keycloak-scim

Author	SHA1	Message	Date
mposolda	0bd2b342d7	Update per review	2023-10-31 12:56:46 -07:00
mposolda	6f992915d7	Move some UserProfile and Validation classes into keycloak-server-spi closes #24387	2023-10-31 12:56:46 -07:00
Justin Tay	3ff0476cc3	Allow customization of aud claim with JWT Authentication Closes #21445	2023-10-31 11:33:47 -07:00
rmartinc	1b630326b2	Fixes in LDAP tests when using AD Closing https://github.com/keycloak/keycloak/issues/24357	2023-10-31 13:34:37 +01:00
rmartinc	7deb4ca545	Group count and PartialExport permission fixes Closes https://github.com/keycloak/keycloak/issues/12171	2023-10-31 01:40:21 -07:00
rmartinc	6484a3e705	Add userProfileEnabled attribute to realm response if admin can view users closes https://github.com/keycloak/keycloak/issues/19093	2023-10-30 07:39:03 -07:00
rmartinc	ea398c21da	Add a property to the User Profile Email Validator for max length of the local part Closes https://github.com/keycloak/keycloak/issues/24273	2023-10-27 15:09:42 +02:00
Alice	69497382d8	Group scalability upgrades (#22700 ) closes #22372 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-26 16:50:45 +02:00
Thomas Darimont	d56baa80b3	Add support for passing acr_values in auth requests in keycloak.js (#9383 ) (#24259 ) Fixes #9383	2023-10-25 15:33:39 +02:00
Hynek Mlnarik	c036980c37	Add TRANSIENT_USERS feature flag	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	d59ceb17e9	Add tests for offline access, introspection and userinfo endpoint	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	d70735f64d	Tests Part-of: Add support for not importing brokered user into Keycloak database Closes: #11334	2023-10-25 12:02:35 +02:00
ggraziano	84112f57b5	Verification of iss at refresh token request Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method. Closes #22191	2023-10-24 23:42:11 +02:00
Marek Posolda	1bd6aca629	Remove RegistrationProfile class and handle migration (#24215 ) closes #24182 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-10-24 20:19:33 +02:00
Martin Kanis	10a2c96c72	Users in role Rest API returns empty when User federation used (#23318 ) * Users in role Rest API returns empty when User federation used Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com> Co-authored-by: Martin Kanis <mkanis@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-24 11:10:20 -04:00
rmartinc	ad01ed1497	Do not reset the user profile configuration on disable Closes https://github.com/keycloak/keycloak/issues/23527	2023-10-24 03:05:34 -07:00
Thomas Darimont	e567210ed1	Add dedicated feature flag for oauth device grant flow (#23892 ) Closes #23891	2023-10-24 10:09:26 +02:00
vramik	a0f04fa2be	Declarative User Profile export Closes #12062 Resolves #20885	2023-10-21 19:21:20 +02:00
Pedro Igor	e47389f199	Username now shown when creating a user and edit username is not allowed Closes #24183	2023-10-20 10:22:31 -07:00
Pedro Igor	d4a5391013	Making sure public clients can RPT tokens Closes #14165	2023-10-20 17:53:10 +02:00
Pedro Igor	55a5a8c0eb	Ignore custom attributes when processing attributes in verify profile action Closes #24077	2023-10-20 17:51:40 +02:00
mposolda	c18e8ff535	User profile tweaks in registration forms closes #24024	2023-10-20 06:31:21 -07:00
kaustubh-rh	1ac2c0997d	Inconsistent handling of parenthesis in auth flow name (#24113 ) closes #16379	2023-10-20 10:00:46 +02:00
mposolda	04777299b0	After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly closes #23880	2023-10-19 19:23:50 +02:00
Vlasta Ramik	f6d582c761	Import migration step for kc22 Closes #24031 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-10-19 09:00:49 +02:00
rmartinc	d10ccc7245	Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions Closes: https://github.com/keycloak/keycloak/issues/21797 Closes: https://github.com/keycloak/keycloak/issues/21818	2023-10-19 08:31:49 +02:00
Pedro Igor	e91a0afca2	The username in account is required and don't change when email as username is enabled Closes #23976	2023-10-17 16:43:44 -03:00
wojnarfilip	b5ec155b64	Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin Closes #23960	2023-10-17 16:59:09 +02:00
shigeyuki kabano	6112b25648	Enhancing Light Weight Token(#22148 ) Closes #21183	2023-10-17 13:12:36 +02:00
Alexander Schwartz	50916d58b1	Clean up created test user to avoid conflict with other tests Closes #23804	2023-10-16 19:10:52 +02:00
wojnarfilip	f9386bd62b	Update login flow in OCP social login	2023-10-16 10:45:38 -03:00
Pedro Igor	9c19a8972b	Removing the default cache metadata Closes #23910	2023-10-13 16:32:55 +02:00
Moritz Becker	e9f08b6500	Do not return empty scope field in token introspection response Closes #16526	2023-10-13 08:36:12 +02:00
Steven Hawkins	478ceb0b34	modification of kc.sh to remove param eval (#22585 ) * test * modification of kc.sh to remove eval of env/args Closes #22337 --------- Co-authored-by: rmartinc <rmartinc@redhat.com>	2023-10-12 17:10:53 +02:00
Vojtěch Boček	8871983b33	Add support for single-tenant mode to Microsoft Identity Provider (#20699 ) * Add support for single-tenant mode to Microsoft Identity Provider Fixes #20695 Closes #11207 * Add SocialLoginTest for Microsoft single-tenant variant	2023-10-10 16:35:36 -04:00
Marek Posolda	a6609bd969	Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517 ) Closes #12406 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-10 21:54:37 +02:00
Pedro Igor	7385ed56c7	Avoid creating the component when there is no component and configuration is not provided Closes #20970 Co-authored-by: Pedro Igor <psilva@redhat.com>	2023-10-10 13:28:48 +02:00
Tero Saarni	22d093f5c0	Fix multi-valued LDAP attribute support FullName LDAP storage mapper was delegating to single-valued setter even when multi-valued setter was called. Closes #22091 Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2023-10-06 14:36:02 +00:00
mposolda	cdb61215c9	UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed closes #23749	2023-10-06 11:27:48 -03:00
Pedro Igor	290bee0787	Resolve several usability issues around User Profile (#23537 ) Closes #23507, #23584, #23740, #23774 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-06 10:15:39 -03:00
rmartinc	890600c33c	Remove backward compatibility for ECDSA tokens Closes https://github.com/keycloak/keycloak/issues/23734	2023-10-06 14:24:48 +02:00
Martin Kanis	0853d484ec	Remove transaction in InfinispanSingleUseObjectProvider#remove (#23708 ) Co-authored-by: mposolda <mposolda@gmail.com>	2023-10-06 10:00:04 +02:00
Garth	2dfbbff343	added AccountResource SPI, Provider and ProviderFactory. (#22317 ) Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.	2023-10-05 15:08:01 +02:00
vramik	7f2f4aae67	Upgrade liquibase version to avoid a bug where a changeset is executed twice Closes #23220	2023-10-05 13:35:05 +02:00
Tomas Ondrusko	58131f1dcc	Update the Instagram login process Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-10-05 09:33:05 +02:00
Steven Hawkins	9a93b9a273	allows csv output to handle missing requested fields (#23459 ) * allows csv output to handle missing requested fields Closes #12330 * fixes the handling of the content type also makes it more explicit the expectation of applying csv and return fields * fix: consolidating the logic dealing with the content-type Closes #23580	2023-10-04 15:49:19 +02:00
Dmitry Telegin	085d0d73c9	Fix nonce/scope typo	2023-10-02 22:36:51 +02:00
Tomas Ondrusko	fcb91a83ba	Ignore query parameters while testing the LinkedIn profile picture URL (#23557 ) Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-10-02 14:36:17 +02:00
Tomas Ondrusko	3d42573813	Update PayPal social login flow to use 127.0.0.1 instead of localhost (#23532 ) Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-09-28 09:34:45 +00:00
fwojnar	56082cdd2d	Fixes issue in login flow of SocialLoginTest#twitterLogin (#23122 ) Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2023-09-28 10:21:59 +02:00
Lucas Hedding	de5aa2e74d	Add createTimestamp to REST service (#23293 ) Closes #14009	2023-09-27 13:38:16 +02:00
rmartinc	10c1e3ba6d	Client roles should be mapped to any claim name Closes https://github.com/keycloak/keycloak/issues/22349	2023-09-27 08:11:22 -03:00
rmartinc	d90640b5a3	Change email checkserveridentity prop as angus mail sets it to true by default Closes https://github.com/keycloak/keycloak/issues/22395	2023-09-26 09:11:16 +02:00
Maria Arias de Reyna	c15753266f	fix(Closes #21236 ): Adding client-id to logout event	2023-09-25 13:20:26 +02:00
Pedro Igor	741f76887c	Allow updating email when email as username is set and edit username disabed #23438	2023-09-25 08:19:01 -03:00
Michal Hajas	496c5ad989	Use new findGroupByPath implementation and remove the old one Closes #23344 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-09-25 10:44:24 +02:00
Jon Koops	47d9ae71c4	Revert the new welcome screen experience (#23446 ) This reverts commit `bcab75a7ef`.	2023-09-21 16:03:00 +00:00
Justin Tay	7d3104ee76	Allow public clients to use PAR endpoint Closes #8939	2023-09-21 13:57:42 +02:00
rmartinc	7afd90982d	Align wildfly-core and wildfly version for tests Closes https://github.com/keycloak/keycloak/issues/23342	2023-09-21 10:53:57 +02:00
Bernd Bohmann	bb2f59df87	Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430 ) Closes #14820 --------- Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-09-20 17:20:43 +02:00
Jon Koops	e86bf1f0b2	Remove `P3P` header from authentication flow Closes #23348	2023-09-19 08:50:33 -03:00
rmartinc	743bb696d9	Allow duplicated keys in advanced claim mappers Closes https://github.com/keycloak/keycloak/issues/22638	2023-09-19 07:49:34 -03:00
wojnarfilip	5603ee7b46	Fixes login flow in Microsoft social login test Closes #22657	2023-09-18 14:21:41 +02:00
Pedro Igor	217a09ce46	Switch to Resteasy Reactive Closes #10713	2023-09-18 09:19:03 -03:00
paul	f684a70048	KEYCLOAK-15985 Add Brute Force Detection Lockout Event	2023-09-15 10:32:07 -03:00
Jon Koops	bcab75a7ef	Add new version of Welcome theme based on PatternFly 5 (#23008 )	2023-09-14 08:24:17 -04:00
Andreas Blaettlinger	86c0e338d9	Toggle visibility of password input fields in login-ftl-based pages Closes #22067	2023-09-14 08:04:35 -03:00
Pedro Igor	1442f14c45	Registration page not showing username when edit username is not enabled Closes #23185	2023-09-14 07:32:39 -03:00
Justin Tay	658c0ef19f	Send Client ID in token request with JWT Authentication Closes #21444	2023-09-14 10:57:32 +02:00
Pedro Igor	5958c7948d	Ignore attributes when they are not prefixed with user.attributes prefix (#23184 ) Co-authored-by: mposolda <mposolda@gmail.com> Co-authored-by: stianst <stianst@gmail.com>	2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer	a68ad55a37	Support to define compatible mappers for (new) Identity Providers - Also allows to use existing mappers for custom Identity Providers without having to change those mappers Closes #21154	2023-09-13 17:19:06 -03:00
Jacek Kowalski	f5182deb30	Fix valid redirect URIs for built-in account-console client on realm rename (#20894 ) Closes #9541 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-09-13 15:28:07 +02:00
Konstantinos Georgilakis	0044472f87	Add regex support in 'Condition - User attribute' execution Closes #265	2023-09-13 08:36:45 +02:00
rmartinc	48ab2b1688	FullNameLDAPStoreMapper removes values for other attributes Closes https://github.com/keycloak/keycloak/issues/22526	2023-09-13 08:11:32 +02:00
vramik	d34a371971	Enable ZeroDowntimeTest Closes #21825	2023-09-11 19:09:30 +02:00
Pedro Igor	04dd9afc5e	Do not store empty attributes when updating user profile Closes #22960	2023-09-11 07:47:31 -03:00
rmartinc	7da52a43bd	Add old LinkedIn provider to the deprecated profile Closes https://github.com/keycloak/keycloak/issues/23067	2023-09-08 10:05:17 +02:00
Marek Posolda	506e2537ac	Registration flow fixed (#23064 ) Closes #21514 Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-09-08 08:05:05 +02:00
Pedro Igor	bc31fde4c0	Broker claim mapper not recognizing claims from user info endpoint Closes #12137	2023-09-07 16:34:45 +02:00
Kaustubh B	5ee2ba9372	Added tests	2023-09-07 08:43:35 +02:00
rmartinc	8887be7887	Add a new identity provider for LinkedIn based on OIDC Closes https://github.com/keycloak/keycloak/issues/22383	2023-09-06 16:13:31 +02:00
Pedro Igor	13e5a02b9f	Role mappers must return a single value when they are not multivalued Closes #20218	2023-08-31 19:16:12 +02:00
mposolda	57e51e9dd4	Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation closes #20045	2023-08-30 13:24:48 +02:00
vramik	4cd34f8423	Update logging properties for showing SQL statements and JDBC parameters Closes #22815	2023-08-30 12:52:08 +02:00
Marek Posolda	6f989fc132	Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531 ) closes #22352 #9422	2023-08-29 11:21:01 +00:00
Pedro Igor	ea3225a6e1	Decoupling legacy and dynamic user profiles and exposing metadata from admin api Closes #22532 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2023-08-29 08:14:47 -03:00
Pedro Igor	b779df6a55	Parsing response from user info rather than the access token Closes #22581	2023-08-29 12:23:56 +02:00
Tomas Ondrusko	e70ffd0105	Handle GitHub logout properly (#22463 ) Add profile info update to GitHub login test cases Closes #22461 Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-08-28 10:06:12 +02:00
t0xicCode	822c13ff6f	Switch Trusted Host policy redirect verification to URI Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI. The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used. In contrast, the URI class simply parses the string, ensuring the format is valid. The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs. See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation. Closes #22309	2023-08-14 10:20:23 +02:00
Pedro Igor	baac060eb1	Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts Closes #21751	2023-08-11 13:32:16 +02:00
Erik Jan de Wit	874d2063b8	only add realm access to the current realm (#21554 ) fixes: #21553	2023-08-10 12:43:15 +02:00
wojnarfilip	6c070d587f	Closes #22282	2023-08-10 12:05:20 +02:00
Takashi Norimatsu	258711ef4f	DPoP verification in UserInfo endpoint closes #22215	2023-08-07 10:49:33 +02:00
Takashi Norimatsu	9d0960d405	Using DPoP token type in the access-token and as token_type in introspection response closes #21919	2023-08-07 10:40:18 +02:00
Marek Posolda	4dc929abb3	Missing client_id validation match when authenticating client with JW… (#22178 ) Closes #22177	2023-08-03 11:47:55 +02:00
Takashi Norimatsu	ee998fee66	Add FAPI 2.0 security profile as default profile of client policies closes #21181	2023-08-03 09:26:16 +02:00
Ricardo Martin	a8bca522c1	Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627 ) Closes #9004 Co-authored-by: Armel Soro <armel@rm3l.org>	2023-08-02 09:36:50 +02:00
Thomas Darimont	82269f789a	Avoid using deprecated junit APIs in tests - Replaced usage of Assert.assertThat with static import - Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat Fixes: #22111	2023-08-01 11:44:25 +02:00
mposolda	6f6b5e8e84	Fix authenticatorConfig for javascript providers Closes #20005	2023-07-31 19:28:25 +02:00
Vlasta Ramik	29b67fc8df	Inconsistent Wildcard handling for JPA (#21671 ) * Inconsistent Wildcard handling for JPA Closes #20610 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-07-27 17:03:22 +02:00
rmartinc	0a7fcf43fd	Initial pagination in the admin REST API for identity providers Closes https://github.com/keycloak/keycloak/issues/21073	2023-07-27 14:48:02 +02:00
Takashi Norimatsu	9a921441cc	Adjustements to the behaviour of dpop_bound_access_tokens switch closes #21920	2023-07-27 11:30:01 +02:00
Takashi Norimatsu	6498b5baf3	DPoP: OIDC client registration support closes #21918	2023-07-26 13:00:35 +02:00
Ricardo Martin	ee35cfe478	Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages (#21897 ) * Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page Closes #10232	2023-07-26 11:34:19 +02:00
Marek Posolda	bb8ba1af5a	Fix script tests on windows (#21942 ) Closes #21778 #21779 #21780	2023-07-25 12:37:21 +00:00
Takashi Norimatsu	0ddef5dda8	DPoP support 1st phase (#21202 ) closes #21200 Co-authored-by: Dmitry Telegin <dmitryt@backbase.com> Co-authored-by: mposolda <mposolda@gmail.com>	2023-07-24 16:44:24 +02:00
Takashi Norimatsu	05b8b9ee51	Enhancing Pluggable Features of Token Manager closes #21182	2023-07-24 09:16:29 +02:00
Takashi Norimatsu	2efd79f982	FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification Closes #20584	2023-07-24 09:11:30 +02:00
rmartinc	7336ff07ac	Check RDN attribute for DN membership Closes https://github.com/keycloak/keycloak/issues/20718	2023-07-21 11:13:45 +02:00
todor	897965f604	KEYCLOAK-20343 Add message bundle to export/import Closes #20343	2023-07-20 23:00:28 +02:00
Alexander Schwartz	7c9593f88a	Upgrade Infinispan to 14.0.13.Final (#21565 ) Closes #21564	2023-07-20 16:59:19 +00:00
Václav Muzikář	776bcbcbd4	Update bcpkix and bcprov dependencies (#21543 ) Closes #21360	2023-07-20 11:57:18 +02:00
vramik	13d412989c	Disable ZeroDowntimeTest Closes #21823	2023-07-19 20:35:08 +02:00
Lukas Hanusovsky	086b85fad4	[20455] Arquillian reflection bug -> using different setter to avoid overloading. (#21806 )	2023-07-19 14:43:36 +02:00
rmartinc	ed1934d73a	Ensure that the flow tested to be deleted is a built in flow Closes https://github.com/keycloak/keycloak/issues/20763	2023-07-19 08:56:32 +02:00
mposolda	03716ed452	Keycloak forgets ui_locales parameter when using reset password closes #10981	2023-07-18 09:24:12 +02:00
rmartinc	630e3b2312	Revert emailVerified to false if email modified on force-sync non-trusted broker Closes https://github.com/keycloak/security/issues/48	2023-07-17 13:13:47 +02:00
Michal Hajas	07c27336aa	Check whether realm has store enabled for immediately sent events Closes #21698 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-07-14 20:50:33 +02:00
Pedro Igor	57423bca2b	Additional test for logout when using multiple tabs (#21518 ) Closes #21451	2023-07-11 11:22:20 +02:00
Pedro Igor	376d20c285	Remove user credentials from admin event representation (#21561 ) Closes #17470	2023-07-11 08:26:29 +02:00
rmartinc	13870f3a69	Improve error management in the github provider Closes https://github.com/keycloak/keycloak/issues/9429	2023-07-10 16:09:08 -03:00
Pedro Igor	94074f4a98	Remove unnecessary tests (#21551 ) Closes #21099	2023-07-10 13:36:21 +00:00
Daniele Martinoli	75741d17ab	Updated test case in RequiredActionResetPasswordTest	2023-07-10 08:31:47 -03:00
Patrick Jennings	399a23bd56	Find an appropriate key based on the given KID and JWA (#21160 ) * keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found. Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication. * Update js/apps/admin-ui/public/locales/en/clients.json Co-authored-by: Marek Posolda <mposolda@gmail.com> * Updating boolean variable name based on suggestions by Marek. * Adding integration test specifically for the JWT parameters for regression #20847. --------- Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-07-10 13:28:55 +02:00
Daniele Martinoli	7b8dcb42ea	Using "Account is disabled" message (and also added new test case)	2023-07-07 12:16:38 -03:00
Daniele Martinoli	2a95e2c245	updated failed login test case with new error message	2023-07-07 09:00:51 -03:00
Daniele Martinoli	44570d12ee	fixed error in IdentityProviderTest	2023-07-07 08:59:36 -03:00
Daniele Martinoli	83d88f6bb5	added Hardcoded Group mapper to IDP configuration	2023-07-07 08:59:36 -03:00
A. Tammy	497d08af1c	make cli usable on OpenBSD (#16462 ) Signed-off-by: Aisha Tammy <aisha@bsd.ac> Co-authored-by: Aisha Tammy <aisha@bsd.ac>	2023-07-07 08:58:41 +02:00
Peter Zaoral	2b1c29a6f2	Use Quarkus Platform BOM Closes #20570 Closes #15870 Co-authored-by: Peter Zaoral <pzaoral@redhat.com>	2023-07-06 12:45:48 -03:00
Martin Bartoš	a1a80433e3	Fix flaky OfflineServletsAdapterTest test (#21416 ) Fixes #20013	2023-07-04 10:57:20 +00:00
rmartinc	09e30b3c99	Support for JWE IDToken and UserInfo tokens in OIDC brokers Closes https://github.com/keycloak/keycloak/issues/21254	2023-07-03 21:25:46 -03:00
mposolda	ccbddb2258	Fix updating locale on info/error page after authenticationSession was already removed Closes #13922	2023-07-03 18:57:36 -03:00
Martin Bartoš	e3e123b577	JavascriptAdapterTest is broken due to the multiple initialization of JS adapter Fixes #21412	2023-07-03 16:44:22 -03:00
Daniele Martinoli	e2ac9487f7	Conditional login through identity provider (#20188 ) Closes #20191 Co-authored-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-06-29 18:44:15 +02:00
Marek Posolda	51a9712e59	Improper Client Certificate Validation for OAuth/OpenID clients (#20 ) Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2023-06-28 17:52:48 -03:00
Ricardo Martin	1973d0f0d4	Check the redirect URI is http(s) when used for a form Post (#22 ) Closes https://github.com/keycloak/security/issues/22 Co-authored-by: Stian Thorgersen <stianst@gmail.com> Signed-off-by: Peter Skopek <pskopek@redhat.com>	2023-06-28 17:52:48 -03:00
Pedro Igor	28aa1d730d	Verify holder of the device code (#21 ) Closes https://github.com/keycloak/security/issues/32 Co-authored-by: Stian Thorgersen <stianst@gmail.com> Conflicts: services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java	2023-06-28 15:45:26 +02:00
rmartinc	4bc11bdf7f	Do not return an error when moving a group to the current parent Closes https://github.com/keycloak/keycloak/issues/21242	2023-06-28 10:34:15 +02:00
rmartinc	a5a2753d11	Don't allow impersonate disabled users or service accounts Closes https://github.com/keycloak/keycloak/issues/21106	2023-06-28 10:18:21 +02:00
Hynek Mlnarik	c092c76ae8	Remove ldapsOnly (Java) In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`. Closes: #9313	2023-06-28 08:30:09 +02:00
Pedro Igor	d0691b0884	Support for the locale user attribute Closes #21163	2023-06-27 09:21:08 -03:00
Miquel Simon	46fa7d2e6c	Enable back a few tests that have been fixed to run on Firefox and Chrome.	2023-06-26 11:25:07 -03:00
Pavel Drozd	216bbe512f	Add tests and profiles for testing EAP6, SpringBoot and Fuse adapters	2023-06-26 11:24:02 -03:00
eatik	6d0636987e	keeping VIEW_USERS related tests in PermissionTest Closes #20783	2023-06-26 11:05:35 -03:00
eatik	7cfa012427	adding test code Closes #20783	2023-06-26 11:05:35 -03:00
Takashi Norimatsu	f6ecc3f3f8	FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request closes #20710	2023-06-26 12:09:25 +02:00
vramik	7fe7dfc529	ResourceType lost during clonning Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Closes #20947	2023-06-23 09:31:44 +02:00
Pedro Igor	aff6cc1cbd	Running mappers during account linking Closes #11195 Co-authored-by: mposolda <mposolda@gmail.com> Co-authored-by: toddkazakov	2023-06-22 17:41:31 +02:00
Pedro Igor	eb5edb3a9b	Support reading base32 encoded OTP secret Closes #9434 Closes #11561	2023-06-22 08:08:13 -03:00
mposolda	137f8d807a	Account Console II doesn't remove TOTP from UserStorage closes #19575	2023-06-22 07:56:44 +02:00
Pedro Igor	0dd7c4a515	Fixing auth-server-quarkus-embedded	2023-06-21 17:18:26 +02:00
danielFesenmeyer	60b838675d	Extend admin-client GroupsResource: Support the query functionality to be used in combination with the parameters first, max and briefRepresentation Closes #20016	2023-06-21 12:13:22 -03:00
Gilvan Filho	2493f11331	count users by custom user attribute closes #14747	2023-06-21 11:56:22 -03:00
mposolda	dc3b037e3a	Incorrect Signature algorithms presented by Client Authenticator closes #15853 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-06-21 08:55:58 +02:00
Stian Thorgersen	f82577a7f3	Removed old account console (#21098 ) Co-authored-by: Jon Koops <jonkoops@gmail.com> Closes #9864	2023-06-20 20:46:57 +02:00
fwojnar	a36be17a5c	Remove account package from testsuite (#20990 ) * Removal of testsuite account package Related to #19668 Also closes #20527 * Fix failures + remove login folder from base-ui --------- Co-authored-by: Ivan Khomyn <ikhomyn@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2023-06-20 08:50:39 +02:00
Daniele Martinoli	d9b271c22a	Extends the conditional user attribute authenticator to check the attributes of the joined groups (#20189 ) Closes #20007	2023-06-19 15:22:35 +02:00
Miquel Simon	3daeee15f6	Add Forms IT (#20528 ) Closes #20519	2023-06-19 14:44:20 +02:00
Jon Koops	29f9523646	Ensure `RegisterTest` runs in Chrome and Firefox (#21036 )	2023-06-16 08:00:04 -04:00
Martin Bartoš	c6995f5ded	Save ~2s for Keycloak startup in the testsuite Relates to #21033	2023-06-16 10:47:28 +02:00
rmartinc	ecf52285bc	Simplify TokenManager expiration calculations using SessionExpirationUtils Closes https://github.com/keycloak/keycloak/issues/20794	2023-06-13 10:09:47 +02:00
Pedro Igor	af975d20f1	Avoid iterating indefinetly when checking CRLs Closes #20725	2023-06-12 17:50:16 +02:00
vramik	535bba5792	Update UserQueryProvider methods Closes #20438	2023-06-12 16:04:26 +02:00
Arnaud Martin	ae5a47d548	Impossible to update a federated user credential label Closes #16613	2023-06-12 15:39:52 +02:00
Vlasta Ramik	ed473da22b	Clean-up of deprecated methods and interfaces Fixes #20877 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-06-09 17:11:20 +00:00
Rinus Wiskerke	fbfdb54745	Strip rotated client secret from export json (#19394 ) Closes #19373	2023-06-09 10:46:28 +02:00
rmartinc	61968bf747	Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper Closes https://github.com/keycloak/keycloak/issues/19767	2023-06-08 11:12:24 -03:00
Réda Housni Alaoui	eb9bb281ec	Require user to agree to 'terms and conditions' during registration	2023-06-08 10:39:00 -03:00
Marek Posolda	8080085cc1	Removing 'http challenge' authentication flow and related authenticators (#20731 ) closes #20497 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-06-08 14:52:34 +02:00
Saman-jafari	31db84e924	fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality test also added to check the availability of issueFor(azp) and redirect uri in Action Fixes #14860 Fixes #15136	2023-06-07 12:19:46 -03:00
Zvi Grinberg	ace83231ee	Update RegexPolicyTest.java Add forgotten imports	2023-06-07 10:18:10 -03:00
Zvi Grinberg	b29ce53f6e	Fix bug in regex policy evaluation that it ignored flatted user claims that are mapped by protocol mappers to complex JSON structure in access token( in the access token JWT it's key and value is a JSON by itself) fixes: #20436 Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>	2023-06-07 10:18:10 -03:00
Alice Wood	7e56938b74	Extend group search attribute functionality to account for use case where only the leaf group is required	2023-06-07 08:52:23 -03:00
rmartinc	9bc30f4705	EventBuilder fixes to copy the store and session context Closes https://github.com/keycloak/keycloak/issues/20757 Closes https://github.com/keycloak/keycloak/issues/20105	2023-06-07 08:34:27 -03:00
Jon Koops	9a8d1ca1f3	Stop waiting page load when calling `assertCurrent()` (#20786 )	2023-06-07 13:13:46 +02:00
Pedro Hos	9ebd94a3a8	Userinfo endpoint doesn't accept charset #20671 Closes 20671	2023-06-07 08:08:05 +02:00
Artur Baltabayev	041441f48f	Improved Reset OTP authenticator (#20572 ) * ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset. Closes #8753 --------- Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>	2023-06-06 08:30:44 -03:00
rmartinc	81aa588ddc	Fix and correlate session timeout calculations in legacy and new map implementations Closes https://github.com/keycloak/keycloak/issues/14854 Closes https://github.com/keycloak/keycloak/issues/11990	2023-06-05 18:46:23 +02:00
Jon Koops	8eee3f434b	Fix test for brute force detection of recovery codes (#20784 )	2023-06-05 11:55:30 -04:00
rmartinc	d80094793b	Manage elytron configuration if configured for JDK-17 Closes https://github.com/keycloak/keycloak/issues/20385	2023-06-05 13:50:28 +02:00
Jon Koops	7ce96bb6d5	Remove workaround for legacy consoles from `waitForPageToLoad` (#20754 )	2023-06-05 07:48:08 -04:00
Aboullos	612fe33ade	Remove AccountUpdateProfilePage from the testsuite (#19362 ) closes #15202	2023-06-02 11:46:49 +02:00
Pedro Igor	f69ff5d270	Execution config not duplicated when duplicating flows Closes #12012	2023-06-01 16:12:06 +02:00
mposolda	bf9c5821cb	Fix for certificate revalidation closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542	2023-05-31 15:42:37 +02:00
Alexander Schwartz	512e30b210	Add escaping for fields with wildcard search Closes #20510	2023-05-31 14:38:04 +02:00
Takashi Norimatsu	a29c30ccd5	FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request closes #20623	2023-05-31 14:02:44 +02:00
vramik	a175efcb72	Split `UserQueryProvider` into `UserQueryMethods` and `UserCountMethods` and make `LdapStorageProvider` implement only `UserQueryMethods` Co-authored-by: mhajas <mhajas@redhat.com> Closed #20156	2023-05-31 11:47:54 +02:00
Jay Linski	403632438a	Improve a11y by providing the current language (#20213 )	2023-05-30 13:46:14 -04:00
Takashi Norimatsu	6b42c2b4d0	FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error Closes #20622	2023-05-30 18:24:50 +02:00
stianst	0832992e59	Removing OpenShift integration and moving to separate extension closes #20496 Co-authored-by: mposolda <mposolda@gmail.com>	2023-05-30 17:39:32 +02:00
Pedro Igor	17c3804402	Tests for user property mapper Closes #20534	2023-05-29 14:21:03 +02:00
Yoshiyuki Tabata	bd37875a66	allow specifying format of "permission" parameter in the UMA grant token endpoint (#15947)	2023-05-29 08:56:39 -03:00
Jon Koops	98e5e9799b	Improve third-party storage access detection and cookie fallback	2023-05-25 22:16:59 -03:00
Douglas Palmer	1b8901f5a2	Changing the email address has no impact at username regardless "Email as username" toggle closes #20459	2023-05-25 07:54:03 -03:00
Hynek Mlnarik	fc0e47caa4	Fix KcCustomOidcBrokerTest Fixes: #20541	2023-05-25 10:20:36 +02:00
Peter Zaoral	72b238fb48	Keystore vault (#19644 ) * KeystoreVault SPI * added KeystoreVault - a Vault SPI implementation (#19281) Closes #17252 Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-05-24 16:20:30 +00:00
Jon Koops	90d2a01619	Replace `ChromeJavascriptBrowser` annotation with `JavascriptBrowser` (#20535 )	2023-05-24 11:23:15 +00:00
Hynek Mlnarik	4950f7bebe	Target correct user resource	2023-05-23 20:53:30 +02:00
Hynek Mlnarik	b9983cc5f6	Fix BrokerTest	2023-05-23 20:53:30 +02:00
Hynek Mlnarik	ac59c551c3	Fix transaction boundaries in tests	2023-05-23 20:53:30 +02:00
Hynek Mlnarik	38442ee0a6	Fix event tests	2023-05-23 20:53:30 +02:00
Hynek Mlnarik	3e58d3da8d	Proper cleanup	2023-05-23 20:53:30 +02:00
vramik	bdbbd2959d	User search with LDAP federation not consistent Closes #10195	2023-05-23 11:48:33 +02:00
wojnarfilip	34b9eed8f0	Removes AccountFederatedIdentityPage from testsuite Closes #15199	2023-05-22 11:07:48 -03:00
i7a7467	e41e1a971a	SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata Closes #11079	2023-05-22 10:05:17 +02:00
vramik	fd6a6ec3ad	Make LDAP `searchForUsersStream` consistent with other storages Co-authored-by: mhajas <mhajas@redhat.com> Closes #17294	2023-05-19 08:40:41 +02:00
Artur Baltabayev	33215ab6f4	Added User-Session Note Idp mapper. (#19062 ) Closes #17659 Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com> Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io> Co-authored-by: Sebastian Schuster <sebastian.schuster@bosch.io>	2023-05-18 13:47:10 +02:00
Lukas Hanusovsky	eb77dcf014	Removing PHOTOZ client and related tests testing UI. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	d9b95e0240	Testsuite with Undertow and OpenJDK17 - Nashorn library support. GH Actions failures - refactoring.	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	406aa21b0b	UserStorageTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	b8b9adbea2	CookieTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	29deaca3f5	DemoServletsAdapterTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	47fd10469f	Old account console dependencies removed - refactoring. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	130807fa7b	AbstractCustomAccountManagementTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	2ad8f7dd62	Old account console dependencies removed. Closes #19668 * LoginTest * SessionServletAdapterTest * ClientRedirectTest * TrustStoreEmailTest * BrowserFlowTest * SocialLoginTest * JavascriptAdapterTest	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	c685366169	CookiesPathTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	5e323ae173	Old account console dependencies removed. Closes #19668 * ConsentsTest * UserTest * SessionTest * LoginEventsTest * AbstractKeycloakTest	2023-05-18 13:09:51 +02:00
danielFesenmeyer	d543ba5b56	Consistent message resolving regarding language fallbacks for all themes - the prio of messages is now as follows for all themes (RL = realm localization, T = Theme i18n files): RL <variant> > T <variant> > RL <region> > T <region> > RL <language> > T <language> > RL en > T en - centralize the message resolving logic in helper methods in LocaleUtil and use it for all themes, add unit tests in LocaleUtilTest - add basic integration tests to check whether realm localization can be used in all supported contexts: - Account UI V2: org.keycloak.testsuite.ui.account2.InternationalizationTest - Login theme: LoginPageTest - Email theme: EmailTest - deprecate the param useRealmDefaultLocaleFallback=true of endpoint /admin/realms/{realm}/localization/{locale}, because it does not resolve fallbacks as expected and is no longer used in admin-ui v2 - fix locale selection in DefaultLocaleSelectorProvider that a supported region (like "de-CH") will no longer selected instead of a supported language (like "de"), when just the language is requested, add corresponding unit tests - improvements regarding message resolving in Admin UI V2: - add cypress test i18n_test.spec.ts, which checks the fallback implementation - log a warning instead of an error, when messages for some languages/namespaces cannot be loaded (the page will probably work with fallbacks in that case) Closes #15845	2023-05-17 15:00:32 +02:00
Dominik Schlosser	8c58f39a49	Updates Datastore provider to contain full data model Closes #15490	2023-05-16 15:05:10 +02:00
Takashi Norimatsu	7f5e94db87	KEYCLOAK-19539 FAPI 2.0 Baseline : Reject Implicit Grant	2023-05-16 14:17:29 +02:00
Miquel Simon	e959e20e1a	Upgrade tested DB versions	2023-05-15 12:36:27 -03:00
vramik	d1ab921c50	JpaUserProvider count methods are inconsistent with searchForUser's param filter handling Closes #17581	2023-05-05 08:22:05 +02:00
rmartinc	d9025db536	Migrate realms if configured to use RH-SSO themes Closes https://github.com/keycloak/keycloak/issues/17484	2023-05-02 15:38:33 +02:00
Martin Bartoš	b87b70a35d	Ignore particular legacy clustering tests Revert once https://github.com/keycloak/keycloak/issues/19834 issue is resolved	2023-04-27 13:36:54 +02:00
Martin Bartoš	79178b5a23	Use WildFly as the default app server	2023-04-27 13:36:54 +02:00
Martin Bartoš	9d40f77746	Ignore DemoFilterServletAdapterTestForCustomizedIdMapper test Revert once https://github.com/keycloak/keycloak/issues/19809 issue is resolved	2023-04-27 13:36:54 +02:00
Martin Bartoš	60fd7e63d9	Fix OfflineServletsAdapterTest	2023-04-27 13:36:54 +02:00
Martin Bartoš	8d5a4f2677	Fix FIPS tests	2023-04-27 13:36:54 +02:00
Martin Bartoš	c1cced9f31	Fix CorsExampleAdapterTest --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java - Modified	2023-04-27 13:36:54 +02:00
Peter Zaoral	72663060c9	Quarkus3 branch sync no. 13 11.4.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Martin Bartoš	5b7e9a2603	Remove WF dependencies, add Jakarta SOAP, fix tests --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: IdeaProjects/keycloak/quarkus/pom.xml - Modified IdeaProjects/keycloak/quarkus/runtime/pom.xml - Modified	2023-04-27 13:36:54 +02:00
Martin Bartoš	de663dbf93	Quarkus3 branch sync no. 9 10.3.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE * changed version from 999-SNAPSHOT to 999.0.0-SNAPSHOT	2023-04-27 13:36:54 +02:00
Martin Bartoš	952faed4c9	Run Adapter tests with JavaEE support --- Quarkus3 branch sync no. 9 (10.3.2023) Resolved conflicts: keycloak/.github/actions/build-keycloak/action.yml - Modified	2023-04-27 13:36:54 +02:00
Peter Zaoral	0b4f40f89b	Quarkus3 branch sync no. 8 3.3.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Martin Bartoš	64738ea708	Fix issues with JakartaEE Mail dependencies This reverts commit da4644844ed88818c05d777460624403326ab01c --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified	2023-04-27 13:36:54 +02:00
Peter Zaoral	5ebe4ca7c8	Quarkus3 branch sync no. 6 17.2.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Peter Zaoral	946eacd5b6	Quarkus3 branch sync no. 5 10.2.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE * fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Stefan Guilhen	3409a0c840	Fixes SAML tests in testsuite - adds dependency to saaj-impl in saml core public - updates test apps' web.xml files to use jakarta namespaces - small cleanup in main pom - changes order of e-mail servers in testsuite pom to enforce usage of greenmail (changes order in Undertow's classpath) Closes #16711	2023-04-27 13:36:54 +02:00
Martin Bartoš	b1da7bd613	Revert Mail API --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: keycloak/quarkus/pom.xml - Modified --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified	2023-04-27 13:36:54 +02:00
Martin Bartoš	1f126647fe	Update dependencies	2023-04-27 13:36:54 +02:00
vramik	60e6fb9dae	Register custom functions FunctionContributor Closes #16336 --- Quarkus3 branch sync no. 6 (17.2.2023) Resolved conflicts: keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified --- Quarkus3 branch sync no. 3 (27.1.2023) Resolved conflicts: keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified	2023-04-27 13:36:54 +02:00
Peter Zaoral	4ff2de7f46	Quarkus3 branch sync 18.1.2023: * applied Quarkus 3 OpenRewrite recipe * fixed the parts that were missed by the script Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Martin Bartoš	124591ce1a	Adapters can still use Java EE - Provided all JavaEE dependencies for adapters - Automatically build Undertow Jakarta EE for testsuite (missing SAML) --- Quarkus3 branch sync no. 11 (24.3.2023) Resolved conflicts: keycloak/adapters/oidc/spring-security/pom.xml - Modified --- Quarkus3 branch sync no. 7 (27.2.2023) Resolved conflicts: keycloak/pom.xml - Modified --- Quarkus3 branch sync no. 5 (10.2.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified --- Quarkus3 branch sync no. 1 (18.1.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified	2023-04-27 13:36:54 +02:00
Martin Bartoš	40c38e0133	Fix dependencies in testsuite, adapters and Quarkus module --- Quarkus3 branch sync no. 11 (24.3.2023) Resolved conflicts: keycloak/adapters/oidc/spring-security/pom.xml - Modified	2023-04-27 13:36:54 +02:00
Stefan Guilhen	384d7c17f7	- Fix issues in legacy store - Testsuite (switch undertow-embedded.version)	2023-04-27 13:36:54 +02:00
Martin Bartoš	7cff857238	Migrate packages from javax.* to jakarta.* --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java - Modified --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified --- Quarkus3 branch sync no. 10 (17.3.2023) Resolved conflicts: keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java - Modified --- Quarkus3 branch sync no. 9 (10.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified --- Quarkus3 branch sync no. 8 (3.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java Modified - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified --- Quarkus3 branch sync no. 6 (17.2.2023) Resolved conflicts: keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified --- Quarkus3 branch sync no. 5 (10.2.2023) Resolved conflicts: /keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java Modified - Modified keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified --- Quarkus3 branch sync no. 4 (3.2.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified --- Quarkus3 branch sync no. 1 (18.1.2023) Resolved conflicts: keycloak/testsuite/client/ClientPoliciesTest.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified	2023-04-27 13:36:54 +02:00
Hynek Mlnarik	d7d50634b3	Do not impose assumptions on ID format Closes: #19814	2023-04-26 15:37:50 +02:00
Hynek Mlnarik	80ba42a0b4	Tests: Determine IDs from Keycloak Instead of assuming that the ID of created objects is honored, the tests are rewritten in the way which obtains the ID from the created objects. This is to account for storages where ID is not necessarily an UUID and cannot be thus prescribed. Closes: #19814	2023-04-26 15:37:50 +02:00
rmartinc	04ac3a64ee	Adding support for rsa-oaep for SAML encryption Closes https://github.com/keycloak/keycloak/issues/19689	2023-04-26 10:46:10 +02:00
mposolda	a3f2ebb193	Ability to override default/built-in providers with same providerId. Using ProviderFactory.order() for choosing priority providers Closes #19867	2023-04-25 18:04:58 +02:00
Lukas Hanusovsky	30d976d64c	RequiredActionEmailVerificationTest - old account console dependencies removed. (#19843 ) Closes #19668	2023-04-25 08:19:43 +02:00
Hynek Mlnarik	3161c4424c	Fix export / import tests relict Closes: #19812	2023-04-19 22:17:49 +02:00
Hynek Mlnarik	0ddc71d987	Properly encode id in URL Closes: #19816	2023-04-19 15:10:04 -03:00
rmartinc	8e55a63f31	Do not allow add sub-flow to built-in workflow Closes https://github.com/keycloak/keycloak/issues/15536	2023-04-19 11:12:49 +02:00
rmartinc	f051a0cdb3	Improve SessionCodeChecks to detect better the ALREADY_LOGGED_IN situation Closes https://github.com/keycloak/keycloak/issues/19677	2023-04-18 10:35:47 -03:00
Lukas Hanusovsky	4a8510f7d9	Stop disabling Account Console v2 for tests that run fine (#19728 ) Works towards closing #19668	2023-04-17 16:26:32 -03:00
Marek Posolda	8d01109158	Invalid parameter redirect_uri when using an invalid client_id (#19731 ) closes #19662	2023-04-17 15:12:59 +02:00
Hynek Mlnarik	21510dff0c	Add FILE constant to StoreProvider	2023-04-17 08:29:49 +02:00
mposolda	1cbdf4d17e	Fix the issue with LDAP connectionUrl containing multiple hosts Closes #17359	2023-04-16 17:41:22 +02:00
danielFesenmeyer	5554c62bea	Change locale of user profile validation message to be resolved from authenticated user instead of validated user Closes #19707	2023-04-14 11:51:15 -03:00
Stian Thorgersen	f4cabea08c	Make sure the code is bound to the user session (#18 ) (#17380 ) (#17389 ) Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-04-14 14:42:12 +02:00
Lukas Hanusovsky	556758943f	Old Account Console removal - cleanup imports (#19700 ) Part of #19668	2023-04-13 14:57:28 +00:00
vramik	2b890eb79d	Zero downtime smoke tests Closes #16481	2023-04-12 11:24:35 +02:00
Pedro Igor	83676bf927	Extract JUnit5 support in the distributoin testsuite to a separate module Closes #19552	2023-04-11 10:48:56 +02:00
Lukas Hanusovsky	9bb18400ad	Remove AccountTotpPage from the testsuite (#17657 ) Closes #15201	2023-04-06 11:49:29 +02:00
fwojnar	f55794f8bf	Removes AccountApplicationsPage (#17651 ) Closes #15198 Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2023-04-05 16:54:16 +02:00
rmartinc	99330dbb6d	Manage JsonProcessingException to not return error 500 when json data is wrong Closes https://github.com/keycloak/keycloak/issues/11517	2023-04-03 18:07:34 +02:00
mposolda	4d8d6f8cd8	Preserve authentication flow IDs after import closes #9564	2023-04-03 16:01:52 +02:00
Jon Koops	bdc019b02c	Fully deprecate function-style constructor for Keycloak JS (#19438 )	2023-04-03 14:45:55 +02:00
Hynek Mlnarik	85c0b47c31	Fix ClientPoliciesExtendedEventTest Closes: #19487	2023-04-03 14:43:50 +02:00
Pedro Igor	6086201fe0	Do not verify identity cookie when processing required actions Closes #17539	2023-03-31 09:56:27 +02:00
rmartinc	89dfeeec38	The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties Closes https://github.com/keycloak/keycloak/issues/10412	2023-03-30 21:45:07 +02:00
mposolda	709c6b5a47	Regressions in redirect URL verification when redirect_uri has encoded path or default port closes #16851 closes #16587	2023-03-30 14:20:10 +02:00
Pedro Igor	48082d08ec	Email visible on registration page when edit username is not allowed Closes #17439	2023-03-30 08:11:30 +02:00
Jon Koops	8f627517cb	Remove legacy Promise APIs from Keycloak JS (#19389 )	2023-03-29 16:29:27 +00:00
Michal Hajas	e49dfe534e	Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store Closes #17277	2023-03-29 16:43:01 +02:00
Daniel Kobras	a45b5dcd90	Prefer cert over pubkey in SAML metadata If SAML key material was given as a certificate, consistently expose the certificate rather than just the public key when presenting SAML metadata info. This change ensures that the client obtains sufficient information (eg. issuer) to close the trust chain. Closes: #17549 Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>	2023-03-29 11:17:24 +02:00
Marek Posolda	032ece9f7b	Clarify user session limits documentation and test SSO scenario (#19372 ) Closes #17374 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-03-29 10:08:45 +02:00
rmartinc	2bb9de1a8c	Allow application/jwt media type for userinfo endpoint Closes: https://github.com/keycloak/keycloak/issues/19346	2023-03-28 08:47:35 -03:00
Michal Hajas	beca22311b	Add RefreshTokenTest to database suite so it can catch some expiration issues similar to #17570	2023-03-28 08:32:31 +02:00
Pedro Igor	a9c605750d	Returning email as username setting for admins Fixes #17591	2023-03-27 16:33:44 -03:00
Pedro Hos	bd0a23a865	/users/count endpoint with search field has different behavior than /users query endpoint #17620 closes #17620	2023-03-24 13:43:47 +01:00
Klajdi Paja	cf61a65198	Return a user friendly message when a group name already exists on the same level. Closes #16888	2023-03-24 08:13:49 +01:00
rmartinc	8bc5273792	EAP7 and wildfly adapter tests fixes. Execute enable-elytron-se17.cli for EAP7 and JDK-17. Closes https://github.com/keycloak/keycloak/issues/19273	2023-03-23 17:02:39 -03:00
Ayrat Hudaygulov	f578f91a0b	Fix ID token not being sent after expiration for OIDC logout Closes #10164	2023-03-23 13:01:02 +01:00
Ricardo Martin	1a622e707f	Flaky tests org.keycloak.testsuite.federation.sync.SyncFederationTest (#19095 ) Closes: https://github.com/keycloak/keycloak/issues/17430 Closes: https://github.com/keycloak/keycloak/issues/17431	2023-03-21 08:30:42 +01:00
Alexander Schwartz	513bb809f3	Add a map storage global locking implementation for JPA Closes #14734	2023-03-21 08:21:11 +01:00
rmartinc	bef0a4a6f1	Check frontendUrl in the hostname providers Closes https://github.com/keycloak/keycloak/issues/17686	2023-03-20 18:54:58 -03:00
Pedro Igor	a30b6842a6	Decouple the policy enforcer from adapters and provide a separate library Closes keycloak#17353	2023-03-17 11:40:51 +01:00
rmartinc	cab7e50410	Better handling for SAML signatures in POST and REDIRECT bindings Closes https://github.com/keycloak/keycloak/issues/17456	2023-03-15 09:06:59 -03:00
Pedro Igor	af475ffe23	Fixing classloading issue due to the curated application being eagerly closed	2023-03-13 09:34:49 +01:00
vramik	31e4c5cb7e	Add `storage-jpa-db` property into Quarkus. Distinguish postgres and crdb for jpa map store. Closes #17305	2023-03-09 11:09:56 +01:00
Tero Saarni	9052ec2b02	Add admin events for realm create/delete. (#10831 ) Closes #10733	2023-03-07 15:57:06 +01:00
Simon Levermann	96c1cf3c49	Allow mapping of UserSessionNotes into UserInfo Fixes #15369	2023-03-07 15:25:14 +01:00
rmartinc	a56b38c5a6	Don't remove session and don't reset restart cookie if passive check error Closes https://github.com/keycloak/keycloak/issues/11340	2023-03-07 15:10:09 +01:00
rmartinc	06ff8b016c	Don't set REMEMBER_ME if it's disabled at realm level Closes https://github.com/keycloak/keycloak/issues/11330	2023-03-07 15:01:58 +01:00
Michal Hajas	837c64de3d	Add support for pessimistic locking to HotRod Closes #13273	2023-03-07 10:44:31 +01:00
mposolda	a0192d61cc	Redirect loop with authentication success but access denied at default identity provider closes #17441	2023-03-06 10:45:01 +01:00
Michal Hajas	465019bec4	Extract attachDevice outside of storage layer Closes #17336	2023-03-03 17:58:34 +01:00
Zakaria Amine	fb5a7f654b	trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100 ) closes #15098	2023-03-03 17:49:27 +01:00
Jon Koops	972ebb9650	Use a valid SemVer format for the SNAPSHOT version (#17334 ) * Use a valid SemVer format for the SNAPSHOT version * Update pom.xml * Update pom.xml --------- Co-authored-by: Stian Thorgersen <stianst@gmail.com> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2023-03-03 11:11:44 +01:00
Alexander Schwartz	1e4401f521	Avoid returning the same entity multiple times from separate searches Closes #15604	2023-03-02 08:21:38 +01:00
Marek Posolda	59f4fe1c60	NPE on Theme after upgrade to 21 when parent or import theme not exists (#17350 ) * NPE on Theme after upgrade to 21 when parent or import theme not exists closes #17313 * Update per review	2023-03-01 15:46:37 +00:00
rmartinc	5cdf4d5791	Read-Only attributes should be modified if creation is delayed for LDAP Closes https://github.com/keycloak/keycloak/issues/16848	2023-03-01 11:26:57 +01:00
Pedro Igor	fbf5541802	Remove duplicated set-cookie header from response when expiring cookies Closes #17192	2023-02-27 14:17:27 -03:00
lpa	3cd413dee1	SOAP backchannel logout for SAML protocol Closes #16293	2023-02-27 14:24:12 +01:00
rmartinc	38a46726e4	Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers Closes https://github.com/keycloak/keycloak/issues/15624	2023-02-27 10:14:48 -03:00
Václav Muzikář	557a22968c	Stabilize Account Console UI tests (#17243 ) Closes #17178 Closes #17102 Closes #17070 Closes #17045 Closes #17044 Closes #16875 Closes #16870 Closes #16715 Closes #16670 Closes #16646 Closes #16627 Closes #16620	2023-02-23 12:35:08 +01:00
rmartinc	f91ac2970d	Polish fips-mode switch for preview (#17228 ) * Polish fips-mode switch for preview Closes #17208 #17210 Co-authored-by: mposolda <mposolda@gmail.com>	2023-02-22 12:12:52 +01:00
drohwer89	4ff180da64	Terminating all sessions above the session limit (#16068 ) Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit. Closes #14689 Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-02-16 17:56:59 +01:00
rmartinc	9995a3cdd4	lastSync value into COMPONENT_CONFIG is always updated Closes https://github.com/keycloak/keycloak/issues/17022	2023-02-16 17:48:49 +01:00
mposolda	4f068fcdcc	Make https-trust-store-type set to bcfks by default in strict-mode Closes #17119	2023-02-16 08:00:21 -03:00
sui.jieqiang	1f6fa0501c	Fix search user groups without limit Closes #12649	2023-02-15 15:50:46 +01:00
vramik	7b604d6784	Sync properties in `map-storage-jpa-cocroach` with other profiles Closes #17107	2023-02-15 10:49:22 +01:00
Hynek Mlnarik	bb0eb899a7	Add ability to run arq testsuite with file store Fixes: #17032	2023-02-15 10:17:23 +01:00
Pedro Igor	9e46b9e43f	Handling events after transaction completion using a separate session Closes #15656	2023-02-14 13:10:57 +01:00
Václav Muzikář	a57821ed80	Fix JDK 17 InaccessibleObjectException with infinispan	2023-02-13 17:09:36 -03:00
laskasn	dc8b759c3d	Use encryption keys rather than sig for crypto in SAML Closes #13606 Co-authored-by: mhajas <mhajas@redhat.com> Co-authored-by: hmlnarik <hmlnarik@redhat.com>	2023-02-10 12:06:49 +01:00
Marek Posolda	9cfc1fdfa9	Reduce the redundant tests in fips-suite (#16970 ) Closes #16969	2023-02-09 12:21:33 +01:00
Pedro Igor	423fc6daba	Flaky test KcOidcBrokerTokenExchangeTest (#16914 ) Closes #16896	2023-02-08 14:49:49 +00:00
Dmitry Telegin	5f39aeb590	Pre-authorization hook for client policies Closes #9017	2023-02-08 15:06:32 +01:00
Michal Hajas	6fa62e47db	Leverage HotRod client provided transaction Closes #13280	2023-02-08 10:26:30 +01:00
Stian Thorgersen	4782a85166	Remove old admin console feature (#16861 ) * Remove old admin console feature Closes #16860 * Update help txt files for Quarkus tests	2023-02-07 12:59:35 +01:00
Pedro Igor	7b58783255	Allow mapping claims to user attributes when exchanging tokens Closes #8833	2023-02-07 10:57:35 +01:00
Thomas Darimont	e38b7adf92	Revise blacklist password policy provider #8982 - Reduce false positive probability from 1% to 0.01% to avoid rejecting to many actually good passwords. - Make false positive rate configurable via spi config - Revised log messages Supported syntax variant: `passwordBlacklist(wordlistFilename)` Fixes #8982 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-02-07 10:36:39 +01:00
Martin Kanis	5ba004b447	Leverage Infinispan lifespan for ExpirableEntities in HotRod storage	2023-02-07 10:01:32 +01:00
Stian Thorgersen	fc075a3d35	Remove old admin console tests (#16859 ) Closes #16858	2023-02-07 08:51:36 +01:00
Denis Bernard	5db64133b8	Add Attribute to Group Mapper for SAML IDP Cleansing code as PR Comment Add test for Advanced Attribute to Group Mapper Closes #12950	2023-02-06 10:58:48 -03:00
Pedro Igor	1a1ee78dbd	Removing tests from base group broker mapper test classes	2023-02-06 10:58:48 -03:00
Pedro Igor	d97b9c48c4	Make sure PBKDF2 providers are using the expect size for derived keys (#16798 ) Closes #16797	2023-02-03 15:31:25 +01:00
rmartinc	f8f112d8d2	Upgrade twitter4j (#16828 ) Closes https://github.com/keycloak/keycloak/issues/16731	2023-02-03 15:28:37 +01:00
Marek Posolda	51bed81814	Fixes for OOB endpoint and KeycloakSanitizer (#16773 ) (cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)	2023-02-02 08:34:50 +01:00
Pedro Igor	e3c41ec3a0	Ignoring test methods from parent classes Closes #15687	2023-02-01 14:58:03 -08:00
Stian Thorgersen	d9025231f9	HTML Injection in Keycloak Admin REST API (#16765 ) Resolves #GHSA-m4fv-gm5m-4725 Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2023-02-01 14:34:15 +01:00
Marek Posolda	33ff9ef17e	Fix remaining failing tests with BCFIPS approved mode (#16699 ) * Fix remaining failing tests with BCFIPS approved mode Closes #16698	2023-01-30 16:01:57 +01:00
mposolda	7f017f540e	BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication Closes #16678	2023-01-30 08:40:46 +01:00
Martin Kanis	c4255e7301	Wrong property for events in map-storage-hot-rod on Undertow	2023-01-27 14:24:34 +01:00
mposolda	5591b5198b	Still test failures with BCFIPS approved mode due the hardcoded keys Closes #16643	2023-01-26 15:50:29 +01:00
Pedro Igor	f6602e611b	Allow managing the username idn homograph validator Closes #13346	2023-01-26 04:55:43 -08:00
mposolda	a804400c84	Added KERBEROS feature. Disable it when running tests on FIPS closes #14966	2023-01-25 18:38:46 +01:00
mposolda	16888eaeab	Only available RSA key sizes should be shown in admin console Closes #16437	2023-01-25 13:15:07 +01:00
mposolda	29888dbf1a	Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant Closes #12420	2023-01-25 08:26:15 +01:00
Hynek Mlnarik	977cc473bb	Fix linebreaks in XML / SAML signatures See https://bugs.openjdk.org/browse/JDK-8264194 See https://issues.apache.org/jira/browse/SANTUARIO-482 Fixes: #14529	2023-01-23 15:39:10 +01:00
Konstantinos Georgilakis	c73859794e	Short verification_uri for Device Authorization Request Closes #16107	2023-01-18 08:34:52 +01:00
Pedro Igor	33cb1ad7cd	Support runnning tests using an embedded distribution Closes #16420	2023-01-13 12:03:36 -08:00
mposolda	79fa6bb3c9	Initial support for running testsuite in BCFIPS approved mode Closes #16429	2023-01-13 02:59:06 -08:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID，BIN MUHAMMADZAKWAN	cc6597967a	Refactoring ClientPoliciesTest Closes #14795	2023-01-12 09:38:12 +01:00
Pedro Igor	9945135861	Verify if token is revoked when validating bearer tokens (#16394 ) Closes #16388	2023-01-11 14:42:29 +01:00
mposolda	ac490a666c	Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key Closes #16324	2023-01-10 20:39:59 +01:00
Miquel Simon	7bd78f604a	Added MariaDB to Legacy Store IT. (#16157 )	2023-01-10 17:37:27 +01:00
Pedro Igor	d797d07d8f	Ignore user profile attributes for service accounts Closes #13236	2023-01-10 16:26:53 +01:00
mposolda	4d55c6a647	Adding SAML tests for FIPS - with addition of XMLDSig security provider Closes #14969	2023-01-10 08:37:03 +01:00
Pedro Igor	53ee95764e	Do not show username field when updating profile if UPDATE_EMAIL feature is enabled and email as username is enabled Closes #16263	2023-01-06 14:12:47 +01:00
Réda Housni Alaoui	141c9dd803	update-email: email change does not affect the username when "Email as username" option is checked (#15583 ) Closes #13988	2023-01-06 14:04:48 +01:00
Miquel Simon	c2682157fb	Added MS SQL Server to Legacy Store IT. (#16121 ) * Added MS SQL Server to Legacy Store IT. * Update testsuite/integration-arquillian/pom.xml Co-authored-by: Stian Thorgersen <stianst@gmail.com> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2023-01-06 08:55:09 +01:00
Réda Housni Alaoui	dbe0c27bcf	Allowing client registration access token rotation deactivation	2023-01-05 20:53:57 +01:00
mposolda	e374e309c6	Deprecate SHA1 based algorithms for sign SAML documents and assertions Closes #16240	2023-01-05 20:45:20 +01:00
Michal Hajas	6566b58be1	Introduce Infinispan GlobalLock implementation Closes #14721	2023-01-05 16:58:44 +01:00
Hynek Mlnarik	071fc03f41	Move transaction processing into session close Fixes: #15223	2023-01-05 16:12:32 +01:00
Stian Thorgersen	6c1f981eec	Fix UserTest.sendResetPasswordEmailWithCustomLifespan (#16233 ) Closes #16232	2023-01-04 13:03:33 +01:00
Stian Thorgersen	7dc16c69cb	Force refreshing token for admin client if time offset is set (#16242 ) Closes #16143	2023-01-04 13:03:10 +01:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID，BIN MUHAMMADZAKWAN	ce6b737e33	NPE in userinfo endpoint Closes #15429	2023-01-02 13:53:29 +01:00
Miquel Simon	9bb5b08015	Added Oracle to Legacy Store IT. (#16097 )	2022-12-21 08:15:38 +01:00
mposolda	36bd76957d	Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL Closes #15721	2022-12-20 21:03:55 +01:00
Michal Hajas	c79d29e68c	Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile Closes #16046	2022-12-20 17:51:40 +01:00
Alexander Schwartz	1d758fac2b	Adding CRDB into GHA for the new store (#16021 ) The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds. Closes #16020	2022-12-17 08:50:21 +01:00
Pedro Igor	857b02be63	Allow managing the required settigs for the email attribute Closes #15026	2022-12-15 13:11:06 -08:00
Pedro Igor	782d145cef	Allow updating authz settings via default client registration provider Closes #9008	2022-12-15 20:43:43 +01:00
Stian Thorgersen	c1b0f2a6ab	Rebalanace BaseIT test groups (#16007 )	2022-12-15 08:52:30 +01:00
Stian Thorgersen	a5670af745	Keycloak CI workflow refactoring (#15968 ) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>	2022-12-14 16:12:23 +01:00
Stian Thorgersen	0f2ca3bfdd	fixes from release/20 (#15982 ) * Avoid path traversal vis double-url encoding of redirect URI (#8) (cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f) * Do not resolve user session if corresponding auth session does not exist (#7) * Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9) Co-authored-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2022-12-14 07:46:17 +01:00
Stian Thorgersen	30cc16e648	Move authorization tests into authz package (#15957 ) Closes #15956	2022-12-12 18:09:11 +01:00
Michal Hajas	de7dd77aeb	Change id of TermsAndConditions required actions to uppercase Closes #9991	2022-12-07 10:51:37 -03:00
mposolda	f4e91a5312	The redirect URI cannot be verified during logout in the case when client was removed closes #15866	2022-12-07 08:20:30 +01:00
mposolda	264c5a6cdb	Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms Closes #14968	2022-12-06 13:02:46 +01:00
Pedro Igor	022d2864a6	Make sure JAX-RS resource methods are advertizing the media type they support Closes #15811 Closes #15810	2022-12-06 08:13:43 -03:00
Stian Thorgersen	2f0d8cd895	Move hok, par, and rar tests to oauth package (#15834 ) Closes #15833	2022-12-05 15:42:20 +01:00
Michal Hajas	59ccae76cb	Fix flaky JS test (#15804 ) Closes #15761 Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2022-12-05 13:16:04 +01:00
Stian Thorgersen	8e6437e596	Fix Flaky test: RequiredActionTotpSetupTest.setupTotpExistingReusableCodeDisabled (#15779 ) Closes #15564	2022-12-01 10:41:46 +01:00
Hynek Mlnařík	60ce949304	Ignore unknown clients in LDAP role mapper Fixes: #10958	2022-12-01 09:51:05 +01:00
Stian Thorgersen	c24bc1bab0	Tweak time offset in RefreshTokenTest (#15760 ) Closes #15718	2022-11-30 16:11:46 +01:00
Stian Thorgersen	c3c858c88a	Fix OpenshiftClientStorageTest.testCodeGrantFlowWithServiceAccountUsingOAuthRedirectReference (#15741 ) Closes #15565	2022-11-29 14:20:21 +01:00
Miquel Simon	88bc5e2307	Use different Postgres image in Testcontainers. Upgraded Testcontainers dependency to 1.17.5.	2022-11-28 10:57:14 +01:00
mposolda	3e9c729f9e	X.509 authentication fixes for FIPS Closes #14967	2022-11-25 11:50:30 +01:00
Stefan Guilhen	5c2a5fac31	Enable all test methods in ConcurrentLoginTest for JPA Map Storage - Tests still disabled for Hotrod and CHM - Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB. Closes #12707 Closes #13210	2022-11-24 13:36:22 +01:00
Lex Cao	dd03137ea7	Strip secret of user when creating from admin API Closes #14843	2022-11-24 11:38:42 +01:00
Nagy Vilmos	4b6b607fe9	Should not hide IDP from login page (#14174 ) Closes #14173	2022-11-23 10:49:21 +01:00
rmartinc	b7188c3891	Unknown bind DN using LDAP anonymous bind aka bind type none (#15546 ) Closes #15497	2022-11-23 10:23:46 +01:00
danielFesenmeyer	18381ecd2e	Fix update of group mappers on certain changes of the group path The group reference in the mapper was not updated in the following cases: - group rename: when an ancestor group was renamed - (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed Closes #15614	2022-11-23 10:12:34 +01:00
cgeorgilakis-grnet	085dd24875	Client registration service do not check client protocol for Bearer token Closes #15612	2022-11-23 08:49:13 +01:00
Stefan Guilhen	f8df04b3b8	Fix UserSessionProviderTest.testOnClientRemoved on CRDB Closes #15558	2022-11-21 13:05:11 +01:00
Michal Hajas	6d683824a4	Deprecate DBLockProvider and replace it with new GlobalLockProvider Closes #9388	2022-11-16 16:13:25 +01:00
Martin Kanis	5e891951f5	Update Infinispan version to 14.0.2.Final	2022-11-16 14:56:45 +01:00
Douglas Palmer	9f532eecaf	Weird export/re-import behaviour regarding post.logout.redirect.uris Closes #14884	2022-11-15 09:24:32 +01:00
vramik	021189f190	Make GHA Map-JPA base testsuite running with Quarkus Co-authored-by: Martin Batros <mabartos@redhat.com> Closes #13725	2022-11-10 10:08:14 +01:00
Jia Chen	c3d53ae6e0	Returns an empty groups stream without querying the database if a user doesn't belong to any groups Closes #12567	2022-11-09 13:07:42 +01:00
danielFesenmeyer	ec30c52a00	Fix paging on the "Users in role" endpoint, when JPA persistence is used - add order-by-clause to the corresponding JPA query (ordering by username ASC) - adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles) - adjust tests to use the new method and check that the expected order is returned Closes #14772	2022-11-07 20:44:06 +01:00
stianst	1de9c201c6	Refactor Profile Closes #15206	2022-11-07 07:28:11 -03:00
Marek Posolda	c0c0d3a6ba	Short passwords with PBKDF2 mode working (#14437 ) * Short passwords with PBKDF2 mode working Closes #14314 * Add config option to Pbkdf2 provider to control max padding * Update according to PR review - more testing for padding and for non-fips mode	2022-11-06 14:49:50 +01:00
Marek Posolda	f616495b05	Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299 ) closes #14965	2022-11-03 16:35:57 +01:00
Marek Posolda	2ba5ca3c5f	Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114 ) Closes #14794	2022-11-03 09:32:45 +01:00
Stian Thorgersen	cf913af823	Add support for Microsoft Authenticator (#15272 ) Closes #15271	2022-11-02 12:56:07 +01:00
Stian Thorgersen	cac4c43052	Remove AccountPasswordPage from testsuite (#15204 ) Closes #15200	2022-11-02 06:20:39 +01:00
Alexander Schwartz	dd5a60c321	Allow a partial import to overwrite the default role Closes #9891	2022-11-01 15:35:02 -03:00
Pedro Igor	f6985949b6	Close the session within resteasy boundaries (#15193 ) Closes #15192	2022-11-01 11:06:34 +01:00
Stian Thorgersen	17117820cc	Remove AccountFormServiceTest (#15197 ) Closes #15196	2022-10-28 12:26:59 +02:00
Michal Hajas	883e83e625	Remove deprecated methods from data providers and models Closes #14720	2022-10-25 09:01:33 +02:00
Alexander Schwartz	9b80bad391	Stabilize test testAccountManagementLinkIdentity by waiting for username to appear Closes #15054	2022-10-24 19:19:27 +02:00
Stian Thorgersen	29b8294dd6	Filter list of supported OTP applications by current policy (#15113 ) Closes #15112	2022-10-24 16:47:16 +02:00
mposolda	55c514ad56	More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS Closes #14964	2022-10-24 08:36:37 +02:00
Stian Thorgersen	97ae90de88	Remove Red Hat Single Sign-On product profile from upstream (#14697 ) * Remove Red Hat Single Sign-On product profile from upstream Closes #14916 * review suggestions: Remove Red Hat Single Sign-On product profile from upstream Closes #14916 Co-authored-by: Peter Skopek <pskopek@redhat.com>	2022-10-18 14:43:04 +02:00
Marek Posolda	0756ef9a75	Initial integration tests with BCFIPS distribution (#14895 ) Closes #14886	2022-10-17 23:33:22 +02:00
Stian Thorgersen	f7490b7f7c	Fix issue where admin2 was not enabled by default if account2 was disabled (#14914 ) Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation Closes #14889	2022-10-17 15:17:54 +02:00
vramik	f49582cf63	MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable Closes #14678	2022-10-14 09:32:38 +02:00
danielFesenmeyer	f80a8fbed0	Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving - no longer throw an exception, when a role or group cannot be found, log a warning instead - update mapper references in case of the following events: - moving a group - renaming a group - renaming a role - renaming a client's Client ID (may affect role qualifiers) - in case a role or group is removed, the reference still will not be changed - extend and refactor integration tests in order to check the new behavior Closes #11236	2022-10-13 13:23:29 +02:00
Martin Kanis	761929d174	Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677 ) Closes #13334	2022-10-13 09:26:44 +02:00
Lex Cao	8ea3f30d82	Support profile projection parameter for LinkedIn IDP Closes #13384	2022-10-11 15:22:00 -03:00
Takashi Norimatsu	148c7695ff	Pluggable Features of Token Manager Closes #12065	2022-10-07 08:43:34 +02:00
Marek Posolda	425b6b8df2	Parameters 'client_id' and 'response_type' not strictly required in O… (#14679 ) * Parameters 'client_id' and 'response_type' not strictly required in OIDC request object Closes #14255	2022-10-05 11:20:15 +02:00
Douglas Palmer	44aae52fb4	Fixed locale switcher on error page (#14728 ) Closes #14205	2022-10-05 10:30:07 +02:00
Marek Posolda	c59660ca86	KEYCLOAK_SESSION not working for some user federation setups when user ID has special chars (#14560 ) closes #14354	2022-10-05 08:59:30 +02:00
Marek Posolda	fb24c86a3b	offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 (#14658 ) closes #13706	2022-10-03 12:54:12 +02:00
Stian Thorgersen	390c7485c7	Remove WildFly dist modules (#14675 ) Closes #14307	2022-09-30 14:26:55 +02:00
Alice Wood	1eb7e95b97	enhance existing group search functionality allow exact name search keycloak/keycloak#13973 Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>	2022-09-30 10:37:52 +02:00
Martin Bartoš	a20d6e2f1f	Remove JBoss-based auth servers from the testsuite (#14317 ) Closes #14299	2022-09-30 09:41:57 +02:00
Marcelo Daniel Silva Sales	22713bc144	Incorrect error message OIDC client authentication (#14656 ) closes #12162 Co-authored-by: Pedro Hos <pedro-hos@outlook.com>	2022-09-30 09:40:05 +02:00
David Anderson	a8db79a68c	Introduce crypto module using Wildfly Elytron (#14415 ) Closes #12702	2022-09-27 08:53:46 +02:00
Alexander Schwartz	be2deb0517	Modify RealmsAdminResource.importRealm to work with InputStream Closes #13609	2022-09-26 20:58:08 +02:00
Alice Wood	55a660f50b	enhance group search to allow searching for groups via attribute keycloak/keycloak#12964 Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2022-09-19 15:19:36 +02:00
Takashi Norimatsu	0a832fc744	Intent support before issuing tokens (UK OpenBanking) Closes #12883	2022-09-19 12:15:00 +02:00
rmartinc	cc9326fcad	Delay LDAPObject creation until mandatory attributes are set (#14341 ) Closes #14286	2022-09-16 20:35:50 +02:00
Dmitry Telegin	cc2117bf7c	UserInfo endpoint not fully standards compliant Closes #14184	2022-09-16 10:15:08 +02:00
danielFesenmeyer	3af1134975	Update IDP link username when sync mode is "force" Closes #13049	2022-09-14 08:02:17 -03:00
Martin Bartoš	ed3d003d65	Remove Legacy migration tests from testsuite (#14310 ) Closes #14300	2022-09-14 11:29:53 +02:00
Václav Muzikář	e999aeeab8	Fix `DefaultHostnameTest` on Undertow	2022-09-13 14:41:23 -03:00
Martin Bartoš	aa5a4e3d84	Remove remote WildFly server from the testsuite (#14321 ) Closes #14319	2022-09-13 12:49:40 +02:00
Václav Muzikář	490590625d	Fix `listApplicationsThirdParty`	2022-09-13 08:33:31 +02:00
Jurjan-Paul Medema	eb0124e3e1	Mapper option 'Aggregate attribute values' is now applied to group hierarchy (#7871 ) Closes #11255	2022-09-12 13:34:28 +02:00
Christoph Leistert	7e5b45f999	Issue #8749 : Add an option to control the order of the event query and admin event query	2022-09-11 21:30:12 +02:00
Alexander Schwartz	1d2d3e5ca5	Move UserFederatedStorageProvider into legacy module Closes #13627	2022-09-11 18:37:45 +02:00
Pedro Igor	3518362002	Validate auth time when max_age is sent to brokered OPs Closes #14146	2022-09-09 10:30:51 -03:00
Pedro Igor	a0079b516b	Allow setting response mode (#14104 ) Closes #14083	2022-09-09 14:28:47 +02:00
Martin Bartoš	0fcf5d3936	Reuse of token in TOTP is possible Fixes #13607	2022-09-09 08:56:02 -03:00
Marek Posolda	040e52cfd7	SAML javascript protocol mapper: disable uploading scripts through admin console by default (#14293 ) Closes #14292	2022-09-09 13:47:51 +02:00
vramik	869ccc82b2	Enable MapUserProvider storing username with the letter case significance Closes #10245 Closes #11602	2022-09-09 11:46:11 +02:00
Dominik Guhr	f2b02f19e6	Closes #13786	2022-09-07 18:29:26 +02:00
cgeorgilakis	07b0df8f62	View groups from account console (#7933 ) Closes #8748	2022-09-07 11:25:31 +02:00
Lex Cao	1f197aa96b	Add basic auth compliant to RFC 6749 (#14179 ) Closes #14179	2022-09-07 10:09:30 +02:00
Christoph Leistert	cc2bb96abc	Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.	2022-09-06 21:31:31 +02:00

... 7 8 9 10 11 ...

4155 commits