Commit graph

14137 commits

Author SHA1 Message Date
Sebastian Rose
5d9d749fbd KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-05 11:43:56 +02:00
Sebastian Rose
565251d5a6 KEYCLOAK-18380 Fix Groups search by name returns unwanted groups, cleanup test, skip tests on map storage provider feature 2021-08-05 11:43:56 +02:00
Thomas Darimont
17da3ee8d9 KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
Previously the group search did not apply a given search query as filter
for groups along the group path.

We now filter the found groups with the given group search query if present.
2021-08-05 11:43:56 +02:00
Yoshiyuki Tabata
bd55694903 fix README.md of quarkus 2021-08-04 20:16:06 -03:00
mposolda
b1d39aa136 KEYCLOAK-18949 DirectGrant login should fail if authenticationSession contains some required actions 2021-08-04 08:50:27 +02:00
Yang Xie
d8cb279bc4 KEYCLOAK-17693 add config for loading custom IdMapper class 2021-08-03 17:44:47 +02:00
carlChen
a0b01b6ef4 KEYCLOAK-16703 The username returned by token introspect endpoint is null when remove or modify username mapper 2021-08-03 17:38:37 +02:00
Florian Ritterhoff
65480cb5a1 Prevent security flaw using passwordless authentication
If you register without an password or delete your last token your account can be hijacked. This is can be done by simply trying to login in that moment where the account is without a token. You get the "normal" registration dialog and can capture the complete account.
2021-08-03 10:49:45 -03:00
cturkalj
b4536a394a Missing null check for session.userCache() added
NPE when existing user from LDAP is found (same LDAP_ID, but with changed username) and session.userCache() is null.
2021-08-03 13:40:02 +02:00
cedric guindon
1ad34c6ab0 [KEYCLOAK-18498] French i18n contains wrong param 2021-08-03 12:37:13 +02:00
Sebastian Kanzow
4e8e4592ca [KEYCLOAK-18419] Support SAML 2.0 Encrypted IDs in Assertion 2021-08-03 11:55:36 +02:00
Sanket Bhalerao
443bd4a1ba KEYCLOAK-15595: update keycloak js for KEYCLOAK-15595
while working on cordova+angular+ios the keycloak logout is not working. as the user clicks logout the user can again see the app instead of the inappbrowser page for login.
with clearcache=yes in the inappbrowser open the issue appears no more.
2021-08-02 10:56:25 -03:00
laskasn
f265d1d662 KEYCLOAK-18933 2021-08-02 15:27:08 +02:00
keycloak-bot
262ec3d031 Set version to 16.0.0-SNAPSHOT 2021-07-30 14:56:10 +02:00
Peter Skopek
3ed20e2878 KEYCLOAK-18597 Product distribution ZIP does not include rh-sso-7.5 folder 2021-07-30 12:33:14 +02:00
Pedro Igor
afb0b16e43 [KEYCLOAK-18922] - Ignore empty values for internal attributes not set to user 2021-07-30 12:30:43 +02:00
Hynek Mlnarik
0cdce1340d KEYCLOAK-18680 Always close result stream 2021-07-30 09:40:39 +02:00
Sebastian Kanzow
a412bb7b99 [KEYCLOAK-18417] Skip SAML 2.0 AttributeValue with user-defined xsi types 2021-07-30 08:48:25 +02:00
Miklín Vojtěch
e44a7af0e4 KEYCLOAK-18913 Update messages_cs.properties
Czech translations for base login theme:
themes/src/main/resources-community/theme/base/login/messages/messages_cs.properties

Co-Authored-By: dklika <78177642+dklika@users.noreply.github.com>
Co-Authored-By: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2021-07-29 21:18:41 +02:00
Martin Bartoš
56888911b0 KEYCLOAK-18691 CIBATest.testTokenRequestAfterIntervalButNotYetAuthenticated wrong expiration 2021-07-29 17:01:51 +02:00
Stefan Guilhen
9e676fce7e [KEYCLOAK-18559] Fix SAML adapters so they allow unescaped characters in URIs
- Makes adapters bahavior consistent with containers that allow unescaped characters in URIs
2021-07-29 12:11:32 +02:00
Pedro Igor
ff70e2e04b [KEYCLOAK-18916] - Do not consider empty values when checking read-only attributes 2021-07-29 08:46:16 +02:00
Vlastimil Elias
32f2f095fe KEYCLOAK-7724 User Profile default validations 2021-07-29 08:42:37 +02:00
mposolda
4dacbb9e0b KEYCLOAK-16996 User not able to revoke his offline token for directGrant clients 2021-07-29 08:04:16 +02:00
mposolda
9b0e1fff8d KEYCLOAK-18903 More customizable OIDC WellKnown provider 2021-07-28 18:03:23 +02:00
Pedro Igor
7efc3e8170 [KEYCLOAK-18875] - Minor improvements to attribute group UI 2021-07-28 12:07:39 -03:00
mposolda
05dfed721a KEYCLOAK-18636 The mtls_endpoint_aliases claim is not advertized in the discovery document 2021-07-28 13:32:31 +02:00
mposolda
e58eeca800 KEYCLOAK-18706 Add UPDATE_PASSWORD required action only to authenticationSession when MSAD requires user to change password 2021-07-28 08:47:01 +02:00
Pedro Igor
ef72343a6a [KEYCLOAK-18882] - User Profile still tech preview 2021-07-28 08:45:35 +02:00
Joerg Matysiak
acb2ac1c8d KEYCLOAK-18875 UI for managing group of attributes 2021-07-28 08:42:30 +02:00
Peter Skopek
ac92e600fc KEYCLOAK-17502 fix productization issue with two formats of packaged final server distribution 2021-07-28 08:28:31 +02:00
Denis Richtarik
0815ee59dd 7.5.0.DR1 Align versions for productization 2021-07-28 08:28:31 +02:00
Peter Skopek
052606fbcb KEYCLOAK-17502 Galleon Server Pack dependencies adjust to EAP 7.4.0 2021-07-28 08:28:31 +02:00
Peter Skopek
aee2ccfeea KEYCLOAK-17502 Galleon Adapter Pack dependencies adjust to EAP 7.4.0. 2021-07-28 08:28:31 +02:00
mposolda
4520cbd38c KEYCLOAK-18904 Support cert-bound tokens when doing client credentials grant. Client policies support for client credentials grant 2021-07-28 07:24:30 +02:00
mposolda
ce80a3ba9b KEYCLOAK-18901 Test for update clientNotificationEndpoint to 'http' URL should fail 2021-07-27 16:22:49 +02:00
Martin Bartoš
1b989d6b52 KEYCLOAK-18893 Adapters tests for EAP6 are failing 2021-07-27 16:12:31 +02:00
Sven-Torben Janus
c6e7c06f6c KEYCLOAK-18695 Support user lookup by ID with Novell eDirectory
The LDAPOperationManager does not encode GUID correctly when looking up
federated users from Novell eDirectory.

The correct encoding can be found here:
https://support.novell.com/docs/Tids/Solutions/10096551.html
2021-07-27 08:46:04 +02:00
mposolda
643b3c4c5a KEYCLOAK-18594 CIBA Ping Mode 2021-07-27 08:33:17 +02:00
Martin Bartoš
2418e31952 KEYCLOAK-18685 Style in RH-SSO login screen is broken 2021-07-26 11:25:23 +02:00
Hynek Mlnarik
8889122dc1 KEYCLOAK-18845 Remove key type in map storage (simplify generics) 2021-07-23 17:04:20 +02:00
Hynek Mlnarik
07402d9aac KEYCLOAK-18845 Remove key type in map storage (move StringKeyConvertor to CHM) 2021-07-23 17:04:20 +02:00
Takashi Norimatsu
9018fe9fad KEYCLOAK-18863 Global client profile for FAPI CIBA 2021-07-23 14:30:26 +02:00
Joerg Matysiak
9dff21d0a7 KEYCLOAK-18552
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
2021-07-23 09:26:21 -03:00
Stefan Guilhen
579302f396 [KEYCLOAK-18878] Register the subsystem parser for older versions of the OIDC adapter schemas 2021-07-23 10:10:23 +02:00
Takashi Norimatsu
6436716514 KEYCLOAK-18834 Client Policies : ClientScopesCondition needs to be evaluated on CIBA backchannel authentication request and token request 2021-07-23 10:06:02 +02:00
Martin Bartoš
036239a901 KEYCLOAK-18643 Generic Javascript failure in server and adapters test pipeline 2021-07-23 08:47:27 +02:00
Hynek Mlnarik
6b9040d18a KEYCLOAK-18876 Fix intermittent LoginTest failures 2021-07-23 08:44:50 +02:00
Takashi Norimatsu
84e19f1c57 KEYCLOAK-18833 FAPI-CIBA-ID1 : need to only accept confidential client on Backchannel Authentication endpoint 2021-07-23 08:26:36 +02:00
Luca Leonardo Scorcia
6bd7420907 KEYCLOAK-17290 SAML Client - Generate AttributeConsumingService SP metadata section 2021-07-22 21:53:16 +02:00