Pedro Igor
f010f7df9b
Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-03 11:55:04 -03:00
Martin Kanis
e1b735fc41
Identity-first login flow should be followed by asking for the user credentials
...
Closes #30339
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-03 11:55:04 -03:00
Giuseppe Graziano
02d64d959c
Using _system client when account client is disabled for email actions
...
Closes #17857
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet
20cedb84eb
Check refresh token flow response for offline based on refresh token request parameter
...
Closes #30857
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-07-02 18:13:30 -03:00
Steven Hawkins
d534860e2b
fix: admin cli client should set the content when performing a merge ( #30539 )
...
closes : #29878
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-28 15:56:07 +02:00
Pedro Igor
cc2ccc87b0
Filtering organization groups when managing or processing groups
...
Closes #30589
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-28 10:27:18 -03:00
Steven Hawkins
aae1fa1417
fix: addresses cli erroneously wants a secret when env password is set ( #30892 )
...
closes : #30866
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-28 11:48:42 +02:00
Thomas Darimont
690c6051bb
Fix scope policy evaluation for client to client token exchange ( #26435 )
...
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.
We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.
We also ensure backwards compatibility for ClientPermissionManagement API.
Fixes #26435
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-06-28 10:33:20 +02:00
Douglas Palmer
220f32aa85
Cleanup of adapter pages
...
Closes #30870
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-27 18:57:22 +02:00
mposolda
7279f2092e
Cleanup of test-apps and related adapter code
...
closes #30867
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 15:10:31 +02:00
Romain LABAT
6615691c63
Support for service accounts when fetch roles is enabled ( #30687 )
...
Support for service accounts when fetch roles is enabled
Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-25 18:00:26 -03:00
rmartinc
e9c9efc3f4
Upgrade bc-fips to 1.0.2.5
...
Closes #26568
Closes #27884
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2
Issue: 26568 - bcfips version bump and fixes
...
* bump BCFIPS to 1.0.2.5
* fix bc-fips related test error
* remove unused imports
Closes : #26568
Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
2024-06-25 11:07:27 +02:00
fwojnar
015fefad02
Remove Edge from supported web drivers ( #30423 )
...
Closes #29921
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2024-06-24 17:24:55 +02:00
fwojnar
e30e6cba8e
Remove Safari from supported web drivers ( #30424 )
...
Related to #29921
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2024-06-24 13:27:12 +02:00
fwojnar
640db99c27
Remove Appium from supported web drivers ( #30483 )
...
Related to #29921
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2024-06-24 13:26:33 +02:00
Takashi Norimatsu
b0aac487a3
VC issuance in Authz Code flow with considering scope parameter
...
closes #29725
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-24 10:53:19 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM ( #29927 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
mposolda
6a9e60bba0
Flow steps back when changing locale or refreshing page on 'Try another way page'
...
closes #30520
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-21 11:22:15 +02:00
rmartinc
592c2250fc
Add briefRepresentation query parameter to getUsersInRole endpoint
...
Closes #29480
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-21 11:21:02 +02:00
Takashi Norimatsu
6b135ff6e7
client-jwt authentication fails on Token Introspection Endpoint
...
closes #30599
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-21 10:47:25 +02:00
Pedro Igor
a0ad680346
Adding an alias to organization and exposing them to templates
...
Closes #30312
Closes #30313
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
Pedro Ruivo
5fc12480fd
External Infinispan as cache - Part 4 ( #30072 )
...
UserSessionProvider implementation to make use of Infinispan remote
cache.
Closes #28755
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559
External Infinispan as cache - Part 3
...
Implementation of UserLoginFailureProvider using remote caches only.
Closes #28754
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e
External Infinispan as cache - Part 2
...
Includes a new implementation for the providers:
* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory
Closes #28648
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Martin Kanis
dc109381e1
Refactor organization tests
...
Closes #30338
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-19 09:34:24 -03:00
Martin Kanis
89f83e9788
Importing organizations failing if there is no broker and members in the representation
...
Closes #30305
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-19 08:46:04 -03:00
Pedro Igor
57139cbefc
Internal read-only attributes have precedence over unmanaged attribute policy
...
Closes #30240
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-19 12:05:01 +02:00
Giuseppe Graziano
24aa6e143d
REALM_CLIENT attribute to recognize realm clients ( #30433 )
...
Closes #29413
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-19 10:22:13 +02:00
Stefan Guilhen
db846a792d
Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches
...
Closes #30414
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-06-18 13:14:28 -03:00
Francis Pouatcha
d4797e04a2
Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification ( #30420 )
...
closes #30419
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-06-18 17:07:49 +02:00
rmartinc
fc65c73106
Upgrade adapters test to use wildfly 28 (jakarta only) via maven plugin
...
Closes #30324
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-18 15:40:59 +02:00
rmartinc
38d8cf2cb3
Add UPDATE event to the client-roles condition
...
Closes #30284
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-18 15:30:42 +02:00
Martin Bartoš
5ad3abaa96
Enable WebAuthn tests for Firefox ( #30374 )
...
Closes #22075
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-06-18 10:36:01 +02:00
rmartinc
c51640546d
Improvements for ldap test authentication
...
Closes #30434
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-15 10:01:24 +02:00
Thibault Morin
f6fa869b12
feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP ( #29619 )
...
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP
Signed-off-by: tmorin <git@morin.io>
* Adding broker test and minor improvements
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing IdentityProviderTest
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Renaming methods related to idp initiated flows
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing partial_import_test.spec.ts
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---------
Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-14 08:54:49 -03:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller ( #29474 )
...
Closes #29394
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-13 18:02:46 +02:00
Lukas Hanusovsky
ca0833b2e4
[ #29412 ] DB Allocator removal - dependency cleanup. ( #30406 )
...
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2024-06-13 13:31:52 +00:00
vramik
de2fdbe98f
cache count
...
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
vramik
d355e38424
Provide a cache layer for the organization model
...
Closes #30087
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
Alfredo Moises Boullosa
a5cd6ed965
Add step to Google Social Login ( #30335 )
...
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
2024-06-12 17:27:02 +02:00
Stefan Guilhen
c49b5749ef
Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP
...
Closes #29784
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-06-12 10:42:21 -03:00
Martin Kanis
ae69b3b260
Introduce packages for organization tests
...
Closes #30337
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-12 10:02:06 -03:00
rmartinc
7d42ab822b
Remove adapter app-server-undertow profile which is not used
...
Closes #30347
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-12 14:40:06 +02:00
Patrick Jennings
75925dcf6c
Client type configuration inheritance ( #30056 )
...
closes #30213
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-06-10 18:59:08 +02:00
rmartinc
7d05a7a013
Logout from all clients after IdP logout is performed
...
Closes #25234
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-10 11:58:09 -03:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs ( #29966 )
...
Closes #14122
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
Steven Hawkins
c7e9ee2bff
fix: adds handling for all kcadm prompts as env variables ( #29430 )
...
closes : #21961
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-06 13:08:23 +00:00
Bruno Oliveira da Silva
f34baf3c24
Update license headers ( #29942 )
...
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
2024-06-06 14:06:09 +02:00
Pedro Igor
94c194f1f4
Prevent users to unlink from their home identity provider when they are a managed member
...
Closes #30092
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2024-06-05 13:57:01 +02:00
mposolda
0bf613782f
Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error
...
closes #30102
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-05 13:55:02 +02:00
rmartinc
eedfd0ef51
Missing auth checks in some admin endpoints ( #166 )
...
Closes keycloak/keycloak-private#156
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-05 12:04:47 +02:00
Giuseppe Graziano
d5e82356f9
Encrypted KC_RESTART cookie and removed sensitive notes
...
Closes #keycloak/keycloak-private#162
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-05 10:33:44 +02:00
Pedro Igor
f8d55ca7cd
Export import realm with organizations
...
Closes #30006
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-05 09:50:03 +02:00
Martin Kanis
33331788a4
Introduce count method to avoid fetching all organization upon checking for existence
...
Closes #29697
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-04 10:45:28 -03:00
Martin Kanis
173f09fa6b
Malformed dependency version causing the build failure
...
Closes #30134
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-04 13:44:14 +02:00
Thomas Darimont
35a4a17aa5
Add support for application/jwt media-type in token introspection ( #29842 )
...
Fixes #29841
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-06-03 19:06:21 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support ( #28518 )
...
* OpenJDK 21 support
Closes #28517
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* x509 SAN UPN other name is not handled in JDK 21 (#904 )
closes #29968
Signed-off-by: mposolda <mposolda@gmail.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-06-03 14:17:28 +02:00
mposolda
9074696382
Editing built-in client policy profiles are silently reverted
...
closes #27184
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-03 14:00:37 +02:00
Pedro Igor
4c39fcc79d
Allow to configure if users are automatically redirected when the email domain matches an organization
...
Closes #30050
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-03 13:34:21 +02:00
raff897
6d6131cade
Backchannel logout url with curly brackets
...
closes #30023
Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
2024-06-03 09:51:39 +02:00
Ricardo Martin
0cd0d03c08
Remove all adapter-core code moved to util ( #30012 )
...
* Remove all tests that are only executed for undertow app server
* Remove installation steps for OIDC adapter in wildfly/eap app server
* Remove the util adapters package except HttpClientBuilder
* Remove HttpClientBuilder and use plain apache http client
Closes #29912
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-03 09:28:02 +02:00
Pedro Ruivo
ad32f8bdbc
auth-server-feature does not work for auth-server-quarkus-embedded ( #30045 )
...
Fixes #29259
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-03 08:47:52 +02:00
rmartinc
068ce5a61f
Modify xpath for account console logout in the webauthn tests
...
Closes #30024
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-31 15:14:35 +02:00
Stefan Wiedemann
0f6f9543ba
Add oid4vci to the account console ( #29174 )
...
closes #25945
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-05-31 15:11:32 +02:00
Patrick Jennings
5144f8d85f
Improve Client Type Integration Tests ( #29944 )
...
closes #30017
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-31 09:53:22 +02:00
Andrejs Mivreniks
1cf87407fe
Allow setting authentication flow execution priority value via Admin API
...
Closes #20747
Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>
2024-05-30 19:17:45 +02:00
Martin Bartoš
3f49036192
Unify approach for WebAuthn tests ( #29781 )
...
Closes #29780
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-05-30 14:21:27 +02:00
rmartinc
44ce2fb74d
Modify authz tests to not depende on adapter-core code
...
Closes #29882
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-30 08:02:29 +02:00
Pedro Igor
320f8eb1b4
Improve invitation messages and flow
...
Closes #29945
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 17:51:06 +02:00
Erik Jan de Wit
f088b0009c
initial ui for organizations ( #29643 )
...
* initial screen
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* more screens
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added members tab
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added the backend
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added member add / invite models
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* initial version of the identity provider section
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* add link and unlink providers
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* small fix
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* PR comments
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Do not validate broker domain when the domain is an empty string
Closes #29759
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added filter and value
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added first name last name
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* refresh menu when realm organization is changed
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed to record
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed to form data
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed lint error
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Changing name of invitation parameters
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Chancing name of parameters on the client
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Enable organization at the realm before running tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Domain help message
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Handling model validation errors when creating organizations
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Message key for organizationDetails
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Do not change kc.org attribute on group
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* add realm into the context
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* tests
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Changing button in invitation model to use Send instead of Save
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Better message when validating the organization domain
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Fixing compilation error after rebase
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* removed wait as it no longer required and skip flacky test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* skip tests that are flaky
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* stabilize user create test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 14:34:02 +02:00
Martin Bartoš
76a6733f0a
Replace PhantomJS by HtmlUnit
...
Closes #9979
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-05-29 11:17:57 +02:00
Martin Bartoš
b1a90972b6
Upgrade Selenium and Arquillian dependencies in testsuite
...
Closes #29778
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-05-29 11:17:57 +02:00
Pedro Igor
bbb83236f5
Do not lower-case the username from the IdP when creating the federated identity
...
Closes #28495
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 01:58:20 -03:00
Stefan Guilhen
694ffaf289
Allow organizations in different realms to have the same domain
...
Closes #29886
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-28 08:02:30 -03:00
Francis Pouatcha
4317a474d1
JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification ( #29635 )
...
closes #29634
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
Co-authored-by: DYLANE BENGONO <85441363+bengo237@users.noreply.github.com>
2024-05-28 12:51:56 +02:00
Yutaka Obuchi
68d9dcecb5
Supporting OID4VCI AuthZCode flow: ( #29685 )
...
closes #29724
Signed-off-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com>
Co-authored-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com>
Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-05-28 12:29:31 +02:00
Martin Bartoš
d396dfed6a
Upgrade old Keycloak version for DB migration tests ( #29884 )
...
Closes #29883
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-05-28 11:32:31 +02:00
Jon Koops
66ef3bf2d7
Remove Opera from supported web drivers ( #29903 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-05-28 09:01:40 +00:00
Douglas Palmer
b9c04bb8bc
Refactor PolicyEnforcer tests to remove dependency on keycloak-adapter-core and remove keycloak-adapter-core
...
Closes #29189
Closes #28791
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-27 15:00:13 -03:00
Stefan Wiedemann
5a68056f2a
Fix oid4vc mappers
...
Closes #29805
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-05-27 11:28:46 +02:00
mposolda
ea1cdc10bd
MigrateTo25_0_0 does not complete within default transaction timeout
...
closes #29756
Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-27 10:31:39 +02:00
Pedro Igor
2d4d32764c
Show a message when confirming an invitation link
...
Closes #29794
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-27 08:33:22 +02:00
rmartinc
b258b459d7
Generate RESTART_AUTHENTICATION event on success
...
Closes #29385
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-23 19:08:22 +02:00
vramik
0508d279f7
Filter empty domains from OrganizationsRepresentation before running validation
...
Closes #29809
Signed-off-by: vramik <vramik@redhat.com>
2024-05-23 09:53:51 -03:00
Marek Posolda
2efc163b89
Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database
...
Closes #27941
Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-23 12:00:18 +00:00
Daniel Fesenmeyer
c08621fa63
Always order required actions by priority (regardless of context)
...
- AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action
- AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation)
- add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now)
- fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80)
Closes #16873
Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2024-05-23 09:07:56 +02:00
Thomas Darimont
ab376d9101
Make required actions configurable ( #28400 )
...
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata
Fixes #28400
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
vramik
278341aff9
Add organizations enabled/disabled capability
...
Closes #28804
Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Francis Pouatcha
542fc65923
Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 ( #29628 )
...
closes #29627
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-05-22 10:30:34 +02:00
rmartinc
f7044ba5c2
Use SessionExpirationUtils for validate user and client sessions
...
Check client session is valid in TokenManager
Closes #24936
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Case Walker
f32cd91792
Upgrade owasp-java-html-sanitizer, address all fallout
...
Signed-off-by: Case Walker <case.b.walker@gmail.com>
2024-05-22 09:15:25 +02:00
Raffaele Lucca
a5a55dc66e
Protocol now is mandatory during client scope creation. ( #29544 )
...
closes #29027
Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
2024-05-22 09:10:46 +02:00
Patrick Jennings
84acc953dd
Client type OIDC base read only defaults ( #29706 )
...
closes #29742
closes #29422
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-22 09:07:19 +02:00
Pedro Igor
b019cf6129
Support unmanaged attributes for service accounts and make sure they are only managed through the admin api
...
Closes #29362
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-21 16:56:18 -03:00
Martin Kanis
97cd5f3b8d
Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not
...
Closes #29482
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-21 12:29:10 -03:00
rmartinc
3304540855
Allow admin console whoami endpoint to applications that have a special attribute
...
Closes #29640
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-20 09:51:07 +02:00
Stefan Guilhen
1aab371912
Fix errors when importing realms with the organization feature enabled
...
Closes #29630
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-17 07:25:31 -03:00
Ricardo Martin
74a80997c7
Fix CRL verification failing due to client cert not being in chain ( #29582 )
...
closes #19853
Signed-off-by: Micah Algard <micahalgard@gmail.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Micah Algard <micahalgard@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-05-17 11:28:07 +02:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages ( #29326 )
...
Update resource file and tests accordingly
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2024-05-16 09:55:41 +02:00
rmartinc
89d7108558
Restrict access to whoami endpoint for the admin console and users with realm access
...
Closes #25219
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-15 19:06:57 +02:00
Stefan Guilhen
c4760b8188
Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org.
...
Closes #29481
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-14 15:39:18 -03:00
Martin Kanis
3985157f9f
Make sure operations on a organization are based on realm they belong to
...
Closes #28841
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-14 10:47:39 -03:00
Pedro Igor
b4d231fd40
Fixing realm removal when removing groups and brokers associated with an organization
...
Closes #29495
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 14:29:27 +02:00
Pedro Igor
b5a854b68e
Minor improvements to invitation email templates ( #29498 )
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 13:19:02 +02:00
Pedro Igor
1b583a1bab
Email validation for managed members should only fail if it does not match the domain set to a broker
...
Closes #29460
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 10:46:22 +02:00
mposolda
d8a7773947
Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests
...
closes #12298
Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-13 16:33:29 +02:00
kaustubh-rh
8a82b6b587
Added a check in ClientInitialAccessResource ( #29353 )
...
closes #29311
Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>
2024-05-13 13:00:36 +02:00
rmartinc
2cc051346d
Allow empty CSP header in headers provider
...
Closes #29458
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-13 10:51:31 +02:00
Giuseppe Graziano
d735668fcd
Fix test failures after @DisableFeature
...
Closes #29253
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-05-13 08:20:54 +02:00
Pedro Igor
b50d481b10
Make sure organization groups can not be managed but when managing an organization
...
Closes #29431
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-10 21:28:11 -03:00
Stefan Guilhen
f0620353a4
Ensure master realm can't be removed
...
Closes #28896
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:56:18 -03:00
Stefan Guilhen
ceed7bc120
Add ability to search organizations by attribute
...
Closes #29411
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:45:41 -03:00
Pedro Igor
77b58275ca
Improvements to the organization authentication flow
...
Closes #29416
Closes #29417
Closes #29418
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-09 16:07:52 -03:00
Pedro Igor
a65508ca13
Simplifying the CORS SPI and the default implementation
...
Closes #27646
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-08 12:27:55 -03:00
Pedro Ruivo
cbce548e71
Infinispan 15.0.3.Final
...
Closes #29068
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-08 17:18:39 +02:00
Stefan Guilhen
dde2746595
Improve tests to ensure managed users disabled upon disabling the org can't be updated
...
Closes #28891
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 18:11:52 -03:00
Pedro Igor
927ba48f7a
Adding tests to cover using SAML brokers in an organization
...
Closes #28732
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 20:44:38 +02:00
Thore
4b194d00be
iso-date validator for the user-profile
...
Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker.
Closes #11757
Signed-off-by: Thore <thore@kruess.xyz>
2024-05-07 11:42:39 -03:00
Martin Kanis
d4b7e1a7d9
Prevent to manage groups associated with organizations from different APIs
...
Closes #28734
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-07 11:16:40 -03:00
Pedro Igor
f8bc74d64f
Adding SAML protocol mapper to map organization membership
...
Closes #28732
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 15:52:35 +02:00
Stefan Guilhen
aa945d5636
Add description field to OrganizationEntity
...
Closes #29356
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 10:35:51 -03:00
Pedro Igor
c0325c9fdb
Do not manage brokers through the Organization API
...
Closes #29268
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 09:15:25 -03:00
Alice W
d1549a021e
Update invitation changes based on review and revert deleted test from OrganizationMembertest
...
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
40a283b9e8
Token expiration tests and updates to registration required action
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
158162fb4f
Review tests and having invitation related operations in a separate class
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
287f3a44ce
registration link tests
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Alice W
ce2e83c7f9
Update test and link formation on invite of new user
...
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Alice W
18356761db
Add test for user invite registration and fix minor bug with registration link generation and email templating
...
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Pedro Igor
e0bdb42d41
adding test and minor updates to cover inviting existing users
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-06 17:57:13 -03:00
Stefan Guilhen
dae1eada3d
Add enabled field to OrganizationEntity
...
Closes #28891
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-06 14:46:56 -03:00
Alexander Schwartz
a9532274e3
Generate translations for locales via built-in Java functionality ( #29125 )
...
Closes #29124
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-05-06 09:30:14 +02:00
Giuseppe Graziano
c6d3e56cda
Handle reset password flow with logged in user
...
Closes #8887
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-05-06 09:10:47 +02:00
Douglas Palmer
00bd6224fa
Remove remaining Fuse adapter bits
...
Closes #28787
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-06 09:02:26 +02:00
Thomas Darimont
ba43a10a6d
Improve details for user error events in OIDC protocol endpoints
...
Closes #29166
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-05-06 08:32:31 +02:00
Pedro Igor
32d25f43d0
Support for mutiple identity providers
...
Closes #28840
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-04 16:19:27 +02:00
Douglas Palmer
051c0197db
Remove old-WildFly, EAP 7.4 and 6.4 SAML adapters
...
Closes #28785
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-03 15:39:05 +02:00
Justin Tay
7bd48e9f9f
Set logout token type to logout+jwt
...
Closes #28939
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-05-03 14:51:10 +02:00
Giuseppe Graziano
8c3f7cc6e9
Ignore include in token scope for refresh token
...
Closes #12326
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-05-03 09:05:03 +02:00
Douglas Palmer
e0176a7e31
Remove Wildfly and EAP OIDC adapters
...
Closes #23381
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-02 20:16:55 +02:00
Steven Hawkins
3b1ca46be2
fix: updating docs around -q parameter ( #29151 )
...
closes : #27877
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-02 16:48:43 +02:00
Stefan Guilhen
45e5e6cbbf
Introduce filtered (and paginated) search for organization members
...
Closes #28844
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-02 11:25:43 -03:00
Stefan Wiedemann
3e16af8c0f
Fix oid4vc tests ( #29209 )
...
closes #28982
closes #28983
closes #28984
closes #28985
closes #28986
closes #28987
closes #28988
closes #28989
closes #28990
closes #28991
closes #28992
closes #28993
closes #28994
closes #28995
closes #28996
* only enable/disable features that should
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* use default profile if nothing is set
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
---------
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-05-02 10:57:25 +00:00
Patrick Jennings
64824bb77f
Client type service account default type ( #29037 )
...
* Adding additional non-applicable client fields to the default service-account client type configuration.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Creating TypedClientAttribute which maps clientmodel fields to standard client type configurations.
Adding overrides for fields in TypeAwareClientModelDelegate required for
service-account client type.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Splitting client type attribute enum into 3 separate enums, representing
the top level ClientModel fields, the extended attributes through the
client_attributes table, and the composable fields on
ClientRepresentation.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Removing reflection use for client types.
Validation will be done in the RepresentationToModel methods that are responsible for the ClientRepresentation -> ClientModel create and update static methods.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
More updates
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Update client utilzes type aware client property update method.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* If user inputted representation object does not contain non-null value, try to get property value from the client. Type aware client model will return non-applicable or default value to keep fields consistent.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Cleaning up RepresentationToModel
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Fixing issue when updating client secret.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Fixing issue where created clients would not have fullscope allowed, because getter is a boolean and so cannot be null.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Need to be able to clear out client attributes on update as was allowed before and causing failures in integration tests.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Fixing issues with redirectUri and weborigins defaults in type aware clients.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Need to allow client attributes the ability to clear out values during update.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Renaming interface based on PR feedback.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Shall be able to override URI sets with an empty set.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Comments around fields that are primitive and may cause problems determining whether to set sane default on create.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
---------
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-02 12:22:02 +02:00
Ricardo Martin
65bdf1a604
Encode realm name in console URIs ( #29102 )
...
Before this fix console uris (including the client redirect uris) did not contain the url encoded realm name and therefore were invalid.
closes #25807
Signed-off-by: Philip Sanetra <code@psanetra.de>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Philip Sanetra <code@psanetra.de>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-05-02 10:30:06 +02:00
Douglas Palmer
8d4d5c1c54
Remove redundant servers from the testsuite
...
Closes #29089
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-30 17:39:32 +02:00
Stefan Guilhen
02e2ebf258
Add check to prevent deserialization issues when the context token is not an AccessTokenResponse.
...
- also adds a test for the refresh token on first login scenario.
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-30 12:02:10 -03:00
rmartinc
8042cd5d4f
Set client in the context for docker protocol
...
Fix to execute again the docker test
Closes #28649
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-30 10:17:17 +02:00
Pedro Igor
51352622aa
Allow adding realm users as an organization member
...
Closes #29023
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-29 08:37:47 -03:00
Jon Koops
a6e2ab5523
Remove jaxrs-oauth-client
and OIDC servlet-filter
adapters
...
Closes #28784
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-26 15:56:57 +02:00
Douglas Palmer
cca660067a
Remove JAAS login modules
...
Closes #28789
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
b2f09feebf
Remove servlet filter saml adapters
...
Closes #28786
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Stefan Guilhen
bfabc291cc
28843 - Introduce filtered (and paginated) searches for organizations
...
Closes #28843
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-25 12:38:20 -03:00
Stefan Guilhen
8fa2890f68
28818 - Reintroduce search by name for subgroups
...
Closes #28818
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-25 12:06:07 -03:00
vramik
d65649d5c0
Make sure organization are only manageable by the admin users with the manage-realm role
...
Closes #28733
Signed-off-by: vramik <vramik@redhat.com>
2024-04-23 12:16:57 -03:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
mposolda
337a337bf9
Grant urn:ietf:params:oauth:grant-type:pre-authorized_code was enabled even if oid4vc_vci feature is disabled
...
closes #28968
Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-22 18:31:46 +02:00
Ott
975bb6762f
Fixed type in invalidPasswordNotContainsUsernameMessage
...
Signed-off-by: Ott <ottalexanderdev@gmail.com>
2024-04-22 08:06:02 -03:00
Douglas Palmer
ed22530d16
Failure reset time is applied to Permanent Lockout
...
Closes #28821
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-22 11:47:22 +02:00
Stefan Wiedemann
b08c644601
Support credentials issuance through oid4vci ( #27931 )
...
closes #25940
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-04-22 11:37:55 +02:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity ( #26393 )
...
Closes #26201 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
etiksouma
1afd20e4c3
return proper error message for admin users endpoint
...
closes #28416
Signed-off-by: etiksouma <al@mouskite.com>
2024-04-20 12:17:53 +02:00
Giuseppe Graziano
f6071f680a
Avoid the same userSessionId after re-authentication
...
Closes keycloak/keycloak-private#69
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 14:44:39 +02:00
mposolda
c427e65354
Secondary factor bypass in step-up authentication
...
closes #34
Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
2024-04-19 14:43:53 +02:00
Giuseppe Graziano
897c44bd1f
Validation of providerId during required action registration
...
Closes #26109
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 13:06:51 +02:00
Joerg Matysiak
76a5a27082
Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it
...
Don't mask secrets at realm export
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130
Make sure admin events are not referencing sensitive data from their representation
...
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Steve Hawkins
0be34d64e7
task: refactor overlap between cli clients
...
also repackaging to more clearly delineate code roles
closes : #28329
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-18 17:39:16 -03:00
cgeorgilakis-grnet
89263f5255
Fix refresh token scope in refresh token flow with scope request parameter
...
Closes #28463
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-04-18 16:17:46 -03:00
Ricardo Martin
8daace3f69
Validate Saml URLs inside DefaultClientValidationProvider ( #135 ) ( #28873 )
...
Closes keycloak/keycloak-private#62
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:04:13 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access ( #131 ) ( #28872 )
...
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Douglas Palmer
00d4cab55e
Flaky test: org.keycloak.testsuite.forms.ResetPasswordTest#resetPasswordLink
...
Closes #21422
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-18 15:54:30 +02:00
vramik
860f3b7320
Prevent updating IdP via organization API not linked with the organization
...
Closes #28833
Signed-off-by: vramik <vramik@redhat.com>
2024-04-18 09:14:54 -03:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint ( #146 ) ( #28866 )
...
Closes #47
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Conflicts:
core/src/main/java/org/keycloak/util/TokenUtil.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 14:11:05 +02:00
Justin Tay
d807093f63
Fix OCSP nonce handling
...
Closes #26439
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-18 09:04:46 +02:00
Pedro Igor
f0f8a88489
Automatically fill username when authenticating to through a broker
...
Closes #28848
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-18 08:24:34 +02:00
Pedro Igor
1e3837421e
Organization member onboarding using the organization identity provider
...
Closes #28273
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Šimon Vacek
0205262c91
Workflow failure: Fuse adapter tests
...
Closes : #27021
Signed-off-by: Simon Vacek <simonvacky@email.cz>
2024-04-15 17:28:16 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli ( #28276 )
...
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-15 13:04:58 +00:00
Stefan Guilhen
2ab8bf852d
Add validation for the organization's internet domains.
...
Closes #28634
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Patrick Jennings
551a3db987
Updating validation logic to match our expectations on what applicable should mean.
...
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
03db2e8b56
Integration tests around client type parameter validation. Throw common ClientTypeException with invalid params requested during client creation/update requests. This gets translated into ErrorResponseException in the Resource handlers.
...
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
9814733dd3
DefaultClientType service will now validate all client type default values and respond with bad request message with the affending parameters that attempt to override readonly in the client type config.
...
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Patrick Jennings
42202ae45e
Translate client type exception during client create into bad request response.
...
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-04-15 09:39:34 +02:00
Giuseppe Graziano
4672366eb9
Simplified checks in IntrospectionEndpoint ( #28642 )
...
Closes #24466
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2024-04-12 21:19:04 +02:00
rmartinc
92bcd2645c
Retry the login in the SAML adapter if response is authentication_expired
...
Closes #28412
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 14:55:31 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper ( #28663 )
...
closes #28661
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-12 14:13:03 +02:00
Pedro Igor
61b1eec504
Prevent members with an email other than the domain set to an organization
...
Closes #28644
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions ( #28319 )
...
Persistent sessions code also for offline sessions
Closes #28318
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 13:15:02 +02:00
Martin Bartoš
a3669a6562
Make general cache options runtime ( #28542 )
...
Closes #27549
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-12 11:56:11 +02:00
rmartinc
6d74e6b289
Escape slashes in full group path representation but disabled by default
...
Closes #23900
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Stefan Guilhen
e6b9d287af
Add null checks after retrieving user from LDAP for validation to prevent NPE when user is removed in LDAP.
...
Closes #28523
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-11 14:29:30 -03:00
rmartinc
d31f128ca2
Fix test IdentityProviderTest#testSamlImportWithAnyEncryptionMethod
...
Closes #28577
Closes #28576
Closes #28575
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-11 18:56:37 +02:00
Steven Hawkins
d059a2af36
task: remove MultiVersionClusterTest ( #28520 )
...
closes : #17483
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-11 14:13:52 +02:00
Martin Bartoš
ad4cbf2a14
OrganizationTest.testAttributes fails in GHA CI
...
Fixes #28606
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-11 11:56:43 +02:00
tqe1999
6e0fc8a774
fix integer overflow with explicit cast
...
Closes #28564
Signed-off-by: tqe1999 <tqe1999@gmail.com>
2024-04-11 10:58:44 +02:00
Giuseppe Graziano
33b747286e
Changed userId value for refresh token events
...
Closes #28567
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-11 07:46:44 +02:00
Stefan Guilhen
9a466f90ab
Add ability to set one or more internet domain to an organization.
...
Closed #28274
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00
devjos
cccddc0810
Fix brute force detection for LDAP read-only users
...
Closes #28579
Signed-off-by: devjos <github_11837948@feido.de>
2024-04-10 16:36:11 +02:00
vramik
00ce3e34bd
Manage a single identity provider for an organization
...
Closes #28272
Signed-off-by: vramik <vramik@redhat.com>
2024-04-10 09:47:51 -03:00
Martin Kanis
51fa054ba7
Manage organization attributes
...
Closes #28253
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-10 09:10:49 -03:00
rmartinc
41b706bb6a
Initial security profile SPI to integrate default client policies
...
Closes #27189
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-10 11:19:56 +02:00
Giuseppe Graziano
c76cbc94d8
Add sub via protocol mapper to access token
...
Closes #21185
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-10 10:40:42 +02:00
mposolda
aa619f0170
Redirect error to client right-away when browser tab detects that another browser tab authenticated
...
closes #27880
Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-09 17:59:34 +02:00
Konstantinos Georgilakis
a40a953644
SAML element EncryptionMethod can consist any element
...
closes #12585
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-04-09 14:15:56 +02:00
Stian Thorgersen
a499512f35
Set SameSite for all cookies ( #28467 )
...
Closes #28465
Signed-off-by: stianst <stianst@gmail.com>
2024-04-09 12:29:19 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 ( #26345 )
...
* Hostname SPI v2
Closes : #26084
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comment
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Partially revert the previous fix
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Do not polish values
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Remove filtering of denied categories
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
vibrown
3fffc5182e
Added ClientType implementation from Marek's prototype
...
Signed-off-by: vibrown <vibrown@redhat.com>
More updates
Signed-off-by: vibrown <vibrown@redhat.com>
Added client type logic from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Justin Tay
e765932df3
Skip unsupported keys in JWKS
...
Closes #16064
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-08 08:42:31 +02:00
rmartinc
2b769e5129
Better management of the CSP header
...
Closes https://github.com/keycloak/keycloak/issues/24568
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-08 08:19:57 +02:00
Giuseppe Graziano
b4f791b632
Remove session_state from tokens
...
Closes #27624
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-08 08:12:51 +02:00
MNaaz
811c70d136
Support for searching users based on search filter, enabled attribute, first, max Closes #27241
...
Signed-off-by: MNaaz <feminity2001@yahoo.com>
2024-04-05 12:10:15 -03:00
Jon Koops
d3c2475041
Upgrade admin and account console to PatternFly 5 ( #28196 )
...
Closes #21345
Closes #21344
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Mark Franceschelli <mfrances@redhat.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2024-04-05 16:37:05 +02:00
Gilvan Filho
96db7e3154
fix NotContainsUsernamePasswordPolicyProvider: reversed check
...
closes #28389
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-04-05 10:39:07 -03:00
Pedro Igor
8fb6d43e07
Do not export ids when exporting authorization settings
...
Closes #25975
Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-04 19:26:03 +02:00
Justin Tay
30cd40e097
Use realm default signature algorithm for id_token_signed_response_alg
...
Closes #9695
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-04 11:37:28 +02:00
Justin Tay
89a5da1afd
Allow empty key use in JWKS for client authentication
...
Closes #28004
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-04-04 10:42:37 +02:00
Marek Posolda
335a10fead
Handle 'You are already logged in' for expired authentication sessions ( #27793 )
...
closes #24112
Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-04 10:41:03 +02:00
Martin Bartoš
7f048300fe
Support management port for health and metrics ( #27629 )
...
* Support management port for health and metrics
Closes #19334
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Deprecate option
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Remove relativePath first-class citizen, rename ManagementSpec
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Fix KeycloakDistConfiguratorTest
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-03 16:18:44 +02:00
Hynek Mlnarik
8ef3423f4a
Present effective sync mode value
...
When sync mode value is missing in the config of newly created identity
provider, the provider does not store any. When no value is
found, the identity provider behaves as if `LEGACY` was used (#6705 ).
This PR ensures the correct sync mode is returned from the REST endpoint,
regardless of whether it has been stored in the database or not.
Fixes : #26019
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-03 15:49:18 +02:00
Pedro Igor
4ec9fea8f7
Adding tests
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 08:04:17 -03:00
Clemens Zagler
b44252fde9
authz/client: Fix getPermissions returning wrong type
...
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this
Closes #16520
Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Giuseppe Graziano
fe06df67c2
New default client scope for 'basic' claims with 'auth_time' protocol mapper
...
Closes #27623
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00
Stefan Guilhen
2ca59d4141
Align isEnabled in MSAD mappers to how other properties are processed in UserAttributeLDAPStorageMapper
...
- user model is updated by onImport with the enabled/disabled status of the LDAP user
- a config option always.read.enabled.value.from.ldap was introduced, in synch to what we have in UserAttributeLDAPStorageMapper
- isEnabled checks the flag to decide if it should always retrieve the value from LDAP, or return the local value.
- setEnabled first updates the LDAP tx, and then calls the delegate to avoid issue #24201
Closes #26695
Closed #24201
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-01 08:20:35 -03:00
Steven Hawkins
e9ad9d0564
fix: replace aesh with picocli ( #27458 )
...
* fix: replace aesh with picocli
closes : #27388
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* splitting the error handling for password input
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding a change note about kcadm
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-03-28 14:34:06 +01:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database ( #27977 )
...
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.
Closes #27976
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-03-28 09:17:07 +01:00
Gilvan Filho
757c524cc5
Password policy for not having username in the password
...
closes #27643
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-03-28 08:29:03 +01:00
Pedro Igor
b9a7152a29
Avoid commiting the transaction prematurely when creating users through the User API
...
Closes #28217
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-27 19:16:09 -03:00
Lex Cao
a53cacc0a7
Fire logout event when logout other sessions ( #26658 )
...
Closes #26658
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-03-27 11:13:48 +01:00
Jon Koops
3382e16954
Remove Account Console version 2 ( #27510 )
...
Closes #19664
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-27 10:53:28 +01:00
Tomas Ondrusko
3160116a56
Remove Twitter workaround ( #28232 )
...
Relates to #23252
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2024-03-27 10:34:26 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession ( #28150 )
...
* fix: limit the use of Resteasy to the KeycloakSession
contextualizes other state to the KeycloakSession
close : #28152
2024-03-26 13:43:41 -04:00
vramik
fa1571f231
Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member
...
Closes #27993
Signed-off-by: vramik <vramik@redhat.com>
2024-03-26 14:02:09 -03:00
Pedro Igor
a470711dfb
Resolve the user federation link as null when decorating the user profile metadata in the LDAP provider
...
Closes #28100
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-26 10:14:49 -03:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm ( #28162 )
...
Closes #28161
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 13:04:14 +00:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider ( #28128 )
...
Closes #28120
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 12:44:11 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider ( #28031 )
...
Closes #28030
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
Reda Bourial
a41d865600
fix for SMTP email sending fails because of tls certificate verification even with tls-hostname-verifier=ANY ( #27756 )
...
Signed-off-by: Reda Bourial <reda.bourial@gmail.com>
2024-03-21 17:06:42 +01:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options ( #26833 )
...
closes : #24893
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:22:41 +01:00
Giuseppe Graziano
b24d446911
Avoid using wait() to wait for the redirect
...
Closes #22644
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-03-21 14:36:43 +01:00
Giuseppe Graziano
939420cea1
Always include offline_access scope when refreshing with offline token
...
Closes #27878
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-03-21 14:32:31 +01:00
Pedro Igor
32541f19a3
Allow managing members for an organization
...
Closes #27934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-21 10:26:30 -03:00
Martin Kanis
4154d27941
Invalidating offline token is not working from client sessions tab
...
Closes #27275
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-03-21 09:04:58 -03:00
Sebastian Schuster
0542554984
12671 querying by user attribute no longer forces case insensitivity for keys
...
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-03-21 08:35:29 -03:00
Pedro Igor
f970deac37
Do not grant scopes not granted for resources owned the resource server itself
...
Closes #25057
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-20 18:36:41 +01:00
René Zeidler
83a3500ccf
Attributes without a group should appear first
...
In the login theme, user profile attributes that
are not assigned to an attribute group should
appear before all other attributes. This aligns
the login theme (registration, verify profile,
etc.) with the account and admin console.
Fixes #27981
Signed-off-by: René Zeidler <rene.zeidler@gmx.de>
2024-03-19 18:40:01 +01:00
Stefan Wiedemann
67d3e1e467
Issue Verifiable Credentials in the VCDM format #25943 ( #27071 )
...
closes #25943
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-03-18 17:05:53 +01:00
cgeorgilakis-grnet
24f105e8fc
successful SAML IdP Logout Request with BaseID or EncryptedID and SessionIndex
...
Closes #23528
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-03-18 08:19:13 -03:00
Alexander Schwartz
62d24216e3
Remove offline session preloading
...
Closes #27602
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00