Commit graph

3998 commits

Author SHA1 Message Date
Martin Bartoš
64738ea708 Fix issues with JakartaEE Mail dependencies
This reverts commit da4644844ed88818c05d777460624403326ab01c

---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
5ebe4ca7c8 Quarkus3 branch sync no. 6
17.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Peter Zaoral
946eacd5b6 Quarkus3 branch sync no. 5
10.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
2cb7c9f5ec Fix account console tests 2023-04-27 13:36:54 +02:00
Stefan Guilhen
3409a0c840 Fixes SAML tests in testsuite
- adds dependency to saaj-impl in saml core public
- updates test apps' web.xml files to use jakarta namespaces
- small cleanup in main pom
- changes order of e-mail servers in testsuite pom to enforce usage of greenmail (changes order in Undertow's classpath)

Closes #16711
2023-04-27 13:36:54 +02:00
Alexander Schwartz
4bdf2fe21d Fixing parameter which should be a string plus dependencies
Closes #16649
2023-04-27 13:36:54 +02:00
Martin Bartoš
b1da7bd613 Revert Mail API
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/quarkus/pom.xml - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
1f126647fe Update dependencies 2023-04-27 13:36:54 +02:00
vramik
60e6fb9dae Register custom functions FunctionContributor
Closes #16336

---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
4ff2de7f46 Quarkus3 branch sync
18.1.2023:
* applied Quarkus 3 OpenRewrite recipe
* fixed the parts that were missed by the script

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Martin Bartoš
124591ce1a Adapters can still use Java EE
- Provided all JavaEE dependencies for adapters
- Automatically build Undertow Jakarta EE for testsuite (missing SAML)
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
40c38e0133 Fix dependencies in testsuite, adapters and Quarkus module
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Stefan Guilhen
384d7c17f7 - Fix issues in legacy store
- Testsuite (switch undertow-embedded.version)
2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.*
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
2023-04-27 13:36:54 +02:00
Hynek Mlnarik
d7d50634b3 Do not impose assumptions on ID format
Closes: #19814
2023-04-26 15:37:50 +02:00
Hynek Mlnarik
80ba42a0b4 Tests: Determine IDs from Keycloak
Instead of assuming that the ID of created objects is honored,
the tests are rewritten in the way which obtains the ID from
the created objects. This is to account for storages where
ID is not necessarily an UUID and cannot be thus prescribed.

Closes: #19814
2023-04-26 15:37:50 +02:00
rmartinc
04ac3a64ee Adding support for rsa-oaep for SAML encryption
Closes https://github.com/keycloak/keycloak/issues/19689
2023-04-26 10:46:10 +02:00
mposolda
a3f2ebb193 Ability to override default/built-in providers with same providerId. Using ProviderFactory.order() for choosing priority providers
Closes #19867
2023-04-25 18:04:58 +02:00
Lukas Hanusovsky
30d976d64c
RequiredActionEmailVerificationTest - old account console dependencies removed. (#19843)
Closes #19668
2023-04-25 08:19:43 +02:00
Hynek Mlnarik
3161c4424c Fix export / import tests relict
Closes: #19812
2023-04-19 22:17:49 +02:00
Hynek Mlnarik
0ddc71d987 Properly encode id in URL
Closes: #19816
2023-04-19 15:10:04 -03:00
rmartinc
8e55a63f31 Do not allow add sub-flow to built-in workflow
Closes https://github.com/keycloak/keycloak/issues/15536
2023-04-19 11:12:49 +02:00
rmartinc
f051a0cdb3 Improve SessionCodeChecks to detect better the ALREADY_LOGGED_IN situation
Closes https://github.com/keycloak/keycloak/issues/19677
2023-04-18 10:35:47 -03:00
Lukas Hanusovsky
4a8510f7d9
Stop disabling Account Console v2 for tests that run fine (#19728)
Works towards closing #19668
2023-04-17 16:26:32 -03:00
Marek Posolda
8d01109158
Invalid parameter redirect_uri when using an invalid client_id (#19731)
closes #19662
2023-04-17 15:12:59 +02:00
Hynek Mlnarik
21510dff0c Add FILE constant to StoreProvider 2023-04-17 08:29:49 +02:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts
Closes #17359
2023-04-16 17:41:22 +02:00
danielFesenmeyer
5554c62bea Change locale of user profile validation message to be resolved from authenticated user instead of validated user
Closes #19707
2023-04-14 11:51:15 -03:00
Stian Thorgersen
f4cabea08c
Make sure the code is bound to the user session (#18) (#17380) (#17389)
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-04-14 14:42:12 +02:00
Lukas Hanusovsky
556758943f
Old Account Console removal - cleanup imports (#19700)
Part of #19668
2023-04-13 14:57:28 +00:00
vramik
2b890eb79d Zero downtime smoke tests
Closes #16481
2023-04-12 11:24:35 +02:00
Pedro Igor
83676bf927 Extract JUnit5 support in the distributoin testsuite to a separate module
Closes #19552
2023-04-11 10:48:56 +02:00
Lukas Hanusovsky
9bb18400ad
Remove AccountTotpPage from the testsuite (#17657)
Closes #15201
2023-04-06 11:49:29 +02:00
fwojnar
f55794f8bf
Removes AccountApplicationsPage (#17651)
Closes #15198 


Co-authored-by: wojnarfilip <fwojnar@redhat.com>
2023-04-05 16:54:16 +02:00
rmartinc
99330dbb6d Manage JsonProcessingException to not return error 500 when json data is wrong
Closes https://github.com/keycloak/keycloak/issues/11517
2023-04-03 18:07:34 +02:00
mposolda
4d8d6f8cd8 Preserve authentication flow IDs after import
closes #9564
2023-04-03 16:01:52 +02:00
Jon Koops
bdc019b02c
Fully deprecate function-style constructor for Keycloak JS (#19438) 2023-04-03 14:45:55 +02:00
Hynek Mlnarik
85c0b47c31 Fix ClientPoliciesExtendedEventTest
Closes: #19487
2023-04-03 14:43:50 +02:00
Pedro Igor
6086201fe0 Do not verify identity cookie when processing required actions
Closes #17539
2023-03-31 09:56:27 +02:00
rmartinc
89dfeeec38 The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties
Closes https://github.com/keycloak/keycloak/issues/10412
2023-03-30 21:45:07 +02:00
mposolda
709c6b5a47 Regressions in redirect URL verification when redirect_uri has encoded path or default port
closes #16851
closes #16587
2023-03-30 14:20:10 +02:00
Pedro Igor
48082d08ec Email visible on registration page when edit username is not allowed
Closes #17439
2023-03-30 08:11:30 +02:00
Douglas Palmer
ff27f6c77c Fix SSSDTest
closes #19397
2023-03-29 21:54:00 +02:00
Jon Koops
8f627517cb
Remove legacy Promise APIs from Keycloak JS (#19389) 2023-03-29 16:29:27 +00:00
Michal Hajas
e49dfe534e Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store
Closes #17277
2023-03-29 16:43:01 +02:00
Daniel Kobras
a45b5dcd90 Prefer cert over pubkey in SAML metadata
If SAML key material was given as a certificate, consistently
expose the certificate rather than just the public key when
presenting SAML metadata info. This change ensures that the
client obtains sufficient information (eg. issuer) to close
the trust chain.

Closes: #17549

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
2023-03-29 11:17:24 +02:00
Marek Posolda
032ece9f7b
Clarify user session limits documentation and test SSO scenario (#19372)
Closes #17374


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-03-29 10:08:45 +02:00
rmartinc
2bb9de1a8c Allow application/jwt media type for userinfo endpoint
Closes: https://github.com/keycloak/keycloak/issues/19346
2023-03-28 08:47:35 -03:00
Michal Hajas
beca22311b Add RefreshTokenTest to database suite so it can catch some expiration issues similar to #17570 2023-03-28 08:32:31 +02:00
Pedro Igor
a9c605750d Returning email as username setting for admins
Fixes #17591
2023-03-27 16:33:44 -03:00
Pedro Hos
bd0a23a865 /users/count endpoint with search field has different behavior than /users query endpoint #17620
closes #17620
2023-03-24 13:43:47 +01:00
Klajdi Paja
cf61a65198 Return a user friendly message when a group name already exists on the same level.
Closes #16888
2023-03-24 08:13:49 +01:00
rmartinc
8bc5273792 EAP7 and wildfly adapter tests fixes. Execute enable-elytron-se17.cli for EAP7 and JDK-17.
Closes https://github.com/keycloak/keycloak/issues/19273
2023-03-23 17:02:39 -03:00
Ayrat Hudaygulov
f578f91a0b Fix ID token not being sent after expiration for OIDC logout
Closes #10164
2023-03-23 13:01:02 +01:00
Ricardo Martin
1a622e707f
Flaky tests org.keycloak.testsuite.federation.sync.SyncFederationTest (#19095)
Closes: https://github.com/keycloak/keycloak/issues/17430
Closes: https://github.com/keycloak/keycloak/issues/17431
2023-03-21 08:30:42 +01:00
Alexander Schwartz
513bb809f3 Add a map storage global locking implementation for JPA
Closes #14734
2023-03-21 08:21:11 +01:00
rmartinc
bef0a4a6f1 Check frontendUrl in the hostname providers
Closes https://github.com/keycloak/keycloak/issues/17686
2023-03-20 18:54:58 -03:00
Miquel Simon
80d3cc5dea Added option for Chrome driver needed for version >= 111.
Closes #19137
2023-03-20 13:09:23 +01:00
Pedro Igor
a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
rmartinc
cab7e50410 Better handling for SAML signatures in POST and REDIRECT bindings
Closes https://github.com/keycloak/keycloak/issues/17456
2023-03-15 09:06:59 -03:00
Pedro Igor
af475ffe23 Fixing classloading issue due to the curated application being eagerly closed 2023-03-13 09:34:49 +01:00
vramik
31e4c5cb7e Add storage-jpa-db property into Quarkus. Distinguish postgres and crdb for jpa map store.
Closes #17305
2023-03-09 11:09:56 +01:00
Tero Saarni
9052ec2b02
Add admin events for realm create/delete. (#10831)
Closes #10733
2023-03-07 15:57:06 +01:00
Simon Levermann
96c1cf3c49 Allow mapping of UserSessionNotes into UserInfo
Fixes #15369
2023-03-07 15:25:14 +01:00
rmartinc
a56b38c5a6 Don't remove session and don't reset restart cookie if passive check error
Closes https://github.com/keycloak/keycloak/issues/11340
2023-03-07 15:10:09 +01:00
rmartinc
06ff8b016c Don't set REMEMBER_ME if it's disabled at realm level
Closes https://github.com/keycloak/keycloak/issues/11330
2023-03-07 15:01:58 +01:00
Michal Hajas
837c64de3d Add support for pessimistic locking to HotRod
Closes #13273
2023-03-07 10:44:31 +01:00
mposolda
a0192d61cc Redirect loop with authentication success but access denied at default identity provider
closes #17441
2023-03-06 10:45:01 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer
Closes #17336
2023-03-03 17:58:34 +01:00
Zakaria Amine
fb5a7f654b
trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100)
closes #15098
2023-03-03 17:49:27 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334)
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Alexander Schwartz
1e4401f521 Avoid returning the same entity multiple times from separate searches
Closes #15604
2023-03-02 08:21:38 +01:00
mposolda
b28bde542f referrer_url is not correctly computed in account console
closes #16484
2023-03-01 20:49:15 +01:00
Marek Posolda
59f4fe1c60
NPE on Theme after upgrade to 21 when parent or import theme not exists (#17350)
* NPE on Theme after upgrade to 21 when parent or import theme not exists
closes #17313

* Update per review
2023-03-01 15:46:37 +00:00
rmartinc
5cdf4d5791 Read-Only attributes should be modified if creation is delayed for LDAP
Closes https://github.com/keycloak/keycloak/issues/16848
2023-03-01 11:26:57 +01:00
Pedro Igor
fbf5541802 Remove duplicated set-cookie header from response when expiring cookies
Closes #17192
2023-02-27 14:17:27 -03:00
lpa
3cd413dee1 SOAP backchannel logout for SAML protocol
Closes #16293
2023-02-27 14:24:12 +01:00
rmartinc
38a46726e4 Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers
Closes https://github.com/keycloak/keycloak/issues/15624
2023-02-27 10:14:48 -03:00
Miquel Simon
923a321a55
Run WebAuthn IT with Chrome. (#17256) 2023-02-23 20:58:13 +00:00
Václav Muzikář
557a22968c
Stabilize Account Console UI tests (#17243)
Closes #17178
Closes #17102
Closes #17070
Closes #17045
Closes #17044
Closes #16875
Closes #16870
Closes #16715
Closes #16670
Closes #16646
Closes #16627
Closes #16620
2023-02-23 12:35:08 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview (#17228)
* Polish fips-mode switch for preview
Closes #17208 #17210 


Co-authored-by: mposolda <mposolda@gmail.com>
2023-02-22 12:12:52 +01:00
drohwer89
4ff180da64
Terminating all sessions above the session limit (#16068)
Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit.

Closes #14689

Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-02-16 17:56:59 +01:00
rmartinc
9995a3cdd4 lastSync value into COMPONENT_CONFIG is always updated
Closes https://github.com/keycloak/keycloak/issues/17022
2023-02-16 17:48:49 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode
Closes #17119
2023-02-16 08:00:21 -03:00
sui.jieqiang
1f6fa0501c Fix search user groups without limit
Closes #12649
2023-02-15 15:50:46 +01:00
vramik
7b604d6784 Sync properties in map-storage-jpa-cocroach with other profiles
Closes #17107
2023-02-15 10:49:22 +01:00
Hynek Mlnarik
bb0eb899a7 Add ability to run arq testsuite with file store
Fixes: #17032
2023-02-15 10:17:23 +01:00
Pedro Igor
9e46b9e43f Handling events after transaction completion using a separate session
Closes #15656
2023-02-14 13:10:57 +01:00
Václav Muzikář
a57821ed80 Fix JDK 17 InaccessibleObjectException with infinispan 2023-02-13 17:09:36 -03:00
Miquel Simon
48a22ff2f3
Added WebAuthn integration tests to CI workflow. (#16608) 2023-02-13 12:28:25 +00:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
2023-02-10 12:06:49 +01:00
Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite (#16970)
Closes #16969
2023-02-09 12:21:33 +01:00
Pedro Igor
017ddc670b Removing references to old admin console test artifacts 2023-02-08 17:22:45 -03:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest (#16914)
Closes #16896
2023-02-08 14:49:49 +00:00
Dmitry Telegin
5f39aeb590 Pre-authorization hook for client policies
Closes #9017
2023-02-08 15:06:32 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction
Closes #13280
2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme (#16864)
Closes #16862
2023-02-08 09:22:39 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861)
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
2023-02-07 12:59:35 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens
Closes #8833
2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92 Revise blacklist password policy provider #8982
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-02-07 10:36:39 +01:00