Alexander Schwartz
dd5a60c321
Allow a partial import to overwrite the default role
...
Closes #9891
2022-11-01 15:35:02 -03:00
Pedro Igor
f6985949b6
Close the session within resteasy boundaries ( #15193 )
...
Closes #15192
2022-11-01 11:06:34 +01:00
Michal Hajas
883e83e625
Remove deprecated methods from data providers and models
...
Closes #14720
2022-10-25 09:01:33 +02:00
mposolda
55c514ad56
More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS
...
Closes #14964
2022-10-24 08:36:37 +02:00
Alexander Schwartz
440077de42
Reduce number of calls to the storage for clients and realms
...
Closes #15038
2022-10-21 15:08:39 +02:00
Stefan Guilhen
acaf1724dd
Fix ComponentsTest failures with CockroachDB
...
- Component addition/edition/removal is now executed in a retriable transaction.
Closes #13209
2022-10-21 10:48:08 +02:00
Klaus Betz
76d9125c3f
feat: add DisplayIconClasses to IdentityProviderModel for third-party IDPs https://github.com/klausbetz/apple-identity-provider-keycloak/issues/10 ( #14826 )
...
Closes #14974
2022-10-18 15:54:06 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream ( #14697 )
...
* Remove Red Hat Single Sign-On product profile from upstream
Closes #14916
* review suggestions: Remove Red Hat Single Sign-On product profile from upstream
Closes #14916
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
Stian Thorgersen
31aefd1489
OTP Application SPI ( #14800 )
...
Closes #14800
2022-10-18 14:42:35 +02:00
Marek Posolda
0756ef9a75
Initial integration tests with BCFIPS distribution ( #14895 )
...
Closes #14886
2022-10-17 23:33:22 +02:00
Stian Thorgersen
f7490b7f7c
Fix issue where admin2 was not enabled by default if account2 was disabled ( #14914 )
...
Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation
Closes #14889
2022-10-17 15:17:54 +02:00
vramik
f49582cf63
MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable
...
Closes #14678
2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0
Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving
...
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
- moving a group
- renaming a group
- renaming a role
- renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior
Closes #11236
2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider ( #13677 )
...
Closes #13334
2022-10-13 09:26:44 +02:00
Stian Thorgersen
ded52c6228
Move session iframe pages ( #14769 )
...
Closes #14767
2022-10-13 08:16:20 +02:00
Lex Cao
8ea3f30d82
Support profile projection parameter for LinkedIn IDP
...
Closes #13384
2022-10-11 15:22:00 -03:00
Alexander Schwartz
b67ce73227
Cleanup MapUserSessionAdapter.getAuthenticatedClientSessions()
...
Closes #14743
2022-10-10 13:01:14 +02:00
Stian Thorgersen
fda26385ec
Add profile feature for hosting keycloak.js on the server ( #14771 )
...
* Add profile feature for hosting keycloak.js on the server
Closes #14770
* Updated txt files for HelpCommandTest
2022-10-10 08:00:50 +02:00
Takashi Norimatsu
148c7695ff
Pluggable Features of Token Manager
...
Closes #12065
2022-10-07 08:43:34 +02:00
Hynek Mlnarik
36a1ce6a1a
Ensure map storage providers are closed upon session close
...
Fixes : #14730
2022-10-05 14:16:19 +02:00
Marek Posolda
425b6b8df2
Parameters 'client_id' and 'response_type' not strictly required in O… ( #14679 )
...
* Parameters 'client_id' and 'response_type' not strictly required in OIDC request object
Closes #14255
2022-10-05 11:20:15 +02:00
Douglas Palmer
44aae52fb4
Fixed locale switcher on error page ( #14728 )
...
Closes #14205
2022-10-05 10:30:07 +02:00
Marek Posolda
c59660ca86
KEYCLOAK_SESSION not working for some user federation setups when user ID has special chars ( #14560 )
...
closes #14354
2022-10-05 08:59:30 +02:00
Alice Wood
1eb7e95b97
enhance existing group search functionality allow exact name search keycloak/keycloak#13973
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
2022-09-30 10:37:52 +02:00
Marcelo Daniel Silva Sales
22713bc144
Incorrect error message OIDC client authentication ( #14656 )
...
closes #12162
Co-authored-by: Pedro Hos <pedro-hos@outlook.com>
2022-09-30 09:40:05 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron ( #14415 )
...
Closes #12702
2022-09-27 08:53:46 +02:00
Alexander Schwartz
be2deb0517
Modify RealmsAdminResource.importRealm to work with InputStream
...
Closes #13609
2022-09-26 20:58:08 +02:00
Ivan Atanasov
4016dd95d2
Use temporary file to reduce the chance of serving partial gzipped resource ( #14511 )
...
Closes #14510
2022-09-23 07:51:41 +02:00
Alice Wood
55a660f50b
enhance group search to allow searching for groups via attribute keycloak/keycloak#12964
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-09-19 15:19:36 +02:00
Takashi Norimatsu
0a832fc744
Intent support before issuing tokens (UK OpenBanking)
...
Closes #12883
2022-09-19 12:15:00 +02:00
Dmitry Telegin
cc2117bf7c
UserInfo endpoint not fully standards compliant
...
Closes #14184
2022-09-16 10:15:08 +02:00
danielFesenmeyer
3af1134975
Update IDP link username when sync mode is "force"
...
Closes #13049
2022-09-14 08:02:17 -03:00
Václav Muzikář
e999aeeab8
Fix DefaultHostnameTest
on Undertow
2022-09-13 14:41:23 -03:00
Christoph Leistert
7e5b45f999
Issue #8749 : Add an option to control the order of the event query and admin event query
2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5
Move UserFederatedStorageProvider into legacy module
...
Closes #13627
2022-09-11 18:37:45 +02:00
Thomas Darimont
962a685b7b
KEYCLOAK-15773 Control availability of admin api and admin-console via feature flags
...
Inline profile checks for enabled admin-console to avoid issues during
static initialization with quarkus.
Potentially Re-enable admin-api feature if admin-console is enabled
via the admin/admin2 feature flag.
Add legacy admin console as deprecated feature flag
Throw exception if admin-api feature is disabled but admin-console is enabled
Adapt ProfileTest
Consider adminConsoleEnabled flag in QuarkusWelcomeResource
Fix check for Admin-Console / Admin-API feature dependency.
Add new features to approved help output files
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2022-09-09 18:18:51 -03:00
Pedro Igor
3518362002
Validate auth time when max_age is sent to brokered OPs
...
Closes #14146
2022-09-09 10:30:51 -03:00
Martin Bartoš
0fcf5d3936
Reuse of token in TOTP is possible
...
Fixes #13607
2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default ( #14293 )
...
Closes #14292
2022-09-09 13:47:51 +02:00
Dominik Guhr
f2b02f19e6
Closes #13786
2022-09-07 18:29:26 +02:00
cgeorgilakis
07b0df8f62
View groups from account console ( #7933 )
...
Closes #8748
2022-09-07 11:25:31 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 ( #14179 )
...
Closes #14179
2022-09-07 10:09:30 +02:00
evtr
4469bdc0a9
RelayState max length not respected
...
Fixes : #10227
2022-09-06 22:01:14 +02:00
Stu Tomlinson
f57560afd3
Improve error messages for invalid SAML responses
...
Closes #13534
2022-09-06 21:49:14 +02:00
Christoph Leistert
cc2bb96abc
Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.
2022-09-06 21:31:31 +02:00
Pedro Igor
a6137b9b86
Do not empty attributes if they are not provided when user profile is enabled
...
Closes #11096
2022-09-06 12:59:05 +02:00
Michal Hajas
f69497eb28
KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants
...
Closes #14018
2022-09-06 10:38:28 +02:00
Youssef El Houti
7f58c1c570
KEYCLOAK-19138 nginx x509 client trusted certificate lookup
2022-09-01 15:02:56 -03:00
Thomas Darimont
43623ea9d0
KEYCLOAK-18499 Add max_age support to oauth2 brokered logins
...
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7
Fixed handling of required setting for email in user profile.
...
Resolves #13923
2022-08-31 17:19:19 -03:00