We now use INVALID_SAML_RESPONSE insteadof INVALID_LOGOUT_RESPONSE.
Added proposed test case.
Closes#11178
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Chris Dolphy <cdolphy@redhat.com>
The ResetCredentialsActionTokenHandler depends upon the `EXISTING_USER_INFO` through `AbstractIdpAuthenticator.getExistingUser` solely to log the username. However, if the first broker login flow does not include a `IdpCreateUserIfUniqueAuthenticator` or `IdpDetectExistingBrokerUserAuthenticator`, the `EXISTING_USER_INFO` is never set.
This commit does not attempt to fetch the existing user if we don't have this info set.
Closes#26323
Signed-off-by: Chris Tanaskoski <chris@devristo.com>
* Allow selecting attributes from user profile when managing token mappers
closes#24250
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
* moved login screen to patternfly 5
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added Feature flag to enable login v2
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* removed the old css and only include logo and background styles
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed to experimental
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added login2
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added windows help texts
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* implement oid4vci service interfaces
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* add oid4vc to the disabled features test
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* fix test and add doc
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* add the new preview feature
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* add class-level doc
remove wildcard imports
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* add license headers
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* fix year
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* fix teste
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* two additional test fixes
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* make the feature experimental
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* remove clock
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* remove usage of var
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
* fix tests
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
---------
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
closes#15714
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: Muhammad Zakwan Bin Mohd Zahid <muhammadzakwan.mohdzahid.fg@hitachi.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
Closes#15190
Add support for `send-verify-email` endpoint to use the `email-verification.ftl` instead of `executeActions.ftl`
Also introduce a new parameter `lifespan` to be able to override the default lifespan value (12 hours)
Signed-off-by: Lex Cao <lexcao@foxmail.com>
Throw ModelException if name is empty when creating/updating a realm
Closes#17449
Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.
This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.
The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.
Closes#19190
Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
