libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23608 commits 4 branches 5 tags 480 MiB
Commit graph

4299 commits

Author SHA1 Message Date
Andrew
77c3e7190c
updates to method contracts and code impl to be more specific about providerAlias (#24070) 
closes #24072
 2023-10-18 08:33:06 +02:00
Pedro Igor
e91a0afca2 The username in account is required and don't change when email as username is enabled 
Closes #23976
 2023-10-17 16:43:44 -03:00
shigeyuki kabano
6112b25648 Enhancing Light Weight Token(#22148) 
Closes #21183
 2023-10-17 13:12:36 +02:00
Pedro Igor
9c19a8972b Removing the default cache metadata 
Closes #23910
 2023-10-13 16:32:55 +02:00
Charley Wu
31759f9c37
WebAuthn support for native applications. Support custom FIDO2 origin validation (#23156) 
Closes #23155
 2023-10-13 15:25:10 +02:00
Moritz Becker
e9f08b6500 Do not return empty scope field in token introspection response 
Closes #16526
 2023-10-13 08:36:12 +02:00
duckboy81
197b39492e Update TokenManager.java 
Fixed minor spelling typos
 2023-10-12 14:56:24 +02:00
ici-dev-gb
32b373f05f
Don't use top-level await for storage access checks (#23793) 
Closes #23743
 2023-10-12 09:28:01 +00:00
Vojtěch Boček
8871983b33
Add support for single-tenant mode to Microsoft Identity Provider (#20699) 
* Add support for single-tenant mode to Microsoft Identity Provider

Fixes #20695
Closes #11207

* Add SocialLoginTest for Microsoft single-tenant variant
 2023-10-10 16:35:36 -04:00
Marek Posolda
a6609bd969
Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517) 
Closes #12406


Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-10-10 21:54:37 +02:00
Pedro Igor
7385ed56c7 Avoid creating the component when there is no component and configuration is not provided 
Closes #20970

Co-authored-by: Pedro Igor <psilva@redhat.com>
 2023-10-10 13:28:48 +02:00
Daniel Fesenmeyer
dd37e02140 Improve logging in case of OIDC Identity provider errors: 
- log the full Redirection URL, when it contains an error parameter, or does not contain the state or code parameter
- log the token endpoint URL (without - possibly confidential - params) and the response body, when the token endpoint does not return a success response

Closes #23690
 2023-10-06 19:03:41 +02:00
mposolda
cdb61215c9 UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed 
closes #23749
 2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile (#23537) 
Closes #23507, #23584, #23740, #23774

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-10-06 10:15:39 -03:00
rmartinc
890600c33c Remove backward compatibility for ECDSA tokens 
Closes https://github.com/keycloak/keycloak/issues/23734
 2023-10-06 14:24:48 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. (#22317) 
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
 2023-10-05 15:08:01 +02:00
Justin Tay
55751a0830 Fix client assertion with invalid ES256, ES384, ES512 signatures 
Closes #23721
 2023-10-05 13:07:52 +02:00
Steve Hawkins
fb69936f14 Aligns the logic in the welcome resources 
as a result the quarkus one can be removed

closes keycloak#23243
 2023-09-28 19:33:12 -03:00
Jon Koops
1b6cb7b2a9
Always check storage access before placing test cookie (#23393) 2023-09-27 13:38:53 +02:00
Lucas Hedding
de5aa2e74d
Add createTimestamp to REST service (#23293) 
Closes #14009
 2023-09-27 13:38:16 +02:00
rmartinc
10c1e3ba6d Client roles should be mapped to any claim name 
Closes https://github.com/keycloak/keycloak/issues/22349
 2023-09-27 08:11:22 -03:00
rmartinc
d90640b5a3 Change email checkserveridentity prop as angus mail sets it to true by default 
Closes https://github.com/keycloak/keycloak/issues/22395
 2023-09-26 09:11:16 +02:00
Maria Arias de Reyna
c15753266f fix(Closes #21236): Adding client-id to logout event 2023-09-25 13:20:26 +02:00
Pedro Igor
741f76887c Allow updating email when email as username is set and edit username disabed 
#23438
 2023-09-25 08:19:01 -03:00
Michal Hajas
496c5ad989 Use new findGroupByPath implementation and remove the old one 
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-09-25 10:44:24 +02:00
Justin Tay
7d3104ee76 Allow public clients to use PAR endpoint 
Closes #8939
 2023-09-21 13:57:42 +02:00
rmartinc
082b0ed308 verifyRedirectUri should return null when the passed redirectUri is invalid 
Closes https://github.com/keycloak/keycloak/issues/22778
 2023-09-21 08:19:00 +02:00
rmartinc
f8a9e0134a Ensure that the EncryptedKey is passed to the DecryptionKeyLocator for SAML 
Closes https://github.com/keycloak/keycloak/issues/22974
 2023-09-20 15:09:18 +02:00
Jon Koops
e86bf1f0b2 Remove P3P header from authentication flow 
Closes #23348
 2023-09-19 08:50:33 -03:00
rmartinc
743bb696d9 Allow duplicated keys in advanced claim mappers 
Closes https://github.com/keycloak/keycloak/issues/22638
 2023-09-19 07:49:34 -03:00
Pedro Igor
217a09ce46 Switch to Resteasy Reactive 
Closes #10713
 2023-09-18 09:19:03 -03:00
Thomas Darimont
04d16ed170 Prevent NPE in AuthenticationManager.backchannelLogout (#23306) 
Previously, if the user was already removed from the userSession
and the log level was set to DEBUG, then an NPE was triggered by
the debug log statement during backchannelLogout.

Fixes #23306
 2023-09-18 08:16:51 +02:00
paul
f684a70048 KEYCLOAK-15985 Add Brute Force Detection Lockout Event 2023-09-15 10:32:07 -03:00
Pedro Igor
1442f14c45 Registration page not showing username when edit username is not enabled 
Closes #23185
 2023-09-14 07:32:39 -03:00
Justin Tay
658c0ef19f Send Client ID in token request with JWT Authentication 
Closes #21444
 2023-09-14 10:57:32 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix (#23184) 
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
 2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer
a68ad55a37 Support to define compatible mappers for (new) Identity Providers 
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers

Closes #21154
 2023-09-13 17:19:06 -03:00
Konstantinos Georgilakis
0044472f87 Add regex support in 'Condition - User attribute' execution 
Closes #265
 2023-09-13 08:36:45 +02:00
Erik Jan de Wit
0789d3c1cc
better features overview (#22641) 
Closes #17733
 2023-09-12 16:03:13 +02:00
Thomas Darimont
3908537254
Show expiration date for certificates in Admin Console (#23025) 
Closes #17743
 2023-09-12 07:56:09 -04:00
Marek Posolda
56b94148a0
Remove bearer-only occurences in the documentation when possible. Mak… (#23148) 
closes #23066


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-09-12 09:38:19 +02:00
Erik Jan de Wit
c7dcef7af8
fixed permissions for locale fetch (#23078) 
fixes: #23065
 2023-09-11 15:00:40 -04:00
Adeel Ahmad
4f90124612 Print 'key' in ReadOnlyAttributeUnchangedValidator failure log message 
This change is quite useful for debugging and helps identify which specific attribute makes the update fail. Currently, the full pattern is printed which consists of multiple attributes.
 2023-09-11 10:45:08 -03:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address (#23109) 
Closes #22825
 2023-09-11 08:56:13 +02:00
rmartinc
7da52a43bd Add old LinkedIn provider to the deprecated profile 
Closes https://github.com/keycloak/keycloak/issues/23067
 2023-09-08 10:05:17 +02:00
Marek Posolda
506e2537ac
Registration flow fixed (#23064) 
Closes #21514


Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-09-08 08:05:05 +02:00
Pedro Igor
bc31fde4c0 Broker claim mapper not recognizing claims from user info endpoint 
Closes #12137
 2023-09-07 16:34:45 +02:00
stianst
211c027adb Remove use of Guava in services 
Closes #23009
 2023-09-07 08:59:02 +02:00
Kaustubh B
5ee2ba9372 Added tests 2023-09-07 08:43:35 +02:00
Kaustubh B
c57e775102 Fixed Regex 2023-09-07 08:43:35 +02:00
rmartinc
8887be7887 Add a new identity provider for LinkedIn based on OIDC 
Closes https://github.com/keycloak/keycloak/issues/22383
 2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f Role mappers must return a single value when they are not multivalued 
Closes #20218
 2023-08-31 19:16:12 +02:00
Pedro Igor
ea3225a6e1 Decoupling legacy and dynamic user profiles and exposing metadata from admin api 
Closes #22532

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-08-29 08:14:47 -03:00
Pedro Igor
b779df6a55 Parsing response from user info rather than the access token 
Closes #22581
 2023-08-29 12:23:56 +02:00
rmartinc
b67ede2a30 RedirectUtils needs to use KeycloakUriBuilder with no parameter parsing 
Closes https://github.com/keycloak/keycloak/issues/22424
 2023-08-17 09:11:08 +02:00
Erik Jan de Wit
b4650b7742
use logged in realm as default (#22460) 2023-08-16 14:29:07 -04:00
t0xicCode
822c13ff6f Switch Trusted Host policy redirect verification to URI 
Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI.
The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used.
In contrast, the URI class simply parses the string, ensuring the format is valid.
The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs.
See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation.

Closes #22309
 2023-08-14 10:20:23 +02:00
Pedro Igor
baac060eb1 Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts 
Closes #21751
 2023-08-11 13:32:16 +02:00
Erik Jan de Wit
874d2063b8
only add realm access to the current realm (#21554) 
fixes: #21553
 2023-08-10 12:43:15 +02:00
Takashi Norimatsu
258711ef4f DPoP verification in UserInfo endpoint 
closes #22215
 2023-08-07 10:49:33 +02:00
Takashi Norimatsu
9d0960d405 Using DPoP token type in the access-token and as token_type in introspection response 
closes #21919
 2023-08-07 10:40:18 +02:00
Erik Jan de Wit
339619816a
lazy populate the treeview for groups (#21520) 
* added lazy parameter

fixes: #19954

* changed to only have the parameter

* fixed merge errors

* removed the `lazy` and now add subgroups on select

* lint

* fixed prettier

* fixed nullpointer

* fixed member tab
 2023-08-04 20:19:34 +00:00
Rishabh Dixit
d73298aab6 Add getStatus() to response obj 
Closes #22241
 2023-08-04 18:43:50 +02:00
Marek Posolda
4dc929abb3
Missing client_id validation match when authenticating client with JW… (#22178) 
Closes #22177
 2023-08-03 11:47:55 +02:00
Takashi Norimatsu
ee998fee66 Add FAPI 2.0 security profile as default profile of client policies 
closes #21181
 2023-08-03 09:26:16 +02:00
Ricardo Martin
a8bca522c1
Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627) 
Closes #9004


Co-authored-by: Armel Soro <armel@rm3l.org>
 2023-08-02 09:36:50 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests 
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
 2023-08-01 11:44:25 +02:00
Alexander Schwartz
748c53df7f
Use Java mechanisms to read language files and default to UTF-8 (#21755) 
Closes #21753
 2023-08-01 11:27:10 +02:00
mposolda
6f6b5e8e84 Fix authenticatorConfig for javascript providers 
Closes #20005
 2023-07-31 19:28:25 +02:00
rmartinc
0a7fcf43fd Initial pagination in the admin REST API for identity providers 
Closes https://github.com/keycloak/keycloak/issues/21073
 2023-07-27 14:48:02 +02:00
Takashi Norimatsu
9a921441cc Adjustements to the behaviour of dpop_bound_access_tokens switch 
closes #21920
 2023-07-27 11:30:01 +02:00
Alexander Schwartz
1ec8d3a9a4 Convert LinkExpirationFormatterMethod to Java's ChoiceFormat pattern 
Closes #21887
 2023-07-27 10:30:37 +02:00
Takashi Norimatsu
6498b5baf3 DPoP: OIDC client registration support 
closes #21918
 2023-07-26 13:00:35 +02:00
Ricardo Martin
ee35cfe478
Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages (#21897) 
* Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page
Closes #10232
 2023-07-26 11:34:19 +02:00
Hunor Kovács
5eb505aba5
Handle error when Microsoft Graph API /me returns not successful (#21696) 
* Response from Microsoft Graph API /me can be error too. So if that happens, throw an exception instead of trying to extract the user id.

* Update services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java

Co-authored-by: Ondra Pelech <ondra.pelech@gmail.com>

---------

Co-authored-by: Ondra Pelech <ondra.pelech@gmail.com>
 2023-07-26 07:22:52 +00:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase (#21202) 
closes #21200


Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2023-07-24 16:44:24 +02:00
Takashi Norimatsu
05b8b9ee51 Enhancing Pluggable Features of Token Manager 
closes #21182
 2023-07-24 09:16:29 +02:00
Takashi Norimatsu
2efd79f982 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification 
Closes #20584
 2023-07-24 09:11:30 +02:00
ali_dandach
ef19e08814
Fix String comparisona (#21752) 
Closes #21773
 2023-07-21 10:37:24 +02:00
mposolda
03716ed452 Keycloak forgets ui_locales parameter when using reset password 
closes #10981
 2023-07-18 09:24:12 +02:00
rmartinc
630e3b2312 Revert emailVerified to false if email modified on force-sync non-trusted broker 
Closes https://github.com/keycloak/security/issues/48
 2023-07-17 13:13:47 +02:00
vramik
47eeece827 Update javadoc for user search in UserResource 
Closes #21053
 2023-07-11 11:14:29 +02:00
Pedro Igor
376d20c285
Remove user credentials from admin event representation (#21561) 
Closes #17470
 2023-07-11 08:26:29 +02:00
rmartinc
13870f3a69 Improve error management in the github provider 
Closes https://github.com/keycloak/keycloak/issues/9429
 2023-07-10 16:09:08 -03:00
Václav Muzikář
97a37f565e
Align guava dependency with the Quarkus Platform BOM (#21544) 
Closes #21364
 2023-07-10 16:13:13 +02:00
Daniele Martinoli
1644432df3 Reviewed solution as per reviewer's comments 2023-07-10 08:31:47 -03:00
Daniele Martinoli
d148a789f7 added clientNote to show the sign out option 2023-07-10 08:31:47 -03:00
Patrick Jennings
399a23bd56
Find an appropriate key based on the given KID and JWA (#21160) 
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.

Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.

* Update js/apps/admin-ui/public/locales/en/clients.json

Co-authored-by: Marek Posolda <mposolda@gmail.com>

* Updating boolean variable name based on suggestions by Marek.

* Adding integration test specifically for the JWT parameters for regression #20847.

---------

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-07-10 13:28:55 +02:00
Daniele Martinoli
817f129484
fix: closes #21095 (#21289) 
* fix: closes #21095

* Added overloaded version of GroupUtils.toGroupHierarchy with additional full parameter.
 2023-07-10 12:13:26 +02:00
Daniele Martinoli
7b8dcb42ea Using "Account is disabled" message (and also added new test case) 2023-07-07 12:16:38 -03:00
Daniele Martinoli
13e2075ceb Applying reviewer comments 2023-07-07 09:00:51 -03:00
Daniele Martinoli
e6d7749cbf fix for 21476 2023-07-07 09:00:51 -03:00
Daniele Martinoli
b458356aa9 integrated reviewer comments 2023-07-07 08:59:36 -03:00
Daniele Martinoli
c9a226e220 Update services/src/main/java/org/keycloak/broker/provider/HardcodedGroupMapper.java 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-07-07 08:59:36 -03:00
Daniele Martinoli
96f09fcd90 Update services/src/main/java/org/keycloak/broker/provider/HardcodedGroupMapper.java 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-07-07 08:59:36 -03:00
Daniele Martinoli
83d88f6bb5 added Hardcoded Group mapper to IDP configuration 2023-07-07 08:59:36 -03:00
Erik Jan de Wit
2f5040f565 added locale selector for account console 
fixes: #20941
 2023-07-06 11:14:39 -03:00
Douglas Palmer
8cc04a6724 NullPointerException on reading auth.attemptedUsername in terms template 
closes #21294
 2023-07-04 16:07:44 -03:00
rmartinc
09e30b3c99 Support for JWE IDToken and UserInfo tokens in OIDC brokers 
Closes https://github.com/keycloak/keycloak/issues/21254
 2023-07-03 21:25:46 -03:00
mposolda
ccbddb2258 Fix updating locale on info/error page after authenticationSession was already removed 
Closes #13922
 2023-07-03 18:57:36 -03:00
Jon Koops
c0b0a25f71
Handle exceptions thrown when requesting storage-access permission (#21325) 2023-06-30 00:35:10 +00:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider (#20188) 
Closes #20191


Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-06-29 18:44:15 +02:00
Joshua Sorah
f695eeaa44 Refactor Admin REST API Documentation to use OpenAPI annotations. 
Removes dependencies on swagger-doclet
Adds dependencies on microprofile-openapi-api
Plugins for smallrye-open-api-maven-plugin, openapi-generator-maven-plugin

Customized ascii doc template for openapi-generator-maven-plugin, to give similar feel to previous documentation.

OpenAPI annotations added to Admin REST API resources.

Closes keycloak/keycloak#20433
 2023-06-29 17:03:38 +02:00
Fouad Almalki
b336732251
Add iat to JWT passed to CIBA HttpAuthenticationChannel (#21280) 
Closes #21283
 2023-06-29 07:55:57 +02:00
Marek Posolda
51a9712e59 Improper Client Certificate Validation for OAuth/OpenID clients (#20) 
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2023-06-28 17:52:48 -03:00
Ricardo Martin
1973d0f0d4 Check the redirect URI is http(s) when used for a form Post (#22) 
Closes https://github.com/keycloak/security/issues/22

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2023-06-28 17:52:48 -03:00
Pedro Igor
28aa1d730d Verify holder of the device code (#21) 
Closes https://github.com/keycloak/security/issues/32

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
    services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
 2023-06-28 15:45:26 +02:00
rmartinc
4bc11bdf7f Do not return an error when moving a group to the current parent 
Closes https://github.com/keycloak/keycloak/issues/21242
 2023-06-28 10:34:15 +02:00
rmartinc
a5a2753d11 Don't allow impersonate disabled users or service accounts 
Closes https://github.com/keycloak/keycloak/issues/21106
 2023-06-28 10:18:21 +02:00
Douglas Palmer
59e1a5d992 Custom theme - url.resourcesCommonPath references wrong theme 
closes #20085
 2023-06-28 08:25:44 +02:00
Douglas Palmer
c75bf31398 Empty shortVerificationUri not the same with default (null) value 
closes #20851
 2023-06-27 14:57:24 +02:00
Pedro Igor
d0691b0884 Support for the locale user attribute 
Closes #21163
 2023-06-27 09:21:08 -03:00
Erik Jan de Wit
3a3907ab15
changed to use ConfiguredProvider instead (#21097) 
fixes: #15344
 2023-06-27 08:00:32 -04:00
eatik
0cc464695e Allowing users with view-users permission to call configured-user-storage-credential-types endpoint as per issue #20783 
Closes #20783
 2023-06-26 11:05:35 -03:00
Takashi Norimatsu
f6ecc3f3f8 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request 
closes #20710
 2023-06-26 12:09:25 +02:00
vramik
7fe7dfc529 ResourceType lost during clonning 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #20947
 2023-06-23 09:31:44 +02:00
Douglas Palmer
a0d1ac6baa processGrantRequest in TokenEndPoint uses new TokenManager instead of this.tokenMananager 
closes #20978
 2023-06-23 08:12:44 +02:00
Pedro Igor
aff6cc1cbd Running mappers during account linking 
Closes #11195

Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: toddkazakov
 2023-06-22 17:41:31 +02:00
Sazzad Hossain
41e253c054 Check whether CREATE_REALM role exists in realm role mappings before hasRole check for user. 
Closes #20332
 2023-06-22 15:35:50 +02:00
Douglas Palmer
f526f7a091 Emails with non-ascii characters are not allowed since v21.0.0 
closes #20878
 2023-06-22 10:27:48 -03:00
Pedro Igor
eb5edb3a9b Support reading base32 encoded OTP secret 
Closes #9434
Closes #11561
 2023-06-22 08:08:13 -03:00
mposolda
137f8d807a Account Console II doesn't remove TOTP from UserStorage 
closes #19575
 2023-06-22 07:56:44 +02:00
Gilvan Filho
2493f11331 count users by custom user attribute 
closes #14747
 2023-06-21 11:56:22 -03:00
mposolda
dc3b037e3a Incorrect Signature algorithms presented by Client Authenticator 
closes #15853

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-06-21 08:55:58 +02:00
Stan Silvert
513c00bcd9
Remove unused feature flags. (#21039) 
* Remove unused feature flags.
Fixes #20944
Fixes #20943

* Update release notes.

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

---------

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-06-20 15:02:22 -04:00
Stian Thorgersen
f82577a7f3
Removed old account console (#21098) 
Co-authored-by: Jon Koops <jonkoops@gmail.com>

Closes #9864
 2023-06-20 20:46:57 +02:00
Daniele Martinoli
d9b271c22a
Extends the conditional user attribute authenticator to check the attributes of the joined groups (#20189) 
Closes #20007
 2023-06-19 15:22:35 +02:00
Jon Koops
c998193797
Pass client id for Account and Admin consoles through environment (#20961) 2023-06-13 16:29:37 +00:00
rmartinc
ecf52285bc Simplify TokenManager expiration calculations using SessionExpirationUtils 
Closes https://github.com/keycloak/keycloak/issues/20794
 2023-06-13 10:09:47 +02:00
Pedro Igor
af975d20f1 Avoid iterating indefinetly when checking CRLs 
Closes #20725
 2023-06-12 17:50:16 +02:00
Alexander Schwartz
9425432f2c Handle HTTP response codes when retrieving data from remote endpoints 
Closes #20895
 2023-06-12 13:37:59 +02:00
rmartinc
f3fcf1f8c5 Session cross-reference / transaction mismatch 
Closes https://github.com/keycloak/keycloak/issues/20855
 2023-06-12 13:18:39 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces 
Fixes #20877

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-09 17:11:20 +00:00
rmartinc
61968bf747 Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper 
Closes https://github.com/keycloak/keycloak/issues/19767
 2023-06-08 11:12:24 -03:00
Réda Housni Alaoui
eb9bb281ec Require user to agree to 'terms and conditions' during registration 2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators (#20731) 
closes #20497


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-08 14:52:34 +02:00
Saman-jafari
31db84e924 fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality 
test also added to check the availability of issueFor(azp) and redirect uri in Action
Fixes #14860
Fixes #15136
 2023-06-07 12:19:46 -03:00
Zvi Grinberg
b29ce53f6e Fix bug in regex policy evaluation that it ignored flatted user claims that are mapped by protocol mappers to complex JSON structure in access token( in the access token JWT it's key and value is a JSON by itself) 
fixes: #20436
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
 2023-06-07 10:18:10 -03:00
Alice Wood
7e56938b74 Extend group search attribute functionality to account for use case where only the leaf group is required 2023-06-07 08:52:23 -03:00
ComplexSpaces
1af4a7a532
Pass webauthn signature algorithm IDs as integers instead of strings (#20832) 
closes #20831
 2023-06-07 11:46:16 +02:00
Pedro Hos
9ebd94a3a8 Userinfo endpoint doesn't accept charset #20671 
Closes 20671
 2023-06-07 08:08:05 +02:00
Bruno Sanches
ecf4dbfb18
Check if formData is empty before putting login hint (#20733) 
closes keycloak#20732
 2023-06-06 17:14:08 -04:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator (#20572) 
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.

Closes #8753
---------

Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
 2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc Fix and correlate session timeout calculations in legacy and new map implementations 
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
 2023-06-05 18:46:23 +02:00
Alexander Schwartz
cd9e0be9f0 Filter first, then sort, and avoid atomics 
Closes #20394
 2023-06-05 11:23:54 +02:00
Pedro Igor
f69ff5d270 Execution config not duplicated when duplicating flows 
Closes #12012
 2023-06-01 16:12:06 +02:00
Erik Jan de Wit
f3c393f53e
use the "remember me" max time if set for expires (#20413) 
fixes: #9264
 2023-05-31 15:25:20 -04:00
Pedro Igor
53dfb44a8f
Migration guide for JAX-RS changes (#20659) 
Closes #keycloak/keycloak#15454
 2023-05-31 13:50:34 +00:00
mposolda
bf9c5821cb Fix for certificate revalidation 
closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542
 2023-05-31 15:42:37 +02:00
Takashi Norimatsu
a29c30ccd5 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request 
closes #20623
 2023-05-31 14:02:44 +02:00