libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
26272 commits 4 branches 5 tags 480 MiB
Commit graph

6968 commits

Author SHA1 Message Date
Pedro Igor
d04d2bb852 Allow removing users federated from a kerberos provider 
Closes #31603

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-13 18:47:55 +02:00
Pedro Ruivo
e13c9bf462 Retry remote cache operations with back off 
Implement a retry mechanism for remote cache writes.

Fixes #32030

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-13 15:55:59 +02:00
rmartinc
a38d3b2f55 SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface 
Closes #32084

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-13 15:53:45 +02:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions 
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-12 20:35:50 +02:00
rmartinc
347f595913 Add ECDH-ES encyption algorithms to the java keystore key provider 
Closes #32023

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a Conditionally redirect existing users to a broker based on their credentials 
Closes #31006

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-09 07:59:25 -03:00
Alexander Schwartz
07a168cb14 Deleted authentication sessions should not be re-surrected with an update 
Closes #31829

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-09 07:26:05 -03:00
rmartinc
2a06e1a6db Add SHAKE256 hash provider for Ed448 
Closes #31931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Pedro Igor
3ab2446074 Do not return identity providers when querying the realm representation 
Closes #21072

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-07 10:06:51 -03:00
StephanSchrader
4d64092119
Fix persist config values for custom components (#31862) 
Closes #31858

Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de>
Signed-off-by: Stephan Schrader <zstephanz@gmail.com>
Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>
 2024-08-07 14:40:30 +02:00
Martin Kanis
e750b44e9d Flaky test: org.keycloak.testsuite.model.DBLockTest#testTwoLocksCurrently 
Closes #25794

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-07 09:00:37 -03:00
Giuseppe Graziano
35c8c09b8d OIDC dynamic client registration with response_type=none 
Closes #19564

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-08-07 10:34:47 +02:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Pedro Ruivo
3fbe26d2e1 Disable SessionTimeoutsTest for old cross-site code 
The test is disabled for the embedded caches + remote store combination
(old cross-site code) due to the async event processing.

Events can be handled after the test changes the time offset, causing
the test to fail.

Fixes #31612

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-06 15:33:44 +02:00
Nikos Epping
4080ee2e84 Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper 
Fixes #31575

Signed-off-by: Nikos Epping <n.epping@evosec.de>
 2024-08-05 10:22:22 +02:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC (#31763) 
closes #31712 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1 Add a media type to error responses on OID4VC endpoints 
Closes #31585

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-08-02 12:09:09 +02:00
Justin Tay
f537343545 Allow empty key use in JWKS from identity provider 
Closes #31823

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-02 11:39:43 +02:00
rmartinc
773e309f75 Parse saml urls correctly if the bindings are different 
Closes #31780

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-02 11:34:06 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature 
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-01 16:16:19 +02:00
Ryan Emerson
176ac3404a EmbeddedInfinispanSplitBrainTest fails with "IllegalState Session not bound to a realm" 
Closes #31828

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-08-01 13:58:41 +02:00
Ryan Emerson
8d7e18ec29 Clear local caches on split-brain heal 
Closes #25837

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-07-31 13:59:06 +02:00
Pedro Ruivo
17e30e9ec1 Persist revoke tokens with remote cache feature 
Stores the revoked tokens into the database and preloads them during
startup.

Fixes #31760

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-31 11:02:38 +02:00
Thomas Darimont
282260dc95 Ensure issued_client_type is always added to successful token-exchange response (#31548) 
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1)
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type

Fixes #31548

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-30 18:33:51 +02:00
rmartinc
a6c70d65ee Do not generate secret when client rep do not specifiy public or bearer 
Closes #31444

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-30 18:32:15 +02:00
Pedro Ruivo
e62604b1ec ConditionalRemover interface for External Infinispan feature 
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries

On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.

Fixes #31046

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-30 15:16:17 +02:00
Pedro Igor
a79761a447 Support for blocking concurrent requests when brute force is enabled 
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-30 10:01:48 +02:00
Hynek Mlnarik
183cd6c957 Run tests with keycloak.v2 login theme 
The fixes (mostly selectors) are needed for tests.

In the future, to switch the keycloak.v2 to the default theme, do
the following:

- Update `ThemeSelectorProvider`: Uncomment relevant lines
- Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property
- Update `ThemeSelectorTest` per comment

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-30 10:01:17 +02:00
Martin Kanis
d91d6d18d5 Can not update organization group error when trying to create organisation from REST API 
Closes #31144

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes (#29967) 
fixes #30179
fixes #30181


Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-29 16:30:54 +02:00
Stefan Guilhen
17c01c9380 Enable new IDP Storage SPI in JPA model tests 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs (#31620) 
closes #31581 


Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645 Respect the username value format when processing federated users 
Closes #31240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators (#31549) 
Closes #30476

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:03:21 +02:00
Pedro Igor
04bd6653ec Invalidating domain cache and introducing cache for more query methods 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations 
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Giuseppe Graziano
12732333c8 Client scope assignment for client registration 
Closes #31062

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-26 17:33:49 +02:00
Stefan Guilhen
c9f5a0aa32 Testsuite: ensure realm is set in session context 
Closes #31636

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-26 11:11:44 -03:00
Lex Cao
3818f8f575 Prevent removing flow that used by client flow overrides 
Closes #30707

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-07-26 16:05:29 +02:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens 
Closes #31296

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-26 11:46:14 +02:00
vramik
01f5747eed If the user is federated before the broker is associated with an organization this user is not a managed user 
Closes #30744

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy 
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
 2024-07-24 15:12:16 -03:00
Kamesh Akella
33b3fd313c
Add migration tests for AuroraDB (#31396) 
Fixes #31024
Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
 2024-07-24 16:45:02 +02:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation(#30692) 
closes #30525 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-24 13:45:39 +02:00
Miquel Simon
aab7a912c4
Updated connection configuration for MSSQL test container 
Closes #31558

Signed-off-by: Miquel Simon <msimonma@redhat.com>
 2024-07-24 09:12:58 +00:00
Hynek Mlnarik
a7374f92be Update login theme to login v2 
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
Hynek Mlnarik
ab6ca323db Run docker tests with proper theme and fix chromedriver path 
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
mposolda
3110bb8989 Missing Cache-Control header when response_type parameter is missing in login request 
closes #29866

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-18 10:17:52 +02:00
rmartinc
5ea3becef5 Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest 
Closes #30188
Closes #30641

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-18 10:03:13 +02:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential (#30920) 
closes #30918

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-07-18 09:52:02 +02:00
mposolda
06f6173c8a Add suffix to keycloak-authz-client artifact in keycloak repository 
closes #30926

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-17 14:59:09 +02:00
Martin Kanis
e5848bdcf9 Cannot set unmanagedAttributePolicy without profile attributes 
Closes #31153

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-17 09:53:59 -03:00
mposolda
5526976d1c Add suffix to keycloak-policy-enforcer artifacts in keycloak repository 
closes #30927

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-17 12:03:23 +02:00
Ricardo Martin
3d12c05005
Correctly moves to the next required action (#31358) 
Closes #31014

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>


Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-07-17 09:38:29 +02:00
Pedro Igor
de1de06354 Avoid adding organization flows if they are already exist 
Closes #31182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-17 08:28:00 +02:00
Stefano Azzalini
6d67c1f9cc
Normalize default authentication flow descriptions to start with an uppercase letter (#31277) 
Closes #31291

Signed-off-by: Stefano Azzalini <stefano.azzalini@luminator.com>
 2024-07-16 13:49:35 +02:00
Lex Cao
6c71ad2884 Fallback to no override flow when missing in client override 
Closes #30765

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-07-16 11:33:41 +02:00
Thomas Darimont
2140e573f2
Fix test LDAP connection with multiple ldap connection urls 
Previously, the given connection string was check with URI.create(..) which
failed when multiple space separated LDAP URLs were given.

Closes #31267

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-16 08:57:50 +02:00
Martin Kanis
887db25f00 Allow auto-redirect existing users federated from organization broker when using the username 
Closes #30746

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-15 13:48:45 -03:00
mposolda
1864cf1827 Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25 
closes #31224

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-15 18:30:35 +02:00
Pedro Igor
c33585a5f4 All pubic brokers are shown during authentication rather than only those associated with the current organization 
Closes #31246

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-12 17:51:39 +02:00
Giuseppe Graziano
1df60461a9 Avoid race condition when using initial-access-token 
Closes #27294

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-12 16:33:02 +02:00
Douglas Palmer
9300903674 page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt 
Closes #25440

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-07-12 16:24:21 +02:00
Pascal Knüppel
4028ada2a5
Add required default-context value to VerifiableCredential (#30959) 
closes #30958

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-11 18:25:11 +02:00
Steven Hawkins
4970a9b729
fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD 
closes: #30658

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-07-11 18:07:57 +02:00
rmartinc
096e335a92 Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider 
Closes #30880
Closes #29755

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-11 12:40:45 +02:00
Pedro Igor
da6c9ab7c1 Bruteforce protector does not work when using organizations 
Closes #31204

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-11 00:26:47 +02:00
Jon Koops
a0c99a7ae0
Show full error details in admin and account consoles 
Closes #30705

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-07-10 16:20:26 +02:00
Martin Kanis
922eaa9fc8
Disable username prohibited chars validator when email as username is… (#31140) 
* Disable username prohibited chars validator when email as the username is set

Closes #25339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-10 09:46:24 -03:00
Pedro Igor
d475833361 Do not expose kc.org attribute in user representations 
Closes #31143

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-10 13:43:23 +02:00
Alexander Schwartz
d70f78072e
Make persistent sessions co-exist with remote cache feature (#30859) 
Closes #30855

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-09 09:03:36 +02:00
rmartinc
f78a46485d TE should create a transient session when there is no initial session in client-to-client exchange 
Closes #30614

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-08 15:44:38 -03:00
Pedro Igor
ead1b4a851
Testing ldap connection should not process or bind the credentials (#31081) 
Closes #30821

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-08 13:58:02 +02:00
Pedro Igor
cbf7f208fb
Avoid iterating and updating all group policies when removing groups (#31057) 
Closes #31056

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-08 13:57:20 +02:00
wojnarfilip
3c429b7506 Update social login tests login flows 
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
 2024-07-08 08:48:31 +02:00
Pedro Igor
f010f7df9b Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-03 11:55:04 -03:00
Martin Kanis
e1b735fc41 Identity-first login flow should be followed by asking for the user credentials 
Closes #30339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-03 11:55:04 -03:00
Giuseppe Graziano
02d64d959c Using _system client when account client is disabled for email actions 
Closes #17857

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet
20cedb84eb Check refresh token flow response for offline based on refresh token request parameter 
Closes #30857

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-07-02 18:13:30 -03:00
Steven Hawkins
d534860e2b
fix: admin cli client should set the content when performing a merge (#30539) 
closes: #29878

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-06-28 15:56:07 +02:00
Pedro Igor
cc2ccc87b0 Filtering organization groups when managing or processing groups 
Closes #30589

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-28 10:27:18 -03:00
Steven Hawkins
aae1fa1417
fix: addresses cli erroneously wants a secret when env password is set (#30892) 
closes: #30866

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-06-28 11:48:42 +02:00
Thomas Darimont
690c6051bb Fix scope policy evaluation for client to client token exchange (#26435) 
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.

We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.

We also ensure backwards compatibility for ClientPermissionManagement API.

Fixes #26435

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-06-28 10:33:20 +02:00
mposolda
f1b8a983d2 Cleanup mod_auth_mellon from the testsuite 
closes #30869

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-28 08:33:36 +02:00
Douglas Palmer
7a8c7502d2 Cleanup of adapter-spi module? 
Closes#30871

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-27 19:41:30 +02:00
Douglas Palmer
220f32aa85 Cleanup of adapter pages 
Closes #30870

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-27 18:57:22 +02:00
mposolda
7279f2092e Cleanup of test-apps and related adapter code 
closes #30867

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-27 15:10:31 +02:00
mposolda
e5a4c94f75 Added suffix to keycloak-admin-client artifacts in keycloak repository 
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-27 11:00:30 +02:00
Romain LABAT
6615691c63
Support for service accounts when fetch roles is enabled (#30687) 
Support for service accounts when fetch roles is enabled

Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-25 18:00:26 -03:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5 
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2 Issue: 26568 - bcfips version bump and fixes 
* bump BCFIPS to 1.0.2.5
               * fix bc-fips related test error
               * remove unused imports

               Closes: #26568

Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
 2024-06-25 11:07:27 +02:00
fwojnar
015fefad02
Remove Edge from supported web drivers (#30423) 
Closes #29921

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2024-06-24 17:24:55 +02:00
fwojnar
e30e6cba8e
Remove Safari from supported web drivers (#30424) 
Related to #29921

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2024-06-24 13:27:12 +02:00
fwojnar
640db99c27
Remove Appium from supported web drivers (#30483) 
Related to #29921

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2024-06-24 13:26:33 +02:00
Takashi Norimatsu
b0aac487a3 VC issuance in Authz Code flow with considering scope parameter 
closes #29725

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-06-24 10:53:19 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
mposolda
6a9e60bba0 Flow steps back when changing locale or refreshing page on 'Try another way page' 
closes #30520

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-21 11:22:15 +02:00
rmartinc
592c2250fc Add briefRepresentation query parameter to getUsersInRole endpoint 
Closes #29480

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-21 11:21:02 +02:00
Takashi Norimatsu
6b135ff6e7 client-jwt authentication fails on Token Introspection Endpoint 
closes #30599

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-06-21 10:47:25 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates 
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-20 14:36:14 -03:00
rmartinc
f690947cea Remove the SAML undertow adapter 
Closes #30554

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-20 09:47:14 +02:00
Giuseppe Graziano
6b07b67667 Removed saml filter adapter tests 
Closes #30553

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-20 09:42:59 +02:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072) 
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3 
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e External Infinispan as cache - Part 2 
Includes a new implementation for the providers:

* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory

Closes #28648

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1 
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Martin Kanis
dc109381e1 Refactor organization tests 
Closes #30338

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-19 09:34:24 -03:00
Martin Kanis
89f83e9788 Importing organizations failing if there is no broker and members in the representation 
Closes #30305

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-19 08:46:04 -03:00
Pedro Igor
57139cbefc Internal read-only attributes have precedence over unmanaged attribute policy 
Closes #30240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-19 12:05:01 +02:00
Alexander Schwartz
9ce47fc117 Trying to switch the database 
Closes #28311

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-19 10:30:36 +02:00
Giuseppe Graziano
24aa6e143d
REALM_CLIENT attribute to recognize realm clients (#30433) 
Closes #29413

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-19 10:22:13 +02:00
Stefan Guilhen
db846a792d Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches 
Closes #30414

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-06-18 13:14:28 -03:00
Francis Pouatcha
d4797e04a2
Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification (#30420) 
closes #30419 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-06-18 17:07:49 +02:00
rmartinc
fc65c73106 Upgrade adapters test to use wildfly 28 (jakarta only) via maven plugin 
Closes #30324

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-18 15:40:59 +02:00
rmartinc
38d8cf2cb3 Add UPDATE event to the client-roles condition 
Closes #30284

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-18 15:30:42 +02:00
Martin Bartoš
5ad3abaa96
Enable WebAuthn tests for Firefox (#30374) 
Closes #22075

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-06-18 10:36:01 +02:00
Jon Koops
08c3bb83f2
Remove Internet Explorer from supported web drivers (#29918) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-17 15:48:58 +00:00
rmartinc
c51640546d Improvements for ldap test authentication 
Closes #30434

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-15 10:01:24 +02:00
Thibault Morin
f6fa869b12
feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619) 
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP

Signed-off-by: tmorin <git@morin.io>

* Adding broker test and minor improvements

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing IdentityProviderTest

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Renaming methods related to idp initiated flows

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing partial_import_test.spec.ts

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-14 08:54:49 -03:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474) 
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-13 18:02:46 +02:00
Lukas Hanusovsky
ca0833b2e4
[#29412] DB Allocator removal - dependency cleanup. (#30406) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2024-06-13 13:31:52 +00:00
vramik
de2fdbe98f cache count 
Signed-off-by: vramik <vramik@redhat.com>
 2024-06-13 08:13:36 -03:00
vramik
d355e38424 Provide a cache layer for the organization model 
Closes #30087

Signed-off-by: vramik <vramik@redhat.com>
 2024-06-13 08:13:36 -03:00
Alfredo Moises Boullosa
a5cd6ed965 Add step to Google Social Login (#30335) 
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
 2024-06-12 17:27:02 +02:00
Stefan Guilhen
c49b5749ef Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP 
Closes #29784

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-06-12 10:42:21 -03:00
Martin Kanis
ae69b3b260 Introduce packages for organization tests 
Closes #30337

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-12 10:02:06 -03:00
rmartinc
7d42ab822b Remove adapter app-server-undertow profile which is not used 
Closes #30347

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-12 14:40:06 +02:00
Patrick Jennings
75925dcf6c
Client type configuration inheritance (#30056) 
closes #30213 

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-06-10 18:59:08 +02:00
rmartinc
7d05a7a013 Logout from all clients after IdP logout is performed 
Closes #25234

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-10 11:58:09 -03:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966) 
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-07 12:02:36 +02:00
Steven Hawkins
c7e9ee2bff
fix: adds handling for all kcadm prompts as env variables (#29430) 
closes: #21961

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-06-06 13:08:23 +00:00
Bruno Oliveira da Silva
f34baf3c24
Update license headers (#29942) 
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
 2024-06-06 14:06:09 +02:00
Alexander Schwartz
97ab0def2c Adding ForkJoinPool for Quarkus to the surefire initialization for embedded Quarkus 
Closes #30206

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-06 12:52:11 +02:00
Pedro Igor
94c194f1f4 Prevent users to unlink from their home identity provider when they are a managed member 
Closes #30092

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2024-06-05 13:57:01 +02:00
mposolda
0bf613782f Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error 
closes #30102

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-05 13:55:02 +02:00
rmartinc
eedfd0ef51 Missing auth checks in some admin endpoints (#166) 
Closes keycloak/keycloak-private#156

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-05 12:04:47 +02:00
Giuseppe Graziano
d5e82356f9 Encrypted KC_RESTART cookie and removed sensitive notes 
Closes #keycloak/keycloak-private#162

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-05 10:33:44 +02:00
Pedro Igor
f8d55ca7cd Export import realm with organizations 
Closes #30006

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-05 09:50:03 +02:00
Martin Kanis
33331788a4 Introduce count method to avoid fetching all organization upon checking for existence 
Closes #29697

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-04 10:45:28 -03:00
Martin Kanis
173f09fa6b Malformed dependency version causing the build failure 
Closes #30134

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-04 13:44:14 +02:00
Thomas Darimont
35a4a17aa5
Add support for application/jwt media-type in token introspection (#29842) 
Fixes #29841

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-06-03 19:06:21 +02:00
rmartinc
536534dd25 Remove the transformed output directory before executing JakartaTransformer 
Closes #30086

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-03 19:03:46 +02:00
Alexander Schwartz
792a3457ff
Use Maven wrapper instead of platform dependent Maven version (#29988) 
Closes #29987

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-03 15:45:39 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support (#28518) 
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-06-03 14:17:28 +02:00
mposolda
9074696382 Editing built-in client policy profiles are silently reverted 
closes #27184

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-03 14:00:37 +02:00
Pedro Igor
4c39fcc79d Allow to configure if users are automatically redirected when the email domain matches an organization 
Closes #30050

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-03 13:34:21 +02:00
raff897
6d6131cade Backchannel logout url with curly brackets 
closes #30023

Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
 2024-06-03 09:51:39 +02:00
Ricardo Martin
0cd0d03c08
Remove all adapter-core code moved to util (#30012) 
* Remove all tests that are only executed for undertow app server
* Remove installation steps for OIDC adapter in wildfly/eap app server
* Remove the util adapters package except HttpClientBuilder
* Remove HttpClientBuilder and use plain apache http client
Closes #29912

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-03 09:28:02 +02:00