Commit graph

3838 commits

Author SHA1 Message Date
remi
b22efeec78 Add a toggle to use context attributes on the regex policy provider
Signed-off-by: remi <remi.tuveri@gmail.com>
2024-01-10 16:15:25 -03:00
rmartinc
42f0488d76 Avoid returning duplicated users in LDAP and unsynced
Closes #24141

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 12:47:15 +01:00
Réda Housni Alaoui
3c05c123ea On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-09 16:04:52 -03:00
Alexander Schwartz
03372d2f41
Fix OfflineServletAdapterTest failures, and improve logging (#25724)
Closes #25714
Closes #14448

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-09 14:59:20 +01:00
shigeyuki kabano
67e73d3d4e Enhancing Lightweight access token M2(keycloak#25716)
Closes keycloak#23724

Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
2024-01-09 09:42:30 +01:00
Ricardo Martin
097d68c86b
Escape action in the form_post.jwt and only decode path in RedirectUtils (#93) (#25995)
Closes #90

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-09 08:20:14 +01:00
Alexander Schwartz
0a16b64805 Stabilizing test cases by adding cleanups
Closes #24651

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-08 19:32:01 -03:00
Douglas Palmer
58d167fe59 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Steven Hawkins
d1d1d69840
fix: adds a general error message and descriptions for some exceptions (#25806)
closes: #25746

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-08 18:19:40 +00:00
Felix Gustavsson
0f47071a29 Check if UMA is enabled on resource, if not reject the request.
Closes #24422

Signed-off-by: Felix Gustavsson <felix.gustavsson@topgolf.com>
2024-01-08 11:28:57 -03:00
Tomas Ondrusko
e4fa5c034a
Update web element of the LinkedIn login page (#25905)
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2024-01-08 11:32:45 +01:00
Pedro Igor
d540584449 Using a valid URI when deleting cookies before/after running tests
Closes #22691

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 15:13:12 -03:00
atharva kshirsagar
d7542c9344 Fix for empty realm name issue
Throw ModelException if name is empty when creating/updating a realm

Closes #17449

Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-05 14:23:42 +01:00
Pedro Igor
8ff9e71eae Do not allow verifying email from a different account
Closes #14776

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Pedro Igor
f476a42d66 Fixing the registration_client_uri to point to a valid URI after updating a client
Closes #23229

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:41:36 +01:00
Ben Cresitello-Dittmar
057d8a00ac Implement Authentication Method Reference (AMR) claim from OIDC specification
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.

This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.

The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.

Closes #19190

Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
2024-01-03 14:59:05 -03:00
Jon Koops
07f9ead128 Upgrade Welcome theme to PatternFly 5
Closes #21343

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-03 14:46:01 -03:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-02 09:06:55 -03:00
Alexander Schwartz
9e890264df Adding a test case to check that the expiration time is set on logout tokens
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-22 20:13:40 +01:00
Niko Köbler
5e623f42d4 add the exp claim to the backchannel logout token
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.

As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.

resolves #25753

Signed-off-by: Niko Köbler <niko@n-k.de>
2023-12-22 20:13:40 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
rmartinc
c2e41b0eeb Make Locale updater generate an event and use the user profile
Closes #24369

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-20 15:26:45 +01:00
Daniel Fesenmeyer
baafb670f7 Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java)
Closes #25677

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2023-12-20 14:03:35 +01:00
Konstantinos Georgilakis
cf57af1d10 scope parameter in refresh flow
Closes #12009

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-20 14:00:10 +01:00
mposolda
eb184a8554 More info on UserProfileContext
closes #25691

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-19 13:00:31 -03:00
Pedro Igor
810ebf4efd Migration steps for enabling user profile by default
Closes #25528

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-19 10:19:45 -03:00
Joshua Sorah
d411eafc42 Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207
Closes keycloak/keycloak#25584

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2023-12-19 10:38:05 +01:00
Ricardo Martin
2ba7a51da6 Escape action in the form_post response mode (#60)
Closes keycloak/keycloak-private#31
Closes https://issues.redhat.com/browse/RHBK-652

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis
ba8c22eaf0 Scope parameter in Oauth 2.0 token exchange
Closes #21578

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
rmartinc
d841971ff4 Updating the UP configuration needs to trigger an admin event
Close #23896

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-18 19:24:30 +01:00
Steven Hawkins
ec28b68554
fix: improve group matching (#25627)
closes #25451

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-18 11:46:02 +01:00
mposolda
cd154cf318 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-18 11:32:27 +01:00
Takashi Norimatsu
59536becec Client policies : executor for enforcing DPoP
closes #25315

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-18 10:45:18 +01:00
Joshua Sorah
a10149bbe9 For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs
Closes keycloak#25544

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2023-12-18 09:05:51 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215)
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6 Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration
closes #25416

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-14 14:43:28 +01:00
Tomas Ondrusko
26342d829c Update web elements of the Instagram login page
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-12-14 14:03:53 +01:00
rmartinc
c14bc6f2b0 Create terms and conditions execution when registration form is added
Closes #21730

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-13 15:32:58 +01:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
VR
1545b32a64 Revert changes related to map store in test classes in base testsuite
Closes #24567

Signed-off-by: VR <vramik@redhat.com>
2023-12-12 16:16:38 +01:00
Thomas Darimont
0f5bbae75c
Add support for POST logout in Keycloak JS (#25348)
Closes #25167

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-11 14:55:48 +01:00
Pedro Igor
78ba7d4a38 Do not allow removing username and email from user profile configuration
Closes #25147

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-11 08:30:28 +01:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks
Closes #23966
2023-12-08 17:55:17 +01:00
mposolda
90bf88c540 Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers
closes #24718

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-08 12:26:35 +01:00
rmartinc
522e8d2887 Workaround to allow percent chars in getGroupByPath via PathSegment
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-06 14:22:34 -03:00
Peter Zaoral
340eb99412
Unable to use < as part of a password (admin-cli) (#24939)
* escaped angle bracket characters in password

Closes #21951

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-12-06 17:27:44 +01:00
Pedro Igor
ab1173182c Make sure realm is available from session when migrating to 23
Closes #25183

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 07:42:54 -03:00
rmartinc
d004e9295f Do not allow remove a credential in account endpoint if provider marks it as not removable
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-05 17:11:57 +01:00