Commit graph

5844 commits

Author SHA1 Message Date
Thomas Darimont
43623ea9d0 KEYCLOAK-18499 Add max_age support to oauth2 brokered logins
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7 Fixed handling of required setting for email in user profile.
Resolves #13923
2022-08-31 17:19:19 -03:00
Martin Bartoš
677579fce6 Environment variables for admin creation in testsuite
Closes #14102
2022-08-31 07:29:55 -03:00
Nagy Vilmos
f6db484172
Keep the locale related authNotes through the IdentityBroker flow. (#10444)
Closes #8827
2022-08-31 09:37:26 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling
Closes #13189
2022-08-31 08:42:47 +02:00
Martin Bartoš
94de015440
Cannot build base testsuite due to missing dependency related to WF (#14079)
Fixes #14072
2022-08-30 18:52:05 +02:00
Stian Thorgersen
eece543ede
Remove AddUserTest as it was specific to the WildFly distribution (#14091)
Closes #14072
2022-08-30 16:57:44 +02:00
Manato Takai
1cdc21f0ff
Add duplicate parameter check for UserInfo endpoint. (#14024)
Closes #14016
2022-08-30 14:39:15 +02:00
Pedro Igor
917e8668cb Fixing error when activating webauthn profile
Related #14005
2022-08-30 13:55:02 +02:00
Alexander Schwartz
bb6b5abfa1 Remove Infinispan workarounds after upgrading to 13.x
Closes #13962
2022-08-30 07:32:19 -03:00
Martin Bartoš
090f7f89d5
Cannot execute Old Admin Console tests (#13887)
Fixes #14005
2022-08-29 13:41:22 +02:00
Alexander Schwartz
a364a05cfa Disable unstable scenario for testOfflineSessionLazyLoadingPropagationBetweenNodes
This only fails when CrossDC and preloadOfflineSessionsFromDatabase are enabled after the upgrade to Infinispan 13.x

Relates to #14020
2022-08-29 13:01:41 +02:00
Stian Thorgersen
cbfe9b9a3d
Introduce profile (enabled with -DincludeWildFly) to not include WildFly distribution in default builds (#13878)
* Introduce profile (enabled with -DincludeWildFly) to not include WildFly distribution in default builds

* Fix
2022-08-27 00:33:45 +02:00
Erik Jan de Wit
93f3d7bf42
Revert "Allow dependencies from keycloak-admin-ui (#13924)" (#13963)
This reverts commit 332a0dacee.
2022-08-26 10:04:13 +02:00
Joerg Matysiak
62790b8ce0 Allow permission configuration for username and email in user profile.
Enhanced Account API to respect access to these attributes.

Resolves #12599
2022-08-25 21:54:51 -03:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist (#12797)
Closes #12657

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-08-25 13:52:30 +02:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final (#13910)
Closes #12306
2022-08-25 13:09:34 +02:00
Christoph Leistert
5408d25e09
Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm. (#10660)
* Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm.

* Fixes #10656: Added some tests
2022-08-25 09:02:07 +02:00
Markus Till
7f999a4629
integration.admin-client: Add exact search for all dedicated user attributes (#13361)
Closes #13360
2022-08-25 08:57:31 +02:00
Arnaud Martin
af0d97e534 Delete broker links for federated users when an identity provider is deleted
Closes #13731
2022-08-25 08:24:09 +02:00
Pedro Igor
ddcf0f45f9 Run import within the context of the realm being imported
Closes #12289
2022-08-25 08:18:43 +02:00
Tero Saarni
74b2541d10
Fix invalid method reference when compiling with JDK17 (#13621)
Closes #13961
2022-08-25 08:11:15 +02:00
Pedro Igor
25be07be17 Allow introspecting tokens issued during token exchange with delegation semantics
Closes #9337
2022-08-24 09:47:04 -03:00
Tero Saarni
ea4b4b97b4
Bumped maven-war-plugin for JDK17 compatibility (#13619)
Closes #13960
2022-08-24 14:44:18 +02:00
Takashi Norimatsu
8c1ea4b47c mTLS binding support for password grant
Closes #13662
2022-08-24 11:44:48 +02:00
Alexander Schwartz
332a0dacee
Allow dependencies from keycloak-admin-ui (#13924)
This prevents exceptions due to missing classes like kotlin/jvm/internal/Intrinsics.

Closes #13918
2022-08-24 11:31:29 +02:00
Konstantinos Georgilakis
c5b9dc1e7b set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext)
Closes #13162
2022-08-23 17:33:07 +02:00
Konstantinos Georgilakis
baa89debd9 Correct isValidScope method of TokenManager for Dynamic scopes
Closes #13158
2022-08-23 16:30:04 +02:00
Lex Cao
6b1c64a1a9
Add rememberMe to a user session representation(#13408) (#13765)
Closes #13408
2022-08-23 15:28:52 +02:00
Konstantinos Georgilakis
2002fd983b Showing consent screen text instead of scope name in consent part of Application page in Account console
Closes #13109
2022-08-23 11:22:31 +02:00
rishabhsvats
c223291a1e Adds REGISTER event when new user login through first broker flow
Updates KcOidcBrokerEventTest, AbstractFirstBrokerLoginTest to factor in REGISTER event in first broker flow

Closes #11646

Correcting Indentation of AbstractFirstBrokerLoginTest
2022-08-23 10:43:56 +02:00
Stefan Guilhen
f84fdfa8ef
Fix UserSessionProviderTest failures with CockroachDB (#13891)
- move assertions to a separate tx due to CRDB's SERIALIZABLE isolation level

Closes #13211
2022-08-23 09:57:13 +02:00
Sebastian Schuster
53472e097c 13647 fixed wrong feature flag for checking admin fine-grained authz 2022-08-22 09:34:12 -03:00
Stefan Guilhen
5775e7c4ba
Fix ConcurrentTransactionsTest failure with CockroachDB (#13890)
- realm has to be removed in a separate tx due to CRDB's SERIALIZABLE isolation level

Closes #13211
2022-08-22 08:39:14 +02:00
Pedro Igor
eda33a0b21 Concurrency issue when caching JS policies
Closes #12204
2022-08-17 16:30:32 -03:00
Pedro Igor
15bbb46657 Avoid removing static path config from cache
Closes #9855
2022-08-17 16:29:59 -03:00
Martin Bartoš
5a2852530f Fix DB tests for Quarkus
Fixes #13642
2022-08-17 10:23:05 -03:00
Pedro Igor
841c65d24f Return 404 when invoking authorization endpoints in case authz settings are disabled
Closes #10151
2022-08-16 16:37:44 -03:00
nehachopra27
26de05fa44
Updating RestEasy for Jetty App Server (#13710)
Co-authored-by: nchopra <nchopra@redhat.com>
2022-08-16 11:20:24 +02:00
Michal Hajas
ab431e3bd9 Fix KeycloakQuarkusServerDeployableContainer to correctly configure map store
Closes #13721
2022-08-11 16:55:06 +02:00
Pedro Igor
e3af0610e2 Support running base testsuite on Windows
Closes #12648

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-08-10 20:03:53 -03:00
Markus Till
fa383bf76c
Suppress confirmation screen for logout in oidc (#13471)
Closes #13469
2022-08-10 18:25:50 +02:00
Michal Hajas
d55d110ff9 Run Infinispan using Testcontainers in base testsuite
Closes #13620
2022-08-10 16:36:44 +02:00
Martin Kanis
57f2f4654a Add limit for authSessions per rootAuthSession in map storage 2022-08-10 12:56:37 +02:00
Marcelo Daniel Silva Sales
e44cea587f
NullPointer during OIDC logout client disabled (#13424)
closes #12624
2022-08-08 12:34:09 +02:00
Michal Hajas
ec808d28bb Remove possibility to start embedded HotRod server in hotrod-map module
Closes #13247
2022-08-05 21:08:38 +02:00
Tero Saarni
2392af157b Forward quarkus server output to console in testsuite 2022-08-05 09:48:48 -03:00
Pedro Igor
333a4c900f Revert changes that block themes being loaded from custom providers
Closes #13401
2022-08-04 13:34:12 +02:00
Sebastian Knauer
21f700679f KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper 2022-08-03 13:07:12 +02:00
Martin Kanis
ff26698053 Stabilize testCreateUserSessionsParallel model test 2022-08-02 08:12:42 +02:00
nehachopra27
c7be78fade
Add admin-ui dependencies to integration-arquillian testsuite
Co-authored-by: nchopra <nchopra@redhat.com>

Fixes: #13465
2022-08-01 20:49:11 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup (#13406)
Closes #13128
2022-07-29 18:03:56 +02:00
Hynek Mlnarik
143e6bc932 Replace undertow-map with quarkus-map
Fixes: #12652
2022-07-27 14:08:38 +02:00
Stian Thorgersen
ae33af92d9
Promote new admin console to default (#13243)
Closes #13242
2022-07-27 10:13:49 +02:00
Pedro Hos
ee2c5391bd
Possible client enumeration in the authorization endpoint
Closes #12164
2022-07-26 09:10:06 +02:00
Michal Hajas
eb1f31e9dd Optimize user-client session relationship for HotRod storage
Closes #12818
2022-07-26 09:00:13 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282)
Closes #10135
2022-07-25 10:57:52 +02:00
Dominik Guhr
9bb1299d89 change optimised to optimized
also: fix kc.bat to not use autobuild in devmode anymore, fix containers.adoc to not use auto_build naming, fix build command cli help as it is not required anymore to run it beforehand.
2022-07-22 10:29:07 -03:00
Stian Thorgersen
a251d785db
Remove text based login flows (#13249)
* Remove text based login flows

Closes #8752

* Add display param back in case it's used by some custom authenticators
2022-07-22 15:15:25 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
2022-07-22 08:20:00 +02:00
Douglas Palmer
adeef6c2a0 Partial import feature does not import Identity Provider mappers in Keycloak #12861 2022-07-21 18:04:15 +02:00
Martin Kanis
c2bd01bca0 Add model tests for Hot Rod starting multiple nodes 2022-07-21 12:15:25 +02:00
Stefan Guilhen
e9c55f45e5 Enable action token JPA provider in map-storage-jpa profile
Closes #13139
2022-07-20 16:30:20 -03:00
Pedro Igor
3631a413d2 Allow token exchange when subjec_token is not associated with a session
Closes #12596
2022-07-20 15:42:26 -03:00
Martin Bartoš
1b9a3bf51a Cannot use WebAuthn with WildFly distribution
Fixes #12762
2022-07-20 09:59:44 -03:00
Martin Kanis
c8a6846ee0 Remove offline sessions when deleting a realm 2022-07-19 16:40:22 +02:00
Alexander Schwartz
f490638971 Fall back to standard Liquibase locking
As DBLockProvider is "none" for the Map storage providers, there is no locking provided by DB Lock
provider.

Liquibase's classic lock provider has issues that need to be tackled in a follow-up issue, see https://github.com/liquibase/liquibase/issues/1311

Closes #13130
2022-07-19 10:45:31 +02:00
Alexander Schwartz
43539cd3c0 Rework handling of Infinispan exceptions to stabilize the test
Closes #13164
2022-07-18 16:00:38 -03:00
Lex Cao
f0988a62b8
Use base64 url decoded for client secret when authenticating with Basic Auth (#12486)
Closes #11908
2022-07-16 09:38:41 +02:00
Pedro Igor
89028613d8 Introducing --optimise option
Closes #10737
2022-07-15 15:12:17 -03:00
Marcelo Daniel Silva Sales
f7a80409a9
Add flow to generate secret length based on signature algorithm (#13107)
Closes #9376
2022-07-15 11:06:07 +02:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241)
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
2022-07-14 12:07:02 -03:00
Alexander Schwartz
84ac2a2ba4
Update configuration to re-enable starting KeycloakServer for map storage (#13079) 2022-07-13 15:31:34 -03:00
Alexander Schwartz
b8d5e01cf3
Avoid using old legacy-store API in the test suite (#13077) 2022-07-13 09:58:01 -03:00
Michal Hajas
34d8629477
Convert ClientSessionIdleTimeout from seconds to milliseconds before … (#13048) 2022-07-13 07:29:52 -03:00
kz-masa
d26cff270f
Delete unnecessary import statements (#12935) (#12936) 2022-07-12 19:37:15 -03:00
Martin Bartoš
216922233a
Remote base tests don't work with WildFly (#12842)
Fixes #12841
2022-07-12 15:14:09 +02:00
Martin Kanis
4b43612806 Disable WARN logging for Hot Rod RemoteQuery class 2022-07-11 16:48:56 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Martin Bartoš
07ab29378b Make WebAuthn required actions enabled by default
Closes #12723
2022-07-11 15:32:40 +02:00
Michal Hajas
0f86427dd0 Make user->client sessions relationship consistent
Closes #12817
2022-07-11 08:42:28 -03:00
Martin Bartoš
17f1d04960
Possibility to execute DB migration tests for Quarkus distribution (#12688)
Closes #12685
2022-07-11 12:23:41 +02:00
fwojnar
7fccdb10d8
Fixing ClientPoliciesTest failure (#12670)
Closes #10633

Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2022-07-11 12:22:25 +02:00
Takashi Norimatsu
29aad9dc45 PAR logic affecting /auth endpoint
Closes #9289
2022-07-11 11:56:37 +02:00
Alexander Schwartz
29a501552e Disable the JpaUserFederatedStorageProvider when map storage is enabled
Closes #12895
2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f Move methods from UserStorageUtil to LegacyRealmModel
It is better suited to take methods removed from RealmModel earlier.

Closes #12805
2022-07-07 09:57:17 -03:00
Stefan Guilhen
5801ed27a0 Enable JPA store for ActionTokenStoreSpi in model tests
Closes #12902
2022-07-06 12:08:49 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation (#12871) 2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider (#12897)
Split PublicKeyStorageProvider

- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates

Resolves #12763

Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-07-05 09:57:51 -03:00
Stefan Guilhen
007fa1f374 Single Use Objects Map JPA implementation
Closes #9852
2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292 Move session persistence package to legacy-private module
Also, disabling the jpa session persister when map storage is enabled.

Closes #12712
2022-07-04 10:05:26 -03:00
Konstantinos Georgilakis
32f8f30f36 Include 'urn:ietf:params:oauth:grant-type:token-exchange' in grant_types_supported field of Keycloak OP metadata, if token-exchange is enabled
closes #10888
2022-06-30 17:13:47 -03:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType
This reverts commit 3b5a578934.
2022-06-30 12:20:51 -03:00
Alexander Schwartz
ddeab744d0 Moving RoleStorageProviderModel to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants
Closes #12485
2022-06-29 13:35:11 +02:00
Lex Cao
c3c8b9f0c8
Add client_secret to response when token_endpoint_auth_method is not private_key_jwt (#12609)
Closes #12565
2022-06-29 10:19:18 +02:00
Clara Fang
4643fd09e3 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
This should reduce GC pressure.

Closes #12644
2022-06-29 08:53:09 +02:00
Konstantinos Georgilakis
ccc0449314 json device code flow error responses
closes #11438
2022-06-29 07:23:02 +02:00
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration (#12692)
Closes #12625
2022-06-29 07:17:09 +02:00
vramik
6335090092 Use JpaMapStorageProviderFactory for authorization services in model tests
Closes #12743
2022-06-28 15:01:49 +02:00
danielFesenmeyer
b6d8c27cac OIDC logout: In "legacy mode", support post_logout_redirect_uri param without requiring id_token_hint param
Closes #12680
2022-06-28 14:36:03 +02:00
leandrobortoli
c5d5659100 Fixed bug on client credentials grant when encryption key not found
Closes #12348
2022-06-27 13:00:21 +02:00
Lex Cao
f8a7c8e160
Validate name of client scope (#12571)
Closes #12553
2022-06-27 12:26:18 +02:00
Pedro Igor
3d2c3fbc6a Support JSON objects when evaluating claims in regex policy
Closes #11514
2022-06-23 14:04:09 -03:00
Pedro Igor
d3a40e8620 Use backend baseURL for UMA-related backend endpoints
Closes #12549
2022-06-23 10:35:26 -03:00
Takashi Norimatsu
a10eef882f DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent
Closes #12455
2022-06-22 13:01:35 +02:00
Takashi Norimatsu
d396ee7d30 CIBA flow : no error on invalid scope
Closes #12589
2022-06-22 12:55:55 +02:00
rmartinc
711440e513 [#11036] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL 2022-06-21 10:52:25 -03:00
Stefan Guilhen
7d96f3ad5a Events Map JPA implementation
Closes #9667
2022-06-21 13:53:48 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
26198e4b0b Disable tests irrelevant for map storage 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
1a227212de Simplify implementation of a federated storage by moving the default implementation to the abstract base class; this will also allow the quickstarts and implementations derived from that to run without changes. 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc Added LegacySessionSupport SPI
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad Move realms, clients, groups, roles, clientscopes into legacy module
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
  of direct creating of area providers by the session
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Alexander Schwartz
850af55edc Ensure that only JDK 8 APIs are used where JDK 8 is still required.
Closes #10842
2022-06-20 14:44:33 -03:00
Michal Hajas
781183e551 Enable indexing for ResourceServerEntity
Closes #12533
2022-06-20 10:17:19 +02:00
Martin Bartoš
d8112d7b7e
DB migration tests execution for Quarkus (#12525)
Closes #12524
2022-06-20 10:12:37 +02:00
Alexander Schwartz
71e7982a49 Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest
Also adding try/finally in other places in the integration tests where it was missing.

Closes #12530
2022-06-16 13:42:55 +02:00
nehachopra27
39cff0750c
[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh (#12386)
Co-authored-by: nchopra <nchopra@redhat.com>

Resolves #12385
2022-06-15 11:29:11 -03:00
vramik
1b3a76d0af Do not persist client sessions of transient user sessions
Closes #12357
2022-06-15 10:54:23 +02:00
Martin Bartoš
0fef4305b6 Logout confirm page is failing to log the user out on auth-server-wildfly
Fixes #11753
2022-06-14 10:46:02 +02:00
mposolda
3aefb59d40 Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user
Closes #12458
2022-06-14 10:44:31 +02:00
Alexander Schwartz
c2043da78e When asserting a URL, allow for some time for any redirect to complete.
Closes #12446
2022-06-14 07:30:31 +02:00
Christoph Leistert
442eff0169
Closes #11851: Apply localization text from realm default locale when it is not defined for the requested language. (#11852) 2022-06-10 14:36:11 -04:00
Martin Bartoš
2cf089424a
ClientClientScopesTest failures in the test pipeline (#12440)
Resolves #12439
2022-06-10 09:13:25 -03:00
Alexander Schwartz
361a813d81 Keep a list of model instances in the JPA map session.
This allows removing them from the persistence context on bulk delete.

Closes #12384
2022-06-09 12:39:04 -03:00
Joerg Matysiak
3c19ad627f Repsect permissions configured to firstName and lastName when configured in user profile
Resolves #12109
2022-06-09 10:10:15 -03:00
Pedro Igor
8aecba1795 Fixing how realm frontendurl is cached when resolving the hostname
Closes #11894
2022-06-08 16:41:25 -03:00
Alexander Schwartz
9272c7a5ec Allow for the backend to return granted scopes in any order.
Closes #12395
2022-06-08 08:39:14 -03:00
mposolda
5d2bf6ea33 Cannot find ScriptEngine for JDK8 and Wildfly
Closes #12247
2022-06-08 11:11:36 +02:00
Pedro Igor
243e63c9f3 Do not set empty permissions to username and email attributes
Closes #11647
2022-06-07 10:59:35 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API (#11199) 2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration (#12244)
Closes #12243
2022-06-07 09:02:00 +02:00
Martin Kanis
df72cf72f2 Hot Rod map storage: Single-use (action token) no-downtime store 2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
Takashi Norimatsu
3889eeda30 Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API
Closes #12295
2022-06-06 11:30:48 +02:00
Michal Hajas
09c0a69a8f Add HotRod no downtime store for events
Closes #9676
2022-06-02 13:30:19 +02:00
Alexander Schwartz
6c3d25fd8f Limit the number of clientSessionIds in the test
Before it was 1500 client sessions, now its only 150 client sessions. This should help to keep the test within its time constraint of 60 + 30 seconds.

Closes #12264
2022-05-31 17:10:49 +02:00
mposolda
f90fbb9c71 Changing locale on logout confirmation did not work
Closes #11951
2022-05-31 16:03:58 +02:00
Takashi Norimatsu
d083b6c484 ciba http auth channel sends client_id and client_secret via delegation request
Closes #10993
2022-05-31 08:22:50 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store
Closes #9669
2022-05-30 21:05:34 +02:00
Pedro Igor
ea22989d89 Fixing ClientTokenExchangeTest to also run when TLS is disabled
Closes #11818
2022-05-30 11:23:46 -03:00
Pedro Hos
e121371401 /clients-registrations API doesn't return secret anymore and is not coherent #11116
/clients-registrations API doesn't return secret anymore and is not coherent

fixing merge

/clients-registrations API doesn't return secret anymore and is not coherent

fixing test that was failing

Replace tabs with regular spaces

fixing identation

/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116

fixing test that was failing
2022-05-30 15:18:56 +02:00
mposolda
4222de8f41 OIDC RP-Initiated Logout POST method support
Closes #11958
2022-05-30 14:10:58 +02:00
Michal Hajas
1a98765fb7 Fix cascade removal of client session on user session removal for CHM
Closes #12146
2022-05-30 09:58:54 +02:00
Marek Posolda
cf386efa40
Support for client_id parameter in OIDC RP-Initiated logout endpoint (#12202)
Closes #12002


Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2022-05-27 14:12:37 +02:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 (#11322)
Closes #9945
2022-05-27 12:28:50 +02:00
Luca Leonardo Scorcia
27650ab816 Fix #10982 SAML Client - Introduce SAML Issuer validation 2022-05-27 10:58:10 +02:00
Martin Bartoš
d8cded994f
WebAuthn test failures in admin console (#12161)
Resolves #12160
2022-05-26 12:55:22 -03:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store
Closes #11947
2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
vramik
2cbc167435 JPA map storage: model tests fails with NPE
Closes #12165
2022-05-25 09:28:08 +02:00
Martin Bartoš
86f31e8df5 Fix BlacklistPasswordPolicyDefaultPath Failures on Windows
Fixes #11967
2022-05-24 17:26:19 -03:00
Martin Bartoš
bb3b88963b
New Account console tests failures (#12050)
* New Account console tests failures, Fix additional tests, solve issue with headless browsers

Fixes #11323
2022-05-24 09:36:08 +02:00
vramik
24171d2e47 Rename providers from jpa-map-storage to jpa
Closes #12098
2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled
Closes #12118
2022-05-23 13:01:30 +02:00
vramik
f8ca25d4a4 Add a profiles testsuite for jpa-map storage
Closes #12045
2022-05-20 09:17:33 +02:00
Stian Thorgersen
075e284455
Remove legacy (non-Elytron) WildFly adapter (#11789)
Closes #11683
2022-05-18 10:34:47 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation
Closes #11189
2022-05-17 12:57:35 +02:00
Michal Hajas
b86f205cda Make KeycloakServer runnable with external Infinispan server
Closes #12011
Closes #12014
2022-05-16 21:50:35 +02:00
Takashi Norimatsu
9541852a9b ID token encryption without specifying id_token_encrypted_response_enc does not follow OIDC Dynamic Client Registration specification
Closes #11392
2022-05-16 09:05:22 +02:00
Takashi Norimatsu
7fa24d247a Deprecated org.keycloak.jose.jws.Algorithm is used in OIDCAdvancedConfigWrapper
Closes #11394
2022-05-16 08:56:57 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one
Fixes first part of: #11173

* Merge single-use token providers into one

* Remove PushedAuthzRequestStoreProvider

* Remove OAuth2DeviceTokenStoreProvider

* Delete SamlArtifactSessionMappingStoreProvider

* SingleUseTokenStoreProvider cleanup

* Addressing Michal's comments

* Add contains method

* Add revoked suffix

* Rename to SingleUseObjectProvider
2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities
Closes #11817
2022-05-11 07:20:01 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing (#7943)
Closes #11875
2022-05-09 18:52:22 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services
Closes #9679
2022-05-06 15:31:38 +02:00
Michal Hajas
fc974fc019 Update composite roles on child role removal
Closes #11769
2022-05-05 15:18:18 +02:00
Stian Thorgersen
491b3262de
Remove Jetty 9.2 and 9.3 adapters (#11792)
Closes #11791
2022-05-04 15:24:46 +02:00
azilentech
f7f24c6ca3 Updated test scenarios 2022-05-03 10:59:31 -03:00
vramik
0d83b51b20 Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field
Co-authored-by Michal Hajas <mhajas@redhat.com>

Closes #10883
2022-05-03 12:56:27 +02:00
Hynek Mlnarik
1b1cf266eb Add support for async profiler to model testsuite
Fixes: #11743
2022-05-03 12:53:10 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups
Closes: 11771

see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
Stian Thorgersen
52ca546cfa
Remove Fuse adapters (#11740)
Closes #11677
2022-05-02 09:55:52 +02:00
Alexander Schwartz
e2cf6ae92b Disable caching for map storage.
Also aligns the properties with the integration test suite to avoid confusion.

Closes #11748
2022-04-29 12:03:18 +02:00
Stian Thorgersen
b65d76edab
Remove EAP6 and AS7 adapters (#11605)
Closes #11604
2022-04-28 11:20:44 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed
Closes #11076
2022-04-28 11:09:17 +02:00
Alexander Schwartz
29233f33c8 Clear import/export properties at the end of the test
This avoids the pollution of system properties that might lead to failures following tests.

Closes #11670
2022-04-28 11:02:16 +02:00
Douglas Palmer
fdcbc9b27b
Automated test for session-limits authenticator with identity brokering (post-broker login flow) (#11723)
Closes #11004
2022-04-28 10:29:41 +02:00
Stian Thorgersen
e3f3e65ac5
Remove JDK7 support for adapters (#11607)
Closes #11606
2022-04-27 08:33:23 +02:00
vramik
5248815091 Disable infinispan realm and user cache for map storage tests
Closes #11213
2022-04-25 09:38:49 +02:00
Martin Bartoš
53ea60b8d5
Remove support for IE (#11271)
Closes #11268
2022-04-22 10:38:41 +02:00
Pedro Igor
76d83f46fa
Avoid clients exchanging tokens using tokens issued to other clients (#11542) 2022-04-20 19:14:55 +02:00
Stian Thorgersen
ac79fd0c23
Disallow special characters in usernames to prevent confusion with similarly looking usernames (#11531)
Closes #11532

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
2022-04-20 15:53:15 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117)
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-04-20 14:25:16 +02:00
Martin Bartoš
3aa3db16ea
Fix error response for invalid characters (#11533)
Fixes #11530
2022-04-20 11:26:08 +02:00
Pedro Igor
f1fd7af758
Remove policies when user is deleted (#11385)
Closes #11284
2022-04-20 09:23:46 +02:00
Stian Thorgersen
b79f01c72d
Upgrade to WildFly 26.1.0.Final (#11094)
Closes #10999
2022-04-20 08:38:10 +02:00
Martin Bartoš
e09f618cef
Ignore WebAuthnIdLessTest for Firefox (#11299)
Closes #11297
2022-04-19 14:45:24 +02:00
Martin Bartoš
2632fa7779
WebAuthnSigningInTest failures caused by different titles (#11305)
Fixes #11298
2022-04-19 14:44:51 +02:00