keycloak-scim

Author	SHA1	Message	Date
rmartinc	5ea3becef5	Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest Closes #30188 Closes #30641 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-18 10:03:13 +02:00
Pascal Knüppel	018a0802bc	Remove java.util.Date from VerifiableCredential (#30920 ) closes #30918 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>	2024-07-18 09:52:02 +02:00
mposolda	06f6173c8a	Add suffix to keycloak-authz-client artifact in keycloak repository closes #30926 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-17 14:59:09 +02:00
Martin Kanis	e5848bdcf9	Cannot set unmanagedAttributePolicy without profile attributes Closes #31153 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-17 09:53:59 -03:00
Ricardo Martin	3d12c05005	Correctly moves to the next required action (#31358 ) Closes #31014 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-07-17 09:38:29 +02:00
Pedro Igor	de1de06354	Avoid adding organization flows if they are already exist Closes #31182 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-17 08:28:00 +02:00
Stefano Azzalini	6d67c1f9cc	Normalize default authentication flow descriptions to start with an uppercase letter (#31277 ) Closes #31291 Signed-off-by: Stefano Azzalini <stefano.azzalini@luminator.com>	2024-07-16 13:49:35 +02:00
Lex Cao	6c71ad2884	Fallback to no override flow when missing in client override Closes #30765 Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-07-16 11:33:41 +02:00
Thomas Darimont	2140e573f2	Fix test LDAP connection with multiple ldap connection urls Previously, the given connection string was check with URI.create(..) which failed when multiple space separated LDAP URLs were given. Closes #31267 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-07-16 08:57:50 +02:00
Martin Kanis	887db25f00	Allow auto-redirect existing users federated from organization broker when using the username Closes #30746 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-15 13:48:45 -03:00
mposolda	1864cf1827	Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25 closes #31224 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-15 18:30:35 +02:00
Pedro Igor	c33585a5f4	All pubic brokers are shown during authentication rather than only those associated with the current organization Closes #31246 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-12 17:51:39 +02:00
Giuseppe Graziano	1df60461a9	Avoid race condition when using initial-access-token Closes #27294 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-12 16:33:02 +02:00
Douglas Palmer	9300903674	page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt Closes #25440 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-07-12 16:24:21 +02:00
Pascal Knüppel	4028ada2a5	Add required default-context value to VerifiableCredential (#30959 ) closes #30958 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2024-07-11 18:25:11 +02:00
Steven Hawkins	4970a9b729	fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD closes: #30658 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-07-11 18:07:57 +02:00
rmartinc	096e335a92	Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider Closes #30880 Closes #29755 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-11 12:40:45 +02:00
Pedro Igor	da6c9ab7c1	Bruteforce protector does not work when using organizations Closes #31204 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-11 00:26:47 +02:00
Jon Koops	a0c99a7ae0	Show full error details in admin and account consoles Closes #30705 Signed-off-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-07-10 16:20:26 +02:00
Martin Kanis	922eaa9fc8	Disable username prohibited chars validator when email as username is… (#31140 ) * Disable username prohibited chars validator when email as the username is set Closes #25339 Signed-off-by: Martin Kanis <mkanis@redhat.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-10 09:46:24 -03:00
Pedro Igor	d475833361	Do not expose kc.org attribute in user representations Closes #31143 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-10 13:43:23 +02:00
Alexander Schwartz	d70f78072e	Make persistent sessions co-exist with remote cache feature (#30859 ) Closes #30855 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-09 09:03:36 +02:00
rmartinc	f78a46485d	TE should create a transient session when there is no initial session in client-to-client exchange Closes #30614 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-08 15:44:38 -03:00
Pedro Igor	ead1b4a851	Testing ldap connection should not process or bind the credentials (#31081 ) Closes #30821 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-08 13:58:02 +02:00
Pedro Igor	cbf7f208fb	Avoid iterating and updating all group policies when removing groups (#31057 ) Closes #31056 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-08 13:57:20 +02:00
wojnarfilip	3c429b7506	Update social login tests login flows Signed-off-by: wojnarfilip <fwojnar@redhat.com>	2024-07-08 08:48:31 +02:00
Pedro Igor	f010f7df9b	Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-03 11:55:04 -03:00
Martin Kanis	e1b735fc41	Identity-first login flow should be followed by asking for the user credentials Closes #30339 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-03 11:55:04 -03:00
Giuseppe Graziano	02d64d959c	Using _system client when account client is disabled for email actions Closes #17857 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet	20cedb84eb	Check refresh token flow response for offline based on refresh token request parameter Closes #30857 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-07-02 18:13:30 -03:00
Steven Hawkins	d534860e2b	fix: admin cli client should set the content when performing a merge (#30539 ) closes: #29878 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-28 15:56:07 +02:00
Pedro Igor	cc2ccc87b0	Filtering organization groups when managing or processing groups Closes #30589 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-28 10:27:18 -03:00
Steven Hawkins	aae1fa1417	fix: addresses cli erroneously wants a secret when env password is set (#30892 ) closes: #30866 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-28 11:48:42 +02:00
Thomas Darimont	690c6051bb	Fix scope policy evaluation for client to client token exchange (#26435 ) Previously the scope from the token was not set available in the ClientModelIdentity attributes. This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..) when calling `identity.getAttributes().getValue("scope")`. We now pass the provided decoded AccessToken down to the ClientModelIdentity creation to allow to populate the required scope attribute. We also ensure backwards compatibility for ClientPermissionManagement API. Fixes #26435 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-06-28 10:33:20 +02:00
mposolda	f1b8a983d2	Cleanup mod_auth_mellon from the testsuite closes #30869 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-28 08:33:36 +02:00
Douglas Palmer	220f32aa85	Cleanup of adapter pages Closes #30870 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-27 18:57:22 +02:00
mposolda	7279f2092e	Cleanup of test-apps and related adapter code closes #30867 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-27 15:10:31 +02:00
mposolda	e5a4c94f75	Added suffix to keycloak-admin-client artifacts in keycloak repository Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-27 11:00:30 +02:00
Romain LABAT	6615691c63	Support for service accounts when fetch roles is enabled (#30687 ) Support for service accounts when fetch roles is enabled Signed-off-by: Romain LABAT <contact@romainlabat.fr> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-25 18:00:26 -03:00
rmartinc	e9c9efc3f4	Upgrade bc-fips to 1.0.2.5 Closes #26568 Closes #27884 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-25 11:07:27 +02:00
Andre F de M	0f061a75e2	Issue: 26568 - bcfips version bump and fixes * bump BCFIPS to 1.0.2.5 * fix bc-fips related test error * remove unused imports Closes: #26568 Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>	2024-06-25 11:07:27 +02:00
fwojnar	015fefad02	Remove Edge from supported web drivers (#30423 ) Closes #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 17:24:55 +02:00
fwojnar	e30e6cba8e	Remove Safari from supported web drivers (#30424 ) Related to #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 13:27:12 +02:00
fwojnar	640db99c27	Remove Appium from supported web drivers (#30483 ) Related to #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 13:26:33 +02:00
Takashi Norimatsu	b0aac487a3	VC issuance in Authz Code flow with considering scope parameter closes #29725 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-06-24 10:53:19 +02:00
Jon Koops	df18629ffe	Use a default Java version from root POM (#29927 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-21 14:19:31 +02:00
mposolda	6a9e60bba0	Flow steps back when changing locale or refreshing page on 'Try another way page' closes #30520 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-21 11:22:15 +02:00
rmartinc	592c2250fc	Add briefRepresentation query parameter to getUsersInRole endpoint Closes #29480 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-21 11:21:02 +02:00
Takashi Norimatsu	6b135ff6e7	client-jwt authentication fails on Token Introspection Endpoint closes #30599 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-06-21 10:47:25 +02:00
Pedro Igor	a0ad680346	Adding an alias to organization and exposing them to templates Closes #30312 Closes #30313 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-20 14:36:14 -03:00
Giuseppe Graziano	6b07b67667	Removed saml filter adapter tests Closes #30553 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-20 09:42:59 +02:00
Pedro Ruivo	5fc12480fd	External Infinispan as cache - Part 4 (#30072 ) UserSessionProvider implementation to make use of Infinispan remote cache. Closes #28755 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	9006218559	External Infinispan as cache - Part 3 Implementation of UserLoginFailureProvider using remote caches only. Closes #28754 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	833aad661e	External Infinispan as cache - Part 2 Includes a new implementation for the providers: * StickySessionEncoderProviderFactory * LoadBalancerCheckProviderFactory * SingleUseObjectProviderFactory Closes #28648 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Martin Kanis	dc109381e1	Refactor organization tests Closes #30338 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-19 09:34:24 -03:00
Martin Kanis	89f83e9788	Importing organizations failing if there is no broker and members in the representation Closes #30305 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-19 08:46:04 -03:00
Pedro Igor	57139cbefc	Internal read-only attributes have precedence over unmanaged attribute policy Closes #30240 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-19 12:05:01 +02:00
Giuseppe Graziano	24aa6e143d	REALM_CLIENT attribute to recognize realm clients (#30433 ) Closes #29413 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-19 10:22:13 +02:00
Stefan Guilhen	db846a792d	Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches Closes #30414 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-06-18 13:14:28 -03:00
Francis Pouatcha	d4797e04a2	Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification (#30420 ) closes #30419 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-06-18 17:07:49 +02:00
rmartinc	fc65c73106	Upgrade adapters test to use wildfly 28 (jakarta only) via maven plugin Closes #30324 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-18 15:40:59 +02:00
rmartinc	38d8cf2cb3	Add UPDATE event to the client-roles condition Closes #30284 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-18 15:30:42 +02:00
Martin Bartoš	5ad3abaa96	Enable WebAuthn tests for Firefox (#30374 ) Closes #22075 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-06-18 10:36:01 +02:00
rmartinc	c51640546d	Improvements for ldap test authentication Closes #30434 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-15 10:01:24 +02:00
Thibault Morin	f6fa869b12	feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619 ) * feat: add Artifact Binding on brokering scenarios when Keycloak is SP Signed-off-by: tmorin <git@morin.io> * Adding broker test and minor improvements Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Fixing IdentityProviderTest Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Renaming methods related to idp initiated flows Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Fixing partial_import_test.spec.ts Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> --------- Signed-off-by: tmorin <git@morin.io> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-14 08:54:49 -03:00
Pedro Ruivo	18a6c79011	Infinispan Protostream Marshaller (#29474 ) Closes #29394 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-13 18:02:46 +02:00
Lukas Hanusovsky	ca0833b2e4	[#29412 ] DB Allocator removal - dependency cleanup. (#30406 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2024-06-13 13:31:52 +00:00
vramik	de2fdbe98f	cache count Signed-off-by: vramik <vramik@redhat.com>	2024-06-13 08:13:36 -03:00
vramik	d355e38424	Provide a cache layer for the organization model Closes #30087 Signed-off-by: vramik <vramik@redhat.com>	2024-06-13 08:13:36 -03:00
Alfredo Moises Boullosa	a5cd6ed965	Add step to Google Social Login (#30335 ) Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>	2024-06-12 17:27:02 +02:00
Stefan Guilhen	c49b5749ef	Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP Closes #29784 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-06-12 10:42:21 -03:00
Martin Kanis	ae69b3b260	Introduce packages for organization tests Closes #30337 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-12 10:02:06 -03:00
rmartinc	7d42ab822b	Remove adapter app-server-undertow profile which is not used Closes #30347 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-12 14:40:06 +02:00
Patrick Jennings	75925dcf6c	Client type configuration inheritance (#30056 ) closes #30213 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-06-10 18:59:08 +02:00
rmartinc	7d05a7a013	Logout from all clients after IdP logout is performed Closes #25234 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-10 11:58:09 -03:00
Giuseppe Graziano	6067f93984	Improvements to refresh token rotation with multiple tabs (#29966 ) Closes #14122 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-07 12:02:36 +02:00
Steven Hawkins	c7e9ee2bff	fix: adds handling for all kcadm prompts as env variables (#29430 ) closes: #21961 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-06 13:08:23 +00:00
Bruno Oliveira da Silva	f34baf3c24	Update license headers (#29942 ) Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>	2024-06-06 14:06:09 +02:00
Alexander Schwartz	97ab0def2c	Adding ForkJoinPool for Quarkus to the surefire initialization for embedded Quarkus Closes #30206 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-06 12:52:11 +02:00
Pedro Igor	94c194f1f4	Prevent users to unlink from their home identity provider when they are a managed member Closes #30092 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2024-06-05 13:57:01 +02:00
mposolda	0bf613782f	Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error closes #30102 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-05 13:55:02 +02:00
rmartinc	eedfd0ef51	Missing auth checks in some admin endpoints (#166 ) Closes keycloak/keycloak-private#156 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-05 12:04:47 +02:00
Giuseppe Graziano	d5e82356f9	Encrypted KC_RESTART cookie and removed sensitive notes Closes #keycloak/keycloak-private#162 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-05 10:33:44 +02:00
Pedro Igor	f8d55ca7cd	Export import realm with organizations Closes #30006 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-05 09:50:03 +02:00
Martin Kanis	33331788a4	Introduce count method to avoid fetching all organization upon checking for existence Closes #29697 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-04 10:45:28 -03:00
Martin Kanis	173f09fa6b	Malformed dependency version causing the build failure Closes #30134 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-04 13:44:14 +02:00
Thomas Darimont	35a4a17aa5	Add support for application/jwt media-type in token introspection (#29842 ) Fixes #29841 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-06-03 19:06:21 +02:00
Martin Bartoš	262fc09edc	OpenJDK 21 support (#28518 ) * OpenJDK 21 support Closes #28517 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * x509 SAN UPN other name is not handled in JDK 21 (#904) closes #29968 Signed-off-by: mposolda <mposolda@gmail.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2024-06-03 14:17:28 +02:00
mposolda	9074696382	Editing built-in client policy profiles are silently reverted closes #27184 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-03 14:00:37 +02:00
Pedro Igor	4c39fcc79d	Allow to configure if users are automatically redirected when the email domain matches an organization Closes #30050 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-03 13:34:21 +02:00
raff897	6d6131cade	Backchannel logout url with curly brackets closes #30023 Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>	2024-06-03 09:51:39 +02:00
Ricardo Martin	0cd0d03c08	Remove all adapter-core code moved to util (#30012 ) * Remove all tests that are only executed for undertow app server * Remove installation steps for OIDC adapter in wildfly/eap app server * Remove the util adapters package except HttpClientBuilder * Remove HttpClientBuilder and use plain apache http client Closes #29912 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-03 09:28:02 +02:00
Pedro Ruivo	ad32f8bdbc	auth-server-feature does not work for auth-server-quarkus-embedded (#30045 ) Fixes #29259 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-03 08:47:52 +02:00
rmartinc	068ce5a61f	Modify xpath for account console logout in the webauthn tests Closes #30024 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-31 15:14:35 +02:00
Stefan Wiedemann	0f6f9543ba	Add oid4vci to the account console (#29174 ) closes #25945 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com> Co-authored-by: Erik Jan de Wit <edewit@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-05-31 15:11:32 +02:00
Patrick Jennings	5144f8d85f	Improve Client Type Integration Tests (#29944 ) closes #30017 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-31 09:53:22 +02:00
Andrejs Mivreniks	1cf87407fe	Allow setting authentication flow execution priority value via Admin API Closes #20747 Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>	2024-05-30 19:17:45 +02:00
Martin Bartoš	3f49036192	Unify approach for WebAuthn tests (#29781 ) Closes #29780 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-30 14:21:27 +02:00
rmartinc	44ce2fb74d	Modify authz tests to not depende on adapter-core code Closes #29882 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-30 08:02:29 +02:00
Pedro Igor	320f8eb1b4	Improve invitation messages and flow Closes #29945 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 17:51:06 +02:00
Erik Jan de Wit	f088b0009c	initial ui for organizations (#29643 ) * initial screen Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * more screens Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added members tab Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added the backend Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added member add / invite models Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * initial version of the identity provider section Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * add link and unlink providers Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * small fix Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * PR comments Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Do not validate broker domain when the domain is an empty string Closes #29759 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added filter and value Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added first name last name Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * refresh menu when realm organization is changed Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * changed to record Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * changed to form data Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * fixed lint error Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Changing name of invitation parameters Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Chancing name of parameters on the client Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Enable organization at the realm before running tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Domain help message Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Handling model validation errors when creating organizations Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Message key for organizationDetails Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Do not change kc.org attribute on group Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * add realm into the context Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * tests Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Changing button in invitation model to use Send instead of Save Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Better message when validating the organization domain Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Fixing compilation error after rebase Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * fixed test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * removed wait as it no longer required and skip flacky test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * skip tests that are flaky Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * stabilize user create test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> --------- Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 14:34:02 +02:00
Martin Bartoš	76a6733f0a	Replace PhantomJS by HtmlUnit Closes #9979 Co-authored-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-29 11:17:57 +02:00
Martin Bartoš	b1a90972b6	Upgrade Selenium and Arquillian dependencies in testsuite Closes #29778 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-29 11:17:57 +02:00
Pedro Igor	bbb83236f5	Do not lower-case the username from the IdP when creating the federated identity Closes #28495 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 01:58:20 -03:00
Stefan Guilhen	694ffaf289	Allow organizations in different realms to have the same domain Closes #29886 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-28 08:02:30 -03:00
Francis Pouatcha	4317a474d1	JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification (#29635 ) closes #29634 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com> Co-authored-by: DYLANE BENGONO <85441363+bengo237@users.noreply.github.com>	2024-05-28 12:51:56 +02:00
Yutaka Obuchi	68d9dcecb5	Supporting OID4VCI AuthZCode flow: (#29685 ) closes #29724 Signed-off-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com> Co-authored-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com> Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-05-28 12:29:31 +02:00
Martin Bartoš	d396dfed6a	Upgrade old Keycloak version for DB migration tests (#29884 ) Closes #29883 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-28 11:32:31 +02:00
Jon Koops	66ef3bf2d7	Remove Opera from supported web drivers (#29903 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-05-28 09:01:40 +00:00
Douglas Palmer	b9c04bb8bc	Refactor PolicyEnforcer tests to remove dependency on keycloak-adapter-core and remove keycloak-adapter-core Closes #29189 Closes #28791 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-27 15:00:13 -03:00
Stefan Wiedemann	5a68056f2a	Fix oid4vc mappers Closes #29805 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-05-27 11:28:46 +02:00
mposolda	ea1cdc10bd	MigrateTo25_0_0 does not complete within default transaction timeout closes #29756 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-27 10:31:39 +02:00
Pedro Igor	2d4d32764c	Show a message when confirming an invitation link Closes #29794 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-27 08:33:22 +02:00
rmartinc	b258b459d7	Generate RESTART_AUTHENTICATION event on success Closes #29385 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-23 19:08:22 +02:00
vramik	0508d279f7	Filter empty domains from OrganizationsRepresentation before running validation Closes #29809 Signed-off-by: vramik <vramik@redhat.com>	2024-05-23 09:53:51 -03:00
Marek Posolda	2efc163b89	Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database Closes #27941 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-23 12:00:18 +00:00
Daniel Fesenmeyer	c08621fa63	Always order required actions by priority (regardless of context) - AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action - AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation) - add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now) - fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80) Closes #16873 Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>	2024-05-23 09:07:56 +02:00
Thomas Darimont	ab376d9101	Make required actions configurable (#28400 ) - Add tests for crud operations on configurable required actions - Add support exposing the required action configuration via RequiredActionContext - Make configSaveError message reusable in other contexts - Introduced admin-ui specific endpoint for retrieving required actions with config metadata Fixes #28400 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-05-23 08:38:36 +02:00
vramik	278341aff9	Add organizations enabled/disabled capability Closes #28804 Signed-off-by: vramik <vramik@redhat.com>	2024-05-22 07:58:26 -03:00
Francis Pouatcha	542fc65923	Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 (#29628 ) closes #29627 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com> Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-05-22 10:30:34 +02:00
rmartinc	f7044ba5c2	Use SessionExpirationUtils for validate user and client sessions Check client session is valid in TokenManager Closes #24936 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-22 10:12:20 +02:00
Case Walker	f32cd91792	Upgrade owasp-java-html-sanitizer, address all fallout Signed-off-by: Case Walker <case.b.walker@gmail.com>	2024-05-22 09:15:25 +02:00
Raffaele Lucca	a5a55dc66e	Protocol now is mandatory during client scope creation. (#29544 ) closes #29027 Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>	2024-05-22 09:10:46 +02:00
Patrick Jennings	84acc953dd	Client type OIDC base read only defaults (#29706 ) closes #29742 closes #29422 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-22 09:07:19 +02:00
Pedro Igor	b019cf6129	Support unmanaged attributes for service accounts and make sure they are only managed through the admin api Closes #29362 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-21 16:56:18 -03:00
Martin Kanis	97cd5f3b8d	Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not Closes #29482 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-21 12:29:10 -03:00
rmartinc	3304540855	Allow admin console whoami endpoint to applications that have a special attribute Closes #29640 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-20 09:51:07 +02:00
Stefan Guilhen	1aab371912	Fix errors when importing realms with the organization feature enabled Closes #29630 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-17 07:25:31 -03:00
Ricardo Martin	74a80997c7	Fix CRL verification failing due to client cert not being in chain (#29582 ) closes #19853 Signed-off-by: Micah Algard <micahalgard@gmail.com> Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Micah Algard <micahalgard@gmail.com> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-05-17 11:28:07 +02:00
Dimitri Papadopoulos Orfanos	64a145e960	Fix user-facing typos in error messages (#29326 ) Update resource file and tests accordingly Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>	2024-05-16 09:55:41 +02:00
Takashi Norimatsu	b4e7d9b1aa	Passkeys: Supporting WebAuthn Conditional UI (#24305 ) closes #24264 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2024-05-16 07:58:43 +02:00
rmartinc	89d7108558	Restrict access to whoami endpoint for the admin console and users with realm access Closes #25219 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-15 19:06:57 +02:00
Stefan Guilhen	c4760b8188	Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org. Closes #29481 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-14 15:39:18 -03:00
Martin Kanis	3985157f9f	Make sure operations on a organization are based on realm they belong to Closes #28841 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-14 10:47:39 -03:00
Pedro Igor	b4d231fd40	Fixing realm removal when removing groups and brokers associated with an organization Closes #29495 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-14 14:29:27 +02:00
Pedro Igor	b5a854b68e	Minor improvements to invitation email templates (#29498 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-14 13:19:02 +02:00
Pedro Igor	1b583a1bab	Email validation for managed members should only fail if it does not match the domain set to a broker Closes #29460 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-14 10:46:22 +02:00
mposolda	d8a7773947	Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests closes #12298 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-13 16:33:29 +02:00
kaustubh-rh	8a82b6b587	Added a check in ClientInitialAccessResource (#29353 ) closes #29311 Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>	2024-05-13 13:00:36 +02:00
rmartinc	2cc051346d	Allow empty CSP header in headers provider Closes #29458 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-13 10:51:31 +02:00
Giuseppe Graziano	d735668fcd	Fix test failures after @DisableFeature Closes #29253 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-05-13 08:20:54 +02:00
Pedro Igor	b50d481b10	Make sure organization groups can not be managed but when managing an organization Closes #29431 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-10 21:28:11 -03:00
Stefan Guilhen	f0620353a4	Ensure master realm can't be removed Closes #28896 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-10 16:56:18 -03:00
Stefan Guilhen	ceed7bc120	Add ability to search organizations by attribute Closes #29411 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-10 16:45:41 -03:00
Pedro Igor	77b58275ca	Improvements to the organization authentication flow Closes #29416 Closes #29417 Closes #29418 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-09 16:07:52 -03:00
Pedro Igor	a65508ca13	Simplifying the CORS SPI and the default implementation Closes #27646 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-08 12:27:55 -03:00
Pedro Ruivo	cbce548e71	Infinispan 15.0.3.Final Closes #29068 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-05-08 17:18:39 +02:00
Stefan Guilhen	dde2746595	Improve tests to ensure managed users disabled upon disabling the org can't be updated Closes #28891 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-07 18:11:52 -03:00
Pedro Igor	927ba48f7a	Adding tests to cover using SAML brokers in an organization Closes #28732 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 20:44:38 +02:00
Thore	4b194d00be	iso-date validator for the user-profile Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker. Closes #11757 Signed-off-by: Thore <thore@kruess.xyz>	2024-05-07 11:42:39 -03:00
Martin Kanis	d4b7e1a7d9	Prevent to manage groups associated with organizations from different APIs Closes #28734 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-07 11:16:40 -03:00
Pedro Igor	f8bc74d64f	Adding SAML protocol mapper to map organization membership Closes #28732 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 15:52:35 +02:00
Stefan Guilhen	aa945d5636	Add description field to OrganizationEntity Closes #29356 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-07 10:35:51 -03:00
Pedro Igor	c0325c9fdb	Do not manage brokers through the Organization API Closes #29268 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 09:15:25 -03:00
Dinesh Solanki	2172741eb6	Refactor element identifiers from ID to class (#28690 ) Closes #24462 Signed-off-by: Dinesh Solanki <15937452+DineshSolanki@users.noreply.github.com>	2024-05-07 13:56:21 +02:00
Alice W	d1549a021e	Update invitation changes based on review and revert deleted test from OrganizationMembertest Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	40a283b9e8	Token expiration tests and updates to registration required action Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	158162fb4f	Review tests and having invitation related operations in a separate class Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	287f3a44ce	registration link tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00
Alice W	ce2e83c7f9	Update test and link formation on invite of new user Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>	2024-05-06 17:57:13 -03:00
Alice W	18356761db	Add test for user invite registration and fix minor bug with registration link generation and email templating Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>	2024-05-06 17:57:13 -03:00
Pedro Igor	e0bdb42d41	adding test and minor updates to cover inviting existing users Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-06 17:57:13 -03:00
Stefan Guilhen	dae1eada3d	Add enabled field to OrganizationEntity Closes #28891 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-06 14:46:56 -03:00
Alexander Schwartz	a9532274e3	Generate translations for locales via built-in Java functionality (#29125 ) Closes #29124 Signed-off-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-05-06 09:30:14 +02:00
Giuseppe Graziano	c6d3e56cda	Handle reset password flow with logged in user Closes #8887 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-05-06 09:10:47 +02:00
Douglas Palmer	00bd6224fa	Remove remaining Fuse adapter bits Closes #28787 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-06 09:02:26 +02:00
Thomas Darimont	ba43a10a6d	Improve details for user error events in OIDC protocol endpoints Closes #29166 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-05-06 08:32:31 +02:00
Pedro Igor	32d25f43d0	Support for mutiple identity providers Closes #28840 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-04 16:19:27 +02:00
Douglas Palmer	051c0197db	Remove old-WildFly, EAP 7.4 and 6.4 SAML adapters Closes #28785 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-03 15:39:05 +02:00
Justin Tay	7bd48e9f9f	Set logout token type to logout+jwt Closes #28939 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-05-03 14:51:10 +02:00
Giuseppe Graziano	8c3f7cc6e9	Ignore include in token scope for refresh token Closes #12326 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-05-03 09:05:03 +02:00
Douglas Palmer	e0176a7e31	Remove Wildfly and EAP OIDC adapters Closes #23381 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-02 20:16:55 +02:00
Steven Hawkins	3b1ca46be2	fix: updating docs around -q parameter (#29151 ) closes: #27877 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-05-02 16:48:43 +02:00
Stefan Guilhen	45e5e6cbbf	Introduce filtered (and paginated) search for organization members Closes #28844 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-02 11:25:43 -03:00
Stefan Wiedemann	3e16af8c0f	Fix oid4vc tests (#29209 ) closes #28982 closes #28983 closes #28984 closes #28985 closes #28986 closes #28987 closes #28988 closes #28989 closes #28990 closes #28991 closes #28992 closes #28993 closes #28994 closes #28995 closes #28996 * only enable/disable features that should Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com> * use default profile if nothing is set Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com> --------- Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-05-02 10:57:25 +00:00
Patrick Jennings	64824bb77f	Client type service account default type (#29037 ) * Adding additional non-applicable client fields to the default service-account client type configuration. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Creating TypedClientAttribute which maps clientmodel fields to standard client type configurations. Adding overrides for fields in TypeAwareClientModelDelegate required for service-account client type. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Splitting client type attribute enum into 3 separate enums, representing the top level ClientModel fields, the extended attributes through the client_attributes table, and the composable fields on ClientRepresentation. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Removing reflection use for client types. Validation will be done in the RepresentationToModel methods that are responsible for the ClientRepresentation -> ClientModel create and update static methods. Signed-off-by: Patrick Jennings <pajennin@redhat.com> More updates Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Update client utilzes type aware client property update method. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * If user inputted representation object does not contain non-null value, try to get property value from the client. Type aware client model will return non-applicable or default value to keep fields consistent. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Cleaning up RepresentationToModel Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Fixing issue when updating client secret. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Fixing issue where created clients would not have fullscope allowed, because getter is a boolean and so cannot be null. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Need to be able to clear out client attributes on update as was allowed before and causing failures in integration tests. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Fixing issues with redirectUri and weborigins defaults in type aware clients. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Need to allow client attributes the ability to clear out values during update. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Renaming interface based on PR feedback. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Shall be able to override URI sets with an empty set. Signed-off-by: Patrick Jennings <pajennin@redhat.com> * Comments around fields that are primitive and may cause problems determining whether to set sane default on create. Signed-off-by: Patrick Jennings <pajennin@redhat.com> --------- Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-02 12:22:02 +02:00
Ricardo Martin	65bdf1a604	Encode realm name in console URIs (#29102 ) Before this fix console uris (including the client redirect uris) did not contain the url encoded realm name and therefore were invalid. closes #25807 Signed-off-by: Philip Sanetra <code@psanetra.de> Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Philip Sanetra <code@psanetra.de> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-05-02 10:30:06 +02:00
Douglas Palmer	8d4d5c1c54	Remove redundant servers from the testsuite Closes #29089 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-30 17:39:32 +02:00
Stefan Guilhen	02e2ebf258	Add check to prevent deserialization issues when the context token is not an AccessTokenResponse. - also adds a test for the refresh token on first login scenario. Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-30 12:02:10 -03:00
rmartinc	8042cd5d4f	Set client in the context for docker protocol Fix to execute again the docker test Closes #28649 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-30 10:17:17 +02:00
Pedro Igor	51352622aa	Allow adding realm users as an organization member Closes #29023 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-29 08:37:47 -03:00
Jon Koops	a6e2ab5523	Remove `jaxrs-oauth-client` and OIDC `servlet-filter` adapters Closes #28784 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-04-26 15:56:57 +02:00
Douglas Palmer	cca660067a	Remove JAAS login modules Closes #28789 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	b2f09feebf	Remove servlet filter saml adapters Closes #28786 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	bf2c97065f	Remove SpringBoot adapters Closes #28781 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Stefan Guilhen	bfabc291cc	28843 - Introduce filtered (and paginated) searches for organizations Closes #28843 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-25 12:38:20 -03:00
Stefan Guilhen	8fa2890f68	28818 - Reintroduce search by name for subgroups Closes #28818 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-25 12:06:07 -03:00
vramik	d65649d5c0	Make sure organization are only manageable by the admin users with the manage-realm role Closes #28733 Signed-off-by: vramik <vramik@redhat.com>	2024-04-23 12:16:57 -03:00
Mark Banierink	ad32896725	replaced and removed deprecated token methods (#27715 ) closes #19671 Signed-off-by: Mark Banierink <mark.banierink@nedap.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-23 09:23:37 +02:00
mposolda	337a337bf9	Grant urn:ietf:params:oauth:grant-type:pre-authorized_code was enabled even if oid4vc_vci feature is disabled closes #28968 Signed-off-by: mposolda <mposolda@gmail.com>	2024-04-22 18:31:46 +02:00
Ott	975bb6762f	Fixed type in invalidPasswordNotContainsUsernameMessage Signed-off-by: Ott <ottalexanderdev@gmail.com>	2024-04-22 08:06:02 -03:00
Douglas Palmer	ed22530d16	Failure reset time is applied to Permanent Lockout Closes #28821 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-22 11:47:22 +02:00
Stefan Wiedemann	b08c644601	Support credentials issuance through oid4vci (#27931 ) closes #25940 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-04-22 11:37:55 +02:00
Lex Cao	7e034dbbe0	Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393 ) Closes #26201. Signed-off-by: Lex Cao <lexcao@foxmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-04-22 11:30:14 +02:00
etiksouma	1afd20e4c3	return proper error message for admin users endpoint closes #28416 Signed-off-by: etiksouma <al@mouskite.com>	2024-04-20 12:17:53 +02:00
Giuseppe Graziano	f6071f680a	Avoid the same userSessionId after re-authentication Closes keycloak/keycloak-private#69 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-19 14:44:39 +02:00
mposolda	c427e65354	Secondary factor bypass in step-up authentication closes #34 Signed-off-by: mposolda <mposolda@gmail.com> (cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)	2024-04-19 14:43:53 +02:00
Giuseppe Graziano	897c44bd1f	Validation of providerId during required action registration Closes #26109 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-19 13:06:51 +02:00
Joerg Matysiak	76a5a27082	Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it Don't mask secrets at realm export Closes #21562 Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>	2024-04-18 18:26:47 -03:00
Pedro Igor	7483bae130	Make sure admin events are not referencing sensitive data from their representation Closes #21562 Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>	2024-04-18 18:26:47 -03:00

... 2 3 4 5 6 ...

4835 commits