Commit graph

6953 commits

Author SHA1 Message Date
Giuseppe Graziano
b46fab2308 Remove root auth session after backchannel logout
Closes #32197

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-10-01 11:56:57 +02:00
Jon Koops
67b6b4c942
Require Keycloak JS configuration to be passed explicitly (#33399)
Closes #32823

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-01 10:29:10 +02:00
mposolda
e582a17a7c Fix client-attributes condition configuration
closes #33390

Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-01 10:12:28 +02:00
Peter Zaoral
d5d6390b1c
Make Keycloak fail with an error when the persisted build options differs from those provided (#33241)
* PropertyException is now thrown instead of a warning
* Operator guides clarification around health and metrics options

Closes: #32717

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-09-30 19:28:23 +02:00
Douglas Palmer
b5e282648f
org.keycloak.testsuite.forms.BruteForceTest#testRaceAttackPermanentLockout (#32701)
* org.keycloak.testsuite.forms.BruteForceTest#testRaceAttackPermanentLockout
Closes #32256


Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-09-30 18:38:10 +02:00
Kyale
a35edeb488 Resolved errors during component import referencing groups
Whenever a component being imported contained a reference to a group also being imported, the group was not found because groups were being imported after components by DefaultImportExportManager

Closes #10730

Signed-off-by: Kyale <github@chalkyweb.com>
2024-09-30 11:46:19 -03:00
Steven Hawkins
5d99d91818
fix: allows for the detection of a master realm with --import-realms (#32914)
also moving initial bootstrapping after import

closes: #32689

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-09-30 14:40:16 +02:00
Jon Koops
d60dee7622
Remove the UMD distribution of Keycloak JS (#33080)
Closes #32826

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-09-30 14:05:18 +02:00
rmartinc
aaf8136c89 Move deleteCookies to before for RecoveryAuthnCodesAuthenticatorTest
Closes #26176

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-30 12:05:16 +02:00
rmartinc
1d23c3c720 Use note to detect the IDP verify email action is already done
Closes #31563

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-27 09:16:53 +02:00
mposolda
8f038f19dd Upgrade BCFIPS to 2.0
closes #30415

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-26 06:52:21 +02:00
Stefan Guilhen
6424708695 Ensure organization id is preserved on export/import
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.

Closes #33207

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-25 16:07:44 +02:00
Michal Hajas
d9c567a5e4 Run model tests with clusterless feature enabled
Closes #33058
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-09-24 14:06:52 +02:00
Benoît
bf19ec11cf
Fix UserStorageManager.getGroupMembersStream potentially fetching all user (#33145)
Closes #32761
Signed-off-by: Benoit Messager <benoit.messager@liksi.fr>
Co-authored-by: Benoit Messager <benoit.messager@liksi.fr>
2024-09-24 09:51:35 +02:00
Jon Koops
46b0b6195c
Remove keycloak-js-adapter-jar artifact (#33196)
Closes #32824

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-09-23 15:46:56 +00:00
Stian Thorgersen
d778a8551a
Use references to obtain the signed elements in a signature (#188) (#33190)
Closes keycloak/keycloak-private#191
Closes #33116

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2024-09-23 13:51:46 +02:00
Stian Thorgersen
af5eef57bf
Improve handling for loopback redirect-uri validation (#195) (#33189)
Closes #33116

Signed-off-by: stianst <stianst@gmail.com>
2024-09-23 13:51:02 +02:00
Jon Koops
5e2f09f66d
Remove statically served Keycloak JS from the server (#33083)
Closes #32827

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-09-22 19:05:01 +02:00
Giuseppe Graziano
849ca3efb9 Fix amr test
Closes #26117

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-20 23:32:55 +02:00
Daniel Fesenmeyer
87da4011f7
Bugfix: "User Profile" attributes not available for Users Attribute search, when admin user does not have view- or manage-realm realm-management role (#31771)
- UIRealmResource: add "info" sub-resource to get realm-related information, which is visible for ALL admins (users having any realm-management role); for now, only provide the information whether any user profile provider is enabled
- UIRealmResourceTest: test the new endpoint, including permissions check
- UserDataTable.tsx: use this resource to get the info whether user profile providers are enabled, instead of using the realm components resource (which requires "view-realm" permissions)
- .../cypress/e2e/users_attribute_search_test.spec.ts: add cypress test to test the attribute search with minimum access rights
- further small changes for reuse of components, test-code etc

Closes #27536

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2024-09-20 14:06:08 -04:00
Christian Janker
21f90145ac Send UserRemovedEvent containing all user attributes
Invalidate CachedUserModel before UserRemovedEvent

closes #32194

Signed-off-by: Christian Janker <christian.janker@gmx.at>
2024-09-20 16:22:08 +02:00
Stefan Guilhen
900c496ffe
Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead
Closes #32209

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-20 16:08:55 +02:00
Michal Hajas
d065be362a
Fix flaky UserSessionPersisterProviderTest
Closes #32892

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-20 13:24:34 +02:00
Stefan Guilhen
42cde0cfdd
Fix various issues holding up CI (#33086)
- Disables the remote operator tests, which will have to be fixed later.
- Fixes the action expired error which occurs when accessing regular registration page with Organizations enabled.
- Fixes a race condition in the test suite causing sporadic failures.

Closes #33064

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-19 21:23:21 +02:00
vramik
fcb31a5aa6 Implement invitation-only self-registration for realm users
Closes #31643

Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 13:50:23 +02:00
Erik Jan de Wit
1f573eded0
added username field like suggested in issue comment (#32866)
related: #32522

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-18 13:03:03 +02:00
Vlasta Ramik
4ce40be1af
Make the ORGANIZATION a default feature (#32404)
Closes #32395

Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 12:19:28 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin (#32918)
Closes #32573

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-18 09:05:57 +02:00
rmartinc
5fe916861d Return 404 on invalid theme type
Closes #32798

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-17 09:09:34 +02:00
Giuseppe Graziano
e6c5ee31e4 Admin API with Lightweight access token and transient session
Closes #32802

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-16 09:30:15 +02:00
Ricardo Martin
9c780e9190 Honor turnOffChangeSessionIdOnLogin in SAML adapter (#185)
Closes keycloak/keycloak-private#183

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-16 09:21:07 +02:00
Nate Drake
75973157aa
Fix a few typos (#32929)
Signed-off-by: Nate Drake <ndrake@gmail.com>
2024-09-15 10:12:26 +00:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Stefan Guilhen
92e435f192 Do not automatically re-import users if they already exist locally when searching by attributes
Closes #32870

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-13 08:54:44 +02:00
Erik Jan de Wit
9aad6f650d
added more style fixes for the login.v2 (#32708)
* added more style fixes for the login.v2

related: #32522
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed grant screen

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* test fixes

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix for code.ftl

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* test fixes

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed tests

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-11 14:52:49 -04:00
mposolda
125124c2d9 Error when deploying SAML application with the keys in PEM format inside keycloak-saml.xml
closes #32817

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-11 19:03:10 +02:00
Stian Thorgersen
40049f31fa
Remove ProxyClassLoader and PlatformProvider returning script classloader (#32806)
Closes #32804

Signed-off-by: stianst <stianst@gmail.com>
2024-09-11 17:11:26 +02:00
Thomas Darimont
445a7da902 Ensure realm attributes import happens before client import
Fixes #32799

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-11 15:14:33 +02:00
rmartinc
b60621d819 Allow brute force to have http request/response and send emails
Closes #29542

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-11 08:35:03 +02:00
cgeorgilakis-grnet
f8b1b3ee03 Search Identity Providers by alias or display name
Closes #32588

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-09-10 21:52:59 +02:00
Erik Jan de Wit
d2e7c15f2f
added text and tooltip to idp (#32411)
* added text and tooltip to idp

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-09-10 13:05:14 +02:00
Thomas Darimont
6b83a45b2e
Propagate locale when using app initiated registration URL
Fixes #13505

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-10 12:25:17 +02:00
Martin Kanis
ccb166d0e9 Add caching when querying brokers by organization
Closes #32574

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-09-09 09:24:43 -03:00
mposolda
03e0fb0601 Fix ResetOtpTest
closes #32615

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-09 10:19:37 +02:00
Alexander Schwartz
b88ecc0237
Removing the extra two-minute Window for persistent user sessions (#32660)
Closes #28418

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-09-09 09:28:48 +02:00
mposolda
e1d5f0c871 Fix ResetPasswordTest on chrome 128
closes #32514
closes #32478
closes #32477
closes #32678
closes #32542
closes #32678
closes #32541

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-06 20:19:50 +02:00
Steven Hawkins
58d742bb5c
fix: refining v2 hostname validation (#32659)
closes: #32643

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-09-06 17:49:25 +02:00
Giuseppe Graziano
a14548a7a2
Lightweight access tokens for Admin REST API (#32347)
* Lightweight access tokens for Admin REST API

Closes #31513


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-04 18:04:23 +02:00
Stefan Guilhen
e7a4635620 Filter out org brokers from the account console
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination

Closes #31944

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 09:00:52 -03:00
Alexander Schwartz
4d1e1e0bcb
Show details for error messages where they were missing (#32534)
Closes #32533

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-04 07:23:54 -04:00