 17:56:59 +01:00
rmartinc
9995a3cdd4 lastSync value into COMPONENT_CONFIG is always updated
Closes https://github.com/keycloak/keycloak/issues/17022
2023-02-16 17:48:49 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode
Closes #17119
2023-02-16 08:00:21 -03:00
sui.jieqiang
1f6fa0501c Fix search user groups without limit
Closes #12649
2023-02-15 15:50:46 +01:00
rmartinc
fbc9177f27 Doublecheck if we need to override properties in java.security
Closes https://github.com/keycloak/keycloak/issues/16702
2023-02-15 12:33:48 +01:00
vramik
7b604d6784 Sync properties in map-storage-jpa-cocroach with other profiles
Closes #17107
2023-02-15 10:49:22 +01:00
Michal Hajas
1f929c78af Make lockTimeout more friendly for JPA map storage
Closes #16616
2023-02-15 10:38:18 +01:00
Hynek Mlnarik
bb0eb899a7 Add ability to run arq testsuite with file store
Fixes: #17032
2023-02-15 10:17:23 +01:00
Hynek Mlnarik
2665fb01a6 File storage: Fix path traversal
Fixes: #17029
2023-02-14 14:30:14 +01:00
Pedro Igor
9e46b9e43f Handling events after transaction completion using a separate session
Closes #15656
2023-02-14 13:10:57 +01:00
Václav Muzikář
a57821ed80 Fix JDK 17 InaccessibleObjectException with infinispan 2023-02-13 17:09:36 -03:00
Miquel Simon
48a22ff2f3
Added WebAuthn integration tests to CI workflow. (#16608) 2023-02-13 12:28:25 +00:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
2023-02-10 12:06:49 +01:00
Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite (#16970)
Closes #16969
2023-02-09 12:21:33 +01:00
Pedro Igor
017ddc670b Removing references to old admin console test artifacts 2023-02-08 17:22:45 -03:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest (#16914)
Closes #16896
2023-02-08 14:49:49 +00:00
Dmitry Telegin
5f39aeb590 Pre-authorization hook for client policies
Closes #9017
2023-02-08 15:06:32 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction
Closes #13280
2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme (#16864)
Closes #16862
2023-02-08 09:22:39 +01:00
Hynek Mlnařík
f71ab092de
File store basis
Fixes: #16676

---

* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite

---------

Co-authored-by: vramik <vramik@redhat.com>
2023-02-07 14:59:23 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861)
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
2023-02-07 12:59:35 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens
Closes #8833
2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92 Revise blacklist password policy provider #8982
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-02-07 10:36:39 +01:00
Martin Kanis
5ba004b447 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage 2023-02-07 10:01:32 +01:00
Stian Thorgersen
fc075a3d35
Remove old admin console tests (#16859)
Closes #16858
2023-02-07 08:51:36 +01:00
Denis Bernard
5db64133b8 Add Attribute to Group Mapper for SAML IDP
Cleansing code as PR Comment

Add test for Advanced Attribute to Group Mapper

Closes #12950
2023-02-06 10:58:48 -03:00
Pedro Igor
1a1ee78dbd Removing tests from base group broker mapper test classes 2023-02-06 10:58:48 -03:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798)
Closes #16797
2023-02-03 15:31:25 +01:00
rmartinc
f8f112d8d2
Upgrade twitter4j (#16828)
Closes https://github.com/keycloak/keycloak/issues/16731
2023-02-03 15:28:37 +01:00
mposolda
0e374c7a45 Any tests using PhantomJS failing in some linux environments
closes #16818
2023-02-03 15:19:57 +01:00
Stian Thorgersen
0fa209c29a
WelcomeScreenTest#resourcesTest (#16761)
* Fix WelcomeScreenTest#resourcesTest

Closes #16669

* Add one more retry
2023-02-03 09:41:48 +01:00
Marek Posolda
51bed81814
Fixes for OOB endpoint and KeycloakSanitizer (#16773)
(cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)
2023-02-02 08:34:50 +01:00
Pedro Igor
e3c41ec3a0 Ignoring test methods from parent classes
Closes #15687
2023-02-01 14:58:03 -08:00
Stian Thorgersen
d9025231f9
HTML Injection in Keycloak Admin REST API (#16765)
Resolves #GHSA-m4fv-gm5m-4725

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-02-01 14:34:15 +01:00
Alexander Schwartz
c6aba2e3de Make LockAcquiringTimeoutException a RuntimeException
Closes #16690
2023-01-31 08:21:32 +01:00
Marek Posolda
33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode (#16699)
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
2023-01-30 16:01:57 +01:00
mposolda
7f017f540e BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication
Closes #16678
2023-01-30 08:40:46 +01:00
Martin Kanis
c4255e7301 Wrong property for events in map-storage-hot-rod on Undertow 2023-01-27 14:24:34 +01:00
mposolda
5591b5198b Still test failures with BCFIPS approved mode due the hardcoded keys
Closes #16643
2023-01-26 15:50:29 +01:00
Pedro Igor
f6602e611b Allow managing the username idn homograph validator
Closes #13346
2023-01-26 04:55:43 -08:00
Michal Hajas
eb59fdb772 Add transaction tests to model tests
Closes: #15890
2023-01-26 12:55:22 +01:00
mposolda
a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS
closes #14966
2023-01-25 18:38:46 +01:00
mposolda
16888eaeab Only available RSA key sizes should be shown in admin console
Closes #16437
2023-01-25 13:15:07 +01:00
mposolda
29888dbf1a Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant
Closes #12420
2023-01-25 08:26:15 +01:00
Miquel Simon
83147a67a0
Added New Account Console Tests to CI workflow. (#16547) 2023-01-24 16:01:03 +01:00
Hynek Mlnarik
977cc473bb Fix linebreaks in XML / SAML signatures
See https://bugs.openjdk.org/browse/JDK-8264194
See https://issues.apache.org/jira/browse/SANTUARIO-482

Fixes: #14529
2023-01-23 15:39:10 +01:00
Martin Bartoš
7d6e22bedd
DateTimeParse failures in New Account Console tests (#16531)
Fixes #16514
2023-01-19 09:39:03 -05:00
Stian Thorgersen
8d05895adb
Move Admin REST extension to main repository (#16530)
Closes #16529
2023-01-19 13:06:21 +01:00
Konstantinos Georgilakis
c73859794e Short verification_uri for Device Authorization Request
Closes #16107
2023-01-18 08:34:52 +01:00
Pedro Igor
33cb1ad7cd Support runnning tests using an embedded distribution
Closes #16420
2023-01-13 12:03:36 -08:00
Hynek Mlnarik
3119566407 Prevent endless loop in case of split-brain
Fixes: #16427
2023-01-13 16:23:18 +01:00
mposolda
79fa6bb3c9 Initial support for running testsuite in BCFIPS approved mode
Closes #16429
2023-01-13 02:59:06 -08:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
cc6597967a Refactoring ClientPoliciesTest
Closes #14795
2023-01-12 09:38:12 +01:00
Pedro Igor
9945135861
Verify if token is revoked when validating bearer tokens (#16394)
Closes #16388
2023-01-11 14:42:29 +01:00
mposolda
ac490a666c Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key
Closes #16324
2023-01-10 20:39:59 +01:00
Miquel Simon
7bd78f604a
Added MariaDB to Legacy Store IT. (#16157) 2023-01-10 17:37:27 +01:00
Pedro Igor
d797d07d8f Ignore user profile attributes for service accounts
Closes #13236
2023-01-10 16:26:53 +01:00
mposolda
4d55c6a647 Adding SAML tests for FIPS - with addition of XMLDSig security provider
Closes #14969
2023-01-10 08:37:03 +01:00
Pedro Igor
53ee95764e Do not show username field when updating profile if UPDATE_EMAIL feature is enabled and email as username is enabled
Closes #16263
2023-01-06 14:12:47 +01:00
Réda Housni Alaoui
141c9dd803
update-email: email change does not affect the username when "Email as username" option is checked (#15583)
Closes #13988
2023-01-06 14:04:48 +01:00
Miquel Simon
c2682157fb
Added MS SQL Server to Legacy Store IT. (#16121)
* Added MS SQL Server to Legacy Store IT.

* Update testsuite/integration-arquillian/pom.xml

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-01-06 08:55:09 +01:00
Réda Housni Alaoui
dbe0c27bcf Allowing client registration access token rotation deactivation 2023-01-05 20:53:57 +01:00
mposolda
e374e309c6 Deprecate SHA1 based algorithms for sign SAML documents and assertions
Closes #16240
2023-01-05 20:45:20 +01:00
Michal Hajas
6566b58be1 Introduce Infinispan GlobalLock implementation
Closes #14721
2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41 Move transaction processing into session close
Fixes: #15223
2023-01-05 16:12:32 +01:00
Stian Thorgersen
6c1f981eec
Fix UserTest.sendResetPasswordEmailWithCustomLifespan (#16233)
Closes #16232
2023-01-04 13:03:33 +01:00
Stian Thorgersen
7dc16c69cb
Force refreshing token for admin client if time offset is set (#16242)
Closes #16143
2023-01-04 13:03:10 +01:00
mposolda
496c6d598e Some authorization adapter test failing on Java 17
Closes #16216
2023-01-03 13:03:26 +01:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
ce6b737e33 NPE in userinfo endpoint
Closes #15429
2023-01-02 13:53:29 +01:00
Stian Thorgersen
669086acd6
Suspend scheduled tasks if time offset is set to a large value (#16144) 2022-12-21 15:12:57 +01:00
Martin Kanis
c0e103dc95 Replace old HotRod index annotation with new one 2022-12-21 12:50:08 +01:00
Miquel Simon
9bb5b08015
Added Oracle to Legacy Store IT. (#16097) 2022-12-21 08:15:38 +01:00
mposolda
36bd76957d Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL
Closes #15721
2022-12-20 21:03:55 +01:00
Michal Hajas
c79d29e68c Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile
Closes #16046
2022-12-20 17:51:40 +01:00
Alexander Schwartz
fffde1407c Enable retryable transactions for CockroachDB model tests
Also made the test setup of the realm more idempotent to clean up a realm left-over from a previous test.

Closes #16078
2022-12-20 15:49:07 +01:00
Alexander Schwartz
0fee33bb95 Normalize JVM heap usage in tests and handle OOM situations
Closes #16089
2022-12-20 13:26:07 +01:00
Alexander Schwartz
6d0e112bf1 Ensure lock table has its primary key created, and re-enable the DBLockTest
Closes #15487
2022-12-20 08:50:14 +01:00
Alexander Schwartz
1d758fac2b
Adding CRDB into GHA for the new store (#16021)
The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds.

Closes #16020
2022-12-17 08:50:21 +01:00
Pedro Igor
857b02be63 Allow managing the required settigs for the email attribute
Closes #15026
2022-12-15 13:11:06 -08:00
Pedro Igor
782d145cef Allow updating authz settings via default client registration provider
Closes #9008
2022-12-15 20:43:43 +01:00
Alexander Schwartz
bd4acfe4c6
Removing testsuite/performance from main Keycloak repository (#15950)
There's a separate repository keycloak-benchmark for this.

Closes #14192
2022-12-15 14:43:24 +01:00
Stian Thorgersen
c1b0f2a6ab
Rebalanace BaseIT test groups (#16007) 2022-12-15 08:52:30 +01:00
Stian Thorgersen
a5670af745
Keycloak CI workflow refactoring (#15968)
* Keycloak CI workflow refactoring

Closes #15861

* Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update CodeQL actions

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2022-12-14 16:12:23 +01:00
Stian Thorgersen
0f2ca3bfdd
fixes from release/20 (#15982)
* Avoid path traversal vis double-url encoding of redirect URI (#8)

(cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f)

* Do not resolve user session if corresponding auth session does not exist (#7)

* Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9)

Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2022-12-14 07:46:17 +01:00
Stian Thorgersen
30cc16e648
Move authorization tests into authz package (#15957)
Closes #15956
2022-12-12 18:09:11 +01:00
Peter Zaoral
1073a342cf Cleanup dependencies and align with Quarkus
* aligned parent POM dependency versions with the Quarkus BOM

Closes #15325

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2022-12-09 09:10:30 -03:00
Hynek Mlnařík
208affe000 Update generator to record the entity to fields mapping
Fixes: #15677
2022-12-08 15:40:28 +01:00
Michal Hajas
de7dd77aeb Change id of TermsAndConditions required actions to uppercase
Closes #9991
2022-12-07 10:51:37 -03:00
mposolda
f4e91a5312 The redirect URI cannot be verified during logout in the case when client was removed
closes #15866
2022-12-07 08:20:30 +01:00
mposolda
264c5a6cdb Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms
Closes #14968
2022-12-06 13:02:46 +01:00
Pedro Igor
022d2864a6 Make sure JAX-RS resource methods are advertizing the media type they support
Closes #15811
Closes #15810
2022-12-06 08:13:43 -03:00
Stian Thorgersen
2f0d8cd895
Move hok, par, and rar tests to oauth package (#15834)
Closes #15833
2022-12-05 15:42:20 +01:00
Michal Hajas
59ccae76cb
Fix flaky JS test (#15804)
Closes #15761

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-12-05 13:16:04 +01:00
Pedro Igor
168734b817 Removing references to request and response from Resteasy
Closes #15374
2022-12-01 08:38:24 -03:00
Stian Thorgersen
8e6437e596
Fix Flaky test: RequiredActionTotpSetupTest.setupTotpExistingReusableCodeDisabled (#15779)
Closes #15564
2022-12-01 10:41:46 +01:00
Hynek Mlnařík
60ce949304 Ignore unknown clients in LDAP role mapper
Fixes: #10958
2022-12-01 09:51:05 +01:00
Stian Thorgersen
c24bc1bab0
Tweak time offset in RefreshTokenTest (#15760)
Closes #15718
2022-11-30 16:11:46 +01:00
Stian Thorgersen
c3c858c88a
Fix OpenshiftClientStorageTest.testCodeGrantFlowWithServiceAccountUsingOAuthRedirectReference (#15741)
Closes #15565
2022-11-29 14:20:21 +01:00
dependabot[bot]
82f08b709c Bump sshd-core in /testsuite/integration-arquillian/util
Bumps [sshd-core](https://github.com/apache/mina-sshd) from 2.3.0 to 2.7.0.
- [Release notes](https://github.com/apache/mina-sshd/releases)
- [Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](https://github.com/apache/mina-sshd/compare/sshd-2.3.0...sshd-2.7.0)

---
updated-dependencies:
- dependency-name: org.apache.sshd:sshd-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 12:04:15 -03:00
dependabot[bot]
3a35b05253 Bump ant in /testsuite/integration-arquillian/tests
Bumps ant from 1.9.15 to 1.10.11.

---
updated-dependencies:
- dependency-name: org.apache.ant:ant
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 12:03:47 -03:00
dependabot[bot]
17be19d4d3 Bump commons-io in /testsuite/integration-arquillian/util
Bumps commons-io from 2.6 to 2.7.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 12:03:20 -03:00
Miquel Simon
88bc5e2307 Use different Postgres image in Testcontainers. Upgraded Testcontainers dependency to 1.17.5. 2022-11-28 10:57:14 +01:00
mposolda
3e9c729f9e X.509 authentication fixes for FIPS
Closes #14967
2022-11-25 11:50:30 +01:00
Stefan Guilhen
5c2a5fac31 Enable all test methods in ConcurrentLoginTest for JPA Map Storage
- Tests still disabled for Hotrod and CHM
- Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB.

Closes #12707
Closes #13210
2022-11-24 13:36:22 +01:00
Lex Cao
dd03137ea7 Strip secret of user when creating from admin API
Closes #14843
2022-11-24 11:38:42 +01:00
Alexander Schwartz
410b5ab57f Make tests run on Oracle DB on the internal pipeline
Closes #15643
2022-11-23 13:49:01 +01:00
Nagy Vilmos
4b6b607fe9
Should not hide IDP from login page (#14174)
Closes #14173
2022-11-23 10:49:21 +01:00
rmartinc
b7188c3891
Unknown bind DN using LDAP anonymous bind aka bind type none (#15546)
Closes #15497
2022-11-23 10:23:46 +01:00
danielFesenmeyer
18381ecd2e Fix update of group mappers on certain changes of the group path
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed

Closes #15614
2022-11-23 10:12:34 +01:00
Alexander Schwartz
fb315b57c3 Use the same Oracle driver for the tests and Undertow like for Quarkus
Closes #15576
2022-11-23 09:26:18 +01:00
cgeorgilakis-grnet
085dd24875 Client registration service do not check client protocol for Bearer token
Closes #15612
2022-11-23 08:49:13 +01:00
Pedro Igor
28fc5b4574 Removing injection points for Resteasy objects and resolving instances from keycloak context instead
Relates #15374
2022-11-21 19:47:25 +01:00
Alexander Schwartz
0bad673219 Disabling unstable test until further analysis is complete
Relates to #15487
2022-11-21 16:46:25 +01:00
Stefan Guilhen
f8df04b3b8 Fix UserSessionProviderTest.testOnClientRemoved on CRDB
Closes #15558
2022-11-21 13:05:11 +01:00
Michal Hajas
6d683824a4 Deprecate DBLockProvider and replace it with new GlobalLockProvider
Closes #9388
2022-11-16 16:13:25 +01:00
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
Alexander Schwartz
80dab89468 Disabling unstable test until further analysis is complete
Relates to #15487
2022-11-15 16:12:20 +01:00
Douglas Palmer
9f532eecaf Weird export/re-import behaviour regarding post.logout.redirect.uris
Closes #14884
2022-11-15 09:24:32 +01:00
Michal Hajas
9944a594eb Use DELETE statement instead of deleting one by one for HotRod store
Closes #9420
2022-11-11 13:51:03 +01:00
vramik
021189f190 Make GHA Map-JPA base testsuite running with Quarkus
Co-authored-by: Martin Batros <mabartos@redhat.com>

Closes #13725
2022-11-10 10:08:14 +01:00
Jia Chen
c3d53ae6e0 Returns an empty groups stream without querying the database if a user doesn't belong to any groups
Closes #12567
2022-11-09 13:07:42 +01:00
Michal Hajas
dc007eab6f Ignore test until the intermittent failure from #14917 is resolved 2022-11-07 20:47:39 +01:00
Michal Hajas
d9dcb6c60a Fix Infinispan adapter not checking updated value in getAttribute methods
Closes #12819
2022-11-07 20:44:43 +01:00
danielFesenmeyer
ec30c52a00 Fix paging on the "Users in role" endpoint, when JPA persistence is used
- add order-by-clause to the corresponding JPA query (ordering by username ASC)
- adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles)
- adjust tests to use the new method and check that the expected order is returned

Closes #14772
2022-11-07 20:44:06 +01:00
stianst
1de9c201c6 Refactor Profile
Closes #15206
2022-11-07 07:28:11 -03:00
Marek Posolda
c0c0d3a6ba
Short passwords with PBKDF2 mode working (#14437)
* Short passwords with PBKDF2 mode working
Closes #14314

* Add config option to Pbkdf2 provider to control max padding

* Update according to PR review - more testing for padding and for non-fips mode
2022-11-06 14:49:50 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299)
closes #14965
2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114)
Closes #14794
2022-11-03 09:32:45 +01:00
vramik
6bbcdd44a5 Run map-jpa model tests profile in GHA
Closes #13573
2022-11-02 15:30:08 +01:00
Stian Thorgersen
cf913af823
Add support for Microsoft Authenticator (#15272)
Closes #15271
2022-11-02 12:56:07 +01:00
Stian Thorgersen
cac4c43052
Remove AccountPasswordPage from testsuite (#15204)
Closes #15200
2022-11-02 06:20:39 +01:00
Alexander Schwartz
dd5a60c321 Allow a partial import to overwrite the default role
Closes #9891
2022-11-01 15:35:02 -03:00
Pedro Igor
f6985949b6
Close the session within resteasy boundaries (#15193)
Closes #15192
2022-11-01 11:06:34 +01:00
Stian Thorgersen
17117820cc
Remove AccountFormServiceTest (#15197)
Closes #15196
2022-10-28 12:26:59 +02:00
Master_Sky
164465861b
fix(sec): upgrade org.apache.tomcat:tomcat-catalina to 8.5.76 (#14950)
Co-authored-by: stianst <stianst@gmail.com>
2022-10-25 09:30:28 -03:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models
Closes #14720
2022-10-25 09:01:33 +02:00
Alexander Schwartz
9b80bad391 Stabilize test testAccountManagementLinkIdentity by waiting for username to appear
Closes #15054
2022-10-24 19:19:27 +02:00