Stefan Guilhen
b03ce0047c
Add explicit getter method for organizations in RealmAdminResource
...
- makes OrganizationsResource reachable to OpenAPI generator
Closes #30832
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-21 15:55:06 -03:00
rmartinc
2004467749
Check alias is unique for authenticator config when it is created
...
Closes #31727
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-21 15:25:32 +02:00
Simon Levermann
dcf1d83199
Enable enforcement of a minimum ACR at the client level ( #16884 ) ( #33205 )
...
closes #16884
Signed-off-by: Simon Levermann <github@simon.slevermann.de>
2024-10-21 13:54:02 +02:00
Pedro Igor
3a9bab35b6
Fixing action token lifespan information in the invitation email
...
Closes #34049
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-18 09:10:14 +02:00
Pedro Igor
d1dba15964
Do not show domain match message in the identity-first login when no login hint is provided
...
Closes #34069
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-18 09:05:27 +02:00
Pedro Igor
ee38d551ce
Respect the locale set to a user when redering verify email pages
...
Closes #34063
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-18 09:04:38 +02:00
Stefan Guilhen
7d8ff710c2
Invalidate user session when associated IdP is missing (previously removed)
...
Closes #31724
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-17 16:30:51 -03:00
Krzysztof Szafrański
731274f39e
Fix errors when code, clientId, or tabId are null
...
Calling parseSessionCode inside the try-catch would result in
ErrorPageException thrown by redirectToErrorPage being caught and
re-reported, resulting in one log entry with `invalidRequestMessage`
and another one with `unexpectedErrorHandlingRequestMessage`.
Additionally, one of ErrorPageException constructors didn't pass the
status to super(), resulting in the logger error message being
"HTTP 500 Internal Server Error" even though the status was actually
something else, like 400. I noticed that ErrorPageException can be
simplified by just passing the response to super(), which is one way of
fixing the problem.
Closes #33232
Signed-off-by: Krzysztof Szafrański <k.p.szafranski@gmail.com>
2024-10-17 14:37:40 -03:00
Pascal Knüppel
41ee68611f
Allow to create EC certificates if new EC-key-provider is created ( #31843 )
...
Closes #31842
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-10-17 16:05:59 +02:00
Thomas Darimont
f99c5f6df3
Ensure referrer and referrer_uri params are carried over to account-console
...
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
Thomas Darimont
40bdc902f0
Use account-console client for server-side auth check
...
Also generate PKCE verifier and use challenge parameters
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
Thomas Darimont
729417b20a
Use account-console client for server-side auth check
...
- Also generate PKCE verifier and use challenge parameters
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
Thomas Darimont
c400eff9b0
Account console backend should redirect to login on missing auth ( #31469 )
...
Adapted the login redirect logic from the old account console.
Fixes #31469
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
rmartinc
13655007a6
Remove online session for offline access in direct access grants and client credentials
...
Closes #32650
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-17 10:49:05 +02:00
Martin Kanis
8fb5ecaa6c
Auth not possible for auth session where user was enabled in the meantime
...
Closes #33883
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-15 14:28:36 -03:00
Oliver
936cf68050
Fix NPE on whoami with unknown Realm ( #33912 )
...
Closes #33907
Signed-off-by: Oliver Cremerius <antikalk@users.noreply.github.com>
2024-10-15 08:22:59 +02:00
mposolda
43c55e0211
Improving documentation for AuthenticationManagementResource.addExecutionFlow
...
closes #32610
Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-14 15:46:44 +02:00
Jon Koops
008faf44cf
Check if deviceRepresentation
is set
...
Closes #33814
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-11 16:02:20 +02:00
rmartinc
7e5734fd48
Fix incorrect filter in docker protocol
...
Closes #33776
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-11 08:58:18 +02:00
Pedro Igor
9a3d81c23e
Only process organization selection when the user is identified
...
Closes #33699
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-10 16:24:25 +02:00
rmartinc
a74e60f4d7
Check email with ignorecase when setting basic attributes in IdP
...
Closes #31848
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-10 09:55:58 +02:00
Jon Koops
3930356c21
Treat unencrypted local origins as an insecure context in Safari ( #33700 )
...
Closes #33557
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-09 23:38:03 +02:00
Thomas Darimont
1ef845b31d
Only show organization section in account UI of enabled
...
We now only show organization section in account ui if org support is enabled for realm.
Fixes #33735
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-09 18:15:32 +02:00
Matt Eaton
9f0a348e4c
Allow certificate with duplicate principals in truststore.
...
The previous implementation uses principal as a key for a hashmap storing one certificate per entry. To preserve lookups, the value is now a List of certificates.
Additional logic was added to build certification validation chains using signature verification rather than just principal.
Closes #33125
Signed-off-by: Matt Eaton <git@divinehawk.com>
2024-10-08 12:03:03 +02:00
mposolda
07cf71e818
Better logging when error happens during transaction commit
...
closes #33275
Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-08 11:14:10 +02:00
Dominik Schlosser
2c9e279213
Make createWebAuthnRegistrationManager protected to allow cutomizations in subclasses ( #33639 )
...
closes #33678
Signed-off-by: Dominik Schlosser <dominik.schlosser@gmail.com>
2024-10-08 10:35:27 +02:00
Ricardo Martin
611e6d102e
Create session for the requester client in Token Exchange ( #31290 )
...
Closes #31180
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-10-08 10:24:10 +02:00
Gilles Etchepareborde
593afbb4e0
This PR intends to always set the event type in order to prevent error when firing an error event.
...
Closes #30453
Signed-off-by: Gilles Etchepareborde <etchepar@yahoo.fr>
2024-10-08 10:15:53 +02:00
rmartinc
44b1290917
Return next action if the current action is not supported in AIA
...
Closes #33513
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-08 09:54:53 +02:00
Pedro Aguiar
14f14152de
update/fix-typo-to-a-to-a
...
- Corrected "Map a custom user attribute to a to a SAML attribute." by removing the repeated "to a".
Closes : #33603
Signed-off-by: Pedro Aguiar <contact@codespearhead.com>
2024-10-04 19:44:43 +00:00
Steven Hawkins
cb3954fc7b
fix: ensuring placeholders can be used with --import-realm ( #33589 )
...
closes : #33578
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-10-04 16:59:55 +00:00
mposolda
c8ca0462a4
Prevent multiple logout confirmation actions
...
closes #32435
Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-03 15:31:55 +02:00
Maksim Zvankovich
35eba8be8c
Add option to include the organization id in the organization claims
...
Closes #32746
Signed-off-by: Maksim Zvankovich <m.zvankovich@nexovagroup.eu>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-03 08:11:36 -03:00
Jon Koops
aacdf80664
Add shim for Web Crypto API to admin and account console ( #33480 )
...
Closes #33330
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-03 10:51:23 +00:00
Erik Jan de Wit
e8d8de8936
Use feature versions for admin3, account3, and login2 ( #33458 )
...
Closes #33405
Signed-off-by: stianst <stianst@gmail.com>
2024-10-03 12:09:36 +02:00
Stian Thorgersen
6092524d79
Fix theme resource loading on Windows, and enable additional test in jdk-integration-tests ( #33512 )
...
Closes #33508
Signed-off-by: stianst <stianst@gmail.com>
2024-10-03 11:37:49 +02:00
vramik
c1653448f3
[Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link
...
Closes #33201
Signed-off-by: vramik <vramik@redhat.com>
2024-10-02 07:37:48 -03:00
Ricardo Martin
6e471a8477
Add the nonce attribute when the client session context is recreated ( #33422 )
...
Closes #33355
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Tomas Kralik <tomas.kralik@pbktechnology.cz>
2024-10-02 09:44:25 +02:00
Pedro Igor
ef48a3a360
Avoid running org related code if there are no orgs in a realm
...
Closes #33424
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-02 09:39:25 +02:00
Giuseppe Graziano
b46fab2308
Remove root auth session after backchannel logout
...
Closes #32197
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-10-01 11:56:57 +02:00
mposolda
e582a17a7c
Fix client-attributes condition configuration
...
closes #33390
Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-01 10:12:28 +02:00
Stian Thorgersen
4a2fbf5339
Refactor loading of theme resources ( #33326 )
...
Closes #33325
Signed-off-by: stianst <stianst@gmail.com>
2024-10-01 08:02:05 +02:00
Alexander Schwartz
5c503a55e9
Optimize caching and use of DB connections when Organisations are enabled
...
Closes #33353
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
rmartinc
8bbae59b60
Add LOGIN_WEBAUTHN as possible initial login page for locale bean
...
Closes #33336
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-30 18:59:39 +02:00
Steven Hawkins
5d99d91818
fix: allows for the detection of a master realm with --import-realms ( #32914 )
...
also moving initial bootstrapping after import
closes : #32689
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-09-30 14:40:16 +02:00
Steven Hawkins
f1a7a4804e
fix: adds additional info / warnings to hostname v2 ( #33261 )
...
* fix: adds additional info / warnings to hostname v2
closes : #24815
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* refining the proxy-headers language from #33209
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding hostname-strict-https
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* moving removed property check to the quarkus side
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/HostnameV2PropertyMappers.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* Update docs/guides/server/hostname.adoc
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-09-28 08:48:09 +00:00
Steven Hawkins
9064d5159a
fix: validate that a full hostname url is expected ( #33348 )
...
closes : #33347
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-09-27 13:57:14 +00:00
Manish Mehta
d57050656e
Fix for Issue# 32622 ( https://github.com/keycloak/keycloak/issues/32622 )
...
The expected Destination Path needs to properly point to the client that is created for IDP-initiated SSO flow. This is especially an issue when Keycloak is behind a reverse proxy that terminates TLS.
Signed-off-by: Manish Mehta <ManishMehta@users.noreply.github.com>
2024-09-27 09:20:09 +02:00
rmartinc
1d23c3c720
Use note to detect the IDP verify email action is already done
...
Closes #31563
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-27 09:16:53 +02:00
Maksim Zvankovich
90dc7c168c
Add organization admin crud events
...
Closes #31421
Signed-off-by: Maksim Zvankovich <m.zvankovich@rheagroup.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-27 09:09:28 +02:00