Pedro Igor
3d2c3fbc6a
Support JSON objects when evaluating claims in regex policy
...
Closes #11514
2022-06-23 14:04:09 -03:00
Pedro Igor
d3a40e8620
Use backend baseURL for UMA-related backend endpoints
...
Closes #12549
2022-06-23 10:35:26 -03:00
Takashi Norimatsu
a10eef882f
DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent
...
Closes #12455
2022-06-22 13:01:35 +02:00
Takashi Norimatsu
d396ee7d30
CIBA flow : no error on invalid scope
...
Closes #12589
2022-06-22 12:55:55 +02:00
rmartinc
711440e513
[ #11036 ] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL
2022-06-21 10:52:25 -03:00
Stefan Guilhen
7d96f3ad5a
Events Map JPA implementation
...
Closes #9667
2022-06-21 13:53:48 +02:00
Alexander Schwartz
cb0c881821
rename SingleEntityCredentialManager to SubjectCredentialManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230
for all added files in the PR, update the copyright header or add it if it was missing
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
26198e4b0b
Disable tests irrelevant for map storage
2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b
Inline deprecated methods in legacy code
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1a227212de
Simplify implementation of a federated storage by moving the default implementation to the abstract base class; this will also allow the quickstarts and implementations derived from that to run without changes.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92
Move LDAP REST Endpoints to LDAP package
...
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e
redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos)
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1
Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
...
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()
Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc
Added LegacySessionSupport SPI
...
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded
Avoid using methods on UserCredentialStoreManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6
SingleUserCredentialManager moving in
...
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e
Move User Storage SPI, introduce ExportImportManager
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51
Preparation for moving User Storage SPI
...
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad
Move realms, clients, groups, roles, clientscopes into legacy module
...
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
of direct creating of area providers by the session
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187
Introduce legacy datastore module and update dependencies
2022-06-21 08:53:06 +02:00
Alexander Schwartz
850af55edc
Ensure that only JDK 8 APIs are used where JDK 8 is still required.
...
Closes #10842
2022-06-20 14:44:33 -03:00
Michal Hajas
781183e551
Enable indexing for ResourceServerEntity
...
Closes #12533
2022-06-20 10:17:19 +02:00
Martin Bartoš
d8112d7b7e
DB migration tests execution for Quarkus ( #12525 )
...
Closes #12524
2022-06-20 10:12:37 +02:00
Alexander Schwartz
71e7982a49
Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest
...
Also adding try/finally in other places in the integration tests where it was missing.
Closes #12530
2022-06-16 13:42:55 +02:00
nehachopra27
39cff0750c
[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh ( #12386 )
...
Co-authored-by: nchopra <nchopra@redhat.com>
Resolves #12385
2022-06-15 11:29:11 -03:00
vramik
1b3a76d0af
Do not persist client sessions of transient user sessions
...
Closes #12357
2022-06-15 10:54:23 +02:00
Martin Bartoš
0fef4305b6
Logout confirm page is failing to log the user out on auth-server-wildfly
...
Fixes #11753
2022-06-14 10:46:02 +02:00
mposolda
3aefb59d40
Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user
...
Closes #12458
2022-06-14 10:44:31 +02:00
Alexander Schwartz
c2043da78e
When asserting a URL, allow for some time for any redirect to complete.
...
Closes #12446
2022-06-14 07:30:31 +02:00
Christoph Leistert
442eff0169
Closes #11851 : Apply localization text from realm default locale when it is not defined for the requested language. ( #11852 )
2022-06-10 14:36:11 -04:00
Martin Bartoš
2cf089424a
ClientClientScopesTest failures in the test pipeline ( #12440 )
...
Resolves #12439
2022-06-10 09:13:25 -03:00
Alexander Schwartz
361a813d81
Keep a list of model instances in the JPA map session.
...
This allows removing them from the persistence context on bulk delete.
Closes #12384
2022-06-09 12:39:04 -03:00
Joerg Matysiak
3c19ad627f
Repsect permissions configured to firstName and lastName when configured in user profile
...
Resolves #12109
2022-06-09 10:10:15 -03:00
Pedro Igor
8aecba1795
Fixing how realm frontendurl is cached when resolving the hostname
...
Closes #11894
2022-06-08 16:41:25 -03:00
Alexander Schwartz
9272c7a5ec
Allow for the backend to return granted scopes in any order.
...
Closes #12395
2022-06-08 08:39:14 -03:00
mposolda
5d2bf6ea33
Cannot find ScriptEngine for JDK8 and Wildfly
...
Closes #12247
2022-06-08 11:11:36 +02:00
Pedro Igor
243e63c9f3
Do not set empty permissions to username and email attributes
...
Closes #11647
2022-06-07 10:59:35 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API ( #11199 )
2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration ( #12244 )
...
Closes #12243
2022-06-07 09:02:00 +02:00
Martin Kanis
df72cf72f2
Hot Rod map storage: Single-use (action token) no-downtime store
2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435
Issue #9194 : Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256
2022-06-06 12:07:09 +02:00
Takashi Norimatsu
3889eeda30
Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API
...
Closes #12295
2022-06-06 11:30:48 +02:00
Michal Hajas
09c0a69a8f
Add HotRod no downtime store for events
...
Closes #9676
2022-06-02 13:30:19 +02:00
Alexander Schwartz
6c3d25fd8f
Limit the number of clientSessionIds in the test
...
Before it was 1500 client sessions, now its only 150 client sessions. This should help to keep the test within its time constraint of 60 + 30 seconds.
Closes #12264
2022-05-31 17:10:49 +02:00
mposolda
f90fbb9c71
Changing locale on logout confirmation did not work
...
Closes #11951
2022-05-31 16:03:58 +02:00
Takashi Norimatsu
d083b6c484
ciba http auth channel sends client_id and client_secret via delegation request
...
Closes #10993
2022-05-31 08:22:50 +02:00
vramik
be28e866b9
JPA map storage: Authorization services no-downtime store
...
Closes #9669
2022-05-30 21:05:34 +02:00
Pedro Igor
ea22989d89
Fixing ClientTokenExchangeTest to also run when TLS is disabled
...
Closes #11818
2022-05-30 11:23:46 -03:00
Pedro Hos
e121371401
/clients-registrations API doesn't return secret anymore and is not coherent #11116
...
/clients-registrations API doesn't return secret anymore and is not coherent
fixing merge
/clients-registrations API doesn't return secret anymore and is not coherent
fixing test that was failing
Replace tabs with regular spaces
fixing identation
/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116
fixing test that was failing
2022-05-30 15:18:56 +02:00