keycloak-scim

Author	SHA1	Message	Date
mposolda	cdb61215c9	UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed closes #23749	2023-10-06 11:27:48 -03:00
Pedro Igor	290bee0787	Resolve several usability issues around User Profile (#23537 ) Closes #23507, #23584, #23740, #23774 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-06 10:15:39 -03:00
rmartinc	890600c33c	Remove backward compatibility for ECDSA tokens Closes https://github.com/keycloak/keycloak/issues/23734	2023-10-06 14:24:48 +02:00
Martin Kanis	0853d484ec	Remove transaction in InfinispanSingleUseObjectProvider#remove (#23708 ) Co-authored-by: mposolda <mposolda@gmail.com>	2023-10-06 10:00:04 +02:00
Garth	2dfbbff343	added AccountResource SPI, Provider and ProviderFactory. (#22317 ) Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.	2023-10-05 15:08:01 +02:00
vramik	7f2f4aae67	Upgrade liquibase version to avoid a bug where a changeset is executed twice Closes #23220	2023-10-05 13:35:05 +02:00
Tomas Ondrusko	58131f1dcc	Update the Instagram login process Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-10-05 09:33:05 +02:00
Steven Hawkins	9a93b9a273	allows csv output to handle missing requested fields (#23459 ) * allows csv output to handle missing requested fields Closes #12330 * fixes the handling of the content type also makes it more explicit the expectation of applying csv and return fields * fix: consolidating the logic dealing with the content-type Closes #23580	2023-10-04 15:49:19 +02:00
Dmitry Telegin	085d0d73c9	Fix nonce/scope typo	2023-10-02 22:36:51 +02:00
Tomas Ondrusko	fcb91a83ba	Ignore query parameters while testing the LinkedIn profile picture URL (#23557 ) Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-10-02 14:36:17 +02:00
Tomas Ondrusko	3d42573813	Update PayPal social login flow to use 127.0.0.1 instead of localhost (#23532 ) Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-09-28 09:34:45 +00:00
fwojnar	56082cdd2d	Fixes issue in login flow of SocialLoginTest#twitterLogin (#23122 ) Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2023-09-28 10:21:59 +02:00
Lucas Hedding	de5aa2e74d	Add createTimestamp to REST service (#23293 ) Closes #14009	2023-09-27 13:38:16 +02:00
rmartinc	10c1e3ba6d	Client roles should be mapped to any claim name Closes https://github.com/keycloak/keycloak/issues/22349	2023-09-27 08:11:22 -03:00
rmartinc	d90640b5a3	Change email checkserveridentity prop as angus mail sets it to true by default Closes https://github.com/keycloak/keycloak/issues/22395	2023-09-26 09:11:16 +02:00
Maria Arias de Reyna	c15753266f	fix(Closes #21236 ): Adding client-id to logout event	2023-09-25 13:20:26 +02:00
Pedro Igor	741f76887c	Allow updating email when email as username is set and edit username disabed #23438	2023-09-25 08:19:01 -03:00
Michal Hajas	496c5ad989	Use new findGroupByPath implementation and remove the old one Closes #23344 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-09-25 10:44:24 +02:00
Jon Koops	47d9ae71c4	Revert the new welcome screen experience (#23446 ) This reverts commit `bcab75a7ef`.	2023-09-21 16:03:00 +00:00
Justin Tay	7d3104ee76	Allow public clients to use PAR endpoint Closes #8939	2023-09-21 13:57:42 +02:00
rmartinc	7afd90982d	Align wildfly-core and wildfly version for tests Closes https://github.com/keycloak/keycloak/issues/23342	2023-09-21 10:53:57 +02:00
Bernd Bohmann	bb2f59df87	Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430 ) Closes #14820 --------- Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-09-20 17:20:43 +02:00
Jon Koops	e86bf1f0b2	Remove `P3P` header from authentication flow Closes #23348	2023-09-19 08:50:33 -03:00
rmartinc	743bb696d9	Allow duplicated keys in advanced claim mappers Closes https://github.com/keycloak/keycloak/issues/22638	2023-09-19 07:49:34 -03:00
wojnarfilip	5603ee7b46	Fixes login flow in Microsoft social login test Closes #22657	2023-09-18 14:21:41 +02:00
Pedro Igor	217a09ce46	Switch to Resteasy Reactive Closes #10713	2023-09-18 09:19:03 -03:00
paul	f684a70048	KEYCLOAK-15985 Add Brute Force Detection Lockout Event	2023-09-15 10:32:07 -03:00
Jon Koops	bcab75a7ef	Add new version of Welcome theme based on PatternFly 5 (#23008 )	2023-09-14 08:24:17 -04:00
Andreas Blaettlinger	86c0e338d9	Toggle visibility of password input fields in login-ftl-based pages Closes #22067	2023-09-14 08:04:35 -03:00
Pedro Igor	1442f14c45	Registration page not showing username when edit username is not enabled Closes #23185	2023-09-14 07:32:39 -03:00
Justin Tay	658c0ef19f	Send Client ID in token request with JWT Authentication Closes #21444	2023-09-14 10:57:32 +02:00
Pedro Igor	5958c7948d	Ignore attributes when they are not prefixed with user.attributes prefix (#23184 ) Co-authored-by: mposolda <mposolda@gmail.com> Co-authored-by: stianst <stianst@gmail.com>	2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer	a68ad55a37	Support to define compatible mappers for (new) Identity Providers - Also allows to use existing mappers for custom Identity Providers without having to change those mappers Closes #21154	2023-09-13 17:19:06 -03:00
Jacek Kowalski	f5182deb30	Fix valid redirect URIs for built-in account-console client on realm rename (#20894 ) Closes #9541 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-09-13 15:28:07 +02:00
Konstantinos Georgilakis	0044472f87	Add regex support in 'Condition - User attribute' execution Closes #265	2023-09-13 08:36:45 +02:00
rmartinc	48ab2b1688	FullNameLDAPStoreMapper removes values for other attributes Closes https://github.com/keycloak/keycloak/issues/22526	2023-09-13 08:11:32 +02:00
vramik	d34a371971	Enable ZeroDowntimeTest Closes #21825	2023-09-11 19:09:30 +02:00
Pedro Igor	04dd9afc5e	Do not store empty attributes when updating user profile Closes #22960	2023-09-11 07:47:31 -03:00
rmartinc	7da52a43bd	Add old LinkedIn provider to the deprecated profile Closes https://github.com/keycloak/keycloak/issues/23067	2023-09-08 10:05:17 +02:00
Marek Posolda	506e2537ac	Registration flow fixed (#23064 ) Closes #21514 Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-09-08 08:05:05 +02:00
Pedro Igor	bc31fde4c0	Broker claim mapper not recognizing claims from user info endpoint Closes #12137	2023-09-07 16:34:45 +02:00
Kaustubh B	5ee2ba9372	Added tests	2023-09-07 08:43:35 +02:00
rmartinc	8887be7887	Add a new identity provider for LinkedIn based on OIDC Closes https://github.com/keycloak/keycloak/issues/22383	2023-09-06 16:13:31 +02:00
Pedro Igor	13e5a02b9f	Role mappers must return a single value when they are not multivalued Closes #20218	2023-08-31 19:16:12 +02:00
mposolda	57e51e9dd4	Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation closes #20045	2023-08-30 13:24:48 +02:00
vramik	4cd34f8423	Update logging properties for showing SQL statements and JDBC parameters Closes #22815	2023-08-30 12:52:08 +02:00
Marek Posolda	6f989fc132	Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531 ) closes #22352 #9422	2023-08-29 11:21:01 +00:00
Pedro Igor	ea3225a6e1	Decoupling legacy and dynamic user profiles and exposing metadata from admin api Closes #22532 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2023-08-29 08:14:47 -03:00
Pedro Igor	b779df6a55	Parsing response from user info rather than the access token Closes #22581	2023-08-29 12:23:56 +02:00
Tomas Ondrusko	e70ffd0105	Handle GitHub logout properly (#22463 ) Add profile info update to GitHub login test cases Closes #22461 Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-08-28 10:06:12 +02:00
t0xicCode	822c13ff6f	Switch Trusted Host policy redirect verification to URI Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI. The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used. In contrast, the URI class simply parses the string, ensuring the format is valid. The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs. See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation. Closes #22309	2023-08-14 10:20:23 +02:00
Pedro Igor	baac060eb1	Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts Closes #21751	2023-08-11 13:32:16 +02:00
Erik Jan de Wit	874d2063b8	only add realm access to the current realm (#21554 ) fixes: #21553	2023-08-10 12:43:15 +02:00
wojnarfilip	6c070d587f	Closes #22282	2023-08-10 12:05:20 +02:00
Takashi Norimatsu	258711ef4f	DPoP verification in UserInfo endpoint closes #22215	2023-08-07 10:49:33 +02:00
Takashi Norimatsu	9d0960d405	Using DPoP token type in the access-token and as token_type in introspection response closes #21919	2023-08-07 10:40:18 +02:00
Marek Posolda	4dc929abb3	Missing client_id validation match when authenticating client with JW… (#22178 ) Closes #22177	2023-08-03 11:47:55 +02:00
Takashi Norimatsu	ee998fee66	Add FAPI 2.0 security profile as default profile of client policies closes #21181	2023-08-03 09:26:16 +02:00
Ricardo Martin	a8bca522c1	Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627 ) Closes #9004 Co-authored-by: Armel Soro <armel@rm3l.org>	2023-08-02 09:36:50 +02:00
Thomas Darimont	82269f789a	Avoid using deprecated junit APIs in tests - Replaced usage of Assert.assertThat with static import - Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat Fixes: #22111	2023-08-01 11:44:25 +02:00
mposolda	6f6b5e8e84	Fix authenticatorConfig for javascript providers Closes #20005	2023-07-31 19:28:25 +02:00
Vlasta Ramik	29b67fc8df	Inconsistent Wildcard handling for JPA (#21671 ) * Inconsistent Wildcard handling for JPA Closes #20610 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-07-27 17:03:22 +02:00
rmartinc	0a7fcf43fd	Initial pagination in the admin REST API for identity providers Closes https://github.com/keycloak/keycloak/issues/21073	2023-07-27 14:48:02 +02:00
Takashi Norimatsu	9a921441cc	Adjustements to the behaviour of dpop_bound_access_tokens switch closes #21920	2023-07-27 11:30:01 +02:00
Takashi Norimatsu	6498b5baf3	DPoP: OIDC client registration support closes #21918	2023-07-26 13:00:35 +02:00
Ricardo Martin	ee35cfe478	Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages (#21897 ) * Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page Closes #10232	2023-07-26 11:34:19 +02:00
Marek Posolda	bb8ba1af5a	Fix script tests on windows (#21942 ) Closes #21778 #21779 #21780	2023-07-25 12:37:21 +00:00
Takashi Norimatsu	0ddef5dda8	DPoP support 1st phase (#21202 ) closes #21200 Co-authored-by: Dmitry Telegin <dmitryt@backbase.com> Co-authored-by: mposolda <mposolda@gmail.com>	2023-07-24 16:44:24 +02:00
Takashi Norimatsu	05b8b9ee51	Enhancing Pluggable Features of Token Manager closes #21182	2023-07-24 09:16:29 +02:00
Takashi Norimatsu	2efd79f982	FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification Closes #20584	2023-07-24 09:11:30 +02:00
rmartinc	7336ff07ac	Check RDN attribute for DN membership Closes https://github.com/keycloak/keycloak/issues/20718	2023-07-21 11:13:45 +02:00
todor	897965f604	KEYCLOAK-20343 Add message bundle to export/import Closes #20343	2023-07-20 23:00:28 +02:00
Alexander Schwartz	7c9593f88a	Upgrade Infinispan to 14.0.13.Final (#21565 ) Closes #21564	2023-07-20 16:59:19 +00:00
Václav Muzikář	776bcbcbd4	Update bcpkix and bcprov dependencies (#21543 ) Closes #21360	2023-07-20 11:57:18 +02:00
vramik	13d412989c	Disable ZeroDowntimeTest Closes #21823	2023-07-19 20:35:08 +02:00
Lukas Hanusovsky	086b85fad4	[20455] Arquillian reflection bug -> using different setter to avoid overloading. (#21806 )	2023-07-19 14:43:36 +02:00
rmartinc	ed1934d73a	Ensure that the flow tested to be deleted is a built in flow Closes https://github.com/keycloak/keycloak/issues/20763	2023-07-19 08:56:32 +02:00
mposolda	03716ed452	Keycloak forgets ui_locales parameter when using reset password closes #10981	2023-07-18 09:24:12 +02:00
rmartinc	630e3b2312	Revert emailVerified to false if email modified on force-sync non-trusted broker Closes https://github.com/keycloak/security/issues/48	2023-07-17 13:13:47 +02:00
Michal Hajas	07c27336aa	Check whether realm has store enabled for immediately sent events Closes #21698 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-07-14 20:50:33 +02:00
Pedro Igor	57423bca2b	Additional test for logout when using multiple tabs (#21518 ) Closes #21451	2023-07-11 11:22:20 +02:00
Pedro Igor	376d20c285	Remove user credentials from admin event representation (#21561 ) Closes #17470	2023-07-11 08:26:29 +02:00
rmartinc	13870f3a69	Improve error management in the github provider Closes https://github.com/keycloak/keycloak/issues/9429	2023-07-10 16:09:08 -03:00
Pedro Igor	94074f4a98	Remove unnecessary tests (#21551 ) Closes #21099	2023-07-10 13:36:21 +00:00
Daniele Martinoli	75741d17ab	Updated test case in RequiredActionResetPasswordTest	2023-07-10 08:31:47 -03:00
Patrick Jennings	399a23bd56	Find an appropriate key based on the given KID and JWA (#21160 ) * keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found. Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication. * Update js/apps/admin-ui/public/locales/en/clients.json Co-authored-by: Marek Posolda <mposolda@gmail.com> * Updating boolean variable name based on suggestions by Marek. * Adding integration test specifically for the JWT parameters for regression #20847. --------- Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-07-10 13:28:55 +02:00
Daniele Martinoli	7b8dcb42ea	Using "Account is disabled" message (and also added new test case)	2023-07-07 12:16:38 -03:00
Daniele Martinoli	2a95e2c245	updated failed login test case with new error message	2023-07-07 09:00:51 -03:00
Daniele Martinoli	44570d12ee	fixed error in IdentityProviderTest	2023-07-07 08:59:36 -03:00
Daniele Martinoli	83d88f6bb5	added Hardcoded Group mapper to IDP configuration	2023-07-07 08:59:36 -03:00
A. Tammy	497d08af1c	make cli usable on OpenBSD (#16462 ) Signed-off-by: Aisha Tammy <aisha@bsd.ac> Co-authored-by: Aisha Tammy <aisha@bsd.ac>	2023-07-07 08:58:41 +02:00
Peter Zaoral	2b1c29a6f2	Use Quarkus Platform BOM Closes #20570 Closes #15870 Co-authored-by: Peter Zaoral <pzaoral@redhat.com>	2023-07-06 12:45:48 -03:00
Martin Bartoš	a1a80433e3	Fix flaky OfflineServletsAdapterTest test (#21416 ) Fixes #20013	2023-07-04 10:57:20 +00:00
rmartinc	09e30b3c99	Support for JWE IDToken and UserInfo tokens in OIDC brokers Closes https://github.com/keycloak/keycloak/issues/21254	2023-07-03 21:25:46 -03:00
mposolda	ccbddb2258	Fix updating locale on info/error page after authenticationSession was already removed Closes #13922	2023-07-03 18:57:36 -03:00
Martin Bartoš	e3e123b577	JavascriptAdapterTest is broken due to the multiple initialization of JS adapter Fixes #21412	2023-07-03 16:44:22 -03:00
Daniele Martinoli	e2ac9487f7	Conditional login through identity provider (#20188 ) Closes #20191 Co-authored-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-06-29 18:44:15 +02:00
Marek Posolda	51a9712e59	Improper Client Certificate Validation for OAuth/OpenID clients (#20 ) Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2023-06-28 17:52:48 -03:00
Ricardo Martin	1973d0f0d4	Check the redirect URI is http(s) when used for a form Post (#22 ) Closes https://github.com/keycloak/security/issues/22 Co-authored-by: Stian Thorgersen <stianst@gmail.com> Signed-off-by: Peter Skopek <pskopek@redhat.com>	2023-06-28 17:52:48 -03:00
Pedro Igor	28aa1d730d	Verify holder of the device code (#21 ) Closes https://github.com/keycloak/security/issues/32 Co-authored-by: Stian Thorgersen <stianst@gmail.com> Conflicts: services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java	2023-06-28 15:45:26 +02:00
rmartinc	4bc11bdf7f	Do not return an error when moving a group to the current parent Closes https://github.com/keycloak/keycloak/issues/21242	2023-06-28 10:34:15 +02:00
rmartinc	a5a2753d11	Don't allow impersonate disabled users or service accounts Closes https://github.com/keycloak/keycloak/issues/21106	2023-06-28 10:18:21 +02:00
Hynek Mlnarik	c092c76ae8	Remove ldapsOnly (Java) In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`. Closes: #9313	2023-06-28 08:30:09 +02:00
Pedro Igor	d0691b0884	Support for the locale user attribute Closes #21163	2023-06-27 09:21:08 -03:00
Miquel Simon	46fa7d2e6c	Enable back a few tests that have been fixed to run on Firefox and Chrome.	2023-06-26 11:25:07 -03:00
Pavel Drozd	216bbe512f	Add tests and profiles for testing EAP6, SpringBoot and Fuse adapters	2023-06-26 11:24:02 -03:00
eatik	6d0636987e	keeping VIEW_USERS related tests in PermissionTest Closes #20783	2023-06-26 11:05:35 -03:00
eatik	7cfa012427	adding test code Closes #20783	2023-06-26 11:05:35 -03:00
Takashi Norimatsu	f6ecc3f3f8	FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request closes #20710	2023-06-26 12:09:25 +02:00
vramik	7fe7dfc529	ResourceType lost during clonning Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Closes #20947	2023-06-23 09:31:44 +02:00
Pedro Igor	aff6cc1cbd	Running mappers during account linking Closes #11195 Co-authored-by: mposolda <mposolda@gmail.com> Co-authored-by: toddkazakov	2023-06-22 17:41:31 +02:00
Pedro Igor	eb5edb3a9b	Support reading base32 encoded OTP secret Closes #9434 Closes #11561	2023-06-22 08:08:13 -03:00
mposolda	137f8d807a	Account Console II doesn't remove TOTP from UserStorage closes #19575	2023-06-22 07:56:44 +02:00
Pedro Igor	0dd7c4a515	Fixing auth-server-quarkus-embedded	2023-06-21 17:18:26 +02:00
danielFesenmeyer	60b838675d	Extend admin-client GroupsResource: Support the query functionality to be used in combination with the parameters first, max and briefRepresentation Closes #20016	2023-06-21 12:13:22 -03:00
Gilvan Filho	2493f11331	count users by custom user attribute closes #14747	2023-06-21 11:56:22 -03:00
mposolda	dc3b037e3a	Incorrect Signature algorithms presented by Client Authenticator closes #15853 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-06-21 08:55:58 +02:00
Stian Thorgersen	f82577a7f3	Removed old account console (#21098 ) Co-authored-by: Jon Koops <jonkoops@gmail.com> Closes #9864	2023-06-20 20:46:57 +02:00
fwojnar	a36be17a5c	Remove account package from testsuite (#20990 ) * Removal of testsuite account package Related to #19668 Also closes #20527 * Fix failures + remove login folder from base-ui --------- Co-authored-by: Ivan Khomyn <ikhomyn@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2023-06-20 08:50:39 +02:00
Daniele Martinoli	d9b271c22a	Extends the conditional user attribute authenticator to check the attributes of the joined groups (#20189 ) Closes #20007	2023-06-19 15:22:35 +02:00
Miquel Simon	3daeee15f6	Add Forms IT (#20528 ) Closes #20519	2023-06-19 14:44:20 +02:00
Jon Koops	29f9523646	Ensure `RegisterTest` runs in Chrome and Firefox (#21036 )	2023-06-16 08:00:04 -04:00
Martin Bartoš	c6995f5ded	Save ~2s for Keycloak startup in the testsuite Relates to #21033	2023-06-16 10:47:28 +02:00
rmartinc	ecf52285bc	Simplify TokenManager expiration calculations using SessionExpirationUtils Closes https://github.com/keycloak/keycloak/issues/20794	2023-06-13 10:09:47 +02:00
Pedro Igor	af975d20f1	Avoid iterating indefinetly when checking CRLs Closes #20725	2023-06-12 17:50:16 +02:00
vramik	535bba5792	Update UserQueryProvider methods Closes #20438	2023-06-12 16:04:26 +02:00
Arnaud Martin	ae5a47d548	Impossible to update a federated user credential label Closes #16613	2023-06-12 15:39:52 +02:00
Vlasta Ramik	ed473da22b	Clean-up of deprecated methods and interfaces Fixes #20877 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-06-09 17:11:20 +00:00
Rinus Wiskerke	fbfdb54745	Strip rotated client secret from export json (#19394 ) Closes #19373	2023-06-09 10:46:28 +02:00
rmartinc	61968bf747	Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper Closes https://github.com/keycloak/keycloak/issues/19767	2023-06-08 11:12:24 -03:00
Réda Housni Alaoui	eb9bb281ec	Require user to agree to 'terms and conditions' during registration	2023-06-08 10:39:00 -03:00
Marek Posolda	8080085cc1	Removing 'http challenge' authentication flow and related authenticators (#20731 ) closes #20497 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-06-08 14:52:34 +02:00
Saman-jafari	31db84e924	fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality test also added to check the availability of issueFor(azp) and redirect uri in Action Fixes #14860 Fixes #15136	2023-06-07 12:19:46 -03:00
Zvi Grinberg	ace83231ee	Update RegexPolicyTest.java Add forgotten imports	2023-06-07 10:18:10 -03:00
Zvi Grinberg	b29ce53f6e	Fix bug in regex policy evaluation that it ignored flatted user claims that are mapped by protocol mappers to complex JSON structure in access token( in the access token JWT it's key and value is a JSON by itself) fixes: #20436 Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>	2023-06-07 10:18:10 -03:00
Alice Wood	7e56938b74	Extend group search attribute functionality to account for use case where only the leaf group is required	2023-06-07 08:52:23 -03:00
rmartinc	9bc30f4705	EventBuilder fixes to copy the store and session context Closes https://github.com/keycloak/keycloak/issues/20757 Closes https://github.com/keycloak/keycloak/issues/20105	2023-06-07 08:34:27 -03:00
Jon Koops	9a8d1ca1f3	Stop waiting page load when calling `assertCurrent()` (#20786 )	2023-06-07 13:13:46 +02:00
Pedro Hos	9ebd94a3a8	Userinfo endpoint doesn't accept charset #20671 Closes 20671	2023-06-07 08:08:05 +02:00
Artur Baltabayev	041441f48f	Improved Reset OTP authenticator (#20572 ) * ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset. Closes #8753 --------- Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>	2023-06-06 08:30:44 -03:00
rmartinc	81aa588ddc	Fix and correlate session timeout calculations in legacy and new map implementations Closes https://github.com/keycloak/keycloak/issues/14854 Closes https://github.com/keycloak/keycloak/issues/11990	2023-06-05 18:46:23 +02:00
Jon Koops	8eee3f434b	Fix test for brute force detection of recovery codes (#20784 )	2023-06-05 11:55:30 -04:00
rmartinc	d80094793b	Manage elytron configuration if configured for JDK-17 Closes https://github.com/keycloak/keycloak/issues/20385	2023-06-05 13:50:28 +02:00
Jon Koops	7ce96bb6d5	Remove workaround for legacy consoles from `waitForPageToLoad` (#20754 )	2023-06-05 07:48:08 -04:00
Aboullos	612fe33ade	Remove AccountUpdateProfilePage from the testsuite (#19362 ) closes #15202	2023-06-02 11:46:49 +02:00
Pedro Igor	f69ff5d270	Execution config not duplicated when duplicating flows Closes #12012	2023-06-01 16:12:06 +02:00
mposolda	bf9c5821cb	Fix for certificate revalidation closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542	2023-05-31 15:42:37 +02:00
Alexander Schwartz	512e30b210	Add escaping for fields with wildcard search Closes #20510	2023-05-31 14:38:04 +02:00
Takashi Norimatsu	a29c30ccd5	FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request closes #20623	2023-05-31 14:02:44 +02:00
vramik	a175efcb72	Split `UserQueryProvider` into `UserQueryMethods` and `UserCountMethods` and make `LdapStorageProvider` implement only `UserQueryMethods` Co-authored-by: mhajas <mhajas@redhat.com> Closed #20156	2023-05-31 11:47:54 +02:00
Jay Linski	403632438a	Improve a11y by providing the current language (#20213 )	2023-05-30 13:46:14 -04:00
Takashi Norimatsu	6b42c2b4d0	FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error Closes #20622	2023-05-30 18:24:50 +02:00
stianst	0832992e59	Removing OpenShift integration and moving to separate extension closes #20496 Co-authored-by: mposolda <mposolda@gmail.com>	2023-05-30 17:39:32 +02:00
Pedro Igor	17c3804402	Tests for user property mapper Closes #20534	2023-05-29 14:21:03 +02:00
Yoshiyuki Tabata	bd37875a66	allow specifying format of "permission" parameter in the UMA grant token endpoint (#15947)	2023-05-29 08:56:39 -03:00
Jon Koops	98e5e9799b	Improve third-party storage access detection and cookie fallback	2023-05-25 22:16:59 -03:00
Douglas Palmer	1b8901f5a2	Changing the email address has no impact at username regardless "Email as username" toggle closes #20459	2023-05-25 07:54:03 -03:00
Hynek Mlnarik	fc0e47caa4	Fix KcCustomOidcBrokerTest Fixes: #20541	2023-05-25 10:20:36 +02:00
Peter Zaoral	72b238fb48	Keystore vault (#19644 ) * KeystoreVault SPI * added KeystoreVault - a Vault SPI implementation (#19281) Closes #17252 Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-05-24 16:20:30 +00:00
Jon Koops	90d2a01619	Replace `ChromeJavascriptBrowser` annotation with `JavascriptBrowser` (#20535 )	2023-05-24 11:23:15 +00:00
Hynek Mlnarik	4950f7bebe	Target correct user resource	2023-05-23 20:53:30 +02:00
Hynek Mlnarik	b9983cc5f6	Fix BrokerTest	2023-05-23 20:53:30 +02:00
Hynek Mlnarik	ac59c551c3	Fix transaction boundaries in tests	2023-05-23 20:53:30 +02:00
Hynek Mlnarik	38442ee0a6	Fix event tests	2023-05-23 20:53:30 +02:00
Hynek Mlnarik	3e58d3da8d	Proper cleanup	2023-05-23 20:53:30 +02:00
vramik	bdbbd2959d	User search with LDAP federation not consistent Closes #10195	2023-05-23 11:48:33 +02:00
wojnarfilip	34b9eed8f0	Removes AccountFederatedIdentityPage from testsuite Closes #15199	2023-05-22 11:07:48 -03:00
i7a7467	e41e1a971a	SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata Closes #11079	2023-05-22 10:05:17 +02:00
vramik	fd6a6ec3ad	Make LDAP `searchForUsersStream` consistent with other storages Co-authored-by: mhajas <mhajas@redhat.com> Closes #17294	2023-05-19 08:40:41 +02:00
Artur Baltabayev	33215ab6f4	Added User-Session Note Idp mapper. (#19062 ) Closes #17659 Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com> Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io> Co-authored-by: Sebastian Schuster <sebastian.schuster@bosch.io>	2023-05-18 13:47:10 +02:00
Lukas Hanusovsky	eb77dcf014	Removing PHOTOZ client and related tests testing UI. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	d9b95e0240	Testsuite with Undertow and OpenJDK17 - Nashorn library support. GH Actions failures - refactoring.	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	406aa21b0b	UserStorageTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	b8b9adbea2	CookieTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	29deaca3f5	DemoServletsAdapterTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	47fd10469f	Old account console dependencies removed - refactoring. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	130807fa7b	AbstractCustomAccountManagementTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	2ad8f7dd62	Old account console dependencies removed. Closes #19668 * LoginTest * SessionServletAdapterTest * ClientRedirectTest * TrustStoreEmailTest * BrowserFlowTest * SocialLoginTest * JavascriptAdapterTest	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	c685366169	CookiesPathTest - old account console dependencies removed. Closes #19668	2023-05-18 13:09:51 +02:00
Lukas Hanusovsky	5e323ae173	Old account console dependencies removed. Closes #19668 * ConsentsTest * UserTest * SessionTest * LoginEventsTest * AbstractKeycloakTest	2023-05-18 13:09:51 +02:00
danielFesenmeyer	d543ba5b56	Consistent message resolving regarding language fallbacks for all themes - the prio of messages is now as follows for all themes (RL = realm localization, T = Theme i18n files): RL <variant> > T <variant> > RL <region> > T <region> > RL <language> > T <language> > RL en > T en - centralize the message resolving logic in helper methods in LocaleUtil and use it for all themes, add unit tests in LocaleUtilTest - add basic integration tests to check whether realm localization can be used in all supported contexts: - Account UI V2: org.keycloak.testsuite.ui.account2.InternationalizationTest - Login theme: LoginPageTest - Email theme: EmailTest - deprecate the param useRealmDefaultLocaleFallback=true of endpoint /admin/realms/{realm}/localization/{locale}, because it does not resolve fallbacks as expected and is no longer used in admin-ui v2 - fix locale selection in DefaultLocaleSelectorProvider that a supported region (like "de-CH") will no longer selected instead of a supported language (like "de"), when just the language is requested, add corresponding unit tests - improvements regarding message resolving in Admin UI V2: - add cypress test i18n_test.spec.ts, which checks the fallback implementation - log a warning instead of an error, when messages for some languages/namespaces cannot be loaded (the page will probably work with fallbacks in that case) Closes #15845	2023-05-17 15:00:32 +02:00
Dominik Schlosser	8c58f39a49	Updates Datastore provider to contain full data model Closes #15490	2023-05-16 15:05:10 +02:00
Takashi Norimatsu	7f5e94db87	KEYCLOAK-19539 FAPI 2.0 Baseline : Reject Implicit Grant	2023-05-16 14:17:29 +02:00
Miquel Simon	e959e20e1a	Upgrade tested DB versions	2023-05-15 12:36:27 -03:00
Miquel Simon	90bc5835ea	Due to a bug in chromedriver version < 113.0.5672.92, temporarily ignoring some tests. (#20347 )	2023-05-15 14:40:08 +02:00
rmartinc	025778fe9c	SSSD User Federation integration for quarkus distribution Closes https://github.com/keycloak/keycloak/issues/16165	2023-05-09 11:32:52 +02:00
Jon Koops	6f4b9885ca	Use Chrome as the default JavaScript browser (#14702 )	2023-05-08 08:40:27 +02:00
Martin Bartoš	960e3503ec	Artifact SLF4J LOG4J-12 has been relocated (#20113 )	2023-05-05 13:57:45 +02:00
vramik	d1ab921c50	JpaUserProvider count methods are inconsistent with searchForUser's param filter handling Closes #17581	2023-05-05 08:22:05 +02:00
rmartinc	d9025db536	Migrate realms if configured to use RH-SSO themes Closes https://github.com/keycloak/keycloak/issues/17484	2023-05-02 15:38:33 +02:00
Martin Bartoš	3f6925143a	Support JavaEE for Admin client (#19988 )	2023-04-28 16:35:31 +02:00
Martin Bartoš	b87b70a35d	Ignore particular legacy clustering tests Revert once https://github.com/keycloak/keycloak/issues/19834 issue is resolved	2023-04-27 13:36:54 +02:00
Martin Bartoš	79178b5a23	Use WildFly as the default app server	2023-04-27 13:36:54 +02:00
Martin Bartoš	9d40f77746	Ignore DemoFilterServletAdapterTestForCustomizedIdMapper test Revert once https://github.com/keycloak/keycloak/issues/19809 issue is resolved	2023-04-27 13:36:54 +02:00
Martin Bartoš	60fd7e63d9	Fix OfflineServletsAdapterTest	2023-04-27 13:36:54 +02:00
Martin Bartoš	8d5a4f2677	Fix FIPS tests	2023-04-27 13:36:54 +02:00
Martin Bartoš	c1cced9f31	Fix CorsExampleAdapterTest --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java - Modified	2023-04-27 13:36:54 +02:00
Peter Zaoral	72663060c9	Quarkus3 branch sync no. 13 11.4.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Martin Bartoš	5b7e9a2603	Remove WF dependencies, add Jakarta SOAP, fix tests --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: IdeaProjects/keycloak/quarkus/pom.xml - Modified IdeaProjects/keycloak/quarkus/runtime/pom.xml - Modified	2023-04-27 13:36:54 +02:00
Martin Bartoš	de663dbf93	Quarkus3 branch sync no. 9 10.3.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE * changed version from 999-SNAPSHOT to 999.0.0-SNAPSHOT	2023-04-27 13:36:54 +02:00
Martin Bartoš	952faed4c9	Run Adapter tests with JavaEE support --- Quarkus3 branch sync no. 9 (10.3.2023) Resolved conflicts: keycloak/.github/actions/build-keycloak/action.yml - Modified	2023-04-27 13:36:54 +02:00
Peter Zaoral	0b4f40f89b	Quarkus3 branch sync no. 8 3.3.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Martin Bartoš	abf765185d	Fix WebAuthn tests	2023-04-27 13:36:54 +02:00
Martin Bartoš	64738ea708	Fix issues with JakartaEE Mail dependencies This reverts commit da4644844ed88818c05d777460624403326ab01c --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified	2023-04-27 13:36:54 +02:00
Peter Zaoral	5ebe4ca7c8	Quarkus3 branch sync no. 6 17.2.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Peter Zaoral	946eacd5b6	Quarkus3 branch sync no. 5 10.2.2023: * renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE * fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Martin Bartoš	2cb7c9f5ec	Fix account console tests	2023-04-27 13:36:54 +02:00
Stefan Guilhen	3409a0c840	Fixes SAML tests in testsuite - adds dependency to saaj-impl in saml core public - updates test apps' web.xml files to use jakarta namespaces - small cleanup in main pom - changes order of e-mail servers in testsuite pom to enforce usage of greenmail (changes order in Undertow's classpath) Closes #16711	2023-04-27 13:36:54 +02:00
Alexander Schwartz	4bdf2fe21d	Fixing parameter which should be a string plus dependencies Closes #16649	2023-04-27 13:36:54 +02:00
Martin Bartoš	b1da7bd613	Revert Mail API --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: keycloak/quarkus/pom.xml - Modified --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified	2023-04-27 13:36:54 +02:00
Martin Bartoš	1f126647fe	Update dependencies	2023-04-27 13:36:54 +02:00
vramik	60e6fb9dae	Register custom functions FunctionContributor Closes #16336 --- Quarkus3 branch sync no. 6 (17.2.2023) Resolved conflicts: keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified --- Quarkus3 branch sync no. 3 (27.1.2023) Resolved conflicts: keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified	2023-04-27 13:36:54 +02:00
Peter Zaoral	4ff2de7f46	Quarkus3 branch sync 18.1.2023: * applied Quarkus 3 OpenRewrite recipe * fixed the parts that were missed by the script Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2023-04-27 13:36:54 +02:00
Martin Bartoš	124591ce1a	Adapters can still use Java EE - Provided all JavaEE dependencies for adapters - Automatically build Undertow Jakarta EE for testsuite (missing SAML) --- Quarkus3 branch sync no. 11 (24.3.2023) Resolved conflicts: keycloak/adapters/oidc/spring-security/pom.xml - Modified --- Quarkus3 branch sync no. 7 (27.2.2023) Resolved conflicts: keycloak/pom.xml - Modified --- Quarkus3 branch sync no. 5 (10.2.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified --- Quarkus3 branch sync no. 1 (18.1.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified	2023-04-27 13:36:54 +02:00
Martin Bartoš	40c38e0133	Fix dependencies in testsuite, adapters and Quarkus module --- Quarkus3 branch sync no. 11 (24.3.2023) Resolved conflicts: keycloak/adapters/oidc/spring-security/pom.xml - Modified	2023-04-27 13:36:54 +02:00
Stefan Guilhen	384d7c17f7	- Fix issues in legacy store - Testsuite (switch undertow-embedded.version)	2023-04-27 13:36:54 +02:00
Martin Bartoš	7cff857238	Migrate packages from javax.* to jakarta.* --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java - Modified --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified --- Quarkus3 branch sync no. 10 (17.3.2023) Resolved conflicts: keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java - Modified --- Quarkus3 branch sync no. 9 (10.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified --- Quarkus3 branch sync no. 8 (3.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java Modified - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified --- Quarkus3 branch sync no. 6 (17.2.2023) Resolved conflicts: keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified --- Quarkus3 branch sync no. 5 (10.2.2023) Resolved conflicts: /keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java Modified - Modified keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified --- Quarkus3 branch sync no. 4 (3.2.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified --- Quarkus3 branch sync no. 1 (18.1.2023) Resolved conflicts: keycloak/testsuite/client/ClientPoliciesTest.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified	2023-04-27 13:36:54 +02:00
Hynek Mlnarik	d7d50634b3	Do not impose assumptions on ID format Closes: #19814	2023-04-26 15:37:50 +02:00
Hynek Mlnarik	80ba42a0b4	Tests: Determine IDs from Keycloak Instead of assuming that the ID of created objects is honored, the tests are rewritten in the way which obtains the ID from the created objects. This is to account for storages where ID is not necessarily an UUID and cannot be thus prescribed. Closes: #19814	2023-04-26 15:37:50 +02:00
rmartinc	04ac3a64ee	Adding support for rsa-oaep for SAML encryption Closes https://github.com/keycloak/keycloak/issues/19689	2023-04-26 10:46:10 +02:00
mposolda	a3f2ebb193	Ability to override default/built-in providers with same providerId. Using ProviderFactory.order() for choosing priority providers Closes #19867	2023-04-25 18:04:58 +02:00
Lukas Hanusovsky	30d976d64c	RequiredActionEmailVerificationTest - old account console dependencies removed. (#19843 ) Closes #19668	2023-04-25 08:19:43 +02:00
Hynek Mlnarik	3161c4424c	Fix export / import tests relict Closes: #19812	2023-04-19 22:17:49 +02:00
Hynek Mlnarik	0ddc71d987	Properly encode id in URL Closes: #19816	2023-04-19 15:10:04 -03:00
rmartinc	8e55a63f31	Do not allow add sub-flow to built-in workflow Closes https://github.com/keycloak/keycloak/issues/15536	2023-04-19 11:12:49 +02:00
rmartinc	f051a0cdb3	Improve SessionCodeChecks to detect better the ALREADY_LOGGED_IN situation Closes https://github.com/keycloak/keycloak/issues/19677	2023-04-18 10:35:47 -03:00
Lukas Hanusovsky	4a8510f7d9	Stop disabling Account Console v2 for tests that run fine (#19728 ) Works towards closing #19668	2023-04-17 16:26:32 -03:00
Marek Posolda	8d01109158	Invalid parameter redirect_uri when using an invalid client_id (#19731 ) closes #19662	2023-04-17 15:12:59 +02:00
Hynek Mlnarik	21510dff0c	Add FILE constant to StoreProvider	2023-04-17 08:29:49 +02:00
mposolda	1cbdf4d17e	Fix the issue with LDAP connectionUrl containing multiple hosts Closes #17359	2023-04-16 17:41:22 +02:00
danielFesenmeyer	5554c62bea	Change locale of user profile validation message to be resolved from authenticated user instead of validated user Closes #19707	2023-04-14 11:51:15 -03:00
Stian Thorgersen	f4cabea08c	Make sure the code is bound to the user session (#18 ) (#17380 ) (#17389 ) Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-04-14 14:42:12 +02:00
Lukas Hanusovsky	556758943f	Old Account Console removal - cleanup imports (#19700 ) Part of #19668	2023-04-13 14:57:28 +00:00
vramik	2b890eb79d	Zero downtime smoke tests Closes #16481	2023-04-12 11:24:35 +02:00
Pedro Igor	83676bf927	Extract JUnit5 support in the distributoin testsuite to a separate module Closes #19552	2023-04-11 10:48:56 +02:00
Lukas Hanusovsky	9bb18400ad	Remove AccountTotpPage from the testsuite (#17657 ) Closes #15201	2023-04-06 11:49:29 +02:00
fwojnar	f55794f8bf	Removes AccountApplicationsPage (#17651 ) Closes #15198 Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2023-04-05 16:54:16 +02:00
rmartinc	99330dbb6d	Manage JsonProcessingException to not return error 500 when json data is wrong Closes https://github.com/keycloak/keycloak/issues/11517	2023-04-03 18:07:34 +02:00
mposolda	4d8d6f8cd8	Preserve authentication flow IDs after import closes #9564	2023-04-03 16:01:52 +02:00
Jon Koops	bdc019b02c	Fully deprecate function-style constructor for Keycloak JS (#19438 )	2023-04-03 14:45:55 +02:00
Hynek Mlnarik	85c0b47c31	Fix ClientPoliciesExtendedEventTest Closes: #19487	2023-04-03 14:43:50 +02:00
Pedro Igor	6086201fe0	Do not verify identity cookie when processing required actions Closes #17539	2023-03-31 09:56:27 +02:00
rmartinc	89dfeeec38	The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties Closes https://github.com/keycloak/keycloak/issues/10412	2023-03-30 21:45:07 +02:00
mposolda	709c6b5a47	Regressions in redirect URL verification when redirect_uri has encoded path or default port closes #16851 closes #16587	2023-03-30 14:20:10 +02:00
Pedro Igor	48082d08ec	Email visible on registration page when edit username is not allowed Closes #17439	2023-03-30 08:11:30 +02:00
Douglas Palmer	ff27f6c77c	Fix SSSDTest closes #19397	2023-03-29 21:54:00 +02:00
Jon Koops	8f627517cb	Remove legacy Promise APIs from Keycloak JS (#19389 )	2023-03-29 16:29:27 +00:00
Michal Hajas	e49dfe534e	Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store Closes #17277	2023-03-29 16:43:01 +02:00
Daniel Kobras	a45b5dcd90	Prefer cert over pubkey in SAML metadata If SAML key material was given as a certificate, consistently expose the certificate rather than just the public key when presenting SAML metadata info. This change ensures that the client obtains sufficient information (eg. issuer) to close the trust chain. Closes: #17549 Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>	2023-03-29 11:17:24 +02:00
Marek Posolda	032ece9f7b	Clarify user session limits documentation and test SSO scenario (#19372 ) Closes #17374 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-03-29 10:08:45 +02:00
rmartinc	2bb9de1a8c	Allow application/jwt media type for userinfo endpoint Closes: https://github.com/keycloak/keycloak/issues/19346	2023-03-28 08:47:35 -03:00
Michal Hajas	beca22311b	Add RefreshTokenTest to database suite so it can catch some expiration issues similar to #17570	2023-03-28 08:32:31 +02:00
Pedro Igor	a9c605750d	Returning email as username setting for admins Fixes #17591	2023-03-27 16:33:44 -03:00
Pedro Hos	bd0a23a865	/users/count endpoint with search field has different behavior than /users query endpoint #17620 closes #17620	2023-03-24 13:43:47 +01:00
Klajdi Paja	cf61a65198	Return a user friendly message when a group name already exists on the same level. Closes #16888	2023-03-24 08:13:49 +01:00
rmartinc	8bc5273792	EAP7 and wildfly adapter tests fixes. Execute enable-elytron-se17.cli for EAP7 and JDK-17. Closes https://github.com/keycloak/keycloak/issues/19273	2023-03-23 17:02:39 -03:00
Ayrat Hudaygulov	f578f91a0b	Fix ID token not being sent after expiration for OIDC logout Closes #10164	2023-03-23 13:01:02 +01:00
Ricardo Martin	1a622e707f	Flaky tests org.keycloak.testsuite.federation.sync.SyncFederationTest (#19095 ) Closes: https://github.com/keycloak/keycloak/issues/17430 Closes: https://github.com/keycloak/keycloak/issues/17431	2023-03-21 08:30:42 +01:00
Alexander Schwartz	513bb809f3	Add a map storage global locking implementation for JPA Closes #14734	2023-03-21 08:21:11 +01:00
rmartinc	bef0a4a6f1	Check frontendUrl in the hostname providers Closes https://github.com/keycloak/keycloak/issues/17686	2023-03-20 18:54:58 -03:00
Miquel Simon	80d3cc5dea	Added option for Chrome driver needed for version >= 111. Closes #19137	2023-03-20 13:09:23 +01:00
Pedro Igor	a30b6842a6	Decouple the policy enforcer from adapters and provide a separate library Closes keycloak#17353	2023-03-17 11:40:51 +01:00
rmartinc	cab7e50410	Better handling for SAML signatures in POST and REDIRECT bindings Closes https://github.com/keycloak/keycloak/issues/17456	2023-03-15 09:06:59 -03:00
Pedro Igor	af475ffe23	Fixing classloading issue due to the curated application being eagerly closed	2023-03-13 09:34:49 +01:00
vramik	31e4c5cb7e	Add `storage-jpa-db` property into Quarkus. Distinguish postgres and crdb for jpa map store. Closes #17305	2023-03-09 11:09:56 +01:00
Tero Saarni	9052ec2b02	Add admin events for realm create/delete. (#10831 ) Closes #10733	2023-03-07 15:57:06 +01:00
Simon Levermann	96c1cf3c49	Allow mapping of UserSessionNotes into UserInfo Fixes #15369	2023-03-07 15:25:14 +01:00
rmartinc	a56b38c5a6	Don't remove session and don't reset restart cookie if passive check error Closes https://github.com/keycloak/keycloak/issues/11340	2023-03-07 15:10:09 +01:00
rmartinc	06ff8b016c	Don't set REMEMBER_ME if it's disabled at realm level Closes https://github.com/keycloak/keycloak/issues/11330	2023-03-07 15:01:58 +01:00
Michal Hajas	837c64de3d	Add support for pessimistic locking to HotRod Closes #13273	2023-03-07 10:44:31 +01:00
mposolda	a0192d61cc	Redirect loop with authentication success but access denied at default identity provider closes #17441	2023-03-06 10:45:01 +01:00
Michal Hajas	465019bec4	Extract attachDevice outside of storage layer Closes #17336	2023-03-03 17:58:34 +01:00
Zakaria Amine	fb5a7f654b	trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100 ) closes #15098	2023-03-03 17:49:27 +01:00
Jon Koops	972ebb9650	Use a valid SemVer format for the SNAPSHOT version (#17334 ) * Use a valid SemVer format for the SNAPSHOT version * Update pom.xml * Update pom.xml --------- Co-authored-by: Stian Thorgersen <stianst@gmail.com> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2023-03-03 11:11:44 +01:00
Alexander Schwartz	1e4401f521	Avoid returning the same entity multiple times from separate searches Closes #15604	2023-03-02 08:21:38 +01:00
mposolda	b28bde542f	referrer_url is not correctly computed in account console closes #16484	2023-03-01 20:49:15 +01:00
Marek Posolda	59f4fe1c60	NPE on Theme after upgrade to 21 when parent or import theme not exists (#17350 ) * NPE on Theme after upgrade to 21 when parent or import theme not exists closes #17313 * Update per review	2023-03-01 15:46:37 +00:00
rmartinc	5cdf4d5791	Read-Only attributes should be modified if creation is delayed for LDAP Closes https://github.com/keycloak/keycloak/issues/16848	2023-03-01 11:26:57 +01:00
Pedro Igor	fbf5541802	Remove duplicated set-cookie header from response when expiring cookies Closes #17192	2023-02-27 14:17:27 -03:00
lpa	3cd413dee1	SOAP backchannel logout for SAML protocol Closes #16293	2023-02-27 14:24:12 +01:00
rmartinc	38a46726e4	Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers Closes https://github.com/keycloak/keycloak/issues/15624	2023-02-27 10:14:48 -03:00
Miquel Simon	923a321a55	Run WebAuthn IT with Chrome. (#17256 )	2023-02-23 20:58:13 +00:00
Václav Muzikář	557a22968c	Stabilize Account Console UI tests (#17243 ) Closes #17178 Closes #17102 Closes #17070 Closes #17045 Closes #17044 Closes #16875 Closes #16870 Closes #16715 Closes #16670 Closes #16646 Closes #16627 Closes #16620	2023-02-23 12:35:08 +01:00
rmartinc	f91ac2970d	Polish fips-mode switch for preview (#17228 ) * Polish fips-mode switch for preview Closes #17208 #17210 Co-authored-by: mposolda <mposolda@gmail.com>	2023-02-22 12:12:52 +01:00
drohwer89	4ff180da64	Terminating all sessions above the session limit (#16068 ) Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit. Closes #14689 Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-02-16 17:56:59 +01:00
rmartinc	9995a3cdd4	lastSync value into COMPONENT_CONFIG is always updated Closes https://github.com/keycloak/keycloak/issues/17022	2023-02-16 17:48:49 +01:00
mposolda	4f068fcdcc	Make https-trust-store-type set to bcfks by default in strict-mode Closes #17119	2023-02-16 08:00:21 -03:00
sui.jieqiang	1f6fa0501c	Fix search user groups without limit Closes #12649	2023-02-15 15:50:46 +01:00
vramik	7b604d6784	Sync properties in `map-storage-jpa-cocroach` with other profiles Closes #17107	2023-02-15 10:49:22 +01:00
Hynek Mlnarik	bb0eb899a7	Add ability to run arq testsuite with file store Fixes: #17032	2023-02-15 10:17:23 +01:00
Pedro Igor	9e46b9e43f	Handling events after transaction completion using a separate session Closes #15656	2023-02-14 13:10:57 +01:00
Václav Muzikář	a57821ed80	Fix JDK 17 InaccessibleObjectException with infinispan	2023-02-13 17:09:36 -03:00
Miquel Simon	48a22ff2f3	Added WebAuthn integration tests to CI workflow. (#16608 )	2023-02-13 12:28:25 +00:00
laskasn	dc8b759c3d	Use encryption keys rather than sig for crypto in SAML Closes #13606 Co-authored-by: mhajas <mhajas@redhat.com> Co-authored-by: hmlnarik <hmlnarik@redhat.com>	2023-02-10 12:06:49 +01:00
Marek Posolda	9cfc1fdfa9	Reduce the redundant tests in fips-suite (#16970 ) Closes #16969	2023-02-09 12:21:33 +01:00
Pedro Igor	017ddc670b	Removing references to old admin console test artifacts	2023-02-08 17:22:45 -03:00
Pedro Igor	423fc6daba	Flaky test KcOidcBrokerTokenExchangeTest (#16914 ) Closes #16896	2023-02-08 14:49:49 +00:00
Dmitry Telegin	5f39aeb590	Pre-authorization hook for client policies Closes #9017	2023-02-08 15:06:32 +01:00
Michal Hajas	6fa62e47db	Leverage HotRod client provided transaction Closes #13280	2023-02-08 10:26:30 +01:00
Stian Thorgersen	d3ba2ecbed	Remove old admin console theme (#16864 ) Closes #16862	2023-02-08 09:22:39 +01:00
Stian Thorgersen	4782a85166	Remove old admin console feature (#16861 ) * Remove old admin console feature Closes #16860 * Update help txt files for Quarkus tests	2023-02-07 12:59:35 +01:00
Pedro Igor	7b58783255	Allow mapping claims to user attributes when exchanging tokens Closes #8833	2023-02-07 10:57:35 +01:00
Thomas Darimont	e38b7adf92	Revise blacklist password policy provider #8982 - Reduce false positive probability from 1% to 0.01% to avoid rejecting to many actually good passwords. - Make false positive rate configurable via spi config - Revised log messages Supported syntax variant: `passwordBlacklist(wordlistFilename)` Fixes #8982 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-02-07 10:36:39 +01:00
Martin Kanis	5ba004b447	Leverage Infinispan lifespan for ExpirableEntities in HotRod storage	2023-02-07 10:01:32 +01:00
Stian Thorgersen	fc075a3d35	Remove old admin console tests (#16859 ) Closes #16858	2023-02-07 08:51:36 +01:00
Denis Bernard	5db64133b8	Add Attribute to Group Mapper for SAML IDP Cleansing code as PR Comment Add test for Advanced Attribute to Group Mapper Closes #12950	2023-02-06 10:58:48 -03:00
Pedro Igor	1a1ee78dbd	Removing tests from base group broker mapper test classes	2023-02-06 10:58:48 -03:00
Pedro Igor	d97b9c48c4	Make sure PBKDF2 providers are using the expect size for derived keys (#16798 ) Closes #16797	2023-02-03 15:31:25 +01:00
rmartinc	f8f112d8d2	Upgrade twitter4j (#16828 ) Closes https://github.com/keycloak/keycloak/issues/16731	2023-02-03 15:28:37 +01:00
Stian Thorgersen	0fa209c29a	WelcomeScreenTest#resourcesTest (#16761 ) * Fix WelcomeScreenTest#resourcesTest Closes #16669 * Add one more retry	2023-02-03 09:41:48 +01:00
Marek Posolda	51bed81814	Fixes for OOB endpoint and KeycloakSanitizer (#16773 ) (cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)	2023-02-02 08:34:50 +01:00
Pedro Igor	e3c41ec3a0	Ignoring test methods from parent classes Closes #15687	2023-02-01 14:58:03 -08:00
Stian Thorgersen	d9025231f9	HTML Injection in Keycloak Admin REST API (#16765 ) Resolves #GHSA-m4fv-gm5m-4725 Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2023-02-01 14:34:15 +01:00
Marek Posolda	33ff9ef17e	Fix remaining failing tests with BCFIPS approved mode (#16699 ) * Fix remaining failing tests with BCFIPS approved mode Closes #16698	2023-01-30 16:01:57 +01:00
mposolda	7f017f540e	BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication Closes #16678	2023-01-30 08:40:46 +01:00
Martin Kanis	c4255e7301	Wrong property for events in map-storage-hot-rod on Undertow	2023-01-27 14:24:34 +01:00
mposolda	5591b5198b	Still test failures with BCFIPS approved mode due the hardcoded keys Closes #16643	2023-01-26 15:50:29 +01:00
Pedro Igor	f6602e611b	Allow managing the username idn homograph validator Closes #13346	2023-01-26 04:55:43 -08:00
mposolda	a804400c84	Added KERBEROS feature. Disable it when running tests on FIPS closes #14966	2023-01-25 18:38:46 +01:00
mposolda	16888eaeab	Only available RSA key sizes should be shown in admin console Closes #16437	2023-01-25 13:15:07 +01:00
mposolda	29888dbf1a	Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant Closes #12420	2023-01-25 08:26:15 +01:00
Miquel Simon	83147a67a0	Added New Account Console Tests to CI workflow. (#16547 )	2023-01-24 16:01:03 +01:00
Hynek Mlnarik	977cc473bb	Fix linebreaks in XML / SAML signatures See https://bugs.openjdk.org/browse/JDK-8264194 See https://issues.apache.org/jira/browse/SANTUARIO-482 Fixes: #14529	2023-01-23 15:39:10 +01:00
Martin Bartoš	7d6e22bedd	DateTimeParse failures in New Account Console tests (#16531 ) Fixes #16514	2023-01-19 09:39:03 -05:00
Konstantinos Georgilakis	c73859794e	Short verification_uri for Device Authorization Request Closes #16107	2023-01-18 08:34:52 +01:00
Pedro Igor	33cb1ad7cd	Support runnning tests using an embedded distribution Closes #16420	2023-01-13 12:03:36 -08:00
mposolda	79fa6bb3c9	Initial support for running testsuite in BCFIPS approved mode Closes #16429	2023-01-13 02:59:06 -08:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID，BIN MUHAMMADZAKWAN	cc6597967a	Refactoring ClientPoliciesTest Closes #14795	2023-01-12 09:38:12 +01:00
Pedro Igor	9945135861	Verify if token is revoked when validating bearer tokens (#16394 ) Closes #16388	2023-01-11 14:42:29 +01:00
mposolda	ac490a666c	Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key Closes #16324	2023-01-10 20:39:59 +01:00
Miquel Simon	7bd78f604a	Added MariaDB to Legacy Store IT. (#16157 )	2023-01-10 17:37:27 +01:00
Pedro Igor	d797d07d8f	Ignore user profile attributes for service accounts Closes #13236	2023-01-10 16:26:53 +01:00
mposolda	4d55c6a647	Adding SAML tests for FIPS - with addition of XMLDSig security provider Closes #14969	2023-01-10 08:37:03 +01:00
Pedro Igor	53ee95764e	Do not show username field when updating profile if UPDATE_EMAIL feature is enabled and email as username is enabled Closes #16263	2023-01-06 14:12:47 +01:00
Réda Housni Alaoui	141c9dd803	update-email: email change does not affect the username when "Email as username" option is checked (#15583 ) Closes #13988	2023-01-06 14:04:48 +01:00
Miquel Simon	c2682157fb	Added MS SQL Server to Legacy Store IT. (#16121 ) * Added MS SQL Server to Legacy Store IT. * Update testsuite/integration-arquillian/pom.xml Co-authored-by: Stian Thorgersen <stianst@gmail.com> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2023-01-06 08:55:09 +01:00
Réda Housni Alaoui	dbe0c27bcf	Allowing client registration access token rotation deactivation	2023-01-05 20:53:57 +01:00
mposolda	e374e309c6	Deprecate SHA1 based algorithms for sign SAML documents and assertions Closes #16240	2023-01-05 20:45:20 +01:00
Michal Hajas	6566b58be1	Introduce Infinispan GlobalLock implementation Closes #14721	2023-01-05 16:58:44 +01:00
Hynek Mlnarik	071fc03f41	Move transaction processing into session close Fixes: #15223	2023-01-05 16:12:32 +01:00
Stian Thorgersen	6c1f981eec	Fix UserTest.sendResetPasswordEmailWithCustomLifespan (#16233 ) Closes #16232	2023-01-04 13:03:33 +01:00
Stian Thorgersen	7dc16c69cb	Force refreshing token for admin client if time offset is set (#16242 ) Closes #16143	2023-01-04 13:03:10 +01:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID，BIN MUHAMMADZAKWAN	ce6b737e33	NPE in userinfo endpoint Closes #15429	2023-01-02 13:53:29 +01:00
Miquel Simon	9bb5b08015	Added Oracle to Legacy Store IT. (#16097 )	2022-12-21 08:15:38 +01:00
mposolda	36bd76957d	Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL Closes #15721	2022-12-20 21:03:55 +01:00
Michal Hajas	c79d29e68c	Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile Closes #16046	2022-12-20 17:51:40 +01:00
Alexander Schwartz	1d758fac2b	Adding CRDB into GHA for the new store (#16021 ) The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds. Closes #16020	2022-12-17 08:50:21 +01:00
Pedro Igor	857b02be63	Allow managing the required settigs for the email attribute Closes #15026	2022-12-15 13:11:06 -08:00
Pedro Igor	782d145cef	Allow updating authz settings via default client registration provider Closes #9008	2022-12-15 20:43:43 +01:00
Stian Thorgersen	c1b0f2a6ab	Rebalanace BaseIT test groups (#16007 )	2022-12-15 08:52:30 +01:00
Stian Thorgersen	a5670af745	Keycloak CI workflow refactoring (#15968 ) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>	2022-12-14 16:12:23 +01:00
Stian Thorgersen	0f2ca3bfdd	fixes from release/20 (#15982 ) * Avoid path traversal vis double-url encoding of redirect URI (#8) (cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f) * Do not resolve user session if corresponding auth session does not exist (#7) * Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9) Co-authored-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2022-12-14 07:46:17 +01:00
Stian Thorgersen	30cc16e648	Move authorization tests into authz package (#15957 ) Closes #15956	2022-12-12 18:09:11 +01:00
Michal Hajas	de7dd77aeb	Change id of TermsAndConditions required actions to uppercase Closes #9991	2022-12-07 10:51:37 -03:00
mposolda	f4e91a5312	The redirect URI cannot be verified during logout in the case when client was removed closes #15866	2022-12-07 08:20:30 +01:00
mposolda	264c5a6cdb	Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms Closes #14968	2022-12-06 13:02:46 +01:00
Pedro Igor	022d2864a6	Make sure JAX-RS resource methods are advertizing the media type they support Closes #15811 Closes #15810	2022-12-06 08:13:43 -03:00
Stian Thorgersen	2f0d8cd895	Move hok, par, and rar tests to oauth package (#15834 ) Closes #15833	2022-12-05 15:42:20 +01:00
Michal Hajas	59ccae76cb	Fix flaky JS test (#15804 ) Closes #15761 Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2022-12-05 13:16:04 +01:00
Stian Thorgersen	8e6437e596	Fix Flaky test: RequiredActionTotpSetupTest.setupTotpExistingReusableCodeDisabled (#15779 ) Closes #15564	2022-12-01 10:41:46 +01:00
Hynek Mlnařík	60ce949304	Ignore unknown clients in LDAP role mapper Fixes: #10958	2022-12-01 09:51:05 +01:00
Stian Thorgersen	c24bc1bab0	Tweak time offset in RefreshTokenTest (#15760 ) Closes #15718	2022-11-30 16:11:46 +01:00
Stian Thorgersen	c3c858c88a	Fix OpenshiftClientStorageTest.testCodeGrantFlowWithServiceAccountUsingOAuthRedirectReference (#15741 ) Closes #15565	2022-11-29 14:20:21 +01:00
dependabot[bot]	3a35b05253	Bump ant in /testsuite/integration-arquillian/tests Bumps ant from 1.9.15 to 1.10.11. --- updated-dependencies: - dependency-name: org.apache.ant:ant dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2022-11-28 12:03:47 -03:00
Miquel Simon	88bc5e2307	Use different Postgres image in Testcontainers. Upgraded Testcontainers dependency to 1.17.5.	2022-11-28 10:57:14 +01:00
mposolda	3e9c729f9e	X.509 authentication fixes for FIPS Closes #14967	2022-11-25 11:50:30 +01:00
Stefan Guilhen	5c2a5fac31	Enable all test methods in ConcurrentLoginTest for JPA Map Storage - Tests still disabled for Hotrod and CHM - Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB. Closes #12707 Closes #13210	2022-11-24 13:36:22 +01:00
Lex Cao	dd03137ea7	Strip secret of user when creating from admin API Closes #14843	2022-11-24 11:38:42 +01:00
Nagy Vilmos	4b6b607fe9	Should not hide IDP from login page (#14174 ) Closes #14173	2022-11-23 10:49:21 +01:00
rmartinc	b7188c3891	Unknown bind DN using LDAP anonymous bind aka bind type none (#15546 ) Closes #15497	2022-11-23 10:23:46 +01:00
danielFesenmeyer	18381ecd2e	Fix update of group mappers on certain changes of the group path The group reference in the mapper was not updated in the following cases: - group rename: when an ancestor group was renamed - (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed Closes #15614	2022-11-23 10:12:34 +01:00
cgeorgilakis-grnet	085dd24875	Client registration service do not check client protocol for Bearer token Closes #15612	2022-11-23 08:49:13 +01:00
Stefan Guilhen	f8df04b3b8	Fix UserSessionProviderTest.testOnClientRemoved on CRDB Closes #15558	2022-11-21 13:05:11 +01:00
Michal Hajas	6d683824a4	Deprecate DBLockProvider and replace it with new GlobalLockProvider Closes #9388	2022-11-16 16:13:25 +01:00
Martin Kanis	5e891951f5	Update Infinispan version to 14.0.2.Final	2022-11-16 14:56:45 +01:00
Douglas Palmer	9f532eecaf	Weird export/re-import behaviour regarding post.logout.redirect.uris Closes #14884	2022-11-15 09:24:32 +01:00
vramik	021189f190	Make GHA Map-JPA base testsuite running with Quarkus Co-authored-by: Martin Batros <mabartos@redhat.com> Closes #13725	2022-11-10 10:08:14 +01:00
Jia Chen	c3d53ae6e0	Returns an empty groups stream without querying the database if a user doesn't belong to any groups Closes #12567	2022-11-09 13:07:42 +01:00
danielFesenmeyer	ec30c52a00	Fix paging on the "Users in role" endpoint, when JPA persistence is used - add order-by-clause to the corresponding JPA query (ordering by username ASC) - adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles) - adjust tests to use the new method and check that the expected order is returned Closes #14772	2022-11-07 20:44:06 +01:00
stianst	1de9c201c6	Refactor Profile Closes #15206	2022-11-07 07:28:11 -03:00
Marek Posolda	c0c0d3a6ba	Short passwords with PBKDF2 mode working (#14437 ) * Short passwords with PBKDF2 mode working Closes #14314 * Add config option to Pbkdf2 provider to control max padding * Update according to PR review - more testing for padding and for non-fips mode	2022-11-06 14:49:50 +01:00
Marek Posolda	f616495b05	Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299 ) closes #14965	2022-11-03 16:35:57 +01:00
Marek Posolda	2ba5ca3c5f	Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114 ) Closes #14794	2022-11-03 09:32:45 +01:00
Stian Thorgersen	cf913af823	Add support for Microsoft Authenticator (#15272 ) Closes #15271	2022-11-02 12:56:07 +01:00
Stian Thorgersen	cac4c43052	Remove AccountPasswordPage from testsuite (#15204 ) Closes #15200	2022-11-02 06:20:39 +01:00
Alexander Schwartz	dd5a60c321	Allow a partial import to overwrite the default role Closes #9891	2022-11-01 15:35:02 -03:00
Pedro Igor	f6985949b6	Close the session within resteasy boundaries (#15193 ) Closes #15192	2022-11-01 11:06:34 +01:00
Stian Thorgersen	17117820cc	Remove AccountFormServiceTest (#15197 ) Closes #15196	2022-10-28 12:26:59 +02:00
Michal Hajas	883e83e625	Remove deprecated methods from data providers and models Closes #14720	2022-10-25 09:01:33 +02:00
Alexander Schwartz	9b80bad391	Stabilize test testAccountManagementLinkIdentity by waiting for username to appear Closes #15054	2022-10-24 19:19:27 +02:00
Stian Thorgersen	29b8294dd6	Filter list of supported OTP applications by current policy (#15113 ) Closes #15112	2022-10-24 16:47:16 +02:00
mposolda	55c514ad56	More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS Closes #14964	2022-10-24 08:36:37 +02:00
Stian Thorgersen	97ae90de88	Remove Red Hat Single Sign-On product profile from upstream (#14697 ) * Remove Red Hat Single Sign-On product profile from upstream Closes #14916 * review suggestions: Remove Red Hat Single Sign-On product profile from upstream Closes #14916 Co-authored-by: Peter Skopek <pskopek@redhat.com>	2022-10-18 14:43:04 +02:00
Marek Posolda	0756ef9a75	Initial integration tests with BCFIPS distribution (#14895 ) Closes #14886	2022-10-17 23:33:22 +02:00
Stian Thorgersen	f7490b7f7c	Fix issue where admin2 was not enabled by default if account2 was disabled (#14914 ) Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation Closes #14889	2022-10-17 15:17:54 +02:00
vramik	f49582cf63	MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable Closes #14678	2022-10-14 09:32:38 +02:00
danielFesenmeyer	f80a8fbed0	Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving - no longer throw an exception, when a role or group cannot be found, log a warning instead - update mapper references in case of the following events: - moving a group - renaming a group - renaming a role - renaming a client's Client ID (may affect role qualifiers) - in case a role or group is removed, the reference still will not be changed - extend and refactor integration tests in order to check the new behavior Closes #11236	2022-10-13 13:23:29 +02:00
Martin Kanis	761929d174	Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677 ) Closes #13334	2022-10-13 09:26:44 +02:00
Lex Cao	8ea3f30d82	Support profile projection parameter for LinkedIn IDP Closes #13384	2022-10-11 15:22:00 -03:00
Takashi Norimatsu	148c7695ff	Pluggable Features of Token Manager Closes #12065	2022-10-07 08:43:34 +02:00
Marek Posolda	425b6b8df2	Parameters 'client_id' and 'response_type' not strictly required in O… (#14679 ) * Parameters 'client_id' and 'response_type' not strictly required in OIDC request object Closes #14255	2022-10-05 11:20:15 +02:00
Douglas Palmer	44aae52fb4	Fixed locale switcher on error page (#14728 ) Closes #14205	2022-10-05 10:30:07 +02:00
Marek Posolda	c59660ca86	KEYCLOAK_SESSION not working for some user federation setups when user ID has special chars (#14560 ) closes #14354	2022-10-05 08:59:30 +02:00
Marek Posolda	fb24c86a3b	offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 (#14658 ) closes #13706	2022-10-03 12:54:12 +02:00
Stian Thorgersen	390c7485c7	Remove WildFly dist modules (#14675 ) Closes #14307	2022-09-30 14:26:55 +02:00
Alice Wood	1eb7e95b97	enhance existing group search functionality allow exact name search keycloak/keycloak#13973 Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>	2022-09-30 10:37:52 +02:00
Martin Bartoš	a20d6e2f1f	Remove JBoss-based auth servers from the testsuite (#14317 ) Closes #14299	2022-09-30 09:41:57 +02:00
Marcelo Daniel Silva Sales	22713bc144	Incorrect error message OIDC client authentication (#14656 ) closes #12162 Co-authored-by: Pedro Hos <pedro-hos@outlook.com>	2022-09-30 09:40:05 +02:00
David Anderson	a8db79a68c	Introduce crypto module using Wildfly Elytron (#14415 ) Closes #12702	2022-09-27 08:53:46 +02:00
Alexander Schwartz	be2deb0517	Modify RealmsAdminResource.importRealm to work with InputStream Closes #13609	2022-09-26 20:58:08 +02:00
Alice Wood	55a660f50b	enhance group search to allow searching for groups via attribute keycloak/keycloak#12964 Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2022-09-19 15:19:36 +02:00
Takashi Norimatsu	0a832fc744	Intent support before issuing tokens (UK OpenBanking) Closes #12883	2022-09-19 12:15:00 +02:00
Martin Bartoš	d4130b0c6b	Admin Console tests failing (#14404 ) Fixes #10997	2022-09-17 08:23:19 +02:00
rmartinc	cc9326fcad	Delay LDAPObject creation until mandatory attributes are set (#14341 ) Closes #14286	2022-09-16 20:35:50 +02:00
Dmitry Telegin	cc2117bf7c	UserInfo endpoint not fully standards compliant Closes #14184	2022-09-16 10:15:08 +02:00
danielFesenmeyer	3af1134975	Update IDP link username when sync mode is "force" Closes #13049	2022-09-14 08:02:17 -03:00
Martin Bartoš	ed3d003d65	Remove Legacy migration tests from testsuite (#14310 ) Closes #14300	2022-09-14 11:29:53 +02:00
Václav Muzikář	e999aeeab8	Fix `DefaultHostnameTest` on Undertow	2022-09-13 14:41:23 -03:00
Martin Bartoš	aa5a4e3d84	Remove remote WildFly server from the testsuite (#14321 ) Closes #14319	2022-09-13 12:49:40 +02:00
fwojnar	cee69e1abc	Remove Server Config Migration tests from testsuite (#14334 ) Closes #14303 Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2022-09-13 12:47:35 +02:00
fwojnar	a58f0593a6	Remove Clean Start test from testsuite (#14345 ) Closes #14305 Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2022-09-13 12:46:55 +02:00
Václav Muzikář	490590625d	Fix `listApplicationsThirdParty`	2022-09-13 08:33:31 +02:00
Jurjan-Paul Medema	eb0124e3e1	Mapper option 'Aggregate attribute values' is now applied to group hierarchy (#7871 ) Closes #11255	2022-09-12 13:34:28 +02:00
Christoph Leistert	7e5b45f999	Issue #8749 : Add an option to control the order of the event query and admin event query	2022-09-11 21:30:12 +02:00
Alexander Schwartz	1d2d3e5ca5	Move UserFederatedStorageProvider into legacy module Closes #13627	2022-09-11 18:37:45 +02:00
Pedro Igor	3518362002	Validate auth time when max_age is sent to brokered OPs Closes #14146	2022-09-09 10:30:51 -03:00
Pedro Igor	a0079b516b	Allow setting response mode (#14104 ) Closes #14083	2022-09-09 14:28:47 +02:00
Martin Bartoš	0fcf5d3936	Reuse of token in TOTP is possible Fixes #13607	2022-09-09 08:56:02 -03:00
Marek Posolda	040e52cfd7	SAML javascript protocol mapper: disable uploading scripts through admin console by default (#14293 ) Closes #14292	2022-09-09 13:47:51 +02:00
vramik	869ccc82b2	Enable MapUserProvider storing username with the letter case significance Closes #10245 Closes #11602	2022-09-09 11:46:11 +02:00
Dominik Guhr	f2b02f19e6	Closes #13786	2022-09-07 18:29:26 +02:00
cgeorgilakis	07b0df8f62	View groups from account console (#7933 ) Closes #8748	2022-09-07 11:25:31 +02:00
Lex Cao	1f197aa96b	Add basic auth compliant to RFC 6749 (#14179 ) Closes #14179	2022-09-07 10:09:30 +02:00
Christoph Leistert	cc2bb96abc	Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.	2022-09-06 21:31:31 +02:00
Thomas Peter	19d69169b1	introduce expiration option for admin events	2022-09-06 16:05:53 +02:00
Pedro Igor	a6137b9b86	Do not empty attributes if they are not provided when user profile is enabled Closes #11096	2022-09-06 12:59:05 +02:00
Michal Hajas	f69497eb28	KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants Closes #14018	2022-09-06 10:38:28 +02:00
Sergey Ch	860c3fbbd3	KEYCLOAK-17263 Add exact searching for users (#8059 ) Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2022-09-01 19:27:24 +02:00
Thomas Darimont	43623ea9d0	KEYCLOAK-18499 Add max_age support to oauth2 brokered logins Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)	2022-09-01 09:24:44 -03:00
Joerg Matysiak	a8019d78e7	Fixed handling of required setting for email in user profile. Resolves #13923	2022-08-31 17:19:19 -03:00
Martin Bartoš	677579fce6	Environment variables for admin creation in testsuite Closes #14102	2022-08-31 07:29:55 -03:00
Nagy Vilmos	f6db484172	Keep the locale related authNotes through the IdentityBroker flow. (#10444 ) Closes #8827	2022-08-31 09:37:26 +02:00
Martin Bartoš	e6a5f9c124	Default required action providers are still available after feature disabling Closes #13189	2022-08-31 08:42:47 +02:00
Martin Bartoš	94de015440	Cannot build base testsuite due to missing dependency related to WF (#14079 ) Fixes #14072	2022-08-30 18:52:05 +02:00
Stian Thorgersen	eece543ede	Remove AddUserTest as it was specific to the WildFly distribution (#14091 ) Closes #14072	2022-08-30 16:57:44 +02:00
Manato Takai	1cdc21f0ff	Add duplicate parameter check for UserInfo endpoint. (#14024 ) Closes #14016	2022-08-30 14:39:15 +02:00
Pedro Igor	917e8668cb	Fixing error when activating webauthn profile Related #14005	2022-08-30 13:55:02 +02:00
Martin Bartoš	090f7f89d5	Cannot execute Old Admin Console tests (#13887 ) Fixes #14005	2022-08-29 13:41:22 +02:00
Joerg Matysiak	62790b8ce0	Allow permission configuration for username and email in user profile. Enhanced Account API to respect access to these attributes. Resolves #12599	2022-08-25 21:54:51 -03:00
Michal Hajas	05b9e6d59e	Upgrade Infinispan to 13.0.10.Final (#13910 ) Closes #12306	2022-08-25 13:09:34 +02:00
Christoph Leistert	5408d25e09	Fixes #10656 : Sub realm localization GET endpoints can be called using tokens issued by the master realm. (#10660 ) * Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm. * Fixes #10656: Added some tests	2022-08-25 09:02:07 +02:00
Markus Till	7f999a4629	integration.admin-client: Add exact search for all dedicated user attributes (#13361 ) Closes #13360	2022-08-25 08:57:31 +02:00
Arnaud Martin	af0d97e534	Delete broker links for federated users when an identity provider is deleted Closes #13731	2022-08-25 08:24:09 +02:00
Pedro Igor	ddcf0f45f9	Run import within the context of the realm being imported Closes #12289	2022-08-25 08:18:43 +02:00
Pedro Igor	25be07be17	Allow introspecting tokens issued during token exchange with delegation semantics Closes #9337	2022-08-24 09:47:04 -03:00
Takashi Norimatsu	8c1ea4b47c	mTLS binding support for password grant Closes #13662	2022-08-24 11:44:48 +02:00
Konstantinos Georgilakis	c5b9dc1e7b	set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext) Closes #13162	2022-08-23 17:33:07 +02:00
Konstantinos Georgilakis	baa89debd9	Correct isValidScope method of TokenManager for Dynamic scopes Closes #13158	2022-08-23 16:30:04 +02:00
Lex Cao	6b1c64a1a9	Add rememberMe to a user session representation(#13408 ) (#13765 ) Closes #13408	2022-08-23 15:28:52 +02:00
Konstantinos Georgilakis	2002fd983b	Showing consent screen text instead of scope name in consent part of Application page in Account console Closes #13109	2022-08-23 11:22:31 +02:00
rishabhsvats	c223291a1e	Adds REGISTER event when new user login through first broker flow Updates KcOidcBrokerEventTest, AbstractFirstBrokerLoginTest to factor in REGISTER event in first broker flow Closes #11646 Correcting Indentation of AbstractFirstBrokerLoginTest	2022-08-23 10:43:56 +02:00
Stefan Guilhen	f84fdfa8ef	Fix UserSessionProviderTest failures with CockroachDB (#13891 ) - move assertions to a separate tx due to CRDB's SERIALIZABLE isolation level Closes #13211	2022-08-23 09:57:13 +02:00
Sebastian Schuster	53472e097c	13647 fixed wrong feature flag for checking admin fine-grained authz	2022-08-22 09:34:12 -03:00
Stefan Guilhen	5775e7c4ba	Fix ConcurrentTransactionsTest failure with CockroachDB (#13890 ) - realm has to be removed in a separate tx due to CRDB's SERIALIZABLE isolation level Closes #13211	2022-08-22 08:39:14 +02:00
Pedro Igor	eda33a0b21	Concurrency issue when caching JS policies Closes #12204	2022-08-17 16:30:32 -03:00
Pedro Igor	15bbb46657	Avoid removing static path config from cache Closes #9855	2022-08-17 16:29:59 -03:00
Martin Bartoš	5a2852530f	Fix DB tests for Quarkus Fixes #13642	2022-08-17 10:23:05 -03:00
Pedro Igor	841c65d24f	Return 404 when invoking authorization endpoints in case authz settings are disabled Closes #10151	2022-08-16 16:37:44 -03:00
Michal Hajas	ab431e3bd9	Fix KeycloakQuarkusServerDeployableContainer to correctly configure map store Closes #13721	2022-08-11 16:55:06 +02:00
Pedro Igor	e3af0610e2	Support running base testsuite on Windows Closes #12648 Co-authored-by: Dominik Guhr <dguhr@redhat.com>	2022-08-10 20:03:53 -03:00
Markus Till	fa383bf76c	Suppress confirmation screen for logout in oidc (#13471 ) Closes #13469	2022-08-10 18:25:50 +02:00
Michal Hajas	d55d110ff9	Run Infinispan using Testcontainers in base testsuite Closes #13620	2022-08-10 16:36:44 +02:00
Marcelo Daniel Silva Sales	e44cea587f	NullPointer during OIDC logout client disabled (#13424 ) closes #12624	2022-08-08 12:34:09 +02:00
Tero Saarni	2392af157b	Forward quarkus server output to console in testsuite	2022-08-05 09:48:48 -03:00
Sebastian Knauer	21f700679f	KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper	2022-08-03 13:07:12 +02:00
Marek Posolda	7e925bfbff	Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup (#13406 ) Closes #13128	2022-07-29 18:03:56 +02:00
Hynek Mlnarik	143e6bc932	Replace undertow-map with quarkus-map Fixes: #12652	2022-07-27 14:08:38 +02:00
Stian Thorgersen	ae33af92d9	Promote new admin console to default (#13243 ) Closes #13242	2022-07-27 10:13:49 +02:00
Pedro Hos	ee2c5391bd	Possible client enumeration in the authorization endpoint Closes #12164	2022-07-26 09:10:06 +02:00
Douglas Palmer	c00514d659	Support for post_logout_redirect_uris in OIDC client registration (#12282 ) Closes #10135	2022-07-25 10:57:52 +02:00
Dominik Guhr	9bb1299d89	change optimised to optimized also: fix kc.bat to not use autobuild in devmode anymore, fix containers.adoc to not use auto_build naming, fix build command cli help as it is not required anymore to run it beforehand.	2022-07-22 10:29:07 -03:00
Stian Thorgersen	a251d785db	Remove text based login flows (#13249 ) * Remove text based login flows Closes #8752 * Add display param back in case it's used by some custom authenticators	2022-07-22 15:15:25 +02:00
Alexander Schwartz	cb81a17611	Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory Provide startup time in UserSessionProvider independent of Infinispan, cleanup code that is not necessary for the map storage as it isn't using Clustering. Move classes to the legacy module. Closes #12972	2022-07-22 08:20:00 +02:00
Douglas Palmer	adeef6c2a0	Partial import feature does not import Identity Provider mappers in Keycloak #12861	2022-07-21 18:04:15 +02:00
Stefan Guilhen	e9c55f45e5	Enable action token JPA provider in map-storage-jpa profile Closes #13139	2022-07-20 16:30:20 -03:00
Pedro Igor	3631a413d2	Allow token exchange when subjec_token is not associated with a session Closes #12596	2022-07-20 15:42:26 -03:00
Martin Bartoš	1b9a3bf51a	Cannot use WebAuthn with WildFly distribution Fixes #12762	2022-07-20 09:59:44 -03:00
Lex Cao	f0988a62b8	Use base64 url decoded for client secret when authenticating with Basic Auth (#12486 ) Closes #11908	2022-07-16 09:38:41 +02:00
Pedro Igor	89028613d8	Introducing --optimise option Closes #10737	2022-07-15 15:12:17 -03:00
Marcelo Daniel Silva Sales	f7a80409a9	Add flow to generate secret length based on signature algorithm (#13107 ) Closes #9376	2022-07-15 11:06:07 +02:00
Vlasta Ramik	ec853a6b83	JPA map storage: User / client session no-downtime store (#12241 ) Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Closes #9666	2022-07-14 12:07:02 -03:00
Alexander Schwartz	b8d5e01cf3	Avoid using old legacy-store API in the test suite (#13077 )	2022-07-13 09:58:01 -03:00
kz-masa	d26cff270f	Delete unnecessary import statements (#12935 ) (#12936 )	2022-07-12 19:37:15 -03:00
Martin Bartoš	216922233a	Remote base tests don't work with WildFly (#12842 ) Fixes #12841	2022-07-12 15:14:09 +02:00
Martin Kanis	4b43612806	Disable WARN logging for Hot Rod RemoteQuery class	2022-07-11 16:48:56 -03:00
Pedro Igor	5b48d72730	Upgrade Resteasy v4 Closes #10916 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2022-07-11 12:17:51 -03:00
Martin Bartoš	07ab29378b	Make WebAuthn required actions enabled by default Closes #12723	2022-07-11 15:32:40 +02:00
Michal Hajas	0f86427dd0	Make user->client sessions relationship consistent Closes #12817	2022-07-11 08:42:28 -03:00
Martin Bartoš	17f1d04960	Possibility to execute DB migration tests for Quarkus distribution (#12688 ) Closes #12685	2022-07-11 12:23:41 +02:00
fwojnar	7fccdb10d8	Fixing ClientPoliciesTest failure (#12670 ) Closes #10633 Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2022-07-11 12:22:25 +02:00
Takashi Norimatsu	29aad9dc45	PAR logic affecting /auth endpoint Closes #9289	2022-07-11 11:56:37 +02:00
Alexander Schwartz	29a501552e	Disable the JpaUserFederatedStorageProvider when map storage is enabled Closes #12895	2022-07-07 10:47:42 -03:00
Alexander Schwartz	d91a5eb99f	Move methods from UserStorageUtil to LegacyRealmModel It is better suited to take methods removed from RealmModel earlier. Closes #12805	2022-07-07 09:57:17 -03:00
Stefan Guilhen	dc88dd5286	Users Map JPA implementation (#12871 )	2022-07-05 11:19:31 -03:00
Alexander Schwartz	098d4dda0e	Split PublicKeyStorageProvider (#12897 ) Split PublicKeyStorageProvider - Extract clearCache() method to separate interface and move it to the legacy module - Make PublicKeyProvider factories environment dependent - Simple map storage for public keys that just delegates Resolves #12763 Co-authored-by: Martin Kanis <mkanis@redhat.com>	2022-07-05 09:57:51 -03:00
Stefan Guilhen	007fa1f374	Single Use Objects Map JPA implementation Closes #9852	2022-07-04 10:05:51 -03:00
Alexander Schwartz	4b20e90292	Move session persistence package to legacy-private module Also, disabling the jpa session persister when map storage is enabled. Closes #12712	2022-07-04 10:05:26 -03:00
Konstantinos Georgilakis	32f8f30f36	Include 'urn:ietf:params:oauth:grant-type:token-exchange' in grant_types_supported field of Keycloak OP metadata, if token-exchange is enabled closes #10888	2022-06-30 17:13:47 -03:00
Jon Koops	06d1b4faab	Restore enum variant of ResourceType This reverts commit `3b5a578934`.	2022-06-30 12:20:51 -03:00
Alexander Schwartz	ddeab744d0	Moving RoleStorageProviderModel to the legacy modules Closes #12656	2022-06-29 20:04:32 +02:00
vramik	3b5a578934	Change enum ResourceType to interface with String constants Closes #12485	2022-06-29 13:35:11 +02:00
Lex Cao	c3c8b9f0c8	Add `client_secret` to response when `token_endpoint_auth_method` is not `private_key_jwt` (#12609 ) Closes #12565	2022-06-29 10:19:18 +02:00
Clara Fang	4643fd09e3	Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() This should reduce GC pressure. Closes #12644	2022-06-29 08:53:09 +02:00
Konstantinos Georgilakis	ccc0449314	json device code flow error responses closes #11438	2022-06-29 07:23:02 +02:00
Marek Posolda	be1e31dc68	Introduce crypto/default module. Refactoring BouncyIntegration (#12692 ) Closes #12625	2022-06-29 07:17:09 +02:00
danielFesenmeyer	b6d8c27cac	OIDC logout: In "legacy mode", support post_logout_redirect_uri param without requiring id_token_hint param Closes #12680	2022-06-28 14:36:03 +02:00
leandrobortoli	c5d5659100	Fixed bug on client credentials grant when encryption key not found Closes #12348	2022-06-27 13:00:21 +02:00
Lex Cao	f8a7c8e160	Validate name of client scope (#12571 ) Closes #12553	2022-06-27 12:26:18 +02:00
Pedro Igor	3d2c3fbc6a	Support JSON objects when evaluating claims in regex policy Closes #11514	2022-06-23 14:04:09 -03:00
Pedro Igor	d3a40e8620	Use backend baseURL for UMA-related backend endpoints Closes #12549	2022-06-23 10:35:26 -03:00
Takashi Norimatsu	a10eef882f	DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent Closes #12455	2022-06-22 13:01:35 +02:00
Takashi Norimatsu	d396ee7d30	CIBA flow : no error on invalid scope Closes #12589	2022-06-22 12:55:55 +02:00
rmartinc	711440e513	[#11036 ] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL	2022-06-21 10:52:25 -03:00
Stefan Guilhen	7d96f3ad5a	Events Map JPA implementation Closes #9667	2022-06-21 13:53:48 +02:00
Hynek Mlnarik	26198e4b0b	Disable tests irrelevant for map storage	2022-06-21 08:53:06 +02:00
Alexander Schwartz	d41764b19b	Inline deprecated methods in legacy code	2022-06-21 08:53:06 +02:00
Alexander Schwartz	08bbb1fb92	Move LDAP REST Endpoints to LDAP package - Thus remove implicit dependency on services on the legacy modules - Disable tests for LDAP/Kerberos that won't work when map storage is enabled	2022-06-21 08:53:06 +02:00
Alexander Schwartz	1bc6133e4e	redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos)	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	e396d0daa1	Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager(): - class SingleUserCredentialManager to SingleEntityCredentialManager - method UserModel.getUserCredentialManager() to credentialManager() Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession	2022-06-21 08:53:06 +02:00
Alexander Schwartz	6f287e7ded	Avoid using methods on UserCredentialStoreManager	2022-06-21 08:53:06 +02:00
Alexander Schwartz	82094d113e	Move User Storage SPI, introduce ExportImportManager	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	703e868a51	Preparation for moving User Storage SPI - Introduction of new AdminRealmResource SPI - Moving handler of /realm/{realm}/user-storage into model/legacy-service - session.users() and userStorageManager() moved refers legacy module IMPORTANT: Broken as UserStorageSyncManager is not yet moved	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	247ff52187	Introduce legacy datastore module and update dependencies	2022-06-21 08:53:06 +02:00
Martin Bartoš	d8112d7b7e	DB migration tests execution for Quarkus (#12525 ) Closes #12524	2022-06-20 10:12:37 +02:00
Alexander Schwartz	71e7982a49	Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest Also adding try/finally in other places in the integration tests where it was missing. Closes #12530	2022-06-16 13:42:55 +02:00
nehachopra27	39cff0750c	[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh (#12386 ) Co-authored-by: nchopra <nchopra@redhat.com> Resolves #12385	2022-06-15 11:29:11 -03:00
Martin Bartoš	0fef4305b6	Logout confirm page is failing to log the user out on auth-server-wildfly Fixes #11753	2022-06-14 10:46:02 +02:00
mposolda	3aefb59d40	Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user Closes #12458	2022-06-14 10:44:31 +02:00
Alexander Schwartz	c2043da78e	When asserting a URL, allow for some time for any redirect to complete. Closes #12446	2022-06-14 07:30:31 +02:00
Christoph Leistert	442eff0169	Closes #11851 : Apply localization text from realm default locale when it is not defined for the requested language. (#11852 )	2022-06-10 14:36:11 -04:00
Martin Bartoš	2cf089424a	ClientClientScopesTest failures in the test pipeline (#12440 ) Resolves #12439	2022-06-10 09:13:25 -03:00
Alexander Schwartz	361a813d81	Keep a list of model instances in the JPA map session. This allows removing them from the persistence context on bulk delete. Closes #12384	2022-06-09 12:39:04 -03:00
Joerg Matysiak	3c19ad627f	Repsect permissions configured to firstName and lastName when configured in user profile Resolves #12109	2022-06-09 10:10:15 -03:00
Pedro Igor	8aecba1795	Fixing how realm frontendurl is cached when resolving the hostname Closes #11894	2022-06-08 16:41:25 -03:00
Alexander Schwartz	9272c7a5ec	Allow for the backend to return granted scopes in any order. Closes #12395	2022-06-08 08:39:14 -03:00
Pedro Igor	243e63c9f3	Do not set empty permissions to username and email attributes Closes #11647	2022-06-07 10:59:35 -03:00
Sebastian Schuster	a0c402b93a	11198 added event information to consent granting and revocation via REST API (#11199 )	2022-06-07 11:29:20 +02:00
Stian Thorgersen	e49e8335e0	Refactor BouncyIntegration (#12244 ) Closes #12243	2022-06-07 09:02:00 +02:00
Martin Kanis	df72cf72f2	Hot Rod map storage: Single-use (action token) no-downtime store	2022-06-06 16:01:18 +02:00
rmartinc	5332a7d435	Issue #9194 : Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256	2022-06-06 12:07:09 +02:00
Takashi Norimatsu	3889eeda30	Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API Closes #12295	2022-06-06 11:30:48 +02:00
Michal Hajas	09c0a69a8f	Add HotRod no downtime store for events Closes #9676	2022-06-02 13:30:19 +02:00
mposolda	f90fbb9c71	Changing locale on logout confirmation did not work Closes #11951	2022-05-31 16:03:58 +02:00
Takashi Norimatsu	d083b6c484	ciba http auth channel sends client_id and client_secret via delegation request Closes #10993	2022-05-31 08:22:50 +02:00
vramik	be28e866b9	JPA map storage: Authorization services no-downtime store Closes #9669	2022-05-30 21:05:34 +02:00
Pedro Igor	ea22989d89	Fixing ClientTokenExchangeTest to also run when TLS is disabled Closes #11818	2022-05-30 11:23:46 -03:00
Pedro Hos	e121371401	/clients-registrations API doesn't return secret anymore and is not coherent #11116 /clients-registrations API doesn't return secret anymore and is not coherent fixing merge /clients-registrations API doesn't return secret anymore and is not coherent fixing test that was failing Replace tabs with regular spaces fixing identation /clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116 fixing test that was failing	2022-05-30 15:18:56 +02:00
mposolda	4222de8f41	OIDC RP-Initiated Logout POST method support Closes #11958	2022-05-30 14:10:58 +02:00
Marek Posolda	cf386efa40	Support for client_id parameter in OIDC RP-Initiated logout endpoint (#12202 ) Closes #12002 Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2022-05-27 14:12:37 +02:00
Luca Leonardo Scorcia	27650ab816	Fix #10982 SAML Client - Introduce SAML Issuer validation	2022-05-27 10:58:10 +02:00
Martin Bartoš	d8cded994f	WebAuthn test failures in admin console (#12161 ) Resolves #12160	2022-05-26 12:55:22 -03:00
Michal Hajas	bc59fad85b	Unify way how expirable entities are handled in the new store Closes #11947	2022-05-26 13:17:27 +02:00
Martin Kanis	0cb3c95ed5	Map storage: Single-use objects (action token)	2022-05-25 16:47:10 +02:00
Martin Bartoš	86f31e8df5	Fix BlacklistPasswordPolicyDefaultPath Failures on Windows Fixes #11967	2022-05-24 17:26:19 -03:00
Martin Bartoš	bb3b88963b	New Account console tests failures (#12050 ) * New Account console tests failures, Fix additional tests, solve issue with headless browsers Fixes #11323	2022-05-24 09:36:08 +02:00
vramik	24171d2e47	Rename providers from jpa-map-storage to jpa Closes #12098	2022-05-23 16:47:51 +02:00
vramik	0c3aa597f9	JPA map storage: test failures after cache was disabled Closes #12118	2022-05-23 13:01:30 +02:00
vramik	f8ca25d4a4	Add a profiles testsuite for jpa-map storage Closes #12045	2022-05-20 09:17:33 +02:00
Stian Thorgersen	075e284455	Remove legacy (non-Elytron) WildFly adapter (#11789 ) Closes #11683	2022-05-18 10:34:47 +02:00
Michal Hajas	0bda7e6038	Introduce map event store with CHM implementation Closes #11189	2022-05-17 12:57:35 +02:00
Michal Hajas	b86f205cda	Make KeycloakServer runnable with external Infinispan server Closes #12011 Closes #12014	2022-05-16 21:50:35 +02:00
Takashi Norimatsu	9541852a9b	ID token encryption without specifying id_token_encrypted_response_enc does not follow OIDC Dynamic Client Registration specification Closes #11392	2022-05-16 09:05:22 +02:00
Takashi Norimatsu	7fa24d247a	Deprecated org.keycloak.jose.jws.Algorithm is used in OIDCAdvancedConfigWrapper Closes #11394	2022-05-16 08:56:57 +02:00
Martin Kanis	0d6bbd437f	Merge single-use token providers into one Fixes first part of: #11173 * Merge single-use token providers into one * Remove PushedAuthzRequestStoreProvider * Remove OAuth2DeviceTokenStoreProvider * Delete SamlArtifactSessionMappingStoreProvider * SingleUseTokenStoreProvider cleanup * Addressing Michal's comments * Add contains method * Add revoked suffix * Rename to SingleUseObjectProvider	2022-05-11 13:58:58 +02:00
Michal Hajas	d3b43a9f59	Make sure there is always Realm or ResourceServer when searching for authz entities Closes #11817	2022-05-11 07:20:01 -03:00
Réda Housni Alaoui	5d87cdf1c6	KEYCLOAK-6455 Ability to require email to be verified before changing (#7943 ) Closes #11875	2022-05-09 18:52:22 +02:00
Michal Hajas	6b5c417742	Add HotRod store for authorization services Closes #9679	2022-05-06 15:31:38 +02:00
Stian Thorgersen	491b3262de	Remove Jetty 9.2 and 9.3 adapters (#11792 ) Closes #11791	2022-05-04 15:24:46 +02:00
azilentech	f7f24c6ca3	Updated test scenarios	2022-05-03 10:59:31 -03:00
Sven-Torben Janus	0efa4afd49	Evaluate composite roles for hardcoded LDAP roles/groups Closes: 11771 see also KEYCLOAK-18308	2022-05-02 14:13:37 +02:00
Stian Thorgersen	52ca546cfa	Remove Fuse adapters (#11740 ) Closes #11677	2022-05-02 09:55:52 +02:00
Stian Thorgersen	b65d76edab	Remove EAP6 and AS7 adapters (#11605 ) Closes #11604	2022-04-28 11:20:44 +02:00
vramik	2ecf250e37	Deletion of all objects when realm is being removed Closes #11076	2022-04-28 11:09:17 +02:00
Alexander Schwartz	29233f33c8	Clear import/export properties at the end of the test This avoids the pollution of system properties that might lead to failures following tests. Closes #11670	2022-04-28 11:02:16 +02:00
Douglas Palmer	fdcbc9b27b	Automated test for session-limits authenticator with identity brokering (post-broker login flow) (#11723 ) Closes #11004	2022-04-28 10:29:41 +02:00
vramik	5248815091	Disable infinispan realm and user cache for map storage tests Closes #11213	2022-04-25 09:38:49 +02:00
Martin Bartoš	53ea60b8d5	Remove support for IE (#11271 ) Closes #11268	2022-04-22 10:38:41 +02:00
Pedro Igor	76d83f46fa	Avoid clients exchanging tokens using tokens issued to other clients (#11542 )	2022-04-20 19:14:55 +02:00
Stian Thorgersen	ac79fd0c23	Disallow special characters in usernames to prevent confusion with similarly looking usernames (#11531 ) Closes #11532 Co-authored-by: Douglas Palmer <dpalmer@redhat.com>	2022-04-20 15:53:15 +02:00
Stefan Guilhen	b29b27d731	Ensure code does not rely on a particular format for the realm id or component id	2022-04-20 14:40:38 +02:00
Pedro Igor	2cb5d8d972	Removing upload scripts feature (#11117 ) Closes #9865 Co-authored-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2022-04-20 14:25:16 +02:00
Martin Bartoš	3aa3db16ea	Fix error response for invalid characters (#11533 ) Fixes #11530	2022-04-20 11:26:08 +02:00
Pedro Igor	f1fd7af758	Remove policies when user is deleted (#11385 ) Closes #11284	2022-04-20 09:23:46 +02:00
Stian Thorgersen	b79f01c72d	Upgrade to WildFly 26.1.0.Final (#11094 ) Closes #10999	2022-04-20 08:38:10 +02:00
Martin Bartoš	e09f618cef	Ignore WebAuthnIdLessTest for Firefox (#11299 ) Closes #11297	2022-04-19 14:45:24 +02:00
Martin Bartoš	2632fa7779	WebAuthnSigningInTest failures caused by different titles (#11305 ) Fixes #11298	2022-04-19 14:44:51 +02:00
m-takai	5f0e27a792	Add duplicate parameters check process in Device Authz Endpoint. AuthorizationEndpointRequest class already checks duplicated parameters but DeviceEndpoint class has not checked its error. Thus a check process is added in handleDeviceRequest() Closes #11294	2022-04-19 14:20:39 +02:00
Pedro Igor	c5e4dc8cec	Associated permissions should only add resource type permissions if the resource is an instance (#11220 ) Closes #11148	2022-04-19 09:10:14 +02:00
Martin Kanis	a2d7cd7a5c	Hot Rod map storage: User / client session no-downtime store	2022-04-14 15:34:22 +02:00
msvechla	820ab52dce	Add support for filtering by enabled attribute on users count endpoint (#9842 ) Resolves #10896	2022-04-13 13:57:22 -03:00
Giacomo Altiero	3b7243cd47	Support for UserInfo response encrypted (#10519 ) Close #10517	2022-04-12 14:01:14 +02:00
Alexander Schwartz	a6dd9dc0f1	Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests. Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage. Closes #11211	2022-04-12 09:12:21 +02:00
Alexander Schwartz	5c810ad0e5	Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST" The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing". Also implementing a retry logic for all remaining errors regarding LDAP. Closes #11171	2022-04-11 10:03:15 +02:00
Pedro Igor	834a276767	NPE when caching policies based on scopes without a resource Closes #11180	2022-04-08 08:43:08 -03:00
Michal Hajas	1f2ebf4cba	Add HotRod no downtime store for Realms Closes #9670	2022-04-08 09:36:01 +02:00
Pedro Igor	b4770c30fd	Fixing NPE when querying resources by type Closes #11137	2022-04-07 15:10:20 -03:00
Tyler Andor	caebe50d7e	Updates patternfly libs and fixes breaking changes (#10748 ) adding nvmrc CIAM-1048 Device Activity screen PF updates CIAM-1046: Personal Info sub-header update Updates SigningInPage to use EmptyState component when there are no credentials. rearanged some components used in signing in page Displays ApplicationPage content in description list. Updates refresh link on ContentPage, updates Resources screen. CIAM-1049 Linked Accounts screen PF updates CIAM-1043-General upstream updates Updates AccountPage to display form errors. fix: display Set up Authenticator Application link on large viewport fix(page structure): rearranges page sections CIAM-1254/Personal info PF4 updates & Sidebar text updates updating layouts updating layout on Signing in and Linked acounts adding patternfly-additions adding patternfly-addons styles Updates Application page based on designs feedback. moving page description Updates status label on Applications page to be capitalized. Updates the copy-fonts script for keycloak.v2 to copy all font directories instead of one. update Personal info screen - set max width of 600px for form input fields update Personal info - remove required indicator from input fields General updates (#2) * removed the extra lines being shown * tweaked general spacing * general alignment and spacer application * refactor to get proper alignments without css globals * forgot to add the conditional on displaying the set up buttons * try and adjust the alignments Co-authored-by: zwitter <zwitter@redhat.com> resolve merge conflicts Device activity updates (#4) * update text to sentence case * update device info columns to be dynamic across various viewport sizes * update signed in device layout * update based on feedback Co-authored-by: Jon Szeto <jszeto@redhat.com> Linked accounts update (#3) * linked accounts screen - updated icons & Linked/Unlinked Login Providers layout & update text to sentence case Co-authored-by: Jon Szeto <jszeto@redhat.com> fixing ts errors cleaning up fonts and messages final review updates message update for Back to admin console link fixing capitalization on 2fa updating landing page welcome message fix: reposition Back to... link adjusting size for confirm modal updating spacing and alignment issues updating resources page removing unused header class fixes ts issues and updates node version to match the themes install npm updates fixing pf addons adding chokidar to get babel:watch working fixing issues from pull request feedback fixing tests fixes signingin page test fixing tests Co-authored-by: Tyler Andor <tandor@highereducation.com>	2022-04-06 13:00:38 +02:00
Stian Thorgersen	7c64f28934	Change admin console to load keycloak.js using a relative URL (#11109 ) * Change admin console to load keycloak.js using a relative URL Closes #11108 * fix tests Co-authored-by: Dominik Guhr <dguhr@redhat.com>	2022-04-06 09:35:26 +02:00
Michal Hajas	4c20388eb7	Remove SOAPException from SOAPBindingTest as RunOnServer cannot load it Closes #11090	2022-04-04 15:53:55 +02:00
Martin Kanis	395bd447f2	Hot Rod map storage: Login failure no-downtime store	2022-04-01 20:43:18 +02:00
Douglas Palmer	f57d0dd100	Automated tests for session limits authenticator (browser, direct grant, reset password) (#11046 ) Closes #11003	2022-04-01 18:44:38 +02:00
Marek Posolda	c50f09da25	Webauthn tests logout fix (#11040 ) Closes #11030	2022-04-01 08:06:39 +02:00
Michal Hajas	44000caaf5	KEYCLOAK-19177 Disable ECP flow by default for all Saml clients; ecp flow creates only transient users sessions	2022-03-31 16:06:44 +02:00
Teubner, Malte	b5f70d8a32	Add scope parameter to admin-client TokenManager. Closes #10759	2022-03-31 10:56:08 -03:00
iingawal	6016b461db	Fix for "updatedAt" user attribute in "profile" client scope should use number instead of String (#11020 ) Closes #10081 Co-authored-by: Indrajit Ingawale <iingawal@iingawal.pnq.csb>	2022-03-31 14:33:03 +02:00
Marek Posolda	aacae9b9ac	Support for frontchannel_logout_session_required OIDC client parameter (#11009 ) * Support for frontchannel_logout_session_required OIDC client parameter Closes #10137	2022-03-31 14:25:24 +02:00
Marek Posolda	22a16ee899	OIDC RP-Initiated logout endpoint (#10887 ) * OIDC RP-Initiated logout endpoint Closes #10885 Co-Authored-By: Marek Posolda <mposolda@gmail.com> * Review feedback Co-authored-by: Douglas Palmer <dpalmer@redhat.com>	2022-03-30 11:55:26 +02:00
Andrea Peruffo	da5db5a813	Fix NPEs during realm import (#10962 ) Closes #10961	2022-03-29 21:48:37 +02:00
Marcelo Daniel Silva Sales	091b1472ce	Introduce client secret rotation dynamic registration (#10952 ) Closes #10609	2022-03-28 20:39:11 +02:00
Konstantinos Georgilakis	99fa6275c1	KEYCLOAK-19313 configure the name format in Attribute Importer IdP Mapper	2022-03-25 09:42:22 +01:00
Takashi Norimatsu	9c01d819cb	Client Policies : An executor rejecting all requests Closes #9097	2022-03-23 12:45:38 +01:00
iingawal	b773857a80	Display email address in login-verify-email.ftl (#10870 ) Closes #8873	2022-03-23 12:44:21 +01:00
Marcelo Daniel Silva Sales	6efa45f93e	Update secret rotation when the policy is enabled using jwt (#10853 ) Closes #10666	2022-03-23 08:25:58 +01:00
Martin Kanis	e493b08fa7	Add expiration field to root authentication session	2022-03-23 07:47:47 +01:00
Michal Hajas	99c06d1102	Authorization services refactoring Closes: #10447 * Prepare logical layer to distinguish between ResourceServer id and client.id * Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz * Prepare Logical (Models/Adapters) layer for returning other models instead of ids * Replace resourceServerId with resourceServer model in PermissionTicketStore * Replace resourceServerId with resourceServer model in PolicyStore * Replace resourceServerId with resourceServer model in ScopeStore * Replace resourceServerId with resourceServer model in ResourceStore * Fix PermissionTicketStore bug * Fix NPEs in caching layer * Replace primitive int with Integer for pagination parameters	2022-03-22 20:49:40 +01:00
Alexander Schwartz	fb92b95c33	Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible. This reverts commit `bc27c7c464`. Closes #10840	2022-03-22 10:23:25 +01:00
keycloak-bot	c71aa8b711	Set version to 999-SNAPSHOT (#10784 )	2022-03-22 09:22:48 +01:00
Martin Kanis	0faf3987f6	Hot Rod map storage: Authentication session no-downtime store	2022-03-22 09:05:52 +01:00
Pedro Igor	ffa6df5547	Fixes to hostname (#10820 ) Closes #10627 Closes #10331	2022-03-22 08:11:50 +01:00
Joaquim Fellmann	92c4e6d585	KEYCLOAK-16134 Allow webauthn idless login flow (#7860 ) Closes #10832	2022-03-21 11:37:33 +01:00
Clara Fang	bc27c7c464	Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() Closes #10333	2022-03-18 11:20:52 +01:00
Michal Hajas	c18a682f50	Do not store undefined values in store Closes #10744	2022-03-17 16:44:33 +01:00
mposolda	9e12587181	Protocol mapper and client scope for 'acr' claim Closes #10161	2022-03-11 09:23:25 +01:00
Martin Bartoš	8ee7ae24de	Make WebAuthn feature default for the product version Closes #10695	2022-03-10 19:00:54 +01:00
Ivan Atanasov	5c6b123aff	Support for the Recovery codes (#8730 ) Closes #9540 Co-authored-by: Zachary Witter <torquekma@gmail.com> Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>	2022-03-10 15:49:25 +01:00
Martin Bartoš	8a0f1ccb34	Properly execute AuthenticationFlowCallbackProviderTest with Map storage Closes #10268, Closes #10225	2022-03-10 15:00:23 +01:00
rmartinc	a7c8aa1dd3	[#10616 ] Incorrect username logged for federated accounts (#10662 ) Closes #10616	2022-03-10 13:21:39 +01:00
Marcelo Daniel Silva Sales	0c25da542c	Update secret rotation when the policy is disabled (#10674 ) Closes #10667	2022-03-10 13:03:09 +01:00
Alexander Schwartz	18f391d8c4	Fix spelling error in field and classname It's always a converter, unless electricity is involved. Closes #10573	2022-03-09 08:28:52 -03:00
Marcelo Daniel Silva Sales	7335abaf08	Keycloak 10489 support for client secret rotation (#10603 ) Closes #10602	2022-03-09 00:05:14 +01:00
mposolda	d394e51674	Introduce profile 'feature' for step-up authentication enabled by default Closes #10315	2022-03-08 14:42:46 +01:00
rmartinc	48565832d4	[#10608 ] Password blacklists folder	2022-03-08 08:22:34 -03:00
mposolda	93bba8e338	Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that. Closes #10205	2022-03-08 10:41:05 +01:00
Martin Bartoš	2bae2d2167	DeleteAccountTest failure in the test pipeline Closes #10630	2022-03-08 08:33:31 +01:00
Martin Bartoš	02d0fe82bc	Auth execution 'Condition - User Attribute' missing Closes #9895	2022-03-08 08:24:48 +01:00
Michal Hajas	f77ce315bb	Disable Authz caching for new storage tests Closes #10500	2022-03-07 10:22:55 -03:00
Michael Parlee	722ce950bf	Improve user search performance Removes bulder.lower() from user search queries on email and username. Closes #8893	2022-03-04 14:15:14 +01:00
Takashi Norimatsu	201277b897	Handle OIDC authz request with "response_type" missing and "response_mode=form_post" Closes #10144	2022-03-04 13:31:40 +01:00
Takashi Norimatsu	92f6c75328	Nonce parameter should be required in authorizationEndpoint only when "id_token" is included in response_type Closes #10143	2022-03-03 13:26:39 +01:00
Alfredo Boullosa	6801688dd4	Allow Edge tests in Admin Console Closes #10539	2022-03-03 07:14:01 +01:00

... 11 12 13 14 15 ...

4751 commits