Commit graph

13797 commits

Author SHA1 Message Date
Daniel Gozalo
dad51773ea [fixes #9223] - Create an internal representation of RAR that also handles Static and Dynamic Client Scopes
Parse scopes to RAR representation and validate them against the requested scopes in the AuthorizationEndpointChecker

Parse scopes as RAR representation and add the created context on the different cache models in order to store the state and make it available for mappers in the ClientSessionContext

Create a new AuthorizationRequestSpi to provide different implementations for either dynamic scopes or RAR requests parsing

Move the AuthorizationRequest objects to server-spi

Add the AuthorizationRequestContext property to the MapAuthenticationSessionEntity and configure MapAuthenticationSessionAdapter to access it

Remove the AuthorizationRequestContext object from the cache adapters and entities and instead recalculate the RAR representations from scopes every time

Refactor the way we parse dynamic scopes and put everything behind the DYNAMIC_SCOPES feature flag

Added a login test and added a function to get the requested client scopes, including the dynamic one, behind a feature flag

Add a new filter to the Access Token dynamic scopes to avoid adding scopes that are not permitted for a user

Add tests around Dynamic Scopes: replaying existing tests while enabling the DYNAMIC_SCOPES feature and adding a few more

Test how the server genereates the AuthorizationDetails object

Fix formatting, move classes to better packages and fix parent test class by making it Abstract

Match Dynamic scopes to Optional scopes only and fix tests

Avoid running these tests on remote auth servers
2022-01-26 13:19:23 +01:00
Dominik Guhr
af9d840ec1
Add section about recommended path exposures in reverse proxy (#9752)
Closes #9751
2022-01-26 09:02:25 +01:00
Václav Muzikář
6b485b8603 Baseline for Keycloak deployment in operator 2022-01-25 11:06:26 -03:00
Pedro Igor
d28b54e5d5
Hide Hasicorp Vault from CLI (#9700)
Closes #9688
2022-01-25 14:24:35 +01:00
Stian Thorgersen
194c95de58
Upgrade to WildFly 26.0.1 (#9768)
Closes #9767
2022-01-25 09:37:28 +01:00
andreaTP
90d6432d16 Proper kustomize setup for the operator 2022-01-24 13:13:16 -03:00
Alexander Schwartz
e2ac7b38f4 Adding missing database constraints for clients in JPA map storage.
This should ensure consistency for the store even in the event of concurrent creation of clients by multiple callers.

Closes #9610
2022-01-23 20:34:28 +01:00
Pedro Igor
b53c5d5eee Build command should not allow runtime options
Closes #9618
2022-01-23 16:30:48 -03:00
vramik
873a44459a Convert MapClientScopeEntity to interface
Closes #9657
2022-01-23 16:56:25 +01:00
Christoph Leistert
e751626ac8
Closes #9418: Admin UI: sort the realm localization texts alphabetically (#9419) 2022-01-21 10:49:22 -05:00
Thomas Darimont
438fc2865f Fix embedded theme-resources lookup in Keycloak.X
Previously lookups for embedded theme-resources did not work for Keycloak.X because of a missing
`ClasspathThemeResourceProvider` registration.

This PR ensures that a `ClasspathThemeResourceProvider` is registered in Keycloak.X based deployments.

Added empty constructors to ClasspathThemeResourceProvider to enable dynamic instantiation by Quarkus.

Fixes #9653
2022-01-21 09:52:26 -03:00
Stian Thorgersen
510c482572
Use tools icon instead of lock for build options on all-config guide (#9717) 2022-01-21 13:31:14 +01:00
Pedro Igor
1b1e220236
Remove system property from help message (#9694)
Closes #9687
2022-01-21 13:22:21 +01:00
Bruno Oliveira da Silva
f2430c0994 Exclude some folders from our SAST analysis
Currently, the CodeQL scanner has been analyzing the whole
codebase,including folders like testsuite, or examples. Those folders
are not relevant from the security standpoint, considering that they do
not expose our users and customers to any risks. They are only relevant
in the context of our pipelines, but never used in production.

Closes #9631
2022-01-20 18:42:39 -03:00
Pedro Igor
7511725af4 GHA failing due to wrong scheme when downloading ISPN server
Closes #9696
2022-01-20 20:44:23 +01:00
Joaquim Fellmann
bdb7cf9b96 Quarkus relational database setup documentation error
Closes #9324
2022-01-20 14:57:55 -03:00
Martin Kanis
ddcabe61b2 KEYCLOAK-19571 Add indices to HotRodClientEntity fields 2022-01-20 17:46:47 +01:00
pravsjv
a6acc89bf3
Update LDAPOperationManager.java (#9561)
Update LDAPOperationManager.java
Closes #9560
2022-01-20 17:33:56 +01:00
Stian Thorgersen
b8d3c12a08
Update layout for options in guides (#9658) 2022-01-20 14:21:23 +01:00
mposolda
3dd97f3f2f Fix migration test
Closes #9550
2022-01-20 13:42:47 +01:00
Hynek Mlnařík
2877482e40 Limit time for running model tests
Workaround for #9648
2022-01-20 12:30:49 +01:00
vramik
7b89d151c1 KEYCLOAK-18565 JPA roles no-downtime store 2022-01-20 12:02:35 +01:00
Guus der Kinderen
213b1f5042 Closes #9562: Add DB index for UserEntity getRealmUserByServiceAccount 2022-01-20 09:52:54 +01:00
vramik
61fbb2fb2e JPA-Map storage might loose writes due to missing locking mechanism
Closes #9411
2022-01-20 09:06:14 +01:00
Konstantinos Georgilakis
0c9ab32cf4 Fix scope bug in device authorization request
Closes #9617
2022-01-19 18:13:42 +01:00
vramik
22bcdcb630 MapRoleProvider could return also client roles when searching for realm roles
Closes #9587
2022-01-19 16:39:59 +01:00
Pedro Igor
0a9387ff4f Unified configuration option format and renaming keycloak.properties to keycloak.conf
Closes #9606
2022-01-19 08:47:15 -03:00
Pedro Igor
8ed7c0544f Defaults to TLSv1.3
Closes #9530
2022-01-18 07:42:24 -03:00
Stian Thorgersen
86e683bdb9
Remove output of summary in guides (#9615)
Closes #9614
2022-01-18 11:11:41 +01:00
Dominik Guhr
d451ae0ab7
Guide for enabling HTTPS/TLS (#9536)
Initial version of the guide for enabling TLS/HTTPS for Quarkus based Keycloak

Closes #9458
2022-01-18 10:51:43 +01:00
Stian Thorgersen
f80d336276
Add support to linking between guides (#9590)
Closes #9575
2022-01-17 16:41:29 +01:00
Dominik Guhr
99e7208f36
new title, summary and headlines for proxy guide (#9572)
Closes #9570
2022-01-17 12:45:06 +01:00
Konstantinos Georgilakis
db0b36460f KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider 2022-01-15 20:15:27 +01:00
Stian Thorgersen
ecd5dd248d
Package server guides (#9568)
Closes #9567
2022-01-14 13:39:22 +01:00
Dmitry Telegin
02d544b57b #9555 Multiple warnings caused by typed varargs in TokenVerifier 2022-01-14 02:54:47 -08:00
Pedro Igor
4c747047ce
Backward compatibility for lower-case bearer type in token responses (#9538)
Closes #9537
2022-01-13 08:34:45 +01:00
Stefan Guilhen
2fd1593abf Set order of LiquibaseDBLockProviderFactory to 1
- makes it the default provider when no provider is explicitly configured
- avoid NPE at server startup when other providers are present and none is set as default
2022-01-13 08:30:25 +01:00
Jon Koops
dea123169f
KEYCLOAK-14817 Allow JS adapter to be bundled as ES module (#9351) 2022-01-13 08:28:30 +01:00
Daniel Gozalo
8ea09d3816
[fixes #9222] - Let users configure Dynamic Client Scopes (#9327) 2022-01-12 14:27:24 +01:00
Dominik DS
93419a1797
KEYCLOAK-19289 check if values to set is not null (#8426)
Closes #9529
2022-01-12 09:22:01 +01:00
Yoshiyuki Tabata
1ff558bd9e Closes #9488 2022-01-12 09:06:48 +01:00
Andrea Peruffo
8c5e158db4
Baseline for the new Keycloak operator (#9381)
* Baseline for the new Keycloak operator

* v2alpha1 and better kustomization setup
2022-01-12 09:06:10 +01:00
Martin Bartoš
8649ca3d50
Multiple active tabs when realm name equals name of the tab in Admin console (#9438)
Closes #9421
2022-01-11 16:01:28 -05:00
Dominik Guhr
fe506bceaa
Change config ordinals and simpler keycloak.properties file
Closes #9473
2022-01-11 15:11:59 -03:00
Dominik Guhr
4436fb3a18 Fixes outdated Readme
also changes the general readme and the themes folders readme, bc invoking the shell-script without arguments leads to help now instead of starting

Closes #9501
2022-01-11 09:19:40 -08:00
Stian Thorgersen
a93ab357e5
Update commit message and issue linking sections in contributors guide (#9391) 2022-01-11 11:19:31 +01:00
Marek Posolda
8f221bb21e
Validation for CIBA binding_message parameter (#9470)
closes #9469
2022-01-11 11:19:15 +01:00
Pedro Igor
b2e55762f1
Properly setting the database schema (#9400)
Closes #9398
2022-01-11 09:22:11 +01:00
Pedro Igor
cbfd989ca9
Allow equal sign within option values (#9402)
Closes #9397
2022-01-11 09:21:38 +01:00
Martin Bartoš
d75d28468e
KEYCLOAK-19490 Add more details about 2FA to authenticate page (#9252)
Closes #9494
2022-01-11 09:16:22 +01:00