Hynek Mlnarik
6065f7d624
Fix missing translation
...
Fixes : #28744
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-23 13:15:19 +02:00
Steven Hawkins
9486432f3f
fix: removing httpclient override ( #28304 )
...
we need to have a dependency on commons-logging-jboss-logging
closes : #21392
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-23 10:09:06 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Pedro Igor
8e48bac278
Ordering the group and role ids in the policy representation
...
Closes #28824
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-22 20:28:47 +02:00
mposolda
337a337bf9
Grant urn:ietf:params:oauth:grant-type:pre-authorized_code was enabled even if oid4vc_vci feature is disabled
...
closes #28968
Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-22 18:31:46 +02:00
rmartinc
eac4b53751
Incorrect proxyMappings example in the guides
...
Closes #25514
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-22 18:30:41 +02:00
Tero Saarni
64862d568e
Convert database errors to 500 instead of 400.
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-04-22 11:42:18 -03:00
Stefan Guilhen
f1532565b6
Don't use no-arg version of GroupModel.getSubGroupsStream() when fetching the subgroups from the GroupResource endpoint.
...
- prevents pre-loading all groups; instead use the stream from the JPA adapter to load subgroups one by one and then filter based on the user permissions.
Closes #28935
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:27:29 -03:00
Stefan Guilhen
8ca4bc77a1
Improve the performance of the queries used to find granted resources
...
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time
Closes #28861
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:26:06 -03:00
Erik Jan de Wit
957859d846
Automatically re-authenticate on single-logout ( #28723 )
...
Automatically forces the user to re-authenticate from the Admin and Account consoles when a single-logout occurs.
Closes #23832
Closes #23833
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-04-22 11:45:15 +00:00
Alexander Schwartz
5ae1712f73
Fixing the condition for remote TLS and username/password ( #28950 )
...
Closes #28949
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-22 13:38:46 +02:00
Marek Posolda
b553fc2ae0
Fix compilation error ( #28965 )
...
closes #28964
Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-22 11:19:33 +00:00
Erwin Rohde
10544a5a93
socketTimeoutUnits and establishConnectionTimeoutUnits use TimeUnit set in HttpClientBuilder
...
Closes #28881
Signed-off-by: Erwin Rohde <erwin@rohde.nu>
2024-04-22 08:11:11 -03:00
Dimitri Papadopoulos Orfanos
7c77bb732f
Fix typo found by codespell in shell scripts ( #28957 )
...
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2024-04-22 08:06:24 -03:00
Ott
975bb6762f
Fixed type in invalidPasswordNotContainsUsernameMessage
...
Signed-off-by: Ott <ottalexanderdev@gmail.com>
2024-04-22 08:06:02 -03:00
Douglas Palmer
ed22530d16
Failure reset time is applied to Permanent Lockout
...
Closes #28821
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-22 11:47:22 +02:00
Stefan Wiedemann
b08c644601
Support credentials issuance through oid4vci ( #27931 )
...
closes #25940
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-04-22 11:37:55 +02:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity ( #26393 )
...
Closes #26201 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
Erik Jan de Wit
014b644724
removed use of deprecated dropdown ( #28928 )
...
towards: #28197
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-22 08:17:11 +02:00
Erik Jan de Wit
9a418cc53d
remove deprecated component use ( #28924 )
...
towards: #28197
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-22 07:21:58 +02:00
Alexander Schwartz
071032a108
Fixing the condition for embedded cache MTLS encryption
...
Closes #28750
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00
Alexander Schwartz
9d0b1ecee4
Review CLI option change for caching
...
Closes #28750
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3de5357091
CLI options to disable encryption and authentication to external Infinispan
...
Closes #28750
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
JN
6977d58d27
Add missing French and Spanish translations ( #28807 )
...
Closes #28798
Signed-off-by: JN <xkizokux@gmail.com>
2024-04-20 10:18:49 +00:00
etiksouma
1afd20e4c3
return proper error message for admin users endpoint
...
closes #28416
Signed-off-by: etiksouma <al@mouskite.com>
2024-04-20 12:17:53 +02:00
agagancarczyk
750ff41691
adll 3 scenarios ( #28899 )
...
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
2024-04-19 15:40:49 -04:00
Erik Jan de Wit
659f0f583f
changed name and added version number ( #28157 )
...
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-04-19 14:10:34 -04:00
Pedro Ruivo
3e0a185070
Remove deprecated EnvironmentDependentProviderFactory.isSupported method
...
Closes #26280
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Giuseppe Graziano
f6071f680a
Avoid the same userSessionId after re-authentication
...
Closes keycloak/keycloak-private#69
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 14:44:39 +02:00
mposolda
c427e65354
Secondary factor bypass in step-up authentication
...
closes #34
Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
2024-04-19 14:43:53 +02:00
Giuseppe Graziano
897c44bd1f
Validation of providerId during required action registration
...
Closes #26109
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-19 13:06:51 +02:00
Hynek Mlnarik
4f30400e07
Relax checking of messages
...
Related to: #28873
Fixes : #28911
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-19 12:52:40 +02:00
Václav Muzikář
2b8c895f71
Upgrade to Quarkus 3.8.4 ( #28884 )
...
Closes #28880
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-19 09:18:46 +00:00
Thomas Darimont
68617180a2
Show indicator for transient user in user sessions list in admin ui (28879)
...
For transient users a transient label is now shown in the realm sessions and client sessions list in the admin ui.
Fixes #28879
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-19 09:48:41 +02:00
Peter Zaoral
f9e68cdc54
quarkus-next: java.util.NoSuchElementException: No value present causes quarkus-server build failure ( #28857 )
...
* resolveFileLogLocation transformer method now checks the location value presence
Closes : #28856
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-19 09:14:19 +02:00
Steven Hawkins
d7ef650623
task: use informer rather than 0 interval polling ( #28901 )
...
related to: #28869
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-19 09:05:32 +02:00
Pascal Knüppel
ef45629df4
Add docs for transient-users how to prevent profile-review ( #28889 )
...
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
#relatesTo https://github.com/keycloak/keycloak/discussions/26637
2024-04-18 23:49:51 +02:00
Joerg Matysiak
76a5a27082
Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it
...
Don't mask secrets at realm export
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130
Make sure admin events are not referencing sensitive data from their representation
...
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Steve Hawkins
0be34d64e7
task: refactor overlap between cli clients
...
also repackaging to more clearly delineate code roles
closes : #28329
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-18 17:39:16 -03:00
john-gom
808926b63e
Use a typeahead select where there are ten or more options ( #28512 )
...
Use typeahead for locale selector
Fix onFilter of SelectControl rather than removing it
Signed-off-by: John Gomersall <thegoms@gmail.com>
2024-04-18 16:18:00 -04:00
cgeorgilakis-grnet
89263f5255
Fix refresh token scope in refresh token flow with scope request parameter
...
Closes #28463
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-04-18 16:17:46 -03:00
Ricardo Martin
4c2542b91f
Better management of domains in TrustedHostClientRegistrationPolicy ( #139 ) ( #28876 )
...
Closes keycloak/keycloak-private#63
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:06:50 +02:00
Ricardo Martin
8daace3f69
Validate Saml URLs inside DefaultClientValidationProvider ( #135 ) ( #28873 )
...
Closes keycloak/keycloak-private#62
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 16:04:13 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access ( #131 ) ( #28872 )
...
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Douglas Palmer
00d4cab55e
Flaky test: org.keycloak.testsuite.forms.ResetPasswordTest#resetPasswordLink
...
Closes #21422
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-18 15:54:30 +02:00
Martin Bartoš
7f74286106
Emphasize the need for setting container limit
...
Closes #28729
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-18 15:44:27 +02:00
Hynek Mlnarik
9d1433d266
Update URL builder
...
Fixes : keycloak/keycloak-quickstarts#548
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-04-18 14:50:10 +02:00
Thomas Darimont
eb2936f655
Add note about using groups with transient-users
...
Document an additional approach for managing user-roles for transient-users via groups.
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-18 14:49:18 +02:00
vramik
860f3b7320
Prevent updating IdP via organization API not linked with the organization
...
Closes #28833
Signed-off-by: vramik <vramik@redhat.com>
2024-04-18 09:14:54 -03:00