Commit graph

781 commits

Author SHA1 Message Date
Pascal Knüppel
c4ebd0cd0c
Add event for ClientScope created (#30715)
closes #30795 

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-06-27 19:05:29 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
CARBONNEAUX Mathieu
acf79b81c7
add RS256 algorithm to webauthn default policy (#30528)
closes #28020 

Signed-off-by: Mathieu CARBONNEAUX <mathieu.carbonneaux@ch2o.info>
2024-06-19 10:16:46 +02:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474)
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-13 18:02:46 +02:00
vramik
d355e38424 Provide a cache layer for the organization model
Closes #30087

Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966)
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
Pedro Igor
4c39fcc79d Allow to configure if users are automatically redirected when the email domain matches an organization
Closes #30050

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-03 13:34:21 +02:00
mposolda
37c10b4d43 Improve documentation for the case when 'basic' client scope already exists
closes #29880

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-29 13:32:05 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 01:58:20 -03:00
Stefan Guilhen
694ffaf289 Allow organizations in different realms to have the same domain
Closes #29886

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-28 08:02:30 -03:00
mposolda
ea1cdc10bd MigrateTo25_0_0 does not complete within default transaction timeout
closes #29756

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-27 10:31:39 +02:00
Pedro Igor
2d4d32764c Show a message when confirming an invitation link
Closes #29794

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-27 08:33:22 +02:00
Daniel Fesenmeyer
c08621fa63 Always order required actions by priority (regardless of context)
- AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action
- AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation)
- add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now)
- fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80)

Closes #16873

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
2024-05-23 09:07:56 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400)
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
vramik
278341aff9 Add organizations enabled/disabled capability
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 10:30:46 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Nicola Beghin
3d1c20b4a5
Add new ProviderConfigProperty type for URLs in Admin Console (#27743)
Closes #27673

Signed-off-by: Nicola Beghin <nicolabeghin@gmail.com>
2024-05-14 09:34:49 +00:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-13 16:33:29 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-10 21:28:11 -03:00
Stefan Guilhen
aa945d5636 Add description field to OrganizationEntity
Closes #29356

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 10:35:51 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971)
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-06 14:46:56 -03:00
Pedro Igor
32d25f43d0 Support for mutiple identity providers
Closes #28840

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-04 16:19:27 +02:00
Giuseppe Graziano
8c3f7cc6e9 Ignore include in token scope for refresh token
Closes #12326

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-05-03 09:05:03 +02:00
Steven Hawkins
4697cc956b
further refinement of context handling (#28182)
* fully removing providers and moving the keycloaksession creation / final
cleanup

also deprecated Resteasy utility methods

closes: #29223

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-02 11:21:01 -04:00
Stefan Guilhen
45e5e6cbbf Introduce filtered (and paginated) search for organization members
Closes #28844

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-02 11:25:43 -03:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions
All writes for the sessions are handled by a background thread which batches them.

Closes #28862

Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile

Closes #29141

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 14:07:35 +02:00
Pedro Igor
51352622aa Allow adding realm users as an organization member
Closes #29023

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-29 08:37:47 -03:00
mruzicka
ae1aaef96c
Avoid re-creating required action comparator (#29122)
closes #29130 

Signed-off-by: Michal Růžička <michal.ruza@gmail.com>
2024-04-29 09:18:50 +02:00
vramik
d65649d5c0 Make sure organization are only manageable by the admin users with the manage-realm role
Closes #28733

Signed-off-by: vramik <vramik@redhat.com>
2024-04-23 12:16:57 -03:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715)
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-04-22 11:42:18 -03:00
Pedro Igor
1e3837421e Organization member onboarding using the organization identity provider
Closes #28273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Stefan Guilhen
2ab8bf852d Add validation for the organization's internet domains.
Closes #28634

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Pedro Igor
61b1eec504 Prevent members with an email other than the domain set to an organization
Closes #28644

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions (#28319)
Persistent sessions code also for offline sessions

Closes #28318

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Pedro Igor
8f8094408e Encapsulate the logic to set attributes into the domain model
Closes #28646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-11 15:32:21 -03:00
Stefan Guilhen
9a466f90ab Add ability to set one or more internet domain to an organization.
Closed #28274

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00
Martin Kanis
51fa054ba7 Manage organization attributes
Closes #28253

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-10 09:10:49 -03:00
rmartinc
41b706bb6a Initial security profile SPI to integrate default client policies
Closes #27189

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-10 11:19:56 +02:00
Alexander Schwartz
63e7523a6d Avoid unnecessary updates to the sessions during refreshes of tokens
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 (#26345)
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
vibrown
3fffc5182e Added ClientType implementation from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>

More updates

Signed-off-by: vibrown <vibrown@redhat.com>

Added client type logic from Marek's prototype

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Pedro Igor
fefeb83588 Changes the contract to make it simpler and rely on the realm available from the current session
Closes #28403

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 14:45:31 +02:00
Pedro Igor
b9a7152a29 Avoid commiting the transaction prematurely when creating users through the User API
Closes #28217

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-27 19:16:09 -03:00
Jon Koops
3382e16954
Remove Account Console version 2 (#27510)
Closes #19664

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-27 10:53:28 +01:00