Commit graph

3163 commits

Author SHA1 Message Date
Stian Thorgersen
ac79fd0c23
Disallow special characters in usernames to prevent confusion with similarly looking usernames (#11531)
Closes #11532

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
2022-04-20 15:53:15 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117)
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-04-20 14:25:16 +02:00
Martin Bartoš
3aa3db16ea
Fix error response for invalid characters (#11533)
Fixes #11530
2022-04-20 11:26:08 +02:00
Pedro Igor
f1fd7af758
Remove policies when user is deleted (#11385)
Closes #11284
2022-04-20 09:23:46 +02:00
m-takai
5f0e27a792 Add duplicate parameters check process in Device Authz Endpoint.
AuthorizationEndpointRequest class already checks duplicated parameters but DeviceEndpoint class has not checked its error. Thus a check process is added in handleDeviceRequest()

Closes #11294
2022-04-19 14:20:39 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance (#11220)
Closes #11148
2022-04-19 09:10:14 +02:00
Martin Kanis
a2d7cd7a5c Hot Rod map storage: User / client session no-downtime store 2022-04-14 15:34:22 +02:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint (#9842)
Resolves #10896
2022-04-13 13:57:22 -03:00
Giacomo Altiero
3b7243cd47
Support for UserInfo response encrypted (#10519)
Close #10517
2022-04-12 14:01:14 +02:00
Alexander Schwartz
a6dd9dc0f1 Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests.
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.

Closes #11211
2022-04-12 09:12:21 +02:00
Alexander Schwartz
5c810ad0e5 Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST"
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".

Also implementing a retry logic for all remaining errors regarding LDAP.

Closes #11171
2022-04-11 10:03:15 +02:00
Pedro Igor
834a276767 NPE when caching policies based on scopes without a resource
Closes #11180
2022-04-08 08:43:08 -03:00
Michal Hajas
1f2ebf4cba Add HotRod no downtime store for Realms
Closes #9670
2022-04-08 09:36:01 +02:00
Pedro Igor
b4770c30fd Fixing NPE when querying resources by type
Closes #11137
2022-04-07 15:10:20 -03:00
Tyler Andor
caebe50d7e
Updates patternfly libs and fixes breaking changes (#10748)
adding nvmrc

CIAM-1048 Device Activity screen PF updates

CIAM-1046: Personal Info sub-header update

Updates SigningInPage to use EmptyState component when there are no credentials.

rearanged some components used in signing in page

Displays ApplicationPage content in description list.

Updates refresh link on ContentPage, updates Resources screen.

CIAM-1049 Linked Accounts screen PF updates

CIAM-1043-General upstream updates

Updates AccountPage to display form errors.

fix: display Set up Authenticator Application link on large viewport

fix(page structure): rearranges page sections

CIAM-1254/Personal info PF4 updates & Sidebar text updates

updating layouts

updating layout on Signing in and Linked acounts

adding patternfly-additions

adding patternfly-addons styles

Updates Application page based on designs feedback.

moving page description

Updates status label on Applications page to be capitalized.

Updates the copy-fonts script for keycloak.v2 to copy all font directories instead of one.

update Personal info screen - set max width of 600px for form input fields

update Personal info - remove required indicator from input fields

General updates (#2)

* removed the extra lines being shown

* tweaked general spacing

* general alignment and spacer application

* refactor to get proper alignments without css globals

* forgot to add the conditional on displaying the set up buttons

* try and adjust the alignments

Co-authored-by: zwitter <zwitter@redhat.com>

resolve merge conflicts

Device activity updates (#4)

* update text to sentence case

* update device info columns to be dynamic across various viewport sizes

* update signed in device layout

* update based on feedback

Co-authored-by: Jon Szeto <jszeto@redhat.com>

Linked accounts update (#3)

* linked accounts screen - updated icons & Linked/Unlinked Login Providers layout & update text to sentence case

Co-authored-by: Jon Szeto <jszeto@redhat.com>

fixing ts errors

cleaning up fonts and messages

final review updates

message update for Back to admin console link

fixing capitalization on 2fa

updating landing page welcome message

fix: reposition Back to... link

adjusting size for confirm modal

updating spacing and alignment issues

updating resources page

removing unused header class

fixes ts issues and updates node version to match the themes install

npm updates

fixing pf addons

adding chokidar to get babel:watch working

fixing issues from pull request feedback

fixing tests

fixes signingin page test

fixing tests

Co-authored-by: Tyler Andor <tandor@highereducation.com>
2022-04-06 13:00:38 +02:00
Stian Thorgersen
7c64f28934
Change admin console to load keycloak.js using a relative URL (#11109)
* Change admin console to load keycloak.js using a relative URL

Closes #11108

* fix tests

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-04-06 09:35:26 +02:00
Michal Hajas
4c20388eb7 Remove SOAPException from SOAPBindingTest as RunOnServer cannot load it
Closes #11090
2022-04-04 15:53:55 +02:00
Martin Kanis
395bd447f2 Hot Rod map storage: Login failure no-downtime store 2022-04-01 20:43:18 +02:00
Douglas Palmer
f57d0dd100
Automated tests for session limits authenticator (browser, direct grant, reset password) (#11046)
Closes #11003
2022-04-01 18:44:38 +02:00
Michal Hajas
44000caaf5 KEYCLOAK-19177 Disable ECP flow by default for all Saml clients; ecp flow creates only transient users sessions 2022-03-31 16:06:44 +02:00
Teubner, Malte
b5f70d8a32 Add scope parameter to admin-client TokenManager.
Closes #10759
2022-03-31 10:56:08 -03:00
iingawal
6016b461db
Fix for "updatedAt" user attribute in "profile" client scope should use number instead of String (#11020)
Closes #10081


Co-authored-by: Indrajit Ingawale <iingawal@iingawal.pnq.csb>
2022-03-31 14:33:03 +02:00
Marek Posolda
aacae9b9ac
Support for frontchannel_logout_session_required OIDC client parameter (#11009)
* Support for frontchannel_logout_session_required OIDC client parameter
Closes #10137
2022-03-31 14:25:24 +02:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint (#10887)
* OIDC RP-Initiated logout endpoint
Closes #10885

Co-Authored-By: Marek Posolda <mposolda@gmail.com>

* Review feedback

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
2022-03-30 11:55:26 +02:00
Andrea Peruffo
da5db5a813
Fix NPEs during realm import (#10962)
Closes #10961
2022-03-29 21:48:37 +02:00
Marcelo Daniel Silva Sales
091b1472ce
Introduce client secret rotation dynamic registration (#10952)
Closes #10609
2022-03-28 20:39:11 +02:00
Konstantinos Georgilakis
99fa6275c1 KEYCLOAK-19313 configure the name format in Attribute Importer IdP Mapper 2022-03-25 09:42:22 +01:00
Takashi Norimatsu
9c01d819cb Client Policies : An executor rejecting all requests
Closes #9097
2022-03-23 12:45:38 +01:00
Marcelo Daniel Silva Sales
6efa45f93e
Update secret rotation when the policy is enabled using jwt (#10853)
Closes #10666
2022-03-23 08:25:58 +01:00
Martin Kanis
e493b08fa7 Add expiration field to root authentication session 2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
Alexander Schwartz
fb92b95c33 Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible.
This reverts commit bc27c7c464.

Closes #10840
2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6 Hot Rod map storage: Authentication session no-downtime store 2022-03-22 09:05:52 +01:00
Pedro Igor
ffa6df5547
Fixes to hostname (#10820)
Closes #10627
Closes #10331
2022-03-22 08:11:50 +01:00
Joaquim Fellmann
92c4e6d585
KEYCLOAK-16134 Allow webauthn idless login flow (#7860)
Closes #10832
2022-03-21 11:37:33 +01:00
Clara Fang
bc27c7c464 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
Closes #10333
2022-03-18 11:20:52 +01:00
Michal Hajas
c18a682f50 Do not store undefined values in store
Closes #10744
2022-03-17 16:44:33 +01:00
mposolda
9e12587181 Protocol mapper and client scope for 'acr' claim
Closes #10161
2022-03-11 09:23:25 +01:00
Martin Bartoš
8ee7ae24de Make WebAuthn feature default for the product version
Closes #10695
2022-03-10 19:00:54 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730)
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
2022-03-10 15:49:25 +01:00
Martin Bartoš
8a0f1ccb34 Properly execute AuthenticationFlowCallbackProviderTest with Map storage
Closes #10268, Closes #10225
2022-03-10 15:00:23 +01:00
rmartinc
a7c8aa1dd3
[#10616] Incorrect username logged for federated accounts (#10662)
Closes #10616
2022-03-10 13:21:39 +01:00
Marcelo Daniel Silva Sales
0c25da542c
Update secret rotation when the policy is disabled (#10674)
Closes #10667
2022-03-10 13:03:09 +01:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname
It's always a converter, unless electricity is involved.

Closes #10573
2022-03-09 08:28:52 -03:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation (#10603)
Closes #10602
2022-03-09 00:05:14 +01:00
mposolda
d394e51674 Introduce profile 'feature' for step-up authentication enabled by default
Closes #10315
2022-03-08 14:42:46 +01:00
rmartinc
48565832d4 [#10608] Password blacklists folder 2022-03-08 08:22:34 -03:00
mposolda
93bba8e338 Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that.
Closes #10205
2022-03-08 10:41:05 +01:00