Commit graph

4246 commits

Author SHA1 Message Date
rmartinc
bb12f3fb82 Do not require non-builtin attributes for service accounts
Closes #26716

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-13 17:42:59 +01:00
Steven Hawkins
3a04acab51
fix: adds pfx as a recognized extension (#26876)
closes #24661

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-13 15:38:12 +01:00
Pedro Igor
e50642ac32 Allow setting a default user profile configuration
Closes #26489

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-12 11:16:48 +01:00
Réda Housni Alaoui
67718c653a UPDATE_EMAIL action token handling should allow the user to resume its navigation to the redirect uri
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-02-08 18:32:38 -03:00
Michal Hajas
de598577b1 Fix confusing SAML NameId mapper format tooltip
Closes #26051
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2024-02-08 11:21:11 +01:00
Tero Saarni
ac1780a54f
Added event for temporary lockout for brute force protector (#26630)
This change adds event for brute force protector when user account is
temporarily disabled.

It also lowers the priority of free-text log for failed login attempts.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 14:13:33 +00:00
Kamontat Chantrachirathumrong
516bfbe896
Support custom common path (#22717)
Signed-off-by: Kamontat Chantrachirathumrong <14089557+kamontat@users.noreply.github.com>
2024-02-06 20:41:39 -05:00
Dmitry Telegin
da69beed4d CORS SPI - code review
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-02-06 15:27:53 -03:00
Dmitry Telegin
b0403e2268 CORS SPI
Closes #25446

Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-02-06 15:27:53 -03:00
mposolda
f468885fdd Empty error message when validation issue due the PersonNameProhibitedValidator validation
closes #26750

Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-06 12:56:50 -03:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies (#26558)
Closes #26557

Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:14:04 +01:00
rmartinc
720c5c6576 PKCE should return error if code_verifier sent but no code_challenge in the authorization request
Closes #26430

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-06 08:31:56 -03:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces (#26708)
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
Thomas Darimont
277af021d7 Improve ScheduledTask task-name handling
This PR introduces a String getTaskName() default method to
the ScheduledTask interface and adjusts call sites to use the
implementation derived task name where possible.

Previously, ScheduledTask names were passed around separately, which
lead to unhelpful debug messages.
We now give ScheduledTask implementations control over their task-name
which allows for more flexible naming.

Enlist call StoreSyncEvent.fire(...) to after transaction to ensure realm is present in database.
Ensure that Realm is already committed before updating sync via UserStorageSyncManager
Align Sync task name generation for cancellation to support SyncFederationTest
Only log a message if sync task was actually canceled.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-02-02 09:57:03 -03:00
ShefeeqPM
65c7cd6008
removing duplicate open id scope (#26542)
Signed-off-by: ShefeeqPM <86718986+ShefeeqPM@users.noreply.github.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 09:08:18 +00:00
alcalin
59b2dd69e3
Update AuthenticationManager.java (#26586)
Fix typo in log message for unlogged clients

Signed-off-by: alcalin <alexcalin02@gmail.com>
2024-02-01 13:56:26 +00:00
Pedro Igor
3a7ce54266 Allow formating numbers when rendering attributes
Closes keycloak#26320

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-01 08:14:58 -03:00
Stian Thorgersen
64b5f42c4a
Revert new behaviour around setting secure flag for cookies (#26650)
Closes #26649

Signed-off-by: stianst <stianst@gmail.com>
2024-01-31 19:33:56 +01:00
Lex Cao
a43ba73b93 Skip link only when client is not system when logout (#24595)
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-31 17:50:26 +01:00
rmartinc
01be4032d8 Enable verify-profile required action by default
Closes #25985

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-31 13:32:53 +01:00
Lex Cao
f83756b177 Error handle for the Json request in createErrorPage
Closes #13368

These changes introduce a new error handler for building error based on the media type.
- It should create error form response when it is valid HTML request
- It could create error response with JSON if content type matches

Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-31 09:31:30 -03:00
mposolda
10ba70c972 Possibility to email being not required
closes #26552

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-01-31 10:57:10 +01:00
Thomas Darimont
346c2926f6
Fix error type in SAML response on missing destination
We now use INVALID_SAML_RESPONSE insteadof INVALID_LOGOUT_RESPONSE.
Added proposed test case.

Closes #11178

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Chris Dolphy <cdolphy@redhat.com>
2024-01-31 09:32:14 +01:00
Stefan Wiedemann
fa948f37e0
Issue Verifiable Credentials in jwt_vc format #25941 (#26484)
closes #25941 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-01-30 18:35:20 +01:00
mposolda
1213556eff Fixes for UsernameIDNHomographValidator
closes #26564

Signed-off-by: mposolda <mposolda@gmail.com>
2024-01-30 14:30:28 +01:00
Chris Tanaskoski
5373f3c97a
Don't fail reset credentials action upon first broker login without EXISTING_USER_INFO (#26324)
The ResetCredentialsActionTokenHandler depends upon the `EXISTING_USER_INFO` through `AbstractIdpAuthenticator.getExistingUser` solely to log the username. However, if the first broker login flow does not include a `IdpCreateUserIfUniqueAuthenticator` or `IdpDetectExistingBrokerUserAuthenticator`, the `EXISTING_USER_INFO` is never set.

This commit does not attempt to fetch the existing user if we don't have this info set.

Closes #26323

Signed-off-by: Chris Tanaskoski <chris@devristo.com>
2024-01-30 11:16:52 +00:00
Stian Thorgersen
0fb6bdfcac
Cookie Provider - move remaining cookies (#26531)
Closes #26500

Signed-off-by: stianst <stianst@gmail.com>
2024-01-29 11:06:37 +01:00
Stian Thorgersen
bc3c27909e
Cookie Provider (#26499)
Closes #26500

Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Marek Posolda
651d99db25
Allow selecting attributes from user profile when managing token mappers (#26415)
* Allow selecting attributes from user profile when managing token mappers
closes #24250

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-01-25 17:01:02 +01:00
Erik Jan de Wit
28c9f98930
moved login screen to patternfly 5 (#25340)
* moved login screen to patternfly 5

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added Feature flag to enable login v2

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* removed the old css and only include logo and background styles

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to experimental

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added login2

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added windows help texts

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-01-25 13:45:53 +01:00
Ricardo Martin
b58f35fb47
Revert "Enable verify profile required action by default for new realms" (#26495)
This reverts commit 7f195acc14.

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-25 12:28:16 +01:00
Stefan Wiedemann
efa6ddc41e
Create SPI and Provider for Verifiable Credentials Signing #25937 (#26263)
* implement oid4vci service interfaces

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* add oid4vc to the disabled features test

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* fix test and add doc

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* add the new preview feature

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* add class-level doc

remove wildcard imports

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* add license headers

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* fix year

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* fix teste

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* two additional test fixes

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* make the feature experimental

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* remove clock

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* remove usage of var

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

* fix tests

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>

---------

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-01-25 07:36:28 +01:00
Stian Thorgersen
cbfdae5e75
Remove support for multiple AUTH_SESSION_ID cookies (#26462)
Closes #26457

Signed-off-by: stianst <stianst@gmail.com>
2024-01-25 06:58:42 +01:00
rmartinc
7f195acc14 Enable verify profile required action by default for new realms
Closes #25985

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-24 20:28:06 +01:00
Florian Garcia
af0b9164e3
fix: hardcoded conditional rendering of client secret input field (#25776)
Closes #22660

Signed-off-by: ImFlog <garcia.florian.perso@gmail.com>
Co-authored-by: useresd <yousifmagdi@gmail.com>
2024-01-24 16:30:22 +01:00
Stian Thorgersen
85ddac26ed
Remove code that expires old cookie paths (#26444)
Closes #26416

Signed-off-by: stianst <stianst@gmail.com>
2024-01-24 13:43:03 +01:00
Lex Cao
142c14138f Add verify email required action for IdP email verification
Closes #26418

Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-24 12:15:09 +01:00
Takashi Norimatsu
b99f45ed3d Supporting EdDSA
closes #15714

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>

Co-authored-by: Muhammad Zakwan Bin Mohd Zahid <muhammadzakwan.mohdzahid.fg@hitachi.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
2024-01-24 12:10:41 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273)
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Douglas Palmer
ffa069a33b Invalidate authentication session on repeated Recovery Code failures
Closes #26180

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-22 11:57:47 +01:00
Stian Thorgersen
656e680019
Remove unused HttpResponse.setWriteCookiesOnTransactionComplete (#26326)
Closes #26325

Signed-off-by: stianst <stianst@gmail.com>
2024-01-20 11:31:10 +01:00
Martin Bartoš
98be32d9ff Parse default UserProfile configuration in the build time
Closes #24890

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-01-19 17:05:59 -03:00
Douglas Palmer
e7d842ea32 Invalidate session secretly
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-19 15:44:35 -03:00
Douglas Palmer
18d0105de0 Invalidate authentication session on repeated OTP failures
Closes #26177
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-19 15:44:35 -03:00
Pedro Igor
62020ffc68 Make sure the component resolves to a UPConfig before cloning it
Closes #26308
2024-01-18 19:11:48 +01:00
rmartinc
2f0a0b6ad8 Remove deprecated mode for saml encryption
Closes #26291

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-18 16:52:10 +01:00
cgeorgilakis-grnet
ccade62289 Enhance error logs and error events during UserInfo endpoint and Token Introspection failure
Closes #24344

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-01-16 11:26:29 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading (#26160)
Closes #25300

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
cgeorgilakis-grnet
a3257ce08f OIDC Protocol Mappers with same claim
Closes #25774

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-01-15 09:16:12 -03:00
rmartinc
e162974a8d Integrate registration with terms and conditions required action
Closes #25891

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-15 10:19:30 +01:00