Commit graph

6706 commits

Author SHA1 Message Date
Martin Bartoš
b1a90972b6 Upgrade Selenium and Arquillian dependencies in testsuite
Closes #29778

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-05-29 11:17:57 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 01:58:20 -03:00
Alexander Schwartz
46f0da43da Instead of the test blocking for an unknown reason, specify a timeout
Closes #29528

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-28 21:06:49 +02:00
Stefan Guilhen
694ffaf289 Allow organizations in different realms to have the same domain
Closes #29886

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-28 08:02:30 -03:00
Francis Pouatcha
4317a474d1
JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification (#29635)
closes #29634 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>


Co-authored-by: DYLANE BENGONO <85441363+bengo237@users.noreply.github.com>
2024-05-28 12:51:56 +02:00
Yutaka Obuchi
68d9dcecb5
Supporting OID4VCI AuthZCode flow: (#29685)
closes #29724

Signed-off-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com>


Co-authored-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com>
Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-05-28 12:29:31 +02:00
Martin Bartoš
d396dfed6a
Upgrade old Keycloak version for DB migration tests (#29884)
Closes #29883

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-05-28 11:32:31 +02:00
Jon Koops
66ef3bf2d7
Remove Opera from supported web drivers (#29903)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-05-28 09:01:40 +00:00
Douglas Palmer
b9c04bb8bc Refactor PolicyEnforcer tests to remove dependency on keycloak-adapter-core and remove keycloak-adapter-core
Closes #29189
Closes #28791

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-27 15:00:13 -03:00
Stefan Wiedemann
5a68056f2a
Fix oid4vc mappers
Closes #29805

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-05-27 11:28:46 +02:00
mposolda
ea1cdc10bd MigrateTo25_0_0 does not complete within default transaction timeout
closes #29756

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-27 10:31:39 +02:00
Pedro Igor
2d4d32764c Show a message when confirming an invitation link
Closes #29794

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-27 08:33:22 +02:00
rmartinc
b258b459d7 Generate RESTART_AUTHENTICATION event on success
Closes #29385

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-23 19:08:22 +02:00
vramik
0508d279f7 Filter empty domains from OrganizationsRepresentation before running validation
Closes #29809

Signed-off-by: vramik <vramik@redhat.com>
2024-05-23 09:53:51 -03:00
Marek Posolda
2efc163b89
Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database
Closes #27941

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-23 12:00:18 +00:00
Daniel Fesenmeyer
c08621fa63 Always order required actions by priority (regardless of context)
- AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action
- AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation)
- add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now)
- fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80)

Closes #16873

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2024-05-23 09:07:56 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400)
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
vramik
278341aff9 Add organizations enabled/disabled capability
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 10:30:46 +02:00
Francis Pouatcha
542fc65923
Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 (#29628)
closes #29627 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>


Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-05-22 10:30:34 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Case Walker
f32cd91792 Upgrade owasp-java-html-sanitizer, address all fallout
Signed-off-by: Case Walker <case.b.walker@gmail.com>
2024-05-22 09:15:25 +02:00
Raffaele Lucca
a5a55dc66e
Protocol now is mandatory during client scope creation. (#29544)
closes #29027

Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
2024-05-22 09:10:46 +02:00
Patrick Jennings
84acc953dd
Client type OIDC base read only defaults (#29706)
closes #29742
closes #29422

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-22 09:07:19 +02:00
Pedro Igor
b019cf6129 Support unmanaged attributes for service accounts and make sure they are only managed through the admin api
Closes #29362

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-21 16:56:18 -03:00
Martin Kanis
97cd5f3b8d Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not
Closes #29482

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-21 12:29:10 -03:00
rmartinc
3304540855 Allow admin console whoami endpoint to applications that have a special attribute
Closes #29640

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-20 09:51:07 +02:00
Stefan Guilhen
1aab371912 Fix errors when importing realms with the organization feature enabled
Closes #29630

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-17 07:25:31 -03:00
Ricardo Martin
74a80997c7
Fix CRL verification failing due to client cert not being in chain (#29582)
closes #19853

Signed-off-by: Micah Algard <micahalgard@gmail.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Micah Algard <micahalgard@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-05-17 11:28:07 +02:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages (#29326)
Update resource file and tests accordingly

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2024-05-16 09:55:41 +02:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305)
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
2024-05-16 07:58:43 +02:00
rmartinc
89d7108558 Restrict access to whoami endpoint for the admin console and users with realm access
Closes #25219

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-15 19:06:57 +02:00
Stefan Guilhen
c4760b8188 Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org.
Closes #29481

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-14 15:39:18 -03:00
Martin Kanis
3985157f9f Make sure operations on a organization are based on realm they belong to
Closes #28841

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-14 10:47:39 -03:00
Pedro Igor
b4d231fd40 Fixing realm removal when removing groups and brokers associated with an organization
Closes #29495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 14:29:27 +02:00
Pedro Igor
b5a854b68e
Minor improvements to invitation email templates (#29498)
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 13:19:02 +02:00
Pedro Igor
1b583a1bab Email validation for managed members should only fail if it does not match the domain set to a broker
Closes #29460

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 10:46:22 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-13 16:33:29 +02:00
kaustubh-rh
8a82b6b587
Added a check in ClientInitialAccessResource (#29353)
closes #29311

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>
2024-05-13 13:00:36 +02:00
rmartinc
2cc051346d Allow empty CSP header in headers provider
Closes #29458

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-13 10:51:31 +02:00
Alexander Schwartz
6cc8d653f3 Make SessionWrapper related fields immutable that are part of the equals method
The cache replace logic depends on it, as values returned by reference from a local cache must never be modified on those critical fields directly.

Closes #28906

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-13 09:59:50 +02:00
Giuseppe Graziano
d735668fcd Fix test failures after @DisableFeature
Closes #29253

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-05-13 08:20:54 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-10 21:28:11 -03:00
Stefan Guilhen
f0620353a4 Ensure master realm can't be removed
Closes #28896

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:56:18 -03:00
Stefan Guilhen
ceed7bc120 Add ability to search organizations by attribute
Closes #29411

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:45:41 -03:00
Pedro Igor
77b58275ca Improvements to the organization authentication flow
Closes #29416
Closes #29417
Closes #29418

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-09 16:07:52 -03:00
Pedro Igor
a65508ca13 Simplifying the CORS SPI and the default implementation
Closes #27646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-08 12:27:55 -03:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-08 17:18:39 +02:00
Stefan Guilhen
dde2746595 Improve tests to ensure managed users disabled upon disabling the org can't be updated
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 18:11:52 -03:00
Pedro Igor
927ba48f7a Adding tests to cover using SAML brokers in an organization
Closes #28732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 20:44:38 +02:00