Peter Keuter
01d66a662b
Expose display name and locales when user has ANY admin role ( #27160 )
...
* chore: expose display name and locales when user has view-realm
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
* fix: supportedlocales are available as stream
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
* fix: tests
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
* fix: remove unnecessarily added ignore
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
---------
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
2024-02-21 13:30:31 -05:00
Ricardo Martin
3bc074913e
Allow LDAP provider to search using any attribute configured via mappers ( #26235 )
...
Closes #22436
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-21 08:48:39 +00:00
Takashi Norimatsu
1bdbaa2ca5
Client policies: executor for validate and match a redirect URI
...
closes #25637
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-20 08:37:33 +01:00
Ryan Emerson
a2f027ee00
Use AWS JDBC Wrapper in CI tests. Resolves #27123
...
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-02-19 19:07:24 +01:00
Stefan Wiedemann
aa6b102e3d
Support EC Key-Imports for the JavaKeystoreKeyProvider #26936 ( #27030 )
...
closes #26936
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-02-19 17:41:40 +01:00
Tomas Ondrusko
055a0e2231
Fix Microsoft social login test case
...
Resolves #27120
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2024-02-19 15:56:58 +01:00
Pedro Hos
6b3fa8b7a7
Invalid redirect uri when identity provider alias has spaces ( #22840 )
...
closes #22836
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-02-19 14:40:42 +01:00
graziang
1f57fc141c
UPDATED_PASSWORD required-action triggered only when login using password
...
`UpdatePassword.evaluateTriggers` adds the required-action to the user by evaluating the expiration password policy. Added a check that skips the evaluation if no password used during auth flow. This check uses the value of an auth note set in the `validatePassword` method of the `AbstractUsernameFormAuthenticator`.
Manually adding UPDATED_PASSWORD required-action to the user continues to trigger the action regardless of the authentication method.
Closes #17155
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-02-16 18:16:36 +01:00
Marek Posolda
c94f9f5716
Remove random redirect after password reset ( #27076 )
...
closes #20867
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2024-02-16 18:13:27 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
mposolda
eff6c3af78
During password reset, the baseURL is not shown on the info page after browser restart
...
closes #21127
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-15 18:48:53 +01:00
Michal Hajas
e55ba5dcdc
Make sure pagination is used even when first is null for getGroups endpoint
...
Closes #25731
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-15 19:46:04 +09:00
mposolda
b4d289c562
Fixing UriValidator
...
closes #26792
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-15 10:30:39 +01:00
rmartinc
4ff4c3f897
Increase internal algorithm security using HS512 and 128 byte hmac keys
...
Closes #13080
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
rmartinc
bc82929e3a
Cors modifications for UserInfo endpoint
...
Closes #26782
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-14 18:24:06 +01:00
rmartinc
bb12f3fb82
Do not require non-builtin attributes for service accounts
...
Closes #26716
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-13 17:42:59 +01:00
Steven Hawkins
3a04acab51
fix: adds pfx as a recognized extension ( #26876 )
...
closes #24661
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-13 15:38:12 +01:00
Stian Thorgersen
23d5f2188d
Run adapters in a separate job on GitHub Actions ( #26962 )
...
Closes #25892
Signed-off-by: stianst <stianst@gmail.com>
2024-02-13 12:38:58 +01:00
Stefan Guilhen
2161e72872
Add migration for the useTruststoreSpi config property in LDAP user storage provider
...
- legacy `ldapsOnly` value now migrated to `always`.
Closes #25912
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-12 11:53:19 +01:00
Pedro Igor
e50642ac32
Allow setting a default user profile configuration
...
Closes #26489
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-12 11:16:48 +01:00
Stefan Guilhen
d3ae075a33
Fix MembershipType so that NPE is not thrown when an empty member is found within a group
...
Closes #25883
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-09 19:04:37 +01:00
Réda Housni Alaoui
67718c653a
UPDATE_EMAIL action token handling should allow the user to resume its navigation to the redirect uri
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-02-08 18:32:38 -03:00
Douglas Palmer
66f0d2ff1d
blah
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-07 15:55:06 -03:00
Douglas Palmer
d9d41b1a09
Brute Force Detection is disabled when updating frontenUrl via admin client
...
Closes #21409
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-07 15:55:06 -03:00
Steven Hawkins
402c7d9b18
Removing version overrides and further aligning with quarkus versions ( #26788 )
...
* elevating wildfly-elytron-http-oidc version management
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing testing dependency overrides
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* further version aligment with quarkus
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding a resteay-core-spi that can be overriden
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing hamcrest override
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* aligning with 3.7.1
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-07 17:57:23 +01:00
Tero Saarni
ac1780a54f
Added event for temporary lockout for brute force protector ( #26630 )
...
This change adds event for brute force protector when user account is
temporarily disabled.
It also lowers the priority of free-text log for failed login attempts.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 14:13:33 +00:00
Dmitry Telegin
b0403e2268
CORS SPI
...
Closes #25446
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-02-06 15:27:53 -03:00
rmartinc
509f618992
Improvements for test connection and authentication in the LDAP provider
...
Closes #26464
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-06 13:04:06 -03:00
mposolda
f468885fdd
Empty error message when validation issue due the PersonNameProhibitedValidator validation
...
closes #26750
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-06 12:56:50 -03:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long ( #26729 ) ( #26737 )
...
Resolves #26597 , resolves #26665
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:29:34 +01:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies ( #26558 )
...
Closes #26557
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:14:04 +01:00
rmartinc
720c5c6576
PKCE should return error if code_verifier sent but no code_challenge in the authorization request
...
Closes #26430
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-06 08:31:56 -03:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces ( #26708 )
...
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
Thomas Darimont
277af021d7
Improve ScheduledTask task-name handling
...
This PR introduces a String getTaskName() default method to
the ScheduledTask interface and adjusts call sites to use the
implementation derived task name where possible.
Previously, ScheduledTask names were passed around separately, which
lead to unhelpful debug messages.
We now give ScheduledTask implementations control over their task-name
which allows for more flexible naming.
Enlist call StoreSyncEvent.fire(...) to after transaction to ensure realm is present in database.
Ensure that Realm is already committed before updating sync via UserStorageSyncManager
Align Sync task name generation for cancellation to support SyncFederationTest
Only log a message if sync task was actually canceled.
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-02-02 09:57:03 -03:00
mposolda
cdc5d8fff8
Migrating Realm JSON with declarative user profile fails when scope selectors present on any attributes
...
closes #26266
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-01 09:54:09 +01:00
Stian Thorgersen
64b5f42c4a
Revert new behaviour around setting secure flag for cookies ( #26650 )
...
Closes #26649
Signed-off-by: stianst <stianst@gmail.com>
2024-01-31 19:33:56 +01:00
Lex Cao
a43ba73b93
Skip link only when client is not system when logout ( #24595 )
...
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-31 17:50:26 +01:00
rmartinc
01be4032d8
Enable verify-profile required action by default
...
Closes #25985
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-31 13:32:53 +01:00
Lex Cao
f83756b177
Error handle for the Json request in createErrorPage
...
Closes #13368
These changes introduce a new error handler for building error based on the media type.
- It should create error form response when it is valid HTML request
- It could create error response with JSON if content type matches
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-31 09:31:30 -03:00
Václav Muzikář
4096a2657e
Supported option to specify site name for multi-site deployments
...
Closes #26460
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-31 11:52:19 +00:00
mposolda
10ba70c972
Possibility to email being not required
...
closes #26552
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-01-31 10:57:10 +01:00
Thomas Darimont
346c2926f6
Fix error type in SAML response on missing destination
...
We now use INVALID_SAML_RESPONSE insteadof INVALID_LOGOUT_RESPONSE.
Added proposed test case.
Closes #11178
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Chris Dolphy <cdolphy@redhat.com>
2024-01-31 09:32:14 +01:00
Stefan Wiedemann
fa948f37e0
Issue Verifiable Credentials in jwt_vc format #25941 ( #26484 )
...
closes #25941
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-01-30 18:35:20 +01:00
mposolda
1213556eff
Fixes for UsernameIDNHomographValidator
...
closes #26564
Signed-off-by: mposolda <mposolda@gmail.com>
2024-01-30 14:30:28 +01:00
Chris Tanaskoski
5373f3c97a
Don't fail reset credentials action upon first broker login without EXISTING_USER_INFO
( #26324 )
...
The ResetCredentialsActionTokenHandler depends upon the `EXISTING_USER_INFO` through `AbstractIdpAuthenticator.getExistingUser` solely to log the username. However, if the first broker login flow does not include a `IdpCreateUserIfUniqueAuthenticator` or `IdpDetectExistingBrokerUserAuthenticator`, the `EXISTING_USER_INFO` is never set.
This commit does not attempt to fetch the existing user if we don't have this info set.
Closes #26323
Signed-off-by: Chris Tanaskoski <chris@devristo.com>
2024-01-30 11:16:52 +00:00
Stian Thorgersen
0fb6bdfcac
Cookie Provider - move remaining cookies ( #26531 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-29 11:06:37 +01:00
Lex Cao
cf3f05a259
Skip grant role if exists for federated storage ( #26508 )
...
Closes #26507
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-26 17:08:47 +00:00
Stian Thorgersen
bc3c27909e
Cookie Provider ( #26499 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Martin Kanis
7797f778d1
Map Store Removal: Rename legacy modules
...
Closes #24107
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Ricardo Martin
b58f35fb47
Revert "Enable verify profile required action by default for new realms" ( #26495 )
...
This reverts commit 7f195acc14
.
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-25 12:28:16 +01:00
Stian Thorgersen
cbfdae5e75
Remove support for multiple AUTH_SESSION_ID cookies ( #26462 )
...
Closes #26457
Signed-off-by: stianst <stianst@gmail.com>
2024-01-25 06:58:42 +01:00
rmartinc
7f195acc14
Enable verify profile required action by default for new realms
...
Closes #25985
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-24 20:28:06 +01:00
Thomas Darimont
e7363905fa
Change password hashing defaults according to OWASP recommendations ( #16629 )
...
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 ):
- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly
Fixes #16629
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
Florian Garcia
af0b9164e3
fix: hardcoded conditional rendering of client secret input field ( #25776 )
...
Closes #22660
Signed-off-by: ImFlog <garcia.florian.perso@gmail.com>
Co-authored-by: useresd <yousifmagdi@gmail.com>
2024-01-24 16:30:22 +01:00
Stian Thorgersen
85ddac26ed
Remove code that expires old cookie paths ( #26444 )
...
Closes #26416
Signed-off-by: stianst <stianst@gmail.com>
2024-01-24 13:43:03 +01:00
Lex Cao
142c14138f
Add verify email required action for IdP email verification
...
Closes #26418
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-24 12:15:09 +01:00
Takashi Norimatsu
b99f45ed3d
Supporting EdDSA
...
closes #15714
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: Muhammad Zakwan Bin Mohd Zahid <muhammadzakwan.mohdzahid.fg@hitachi.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-01-24 12:10:41 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes ( #26273 )
...
Closes #24105
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Douglas Palmer
e7d842ea32
Invalidate session secretly
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-19 15:44:35 -03:00
Douglas Palmer
18d0105de0
Invalidate authentication session on repeated OTP failures
...
Closes #26177
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-19 15:44:35 -03:00
rmartinc
2f0a0b6ad8
Remove deprecated mode for saml encryption
...
Closes #26291
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-18 16:52:10 +01:00
cgeorgilakis-grnet
ccade62289
Enhance error logs and error events during UserInfo endpoint and Token Introspection failure
...
Closes #24344
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-01-16 11:26:29 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading ( #26160 )
...
Closes #25300
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
cgeorgilakis-grnet
a3257ce08f
OIDC Protocol Mappers with same claim
...
Closes #25774
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-01-15 09:16:12 -03:00
rmartinc
e162974a8d
Integrate registration with terms and conditions required action
...
Closes #25891
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-15 10:19:30 +01:00
Alexander Schwartz
a8eca6add0
Changing to the Infinispan BOM to avoid mis-aligned Infinispan dependencies ( #26137 )
...
Closes #22922
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
2024-01-15 09:20:47 +01:00
MikeTangoEcho
c2b132171d
Add X509 thumbprint to JWT when using private_key_jwt
...
Closes keycloak#12946
Signed-off-by: MikeTangoEcho <mathieu.thine@gmail.com>
2024-01-12 16:01:01 +01:00
Lex Cao
47f7e3e8f1
Use email verification instead of executing action for send-verify-email
endpoint
...
Closes #15190
Add support for `send-verify-email` endpoint to use the `email-verification.ftl` instead of `executeActions.ftl`
Also introduce a new parameter `lifespan` to be able to override the default lifespan value (12 hours)
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-11 16:28:02 -03:00
Jon Koops
5eb7363ddd
Promote Account Console v3 to default and deprecate v2 ( #25852 )
...
Closes #19663
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-01-11 19:42:10 +01:00
mposolda
692aeee17d
Enable user profile by default
...
closes #25151
Signed-off-by: mposolda <mposolda@gmail.com>
2024-01-11 12:48:44 -03:00
Patrick Hamann
d36913a240
Ensure protocol forced reauthentication is correctly mapped during SAML identity brokering
...
Closes #25980
Signed-off-by: Patrick Hamann <patrick@fastly.com>
2024-01-10 20:46:35 +01:00
remi
b22efeec78
Add a toggle to use context attributes on the regex policy provider
...
Signed-off-by: remi <remi.tuveri@gmail.com>
2024-01-10 16:15:25 -03:00
rmartinc
42f0488d76
Avoid returning duplicated users in LDAP and unsynced
...
Closes #24141
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 12:47:15 +01:00
Réda Housni Alaoui
3c05c123ea
On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-09 16:04:52 -03:00
Alexander Schwartz
03372d2f41
Fix OfflineServletAdapterTest failures, and improve logging ( #25724 )
...
Closes #25714
Closes #14448
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-09 14:59:20 +01:00
shigeyuki kabano
67e73d3d4e
Enhancing Lightweight access token M2(keycloak#25716)
...
Closes keycloak#23724
Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
2024-01-09 09:42:30 +01:00
Ricardo Martin
097d68c86b
Escape action in the form_post.jwt and only decode path in RedirectUtils ( #93 ) ( #25995 )
...
Closes #90
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-09 08:20:14 +01:00
Alexander Schwartz
0a16b64805
Stabilizing test cases by adding cleanups
...
Closes #24651
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-08 19:32:01 -03:00
Douglas Palmer
58d167fe59
Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
...
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Steven Hawkins
d1d1d69840
fix: adds a general error message and descriptions for some exceptions ( #25806 )
...
closes : #25746
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-08 18:19:40 +00:00
Felix Gustavsson
0f47071a29
Check if UMA is enabled on resource, if not reject the request.
...
Closes #24422
Signed-off-by: Felix Gustavsson <felix.gustavsson@topgolf.com>
2024-01-08 11:28:57 -03:00
Tomas Ondrusko
e4fa5c034a
Update web element of the LinkedIn login page ( #25905 )
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2024-01-08 11:32:45 +01:00
Pedro Igor
d540584449
Using a valid URI when deleting cookies before/after running tests
...
Closes #22691
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 15:13:12 -03:00
atharva kshirsagar
d7542c9344
Fix for empty realm name issue
...
Throw ModelException if name is empty when creating/updating a realm
Closes #17449
Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-05 14:23:42 +01:00
Pedro Igor
8ff9e71eae
Do not allow verifying email from a different account
...
Closes #14776
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Pedro Igor
f476a42d66
Fixing the registration_client_uri to point to a valid URI after updating a client
...
Closes #23229
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:41:36 +01:00
Ben Cresitello-Dittmar
057d8a00ac
Implement Authentication Method Reference (AMR) claim from OIDC specification
...
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.
This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.
The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.
Closes #19190
Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
2024-01-03 14:59:05 -03:00
Jon Koops
07f9ead128
Upgrade Welcome theme to PatternFly 5
...
Closes #21343
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-03 14:46:01 -03:00
Réda Housni Alaoui
5287500703
@NoCache is not considered anymore
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-02 09:06:55 -03:00
Alexander Schwartz
9e890264df
Adding a test case to check that the expiration time is set on logout tokens
...
Closes #25753
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-22 20:13:40 +01:00
Niko Köbler
5e623f42d4
add the exp claim to the backchannel logout token
...
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.
As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.
resolves #25753
Signed-off-by: Niko Köbler <niko@n-k.de>
2023-12-22 20:13:40 +01:00
Pedro Igor
ceb085e7b8
Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
...
Closes #25704
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
rmartinc
c2e41b0eeb
Make Locale updater generate an event and use the user profile
...
Closes #24369
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-20 15:26:45 +01:00
Daniel Fesenmeyer
baafb670f7
Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java)
...
Closes #25677
Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2023-12-20 14:03:35 +01:00
Konstantinos Georgilakis
cf57af1d10
scope parameter in refresh flow
...
Closes #12009
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-20 14:00:10 +01:00
mposolda
eb184a8554
More info on UserProfileContext
...
closes #25691
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-19 13:00:31 -03:00
Pedro Igor
810ebf4efd
Migration steps for enabling user profile by default
...
Closes #25528
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-19 10:19:45 -03:00
Joshua Sorah
d411eafc42
Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207
...
Closes keycloak/keycloak#25584
Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2023-12-19 10:38:05 +01:00
Ricardo Martin
2ba7a51da6
Escape action in the form_post response mode ( #60 )
...
Closes keycloak/keycloak-private#31
Closes https://issues.redhat.com/browse/RHBK-652
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis
ba8c22eaf0
Scope parameter in Oauth 2.0 token exchange
...
Closes #21578
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce
Updating theme templates to render user attributes based on the user profile configuration
...
Closes #25149
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
rmartinc
d841971ff4
Updating the UP configuration needs to trigger an admin event
...
Close #23896
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-18 19:24:30 +01:00
Steven Hawkins
ec28b68554
fix: improve group matching ( #25627 )
...
closes #25451
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-18 11:46:02 +01:00
mposolda
cd154cf318
User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect
...
closes #25475
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-18 11:32:27 +01:00
Takashi Norimatsu
59536becec
Client policies : executor for enforcing DPoP
...
closes #25315
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-18 10:45:18 +01:00
Joshua Sorah
a10149bbe9
For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs
...
Closes keycloak#25544
Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2023-12-18 09:05:51 +01:00
Ricardo Martin
ae04b954a6
Fix for test SSSDUserProfileTest.test05MixedInternalDBUserProfile ( #25570 )
...
Closes #25566
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-15 18:57:31 +00:00
Martin Bartoš
14fd61bacc
PubKeySignRegisterTest failures in WebAuthn tests
...
Fixes #9693
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2023-12-15 14:52:05 +01:00
Erwin Rooijakkers
860978b15a
Change arg of getSubGroups to briefRepresentation
...
Parameter name briefRepresentation should mean briefRepresentation,
not full. This way callers will by default get the full
representation, unless true is passed as value for
briefRepresentation.
Fixes #25096
Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr ( #25215 )
...
also generally correcting the misspelling trustore
closes : #24798
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6
Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration
...
closes #25416
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-14 14:43:28 +01:00
Tomas Ondrusko
26342d829c
Update web elements of the Instagram login page
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-12-14 14:03:53 +01:00
rmartinc
c14bc6f2b0
Create terms and conditions execution when registration form is added
...
Closes #21730
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-13 15:32:58 +01:00
Pedro Igor
fa79b686b6
Refactoring user profile interfaces and consolidating user representation for both admin and account context
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
VR
1545b32a64
Revert changes related to map store in test classes in base testsuite
...
Closes #24567
Signed-off-by: VR <vramik@redhat.com>
2023-12-12 16:16:38 +01:00
Thomas Darimont
0f5bbae75c
Add support for POST logout in Keycloak JS ( #25348 )
...
Closes #25167
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-11 14:55:48 +01:00
Pedro Igor
78ba7d4a38
Do not allow removing username and email from user profile configuration
...
Closes #25147
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-11 08:30:28 +01:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks
...
Closes #23966
2023-12-08 17:55:17 +01:00
mposolda
90bf88c540
Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers
...
closes #24718
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-08 12:26:35 +01:00
Pedro Igor
b1626172aa
Removing unnecessary property from auth-server-migration maven profile
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 15:35:29 -03:00
rmartinc
522e8d2887
Workaround to allow percent chars in getGroupByPath via PathSegment
...
Closes #25111
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-06 14:22:34 -03:00
Peter Zaoral
340eb99412
Unable to use < as part of a password (admin-cli) ( #24939 )
...
* escaped angle bracket characters in password
Closes #21951
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-12-06 17:27:44 +01:00
Pedro Igor
ab1173182c
Make sure realm is available from session when migrating to 23
...
Closes #25183
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 07:42:54 -03:00
rmartinc
d004e9295f
Do not allow remove a credential in account endpoint if provider marks it as not removable
...
Closes #25220
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-05 17:11:57 +01:00
Vlasta Ramik
6f37fefd8d
Delete container providers from the base testsuite ( #25168 )
...
Closes #24097
Signed-off-by: vramik <vramik@redhat.com>
2023-12-04 14:44:35 +01:00
Alfredo Moises Boullosa
0b48bef0b1
Update springboot version
...
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
2023-12-04 11:15:51 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi ( #25206 )
...
Closes #24103
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-12-01 16:40:56 +00:00
rmartinc
31b7c9d2c3
Add UP decorator to SSSD provider
...
Closes https://github.com/keycloak/keycloak/issues/25075
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-01 15:41:05 +01:00
Pedro Igor
c5bcdbdc3f
Make sure username is lowercase when normalizing attributes
...
Closes #25173
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-01 12:16:13 +01:00
Martin Kanis
4279bbc6b5
Map Store Removal: Delete map profiles from testsuite
...
Closes #24094
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2023-11-30 14:59:02 +01:00
vramik
587cef7de4
Delete Profile.Feature.MAP_STORAGE
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24102
2023-11-30 13:04:39 +01:00
Pedro Igor
c7f63d5843
Add options to change behavior on how unmanaged attributes are managed
...
Closes #24934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore ( #24473 )
...
closes #24148
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
Douglas Palmer
d0b86d2f64
Register event not triggered on external to internal token exchange
...
Closes #9684
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 15:30:47 -03:00
mposolda
479e6bc86b
Update Kerberos provider for user-profile
...
closes #25074
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4
Allow automatic download of SAML certificates in the identity provider
...
Closes https://github.com/keycloak/keycloak/issues/24424
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d
Remove lowercase for the hostname as recommended/advised by OAuth spec
...
Closes https://github.com/keycloak/keycloak/issues/25001
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Martin Bartoš
e71d850a03
Run SAML adapter tests with EAP 8
...
Closes #24168
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2023-11-28 14:07:44 +01:00
Pedro Igor
2c611cb8fc
User profile configuration scoped to user-federation provider
...
closes #23878
Co-Authored-By: mposolda <mposolda@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax ( #25 ) ( #25036 )
...
Closes https://github.com/keycloak/security/issues/46
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2023-11-27 11:38:14 +01:00
Takashi Norimatsu
1f5ee9bf80
NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token
...
closes #25022
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-11-27 08:49:48 +01:00
Thomas Darimont
8888e3d41c
Avoid deprecated API usage in testsuite/integration-arquillian/tests/base ( #24904 )
...
- Removed unused imports
- Avoided deprecated junit/hamcrest API
- Avoid usage of JDK API scheduled for removal
This should reduce the number of compiler warnings in the logs quite a bit
closes #24995
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-24 09:37:34 +01:00
Thomas Darimont
d30d692335
Introduce MaxAuthAge Password policy ( #12943 )
...
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.
Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin
Fixes #12943
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
rmartinc
5fad76070a
Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience
...
Closes https://github.com/keycloak/keycloak/issues/24659
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 18:22:16 +01:00
rmartinc
cca33baac3
Avoid NPE if RelayState is null and return a proper error
...
Closes https://github.com/keycloak/keycloak/issues/24079
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 12:56:49 +01:00
rmartinc
e3b2eec1ba
Make user profile validation success if the attribute was already wrong and read-only in the context
...
Closes https://github.com/keycloak/keycloak/issues/24697
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-14 03:07:00 -08:00
Erik Jan de Wit
89abc094d1
userprofile shared ( #23600 )
...
* move account ui user profile to shared
* use ui-shared on admin same error handling
also introduce optional renderer for added component
* move scroll form to ui-shared
* merged with main
* fix lock file
* fixed merge error
* fixed merge errors
* fixed tests
* moved user profile types to admin client
* fixed more types
* pr comments
* fixed some types
2023-11-14 08:04:55 -03:00
vramik
71b6757c2f
Remove quarkus options related to map store
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24098
2023-11-13 12:34:52 +01:00
vramik
926be135e8
Remove map related modules
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24100
2023-11-13 12:34:52 +01:00
Hynek Mlnařík
0ceaed0e2e
Transient users: Consents ( #24496 )
...
closes #24494
2023-11-10 11:18:27 +01:00
rmartinc
6963364514
Keep same name on update for LDAP attributes
...
Closes https://github.com/keycloak/keycloak/issues/23888
2023-11-09 23:54:45 +01:00
vramik
6fa26d7ff4
Delete map dependencies from dependency management
...
Closes #24101
2023-11-08 13:53:17 +01:00
mposolda
7863c3e563
Moving UPConfig and related classes from keycloak-services
...
closes #24535
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-07 12:41:29 +01:00
Joshua Sorah
7ca00975d4
Feature flag DPoP metadata in OIDC Well Known endpoint
...
Closes keycloak/keycloak#24547
Signed-off-by: Joshua Sorah <jsorah@gmail.com>
2023-11-06 03:13:57 -08:00
vramik
593c14cd26
Data too long for column 'DETAILS_JSON'
...
Closes #17258
2023-11-02 20:29:35 +01:00
Oliver
563ae104fd
[issue-14134] test partial import user with id
...
Fix #14134
2023-11-02 05:56:12 -07:00
Jon Koops
fe0a9459dd
Remove UTF-8 encoding header from property files ( #24471 )
2023-11-01 16:03:26 -04:00
rmartinc
d7bb59461d
Escape $ sign when replacing clientId in the role mappers
...
Closes https://github.com/keycloak/keycloak/issues/23692
2023-11-01 20:47:15 +01:00
Pedro Igor
be65ba8689
Make sure optional default attributes are removed when decorating the user-define user profile configuration
...
Closes #24420
2023-11-01 14:54:09 +01:00
mposolda
0bd2b342d7
Update per review
2023-10-31 12:56:46 -07:00
mposolda
6f992915d7
Move some UserProfile and Validation classes into keycloak-server-spi
...
closes #24387
2023-10-31 12:56:46 -07:00
Aboullos
75440abb5f
Fix compilation error on springboot ( #24437 )
2023-10-31 19:29:05 +00:00
Justin Tay
3ff0476cc3
Allow customization of aud claim with JWT Authentication
...
Closes #21445
2023-10-31 11:33:47 -07:00
rmartinc
1b630326b2
Fixes in LDAP tests when using AD
...
Closing https://github.com/keycloak/keycloak/issues/24357
2023-10-31 13:34:37 +01:00
rmartinc
7deb4ca545
Group count and PartialExport permission fixes
...
Closes https://github.com/keycloak/keycloak/issues/12171
2023-10-31 01:40:21 -07:00
Aboullos
c23e1e0e2b
Fix springboot tests ( #24254 )
...
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-31 09:06:09 +01:00
rmartinc
6484a3e705
Add userProfileEnabled attribute to realm response if admin can view users
...
closes https://github.com/keycloak/keycloak/issues/19093
2023-10-30 07:39:03 -07:00
rmartinc
ea398c21da
Add a property to the User Profile Email Validator for max length of the local part
...
Closes https://github.com/keycloak/keycloak/issues/24273
2023-10-27 15:09:42 +02:00
Alice
69497382d8
Group scalability upgrades ( #22700 )
...
closes #22372
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Thomas Darimont
d56baa80b3
Add support for passing acr_values in auth requests in keycloak.js ( #9383 ) ( #24259 )
...
Fixes #9383
2023-10-25 15:33:39 +02:00
Hynek Mlnarik
c036980c37
Add TRANSIENT_USERS feature flag
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d59ceb17e9
Add tests for offline access, introspection and userinfo endpoint
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d70735f64d
Tests
...
Part-of: Add support for not importing brokered user into Keycloak database
Closes : #11334
2023-10-25 12:02:35 +02:00
ggraziano
84112f57b5
Verification of iss at refresh token request
...
Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method.
Closes #22191
2023-10-24 23:42:11 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration ( #24215 )
...
closes #24182
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-10-24 20:19:33 +02:00
Martin Kanis
10a2c96c72
Users in role Rest API returns empty when User federation used ( #23318 )
...
* Users in role Rest API returns empty when User federation used
Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-24 11:10:20 -04:00
rmartinc
ad01ed1497
Do not reset the user profile configuration on disable
...
Closes https://github.com/keycloak/keycloak/issues/23527
2023-10-24 03:05:34 -07:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow ( #23892 )
...
Closes #23891
2023-10-24 10:09:26 +02:00
vramik
a0f04fa2be
Declarative User Profile export
...
Closes #12062
Resolves #20885
2023-10-21 19:21:20 +02:00
Pedro Igor
e47389f199
Username now shown when creating a user and edit username is not allowed
...
Closes #24183
2023-10-20 10:22:31 -07:00
Pedro Igor
d4a5391013
Making sure public clients can RPT tokens
...
Closes #14165
2023-10-20 17:53:10 +02:00
Pedro Igor
55a5a8c0eb
Ignore custom attributes when processing attributes in verify profile action
...
Closes #24077
2023-10-20 17:51:40 +02:00
mposolda
c18e8ff535
User profile tweaks in registration forms
...
closes #24024
2023-10-20 06:31:21 -07:00
kaustubh-rh
1ac2c0997d
Inconsistent handling of parenthesis in auth flow name ( #24113 )
...
closes #16379
2023-10-20 10:00:46 +02:00
mposolda
04777299b0
After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly
...
closes #23880
2023-10-19 19:23:50 +02:00
Vlasta Ramik
f6d582c761
Import migration step for kc22
...
Closes #24031
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-10-19 09:00:49 +02:00
rmartinc
d10ccc7245
Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions
...
Closes: https://github.com/keycloak/keycloak/issues/21797
Closes: https://github.com/keycloak/keycloak/issues/21818
2023-10-19 08:31:49 +02:00
Pedro Igor
e91a0afca2
The username in account is required and don't change when email as username is enabled
...
Closes #23976
2023-10-17 16:43:44 -03:00
wojnarfilip
b5ec155b64
Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin
...
Closes #23960
2023-10-17 16:59:09 +02:00
shigeyuki kabano
6112b25648
Enhancing Light Weight Token( #22148 )
...
Closes #21183
2023-10-17 13:12:36 +02:00
Alexander Schwartz
50916d58b1
Clean up created test user to avoid conflict with other tests
...
Closes #23804
2023-10-16 19:10:52 +02:00
wojnarfilip
f9386bd62b
Update login flow in OCP social login
2023-10-16 10:45:38 -03:00
Pedro Igor
9c19a8972b
Removing the default cache metadata
...
Closes #23910
2023-10-13 16:32:55 +02:00
Moritz Becker
e9f08b6500
Do not return empty scope field in token introspection response
...
Closes #16526
2023-10-13 08:36:12 +02:00
Steven Hawkins
478ceb0b34
modification of kc.sh to remove param eval ( #22585 )
...
* test
* modification of kc.sh to remove eval of env/args
Closes #22337
---------
Co-authored-by: rmartinc <rmartinc@redhat.com>
2023-10-12 17:10:53 +02:00
Vojtěch Boček
8871983b33
Add support for single-tenant mode to Microsoft Identity Provider ( #20699 )
...
* Add support for single-tenant mode to Microsoft Identity Provider
Fixes #20695
Closes #11207
* Add SocialLoginTest for Microsoft single-tenant variant
2023-10-10 16:35:36 -04:00
Marek Posolda
a6609bd969
Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate ( #23517 )
...
Closes #12406
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-10 21:54:37 +02:00
Pedro Igor
7385ed56c7
Avoid creating the component when there is no component and configuration is not provided
...
Closes #20970
Co-authored-by: Pedro Igor <psilva@redhat.com>
2023-10-10 13:28:48 +02:00
Tero Saarni
22d093f5c0
Fix multi-valued LDAP attribute support
...
FullName LDAP storage mapper was delegating to single-valued setter even
when multi-valued setter was called.
Closes #22091
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-10-06 14:36:02 +00:00
mposolda
cdb61215c9
UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed
...
closes #23749
2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile ( #23537 )
...
Closes #23507 , #23584 , #23740 , #23774
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-10-06 10:15:39 -03:00
rmartinc
890600c33c
Remove backward compatibility for ECDSA tokens
...
Closes https://github.com/keycloak/keycloak/issues/23734
2023-10-06 14:24:48 +02:00
Martin Kanis
0853d484ec
Remove transaction in InfinispanSingleUseObjectProvider#remove ( #23708 )
...
Co-authored-by: mposolda <mposolda@gmail.com>
2023-10-06 10:00:04 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. ( #22317 )
...
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
2023-10-05 15:08:01 +02:00
vramik
7f2f4aae67
Upgrade liquibase version to avoid a bug where a changeset is executed twice
...
Closes #23220
2023-10-05 13:35:05 +02:00
Tomas Ondrusko
58131f1dcc
Update the Instagram login process
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-05 09:33:05 +02:00
Steven Hawkins
9a93b9a273
allows csv output to handle missing requested fields ( #23459 )
...
* allows csv output to handle missing requested fields
Closes #12330
* fixes the handling of the content type
also makes it more explicit the expectation of applying csv and return
fields
* fix: consolidating the logic dealing with the content-type
Closes #23580
2023-10-04 15:49:19 +02:00
Dmitry Telegin
085d0d73c9
Fix nonce/scope typo
2023-10-02 22:36:51 +02:00
Tomas Ondrusko
fcb91a83ba
Ignore query parameters while testing the LinkedIn profile picture URL ( #23557 )
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-10-02 14:36:17 +02:00
Tomas Ondrusko
3d42573813
Update PayPal social login flow to use 127.0.0.1 instead of localhost ( #23532 )
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-09-28 09:34:45 +00:00
fwojnar
56082cdd2d
Fixes issue in login flow of SocialLoginTest#twitterLogin ( #23122 )
...
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-09-28 10:21:59 +02:00
Lucas Hedding
de5aa2e74d
Add createTimestamp to REST service ( #23293 )
...
Closes #14009
2023-09-27 13:38:16 +02:00
rmartinc
10c1e3ba6d
Client roles should be mapped to any claim name
...
Closes https://github.com/keycloak/keycloak/issues/22349
2023-09-27 08:11:22 -03:00
rmartinc
d90640b5a3
Change email checkserveridentity prop as angus mail sets it to true by default
...
Closes https://github.com/keycloak/keycloak/issues/22395
2023-09-26 09:11:16 +02:00
Maria Arias de Reyna
c15753266f
fix( Closes #21236 ): Adding client-id to logout event
2023-09-25 13:20:26 +02:00
Pedro Igor
741f76887c
Allow updating email when email as username is set and edit username disabed
...
#23438
2023-09-25 08:19:01 -03:00
Michal Hajas
496c5ad989
Use new findGroupByPath implementation and remove the old one
...
Closes #23344
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-09-25 10:44:24 +02:00
Jon Koops
47d9ae71c4
Revert the new welcome screen experience ( #23446 )
...
This reverts commit bcab75a7ef
.
2023-09-21 16:03:00 +00:00
Justin Tay
7d3104ee76
Allow public clients to use PAR endpoint
...
Closes #8939
2023-09-21 13:57:42 +02:00
rmartinc
7afd90982d
Align wildfly-core and wildfly version for tests
...
Closes https://github.com/keycloak/keycloak/issues/23342
2023-09-21 10:53:57 +02:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted ( #8430 )
...
Closes #14820
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-09-20 17:20:43 +02:00
Jon Koops
e86bf1f0b2
Remove P3P
header from authentication flow
...
Closes #23348
2023-09-19 08:50:33 -03:00
rmartinc
743bb696d9
Allow duplicated keys in advanced claim mappers
...
Closes https://github.com/keycloak/keycloak/issues/22638
2023-09-19 07:49:34 -03:00
wojnarfilip
5603ee7b46
Fixes login flow in Microsoft social login test
...
Closes #22657
2023-09-18 14:21:41 +02:00
Pedro Igor
217a09ce46
Switch to Resteasy Reactive
...
Closes #10713
2023-09-18 09:19:03 -03:00
paul
f684a70048
KEYCLOAK-15985 Add Brute Force Detection Lockout Event
2023-09-15 10:32:07 -03:00
Jon Koops
bcab75a7ef
Add new version of Welcome theme based on PatternFly 5 ( #23008 )
2023-09-14 08:24:17 -04:00
Andreas Blaettlinger
86c0e338d9
Toggle visibility of password input fields in login-ftl-based pages
...
Closes #22067
2023-09-14 08:04:35 -03:00
Pedro Igor
1442f14c45
Registration page not showing username when edit username is not enabled
...
Closes #23185
2023-09-14 07:32:39 -03:00
Justin Tay
658c0ef19f
Send Client ID in token request with JWT Authentication
...
Closes #21444
2023-09-14 10:57:32 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix ( #23184 )
...
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer
a68ad55a37
Support to define compatible mappers for (new) Identity Providers
...
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers
Closes #21154
2023-09-13 17:19:06 -03:00
Jacek Kowalski
f5182deb30
Fix valid redirect URIs for built-in account-console client on realm rename ( #20894 )
...
Closes #9541
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-09-13 15:28:07 +02:00
Konstantinos Georgilakis
0044472f87
Add regex support in 'Condition - User attribute' execution
...
Closes #265
2023-09-13 08:36:45 +02:00
rmartinc
48ab2b1688
FullNameLDAPStoreMapper removes values for other attributes
...
Closes https://github.com/keycloak/keycloak/issues/22526
2023-09-13 08:11:32 +02:00
vramik
d34a371971
Enable ZeroDowntimeTest
...
Closes #21825
2023-09-11 19:09:30 +02:00
Pedro Igor
04dd9afc5e
Do not store empty attributes when updating user profile
...
Closes #22960
2023-09-11 07:47:31 -03:00
rmartinc
7da52a43bd
Add old LinkedIn provider to the deprecated profile
...
Closes https://github.com/keycloak/keycloak/issues/23067
2023-09-08 10:05:17 +02:00
Marek Posolda
506e2537ac
Registration flow fixed ( #23064 )
...
Closes #21514
Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-09-08 08:05:05 +02:00
Pedro Igor
bc31fde4c0
Broker claim mapper not recognizing claims from user info endpoint
...
Closes #12137
2023-09-07 16:34:45 +02:00
Kaustubh B
5ee2ba9372
Added tests
2023-09-07 08:43:35 +02:00
rmartinc
8887be7887
Add a new identity provider for LinkedIn based on OIDC
...
Closes https://github.com/keycloak/keycloak/issues/22383
2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f
Role mappers must return a single value when they are not multivalued
...
Closes #20218
2023-08-31 19:16:12 +02:00
mposolda
57e51e9dd4
Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation
...
closes #20045
2023-08-30 13:24:48 +02:00
vramik
4cd34f8423
Update logging properties for showing SQL statements and JDBC parameters
...
Closes #22815
2023-08-30 12:52:08 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal ( #22531 )
...
closes #22352 #9422
2023-08-29 11:21:01 +00:00
Pedro Igor
ea3225a6e1
Decoupling legacy and dynamic user profiles and exposing metadata from admin api
...
Closes #22532
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-08-29 08:14:47 -03:00
Pedro Igor
b779df6a55
Parsing response from user info rather than the access token
...
Closes #22581
2023-08-29 12:23:56 +02:00
Tomas Ondrusko
e70ffd0105
Handle GitHub logout properly ( #22463 )
...
Add profile info update to GitHub login test cases
Closes #22461
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-08-28 10:06:12 +02:00
t0xicCode
822c13ff6f
Switch Trusted Host policy redirect verification to URI
...
Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI.
The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used.
In contrast, the URI class simply parses the string, ensuring the format is valid.
The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs.
See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation.
Closes #22309
2023-08-14 10:20:23 +02:00
Pedro Igor
baac060eb1
Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts
...
Closes #21751
2023-08-11 13:32:16 +02:00
Erik Jan de Wit
874d2063b8
only add realm access to the current realm ( #21554 )
...
fixes : #21553
2023-08-10 12:43:15 +02:00
wojnarfilip
6c070d587f
Closes #22282
2023-08-10 12:05:20 +02:00
Takashi Norimatsu
258711ef4f
DPoP verification in UserInfo endpoint
...
closes #22215
2023-08-07 10:49:33 +02:00
Takashi Norimatsu
9d0960d405
Using DPoP token type in the access-token and as token_type in introspection response
...
closes #21919
2023-08-07 10:40:18 +02:00
Marek Posolda
4dc929abb3
Missing client_id validation match when authenticating client with JW… ( #22178 )
...
Closes #22177
2023-08-03 11:47:55 +02:00
Takashi Norimatsu
ee998fee66
Add FAPI 2.0 security profile as default profile of client policies
...
closes #21181
2023-08-03 09:26:16 +02:00
Ricardo Martin
a8bca522c1
Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers ( #21627 )
...
Closes #9004
Co-authored-by: Armel Soro <armel@rm3l.org>
2023-08-02 09:36:50 +02:00
Thomas Darimont
82269f789a
Avoid using deprecated junit APIs in tests
...
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat
Fixes : #22111
2023-08-01 11:44:25 +02:00
mposolda
6f6b5e8e84
Fix authenticatorConfig for javascript providers
...
Closes #20005
2023-07-31 19:28:25 +02:00
Vlasta Ramik
29b67fc8df
Inconsistent Wildcard handling for JPA ( #21671 )
...
* Inconsistent Wildcard handling for JPA
Closes #20610
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-07-27 17:03:22 +02:00
rmartinc
0a7fcf43fd
Initial pagination in the admin REST API for identity providers
...
Closes https://github.com/keycloak/keycloak/issues/21073
2023-07-27 14:48:02 +02:00
Takashi Norimatsu
9a921441cc
Adjustements to the behaviour of dpop_bound_access_tokens switch
...
closes #21920
2023-07-27 11:30:01 +02:00
Takashi Norimatsu
6498b5baf3
DPoP: OIDC client registration support
...
closes #21918
2023-07-26 13:00:35 +02:00
Ricardo Martin
ee35cfe478
Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages ( #21897 )
...
* Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page
Closes #10232
2023-07-26 11:34:19 +02:00
Marek Posolda
bb8ba1af5a
Fix script tests on windows ( #21942 )
...
Closes #21778 #21779 #21780
2023-07-25 12:37:21 +00:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase ( #21202 )
...
closes #21200
Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2023-07-24 16:44:24 +02:00
Takashi Norimatsu
05b8b9ee51
Enhancing Pluggable Features of Token Manager
...
closes #21182
2023-07-24 09:16:29 +02:00
Takashi Norimatsu
2efd79f982
FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
...
Closes #20584
2023-07-24 09:11:30 +02:00
rmartinc
7336ff07ac
Check RDN attribute for DN membership
...
Closes https://github.com/keycloak/keycloak/issues/20718
2023-07-21 11:13:45 +02:00
todor
897965f604
KEYCLOAK-20343 Add message bundle to export/import
...
Closes #20343
2023-07-20 23:00:28 +02:00
Alexander Schwartz
7c9593f88a
Upgrade Infinispan to 14.0.13.Final ( #21565 )
...
Closes #21564
2023-07-20 16:59:19 +00:00
Václav Muzikář
776bcbcbd4
Update bcpkix and bcprov dependencies ( #21543 )
...
Closes #21360
2023-07-20 11:57:18 +02:00
vramik
13d412989c
Disable ZeroDowntimeTest
...
Closes #21823
2023-07-19 20:35:08 +02:00
Lukas Hanusovsky
086b85fad4
[20455] Arquillian reflection bug -> using different setter to avoid overloading. ( #21806 )
2023-07-19 14:43:36 +02:00
rmartinc
ed1934d73a
Ensure that the flow tested to be deleted is a built in flow
...
Closes https://github.com/keycloak/keycloak/issues/20763
2023-07-19 08:56:32 +02:00
mposolda
03716ed452
Keycloak forgets ui_locales parameter when using reset password
...
closes #10981
2023-07-18 09:24:12 +02:00
rmartinc
630e3b2312
Revert emailVerified to false if email modified on force-sync non-trusted broker
...
Closes https://github.com/keycloak/security/issues/48
2023-07-17 13:13:47 +02:00
Michal Hajas
07c27336aa
Check whether realm has store enabled for immediately sent events
...
Closes #21698
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-07-14 20:50:33 +02:00
Pedro Igor
57423bca2b
Additional test for logout when using multiple tabs ( #21518 )
...
Closes #21451
2023-07-11 11:22:20 +02:00
Pedro Igor
376d20c285
Remove user credentials from admin event representation ( #21561 )
...
Closes #17470
2023-07-11 08:26:29 +02:00
rmartinc
13870f3a69
Improve error management in the github provider
...
Closes https://github.com/keycloak/keycloak/issues/9429
2023-07-10 16:09:08 -03:00
Pedro Igor
94074f4a98
Remove unnecessary tests ( #21551 )
...
Closes #21099
2023-07-10 13:36:21 +00:00
Daniele Martinoli
75741d17ab
Updated test case in RequiredActionResetPasswordTest
2023-07-10 08:31:47 -03:00
Patrick Jennings
399a23bd56
Find an appropriate key based on the given KID and JWA ( #21160 )
...
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.
Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.
* Update js/apps/admin-ui/public/locales/en/clients.json
Co-authored-by: Marek Posolda <mposolda@gmail.com>
* Updating boolean variable name based on suggestions by Marek.
* Adding integration test specifically for the JWT parameters for regression #20847 .
---------
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-07-10 13:28:55 +02:00
Daniele Martinoli
7b8dcb42ea
Using "Account is disabled" message (and also added new test case)
2023-07-07 12:16:38 -03:00
Daniele Martinoli
2a95e2c245
updated failed login test case with new error message
2023-07-07 09:00:51 -03:00
Daniele Martinoli
44570d12ee
fixed error in IdentityProviderTest
2023-07-07 08:59:36 -03:00
Daniele Martinoli
83d88f6bb5
added Hardcoded Group mapper to IDP configuration
2023-07-07 08:59:36 -03:00
A. Tammy
497d08af1c
make cli usable on OpenBSD ( #16462 )
...
Signed-off-by: Aisha Tammy <aisha@bsd.ac>
Co-authored-by: Aisha Tammy <aisha@bsd.ac>
2023-07-07 08:58:41 +02:00
Peter Zaoral
2b1c29a6f2
Use Quarkus Platform BOM
...
Closes #20570
Closes #15870
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2023-07-06 12:45:48 -03:00
Martin Bartoš
a1a80433e3
Fix flaky OfflineServletsAdapterTest test ( #21416 )
...
Fixes #20013
2023-07-04 10:57:20 +00:00
rmartinc
09e30b3c99
Support for JWE IDToken and UserInfo tokens in OIDC brokers
...
Closes https://github.com/keycloak/keycloak/issues/21254
2023-07-03 21:25:46 -03:00
mposolda
ccbddb2258
Fix updating locale on info/error page after authenticationSession was already removed
...
Closes #13922
2023-07-03 18:57:36 -03:00
Martin Bartoš
e3e123b577
JavascriptAdapterTest is broken due to the multiple initialization of JS adapter
...
Fixes #21412
2023-07-03 16:44:22 -03:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider ( #20188 )
...
Closes #20191
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-06-29 18:44:15 +02:00
Marek Posolda
51a9712e59
Improper Client Certificate Validation for OAuth/OpenID clients ( #20 )
...
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2023-06-28 17:52:48 -03:00
Ricardo Martin
1973d0f0d4
Check the redirect URI is http(s) when used for a form Post ( #22 )
...
Closes https://github.com/keycloak/security/issues/22
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-06-28 17:52:48 -03:00
Pedro Igor
28aa1d730d
Verify holder of the device code ( #21 )
...
Closes https://github.com/keycloak/security/issues/32
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
2023-06-28 15:45:26 +02:00
rmartinc
4bc11bdf7f
Do not return an error when moving a group to the current parent
...
Closes https://github.com/keycloak/keycloak/issues/21242
2023-06-28 10:34:15 +02:00
rmartinc
a5a2753d11
Don't allow impersonate disabled users or service accounts
...
Closes https://github.com/keycloak/keycloak/issues/21106
2023-06-28 10:18:21 +02:00
Hynek Mlnarik
c092c76ae8
Remove ldapsOnly (Java)
...
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.
Closes : #9313
2023-06-28 08:30:09 +02:00
Pedro Igor
d0691b0884
Support for the locale user attribute
...
Closes #21163
2023-06-27 09:21:08 -03:00
Miquel Simon
46fa7d2e6c
Enable back a few tests that have been fixed to run on Firefox and Chrome.
2023-06-26 11:25:07 -03:00
Pavel Drozd
216bbe512f
Add tests and profiles for testing EAP6, SpringBoot and Fuse adapters
2023-06-26 11:24:02 -03:00
eatik
6d0636987e
keeping VIEW_USERS related tests in PermissionTest
...
Closes #20783
2023-06-26 11:05:35 -03:00
eatik
7cfa012427
adding test code
...
Closes #20783
2023-06-26 11:05:35 -03:00
Takashi Norimatsu
f6ecc3f3f8
FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request
...
closes #20710
2023-06-26 12:09:25 +02:00
vramik
7fe7dfc529
ResourceType lost during clonning
...
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Closes #20947
2023-06-23 09:31:44 +02:00
Pedro Igor
aff6cc1cbd
Running mappers during account linking
...
Closes #11195
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: toddkazakov
2023-06-22 17:41:31 +02:00
Pedro Igor
eb5edb3a9b
Support reading base32 encoded OTP secret
...
Closes #9434
Closes #11561
2023-06-22 08:08:13 -03:00
mposolda
137f8d807a
Account Console II doesn't remove TOTP from UserStorage
...
closes #19575
2023-06-22 07:56:44 +02:00
Pedro Igor
0dd7c4a515
Fixing auth-server-quarkus-embedded
2023-06-21 17:18:26 +02:00
danielFesenmeyer
60b838675d
Extend admin-client GroupsResource: Support the query functionality to be used in combination with the parameters first, max and briefRepresentation
...
Closes #20016
2023-06-21 12:13:22 -03:00
Gilvan Filho
2493f11331
count users by custom user attribute
...
closes #14747
2023-06-21 11:56:22 -03:00
mposolda
dc3b037e3a
Incorrect Signature algorithms presented by Client Authenticator
...
closes #15853
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-06-21 08:55:58 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console ( #21098 )
...
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Closes #9864
2023-06-20 20:46:57 +02:00
fwojnar
a36be17a5c
Remove account package from testsuite ( #20990 )
...
* Removal of testsuite account package
Related to #19668
Also closes #20527
* Fix failures + remove login folder from base-ui
---------
Co-authored-by: Ivan Khomyn <ikhomyn@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-06-20 08:50:39 +02:00
Daniele Martinoli
d9b271c22a
Extends the conditional user attribute authenticator to check the attributes of the joined groups ( #20189 )
...
Closes #20007
2023-06-19 15:22:35 +02:00
Miquel Simon
3daeee15f6
Add Forms IT ( #20528 )
...
Closes #20519
2023-06-19 14:44:20 +02:00
Jon Koops
29f9523646
Ensure RegisterTest
runs in Chrome and Firefox ( #21036 )
2023-06-16 08:00:04 -04:00
Martin Bartoš
c6995f5ded
Save ~2s for Keycloak startup in the testsuite
...
Relates to #21033
2023-06-16 10:47:28 +02:00
rmartinc
ecf52285bc
Simplify TokenManager expiration calculations using SessionExpirationUtils
...
Closes https://github.com/keycloak/keycloak/issues/20794
2023-06-13 10:09:47 +02:00
Pedro Igor
af975d20f1
Avoid iterating indefinetly when checking CRLs
...
Closes #20725
2023-06-12 17:50:16 +02:00
vramik
535bba5792
Update UserQueryProvider methods
...
Closes #20438
2023-06-12 16:04:26 +02:00
Arnaud Martin
ae5a47d548
Impossible to update a federated user credential label
...
Closes #16613
2023-06-12 15:39:52 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces
...
Fixes #20877
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json ( #19394 )
...
Closes #19373
2023-06-09 10:46:28 +02:00
rmartinc
61968bf747
Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper
...
Closes https://github.com/keycloak/keycloak/issues/19767
2023-06-08 11:12:24 -03:00
Réda Housni Alaoui
eb9bb281ec
Require user to agree to 'terms and conditions' during registration
2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators ( #20731 )
...
closes #20497
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-08 14:52:34 +02:00
Saman-jafari
31db84e924
fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality
...
test also added to check the availability of issueFor(azp) and redirect uri in Action
Fixes #14860
Fixes #15136
2023-06-07 12:19:46 -03:00
Zvi Grinberg
ace83231ee
Update RegexPolicyTest.java
...
Add forgotten imports
2023-06-07 10:18:10 -03:00
Zvi Grinberg
b29ce53f6e
Fix bug in regex policy evaluation that it ignored flatted user claims that are mapped by protocol mappers to complex JSON structure in access token( in the access token JWT it's key and value is a JSON by itself)
...
fixes : #20436
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
2023-06-07 10:18:10 -03:00
Alice Wood
7e56938b74
Extend group search attribute functionality to account for use case where only the leaf group is required
2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705
EventBuilder fixes to copy the store and session context
...
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
2023-06-07 08:34:27 -03:00
Jon Koops
9a8d1ca1f3
Stop waiting page load when calling assertCurrent()
( #20786 )
2023-06-07 13:13:46 +02:00
Pedro Hos
9ebd94a3a8
Userinfo endpoint doesn't accept charset #20671
...
Closes 20671
2023-06-07 08:08:05 +02:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator ( #20572 )
...
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.
Closes #8753
---------
Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc
Fix and correlate session timeout calculations in legacy and new map implementations
...
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
2023-06-05 18:46:23 +02:00
Jon Koops
8eee3f434b
Fix test for brute force detection of recovery codes ( #20784 )
2023-06-05 11:55:30 -04:00
rmartinc
d80094793b
Manage elytron configuration if configured for JDK-17
...
Closes https://github.com/keycloak/keycloak/issues/20385
2023-06-05 13:50:28 +02:00
Jon Koops
7ce96bb6d5
Remove workaround for legacy consoles from waitForPageToLoad
( #20754 )
2023-06-05 07:48:08 -04:00
Aboullos
612fe33ade
Remove AccountUpdateProfilePage from the testsuite ( #19362 )
...
closes #15202
2023-06-02 11:46:49 +02:00
Pedro Igor
f69ff5d270
Execution config not duplicated when duplicating flows
...
Closes #12012
2023-06-01 16:12:06 +02:00
mposolda
bf9c5821cb
Fix for certificate revalidation
...
closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542
2023-05-31 15:42:37 +02:00
Alexander Schwartz
512e30b210
Add escaping for fields with wildcard search
...
Closes #20510
2023-05-31 14:38:04 +02:00
Takashi Norimatsu
a29c30ccd5
FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request
...
closes #20623
2023-05-31 14:02:44 +02:00
vramik
a175efcb72
Split UserQueryProvider
into UserQueryMethods
and UserCountMethods
and make LdapStorageProvider
implement only UserQueryMethods
...
Co-authored-by: mhajas <mhajas@redhat.com>
Closed #20156
2023-05-31 11:47:54 +02:00
Jay Linski
403632438a
Improve a11y by providing the current language ( #20213 )
2023-05-30 13:46:14 -04:00
Takashi Norimatsu
6b42c2b4d0
FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error
...
Closes #20622
2023-05-30 18:24:50 +02:00
stianst
0832992e59
Removing OpenShift integration and moving to separate extension
...
closes #20496
Co-authored-by: mposolda <mposolda@gmail.com>
2023-05-30 17:39:32 +02:00
Pedro Igor
17c3804402
Tests for user property mapper
...
Closes #20534
2023-05-29 14:21:03 +02:00
Yoshiyuki Tabata
bd37875a66
allow specifying format of "permission" parameter in the UMA grant token
...
endpoint (#15947 )
2023-05-29 08:56:39 -03:00
Jon Koops
98e5e9799b
Improve third-party storage access detection and cookie fallback
2023-05-25 22:16:59 -03:00
Douglas Palmer
1b8901f5a2
Changing the email address has no impact at username regardless "Email as username" toggle
...
closes #20459
2023-05-25 07:54:03 -03:00
Hynek Mlnarik
fc0e47caa4
Fix KcCustomOidcBrokerTest
...
Fixes : #20541
2023-05-25 10:20:36 +02:00
Peter Zaoral
72b238fb48
Keystore vault ( #19644 )
...
* KeystoreVault SPI
* added KeystoreVault - a Vault SPI implementation (#19281 )
Closes #17252
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-05-24 16:20:30 +00:00
Jon Koops
90d2a01619
Replace ChromeJavascriptBrowser
annotation with JavascriptBrowser
( #20535 )
2023-05-24 11:23:15 +00:00
Hynek Mlnarik
4950f7bebe
Target correct user resource
2023-05-23 20:53:30 +02:00
Hynek Mlnarik
b9983cc5f6
Fix BrokerTest
2023-05-23 20:53:30 +02:00
Hynek Mlnarik
ac59c551c3
Fix transaction boundaries in tests
2023-05-23 20:53:30 +02:00
Hynek Mlnarik
38442ee0a6
Fix event tests
2023-05-23 20:53:30 +02:00
Hynek Mlnarik
3e58d3da8d
Proper cleanup
2023-05-23 20:53:30 +02:00
vramik
bdbbd2959d
User search with LDAP federation not consistent
...
Closes #10195
2023-05-23 11:48:33 +02:00
wojnarfilip
34b9eed8f0
Removes AccountFederatedIdentityPage from testsuite
...
Closes #15199
2023-05-22 11:07:48 -03:00
i7a7467
e41e1a971a
SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata
...
Closes #11079
2023-05-22 10:05:17 +02:00
vramik
fd6a6ec3ad
Make LDAP searchForUsersStream
consistent with other storages
...
Co-authored-by: mhajas <mhajas@redhat.com>
Closes #17294
2023-05-19 08:40:41 +02:00
Artur Baltabayev
33215ab6f4
Added User-Session Note Idp mapper. ( #19062 )
...
Closes #17659
Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
Co-authored-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2023-05-18 13:47:10 +02:00
Lukas Hanusovsky
eb77dcf014
Removing PHOTOZ client and related tests testing UI. Closes #19668
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
d9b95e0240
Testsuite with Undertow and OpenJDK17 - Nashorn library support.
...
GH Actions failures - refactoring.
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
406aa21b0b
UserStorageTest - old account console dependencies removed. Closes #19668
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
b8b9adbea2
CookieTest - old account console dependencies removed. Closes #19668
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
29deaca3f5
DemoServletsAdapterTest - old account console dependencies removed. Closes #19668
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
47fd10469f
Old account console dependencies removed - refactoring. Closes #19668
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
130807fa7b
AbstractCustomAccountManagementTest - old account console dependencies removed. Closes #19668
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
2ad8f7dd62
Old account console dependencies removed. Closes #19668
...
* LoginTest
* SessionServletAdapterTest
* ClientRedirectTest
* TrustStoreEmailTest
* BrowserFlowTest
* SocialLoginTest
* JavascriptAdapterTest
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
c685366169
CookiesPathTest - old account console dependencies removed. Closes #19668
2023-05-18 13:09:51 +02:00
Lukas Hanusovsky
5e323ae173
Old account console dependencies removed. Closes #19668
...
* ConsentsTest
* UserTest
* SessionTest
* LoginEventsTest
* AbstractKeycloakTest
2023-05-18 13:09:51 +02:00
danielFesenmeyer
d543ba5b56
Consistent message resolving regarding language fallbacks for all themes
...
- the prio of messages is now as follows for all themes (RL = realm localization, T = Theme i18n files): RL <variant> > T <variant> > RL <region> > T <region> > RL <language> > T <language> > RL en > T en
- centralize the message resolving logic in helper methods in LocaleUtil and use it for all themes, add unit tests in LocaleUtilTest
- add basic integration tests to check whether realm localization can be used in all supported contexts:
- Account UI V2: org.keycloak.testsuite.ui.account2.InternationalizationTest
- Login theme: LoginPageTest
- Email theme: EmailTest
- deprecate the param useRealmDefaultLocaleFallback=true of endpoint /admin/realms/{realm}/localization/{locale}, because it does not resolve fallbacks as expected and is no longer used in admin-ui v2
- fix locale selection in DefaultLocaleSelectorProvider that a supported region (like "de-CH") will no longer selected instead of a supported language (like "de"), when just the language is requested, add corresponding unit tests
- improvements regarding message resolving in Admin UI V2:
- add cypress test i18n_test.spec.ts, which checks the fallback implementation
- log a warning instead of an error, when messages for some languages/namespaces cannot be loaded (the page will probably work with fallbacks in that case)
Closes #15845
2023-05-17 15:00:32 +02:00
Dominik Schlosser
8c58f39a49
Updates Datastore provider to contain full data model
...
Closes #15490
2023-05-16 15:05:10 +02:00
Takashi Norimatsu
7f5e94db87
KEYCLOAK-19539 FAPI 2.0 Baseline : Reject Implicit Grant
2023-05-16 14:17:29 +02:00
Miquel Simon
e959e20e1a
Upgrade tested DB versions
2023-05-15 12:36:27 -03:00
Miquel Simon
90bc5835ea
Due to a bug in chromedriver version < 113.0.5672.92, temporarily ignoring some tests. ( #20347 )
2023-05-15 14:40:08 +02:00
rmartinc
025778fe9c
SSSD User Federation integration for quarkus distribution
...
Closes https://github.com/keycloak/keycloak/issues/16165
2023-05-09 11:32:52 +02:00
Jon Koops
6f4b9885ca
Use Chrome as the default JavaScript browser ( #14702 )
2023-05-08 08:40:27 +02:00
Martin Bartoš
960e3503ec
Artifact SLF4J LOG4J-12 has been relocated ( #20113 )
2023-05-05 13:57:45 +02:00
vramik
d1ab921c50
JpaUserProvider count methods are inconsistent with searchForUser's param filter handling
...
Closes #17581
2023-05-05 08:22:05 +02:00
rmartinc
d9025db536
Migrate realms if configured to use RH-SSO themes
...
Closes https://github.com/keycloak/keycloak/issues/17484
2023-05-02 15:38:33 +02:00
Martin Bartoš
3f6925143a
Support JavaEE for Admin client ( #19988 )
2023-04-28 16:35:31 +02:00
Martin Bartoš
b87b70a35d
Ignore particular legacy clustering tests
...
Revert once https://github.com/keycloak/keycloak/issues/19834 issue is resolved
2023-04-27 13:36:54 +02:00
Martin Bartoš
79178b5a23
Use WildFly as the default app server
2023-04-27 13:36:54 +02:00
Martin Bartoš
9d40f77746
Ignore DemoFilterServletAdapterTestForCustomizedIdMapper test
...
Revert once https://github.com/keycloak/keycloak/issues/19809 issue is resolved
2023-04-27 13:36:54 +02:00
Martin Bartoš
60fd7e63d9
Fix OfflineServletsAdapterTest
2023-04-27 13:36:54 +02:00
Martin Bartoš
8d5a4f2677
Fix FIPS tests
2023-04-27 13:36:54 +02:00
Martin Bartoš
c1cced9f31
Fix CorsExampleAdapterTest
...
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
72663060c9
Quarkus3 branch sync no. 13
...
11.4.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
5b7e9a2603
Remove WF dependencies, add Jakarta SOAP, fix tests
...
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
IdeaProjects/keycloak/quarkus/pom.xml - Modified
IdeaProjects/keycloak/quarkus/runtime/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
de663dbf93
Quarkus3 branch sync no. 9
...
10.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* changed version from 999-SNAPSHOT to 999.0.0-SNAPSHOT
2023-04-27 13:36:54 +02:00
Martin Bartoš
952faed4c9
Run Adapter tests with JavaEE support
...
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/.github/actions/build-keycloak/action.yml - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
0b4f40f89b
Quarkus3 branch sync no. 8
...
3.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
abf765185d
Fix WebAuthn tests
2023-04-27 13:36:54 +02:00
Martin Bartoš
64738ea708
Fix issues with JakartaEE Mail dependencies
...
This reverts commit da4644844ed88818c05d777460624403326ab01c
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
5ebe4ca7c8
Quarkus3 branch sync no. 6
...
17.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Peter Zaoral
946eacd5b6
Quarkus3 branch sync no. 5
...
10.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
2cb7c9f5ec
Fix account console tests
2023-04-27 13:36:54 +02:00
Stefan Guilhen
3409a0c840
Fixes SAML tests in testsuite
...
- adds dependency to saaj-impl in saml core public
- updates test apps' web.xml files to use jakarta namespaces
- small cleanup in main pom
- changes order of e-mail servers in testsuite pom to enforce usage of greenmail (changes order in Undertow's classpath)
Closes #16711
2023-04-27 13:36:54 +02:00
Alexander Schwartz
4bdf2fe21d
Fixing parameter which should be a string plus dependencies
...
Closes #16649
2023-04-27 13:36:54 +02:00
Martin Bartoš
b1da7bd613
Revert Mail API
...
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/quarkus/pom.xml - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
1f126647fe
Update dependencies
2023-04-27 13:36:54 +02:00
vramik
60e6fb9dae
Register custom functions FunctionContributor
...
Closes #16336
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
4ff2de7f46
Quarkus3 branch sync
...
18.1.2023:
* applied Quarkus 3 OpenRewrite recipe
* fixed the parts that were missed by the script
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
124591ce1a
Adapters can still use Java EE
...
- Provided all JavaEE dependencies for adapters
- Automatically build Undertow Jakarta EE for testsuite (missing SAML)
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
40c38e0133
Fix dependencies in testsuite, adapters and Quarkus module
...
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Stefan Guilhen
384d7c17f7
- Fix issues in legacy store
...
- Testsuite (switch undertow-embedded.version)
2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238
Migrate packages from javax.* to jakarta.*
...
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java - Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java - Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
2023-04-27 13:36:54 +02:00
Hynek Mlnarik
d7d50634b3
Do not impose assumptions on ID format
...
Closes : #19814
2023-04-26 15:37:50 +02:00
Hynek Mlnarik
80ba42a0b4
Tests: Determine IDs from Keycloak
...
Instead of assuming that the ID of created objects is honored,
the tests are rewritten in the way which obtains the ID from
the created objects. This is to account for storages where
ID is not necessarily an UUID and cannot be thus prescribed.
Closes : #19814
2023-04-26 15:37:50 +02:00
rmartinc
04ac3a64ee
Adding support for rsa-oaep for SAML encryption
...
Closes https://github.com/keycloak/keycloak/issues/19689
2023-04-26 10:46:10 +02:00
mposolda
a3f2ebb193
Ability to override default/built-in providers with same providerId. Using ProviderFactory.order() for choosing priority providers
...
Closes #19867
2023-04-25 18:04:58 +02:00
Lukas Hanusovsky
30d976d64c
RequiredActionEmailVerificationTest - old account console dependencies removed. ( #19843 )
...
Closes #19668
2023-04-25 08:19:43 +02:00
Hynek Mlnarik
3161c4424c
Fix export / import tests relict
...
Closes : #19812
2023-04-19 22:17:49 +02:00
Hynek Mlnarik
0ddc71d987
Properly encode id in URL
...
Closes : #19816
2023-04-19 15:10:04 -03:00
rmartinc
8e55a63f31
Do not allow add sub-flow to built-in workflow
...
Closes https://github.com/keycloak/keycloak/issues/15536
2023-04-19 11:12:49 +02:00
rmartinc
f051a0cdb3
Improve SessionCodeChecks to detect better the ALREADY_LOGGED_IN situation
...
Closes https://github.com/keycloak/keycloak/issues/19677
2023-04-18 10:35:47 -03:00
Lukas Hanusovsky
4a8510f7d9
Stop disabling Account Console v2 for tests that run fine ( #19728 )
...
Works towards closing #19668
2023-04-17 16:26:32 -03:00
Marek Posolda
8d01109158
Invalid parameter redirect_uri when using an invalid client_id ( #19731 )
...
closes #19662
2023-04-17 15:12:59 +02:00
Hynek Mlnarik
21510dff0c
Add FILE constant to StoreProvider
2023-04-17 08:29:49 +02:00
mposolda
1cbdf4d17e
Fix the issue with LDAP connectionUrl containing multiple hosts
...
Closes #17359
2023-04-16 17:41:22 +02:00
danielFesenmeyer
5554c62bea
Change locale of user profile validation message to be resolved from authenticated user instead of validated user
...
Closes #19707
2023-04-14 11:51:15 -03:00
Stian Thorgersen
f4cabea08c
Make sure the code is bound to the user session ( #18 ) ( #17380 ) ( #17389 )
...
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-04-14 14:42:12 +02:00
Lukas Hanusovsky
556758943f
Old Account Console removal - cleanup imports ( #19700 )
...
Part of #19668
2023-04-13 14:57:28 +00:00
vramik
2b890eb79d
Zero downtime smoke tests
...
Closes #16481
2023-04-12 11:24:35 +02:00
Pedro Igor
83676bf927
Extract JUnit5 support in the distributoin testsuite to a separate module
...
Closes #19552
2023-04-11 10:48:56 +02:00
Lukas Hanusovsky
9bb18400ad
Remove AccountTotpPage from the testsuite ( #17657 )
...
Closes #15201
2023-04-06 11:49:29 +02:00
fwojnar
f55794f8bf
Removes AccountApplicationsPage ( #17651 )
...
Closes #15198
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-04-05 16:54:16 +02:00
rmartinc
99330dbb6d
Manage JsonProcessingException to not return error 500 when json data is wrong
...
Closes https://github.com/keycloak/keycloak/issues/11517
2023-04-03 18:07:34 +02:00
mposolda
4d8d6f8cd8
Preserve authentication flow IDs after import
...
closes #9564
2023-04-03 16:01:52 +02:00
Jon Koops
bdc019b02c
Fully deprecate function-style constructor for Keycloak JS ( #19438 )
2023-04-03 14:45:55 +02:00
Hynek Mlnarik
85c0b47c31
Fix ClientPoliciesExtendedEventTest
...
Closes : #19487
2023-04-03 14:43:50 +02:00
Pedro Igor
6086201fe0
Do not verify identity cookie when processing required actions
...
Closes #17539
2023-03-31 09:56:27 +02:00
rmartinc
89dfeeec38
The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties
...
Closes https://github.com/keycloak/keycloak/issues/10412
2023-03-30 21:45:07 +02:00
mposolda
709c6b5a47
Regressions in redirect URL verification when redirect_uri has encoded path or default port
...
closes #16851
closes #16587
2023-03-30 14:20:10 +02:00
Pedro Igor
48082d08ec
Email visible on registration page when edit username is not allowed
...
Closes #17439
2023-03-30 08:11:30 +02:00
Douglas Palmer
ff27f6c77c
Fix SSSDTest
...
closes #19397
2023-03-29 21:54:00 +02:00
Jon Koops
8f627517cb
Remove legacy Promise APIs from Keycloak JS ( #19389 )
2023-03-29 16:29:27 +00:00
Michal Hajas
e49dfe534e
Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store
...
Closes #17277
2023-03-29 16:43:01 +02:00
Daniel Kobras
a45b5dcd90
Prefer cert over pubkey in SAML metadata
...
If SAML key material was given as a certificate, consistently
expose the certificate rather than just the public key when
presenting SAML metadata info. This change ensures that the
client obtains sufficient information (eg. issuer) to close
the trust chain.
Closes : #17549
Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
2023-03-29 11:17:24 +02:00
Marek Posolda
032ece9f7b
Clarify user session limits documentation and test SSO scenario ( #19372 )
...
Closes #17374
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-03-29 10:08:45 +02:00
rmartinc
2bb9de1a8c
Allow application/jwt media type for userinfo endpoint
...
Closes: https://github.com/keycloak/keycloak/issues/19346
2023-03-28 08:47:35 -03:00
Michal Hajas
beca22311b
Add RefreshTokenTest to database suite so it can catch some expiration issues similar to #17570
2023-03-28 08:32:31 +02:00
Pedro Igor
a9c605750d
Returning email as username setting for admins
...
Fixes #17591
2023-03-27 16:33:44 -03:00
Pedro Hos
bd0a23a865
/users/count endpoint with search field has different behavior than /users query endpoint #17620
...
closes #17620
2023-03-24 13:43:47 +01:00
Klajdi Paja
cf61a65198
Return a user friendly message when a group name already exists on the same level.
...
Closes #16888
2023-03-24 08:13:49 +01:00
rmartinc
8bc5273792
EAP7 and wildfly adapter tests fixes. Execute enable-elytron-se17.cli for EAP7 and JDK-17.
...
Closes https://github.com/keycloak/keycloak/issues/19273
2023-03-23 17:02:39 -03:00
Ayrat Hudaygulov
f578f91a0b
Fix ID token not being sent after expiration for OIDC logout
...
Closes #10164
2023-03-23 13:01:02 +01:00
Ricardo Martin
1a622e707f
Flaky tests org.keycloak.testsuite.federation.sync.SyncFederationTest ( #19095 )
...
Closes: https://github.com/keycloak/keycloak/issues/17430
Closes: https://github.com/keycloak/keycloak/issues/17431
2023-03-21 08:30:42 +01:00
Alexander Schwartz
513bb809f3
Add a map storage global locking implementation for JPA
...
Closes #14734
2023-03-21 08:21:11 +01:00
rmartinc
bef0a4a6f1
Check frontendUrl in the hostname providers
...
Closes https://github.com/keycloak/keycloak/issues/17686
2023-03-20 18:54:58 -03:00
Miquel Simon
80d3cc5dea
Added option for Chrome driver needed for version >= 111.
...
Closes #19137
2023-03-20 13:09:23 +01:00
Pedro Igor
a30b6842a6
Decouple the policy enforcer from adapters and provide a separate library
...
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
rmartinc
cab7e50410
Better handling for SAML signatures in POST and REDIRECT bindings
...
Closes https://github.com/keycloak/keycloak/issues/17456
2023-03-15 09:06:59 -03:00
Pedro Igor
af475ffe23
Fixing classloading issue due to the curated application being eagerly closed
2023-03-13 09:34:49 +01:00
vramik
31e4c5cb7e
Add storage-jpa-db
property into Quarkus. Distinguish postgres and crdb for jpa map store.
...
Closes #17305
2023-03-09 11:09:56 +01:00
Tero Saarni
9052ec2b02
Add admin events for realm create/delete. ( #10831 )
...
Closes #10733
2023-03-07 15:57:06 +01:00
Simon Levermann
96c1cf3c49
Allow mapping of UserSessionNotes into UserInfo
...
Fixes #15369
2023-03-07 15:25:14 +01:00
rmartinc
a56b38c5a6
Don't remove session and don't reset restart cookie if passive check error
...
Closes https://github.com/keycloak/keycloak/issues/11340
2023-03-07 15:10:09 +01:00
rmartinc
06ff8b016c
Don't set REMEMBER_ME if it's disabled at realm level
...
Closes https://github.com/keycloak/keycloak/issues/11330
2023-03-07 15:01:58 +01:00
Michal Hajas
837c64de3d
Add support for pessimistic locking to HotRod
...
Closes #13273
2023-03-07 10:44:31 +01:00
mposolda
a0192d61cc
Redirect loop with authentication success but access denied at default identity provider
...
closes #17441
2023-03-06 10:45:01 +01:00
Michal Hajas
465019bec4
Extract attachDevice outside of storage layer
...
Closes #17336
2023-03-03 17:58:34 +01:00
Zakaria Amine
fb5a7f654b
trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds ( #15100 )
...
closes #15098
2023-03-03 17:49:27 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version ( #17334 )
...
* Use a valid SemVer format for the SNAPSHOT version
* Update pom.xml
* Update pom.xml
---------
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Alexander Schwartz
1e4401f521
Avoid returning the same entity multiple times from separate searches
...
Closes #15604
2023-03-02 08:21:38 +01:00
mposolda
b28bde542f
referrer_url is not correctly computed in account console
...
closes #16484
2023-03-01 20:49:15 +01:00
Marek Posolda
59f4fe1c60
NPE on Theme after upgrade to 21 when parent or import theme not exists ( #17350 )
...
* NPE on Theme after upgrade to 21 when parent or import theme not exists
closes #17313
* Update per review
2023-03-01 15:46:37 +00:00
rmartinc
5cdf4d5791
Read-Only attributes should be modified if creation is delayed for LDAP
...
Closes https://github.com/keycloak/keycloak/issues/16848
2023-03-01 11:26:57 +01:00
Pedro Igor
fbf5541802
Remove duplicated set-cookie header from response when expiring cookies
...
Closes #17192
2023-02-27 14:17:27 -03:00
lpa
3cd413dee1
SOAP backchannel logout for SAML protocol
...
Closes #16293
2023-02-27 14:24:12 +01:00
rmartinc
38a46726e4
Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers
...
Closes https://github.com/keycloak/keycloak/issues/15624
2023-02-27 10:14:48 -03:00
Miquel Simon
923a321a55
Run WebAuthn IT with Chrome. ( #17256 )
2023-02-23 20:58:13 +00:00
Václav Muzikář
557a22968c
Stabilize Account Console UI tests ( #17243 )
...
Closes #17178
Closes #17102
Closes #17070
Closes #17045
Closes #17044
Closes #16875
Closes #16870
Closes #16715
Closes #16670
Closes #16646
Closes #16627
Closes #16620
2023-02-23 12:35:08 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview ( #17228 )
...
* Polish fips-mode switch for preview
Closes #17208 #17210
Co-authored-by: mposolda <mposolda@gmail.com>
2023-02-22 12:12:52 +01:00
drohwer89
4ff180da64
Terminating all sessions above the session limit ( #16068 )
...
Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit.
Closes #14689
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-02-16 17:56:59 +01:00
rmartinc
9995a3cdd4
lastSync value into COMPONENT_CONFIG is always updated
...
Closes https://github.com/keycloak/keycloak/issues/17022
2023-02-16 17:48:49 +01:00
mposolda
4f068fcdcc
Make https-trust-store-type set to bcfks by default in strict-mode
...
Closes #17119
2023-02-16 08:00:21 -03:00
sui.jieqiang
1f6fa0501c
Fix search user groups without limit
...
Closes #12649
2023-02-15 15:50:46 +01:00
vramik
7b604d6784
Sync properties in map-storage-jpa-cocroach
with other profiles
...
Closes #17107
2023-02-15 10:49:22 +01:00
Hynek Mlnarik
bb0eb899a7
Add ability to run arq testsuite with file store
...
Fixes : #17032
2023-02-15 10:17:23 +01:00
Pedro Igor
9e46b9e43f
Handling events after transaction completion using a separate session
...
Closes #15656
2023-02-14 13:10:57 +01:00
Václav Muzikář
a57821ed80
Fix JDK 17 InaccessibleObjectException with infinispan
2023-02-13 17:09:36 -03:00
Miquel Simon
48a22ff2f3
Added WebAuthn integration tests to CI workflow. ( #16608 )
2023-02-13 12:28:25 +00:00
laskasn
dc8b759c3d
Use encryption keys rather than sig for crypto in SAML
...
Closes #13606
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
2023-02-10 12:06:49 +01:00
Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite ( #16970 )
...
Closes #16969
2023-02-09 12:21:33 +01:00
Pedro Igor
017ddc670b
Removing references to old admin console test artifacts
2023-02-08 17:22:45 -03:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest ( #16914 )
...
Closes #16896
2023-02-08 14:49:49 +00:00
Dmitry Telegin
5f39aeb590
Pre-authorization hook for client policies
...
Closes #9017
2023-02-08 15:06:32 +01:00
Michal Hajas
6fa62e47db
Leverage HotRod client provided transaction
...
Closes #13280
2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme ( #16864 )
...
Closes #16862
2023-02-08 09:22:39 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature ( #16861 )
...
* Remove old admin console feature
Closes #16860
* Update help txt files for Quarkus tests
2023-02-07 12:59:35 +01:00