rmartinc
05bac4ff0e
Remove option Nerver Expires for tokens in Advanced OIDC client configuration
...
Closes https://github.com/keycloak/keycloak/issues/21927
2023-08-03 12:16:08 +02:00
mposolda
6f6b5e8e84
Fix authenticatorConfig for javascript providers
...
Closes #20005
2023-07-31 19:28:25 +02:00
rmartinc
0a7fcf43fd
Initial pagination in the admin REST API for identity providers
...
Closes https://github.com/keycloak/keycloak/issues/21073
2023-07-27 14:48:02 +02:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase ( #21202 )
...
closes #21200
Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2023-07-24 16:44:24 +02:00
Takashi Norimatsu
2efd79f982
FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
...
Closes #20584
2023-07-24 09:11:30 +02:00
Richard Stiller
9b80746b3d
improve realm file to not switch randomly otpSupportedApplications by export ( #21661 )
2023-07-18 13:32:41 +00:00
Michal Hajas
07c27336aa
Check whether realm has store enabled for immediately sent events
...
Closes #21698
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-07-14 20:50:33 +02:00
Daniele Martinoli
817f129484
fix: closes #21095 ( #21289 )
...
* fix: closes #21095
* Added overloaded version of GroupUtils.toGroupHierarchy with additional full parameter.
2023-07-10 12:13:26 +02:00
Daniele Martinoli
13e2075ceb
Applying reviewer comments
2023-07-07 09:00:51 -03:00
Daniele Martinoli
e6d7749cbf
fix for 21476
2023-07-07 09:00:51 -03:00
Douglas Palmer
b59faa51d5
NPE in getDefaultRequiredActionCaseInsensitively
...
closes #21123
2023-07-04 12:15:22 -03:00
Thomas Darimont
637fa741b0
Align naming of OTP policy window setting with actual semantics ( #20469 ) ( #21316 )
...
Closes #20469
2023-07-04 12:41:21 +02:00
mposolda
ccbddb2258
Fix updating locale on info/error page after authenticationSession was already removed
...
Closes #13922
2023-07-03 18:57:36 -03:00
Pedro Igor
28aa1d730d
Verify holder of the device code ( #21 )
...
Closes https://github.com/keycloak/security/issues/32
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
2023-06-28 15:45:26 +02:00
Hynek Mlnarik
c092c76ae8
Remove ldapsOnly (Java)
...
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.
Closes : #9313
2023-06-28 08:30:09 +02:00
Pedro Igor
d0691b0884
Support for the locale user attribute
...
Closes #21163
2023-06-27 09:21:08 -03:00
Erik Jan de Wit
3a3907ab15
changed to use ConfiguredProvider
instead ( #21097 )
...
fixes : #15344
2023-06-27 08:00:32 -04:00
Douglas Palmer
f526f7a091
Emails with non-ascii characters are not allowed since v21.0.0
...
closes #20878
2023-06-22 10:27:48 -03:00
Pedro Igor
eb5edb3a9b
Support reading base32 encoded OTP secret
...
Closes #9434
Closes #11561
2023-06-22 08:08:13 -03:00
mposolda
dc3b037e3a
Incorrect Signature algorithms presented by Client Authenticator
...
closes #15853
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-06-21 08:55:58 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console ( #21098 )
...
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Closes #9864
2023-06-20 20:46:57 +02:00
Alexander Schwartz
9425432f2c
Handle HTTP response codes when retrieving data from remote endpoints
...
Closes #20895
2023-06-12 13:37:59 +02:00
rmartinc
f3fcf1f8c5
Session cross-reference / transaction mismatch
...
Closes https://github.com/keycloak/keycloak/issues/20855
2023-06-12 13:18:39 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces
...
Fixes #20877
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json ( #19394 )
...
Closes #19373
2023-06-09 10:46:28 +02:00
Réda Housni Alaoui
eb9bb281ec
Require user to agree to 'terms and conditions' during registration
2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators ( #20731 )
...
closes #20497
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-08 14:52:34 +02:00
Alice Wood
7e56938b74
Extend group search attribute functionality to account for use case where only the leaf group is required
2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705
EventBuilder fixes to copy the store and session context
...
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
2023-06-07 08:34:27 -03:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator ( #20572 )
...
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.
Closes #8753
---------
Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc
Fix and correlate session timeout calculations in legacy and new map implementations
...
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
2023-06-05 18:46:23 +02:00
Alexander Schwartz
cd9e0be9f0
Filter first, then sort, and avoid atomics
...
Closes #20394
2023-06-05 11:23:54 +02:00
Pedro Igor
8aeee928e8
Allow configuring the referrer policy ( #19917 )
...
* Allow configuring the referrer policy
Closes #17288
* fixed indentation
---------
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-05-30 12:27:12 -04:00
Stefan Guilhen
2252b09949
Remove deprecated default roles methods
...
Closes #15046
2023-05-23 22:32:52 +02:00
Dominik Schlosser
8c58f39a49
Updates Datastore provider to contain full data model
...
Closes #15490
2023-05-16 15:05:10 +02:00
Alexander Schwartz
910021408e
Use entity locking only for the map storage
...
This is a performance optimization that the new feature doesn't affect the old store.
Closes #20176
2023-05-15 10:20:35 +02:00
Alexander Schwartz
2758d78865
Avoid exception when looking up the providerId
...
This is a performance optimization, as creating an exception is expensive.
Closes #20176
2023-05-15 10:20:35 +02:00
Martin Bartoš
6118e5cfb7
Use JakartaEE dependencies
...
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238
Migrate packages from javax.* to jakarta.*
...
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java - Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java - Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
2023-04-27 13:36:54 +02:00
mposolda
1cbdf4d17e
Fix the issue with LDAP connectionUrl containing multiple hosts
...
Closes #17359
2023-04-16 17:41:22 +02:00
mposolda
4d8d6f8cd8
Preserve authentication flow IDs after import
...
closes #9564
2023-04-03 16:01:52 +02:00
Hynek Mlnarik
0d5363d0d5
Throw an exception rather than returning response
...
Closes : #17644
2023-04-03 14:43:50 +02:00
rmartinc
c6a1820a47
Use SimpleHttp for SOAP calls
...
Closes https://github.com/keycloak/keycloak/issues/17139
2023-03-31 10:57:47 -03:00
Alexander Schwartz
251f6151e8
Rework the Import SPI to be configurable via the Config API
...
Also rework the export/import CLI for Quarkus, so that runtime options are available.
Closes #17663
2023-03-24 15:28:55 -03:00
Alexander Schwartz
513bb809f3
Add a map storage global locking implementation for JPA
...
Closes #14734
2023-03-21 08:21:11 +01:00
Pedro Igor
a30b6842a6
Decouple the policy enforcer from adapters and provide a separate library
...
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
Alexander Schwartz
f6f179eaca
Rework the export to use CLI options and property mappers
...
Also, adding the wiring to support Model tests for the export.
Closes #13613
2023-03-07 08:22:12 +01:00
mposolda
a0192d61cc
Redirect loop with authentication success but access denied at default identity provider
...
closes #17441
2023-03-06 10:45:01 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version ( #17334 )
...
* Use a valid SemVer format for the SNAPSHOT version
* Update pom.xml
* Update pom.xml
---------
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Vilmos Nagy
4b0562da38
#16161 implement an EventBuilder constructor which can be called from scheduled tasks
2023-02-27 15:52:37 -03:00
Douglas Palmer
1d75000a0e
Create an SPI for DeviceActivityManager
...
closes #17134
2023-02-20 09:29:11 +01:00
Hynek Mlnarik
e30e1eca68
Ensure that concatenated Stream is closed once read
...
Fixes : #15781
2023-02-17 13:00:32 +01:00
Christian Hörtnagl
ff71cbc4f3
* fix typos in javadoc
2023-02-13 08:53:47 +01:00
laskasn
dc8b759c3d
Use encryption keys rather than sig for crypto in SAML
...
Closes #13606
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
2023-02-10 12:06:49 +01:00
Stefan Guilhen
1da6244ec0
Add retry logic to LoginActionsService#authenticate
...
In addition to that, avoid adding cookies on each retry.
Closes #15849
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-02-09 11:56:15 +01:00
Michal Hajas
6fa62e47db
Leverage HotRod client provided transaction
...
Closes #13280
2023-02-08 10:26:30 +01:00
Pedro Igor
7b58783255
Allow mapping claims to user attributes when exchanging tokens
...
Closes #8833
2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92
Revise blacklist password policy provider #8982
...
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages
Supported syntax variant:
`passwordBlacklist(wordlistFilename)`
Fixes #8982
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-02-07 10:36:39 +01:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys ( #16798 )
...
Closes #16797
2023-02-03 15:31:25 +01:00
Alexander Schwartz
c6aba2e3de
Make LockAcquiringTimeoutException a RuntimeException
...
Closes #16690
2023-01-31 08:21:32 +01:00
Marek Posolda
33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode ( #16699 )
...
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
2023-01-30 16:01:57 +01:00
mposolda
ac490a666c
Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key
...
Closes #16324
2023-01-10 20:39:59 +01:00
Pedro Igor
d797d07d8f
Ignore user profile attributes for service accounts
...
Closes #13236
2023-01-10 16:26:53 +01:00
Réda Housni Alaoui
dbe0c27bcf
Allowing client registration access token rotation deactivation
2023-01-05 20:53:57 +01:00
Michal Hajas
6566b58be1
Introduce Infinispan GlobalLock implementation
...
Closes #14721
2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41
Move transaction processing into session close
...
Fixes : #15223
2023-01-05 16:12:32 +01:00
Alexander Schwartz
0fee33bb95
Normalize JVM heap usage in tests and handle OOM situations
...
Closes #16089
2022-12-20 13:26:07 +01:00
Pedro Igor
857b02be63
Allow managing the required settigs for the email attribute
...
Closes #15026
2022-12-15 13:11:06 -08:00
Alexander Schwartz
e4804de9e3
Changing Quarkus transaction handling for JPA map storage to JTA
...
This has been recommended as the supported way of transaction handling by the Quarkus team.
Adding handling of exceptions thrown when committing JTA.
Re-adding handling of exceptions when interacting with the entity manager, plus wrapping access to queries to map exceptions during auto-flushing.
Closes #13222
2022-12-09 10:07:05 -03:00
douph1
4acd1afa3b
Use org.keycloak.common.util.Base64Url to encode/decode clientID
...
fix #15734
related #10227 #10231
2022-12-08 08:49:55 +01:00
Michal Hajas
de7dd77aeb
Change id of TermsAndConditions required actions to uppercase
...
Closes #9991
2022-12-07 10:51:37 -03:00
Stefan Guilhen
3a9e051301
Add debug log messages to KeycloakModelUtils.runJobInRetriableTransaction
...
Closes #15749
2022-12-01 15:19:37 -03:00
Pedro Igor
168734b817
Removing references to request and response from Resteasy
...
Closes #15374
2022-12-01 08:38:24 -03:00
Alexander Schwartz
fd152e8a3e
Modify RealmAdminResource.partialImport to work with InputStream
...
Rework existing PartialImportManager to not interfere with transaction handling, and bundle everything related to AdminEventBuild and JAX-RS Repsonses inside the Resource.
Closes #13611
2022-11-24 11:45:11 +01:00
danielFesenmeyer
18381ecd2e
Fix update of group mappers on certain changes of the group path
...
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed
Closes #15614
2022-11-23 10:12:34 +01:00
Michal Hajas
6d683824a4
Deprecate DBLockProvider and replace it with new GlobalLockProvider
...
Closes #9388
2022-11-16 16:13:25 +01:00
Pedro Igor
10b7475b04
Removing unnecessary injection points from JAX-RS (sub)resources
...
Closes #15450
2022-11-16 08:55:55 -03:00
Alexander Schwartz
b6b6d01a8a
Importing a representation by first creating the defaults, importing a representation and then copying it over to the real store.
...
This is the foundation for a setup that's needed when importing the new file store for which importing the representation serves as a placeholder.
Closes #14583
2022-11-16 09:56:13 +01:00
Marek Posolda
c0c0d3a6ba
Short passwords with PBKDF2 mode working ( #14437 )
...
* Short passwords with PBKDF2 mode working
Closes #14314
* Add config option to Pbkdf2 provider to control max padding
* Update according to PR review - more testing for padding and for non-fips mode
2022-11-06 14:49:50 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS ( #15299 )
...
closes #14965
2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS ( #15114 )
...
Closes #14794
2022-11-03 09:32:45 +01:00
Michal Hajas
883e83e625
Remove deprecated methods from data providers and models
...
Closes #14720
2022-10-25 09:01:33 +02:00
Stian Thorgersen
29b8294dd6
Filter list of supported OTP applications by current policy ( #15113 )
...
Closes #15112
2022-10-24 16:47:16 +02:00
Alexander Schwartz
440077de42
Reduce number of calls to the storage for clients and realms
...
Closes #15038
2022-10-21 15:08:39 +02:00
Stefan Guilhen
acaf1724dd
Fix ComponentsTest failures with CockroachDB
...
- Component addition/edition/removal is now executed in a retriable transaction.
Closes #13209
2022-10-21 10:48:08 +02:00
Stian Thorgersen
31aefd1489
OTP Application SPI ( #14800 )
...
Closes #14800
2022-10-18 14:42:35 +02:00
vramik
f49582cf63
MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable
...
Closes #14678
2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0
Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving
...
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
- moving a group
- renaming a group
- renaming a role
- renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior
Closes #11236
2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider ( #13677 )
...
Closes #13334
2022-10-13 09:26:44 +02:00
Alice Wood
1eb7e95b97
enhance existing group search functionality allow exact name search keycloak/keycloak#13973
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
2022-09-30 10:37:52 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron ( #14415 )
...
Closes #12702
2022-09-27 08:53:46 +02:00
Alexander Schwartz
be2deb0517
Modify RealmsAdminResource.importRealm to work with InputStream
...
Closes #13609
2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b
enhance group search to allow searching for groups via attribute keycloak/keycloak#12964
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-09-19 15:19:36 +02:00
Jurjan-Paul Medema
eb0124e3e1
Mapper option 'Aggregate attribute values' is now applied to group hierarchy ( #7871 )
...
Closes #11255
2022-09-12 13:34:28 +02:00
Christoph Leistert
7e5b45f999
Issue #8749 : Add an option to control the order of the event query and admin event query
2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5
Move UserFederatedStorageProvider into legacy module
...
Closes #13627
2022-09-11 18:37:45 +02:00
Martin Bartoš
0fcf5d3936
Reuse of token in TOTP is possible
...
Fixes #13607
2022-09-09 08:56:02 -03:00
vramik
869ccc82b2
Enable MapUserProvider storing username with the letter case significance
...
Closes #10245
Closes #11602
2022-09-09 11:46:11 +02:00
cgeorgilakis
07b0df8f62
View groups from account console ( #7933 )
...
Closes #8748
2022-09-07 11:25:31 +02:00
evtr
4469bdc0a9
RelayState max length not respected
...
Fixes : #10227
2022-09-06 22:01:14 +02:00
Christoph Leistert
cc2bb96abc
Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.
2022-09-06 21:31:31 +02:00
Pedro Igor
a6137b9b86
Do not empty attributes if they are not provided when user profile is enabled
...
Closes #11096
2022-09-06 12:59:05 +02:00
Martin Bartoš
e6a5f9c124
Default required action providers are still available after feature disabling
...
Closes #13189
2022-08-31 08:42:47 +02:00
Justin Stephenson
0e89f07d5a
Implement AutoCloseable in SimpleHTTP util ( #11060 )
...
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-29 08:09:51 +02:00
Joerg Matysiak
62790b8ce0
Allow permission configuration for username and email in user profile.
...
Enhanced Account API to respect access to these attributes.
Resolves #12599
2022-08-25 21:54:51 -03:00
Bastian
343d181a4e
KEYCLOAK-18289: use utf-8 encoding for simplehttp ( #8025 )
...
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-25 13:02:41 +02:00
Pedro Igor
25be07be17
Allow introspecting tokens issued during token exchange with delegation semantics
...
Closes #9337
2022-08-24 09:47:04 -03:00
Lex Cao
6b1c64a1a9
Add rememberMe to a user session representation( #13408 ) ( #13765 )
...
Closes #13408
2022-08-23 15:28:52 +02:00
David Anderson
ce1331f550
Remove bouncycastle dependency from keycloak-services ( #13489 )
...
Closes #12857
Co-authored-by: mposolda <mposolda@gmail.com>
2022-08-22 15:43:59 +02:00
David Anderson
865a180c00
Remove bc dependency from server-spi and server-spi-private ( #13319 )
...
Closes #12858
2022-07-26 11:52:16 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration ( #12282 )
...
Closes #10135
2022-07-25 10:57:52 +02:00
Stian Thorgersen
a251d785db
Remove text based login flows ( #13249 )
...
* Remove text based login flows
Closes #8752
* Add display param back in case it's used by some custom authenticators
2022-07-22 15:15:25 +02:00
Alexander Schwartz
cb81a17611
Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory
...
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.
Closes #12972
2022-07-22 08:20:00 +02:00
Alexander Schwartz
d30646b1f6
Refactor object locking for UserSessions
...
Closes #12717
2022-07-19 17:47:33 -03:00
Alexander Schwartz
30b41d02b4
Move non-map-storage related classes to new package
...
Closes #13081
2022-07-15 09:46:29 -03:00
Marcelo Daniel Silva Sales
f7a80409a9
Add flow to generate secret length based on signature algorithm ( #13107 )
...
Closes #9376
2022-07-15 11:06:07 +02:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store ( #12241 )
...
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Closes #9666
2022-07-14 12:07:02 -03:00
Pedro Igor
5b48d72730
Upgrade Resteasy v4
...
Closes #10916
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Martin Bartoš
07ab29378b
Make WebAuthn required actions enabled by default
...
Closes #12723
2022-07-11 15:32:40 +02:00
Michal Hajas
0f86427dd0
Make user->client sessions relationship consistent
...
Closes #12817
2022-07-11 08:42:28 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider ( #12897 )
...
Split PublicKeyStorageProvider
- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates
Resolves #12763
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-07-05 09:57:51 -03:00
Alexander Schwartz
4b20e90292
Move session persistence package to legacy-private module
...
Also, disabling the jpa session persister when map storage is enabled.
Closes #12712
2022-07-04 10:05:26 -03:00
Jon Koops
06d1b4faab
Restore enum variant of ResourceType
...
This reverts commit 3b5a578934
.
2022-06-30 12:20:51 -03:00
Alexander Schwartz
b581c203e3
Moving ClientScopeStorageProviderModel to the legacy modules
...
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
05f8f3038f
Moving GroupStorageProviderModel to the legacy modules
...
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
692ce0cd91
Moving ClientStorageProvider to the legacy modules
...
This prepares the move of CachedObject and CacheableStorageProviderModel
Closes #12531
fixup! Moving ClientStorageProvider to the legacy modules
2022-06-29 20:04:32 +02:00
vramik
3b5a578934
Change enum ResourceType to interface with String constants
...
Closes #12485
2022-06-29 13:35:11 +02:00
Lex Cao
c3c8b9f0c8
Add client_secret
to response when token_endpoint_auth_method
is not private_key_jwt
( #12609 )
...
Closes #12565
2022-06-29 10:19:18 +02:00
Clara Fang
4643fd09e3
Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
...
This should reduce GC pressure.
Closes #12644
2022-06-29 08:53:09 +02:00
Konstantinos Georgilakis
ccc0449314
json device code flow error responses
...
closes #11438
2022-06-29 07:23:02 +02:00
Alexander Schwartz
4b499c869c
Encapsulate MigrationModelManager in legacy module
...
Closes #12214
2022-06-28 10:53:04 +02:00
Pedro Igor
3d2c3fbc6a
Support JSON objects when evaluating claims in regex policy
...
Closes #11514
2022-06-23 14:04:09 -03:00
rmartinc
711440e513
[ #11036 ] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL
2022-06-21 10:52:25 -03:00
Alexander Schwartz
ae7c01b719
Moving the CacheRealmProvider interface to the legacy module
2022-06-21 08:53:06 +02:00
Alexander Schwartz
7855b93390
Moving the UserCache interface to the legacy module
...
Co-Authored-By: hmlnarik@redhat.com
2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230
for all added files in the PR, update the copyright header or add it if it was missing
2022-06-21 08:53:06 +02:00
Alexander Schwartz
a109e28be7
moving some functionality around imports
2022-06-21 08:53:06 +02:00
Alexander Schwartz
f89b8c356d
Moving logic to create a user from a representation to the legacy module
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1
Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
...
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()
Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc
Added LegacySessionSupport SPI
...
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded
Avoid using methods on UserCredentialStoreManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6
SingleUserCredentialManager moving in
...
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e
Move User Storage SPI, introduce ExportImportManager
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51
Preparation for moving User Storage SPI
...
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad
Move realms, clients, groups, roles, clientscopes into legacy module
...
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
of direct creating of area providers by the session
2022-06-21 08:53:06 +02:00
Michal Hajas
0719d3e49b
Remove EXPIRATION fields and add expired entities filtering to all queries automatically
...
Closes #12563
2022-06-20 21:45:32 +02:00
vramik
df41f233d5
Introduce unique index for enums stored by storages
...
Closes #12277
2022-06-15 09:12:10 +02:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API ( #11199 )
2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration ( #12244 )
...
Closes #12243
2022-06-07 09:02:00 +02:00
Michal Hajas
09c0a69a8f
Add HotRod no downtime store for events
...
Closes #9676
2022-06-02 13:30:19 +02:00
Pedro Hos
e121371401
/clients-registrations API doesn't return secret anymore and is not coherent #11116
...
/clients-registrations API doesn't return secret anymore and is not coherent
fixing merge
/clients-registrations API doesn't return secret anymore and is not coherent
fixing test that was failing
Replace tabs with regular spaces
fixing identation
/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116
fixing test that was failing
2022-05-30 15:18:56 +02:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 ( #11322 )
...
Closes #9945
2022-05-27 12:28:50 +02:00
Michal Hajas
bc59fad85b
Unify way how expirable entities are handled in the new store
...
Closes #11947
2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5
Map storage: Single-use objects (action token)
2022-05-25 16:47:10 +02:00
Pedro Igor
26c87af9f4
Avoiding unnecessary roundtrips to the database when evaluating permissions
...
Closes #12148
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2022-05-25 12:23:15 +02:00
Martin Bartoš
86f31e8df5
Fix BlacklistPasswordPolicyDefaultPath Failures on Windows
...
Fixes #11967
2022-05-24 17:26:19 -03:00
vramik
0c3aa597f9
JPA map storage: test failures after cache was disabled
...
Closes #12118
2022-05-23 13:01:30 +02:00
Michal Hajas
0bda7e6038
Introduce map event store with CHM implementation
...
Closes #11189
2022-05-17 12:57:35 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one
...
Fixes first part of: #11173
* Merge single-use token providers into one
* Remove PushedAuthzRequestStoreProvider
* Remove OAuth2DeviceTokenStoreProvider
* Delete SamlArtifactSessionMappingStoreProvider
* SingleUseTokenStoreProvider cleanup
* Addressing Michal's comments
* Add contains method
* Add revoked suffix
* Rename to SingleUseObjectProvider
2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59
Make sure there is always Realm or ResourceServer when searching for authz entities
...
Closes #11817
2022-05-11 07:20:01 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing ( #7943 )
...
Closes #11875
2022-05-09 18:52:22 +02:00
Michal Hajas
6b5c417742
Add HotRod store for authorization services
...
Closes #9679
2022-05-06 15:31:38 +02:00
Dominik Guhr
acd4f5f793
set the standardcharset to UTF-8
...
Closes #10462
2022-05-03 16:14:34 -03:00
vramik
0d83b51b20
Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field
...
Co-authored-by Michal Hajas <mhajas@redhat.com>
Closes #10883
2022-05-03 12:56:27 +02:00
vramik
2ecf250e37
Deletion of all objects when realm is being removed
...
Closes #11076
2022-04-28 11:09:17 +02:00
Hynek Mlnarik
0ce5dfc09c
Remove dependency of map on services
...
Fixes: 8903
2022-04-22 17:27:21 +02:00
Stefan Guilhen
b29b27d731
Ensure code does not rely on a particular format for the realm id or component id
2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature ( #11117 )
...
Closes #9865
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-04-20 14:25:16 +02:00
Pedro Igor
f1fd7af758
Remove policies when user is deleted ( #11385 )
...
Closes #11284
2022-04-20 09:23:46 +02:00
Pedro Igor
b4770c30fd
Fixing NPE when querying resources by type
...
Closes #11137
2022-04-07 15:10:20 -03:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint ( #10887 )
...
* OIDC RP-Initiated logout endpoint
Closes #10885
Co-Authored-By: Marek Posolda <mposolda@gmail.com>
* Review feedback
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
2022-03-30 11:55:26 +02:00
Andrea Peruffo
da5db5a813
Fix NPEs during realm import ( #10962 )
...
Closes #10961
2022-03-29 21:48:37 +02:00
Martin Kanis
e493b08fa7
Add expiration field to root authentication session
2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring
...
Closes : #10447
* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
Alexander Schwartz
fb92b95c33
Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible.
...
This reverts commit bc27c7c464
.
Closes #10840
2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT ( #10784 )
2022-03-22 09:22:48 +01:00
Clara Fang
bc27c7c464
Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
...
Closes #10333
2022-03-18 11:20:52 +01:00
mposolda
9e12587181
Protocol mapper and client scope for 'acr' claim
...
Closes #10161
2022-03-11 09:23:25 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes ( #8730 )
...
Closes #9540
Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
2022-03-10 15:49:25 +01:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation ( #10603 )
...
Closes #10602
2022-03-09 00:05:14 +01:00
rmartinc
48565832d4
[ #10608 ] Password blacklists folder
2022-03-08 08:22:34 -03:00
mposolda
93bba8e338
Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that.
...
Closes #10205
2022-03-08 10:41:05 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore
...
Closes #10442
2022-02-24 12:46:26 +01:00
bal1imb
07d47cf6c2
KEYCLOAK-19501 Removed exception handling on failed event persistence in the EventBuilder class.
2022-02-23 15:41:20 -03:00
Marek Posolda
8c3fc5a60e
Option for client to specify default acr level ( #10364 )
...
Closes #10160
2022-02-22 07:54:30 +01:00
Marek Posolda
90d4e586b6
Show error in case of an unkown essential acr claim. Make sure correc… ( #10088 )
...
* Show error in case of an unkown essential acr claim. Make sure correct acr is set after authentication flow during step-up authentication
Closes #8724
Co-authored-by: Cornelia Lahnsteiner <cornelia.lahnsteiner@prime-sign.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2022-02-15 09:02:05 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT ( #10165 )
2022-02-11 21:28:06 +01:00
Francis PEROT
623aaf1e8b
Fixes collection comparison ignoring order
...
Use of containsAll() does not permit to compare if 2 lists are equals
(ignoring order)
Previous implementation of CollectionUtil.collectionEquals(...) was not taking care of specific cases where you can have [ A, A, B ] and [ A, B, B ] and complexity was O(n²)
Using Map, complexity is now O(n)
Closes #9920
2022-02-11 10:01:41 +01:00
Mauro de Wit
2c238b9f04
session-limiting-feature ( #8260 )
...
Closes #10077
2022-02-08 19:16:06 +01:00
Stian Thorgersen
2e5cb103ee
Update to UA Parser 1.5.2 ( #10030 )
2022-02-08 11:28:59 +01:00
Marek Posolda
d9c8cb30a5
Closes #9498 - Fix cases when user is forced to re-authenticate ( #9580 )
2022-02-07 09:02:08 +01:00
Konstantinos Georgilakis
a1f2f77b82
Device Authorization Grant with PKCE
...
Closes #9710
2022-02-03 08:37:07 +01:00
Daniel Gozalo
3528e7ba54
[ fixes #9224 ] - Get consented scopes from AuthorizationContext
...
Always show the consent screen when a dynamic scope is requested and show the requested parameter
Improve the code that handles dynamic scopes consent and add some log traces
Add a test to check how we show dynamic scope in the consent screen and added missing template file change
Fix merge problem in comment and improve other comments
Fix the Dynamic Scope test by assigning it to the client as optional instead of default
Change how dynamic scopes are represented in the consent screen and adapt test
2022-02-02 09:10:20 +01:00
Alexander Schwartz
df7ddbf9b3
Added ModelIllegalStateException to handle lazy loading exception.
...
Closes #9645
2022-01-31 10:10:41 +01:00
Takashi Norimatsu
ef134390c2
Client Policies : Condition's negative logic configuration is not shown in Admin Console's form view
...
Closes #9447
2022-01-27 09:55:22 +01:00
vramik
873a44459a
Convert MapClientScopeEntity to interface
...
Closes #9657
2022-01-23 16:56:25 +01:00
Thomas Darimont
438fc2865f
Fix embedded theme-resources lookup in Keycloak.X
...
Previously lookups for embedded theme-resources did not work for Keycloak.X because of a missing
`ClasspathThemeResourceProvider` registration.
This PR ensures that a `ClasspathThemeResourceProvider` is registered in Keycloak.X based deployments.
Added empty constructors to ClasspathThemeResourceProvider to enable dynamic instantiation by Quarkus.
Fixes #9653
2022-01-21 09:52:26 -03:00
Daniel Gozalo
8ea09d3816
[ fixes #9222 ] - Let users configure Dynamic Client Scopes ( #9327 )
2022-01-12 14:27:24 +01:00
CorneliaLahnsteiner
dff79cee3c
KEYCLOAK-847 Add support for step up authentication ( #7897 )
...
KEYCLOAK-847 Fix behavior of unknown not essential acr claim
Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2021-12-22 12:43:12 +01:00
keycloak-bot
9f3d4a7d42
Set version to 17.0.0-SNAPSHOT
2021-12-20 10:50:39 +01:00
vramik
e61da278ba
When ternary conditional operator uses primitive type it could throw NPE in some cases
...
Closes #9137
2021-12-15 10:25:54 +01:00
Hynek Mlnarik
2785cab596
Simplify component model overrides
...
Fixes #9021
2021-12-08 10:58:56 +01:00
Hynek Mlnarik
95614e8b40
Fix NPE for component creation when realm unset but config known
...
Fixes #9019
2021-12-07 20:15:05 +01:00
Martin Bartoš
1e1a6779be
Issue 8814: Replace deprecated hamcrest-all dependencies
2021-11-23 13:56:28 +01:00
bal1imb
661aca4452
KEYCLOAK-19283 Implemented new identity provider mapper "Advanced claim to group mapper" alongside tests.
2021-11-19 16:54:39 +01:00
Takashi Norimatsu
10c3e149d3
KEYCLOAK-19699 RSA key provider with key use = enc cannot select corresponding algorithm on Admin Console
2021-11-18 13:24:50 +01:00
Alec Henninger
cec6a8a884
KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error
2021-11-08 11:37:51 +01:00
Pedro Igor
eaa96f6147
[KEYCLOAK-18255] - Vault Support in Dist.X
2021-11-03 09:23:33 -03:00
Martin Bartoš
bfce612641
KEYCLOAK-18338 Fix update user account with configured SSSD
2021-11-02 08:42:07 +01:00
R Yamada
891c8e1a12
[KEYCLOAK-17653] - OIDC Frontchannel logout support
2021-10-07 15:27:19 -03:00
stianst
f471a110cd
KEYCLOAK-19408 Better client secrets
2021-09-29 18:19:43 +02:00
Daniel Fesenmeyer
339224578e
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
...
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Nikolas Laskaris
8f09d34272
KEYCLOAK-18288 ( #8096 )
...
RealmsAdminResource now returns also a brief representation (not by default, to be backwards compatible) for realms[] if the appropriate flag is sent.
2021-09-20 15:32:15 -04:00
Vlastimil Elias
28e220fa6d
KEYCLOAK-18497 - Support different input types in built-in dynamic forms
2021-09-20 09:14:49 -03:00
Vlastimil Elias
2be5f528e4
KEYCLOAK-18700 - consistently record User profile attribute changes in
...
UPDATE_PROFILE event
2021-09-15 08:26:01 -03:00
David Hellwig
a6cd80c933
KEYCLOAK-16076 added new warining when cookies are disabled -with new branch- ( #7632 )
...
* KEYCLOAK-16076 added new warining when cookies are disabled
Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
2021-09-13 11:30:11 +02:00
Martin Bartoš
7c243c8427
KEYCLOAK-18590 Save Button Enabled For Empty Attributes
2021-09-01 10:51:20 +02:00
Thomas Darimont
fd2787ae7d
KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew
...
Make TimeBasedOTP#clockSkewIndexToDelta private.
2021-09-01 10:45:50 +02:00
Thomas Darimont
af892d469c
KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew
...
Add test case
2021-09-01 10:45:50 +02:00
Thomas Darimont
5898f9c390
KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew
...
Previously the TimeBasedOTP only looked behind to mitigate clock skew.
We now look around (look ahead + look behind) to better accommodate clock skew.
2021-09-01 10:45:50 +02:00
Martin Bartos
18cef60bbd
KEYCLOAK-19037 Problems with validation of Email field that contains uppercase character
2021-08-19 11:13:42 +02:00
Vlastimil Elias
afa6e31d36
[KEYCLOAK-19006] User Profile: Patched handling of the "whitespace-only"
...
texts in pattern and length validators
2021-08-10 08:43:58 -03:00
Simen Heggestøyl
624a9a3ed7
KEYCLOAK-18509 Fix permission error when deleting client
2021-08-05 11:55:24 -03:00
Thomas Darimont
17da3ee8d9
KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
...
Previously the group search did not apply a given search query as filter
for groups along the group path.
We now filter the found groups with the given group search query if present.
2021-08-05 11:43:56 +02:00
keycloak-bot
262ec3d031
Set version to 16.0.0-SNAPSHOT
2021-07-30 14:56:10 +02:00
Vlastimil Elias
32f2f095fe
KEYCLOAK-7724 User Profile default validations
2021-07-29 08:42:37 +02:00
mposolda
643b3c4c5a
KEYCLOAK-18594 CIBA Ping Mode
2021-07-27 08:33:17 +02:00
Joerg Matysiak
9dff21d0a7
KEYCLOAK-18552
...
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
2021-07-23 09:26:21 -03:00
Vlastimil Elias
61aa4e6a70
KEYCLOAK-18750 - Set "Email Verified" to false when email changed in
...
UserProfile Provider
2021-07-19 11:19:29 -03:00
bal1imb
fbaeb18a5f
KEYCLOAK-18471 Added ID to admin event object.
2021-07-16 12:46:07 +02:00
Pedro Igor
f1face6973
[KEYCLOAK-18748] - Do not remove attributes when declarative provider is enabled
2021-07-15 12:00:39 -03:00
Pedro Igor
1baab67f3b
[KEYCLOAK-18630] - Request object encryption support
2021-07-09 11:27:30 -03:00
Vlastimil Elias
6686482ba5
[KEYCLOAK-18591] - Support a dynamic IDP user review form
2021-07-09 10:05:26 -03:00
Pedro Igor
4099833be8
[KEYCLOAK-18693] - Declarative profile validating read-only attribute if it exists
2021-07-08 15:22:02 -03:00
Dmitry Telegin
3b3a61dfba
KEYCLOAK-18639 Token Exchange SPI Milestone 1
2021-07-06 15:48:45 -03:00
Hryhorii Hevorkian
2803685cd7
KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak
...
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-07-03 08:47:42 +02:00
Vlastimil Elias
04ff2c327b
[KEYCLOAK-18429] Support a dynamic update profile form
2021-07-02 10:22:47 -03:00
Vlastimil Elias
f32447bcc1
[KEYCLOAK-18424] GUI order for user profile attributes
2021-07-02 08:37:24 -03:00
lbortoli
164f3df080
KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback.
2021-07-01 00:31:26 +02:00
Vlastimil Elias
bcfa6e4309
KEYCLOAK-18592 - put attribute validators configuration into freemarker
...
template for user profile pages
2021-06-30 09:01:12 -03:00
Takashi Norimatsu
57c80483bb
KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request
...
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-06-29 08:07:40 +02:00
Pedro Igor
948f453e2d
[KEYCLOAK-18427] - Allowing switching to declarative provider
2021-06-28 15:50:04 -03:00
Vlastimil Elias
512bcd14f7
[KEYCLOAK-18428] - dynamic registration form
2021-06-25 17:11:15 -03:00
Vlastimil Elias
b7a4fd8745
KEYCLOAK-18423 - Support a user-friendly name property for user profile
...
attributes
2021-06-24 08:17:06 -03:00
Vlastimil Elias
458c841c39
[KEYCLOAK-18447] Dynamically select attributes based on requested scopes
2021-06-22 08:54:03 -03:00
rmartinc
b8452374d2
[KEYCLOAK-18473] Add max length to password policy
2021-06-22 10:15:48 +02:00
keycloak-bot
13f7831a77
Set version to 15.0.0-SNAPSHOT
2021-06-18 10:42:27 +02:00
Pedro Igor
ef3a0ee06c
[KEYCLOAK-17399] - Declarative User Profile and UI
...
Co-authored-by: Vlastimil Elias <velias@redhat.com>
2021-06-14 11:28:32 +02:00
mposolda
070c68e18a
KEYCLOAK-18069 Migration of client policies JSON from Keycloak 13
2021-06-10 10:40:14 +02:00
mposolda
ab13e3e4fe
KEYCLOAK-17939 Enable Client policies feature by default
2021-05-31 12:31:52 +02:00
vramik
2bf727d408
KEYCLOAK-17753 remove KeycloakModelUtils.isClientScopeUsed method
2021-05-28 21:07:14 +02:00
Michal Hajas
4dcb69596b
KEYCLOAK-18146 Search for clients by client attribute when doing saml artifact resolution
2021-05-27 23:02:22 +02:00
Stian Thorgersen
2cb59e2503
KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients
2021-05-27 22:28:56 +02:00
Hynek Mlnarik
3d8f152787
KEYCLOAK-17747 KEYCLOAK-17754 Optimize getClients() calls
2021-05-27 22:12:56 +02:00
Martin Kanis
122fbe1bc6
KEYCLOAK-18298 ClearExpiredUserSessions timeouts with large number of sessions
2021-05-27 16:31:10 +02:00
vramik
3aa06c2721
KEYCLOAK-18073 avoid ModelDuplicateException during parallel starup of servers
2021-05-27 07:10:35 +02:00
Stefan Guilhen
eb631bf63b
[KEYCLOAK-8730] Ensure role mappers don't remove roles already granted by another mapper when updating a brokered user
2021-05-26 17:21:54 +02:00
Martin Kanis
1ab0d585a9
KEYCLOAK-11019 Initial support for lazy offline user-session loading
...
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Thomas Darimont <thomas.darimont@gmail.com>
2021-05-26 09:54:28 +02:00
Vlastimil Elias
4ad1687f2b
[KEYCLOAK-17399] UserProfile SPI - Validation SPI integration
2021-05-20 15:26:17 -03:00
Pedro Igor
a0f8d2bc0e
[KEYCLOAK-17399] - Review User Profile SPI
...
Co-Authored-By: Vlastimil Elias <vlastimil.elias@worldonline.cz>
2021-05-20 08:44:24 -03:00
Vlastimil Eliáš
0913a22c30
KEYCLOAK-2045 Simple Validation SPI for UserProfile SPI ( #8053 )
...
* KEYCLOAK-2045 Simple Validation API
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-05-19 13:57:34 -03:00
vramik
4d776cd780
KEYCLOAK-18137 Fix introduced SPI name
2021-05-18 20:30:21 +02:00
Hynek Mlnarik
c2e2cbe180
KEYCLOAK-17749 Remove need for iterating by all clients
2021-05-18 09:28:42 +02:00
Peter Flintholm
919899b994
KEYCLOAK-18039: Optimise offline session load on startup
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-05-13 16:26:26 +02:00
Marek Posolda
a6d4316084
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies ( #7969 )
...
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
2021-05-12 16:19:55 +02:00
Pedro Igor
6397671c88
[KEYCLOAK-17885] - Delete user-managed policies when removing groups
2021-05-10 16:33:23 -03:00
keycloak-bot
4b44f7d566
Set version to 14.0.0-SNAPSHOT
2021-05-06 14:55:01 +02:00
Hynek Mlnarik
6d97a573e6
KEYCLOAK-17696 Make MapStorageFactory amphibian
2021-05-06 11:38:41 +02:00
Hynek Mlnarik
e46a5484c5
KEYCLOAK-17695 Split MapStorage provider and provider factory
2021-05-06 11:38:41 +02:00
Peter Skopek
b2ed99c70d
KEYCLOAK-16928 Fix typo in authenticatorFlow representation
2021-05-06 08:33:19 +02:00
Václav Muzikář
315b9e3c29
KEYCLOAK-17835 Account Permanent Lockout and login error messages
2021-05-03 09:39:34 +02:00
Takashi Norimatsu
65c48a4183
KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA) ( #7679 )
...
* KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
Co-authored-by: Christophe Lannoy <c4r1570p4e@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-29 15:56:39 +02:00
Martin Kanis
515bfb5064
KEYCLOAK-16378 User / client session map store
...
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-04-28 09:09:15 +02:00
Pedro Igor
068a1811f2
[KEYCLOAK-17452] - Removing policies created from a user-managed policy
2021-04-21 11:30:57 -03:00
Michal Hajas
1e2db74d86
KEYCLOAK-16932 Authorization map storage
2021-04-16 17:26:16 +02:00
AlistairDoswald
8b3e77bf81
KEYCLOAK-9992 Support for ARTIFACT binding in server to client communication
...
Co-authored-by: AlistairDoswald <alistair.doswald@elca.ch>
Co-authored-by: harture <harture414@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-16 12:15:59 +02:00
stianst
a09142c43a
KEYCLOAK-17678 Fix getting client scope by name resulting in listing clients
2021-04-12 21:10:38 +02:00
Martin Bartoš
5a9068e732
KEYCLOAK-16401 Deny/Allow access in a conditional context
2021-04-09 12:04:45 +02:00
Takashi Norimatsu
42dec08f3c
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) ( #7780 )
...
* KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation)
* support tests using auth-server-quarkus
* Configuration changes for ClientPolicyExecutorProvider
* Change VALUE of table REALM_ATTRIBUTES to NCLOB
* add author tag
* incorporate all review comments
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-06 16:31:10 +02:00
vramik
185075d373
KEYCLOAK-14552 Realm Map Store
2021-03-31 15:49:03 +02:00
vramik
c3b9c66941
KEYCLOAK-17460 invalidate client when assigning scope
2021-03-30 10:58:16 +02:00
Hynek Mlnarik
a36fafe04e
KEYCLOAK-17409 Support for amphibian (both component and standalone) provider
2021-03-25 13:28:20 +01:00
Andrew Elwell
c76ca4ad13
Correct "doesn't exists" typos - fixes KEYCLOAK-14986 ( #7316 )
...
* Correct "doesn't exists" typos
* Revert changes to imported package
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2021-03-16 11:52:36 +01:00
Joaquim Fellmann
d2c98b20f3
KEYCLOAK-17404: LDAPS connection tests not working when protocol set in upper case
2021-03-16 10:10:59 +01:00
Yang Xie
db30b470c4
KEYCLOAK-17342 Make the default value of default signature algorithm show up in the admin console
2021-03-16 09:15:22 +01:00
Michito Okai
298ab0bc3e
KEYCLOAK-7675 Support for Device Authorization Grant
2021-03-15 10:09:20 -03:00
Hiroyuki Wada
5edf14944e
KEYCLOAK-7675 SPI and default implementation for Device User Code.
...
Author: Hiroyuki Wada <h2-wada@nri.co.jp>
Date: Sun May 12 15:47:15 2019 +0900
Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
Hiroyuki Wada
9d57b88dba
KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant.
...
Author: Hiroyuki Wada <h2-wada@nri.co.jp>
Date: Thu May 2 00:22:24 2019 +0900
Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
vramik
6e501946b1
KEYCLOAK-17021 Client Scope map store
2021-03-08 21:59:28 +01:00
Denis
23bfaef4bb
KEYCLOAK-15535 Account Log of user login with realm not available details when update profile
2021-03-04 08:06:36 +01:00
Takashi Norimatsu
c4bf8ecdf0
KEYCLOAK-16880 Client Policy - Condition : Negative Logic Support
2021-03-01 14:27:39 +01:00
mposolda
41dc94fead
KEYCLOAK-14483 Broker state param fix
2021-02-24 19:07:58 -03:00
Juan Manuel Rodriguez Alvarado
6255ebe6b5
[KEYCLOAK-16536] Implement Audit Events for Authorization Services requests
2021-02-22 17:28:59 -03:00
Oleksandr Kochubei
63b19389c1
KEYCLOAK-17189 - fixed NPE during migration due to missed "account" client
2021-02-19 22:21:58 +01:00
Pedro Igor
9356843c6c
[KEYCLOAK-16521] - Fixing secret for non-confidential clients
2021-02-19 08:38:49 +01:00
Pedro Igor
431f137c37
[KEYCLOAK-17123] - Avoid validation and updates for read-only attributes during updates
2021-02-17 17:57:46 +01:00
stefvdwel
5a500055f6
Added permission ticket /count endpoint. Todo: testing
2021-02-17 09:40:19 -03:00
Stefan Guilhen
bea3410357
[KEYCLOAK-17080] Fix ConcurrentModificationException in the migration to 8.0.0 that was introduced by the streamification work
2021-02-12 11:12:56 +01:00
Réda Housni Alaoui
6da396821a
KEYCLOAK-17014 Searching all users from admin console is very slow
2021-02-03 21:54:46 +01:00
Pedro Igor
cdf0ead957
[KEYCLOAK-16780] - Allow batching writes to storage when running migration ( #7717 )
...
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2021-01-29 09:35:19 -03:00