rmartinc
d2e19da64e
Avoid using nip.io resolution in RefreshTokenTest#refreshTokenWithDifferentIssuer test
...
Closes #25675
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-11-06 14:53:19 +01:00
Ricardo Martin
ce454bda47
Remove online session when offline access is requested as the first request ( #34346 )
...
Closes #34001
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
---------
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-11-06 08:33:12 +01:00
fwojnar
b3dd26a7c3
Migrate WelcomeTestPage to testsuite framework ( #34543 )
...
* Migrate WelcomeTestPage to testsuite framework
Closes #34491
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
* Refactor welcome page a bit
Signed-off-by: stianst <stianst@gmail.com>
* Fixes for htmlunit
Signed-off-by: stianst <stianst@gmail.com>
* Cleanup imports
Signed-off-by: stianst <stianst@gmail.com>
---------
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
2024-11-05 10:57:58 +01:00
Giuseppe Graziano
612e2caae1
Refresh the login page when root auth session changes
...
Closes #32658
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-11-04 18:31:42 +01:00
Bernd Bohmann
7681687e0a
Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener
...
inspired by
https://github.com/aerogear/keycloak-metrics-spi
https://github.com/please-openit/keycloak-native-metrics
Closes #33043
Signed-off-by: Bernd Bohmann <bommel@apache.org>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-11-04 08:56:24 +01:00
Stefan Guilhen
af434d6bc1
Add checks to prevent GroupLDAPStorageMapper from performing operations on groups it does not manage
...
Closes #11008
Closes #17593
Closes #19652
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-11-01 15:49:55 -03:00
Thomas Darimont
36b01cbea0
Revise PAR request object parameter handlig ( #34352 )
...
We now store the original parameter value as-is, in case only a single parameter value is provided. In case multiple parameter values are provided
for the same parameter, we only retain the first parameter.
This ensures that the original value is retained. Previously the value list from the
`decodedFormParameters` `MultivaluedMap` was converted to a String while replacing '[' and ']'
with an empty string, which corrupted the original parameter values stored.
Fixes #34352
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-31 16:26:31 +01:00
Pedro Igor
db780ed6c7
Trying to make sure there is no active tasks and introduce a timeout
...
Closes #34432
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-31 12:10:22 +01:00
rmartinc
78aa08941a
Fix NPE in ConditionalOtpFormAuthenticator if no configuration
...
Closes #34298
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-31 07:48:07 -03:00
vramik
b27a5d05b4
Fix error message in test
...
Signed-off-by: vramik <vramik@redhat.com>
2024-10-30 12:26:03 -03:00
vramik
3d91df42d8
Declining terms and conditions in account-console results in error
...
Closes #28328
Signed-off-by: vramik <vramik@redhat.com>
2024-10-30 12:26:03 -03:00
Giuseppe Graziano
3d663802bb
Fix flaky test for concurrent client creation on H2 database
...
Closes #29290
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-10-29 20:58:50 -03:00
rmartinc
b52256facc
Set client in context for dynamic scopes calculation
...
Closes #33684
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-28 17:32:06 -03:00
Marek Posolda
3784fd1f67
Attempt to run snapshot Keycloak server against production DB should fail during migration
...
closes #30364
Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-28 15:02:26 +00:00
Douglas Palmer
c816d5e030
Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP_bruteForceEnabled
...
Closes #34075
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-28 11:30:38 -03:00
Pedro Ruivo
84f4bd8af1
Client Scope updates are not replicated between Keycloak nodes
...
Fixes #33731
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-25 11:22:15 +02:00
rmartinc
e41553bcfb
Create a new logout session when initiating it for another client
...
Closes #34207
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-25 10:02:23 +02:00
Douglas Palmer
fd1dd49ade
Flaky Test: BrowserFlowTest.testAlternativeNonInteractiveExecutorInSubflow()
...
Closes #34273
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-24 22:36:11 +02:00
Martin Kanis
4f3ced9560
ConcurrentModificationException when restarting user sessions
...
Closes #34093
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-24 21:26:50 +02:00
Steven Hawkins
b2ccde29bb
fix: persist build time spi options ( #34157 )
...
closes : #33902
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-10-23 16:51:11 +02:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol
...
Closes #29399
- Add ProviderFactory#dependsOn to allow dependencies between
ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-22 20:19:19 +00:00
Gilvan Filho
c4005d29f0
add linear strategy to brute force
...
closes #25917
Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
2024-10-22 10:33:22 -03:00
rmartinc
6d52520730
Load client keys using SubjectPublicKeyInfo and upload jwks type into the jwks attributes for OIDC ones
...
Closes #33820
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-22 14:24:15 +02:00
Martin Kanis
01026fab79
Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP_bruteForceEnabled
...
Closes #34075
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-22 08:06:56 -03:00
mposolda
703f16ea86
Hide the 'Delete' button in the account console when DeleteCredentialAction is disabled or unavailable
...
closes #30204
Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-22 11:07:08 +02:00
Pedro Igor
6d5923d560
Tests for role and time policy configuration validation
...
Closes #28978
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-22 05:43:05 -03:00
Douglas Palmer
271e749c82
ResetPasswordTest.resetPasswordExpiredCode Error -> AbstractKeycloakTest.deleteAllCookiesForRealm:297
...
Closes #33940
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-22 09:09:16 +02:00
rmartinc
2004467749
Check alias is unique for authenticator config when it is created
...
Closes #31727
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-21 15:25:32 +02:00
Simon Levermann
dcf1d83199
Enable enforcement of a minimum ACR at the client level ( #16884 ) ( #33205 )
...
closes #16884
Signed-off-by: Simon Levermann <github@simon.slevermann.de>
2024-10-21 13:54:02 +02:00
Douglas Palmer
2dd754533d
Flaky Test ResetPasswordTest.resetPasswordLoggedUser:188->openResetPasswordUrlAndDoFlow:252
...
Closes #34023
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-21 08:36:49 +02:00
Igor Petrov
8e872818c5
feat: eliminate client secret requirement
...
This commit eliminates neccessity for providing client secret when
constructing client via Admin Client API. The requirement for client
secret became obsolete when Keycloak onboarded a X509 certificate
authorizer.
closes #33755
Signed-off-by: Igor Petrov <igor.petrov-ext@camunda.com>
2024-10-18 16:35:15 +02:00
Pedro Igor
3a9bab35b6
Fixing action token lifespan information in the invitation email
...
Closes #34049
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-18 09:10:14 +02:00
Pedro Igor
d1dba15964
Do not show domain match message in the identity-first login when no login hint is provided
...
Closes #34069
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-18 09:05:27 +02:00
Pedro Igor
ee38d551ce
Respect the locale set to a user when redering verify email pages
...
Closes #34063
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-18 09:04:38 +02:00
Stefan Guilhen
7d8ff710c2
Invalidate user session when associated IdP is missing (previously removed)
...
Closes #31724
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-17 16:30:51 -03:00
Pascal Knüppel
41ee68611f
Allow to create EC certificates if new EC-key-provider is created ( #31843 )
...
Closes #31842
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-10-17 16:05:59 +02:00
Thomas Darimont
6a4ec24015
Users have to authenticate first before account-console is loaded
...
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
Thomas Darimont
c400eff9b0
Account console backend should redirect to login on missing auth ( #31469 )
...
Adapted the login redirect logic from the old account console.
Fixes #31469
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-10-17 07:53:20 -03:00
rmartinc
13655007a6
Remove online session for offline access in direct access grants and client credentials
...
Closes #32650
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-17 10:49:05 +02:00
Martin Kanis
a8a5c96510
Fix unstable testPostBrokerLoginFlowWithOTP_bruteForceEnabled test
...
Closes #33549
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-15 15:36:05 -03:00
Martin Kanis
8fb5ecaa6c
Auth not possible for auth session where user was enabled in the meantime
...
Closes #33883
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-15 14:28:36 -03:00
Jon Koops
228c21a7a0
Allow Keycloak JS to be initialized without passing options ( #33950 )
...
Closes #8935
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-15 17:46:15 +02:00
Pedro Igor
b76f4f9c1b
Avoid iterating over user policies when removing users
...
Closes #19358
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-15 15:01:40 +02:00
Martin Kanis
0ebf862b63
LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and user already exists
...
Closes #32266
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-11 09:16:17 -03:00
rmartinc
7e5734fd48
Fix incorrect filter in docker protocol
...
Closes #33776
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-11 08:58:18 +02:00
Pedro Igor
9a3d81c23e
Only process organization selection when the user is identified
...
Closes #33699
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-10 16:24:25 +02:00
rmartinc
a74e60f4d7
Check email with ignorecase when setting basic attributes in IdP
...
Closes #31848
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-10 09:55:58 +02:00
Jon Koops
3930356c21
Treat unencrypted local origins as an insecure context in Safari ( #33700 )
...
Closes #33557
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-09 23:38:03 +02:00
Douglas Palmer
a276b3bb3d
Flaky test: org.keycloak.testsuite.forms.BrowserButtonsTest#appInitiatedRegistrationWithBackButton
...
Closes #32676
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-10-09 08:00:57 +02:00
rmartinc
467e881725
Use clickLink in delete credential page
...
Closes #33505
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-08 12:22:53 +02:00