Tero Saarni
e06fcbe6ae
Change supported criteria for Google Authenticator
...
List Google Authenticator as supported when
- hash algorithm is SHA256 or SHA512
- number of digits is 8
- OTP type is hotp
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-03-05 11:19:06 +01:00
Tomas Ondrusko
9404b888d1
Update disabled feature status code in social login tests
...
Closes #27366
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2024-03-05 10:22:51 +01:00
Pavel Drozd
be7775a9be
LDAPSyncTest - additional removal of users at the end of the test
...
Necessary when running with external AD
Closes #27499
Signed-off-by: Pavel Drozd <pdrozd@redhat.com>
2024-03-05 09:54:58 +01:00
Pedro Igor
2c750c8ffb
Reverting unrelated changes to templates
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-04 20:28:06 +09:00
Jon Koops
0894642838
Fix up selector for submit button
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-04 20:28:06 +09:00
Lucy Linder
aa6771205a
Update ReCAPTCHA and add support for ReCAPTCHA Enterprise
...
Closes #16138
Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-03-04 20:28:06 +09:00
rmartinc
f970803738
Check email and username for duplicated if isLoginWithEmailAllowed
...
Closes #27297
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-02 00:14:27 +09:00
Andy
137907f5ef
Roles admin REST API: Don't expand composite roles
...
Additionally:
- Import clean-up
- Added requireMapComposite as in RoleResource.addComposites
Closes #26951
Signed-off-by: synth3 <19573241+synth3@users.noreply.github.com>
2024-03-02 00:03:03 +09:00
Takashi Norimatsu
1792af6850
OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor
...
closes #27412
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-03-01 14:49:23 +01:00
Hynek Mlnarik
49bbed13b9
Localize admin error messages
...
Fixes : #25977 (part of)
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-03-01 14:03:08 +01:00
graziang
082f9ec15b
Update client scopes in Client Update Request in DCR
...
Fix ClientScopesClientRegistrationPolicy.beforeUpdate because it was modifying the original clientRepresentation.
Add updateClientScopes method to set client scopes in Client Update Request in DCR.
Closes #24361
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-03-01 12:32:45 +01:00
Marek Posolda
ae0a0ea30b
SecureRedirectUrisEnforcerExecutor fixes ( #27369 )
...
closes #27344
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-29 17:24:20 +01:00
Steven Hawkins
51590668f5
fix: provide a better error message when option parsing fails ( #27354 )
...
closes : #16260
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-29 08:22:21 -05:00
Takashi Norimatsu
3db04d8d8d
Replace Security Key with Passkey in WebAuthn UIs and their documents
...
closes #27147
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-29 10:31:05 +01:00
Pedro Igor
326d63ce74
Make sure group searches are cached and entries invalidate accordingly
...
Closes #26983
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-29 05:06:36 +09:00
Vlasta Ramik
ade3b31a91
Introduce new CLI config options for Infinispan remote store
...
Closes #25676
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 15:49:19 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
...
Closes #25823
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
Pedro Igor
788d146bf2
Use the target client when processing scopes for internal exchanges
...
Closes #19183
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-28 15:18:43 +01:00
rmartinc
2bd9f09e29
Re-index CLIENT_ATTRIBUTES using name and value
...
Closes #26618
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-28 11:07:03 +01:00
graziang
16a854c91b
Add option to clients to use lightweight access token
...
Add an "Always use lightweight access token" option on the client's Advanced tab in the "Advanced Settings" section that uses the already existing Constants.USE_LIGHTWEIGHT_ACCESS_TOKEN_ENABLED to store a boolean client attribute.
The attribute value is used to enable or disable the lightweight access token.
Closes #27238
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-02-28 10:18:26 +01:00
Pedro Igor
0c91fceaad
Allow setting if both 'client_id' and 'id_token_hint' params should be sent in logout requests
...
Closes #27281
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-27 20:37:27 +09:00
Dmitry Telegin
6a57614554
Fix disabled feature tests
2024-02-27 19:11:32 +09:00
rmartinc
562decde35
Perform internal introspect for the access token in the account app
...
Closes #27243
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-27 09:19:20 +01:00
kaustubh-rh
03f6cda85a
Prevent user from removing built-in client scopes ( #27134 )
...
Closes #26937
Signed-off-by: Kaustubh B <kbawanka@redhat.com>
2024-02-26 11:16:23 +01:00
Gilvan Filho
83af01c4c0
Add failedLoginNotBefore to AttackDetectionResource
...
Closes #17574
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-02-26 09:35:51 +01:00
graziang
cecce40aa5
Avoid regenerating the totpSecret on every reload of the OTP configuration page
...
Using an auth note to store the totpSecret and passing its value in the TotpBean constructor to keep the totpSecret on page reload
Closes #26052
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-02-22 19:09:09 +01:00
Pedro Igor
604274fb76
Allow setting an attribute as multivalued
...
Closes #23539
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Takashi Norimatsu
1e12b15890
Supporting OAuth 2.1 for public clients
...
closes #25316
Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 10:57:29 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Takashi Norimatsu
9ea679ff35
Supporting OAuth 2.1 for confidential clients
...
closes #25314
Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 08:34:21 +01:00
Peter Keuter
01d66a662b
Expose display name and locales when user has ANY admin role ( #27160 )
...
* chore: expose display name and locales when user has view-realm
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
* fix: supportedlocales are available as stream
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
* fix: tests
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
* fix: remove unnecessarily added ignore
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
---------
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
2024-02-21 13:30:31 -05:00
Ricardo Martin
3bc074913e
Allow LDAP provider to search using any attribute configured via mappers ( #26235 )
...
Closes #22436
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-21 08:48:39 +00:00
Takashi Norimatsu
1bdbaa2ca5
Client policies: executor for validate and match a redirect URI
...
closes #25637
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-20 08:37:33 +01:00
Ryan Emerson
a2f027ee00
Use AWS JDBC Wrapper in CI tests. Resolves #27123
...
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-02-19 19:07:24 +01:00
Stefan Wiedemann
aa6b102e3d
Support EC Key-Imports for the JavaKeystoreKeyProvider #26936 ( #27030 )
...
closes #26936
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-02-19 17:41:40 +01:00
Tomas Ondrusko
055a0e2231
Fix Microsoft social login test case
...
Resolves #27120
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2024-02-19 15:56:58 +01:00
Pedro Hos
6b3fa8b7a7
Invalid redirect uri when identity provider alias has spaces ( #22840 )
...
closes #22836
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-02-19 14:40:42 +01:00
graziang
1f57fc141c
UPDATED_PASSWORD required-action triggered only when login using password
...
`UpdatePassword.evaluateTriggers` adds the required-action to the user by evaluating the expiration password policy. Added a check that skips the evaluation if no password used during auth flow. This check uses the value of an auth note set in the `validatePassword` method of the `AbstractUsernameFormAuthenticator`.
Manually adding UPDATED_PASSWORD required-action to the user continues to trigger the action regardless of the authentication method.
Closes #17155
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-02-16 18:16:36 +01:00
Marek Posolda
c94f9f5716
Remove random redirect after password reset ( #27076 )
...
closes #20867
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2024-02-16 18:13:27 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
mposolda
eff6c3af78
During password reset, the baseURL is not shown on the info page after browser restart
...
closes #21127
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-15 18:48:53 +01:00
Michal Hajas
e55ba5dcdc
Make sure pagination is used even when first is null for getGroups endpoint
...
Closes #25731
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-15 19:46:04 +09:00
mposolda
b4d289c562
Fixing UriValidator
...
closes #26792
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-15 10:30:39 +01:00
rmartinc
4ff4c3f897
Increase internal algorithm security using HS512 and 128 byte hmac keys
...
Closes #13080
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
rmartinc
bc82929e3a
Cors modifications for UserInfo endpoint
...
Closes #26782
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-14 18:24:06 +01:00
rmartinc
bb12f3fb82
Do not require non-builtin attributes for service accounts
...
Closes #26716
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-13 17:42:59 +01:00
Steven Hawkins
3a04acab51
fix: adds pfx as a recognized extension ( #26876 )
...
closes #24661
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-13 15:38:12 +01:00
Stian Thorgersen
23d5f2188d
Run adapters in a separate job on GitHub Actions ( #26962 )
...
Closes #25892
Signed-off-by: stianst <stianst@gmail.com>
2024-02-13 12:38:58 +01:00
Stefan Guilhen
2161e72872
Add migration for the useTruststoreSpi config property in LDAP user storage provider
...
- legacy `ldapsOnly` value now migrated to `always`.
Closes #25912
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-12 11:53:19 +01:00
Pedro Igor
e50642ac32
Allow setting a default user profile configuration
...
Closes #26489
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-12 11:16:48 +01:00