Erwin Rooijakkers
860978b15a
Change arg of getSubGroups to briefRepresentation
...
Parameter name briefRepresentation should mean briefRepresentation,
not full. This way callers will by default get the full
representation, unless true is passed as value for
briefRepresentation.
Fixes #25096
Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr ( #25215 )
...
also generally correcting the misspelling trustore
closes : #24798
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6
Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration
...
closes #25416
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-14 14:43:28 +01:00
Tomas Ondrusko
26342d829c
Update web elements of the Instagram login page
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-12-14 14:03:53 +01:00
rmartinc
c14bc6f2b0
Create terms and conditions execution when registration form is added
...
Closes #21730
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-13 15:32:58 +01:00
Pedro Igor
fa79b686b6
Refactoring user profile interfaces and consolidating user representation for both admin and account context
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
VR
1545b32a64
Revert changes related to map store in test classes in base testsuite
...
Closes #24567
Signed-off-by: VR <vramik@redhat.com>
2023-12-12 16:16:38 +01:00
Thomas Darimont
0f5bbae75c
Add support for POST logout in Keycloak JS ( #25348 )
...
Closes #25167
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-11 14:55:48 +01:00
Pedro Igor
78ba7d4a38
Do not allow removing username and email from user profile configuration
...
Closes #25147
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-11 08:30:28 +01:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks
...
Closes #23966
2023-12-08 17:55:17 +01:00
mposolda
90bf88c540
Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers
...
closes #24718
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-12-08 12:26:35 +01:00
Lukas Hanusovsky
baf6186863
25208 MSSQL startup message - fix ( #25378 )
...
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2023-12-07 16:27:16 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification
( #25323 )
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24793
2023-12-07 12:43:43 +00:00
Pedro Igor
b1626172aa
Removing unnecessary property from auth-server-migration maven profile
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 15:35:29 -03:00
rmartinc
522e8d2887
Workaround to allow percent chars in getGroupByPath via PathSegment
...
Closes #25111
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-06 14:22:34 -03:00
Peter Zaoral
340eb99412
Unable to use < as part of a password (admin-cli) ( #24939 )
...
* escaped angle bracket characters in password
Closes #21951
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-12-06 17:27:44 +01:00
Pedro Igor
ab1173182c
Make sure realm is available from session when migrating to 23
...
Closes #25183
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 07:42:54 -03:00
rmartinc
d004e9295f
Do not allow remove a credential in account endpoint if provider marks it as not removable
...
Closes #25220
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-05 17:11:57 +01:00
Vlasta Ramik
6f37fefd8d
Delete container providers from the base testsuite ( #25168 )
...
Closes #24097
Signed-off-by: vramik <vramik@redhat.com>
2023-12-04 14:44:35 +01:00
Alfredo Moises Boullosa
0b48bef0b1
Update springboot version
...
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
2023-12-04 11:15:51 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi ( #25206 )
...
Closes #24103
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-12-01 16:40:56 +00:00
rmartinc
31b7c9d2c3
Add UP decorator to SSSD provider
...
Closes https://github.com/keycloak/keycloak/issues/25075
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-01 15:41:05 +01:00
mposolda
3fa2d155ca
Decouple factory methods from the provider methods on UserProfileProvider implementation
...
closes #25146
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-01 10:30:57 -03:00
Pedro Igor
c5bcdbdc3f
Make sure username is lowercase when normalizing attributes
...
Closes #25173
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-01 12:16:13 +01:00
Martin Kanis
4279bbc6b5
Map Store Removal: Delete map profiles from testsuite
...
Closes #24094
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2023-11-30 14:59:02 +01:00
vramik
587cef7de4
Delete Profile.Feature.MAP_STORAGE
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24102
2023-11-30 13:04:39 +01:00
Pedro Igor
c7f63d5843
Add options to change behavior on how unmanaged attributes are managed
...
Closes #24934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore ( #24473 )
...
closes #24148
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
Douglas Palmer
d0b86d2f64
Register event not triggered on external to internal token exchange
...
Closes #9684
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-29 15:30:47 -03:00
mposolda
479e6bc86b
Update Kerberos provider for user-profile
...
closes #25074
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4
Allow automatic download of SAML certificates in the identity provider
...
Closes https://github.com/keycloak/keycloak/issues/24424
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d
Remove lowercase for the hostname as recommended/advised by OAuth spec
...
Closes https://github.com/keycloak/keycloak/issues/25001
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Martin Bartoš
e71d850a03
Run SAML adapter tests with EAP 8
...
Closes #24168
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2023-11-28 14:07:44 +01:00
Pedro Igor
2c611cb8fc
User profile configuration scoped to user-federation provider
...
closes #23878
Co-Authored-By: mposolda <mposolda@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax ( #25 ) ( #25036 )
...
Closes https://github.com/keycloak/security/issues/46
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2023-11-27 11:38:14 +01:00
Takashi Norimatsu
1f5ee9bf80
NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token
...
closes #25022
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-11-27 08:49:48 +01:00
Thomas Darimont
8888e3d41c
Avoid deprecated API usage in testsuite/integration-arquillian/tests/base ( #24904 )
...
- Removed unused imports
- Avoided deprecated junit/hamcrest API
- Avoid usage of JDK API scheduled for removal
This should reduce the number of compiler warnings in the logs quite a bit
closes #24995
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-24 09:37:34 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings
...
Closes #23404
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2023-11-22 14:10:11 +01:00
Thomas Darimont
cd1e0e06c6
Avoid deprecated API usage in testsuite/integration-arquillian/util ( #24870 )
...
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-21 12:45:58 +01:00
Martin Bartoš
87ed656685
Start of MS-SQL fails in CI
...
Closes #24846
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2023-11-20 15:09:11 +01:00
Thomas Darimont
d30d692335
Introduce MaxAuthAge Password policy ( #12943 )
...
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.
Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin
Fixes #12943
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
rmartinc
5fad76070a
Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience
...
Closes https://github.com/keycloak/keycloak/issues/24659
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 18:22:16 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB
...
Closes #24095
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-16 13:50:56 +01:00
rmartinc
cca33baac3
Avoid NPE if RelayState is null and return a proper error
...
Closes https://github.com/keycloak/keycloak/issues/24079
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 12:56:49 +01:00
rmartinc
e3b2eec1ba
Make user profile validation success if the attribute was already wrong and read-only in the context
...
Closes https://github.com/keycloak/keycloak/issues/24697
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-14 03:07:00 -08:00
Erik Jan de Wit
89abc094d1
userprofile shared ( #23600 )
...
* move account ui user profile to shared
* use ui-shared on admin same error handling
also introduce optional renderer for added component
* move scroll form to ui-shared
* merged with main
* fix lock file
* fixed merge error
* fixed merge errors
* fixed tests
* moved user profile types to admin client
* fixed more types
* pr comments
* fixed some types
2023-11-14 08:04:55 -03:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients ( #21058 )
...
closes #21010
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2023-11-13 19:13:01 +01:00
vramik
71b6757c2f
Remove quarkus options related to map store
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24098
2023-11-13 12:34:52 +01:00
vramik
926be135e8
Remove map related modules
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24100
2023-11-13 12:34:52 +01:00
vramik
76affa45c6
Delete removed spi-events-store-jpa-max-detail-length
property from keycloak.conf in testsuite
...
Signed-off-by: vramik <vramik@redhat.com>
Fixes #17258
2023-11-13 08:34:09 +01:00
Hynek Mlnařík
0ceaed0e2e
Transient users: Consents ( #24496 )
...
closes #24494
2023-11-10 11:18:27 +01:00
rmartinc
6963364514
Keep same name on update for LDAP attributes
...
Closes https://github.com/keycloak/keycloak/issues/23888
2023-11-09 23:54:45 +01:00
mposolda
64836680d7
Failing test X509OCSPResponderTest due expired certificate
...
closes #24650
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-09 13:34:51 +01:00
Alexander Schwartz
26e2fde115
Avoid reseting cachemanger to null to avoid a re-initialization ( #24086 )
...
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.
Closes #24085
2023-11-08 11:33:44 -05:00
vramik
6fa26d7ff4
Delete map dependencies from dependency management
...
Closes #24101
2023-11-08 13:53:17 +01:00
mposolda
7863c3e563
Moving UPConfig and related classes from keycloak-services
...
closes #24535
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-07 12:41:29 +01:00
Peter Skopek
e5eded0eab
Add possibility to override fileName and base directory of Keycloak Quarkus distribution ZIP archive ( #24284 )
...
Closes #24283
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-11-07 10:31:58 +01:00
Joshua Sorah
7ca00975d4
Feature flag DPoP metadata in OIDC Well Known endpoint
...
Closes keycloak/keycloak#24547
Signed-off-by: Joshua Sorah <jsorah@gmail.com>
2023-11-06 03:13:57 -08:00
vramik
593c14cd26
Data too long for column 'DETAILS_JSON'
...
Closes #17258
2023-11-02 20:29:35 +01:00
Oliver
563ae104fd
[issue-14134] test partial import user with id
...
Fix #14134
2023-11-02 05:56:12 -07:00
Martin Kanis
e05effe62d
Map Store Removal: Delete map profiles and scopes from model tests
...
Closes #24093
2023-11-02 11:33:00 +01:00
Jon Koops
fe0a9459dd
Remove UTF-8 encoding header from property files ( #24471 )
2023-11-01 16:03:26 -04:00
rmartinc
d7bb59461d
Escape $ sign when replacing clientId in the role mappers
...
Closes https://github.com/keycloak/keycloak/issues/23692
2023-11-01 20:47:15 +01:00
Pedro Igor
be65ba8689
Make sure optional default attributes are removed when decorating the user-define user profile configuration
...
Closes #24420
2023-11-01 14:54:09 +01:00
mposolda
0bd2b342d7
Update per review
2023-10-31 12:56:46 -07:00
mposolda
6f992915d7
Move some UserProfile and Validation classes into keycloak-server-spi
...
closes #24387
2023-10-31 12:56:46 -07:00
Aboullos
75440abb5f
Fix compilation error on springboot ( #24437 )
2023-10-31 19:29:05 +00:00
Justin Tay
3ff0476cc3
Allow customization of aud claim with JWT Authentication
...
Closes #21445
2023-10-31 11:33:47 -07:00
rmartinc
1b630326b2
Fixes in LDAP tests when using AD
...
Closing https://github.com/keycloak/keycloak/issues/24357
2023-10-31 13:34:37 +01:00
rmartinc
7deb4ca545
Group count and PartialExport permission fixes
...
Closes https://github.com/keycloak/keycloak/issues/12171
2023-10-31 01:40:21 -07:00
Aboullos
c23e1e0e2b
Fix springboot tests ( #24254 )
...
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-31 09:06:09 +01:00
rmartinc
6484a3e705
Add userProfileEnabled attribute to realm response if admin can view users
...
closes https://github.com/keycloak/keycloak/issues/19093
2023-10-30 07:39:03 -07:00
rmartinc
ea398c21da
Add a property to the User Profile Email Validator for max length of the local part
...
Closes https://github.com/keycloak/keycloak/issues/24273
2023-10-27 15:09:42 +02:00
Alice
69497382d8
Group scalability upgrades ( #22700 )
...
closes #22372
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Thomas Darimont
d56baa80b3
Add support for passing acr_values in auth requests in keycloak.js ( #9383 ) ( #24259 )
...
Fixes #9383
2023-10-25 15:33:39 +02:00
Hynek Mlnarik
c036980c37
Add TRANSIENT_USERS feature flag
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d59ceb17e9
Add tests for offline access, introspection and userinfo endpoint
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d70735f64d
Tests
...
Part-of: Add support for not importing brokered user into Keycloak database
Closes : #11334
2023-10-25 12:02:35 +02:00
ggraziano
84112f57b5
Verification of iss at refresh token request
...
Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method.
Closes #22191
2023-10-24 23:42:11 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration ( #24215 )
...
closes #24182
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-10-24 20:19:33 +02:00
Martin Kanis
10a2c96c72
Users in role Rest API returns empty when User federation used ( #23318 )
...
* Users in role Rest API returns empty when User federation used
Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-24 11:10:20 -04:00
Martin Bartoš
9627187447
Adapter tests failing with Jakarta error ( #24177 )
...
Fixes #24176
2023-10-24 10:11:48 -04:00
rmartinc
ad01ed1497
Do not reset the user profile configuration on disable
...
Closes https://github.com/keycloak/keycloak/issues/23527
2023-10-24 03:05:34 -07:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow ( #23892 )
...
Closes #23891
2023-10-24 10:09:26 +02:00
Håvar Nøvik
bc55846809
Fixes a NullPointerException after import validation ( #20151 )
...
* Fixes a NullPointerException after import validation
If the import validation (when getting a user by email)
returns null, indicating that the user entity should be
removed from local storage, an email equality check results
in a NullPointerException.
This commit fixes this issue by explicitly checking for null.
Closes #20150
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-23 17:19:25 -04:00
vramik
a0f04fa2be
Declarative User Profile export
...
Closes #12062
Resolves #20885
2023-10-21 19:21:20 +02:00
Pedro Igor
e47389f199
Username now shown when creating a user and edit username is not allowed
...
Closes #24183
2023-10-20 10:22:31 -07:00
Steven Hawkins
f4d1dd9b7f
improvement: validates the expected values of non-cli properties ( #23797 )
...
also adds better messages for unknown options
closes #13608
2023-10-20 17:21:03 +00:00
Pedro Igor
d4a5391013
Making sure public clients can RPT tokens
...
Closes #14165
2023-10-20 17:53:10 +02:00
Pedro Igor
55a5a8c0eb
Ignore custom attributes when processing attributes in verify profile action
...
Closes #24077
2023-10-20 17:51:40 +02:00
mposolda
c18e8ff535
User profile tweaks in registration forms
...
closes #24024
2023-10-20 06:31:21 -07:00
kaustubh-rh
1ac2c0997d
Inconsistent handling of parenthesis in auth flow name ( #24113 )
...
closes #16379
2023-10-20 10:00:46 +02:00
mposolda
04777299b0
After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly
...
closes #23880
2023-10-19 19:23:50 +02:00
Vlasta Ramik
f6d582c761
Import migration step for kc22
...
Closes #24031
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-10-19 09:00:49 +02:00
rmartinc
d10ccc7245
Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions
...
Closes: https://github.com/keycloak/keycloak/issues/21797
Closes: https://github.com/keycloak/keycloak/issues/21818
2023-10-19 08:31:49 +02:00
Pedro Igor
e91a0afca2
The username in account is required and don't change when email as username is enabled
...
Closes #23976
2023-10-17 16:43:44 -03:00
wojnarfilip
b5ec155b64
Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin
...
Closes #23960
2023-10-17 16:59:09 +02:00
shigeyuki kabano
6112b25648
Enhancing Light Weight Token( #22148 )
...
Closes #21183
2023-10-17 13:12:36 +02:00
Alexander Schwartz
50916d58b1
Clean up created test user to avoid conflict with other tests
...
Closes #23804
2023-10-16 19:10:52 +02:00
wojnarfilip
f9386bd62b
Update login flow in OCP social login
2023-10-16 10:45:38 -03:00