Pedro Igor
4376a3c757
Add an endpoint to the organizations endpoint to return the organizations for a given user
...
Closes #32158
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43
Make sure federationLink always map to the storage provider associated with federated users
...
Closes #31670
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:27:22 +02:00
Martin Bartoš
bf5cf47351
Management Interface is turned on even though nothing is exposed on it ( #31938 )
...
* Management Interface is turned on even though nothing is exposed on it
Fixes #31818
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Remove conditional enablement, add relevancy description
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-19 15:52:59 +02:00
Stefan Guilhen
fa7c2b5da6
Address review comments
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
6e7b36e82f
Add migration tests for the IDP changes
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65
Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code.
...
Closes #32090
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c
Support for ALL and ANY organization scope values
...
Related #31438
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-19 08:45:23 -03:00
mposolda
3d787727f9
Add acr scope to all clients for those migrating from older than Keycloak 18
...
closes #31107
Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-16 12:17:43 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values ( #32137 )
...
closes #31595
Signed-off-by: Himanshi Gupta <higupta@redhat.com>
2024-08-16 08:58:27 +02:00
Stefan Guilhen
aeb1951aba
Replace calls to deprecated RealmModel IDP methods
...
- use the new provider instead
Closes #31254
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00
Support for resolving organization based on the organization scope
...
Closes #31438
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies
...
Closes #16770
Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db
Add a count method to the OrganizationMembersResource
...
Closes #31388
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac
Client Policy - Condition : Client - Client Attribute
...
Closes https://github.com/keycloak/keycloak/issues/31766
Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
2024-08-14 09:56:56 +02:00
Pedro Igor
d04d2bb852
Allow removing users federated from a kerberos provider
...
Closes #31603
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-13 18:47:55 +02:00
rmartinc
a38d3b2f55
SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface
...
Closes #32084
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-13 15:53:45 +02:00
rmartinc
347f595913
Add ECDH-ES encyption algorithms to the java keystore key provider
...
Closes #32023
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a
Conditionally redirect existing users to a broker based on their credentials
...
Closes #31006
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-09 07:59:25 -03:00
Alexander Schwartz
07a168cb14
Deleted authentication sessions should not be re-surrected with an update
...
Closes #31829
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-09 07:26:05 -03:00
rmartinc
2a06e1a6db
Add SHAKE256 hash provider for Ed448
...
Closes #31931
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider ( #23928 )
...
Closes #23596
Closes #23597
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-08 17:29:35 +02:00
Pedro Igor
3ab2446074
Do not return identity providers when querying the realm representation
...
Closes #21072
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-07 10:06:51 -03:00
StephanSchrader
4d64092119
Fix persist config values for custom components ( #31862 )
...
Closes #31858
Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de>
Signed-off-by: Stephan Schrader <zstephanz@gmail.com>
Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>
2024-08-07 14:40:30 +02:00
Giuseppe Graziano
35c8c09b8d
OIDC dynamic client registration with response_type=none
...
Closes #19564
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-07 10:34:47 +02:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
...
Closes #31807
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Nikos Epping
4080ee2e84
Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper
...
Fixes #31575
Signed-off-by: Nikos Epping <n.epping@evosec.de>
2024-08-05 10:22:22 +02:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC ( #31763 )
...
closes #31712
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1
Add a media type to error responses on OID4VC endpoints
...
Closes #31585
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-02 12:09:09 +02:00
Justin Tay
f537343545
Allow empty key use in JWKS from identity provider
...
Closes #31823
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-02 11:39:43 +02:00
rmartinc
773e309f75
Parse saml urls correctly if the bindings are different
...
Closes #31780
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-02 11:34:06 +02:00
Thomas Darimont
282260dc95
Ensure issued_client_type is always added to successful token-exchange response ( #31548 )
...
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1 )
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type
Fixes #31548
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-30 18:33:51 +02:00
rmartinc
a6c70d65ee
Do not generate secret when client rep do not specifiy public or bearer
...
Closes #31444
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-30 18:32:15 +02:00
Pedro Igor
a79761a447
Support for blocking concurrent requests when brute force is enabled
...
Closes #31726
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-30 10:01:48 +02:00
Hynek Mlnarik
183cd6c957
Run tests with keycloak.v2 login theme
...
The fixes (mostly selectors) are needed for tests.
In the future, to switch the keycloak.v2 to the default theme, do
the following:
- Update `ThemeSelectorProvider`: Uncomment relevant lines
- Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property
- Update `ThemeSelectorTest` per comment
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-07-30 10:01:17 +02:00
Martin Kanis
d91d6d18d5
Can not update organization group error when trying to create organisation from REST API
...
Closes #31144
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes ( #29967 )
...
fixes #30179
fixes #30181
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-29 16:30:54 +02:00
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs ( #31620 )
...
closes #31581
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645
Respect the username value format when processing federated users
...
Closes #31240
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators ( #31549 )
...
Closes #30476
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:03:21 +02:00
Pedro Igor
04bd6653ec
Invalidating domain cache and introducing cache for more query methods
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a
Allow members joining multiple organizations
...
Closes #30747
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Giuseppe Graziano
12732333c8
Client scope assignment for client registration
...
Closes #31062
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-26 17:33:49 +02:00
Stefan Guilhen
c9f5a0aa32
Testsuite: ensure realm is set in session context
...
Closes #31636
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-26 11:11:44 -03:00
Lex Cao
3818f8f575
Prevent removing flow that used by client flow overrides
...
Closes #30707
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-07-26 16:05:29 +02:00
vramik
01f5747eed
If the user is federated before the broker is associated with an organization this user is not a managed user
...
Closes #30744
Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
vramik
649b35929e
Make sure users created through a registration link are managed members
...
Closes #30743
Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071
feature: password age in days policy
...
Closes #30210
Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
2024-07-24 15:12:16 -03:00
Kamesh Akella
33b3fd313c
Add migration tests for AuroraDB ( #31396 )
...
Fixes #31024
Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
2024-07-24 16:45:02 +02:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation( #30692 )
...
closes #30525
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-07-24 13:45:39 +02:00
Miquel Simon
aab7a912c4
Updated connection configuration for MSSQL test container
...
Closes #31558
Signed-off-by: Miquel Simon <msimonma@redhat.com>
2024-07-24 09:12:58 +00:00
Hynek Mlnarik
a7374f92be
Update login theme to login v2
...
Fixes : #29009
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-07-18 14:33:22 +02:00
Hynek Mlnarik
ab6ca323db
Run docker tests with proper theme and fix chromedriver path
...
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-07-18 14:33:22 +02:00
mposolda
3110bb8989
Missing Cache-Control header when response_type parameter is missing in login request
...
closes #29866
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-18 10:17:52 +02:00
rmartinc
5ea3becef5
Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest
...
Closes #30188
Closes #30641
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-18 10:03:13 +02:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential ( #30920 )
...
closes #30918
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-07-18 09:52:02 +02:00
mposolda
06f6173c8a
Add suffix to keycloak-authz-client artifact in keycloak repository
...
closes #30926
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-17 14:59:09 +02:00
Martin Kanis
e5848bdcf9
Cannot set unmanagedAttributePolicy without profile attributes
...
Closes #31153
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-17 09:53:59 -03:00
mposolda
5526976d1c
Add suffix to keycloak-policy-enforcer artifacts in keycloak repository
...
closes #30927
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-17 12:03:23 +02:00
Ricardo Martin
3d12c05005
Correctly moves to the next required action ( #31358 )
...
Closes #31014
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-07-17 09:38:29 +02:00
Pedro Igor
de1de06354
Avoid adding organization flows if they are already exist
...
Closes #31182
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-17 08:28:00 +02:00
Stefano Azzalini
6d67c1f9cc
Normalize default authentication flow descriptions to start with an uppercase letter ( #31277 )
...
Closes #31291
Signed-off-by: Stefano Azzalini <stefano.azzalini@luminator.com>
2024-07-16 13:49:35 +02:00
Lex Cao
6c71ad2884
Fallback to no override flow when missing in client override
...
Closes #30765
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-07-16 11:33:41 +02:00
Thomas Darimont
2140e573f2
Fix test LDAP connection with multiple ldap connection urls
...
Previously, the given connection string was check with URI.create(..) which
failed when multiple space separated LDAP URLs were given.
Closes #31267
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-16 08:57:50 +02:00
Martin Kanis
887db25f00
Allow auto-redirect existing users federated from organization broker when using the username
...
Closes #30746
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-15 13:48:45 -03:00
mposolda
1864cf1827
Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25
...
closes #31224
Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-15 18:30:35 +02:00
Pedro Igor
c33585a5f4
All pubic brokers are shown during authentication rather than only those associated with the current organization
...
Closes #31246
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-12 17:51:39 +02:00
Giuseppe Graziano
1df60461a9
Avoid race condition when using initial-access-token
...
Closes #27294
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-12 16:33:02 +02:00
Douglas Palmer
9300903674
page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt
...
Closes #25440
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-07-12 16:24:21 +02:00
Pascal Knüppel
4028ada2a5
Add required default-context value to VerifiableCredential ( #30959 )
...
closes #30958
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-07-11 18:25:11 +02:00
Steven Hawkins
4970a9b729
fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD
...
closes : #30658
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-07-11 18:07:57 +02:00
rmartinc
096e335a92
Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider
...
Closes #30880
Closes #29755
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-11 12:40:45 +02:00
Pedro Igor
da6c9ab7c1
Bruteforce protector does not work when using organizations
...
Closes #31204
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-11 00:26:47 +02:00
Jon Koops
a0c99a7ae0
Show full error details in admin and account consoles
...
Closes #30705
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-07-10 16:20:26 +02:00
Martin Kanis
922eaa9fc8
Disable username prohibited chars validator when email as username is… ( #31140 )
...
* Disable username prohibited chars validator when email as the username is set
Closes #25339
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 09:46:24 -03:00
Pedro Igor
d475833361
Do not expose kc.org attribute in user representations
...
Closes #31143
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 13:43:23 +02:00
Alexander Schwartz
d70f78072e
Make persistent sessions co-exist with remote cache feature ( #30859 )
...
Closes #30855
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-09 09:03:36 +02:00
rmartinc
f78a46485d
TE should create a transient session when there is no initial session in client-to-client exchange
...
Closes #30614
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-08 15:44:38 -03:00
Pedro Igor
ead1b4a851
Testing ldap connection should not process or bind the credentials ( #31081 )
...
Closes #30821
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-08 13:58:02 +02:00
Pedro Igor
cbf7f208fb
Avoid iterating and updating all group policies when removing groups ( #31057 )
...
Closes #31056
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-08 13:57:20 +02:00
wojnarfilip
3c429b7506
Update social login tests login flows
...
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
2024-07-08 08:48:31 +02:00
Pedro Igor
f010f7df9b
Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-03 11:55:04 -03:00
Martin Kanis
e1b735fc41
Identity-first login flow should be followed by asking for the user credentials
...
Closes #30339
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-03 11:55:04 -03:00
Giuseppe Graziano
02d64d959c
Using _system client when account client is disabled for email actions
...
Closes #17857
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet
20cedb84eb
Check refresh token flow response for offline based on refresh token request parameter
...
Closes #30857
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-07-02 18:13:30 -03:00
Steven Hawkins
d534860e2b
fix: admin cli client should set the content when performing a merge ( #30539 )
...
closes : #29878
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-28 15:56:07 +02:00
Pedro Igor
cc2ccc87b0
Filtering organization groups when managing or processing groups
...
Closes #30589
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-28 10:27:18 -03:00
Steven Hawkins
aae1fa1417
fix: addresses cli erroneously wants a secret when env password is set ( #30892 )
...
closes : #30866
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-28 11:48:42 +02:00
Thomas Darimont
690c6051bb
Fix scope policy evaluation for client to client token exchange ( #26435 )
...
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.
We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.
We also ensure backwards compatibility for ClientPermissionManagement API.
Fixes #26435
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-06-28 10:33:20 +02:00
mposolda
f1b8a983d2
Cleanup mod_auth_mellon from the testsuite
...
closes #30869
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-28 08:33:36 +02:00
Douglas Palmer
7a8c7502d2
Cleanup of adapter-spi module?
...
Closes#30871
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-27 19:41:30 +02:00
Douglas Palmer
220f32aa85
Cleanup of adapter pages
...
Closes #30870
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-27 18:57:22 +02:00
mposolda
7279f2092e
Cleanup of test-apps and related adapter code
...
closes #30867
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 15:10:31 +02:00
mposolda
e5a4c94f75
Added suffix to keycloak-admin-client artifacts in keycloak repository
...
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-27 11:00:30 +02:00
Romain LABAT
6615691c63
Support for service accounts when fetch roles is enabled ( #30687 )
...
Support for service accounts when fetch roles is enabled
Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-25 18:00:26 -03:00
rmartinc
e9c9efc3f4
Upgrade bc-fips to 1.0.2.5
...
Closes #26568
Closes #27884
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2
Issue: 26568 - bcfips version bump and fixes
...
* bump BCFIPS to 1.0.2.5
* fix bc-fips related test error
* remove unused imports
Closes : #26568
Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
2024-06-25 11:07:27 +02:00
fwojnar
015fefad02
Remove Edge from supported web drivers ( #30423 )
...
Closes #29921
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2024-06-24 17:24:55 +02:00
fwojnar
e30e6cba8e
Remove Safari from supported web drivers ( #30424 )
...
Related to #29921
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2024-06-24 13:27:12 +02:00
fwojnar
640db99c27
Remove Appium from supported web drivers ( #30483 )
...
Related to #29921
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2024-06-24 13:26:33 +02:00
Takashi Norimatsu
b0aac487a3
VC issuance in Authz Code flow with considering scope parameter
...
closes #29725
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-24 10:53:19 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM ( #29927 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
mposolda
6a9e60bba0
Flow steps back when changing locale or refreshing page on 'Try another way page'
...
closes #30520
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-21 11:22:15 +02:00
rmartinc
592c2250fc
Add briefRepresentation query parameter to getUsersInRole endpoint
...
Closes #29480
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-21 11:21:02 +02:00
Takashi Norimatsu
6b135ff6e7
client-jwt authentication fails on Token Introspection Endpoint
...
closes #30599
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-06-21 10:47:25 +02:00
Pedro Igor
a0ad680346
Adding an alias to organization and exposing them to templates
...
Closes #30312
Closes #30313
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
rmartinc
f690947cea
Remove the SAML undertow adapter
...
Closes #30554
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-20 09:47:14 +02:00
Giuseppe Graziano
6b07b67667
Removed saml filter adapter tests
...
Closes #30553
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-20 09:42:59 +02:00
Pedro Ruivo
5fc12480fd
External Infinispan as cache - Part 4 ( #30072 )
...
UserSessionProvider implementation to make use of Infinispan remote
cache.
Closes #28755
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559
External Infinispan as cache - Part 3
...
Implementation of UserLoginFailureProvider using remote caches only.
Closes #28754
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e
External Infinispan as cache - Part 2
...
Includes a new implementation for the providers:
* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory
Closes #28648
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2
External Infinispan as cache - Part 1
...
Part 1 includes
* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature
New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider
Closes #28140
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Martin Kanis
dc109381e1
Refactor organization tests
...
Closes #30338
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-19 09:34:24 -03:00
Martin Kanis
89f83e9788
Importing organizations failing if there is no broker and members in the representation
...
Closes #30305
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-19 08:46:04 -03:00
Pedro Igor
57139cbefc
Internal read-only attributes have precedence over unmanaged attribute policy
...
Closes #30240
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-19 12:05:01 +02:00
Alexander Schwartz
9ce47fc117
Trying to switch the database
...
Closes #28311
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-19 10:30:36 +02:00
Giuseppe Graziano
24aa6e143d
REALM_CLIENT attribute to recognize realm clients ( #30433 )
...
Closes #29413
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-19 10:22:13 +02:00
Stefan Guilhen
db846a792d
Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches
...
Closes #30414
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-06-18 13:14:28 -03:00
Francis Pouatcha
d4797e04a2
Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification ( #30420 )
...
closes #30419
Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-06-18 17:07:49 +02:00
rmartinc
fc65c73106
Upgrade adapters test to use wildfly 28 (jakarta only) via maven plugin
...
Closes #30324
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-18 15:40:59 +02:00
rmartinc
38d8cf2cb3
Add UPDATE event to the client-roles condition
...
Closes #30284
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-18 15:30:42 +02:00
Martin Bartoš
5ad3abaa96
Enable WebAuthn tests for Firefox ( #30374 )
...
Closes #22075
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-06-18 10:36:01 +02:00
Jon Koops
08c3bb83f2
Remove Internet Explorer from supported web drivers ( #29918 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-17 15:48:58 +00:00
rmartinc
c51640546d
Improvements for ldap test authentication
...
Closes #30434
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-15 10:01:24 +02:00
Thibault Morin
f6fa869b12
feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP ( #29619 )
...
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP
Signed-off-by: tmorin <git@morin.io>
* Adding broker test and minor improvements
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing IdentityProviderTest
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Renaming methods related to idp initiated flows
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing partial_import_test.spec.ts
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---------
Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-14 08:54:49 -03:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller ( #29474 )
...
Closes #29394
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-13 18:02:46 +02:00
Lukas Hanusovsky
ca0833b2e4
[ #29412 ] DB Allocator removal - dependency cleanup. ( #30406 )
...
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2024-06-13 13:31:52 +00:00
vramik
de2fdbe98f
cache count
...
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
vramik
d355e38424
Provide a cache layer for the organization model
...
Closes #30087
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
Alfredo Moises Boullosa
a5cd6ed965
Add step to Google Social Login ( #30335 )
...
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
2024-06-12 17:27:02 +02:00
Stefan Guilhen
c49b5749ef
Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP
...
Closes #29784
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-06-12 10:42:21 -03:00
Martin Kanis
ae69b3b260
Introduce packages for organization tests
...
Closes #30337
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-12 10:02:06 -03:00
rmartinc
7d42ab822b
Remove adapter app-server-undertow profile which is not used
...
Closes #30347
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-12 14:40:06 +02:00
Patrick Jennings
75925dcf6c
Client type configuration inheritance ( #30056 )
...
closes #30213
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-06-10 18:59:08 +02:00
rmartinc
7d05a7a013
Logout from all clients after IdP logout is performed
...
Closes #25234
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-10 11:58:09 -03:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs ( #29966 )
...
Closes #14122
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
Steven Hawkins
c7e9ee2bff
fix: adds handling for all kcadm prompts as env variables ( #29430 )
...
closes : #21961
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-06 13:08:23 +00:00
Bruno Oliveira da Silva
f34baf3c24
Update license headers ( #29942 )
...
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
2024-06-06 14:06:09 +02:00
Alexander Schwartz
97ab0def2c
Adding ForkJoinPool for Quarkus to the surefire initialization for embedded Quarkus
...
Closes #30206
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-06 12:52:11 +02:00
Pedro Igor
94c194f1f4
Prevent users to unlink from their home identity provider when they are a managed member
...
Closes #30092
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2024-06-05 13:57:01 +02:00
mposolda
0bf613782f
Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error
...
closes #30102
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-05 13:55:02 +02:00
rmartinc
eedfd0ef51
Missing auth checks in some admin endpoints ( #166 )
...
Closes keycloak/keycloak-private#156
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-05 12:04:47 +02:00
Giuseppe Graziano
d5e82356f9
Encrypted KC_RESTART cookie and removed sensitive notes
...
Closes #keycloak/keycloak-private#162
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-05 10:33:44 +02:00
Pedro Igor
f8d55ca7cd
Export import realm with organizations
...
Closes #30006
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-05 09:50:03 +02:00
Martin Kanis
33331788a4
Introduce count method to avoid fetching all organization upon checking for existence
...
Closes #29697
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-04 10:45:28 -03:00
Martin Kanis
173f09fa6b
Malformed dependency version causing the build failure
...
Closes #30134
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-04 13:44:14 +02:00
Thomas Darimont
35a4a17aa5
Add support for application/jwt media-type in token introspection ( #29842 )
...
Fixes #29841
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-06-03 19:06:21 +02:00
rmartinc
536534dd25
Remove the transformed output directory before executing JakartaTransformer
...
Closes #30086
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-03 19:03:46 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support ( #28518 )
...
* OpenJDK 21 support
Closes #28517
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* x509 SAN UPN other name is not handled in JDK 21 (#904 )
closes #29968
Signed-off-by: mposolda <mposolda@gmail.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-06-03 14:17:28 +02:00
mposolda
9074696382
Editing built-in client policy profiles are silently reverted
...
closes #27184
Signed-off-by: mposolda <mposolda@gmail.com>
2024-06-03 14:00:37 +02:00
Pedro Igor
4c39fcc79d
Allow to configure if users are automatically redirected when the email domain matches an organization
...
Closes #30050
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-03 13:34:21 +02:00