also moving initial bootstrapping after import
closes: #32689
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* fix: adds additional info / warnings to hostname v2
closes: #24815
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* refining the proxy-headers language from #33209
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding hostname-strict-https
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* moving removed property check to the quarkus side
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/HostnameV2PropertyMappers.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* Update docs/guides/server/hostname.adoc
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
The expected Destination Path needs to properly point to the client that is created for IDP-initiated SSO flow. This is especially an issue when Keycloak is behind a reverse proxy that terminates TLS.
Signed-off-by: Manish Mehta <ManishMehta@users.noreply.github.com>
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.
Closes#33207
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Closes#32209
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
- Disables the remote operator tests, which will have to be fixed later.
- Fixes the action expired error which occurs when accessing regular registration page with Organizations enabled.
- Fixes a race condition in the test suite causing sporadic failures.
Closes#33064
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
This should reduce deadlocks on the user property table if the users are updated concurrently.
Closes#32852
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Closes#28418
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
The Token Exchange [RFC8693 Section-2.2.2](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.2) requires
that the error code for invalid requests is `invalid_request`.
Previously, Keycloak used `invalid_token` as the error code.
Fixes#31547
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
- Move ClientData parsing out of SessionCodeChecks ctor
- Respond with a bad request if invalid client data is presented
Closes#32515
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination
Closes#31944
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Closes#32533
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>