Michal Hajas
883e83e625
Remove deprecated methods from data providers and models
...
Closes #14720
2022-10-25 09:01:33 +02:00
Alexander Schwartz
9b80bad391
Stabilize test testAccountManagementLinkIdentity by waiting for username to appear
...
Closes #15054
2022-10-24 19:19:27 +02:00
Stian Thorgersen
29b8294dd6
Filter list of supported OTP applications by current policy ( #15113 )
...
Closes #15112
2022-10-24 16:47:16 +02:00
mposolda
55c514ad56
More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS
...
Closes #14964
2022-10-24 08:36:37 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream ( #14697 )
...
* Remove Red Hat Single Sign-On product profile from upstream
Closes #14916
* review suggestions: Remove Red Hat Single Sign-On product profile from upstream
Closes #14916
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
Marek Posolda
0756ef9a75
Initial integration tests with BCFIPS distribution ( #14895 )
...
Closes #14886
2022-10-17 23:33:22 +02:00
Stian Thorgersen
f7490b7f7c
Fix issue where admin2 was not enabled by default if account2 was disabled ( #14914 )
...
Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation
Closes #14889
2022-10-17 15:17:54 +02:00
Alexander Schwartz
97c4495c4f
Updating H2 database to 2.x
...
Closes #12607
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2022-10-14 11:52:34 +02:00
vramik
f49582cf63
MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable
...
Closes #14678
2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0
Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving
...
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
- moving a group
- renaming a group
- renaming a role
- renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior
Closes #11236
2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider ( #13677 )
...
Closes #13334
2022-10-13 09:26:44 +02:00
Lex Cao
8ea3f30d82
Support profile projection parameter for LinkedIn IDP
...
Closes #13384
2022-10-11 15:22:00 -03:00
Takashi Norimatsu
148c7695ff
Pluggable Features of Token Manager
...
Closes #12065
2022-10-07 08:43:34 +02:00
Marek Posolda
425b6b8df2
Parameters 'client_id' and 'response_type' not strictly required in O… ( #14679 )
...
* Parameters 'client_id' and 'response_type' not strictly required in OIDC request object
Closes #14255
2022-10-05 11:20:15 +02:00
Douglas Palmer
44aae52fb4
Fixed locale switcher on error page ( #14728 )
...
Closes #14205
2022-10-05 10:30:07 +02:00
Marek Posolda
c59660ca86
KEYCLOAK_SESSION not working for some user federation setups when user ID has special chars ( #14560 )
...
closes #14354
2022-10-05 08:59:30 +02:00
Marek Posolda
fb24c86a3b
offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 ( #14658 )
...
closes #13706
2022-10-03 12:54:12 +02:00
Stian Thorgersen
390c7485c7
Remove WildFly dist modules ( #14675 )
...
Closes #14307
2022-09-30 14:26:55 +02:00
Alice Wood
1eb7e95b97
enhance existing group search functionality allow exact name search keycloak/keycloak#13973
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
2022-09-30 10:37:52 +02:00
Martin Bartoš
a20d6e2f1f
Remove JBoss-based auth servers from the testsuite ( #14317 )
...
Closes #14299
2022-09-30 09:41:57 +02:00
Marcelo Daniel Silva Sales
22713bc144
Incorrect error message OIDC client authentication ( #14656 )
...
closes #12162
Co-authored-by: Pedro Hos <pedro-hos@outlook.com>
2022-09-30 09:40:05 +02:00
Martin Kanis
42ad95af4d
Stabilize testPersistenceMultipleNodesClientSessionsAtRandomNode model test
2022-09-27 21:01:35 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron ( #14415 )
...
Closes #12702
2022-09-27 08:53:46 +02:00
Alexander Schwartz
be2deb0517
Modify RealmsAdminResource.importRealm to work with InputStream
...
Closes #13609
2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b
enhance group search to allow searching for groups via attribute keycloak/keycloak#12964
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-09-19 15:19:36 +02:00
Takashi Norimatsu
0a832fc744
Intent support before issuing tokens (UK OpenBanking)
...
Closes #12883
2022-09-19 12:15:00 +02:00
Martin Bartoš
d4130b0c6b
Admin Console tests failing ( #14404 )
...
Fixes #10997
2022-09-17 08:23:19 +02:00
rmartinc
cc9326fcad
Delay LDAPObject creation until mandatory attributes are set ( #14341 )
...
Closes #14286
2022-09-16 20:35:50 +02:00
Dmitry Telegin
cc2117bf7c
UserInfo endpoint not fully standards compliant
...
Closes #14184
2022-09-16 10:15:08 +02:00
danielFesenmeyer
3af1134975
Update IDP link username when sync mode is "force"
...
Closes #13049
2022-09-14 08:02:17 -03:00
Martin Bartoš
ed3d003d65
Remove Legacy migration tests from testsuite ( #14310 )
...
Closes #14300
2022-09-14 11:29:53 +02:00
Václav Muzikář
e999aeeab8
Fix DefaultHostnameTest
on Undertow
2022-09-13 14:41:23 -03:00
Martin Bartoš
aa5a4e3d84
Remove remote WildFly server from the testsuite ( #14321 )
...
Closes #14319
2022-09-13 12:49:40 +02:00
fwojnar
cee69e1abc
Remove Server Config Migration tests from testsuite ( #14334 )
...
Closes #14303
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-09-13 12:47:35 +02:00
fwojnar
a58f0593a6
Remove Clean Start test from testsuite ( #14345 )
...
Closes #14305
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-09-13 12:46:55 +02:00
Václav Muzikář
490590625d
Fix listApplicationsThirdParty
2022-09-13 08:33:31 +02:00
Jurjan-Paul Medema
eb0124e3e1
Mapper option 'Aggregate attribute values' is now applied to group hierarchy ( #7871 )
...
Closes #11255
2022-09-12 13:34:28 +02:00
Christoph Leistert
7e5b45f999
Issue #8749 : Add an option to control the order of the event query and admin event query
2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5
Move UserFederatedStorageProvider into legacy module
...
Closes #13627
2022-09-11 18:37:45 +02:00
Pedro Igor
3518362002
Validate auth time when max_age is sent to brokered OPs
...
Closes #14146
2022-09-09 10:30:51 -03:00
Pedro Igor
a0079b516b
Allow setting response mode ( #14104 )
...
Closes #14083
2022-09-09 14:28:47 +02:00
Martin Bartoš
0fcf5d3936
Reuse of token in TOTP is possible
...
Fixes #13607
2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default ( #14293 )
...
Closes #14292
2022-09-09 13:47:51 +02:00
vramik
869ccc82b2
Enable MapUserProvider storing username with the letter case significance
...
Closes #10245
Closes #11602
2022-09-09 11:46:11 +02:00
Dominik Guhr
f2b02f19e6
Closes #13786
2022-09-07 18:29:26 +02:00
cgeorgilakis
07b0df8f62
View groups from account console ( #7933 )
...
Closes #8748
2022-09-07 11:25:31 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 ( #14179 )
...
Closes #14179
2022-09-07 10:09:30 +02:00
Christoph Leistert
cc2bb96abc
Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.
2022-09-06 21:31:31 +02:00
Thomas Peter
19d69169b1
introduce expiration option for admin events
2022-09-06 16:05:53 +02:00
Pedro Igor
a6137b9b86
Do not empty attributes if they are not provided when user profile is enabled
...
Closes #11096
2022-09-06 12:59:05 +02:00
Michal Hajas
f69497eb28
KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants
...
Closes #14018
2022-09-06 10:38:28 +02:00
Sergey Ch
860c3fbbd3
KEYCLOAK-17263 Add exact searching for users ( #8059 )
...
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-09-01 19:27:24 +02:00
Thomas Darimont
43623ea9d0
KEYCLOAK-18499 Add max_age support to oauth2 brokered logins
...
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7
Fixed handling of required setting for email in user profile.
...
Resolves #13923
2022-08-31 17:19:19 -03:00
Martin Bartoš
677579fce6
Environment variables for admin creation in testsuite
...
Closes #14102
2022-08-31 07:29:55 -03:00
Nagy Vilmos
f6db484172
Keep the locale related authNotes through the IdentityBroker flow. ( #10444 )
...
Closes #8827
2022-08-31 09:37:26 +02:00
Martin Bartoš
e6a5f9c124
Default required action providers are still available after feature disabling
...
Closes #13189
2022-08-31 08:42:47 +02:00
Martin Bartoš
94de015440
Cannot build base testsuite due to missing dependency related to WF ( #14079 )
...
Fixes #14072
2022-08-30 18:52:05 +02:00
Stian Thorgersen
eece543ede
Remove AddUserTest as it was specific to the WildFly distribution ( #14091 )
...
Closes #14072
2022-08-30 16:57:44 +02:00
Manato Takai
1cdc21f0ff
Add duplicate parameter check for UserInfo endpoint. ( #14024 )
...
Closes #14016
2022-08-30 14:39:15 +02:00
Pedro Igor
917e8668cb
Fixing error when activating webauthn profile
...
Related #14005
2022-08-30 13:55:02 +02:00
Alexander Schwartz
bb6b5abfa1
Remove Infinispan workarounds after upgrading to 13.x
...
Closes #13962
2022-08-30 07:32:19 -03:00
Martin Bartoš
090f7f89d5
Cannot execute Old Admin Console tests ( #13887 )
...
Fixes #14005
2022-08-29 13:41:22 +02:00
Alexander Schwartz
a364a05cfa
Disable unstable scenario for testOfflineSessionLazyLoadingPropagationBetweenNodes
...
This only fails when CrossDC and preloadOfflineSessionsFromDatabase are enabled after the upgrade to Infinispan 13.x
Relates to #14020
2022-08-29 13:01:41 +02:00
Stian Thorgersen
cbfe9b9a3d
Introduce profile (enabled with -DincludeWildFly) to not include WildFly distribution in default builds ( #13878 )
...
* Introduce profile (enabled with -DincludeWildFly) to not include WildFly distribution in default builds
* Fix
2022-08-27 00:33:45 +02:00
Erik Jan de Wit
93f3d7bf42
Revert "Allow dependencies from keycloak-admin-ui ( #13924 )" ( #13963 )
...
This reverts commit 332a0dacee
.
2022-08-26 10:04:13 +02:00
Joerg Matysiak
62790b8ce0
Allow permission configuration for username and email in user profile.
...
Enhanced Account API to respect access to these attributes.
Resolves #12599
2022-08-25 21:54:51 -03:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist ( #12797 )
...
Closes #12657
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-08-25 13:52:30 +02:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final ( #13910 )
...
Closes #12306
2022-08-25 13:09:34 +02:00
Christoph Leistert
5408d25e09
Fixes #10656 : Sub realm localization GET endpoints can be called using tokens issued by the master realm. ( #10660 )
...
* Fixes #10656 : Sub realm localization GET endpoints can be called using tokens issued by the master realm.
* Fixes #10656 : Added some tests
2022-08-25 09:02:07 +02:00
Markus Till
7f999a4629
integration.admin-client: Add exact search for all dedicated user attributes ( #13361 )
...
Closes #13360
2022-08-25 08:57:31 +02:00
Arnaud Martin
af0d97e534
Delete broker links for federated users when an identity provider is deleted
...
Closes #13731
2022-08-25 08:24:09 +02:00
Pedro Igor
ddcf0f45f9
Run import within the context of the realm being imported
...
Closes #12289
2022-08-25 08:18:43 +02:00
Tero Saarni
74b2541d10
Fix invalid method reference when compiling with JDK17 ( #13621 )
...
Closes #13961
2022-08-25 08:11:15 +02:00
Pedro Igor
25be07be17
Allow introspecting tokens issued during token exchange with delegation semantics
...
Closes #9337
2022-08-24 09:47:04 -03:00
Tero Saarni
ea4b4b97b4
Bumped maven-war-plugin for JDK17 compatibility ( #13619 )
...
Closes #13960
2022-08-24 14:44:18 +02:00
Takashi Norimatsu
8c1ea4b47c
mTLS binding support for password grant
...
Closes #13662
2022-08-24 11:44:48 +02:00
Alexander Schwartz
332a0dacee
Allow dependencies from keycloak-admin-ui ( #13924 )
...
This prevents exceptions due to missing classes like kotlin/jvm/internal/Intrinsics.
Closes #13918
2022-08-24 11:31:29 +02:00
Konstantinos Georgilakis
c5b9dc1e7b
set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext)
...
Closes #13162
2022-08-23 17:33:07 +02:00
Konstantinos Georgilakis
baa89debd9
Correct isValidScope method of TokenManager for Dynamic scopes
...
Closes #13158
2022-08-23 16:30:04 +02:00
Lex Cao
6b1c64a1a9
Add rememberMe to a user session representation( #13408 ) ( #13765 )
...
Closes #13408
2022-08-23 15:28:52 +02:00
Konstantinos Georgilakis
2002fd983b
Showing consent screen text instead of scope name in consent part of Application page in Account console
...
Closes #13109
2022-08-23 11:22:31 +02:00
rishabhsvats
c223291a1e
Adds REGISTER event when new user login through first broker flow
...
Updates KcOidcBrokerEventTest, AbstractFirstBrokerLoginTest to factor in REGISTER event in first broker flow
Closes #11646
Correcting Indentation of AbstractFirstBrokerLoginTest
2022-08-23 10:43:56 +02:00
Stefan Guilhen
f84fdfa8ef
Fix UserSessionProviderTest failures with CockroachDB ( #13891 )
...
- move assertions to a separate tx due to CRDB's SERIALIZABLE isolation level
Closes #13211
2022-08-23 09:57:13 +02:00
Sebastian Schuster
53472e097c
13647 fixed wrong feature flag for checking admin fine-grained authz
2022-08-22 09:34:12 -03:00
Stefan Guilhen
5775e7c4ba
Fix ConcurrentTransactionsTest failure with CockroachDB ( #13890 )
...
- realm has to be removed in a separate tx due to CRDB's SERIALIZABLE isolation level
Closes #13211
2022-08-22 08:39:14 +02:00
Pedro Igor
eda33a0b21
Concurrency issue when caching JS policies
...
Closes #12204
2022-08-17 16:30:32 -03:00
Pedro Igor
15bbb46657
Avoid removing static path config from cache
...
Closes #9855
2022-08-17 16:29:59 -03:00
Martin Bartoš
5a2852530f
Fix DB tests for Quarkus
...
Fixes #13642
2022-08-17 10:23:05 -03:00
Pedro Igor
841c65d24f
Return 404 when invoking authorization endpoints in case authz settings are disabled
...
Closes #10151
2022-08-16 16:37:44 -03:00
nehachopra27
26de05fa44
Updating RestEasy for Jetty App Server ( #13710 )
...
Co-authored-by: nchopra <nchopra@redhat.com>
2022-08-16 11:20:24 +02:00
Michal Hajas
ab431e3bd9
Fix KeycloakQuarkusServerDeployableContainer to correctly configure map store
...
Closes #13721
2022-08-11 16:55:06 +02:00
Pedro Igor
e3af0610e2
Support running base testsuite on Windows
...
Closes #12648
Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-08-10 20:03:53 -03:00
Markus Till
fa383bf76c
Suppress confirmation screen for logout in oidc ( #13471 )
...
Closes #13469
2022-08-10 18:25:50 +02:00
Michal Hajas
d55d110ff9
Run Infinispan using Testcontainers in base testsuite
...
Closes #13620
2022-08-10 16:36:44 +02:00
Martin Kanis
57f2f4654a
Add limit for authSessions per rootAuthSession in map storage
2022-08-10 12:56:37 +02:00
Marcelo Daniel Silva Sales
e44cea587f
NullPointer during OIDC logout client disabled ( #13424 )
...
closes #12624
2022-08-08 12:34:09 +02:00
Michal Hajas
ec808d28bb
Remove possibility to start embedded HotRod server in hotrod-map module
...
Closes #13247
2022-08-05 21:08:38 +02:00
Tero Saarni
2392af157b
Forward quarkus server output to console in testsuite
2022-08-05 09:48:48 -03:00
Pedro Igor
333a4c900f
Revert changes that block themes being loaded from custom providers
...
Closes #13401
2022-08-04 13:34:12 +02:00
Sebastian Knauer
21f700679f
KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper
2022-08-03 13:07:12 +02:00
Martin Kanis
ff26698053
Stabilize testCreateUserSessionsParallel model test
2022-08-02 08:12:42 +02:00
nehachopra27
c7be78fade
Add admin-ui dependencies to integration-arquillian testsuite
...
Co-authored-by: nchopra <nchopra@redhat.com>
Fixes : #13465
2022-08-01 20:49:11 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup ( #13406 )
...
Closes #13128
2022-07-29 18:03:56 +02:00
Hynek Mlnarik
143e6bc932
Replace undertow-map with quarkus-map
...
Fixes : #12652
2022-07-27 14:08:38 +02:00
Stian Thorgersen
ae33af92d9
Promote new admin console to default ( #13243 )
...
Closes #13242
2022-07-27 10:13:49 +02:00
Pedro Hos
ee2c5391bd
Possible client enumeration in the authorization endpoint
...
Closes #12164
2022-07-26 09:10:06 +02:00
Michal Hajas
eb1f31e9dd
Optimize user-client session relationship for HotRod storage
...
Closes #12818
2022-07-26 09:00:13 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration ( #12282 )
...
Closes #10135
2022-07-25 10:57:52 +02:00
Dominik Guhr
9bb1299d89
change optimised to optimized
...
also: fix kc.bat to not use autobuild in devmode anymore, fix containers.adoc to not use auto_build naming, fix build command cli help as it is not required anymore to run it beforehand.
2022-07-22 10:29:07 -03:00
Stian Thorgersen
a251d785db
Remove text based login flows ( #13249 )
...
* Remove text based login flows
Closes #8752
* Add display param back in case it's used by some custom authenticators
2022-07-22 15:15:25 +02:00
Alexander Schwartz
cb81a17611
Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory
...
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.
Closes #12972
2022-07-22 08:20:00 +02:00
Douglas Palmer
adeef6c2a0
Partial import feature does not import Identity Provider mappers in Keycloak #12861
2022-07-21 18:04:15 +02:00
Martin Kanis
c2bd01bca0
Add model tests for Hot Rod starting multiple nodes
2022-07-21 12:15:25 +02:00
Stefan Guilhen
e9c55f45e5
Enable action token JPA provider in map-storage-jpa profile
...
Closes #13139
2022-07-20 16:30:20 -03:00
Pedro Igor
3631a413d2
Allow token exchange when subjec_token is not associated with a session
...
Closes #12596
2022-07-20 15:42:26 -03:00
Martin Bartoš
1b9a3bf51a
Cannot use WebAuthn with WildFly distribution
...
Fixes #12762
2022-07-20 09:59:44 -03:00
Martin Kanis
c8a6846ee0
Remove offline sessions when deleting a realm
2022-07-19 16:40:22 +02:00
Alexander Schwartz
f490638971
Fall back to standard Liquibase locking
...
As DBLockProvider is "none" for the Map storage providers, there is no locking provided by DB Lock
provider.
Liquibase's classic lock provider has issues that need to be tackled in a follow-up issue, see https://github.com/liquibase/liquibase/issues/1311
Closes #13130
2022-07-19 10:45:31 +02:00
Alexander Schwartz
43539cd3c0
Rework handling of Infinispan exceptions to stabilize the test
...
Closes #13164
2022-07-18 16:00:38 -03:00
Lex Cao
f0988a62b8
Use base64 url decoded for client secret when authenticating with Basic Auth ( #12486 )
...
Closes #11908
2022-07-16 09:38:41 +02:00
Pedro Igor
89028613d8
Introducing --optimise option
...
Closes #10737
2022-07-15 15:12:17 -03:00
Marcelo Daniel Silva Sales
f7a80409a9
Add flow to generate secret length based on signature algorithm ( #13107 )
...
Closes #9376
2022-07-15 11:06:07 +02:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store ( #12241 )
...
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Closes #9666
2022-07-14 12:07:02 -03:00
Alexander Schwartz
84ac2a2ba4
Update configuration to re-enable starting KeycloakServer for map storage ( #13079 )
2022-07-13 15:31:34 -03:00
Alexander Schwartz
b8d5e01cf3
Avoid using old legacy-store API in the test suite ( #13077 )
2022-07-13 09:58:01 -03:00
Michal Hajas
34d8629477
Convert ClientSessionIdleTimeout from seconds to milliseconds before … ( #13048 )
2022-07-13 07:29:52 -03:00
kz-masa
d26cff270f
Delete unnecessary import statements ( #12935 ) ( #12936 )
2022-07-12 19:37:15 -03:00
Martin Bartoš
216922233a
Remote base tests don't work with WildFly ( #12842 )
...
Fixes #12841
2022-07-12 15:14:09 +02:00
Martin Kanis
4b43612806
Disable WARN logging for Hot Rod RemoteQuery class
2022-07-11 16:48:56 -03:00
Pedro Igor
5b48d72730
Upgrade Resteasy v4
...
Closes #10916
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Martin Bartoš
07ab29378b
Make WebAuthn required actions enabled by default
...
Closes #12723
2022-07-11 15:32:40 +02:00
Michal Hajas
0f86427dd0
Make user->client sessions relationship consistent
...
Closes #12817
2022-07-11 08:42:28 -03:00
Martin Bartoš
17f1d04960
Possibility to execute DB migration tests for Quarkus distribution ( #12688 )
...
Closes #12685
2022-07-11 12:23:41 +02:00
fwojnar
7fccdb10d8
Fixing ClientPoliciesTest failure ( #12670 )
...
Closes #10633
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-07-11 12:22:25 +02:00
Takashi Norimatsu
29aad9dc45
PAR logic affecting /auth endpoint
...
Closes #9289
2022-07-11 11:56:37 +02:00
Alexander Schwartz
29a501552e
Disable the JpaUserFederatedStorageProvider when map storage is enabled
...
Closes #12895
2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f
Move methods from UserStorageUtil to LegacyRealmModel
...
It is better suited to take methods removed from RealmModel earlier.
Closes #12805
2022-07-07 09:57:17 -03:00
Stefan Guilhen
5801ed27a0
Enable JPA store for ActionTokenStoreSpi in model tests
...
Closes #12902
2022-07-06 12:08:49 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation ( #12871 )
2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider ( #12897 )
...
Split PublicKeyStorageProvider
- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates
Resolves #12763
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-07-05 09:57:51 -03:00
Stefan Guilhen
007fa1f374
Single Use Objects Map JPA implementation
...
Closes #9852
2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292
Move session persistence package to legacy-private module
...
Also, disabling the jpa session persister when map storage is enabled.
Closes #12712
2022-07-04 10:05:26 -03:00
Konstantinos Georgilakis
32f8f30f36
Include 'urn:ietf:params:oauth:grant-type:token-exchange' in grant_types_supported field of Keycloak OP metadata, if token-exchange is enabled
...
closes #10888
2022-06-30 17:13:47 -03:00
Jon Koops
06d1b4faab
Restore enum variant of ResourceType
...
This reverts commit 3b5a578934
.
2022-06-30 12:20:51 -03:00
Alexander Schwartz
ddeab744d0
Moving RoleStorageProviderModel to the legacy modules
...
Closes #12656
2022-06-29 20:04:32 +02:00
vramik
3b5a578934
Change enum ResourceType to interface with String constants
...
Closes #12485
2022-06-29 13:35:11 +02:00
Lex Cao
c3c8b9f0c8
Add client_secret
to response when token_endpoint_auth_method
is not private_key_jwt
( #12609 )
...
Closes #12565
2022-06-29 10:19:18 +02:00
Clara Fang
4643fd09e3
Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
...
This should reduce GC pressure.
Closes #12644
2022-06-29 08:53:09 +02:00
Konstantinos Georgilakis
ccc0449314
json device code flow error responses
...
closes #11438
2022-06-29 07:23:02 +02:00
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration ( #12692 )
...
Closes #12625
2022-06-29 07:17:09 +02:00
vramik
6335090092
Use JpaMapStorageProviderFactory for authorization services in model tests
...
Closes #12743
2022-06-28 15:01:49 +02:00
danielFesenmeyer
b6d8c27cac
OIDC logout: In "legacy mode", support post_logout_redirect_uri param without requiring id_token_hint param
...
Closes #12680
2022-06-28 14:36:03 +02:00
leandrobortoli
c5d5659100
Fixed bug on client credentials grant when encryption key not found
...
Closes #12348
2022-06-27 13:00:21 +02:00
Lex Cao
f8a7c8e160
Validate name of client scope ( #12571 )
...
Closes #12553
2022-06-27 12:26:18 +02:00
Pedro Igor
3d2c3fbc6a
Support JSON objects when evaluating claims in regex policy
...
Closes #11514
2022-06-23 14:04:09 -03:00
Pedro Igor
d3a40e8620
Use backend baseURL for UMA-related backend endpoints
...
Closes #12549
2022-06-23 10:35:26 -03:00
Takashi Norimatsu
a10eef882f
DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent
...
Closes #12455
2022-06-22 13:01:35 +02:00
Takashi Norimatsu
d396ee7d30
CIBA flow : no error on invalid scope
...
Closes #12589
2022-06-22 12:55:55 +02:00
rmartinc
711440e513
[ #11036 ] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL
2022-06-21 10:52:25 -03:00
Stefan Guilhen
7d96f3ad5a
Events Map JPA implementation
...
Closes #9667
2022-06-21 13:53:48 +02:00
Alexander Schwartz
cb0c881821
rename SingleEntityCredentialManager to SubjectCredentialManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230
for all added files in the PR, update the copyright header or add it if it was missing
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
26198e4b0b
Disable tests irrelevant for map storage
2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b
Inline deprecated methods in legacy code
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1a227212de
Simplify implementation of a federated storage by moving the default implementation to the abstract base class; this will also allow the quickstarts and implementations derived from that to run without changes.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92
Move LDAP REST Endpoints to LDAP package
...
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e
redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos)
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1
Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
...
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()
Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc
Added LegacySessionSupport SPI
...
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded
Avoid using methods on UserCredentialStoreManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6
SingleUserCredentialManager moving in
...
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e
Move User Storage SPI, introduce ExportImportManager
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51
Preparation for moving User Storage SPI
...
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad
Move realms, clients, groups, roles, clientscopes into legacy module
...
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
of direct creating of area providers by the session
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187
Introduce legacy datastore module and update dependencies
2022-06-21 08:53:06 +02:00
Alexander Schwartz
850af55edc
Ensure that only JDK 8 APIs are used where JDK 8 is still required.
...
Closes #10842
2022-06-20 14:44:33 -03:00
Michal Hajas
781183e551
Enable indexing for ResourceServerEntity
...
Closes #12533
2022-06-20 10:17:19 +02:00
Martin Bartoš
d8112d7b7e
DB migration tests execution for Quarkus ( #12525 )
...
Closes #12524
2022-06-20 10:12:37 +02:00
Alexander Schwartz
71e7982a49
Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest
...
Also adding try/finally in other places in the integration tests where it was missing.
Closes #12530
2022-06-16 13:42:55 +02:00
nehachopra27
39cff0750c
[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh ( #12386 )
...
Co-authored-by: nchopra <nchopra@redhat.com>
Resolves #12385
2022-06-15 11:29:11 -03:00
vramik
1b3a76d0af
Do not persist client sessions of transient user sessions
...
Closes #12357
2022-06-15 10:54:23 +02:00
Martin Bartoš
0fef4305b6
Logout confirm page is failing to log the user out on auth-server-wildfly
...
Fixes #11753
2022-06-14 10:46:02 +02:00
mposolda
3aefb59d40
Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user
...
Closes #12458
2022-06-14 10:44:31 +02:00
Alexander Schwartz
c2043da78e
When asserting a URL, allow for some time for any redirect to complete.
...
Closes #12446
2022-06-14 07:30:31 +02:00
Christoph Leistert
442eff0169
Closes #11851 : Apply localization text from realm default locale when it is not defined for the requested language. ( #11852 )
2022-06-10 14:36:11 -04:00
Martin Bartoš
2cf089424a
ClientClientScopesTest failures in the test pipeline ( #12440 )
...
Resolves #12439
2022-06-10 09:13:25 -03:00
Alexander Schwartz
361a813d81
Keep a list of model instances in the JPA map session.
...
This allows removing them from the persistence context on bulk delete.
Closes #12384
2022-06-09 12:39:04 -03:00
Joerg Matysiak
3c19ad627f
Repsect permissions configured to firstName and lastName when configured in user profile
...
Resolves #12109
2022-06-09 10:10:15 -03:00
Pedro Igor
8aecba1795
Fixing how realm frontendurl is cached when resolving the hostname
...
Closes #11894
2022-06-08 16:41:25 -03:00
Alexander Schwartz
9272c7a5ec
Allow for the backend to return granted scopes in any order.
...
Closes #12395
2022-06-08 08:39:14 -03:00
mposolda
5d2bf6ea33
Cannot find ScriptEngine for JDK8 and Wildfly
...
Closes #12247
2022-06-08 11:11:36 +02:00
Pedro Igor
243e63c9f3
Do not set empty permissions to username and email attributes
...
Closes #11647
2022-06-07 10:59:35 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API ( #11199 )
2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration ( #12244 )
...
Closes #12243
2022-06-07 09:02:00 +02:00
Martin Kanis
df72cf72f2
Hot Rod map storage: Single-use (action token) no-downtime store
2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435
Issue #9194 : Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256
2022-06-06 12:07:09 +02:00
Takashi Norimatsu
3889eeda30
Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API
...
Closes #12295
2022-06-06 11:30:48 +02:00
Michal Hajas
09c0a69a8f
Add HotRod no downtime store for events
...
Closes #9676
2022-06-02 13:30:19 +02:00
Alexander Schwartz
6c3d25fd8f
Limit the number of clientSessionIds in the test
...
Before it was 1500 client sessions, now its only 150 client sessions. This should help to keep the test within its time constraint of 60 + 30 seconds.
Closes #12264
2022-05-31 17:10:49 +02:00