libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
26529 commits 4 branches 5 tags 480 MiB
Commit graph

824 commits

Author SHA1 Message Date
Pedro Igor
4c39fcc79d Allow to configure if users are automatically redirected when the email domain matches an organization 
Closes #30050

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-03 13:34:21 +02:00
mposolda
37c10b4d43 Improve documentation for the case when 'basic' client scope already exists 
closes #29880

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-29 13:32:05 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity 
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 01:58:20 -03:00
Stefan Guilhen
694ffaf289 Allow organizations in different realms to have the same domain 
Closes #29886

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-28 08:02:30 -03:00
mposolda
ea1cdc10bd MigrateTo25_0_0 does not complete within default transaction timeout 
closes #29756

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-27 10:31:39 +02:00
Pedro Igor
2d4d32764c Show a message when confirming an invitation link 
Closes #29794

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-27 08:33:22 +02:00
Daniel Fesenmeyer
c08621fa63 Always order required actions by priority (regardless of context) 
- AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action
- AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation)
- add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now)
- fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80)

Closes #16873

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
 2024-05-23 09:07:56 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400) 
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-23 08:38:36 +02:00
vramik
278341aff9 Add organizations enabled/disabled capability 
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-22 07:58:26 -03:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions 
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-22 10:30:46 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions 
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-22 10:12:20 +02:00
Nicola Beghin
3d1c20b4a5
Add new ProviderConfigProperty type for URLs in Admin Console (#27743) 
Closes #27673

Signed-off-by: Nicola Beghin <nicolabeghin@gmail.com>
 2024-05-14 09:34:49 +00:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests 
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-13 16:33:29 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization 
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-10 21:28:11 -03:00
Stefan Guilhen
aa945d5636 Add description field to OrganizationEntity 
Closes #29356

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-07 10:35:51 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971) 
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-06 14:46:56 -03:00
Pedro Igor
32d25f43d0 Support for mutiple identity providers 
Closes #28840

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-04 16:19:27 +02:00
Giuseppe Graziano
8c3f7cc6e9 Ignore include in token scope for refresh token 
Closes #12326

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-05-03 09:05:03 +02:00
Steven Hawkins
4697cc956b
further refinement of context handling (#28182) 
* fully removing providers and moving the keycloaksession creation / final
cleanup

also deprecated Resteasy utility methods

closes: #29223

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-02 11:21:01 -04:00
Stefan Guilhen
45e5e6cbbf Introduce filtered (and paginated) search for organization members 
Closes #28844

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-02 11:25:43 -03:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions 
All writes for the sessions are handled by a background thread which batches them.

Closes #28862

Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile

Closes #29141

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 14:07:35 +02:00
Pedro Igor
51352622aa Allow adding realm users as an organization member 
Closes #29023

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-29 08:37:47 -03:00
mruzicka
ae1aaef96c
Avoid re-creating required action comparator (#29122) 
closes #29130 

Signed-off-by: Michal Růžička <michal.ruza@gmail.com>
 2024-04-29 09:18:50 +02:00
vramik
d65649d5c0 Make sure organization are only manageable by the admin users with the manage-realm role 
Closes #28733

Signed-off-by: vramik <vramik@redhat.com>
 2024-04-23 12:16:57 -03:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715) 
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-23 09:23:37 +02:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400. 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2024-04-22 11:42:18 -03:00
Pedro Igor
1e3837421e Organization member onboarding using the organization identity provider 
Closes #28273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-17 07:24:01 -03:00
Stefan Guilhen
2ab8bf852d Add validation for the organization's internet domains. 
Closes #28634

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-15 09:03:52 -03:00
Pedro Igor
61b1eec504 Prevent members with an email other than the domain set to an organization 
Closes #28644

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions (#28319) 
Persistent sessions code also for offline sessions

Closes #28318

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default 
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-12 10:53:39 +02:00
Pedro Igor
8f8094408e Encapsulate the logic to set attributes into the domain model 
Closes #28646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-11 15:32:21 -03:00
Stefan Guilhen
9a466f90ab Add ability to set one or more internet domain to an organization. 
Closed #28274

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-10 13:18:12 -03:00
Martin Kanis
51fa054ba7 Manage organization attributes 
Closes #28253

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-04-10 09:10:49 -03:00
rmartinc
41b706bb6a Initial security profile SPI to integrate default client policies 
Closes #27189

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-10 11:19:56 +02:00
Alexander Schwartz
63e7523a6d Avoid unnecessary updates to the sessions during refreshes of tokens 
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 14:55:21 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 (#26345) 
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-04-09 11:25:19 +02:00
vibrown
3fffc5182e Added ClientType implementation from Marek's prototype 
Signed-off-by: vibrown <vibrown@redhat.com>

More updates

Signed-off-by: vibrown <vibrown@redhat.com>

Added client type logic from Marek's prototype

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

Testing to see if skipRestart was cause of test failures in MR
 2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
Pedro Igor
fefeb83588 Changes the contract to make it simpler and rely on the realm available from the current session 
Closes #28403

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-03 14:45:31 +02:00
Pedro Igor
b9a7152a29 Avoid commiting the transaction prematurely when creating users through the User API 
Closes #28217

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-27 19:16:09 -03:00
Jon Koops
3382e16954
Remove Account Console version 2 (#27510) 
Closes #19664

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-03-27 10:53:28 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession (#28150) 
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
 2024-03-26 13:43:41 -04:00
vramik
fa1571f231 Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member 
Closes #27993

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-26 14:02:09 -03:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider (#28128) 
Closes #28120

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 12:44:11 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
Pedro Igor
32541f19a3 Allow managing members for an organization 
Closes #27934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-21 10:26:30 -03:00
Alexander Schwartz
62d24216e3 Remove offline session preloading 
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5 The bare minimum implementation for organization 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: vramik <vramik@redhat.com>
 2024-03-15 11:06:43 -03:00
Peter Keuter
e26a261e4e
Filter subgroups before paginating 
Closes #27512

Signed-off-by: Peter Keuter <github@peterkeuter.nl>
 2024-03-15 10:57:57 +01:00
vramik
66c9f173f2 Organization SPI 
Fixes #27830

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-13 12:25:43 -03:00
vramik
a81d6bb618 Organizations SPI 
Closes #27829

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-13 10:57:02 -03:00
stianst
15717cc152 Remove deprecated cookie code 
Closes #26813

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-12 17:24:14 +01:00
Martin Bartoš
e4aa1b5f95
Conditionally enable and disable CLI options (#25333) 
* Conditionally enable and disable CLI options

Closes #13113

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Support for duplicates in config

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Fix rendering config options in docs

Fixes #26515

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Reorder OptionsDistTest

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-03-07 20:36:43 +00:00
rmartinc
82af0b6af6 Initial client policies integration for SAML 
Closes #26654

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-06 15:18:35 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core (#27032) 
* fix: partial removal of resteasy-core

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: fully removing resteasy-core

closes: #26315

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-29 11:43:13 +00:00
Takashi Norimatsu
3db04d8d8d Replace Security Key with Passkey in WebAuthn UIs and their documents 
closes #27147

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-29 10:31:05 +01:00
Pedro Igor
326d63ce74 Make sure group searches are cached and entries invalidate accordingly 
Closes #26983

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-29 05:06:36 +09:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm 
Closes #25823

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-02-28 16:17:51 +01:00
Pedro Igor
604274fb76 Allow setting an attribute as multivalued 
Closes #23539

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-02-22 12:56:44 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack 
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-22 09:34:51 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension 
Closes #9758

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 08:09:34 +01:00
mposolda
f468885fdd Empty error message when validation issue due the PersonNameProhibitedValidator validation 
closes #26750

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-02-06 12:56:50 -03:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long (#26729) (#26737) 
Resolves #26597, resolves #26665

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-06 15:29:34 +01:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies (#26558) 
Closes #26557

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-06 15:14:04 +01:00
Stian Thorgersen
0fb6bdfcac
Cookie Provider - move remaining cookies (#26531) 
Closes #26500

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-29 11:06:37 +01:00
Stian Thorgersen
bc3c27909e
Cookie Provider (#26499) 
Closes #26500

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-26 10:45:00 +01:00
Marek Posolda
651d99db25
Allow selecting attributes from user profile when managing token mappers (#26415) 
* Allow selecting attributes from user profile when managing token mappers
closes #24250

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-01-25 17:01:02 +01:00
Erik Jan de Wit
28c9f98930
moved login screen to patternfly 5 (#25340) 
* moved login screen to patternfly 5

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added Feature flag to enable login v2

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* removed the old css and only include logo and background styles

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to experimental

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added login2

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added windows help texts

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-01-25 13:45:53 +01:00
Thomas Darimont
e7363905fa Change password hashing defaults according to OWASP recommendations (#16629) 
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2):

- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
  to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly

Fixes #16629

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-01-24 18:35:51 +01:00
Stian Thorgersen
656e680019
Remove unused HttpResponse.setWriteCookiesOnTransactionComplete (#26326) 
Closes #26325

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-20 11:31:10 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading (#26160) 
Closes #25300

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-16 09:29:01 +01:00
Thomas Darimont
9d429400d4
Avoid calling primitive wrapper constructors in server-spi-private (#24163) 
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-01-11 11:54:44 +01:00
rmartinc
179ca3fa3a Sanitize logs in JBossLoggingEventListenerProvider 
Closes #25078

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-10 16:50:27 +01:00
Réda Housni Alaoui
98230aa372 Add federated identity ProviderEvent(s) 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-10 11:56:38 -03:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email 
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-20 15:15:06 -03:00
mposolda
eb184a8554 More info on UserProfileContext 
closes #25691

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-19 13:00:31 -03:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-13 08:27:55 +01:00
Pedro Igor
c7f63d5843 Add options to change behavior on how unmanaged attributes are managed 
Closes #24934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-11-30 06:58:21 -03:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider 
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 18:03:31 +01:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider 
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-27 14:45:44 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings 
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2023-11-22 14:10:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943) 
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-20 14:48:17 +01:00
vramik
42e5055cfb Delete SearchableModelField and its usages 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24722
 2023-11-16 18:44:49 +01:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2023-11-13 19:13:01 +01:00
mposolda
6f992915d7 Move some UserProfile and Validation classes into keycloak-server-spi 
closes #24387
 2023-10-31 12:56:46 -07:00
Alice
69497382d8
Group scalability upgrades (#22700) 
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-26 16:50:45 +02:00
Hynek Mlnarik
c036980c37 Add TRANSIENT_USERS feature flag 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
26328a7c1e Support for transient sessions via lightweight users 
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
 2023-10-25 12:02:35 +02:00
Marek Posolda
829b7090fa
Avoid breaking change in UserSessionModel (#24134) 
closes #24096


Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-20 18:06:07 +02:00
Andrew
77c3e7190c
updates to method contracts and code impl to be more specific about providerAlias (#24070) 
closes #24072
 2023-10-18 08:33:06 +02:00
shigeyuki kabano
6112b25648 Enhancing Light Weight Token(#22148) 
Closes #21183
 2023-10-17 13:12:36 +02:00
Alice Wood
5a76ddfc2e Remove realm model storage from OAuth2DeviceConfig class to avoid persisting old session and entity manager in infinispan fixes keycloak/keycloak#23943 2023-10-16 16:18:31 +02:00
Charley Wu
31759f9c37
WebAuthn support for native applications. Support custom FIDO2 origin validation (#23156) 
Closes #23155
 2023-10-13 15:25:10 +02:00
Martin Bartoš
21a23ace1d Mark required config properties for LDAP Mappers 
Closes #23685
 2023-10-09 08:46:57 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. (#22317) 
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
 2023-10-05 15:08:01 +02:00
Steve Hawkins
fb69936f14 Aligns the logic in the welcome resources 
as a result the quarkus one can be removed

closes keycloak#23243
 2023-09-28 19:33:12 -03:00
Jon Koops
47d9ae71c4
Revert the new welcome screen experience (#23446) 
This reverts commit bcab75a7ef.
 2023-09-21 16:03:00 +00:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430) 
Closes #14820 
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-09-20 17:20:43 +02:00