keycloak-scim

Author	SHA1	Message	Date
Lex Cao	142c14138f	Add verify email required action for IdP email verification Closes #26418 Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-01-24 12:15:09 +01:00
Takashi Norimatsu	b99f45ed3d	Supporting EdDSA closes #15714 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Co-authored-by: Muhammad Zakwan Bin Mohd Zahid <muhammadzakwan.mohdzahid.fg@hitachi.com> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-01-24 12:10:41 +01:00
Martin Kanis	84603a9363	Map Store Removal: Rename Legacy* classes (#26273 ) Closes #24105 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-01-23 13:50:31 +00:00
Peter Zaoral	d9f8a1bf4e	Testing Keycloak with nightly Quarkus releases (#23407 ) Closes #23322 Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2024-01-23 09:43:31 +01:00
Douglas Palmer	e7d842ea32	Invalidate session secretly Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-01-19 15:44:35 -03:00
Douglas Palmer	18d0105de0	Invalidate authentication session on repeated OTP failures Closes #26177 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-01-19 15:44:35 -03:00
rmartinc	2f0a0b6ad8	Remove deprecated mode for saml encryption Closes #26291 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-01-18 16:52:10 +01:00
cgeorgilakis-grnet	ccade62289	Enhance error logs and error events during UserInfo endpoint and Token Introspection failure Closes #24344 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-01-16 11:26:29 +01:00
Alexander Schwartz	b9498b91cb	Deprecating the offline session preloading (#26160 ) Closes #25300 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-01-16 09:29:01 +01:00
cgeorgilakis-grnet	a3257ce08f	OIDC Protocol Mappers with same claim Closes #25774 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-01-15 09:16:12 -03:00
rmartinc	e162974a8d	Integrate registration with terms and conditions required action Closes #25891 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-01-15 10:19:30 +01:00
Alexander Schwartz	a8eca6add0	Changing to the Infinispan BOM to avoid mis-aligned Infinispan dependencies (#26137 ) Closes #22922 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Pedro Ruivo <pruivo@redhat.com>	2024-01-15 09:20:47 +01:00
MikeTangoEcho	c2b132171d	Add X509 thumbprint to JWT when using private_key_jwt Closes keycloak#12946 Signed-off-by: MikeTangoEcho <mathieu.thine@gmail.com>	2024-01-12 16:01:01 +01:00
Lex Cao	47f7e3e8f1	Use email verification instead of executing action for `send-verify-email` endpoint Closes #15190 Add support for `send-verify-email` endpoint to use the `email-verification.ftl` instead of `executeActions.ftl` Also introduce a new parameter `lifespan` to be able to override the default lifespan value (12 hours) Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-01-11 16:28:02 -03:00
Jon Koops	5eb7363ddd	Promote Account Console v3 to default and deprecate v2 (#25852 ) Closes #19663 Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-01-11 19:42:10 +01:00
mposolda	692aeee17d	Enable user profile by default closes #25151 Signed-off-by: mposolda <mposolda@gmail.com>	2024-01-11 12:48:44 -03:00
Patrick Hamann	d36913a240	Ensure protocol forced reauthentication is correctly mapped during SAML identity brokering Closes #25980 Signed-off-by: Patrick Hamann <patrick@fastly.com>	2024-01-10 20:46:35 +01:00
remi	b22efeec78	Add a toggle to use context attributes on the regex policy provider Signed-off-by: remi <remi.tuveri@gmail.com>	2024-01-10 16:15:25 -03:00
Réda Housni Alaoui	98230aa372	Add federated identity ProviderEvent(s) Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>	2024-01-10 11:56:38 -03:00
rmartinc	42f0488d76	Avoid returning duplicated users in LDAP and unsynced Closes #24141 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-01-10 12:47:15 +01:00
Réda Housni Alaoui	3c05c123ea	On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>	2024-01-09 16:04:52 -03:00
Alexander Schwartz	01939bcf34	Remove concurrent loading of remote sessions as at startup time only one node is up anyway. (#25709 ) Closes #22082 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>	2024-01-09 16:55:22 +01:00
Alexander Schwartz	03372d2f41	Fix OfflineServletAdapterTest failures, and improve logging (#25724 ) Closes #25714 Closes #14448 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-01-09 14:59:20 +01:00
shigeyuki kabano	67e73d3d4e	Enhancing Lightweight access token M2(keycloak#25716) Closes keycloak#23724 Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>	2024-01-09 09:42:30 +01:00
Ricardo Martin	097d68c86b	Escape action in the form_post.jwt and only decode path in RedirectUtils (#93 ) (#25995 ) Closes #90 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-01-09 08:20:14 +01:00
Alexander Schwartz	0a16b64805	Stabilizing test cases by adding cleanups Closes #24651 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-01-08 19:32:01 -03:00
Douglas Palmer	58d167fe59	Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. Closes #24651 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-01-08 19:32:01 -03:00
Steven Hawkins	d1d1d69840	fix: adds a general error message and descriptions for some exceptions (#25806 ) closes: #25746 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-01-08 18:19:40 +00:00
Felix Gustavsson	0f47071a29	Check if UMA is enabled on resource, if not reject the request. Closes #24422 Signed-off-by: Felix Gustavsson <felix.gustavsson@topgolf.com>	2024-01-08 11:28:57 -03:00
Tomas Ondrusko	e4fa5c034a	Update web element of the LinkedIn login page (#25905 ) Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2024-01-08 11:32:45 +01:00
Pedro Igor	d540584449	Using a valid URI when deleting cookies before/after running tests Closes #22691 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-01-05 15:13:12 -03:00
atharva kshirsagar	d7542c9344	Fix for empty realm name issue Throw ModelException if name is empty when creating/updating a realm Closes #17449 Signed-off-by: atharva kshirsagar <atharva4894@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-01-05 14:23:42 +01:00
Pedro Igor	8ff9e71eae	Do not allow verifying email from a different account Closes #14776 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-01-05 12:45:07 +01:00
Pedro Igor	f476a42d66	Fixing the registration_client_uri to point to a valid URI after updating a client Closes #23229 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-01-05 12:41:36 +01:00
Ben Cresitello-Dittmar	057d8a00ac	Implement Authentication Method Reference (AMR) claim from OIDC specification This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens. This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note. The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens. Closes #19190 Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>	2024-01-03 14:59:05 -03:00
Jon Koops	07f9ead128	Upgrade Welcome theme to PatternFly 5 Closes #21343 Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-01-03 14:46:01 -03:00
Steven Hawkins	667ce4be9e	enhance: supporting versioned features (#24811 ) also adding a common PropertyMapper validation method closes #24668 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-01-03 17:56:31 +01:00
Réda Housni Alaoui	5287500703	@NoCache is not considered anymore Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>	2024-01-02 09:06:55 -03:00
Alexander Schwartz	9e890264df	Adding a test case to check that the expiration time is set on logout tokens Closes #25753 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2023-12-22 20:13:40 +01:00
Niko Köbler	5e623f42d4	add the exp claim to the backchannel logout token This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4. As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time. resolves #25753 Signed-off-by: Niko Köbler <niko@n-k.de>	2023-12-22 20:13:40 +01:00
Pedro Igor	ceb085e7b8	Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email Closes #25704 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-20 15:15:06 -03:00
rmartinc	c2e41b0eeb	Make Locale updater generate an event and use the user profile Closes #24369 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-20 15:26:45 +01:00
Daniel Fesenmeyer	baafb670f7	Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java) Closes #25677 Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>	2023-12-20 14:03:35 +01:00
Konstantinos Georgilakis	cf57af1d10	scope parameter in refresh flow Closes #12009 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2023-12-20 14:00:10 +01:00
mposolda	eb184a8554	More info on UserProfileContext closes #25691 Signed-off-by: mposolda <mposolda@gmail.com>	2023-12-19 13:00:31 -03:00
Pedro Igor	810ebf4efd	Migration steps for enabling user profile by default Closes #25528 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-19 10:19:45 -03:00
Joshua Sorah	d411eafc42	Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207 Closes keycloak/keycloak#25584 Signed-off-by: Joshua Sorah <jsorah@redhat.com>	2023-12-19 10:38:05 +01:00
Ricardo Martin	2ba7a51da6	Escape action in the form_post response mode (#60 ) Closes keycloak/keycloak-private#31 Closes https://issues.redhat.com/browse/RHBK-652 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis	ba8c22eaf0	Scope parameter in Oauth 2.0 token exchange Closes #21578 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2023-12-18 15:44:26 -03:00
Pedro Igor	778847a3ce	Updating theme templates to render user attributes based on the user profile configuration Closes #25149 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-18 15:35:52 -03:00
rmartinc	d841971ff4	Updating the UP configuration needs to trigger an admin event Close #23896 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-18 19:24:30 +01:00
Steven Hawkins	ec28b68554	fix: improve group matching (#25627 ) closes #25451 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2023-12-18 11:46:02 +01:00
mposolda	cd154cf318	User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect closes #25475 Signed-off-by: mposolda <mposolda@gmail.com>	2023-12-18 11:32:27 +01:00
Takashi Norimatsu	59536becec	Client policies : executor for enforcing DPoP closes #25315 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2023-12-18 10:45:18 +01:00
Joshua Sorah	a10149bbe9	For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs Closes keycloak#25544 Signed-off-by: Joshua Sorah <jsorah@redhat.com>	2023-12-18 09:05:51 +01:00
Ricardo Martin	ae04b954a6	Fix for test SSSDUserProfileTest.test05MixedInternalDBUserProfile (#25570 ) Closes #25566 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-15 18:57:31 +00:00
Martin Bartoš	14fd61bacc	PubKeySignRegisterTest failures in WebAuthn tests Fixes #9693 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2023-12-15 14:52:05 +01:00
Erwin Rooijakkers	860978b15a	Change arg of getSubGroups to briefRepresentation Parameter name briefRepresentation should mean briefRepresentation, not full. This way callers will by default get the full representation, unless true is passed as value for briefRepresentation. Fixes #25096 Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>	2023-12-14 17:23:27 +01:00
Steven Hawkins	08751001db	enhance: adds truststores to the keycloak cr (#25215 ) also generally correcting the misspelling trustore closes: #24798 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2023-12-14 11:15:06 -03:00
mposolda	c81b533cf6	Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration closes #25416 Signed-off-by: mposolda <mposolda@gmail.com>	2023-12-14 14:43:28 +01:00
Tomas Ondrusko	26342d829c	Update web elements of the Instagram login page Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-12-14 14:03:53 +01:00
rmartinc	c14bc6f2b0	Create terms and conditions execution when registration form is added Closes #21730 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-13 15:32:58 +01:00
Pedro Igor	fa79b686b6	Refactoring user profile interfaces and consolidating user representation for both admin and account context Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-13 08:27:55 +01:00
VR	1545b32a64	Revert changes related to map store in test classes in base testsuite Closes #24567 Signed-off-by: VR <vramik@redhat.com>	2023-12-12 16:16:38 +01:00
Thomas Darimont	0f5bbae75c	Add support for POST logout in Keycloak JS (#25348 ) Closes #25167 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-12-11 14:55:48 +01:00
Pedro Igor	78ba7d4a38	Do not allow removing username and email from user profile configuration Closes #25147 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-11 08:30:28 +01:00
Ricardo Martin	f78c54fa42	Fixes for LDAP group membership and search in chunks Closes #23966	2023-12-08 17:55:17 +01:00
mposolda	90bf88c540	Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers closes #24718 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-12-08 12:26:35 +01:00
Lukas Hanusovsky	baf6186863	25208 MSSQL startup message - fix (#25378 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2023-12-07 16:27:16 +01:00
Vlasta Ramik	df465456b8	Map Store Removal: Remove `LockObjectsForModification` (#25323 ) Signed-off-by: vramik <vramik@redhat.com> Closes #24793	2023-12-07 12:43:43 +00:00
Pedro Igor	b1626172aa	Removing unnecessary property from auth-server-migration maven profile Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-06 15:35:29 -03:00
rmartinc	522e8d2887	Workaround to allow percent chars in getGroupByPath via PathSegment Closes #25111 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-06 14:22:34 -03:00
Peter Zaoral	340eb99412	Unable to use < as part of a password (admin-cli) (#24939 ) * escaped angle bracket characters in password Closes #21951 Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-12-06 17:27:44 +01:00
Pedro Igor	ab1173182c	Make sure realm is available from session when migrating to 23 Closes #25183 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-06 07:42:54 -03:00
rmartinc	d004e9295f	Do not allow remove a credential in account endpoint if provider marks it as not removable Closes #25220 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-05 17:11:57 +01:00
Vlasta Ramik	6f37fefd8d	Delete container providers from the base testsuite (#25168 ) Closes #24097 Signed-off-by: vramik <vramik@redhat.com>	2023-12-04 14:44:35 +01:00
Alfredo Moises Boullosa	0b48bef0b1	Update springboot version Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>	2023-12-04 11:15:51 +01:00
Michal Hajas	ec061e77ed	Remove GlobalLockProviderSpi (#25206 ) Closes #24103 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-12-01 16:40:56 +00:00
rmartinc	31b7c9d2c3	Add UP decorator to SSSD provider Closes https://github.com/keycloak/keycloak/issues/25075 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-01 15:41:05 +01:00
mposolda	3fa2d155ca	Decouple factory methods from the provider methods on UserProfileProvider implementation closes #25146 Signed-off-by: mposolda <mposolda@gmail.com>	2023-12-01 10:30:57 -03:00
Pedro Igor	c5bcdbdc3f	Make sure username is lowercase when normalizing attributes Closes #25173 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-01 12:16:13 +01:00
Martin Kanis	4279bbc6b5	Map Store Removal: Delete map profiles from testsuite Closes #24094 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2023-11-30 14:59:02 +01:00
vramik	587cef7de4	Delete `Profile.Feature.MAP_STORAGE` Signed-off-by: vramik <vramik@redhat.com> Closes #24102	2023-11-30 13:04:39 +01:00
Pedro Igor	c7f63d5843	Add options to change behavior on how unmanaged attributes are managed Closes #24934 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-11-30 06:58:21 -03:00
Steven Hawkins	8c3df19722	feature: add option for creating a global truststore (#24473 ) closes #24148 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2023-11-30 08:57:17 +01:00
Douglas Palmer	d0b86d2f64	Register event not triggered on external to internal token exchange Closes #9684 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2023-11-29 15:30:47 -03:00
mposolda	479e6bc86b	Update Kerberos provider for user-profile closes #25074 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-29 15:21:26 -03:00
rmartinc	16afecd6b4	Allow automatic download of SAML certificates in the identity provider Closes https://github.com/keycloak/keycloak/issues/24424 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-29 18:03:31 +01:00
rmartinc	3bc028fe2d	Remove lowercase for the hostname as recommended/advised by OAuth spec Closes https://github.com/keycloak/keycloak/issues/25001 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-29 10:26:00 -03:00
Martin Bartoš	e71d850a03	Run SAML adapter tests with EAP 8 Closes #24168 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2023-11-28 14:07:44 +01:00
Pedro Igor	2c611cb8fc	User profile configuration scoped to user-federation provider closes #23878 Co-Authored-By: mposolda <mposolda@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-27 14:45:44 +01:00
Stian Thorgersen	a32b58d337	Escape ldap id when using normal attribute syntax (#25 ) (#25036 ) Closes https://github.com/keycloak/security/issues/46 Co-authored-by: Ricardo Martin <rmartinc@redhat.com>	2023-11-27 11:38:14 +01:00
Takashi Norimatsu	1f5ee9bf80	NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token closes #25022 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2023-11-27 08:49:48 +01:00
Thomas Darimont	8888e3d41c	Avoid deprecated API usage in testsuite/integration-arquillian/tests/base (#24904 ) - Removed unused imports - Avoided deprecated junit/hamcrest API - Avoid usage of JDK API scheduled for removal This should reduce the number of compiler warnings in the logs quite a bit closes #24995 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-24 09:37:34 +01:00
Sebastian Schuster	030f42ec83	More efficient listing of assigned and available client role mappings Closes #23404 Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2023-11-22 14:10:11 +01:00
Thomas Darimont	cd1e0e06c6	Avoid deprecated API usage in testsuite/integration-arquillian/util (#24870 ) Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-21 12:45:58 +01:00
Martin Bartoš	87ed656685	Start of MS-SQL fails in CI Closes #24846 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2023-11-20 15:09:11 +01:00
Thomas Darimont	d30d692335	Introduce MaxAuthAge Password policy (#12943 ) This policy allows to specify the maximum age of an authentication with which a password may be changed without re-authentication. Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible. A value of 0 will always require reauthentication to update the password. Add documentation for MaxAuthAgePasswordPolicy to server_admin Fixes #12943 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-20 14:48:17 +01:00
rmartinc	5fad76070a	Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience Closes https://github.com/keycloak/keycloak/issues/24659 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-16 18:22:16 +01:00
Vlasta Ramik	d86e062a0e	Removal of retry blocks introduced for CRDB Closes #24095 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-11-16 13:50:56 +01:00
rmartinc	cca33baac3	Avoid NPE if RelayState is null and return a proper error Closes https://github.com/keycloak/keycloak/issues/24079 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-16 12:56:49 +01:00
rmartinc	e3b2eec1ba	Make user profile validation success if the attribute was already wrong and read-only in the context Closes https://github.com/keycloak/keycloak/issues/24697 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-14 03:07:00 -08:00
Erik Jan de Wit	89abc094d1	userprofile shared (#23600 ) * move account ui user profile to shared * use ui-shared on admin same error handling also introduce optional renderer for added component * move scroll form to ui-shared * merged with main * fix lock file * fixed merge error * fixed merge errors * fixed tests * moved user profile types to admin client * fixed more types * pr comments * fixed some types	2023-11-14 08:04:55 -03:00
Réda Housni Alaoui	3f014c7299	Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058 ) closes #21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>	2023-11-13 19:13:01 +01:00
vramik	71b6757c2f	Remove quarkus options related to map store Signed-off-by: vramik <vramik@redhat.com> Closes #24098	2023-11-13 12:34:52 +01:00
vramik	926be135e8	Remove map related modules Signed-off-by: vramik <vramik@redhat.com> Closes #24100	2023-11-13 12:34:52 +01:00
vramik	76affa45c6	Delete removed `spi-events-store-jpa-max-detail-length` property from keycloak.conf in testsuite Signed-off-by: vramik <vramik@redhat.com> Fixes #17258	2023-11-13 08:34:09 +01:00
Hynek Mlnařík	0ceaed0e2e	Transient users: Consents (#24496 ) closes #24494	2023-11-10 11:18:27 +01:00
rmartinc	6963364514	Keep same name on update for LDAP attributes Closes https://github.com/keycloak/keycloak/issues/23888	2023-11-09 23:54:45 +01:00
mposolda	64836680d7	Failing test X509OCSPResponderTest due expired certificate closes #24650 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-09 13:34:51 +01:00
Alexander Schwartz	26e2fde115	Avoid reseting cachemanger to null to avoid a re-initialization (#24086 ) Also follow best practices of using volatile variables for double-locking, and not using shutdown caches. Closes #24085	2023-11-08 11:33:44 -05:00
vramik	6fa26d7ff4	Delete map dependencies from dependency management Closes #24101	2023-11-08 13:53:17 +01:00
mposolda	7863c3e563	Moving UPConfig and related classes from keycloak-services closes #24535 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-07 12:41:29 +01:00
Peter Skopek	e5eded0eab	Add possibility to override fileName and base directory of Keycloak Quarkus distribution ZIP archive (#24284 ) Closes #24283 Signed-off-by: Peter Skopek <pskopek@redhat.com>	2023-11-07 10:31:58 +01:00
Joshua Sorah	7ca00975d4	Feature flag DPoP metadata in OIDC Well Known endpoint Closes keycloak/keycloak#24547 Signed-off-by: Joshua Sorah <jsorah@gmail.com>	2023-11-06 03:13:57 -08:00
vramik	593c14cd26	Data too long for column 'DETAILS_JSON' Closes #17258	2023-11-02 20:29:35 +01:00
Oliver	563ae104fd	[issue-14134] test partial import user with id Fix #14134	2023-11-02 05:56:12 -07:00
Martin Kanis	e05effe62d	Map Store Removal: Delete map profiles and scopes from model tests Closes #24093	2023-11-02 11:33:00 +01:00
Jon Koops	fe0a9459dd	Remove UTF-8 encoding header from property files (#24471 )	2023-11-01 16:03:26 -04:00
rmartinc	d7bb59461d	Escape $ sign when replacing clientId in the role mappers Closes https://github.com/keycloak/keycloak/issues/23692	2023-11-01 20:47:15 +01:00
Pedro Igor	be65ba8689	Make sure optional default attributes are removed when decorating the user-define user profile configuration Closes #24420	2023-11-01 14:54:09 +01:00
mposolda	0bd2b342d7	Update per review	2023-10-31 12:56:46 -07:00
mposolda	6f992915d7	Move some UserProfile and Validation classes into keycloak-server-spi closes #24387	2023-10-31 12:56:46 -07:00
Aboullos	75440abb5f	Fix compilation error on springboot (#24437 )	2023-10-31 19:29:05 +00:00
Justin Tay	3ff0476cc3	Allow customization of aud claim with JWT Authentication Closes #21445	2023-10-31 11:33:47 -07:00
rmartinc	1b630326b2	Fixes in LDAP tests when using AD Closing https://github.com/keycloak/keycloak/issues/24357	2023-10-31 13:34:37 +01:00
rmartinc	7deb4ca545	Group count and PartialExport permission fixes Closes https://github.com/keycloak/keycloak/issues/12171	2023-10-31 01:40:21 -07:00
Aboullos	c23e1e0e2b	Fix springboot tests (#24254 ) Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-31 09:06:09 +01:00
rmartinc	6484a3e705	Add userProfileEnabled attribute to realm response if admin can view users closes https://github.com/keycloak/keycloak/issues/19093	2023-10-30 07:39:03 -07:00
rmartinc	ea398c21da	Add a property to the User Profile Email Validator for max length of the local part Closes https://github.com/keycloak/keycloak/issues/24273	2023-10-27 15:09:42 +02:00
Alice	69497382d8	Group scalability upgrades (#22700 ) closes #22372 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-26 16:50:45 +02:00
Thomas Darimont	d56baa80b3	Add support for passing acr_values in auth requests in keycloak.js (#9383 ) (#24259 ) Fixes #9383	2023-10-25 15:33:39 +02:00
Hynek Mlnarik	c036980c37	Add TRANSIENT_USERS feature flag	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	d59ceb17e9	Add tests for offline access, introspection and userinfo endpoint	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	d70735f64d	Tests Part-of: Add support for not importing brokered user into Keycloak database Closes: #11334	2023-10-25 12:02:35 +02:00
ggraziano	84112f57b5	Verification of iss at refresh token request Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method. Closes #22191	2023-10-24 23:42:11 +02:00
Marek Posolda	1bd6aca629	Remove RegistrationProfile class and handle migration (#24215 ) closes #24182 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-10-24 20:19:33 +02:00
Martin Kanis	10a2c96c72	Users in role Rest API returns empty when User federation used (#23318 ) * Users in role Rest API returns empty when User federation used Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com> Co-authored-by: Martin Kanis <mkanis@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-24 11:10:20 -04:00
Martin Bartoš	9627187447	Adapter tests failing with Jakarta error (#24177 ) Fixes #24176	2023-10-24 10:11:48 -04:00
rmartinc	ad01ed1497	Do not reset the user profile configuration on disable Closes https://github.com/keycloak/keycloak/issues/23527	2023-10-24 03:05:34 -07:00
Thomas Darimont	e567210ed1	Add dedicated feature flag for oauth device grant flow (#23892 ) Closes #23891	2023-10-24 10:09:26 +02:00
Håvar Nøvik	bc55846809	Fixes a NullPointerException after import validation (#20151 ) * Fixes a NullPointerException after import validation If the import validation (when getting a user by email) returns null, indicating that the user entity should be removed from local storage, an email equality check results in a NullPointerException. This commit fixes this issue by explicitly checking for null. Closes #20150 --------- Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-23 17:19:25 -04:00
vramik	a0f04fa2be	Declarative User Profile export Closes #12062 Resolves #20885	2023-10-21 19:21:20 +02:00
Pedro Igor	e47389f199	Username now shown when creating a user and edit username is not allowed Closes #24183	2023-10-20 10:22:31 -07:00
Steven Hawkins	f4d1dd9b7f	improvement: validates the expected values of non-cli properties (#23797 ) also adds better messages for unknown options closes #13608	2023-10-20 17:21:03 +00:00
Pedro Igor	d4a5391013	Making sure public clients can RPT tokens Closes #14165	2023-10-20 17:53:10 +02:00
Pedro Igor	55a5a8c0eb	Ignore custom attributes when processing attributes in verify profile action Closes #24077	2023-10-20 17:51:40 +02:00
mposolda	c18e8ff535	User profile tweaks in registration forms closes #24024	2023-10-20 06:31:21 -07:00
kaustubh-rh	1ac2c0997d	Inconsistent handling of parenthesis in auth flow name (#24113 ) closes #16379	2023-10-20 10:00:46 +02:00
mposolda	04777299b0	After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly closes #23880	2023-10-19 19:23:50 +02:00

1 2 3 4 5 ...

6490 commits