Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces
...
Fixes #20877
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json ( #19394 )
...
Closes #19373
2023-06-09 10:46:28 +02:00
Réda Housni Alaoui
eb9bb281ec
Require user to agree to 'terms and conditions' during registration
2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators ( #20731 )
...
closes #20497
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-08 14:52:34 +02:00
Alice Wood
7e56938b74
Extend group search attribute functionality to account for use case where only the leaf group is required
2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705
EventBuilder fixes to copy the store and session context
...
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
2023-06-07 08:34:27 -03:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator ( #20572 )
...
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.
Closes #8753
---------
Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc
Fix and correlate session timeout calculations in legacy and new map implementations
...
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
2023-06-05 18:46:23 +02:00
Alexander Schwartz
cd9e0be9f0
Filter first, then sort, and avoid atomics
...
Closes #20394
2023-06-05 11:23:54 +02:00
Pedro Igor
8aeee928e8
Allow configuring the referrer policy ( #19917 )
...
* Allow configuring the referrer policy
Closes #17288
* fixed indentation
---------
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-05-30 12:27:12 -04:00
Stefan Guilhen
2252b09949
Remove deprecated default roles methods
...
Closes #15046
2023-05-23 22:32:52 +02:00
Dominik Schlosser
8c58f39a49
Updates Datastore provider to contain full data model
...
Closes #15490
2023-05-16 15:05:10 +02:00
Alexander Schwartz
910021408e
Use entity locking only for the map storage
...
This is a performance optimization that the new feature doesn't affect the old store.
Closes #20176
2023-05-15 10:20:35 +02:00
Alexander Schwartz
2758d78865
Avoid exception when looking up the providerId
...
This is a performance optimization, as creating an exception is expensive.
Closes #20176
2023-05-15 10:20:35 +02:00
Martin Bartoš
6118e5cfb7
Use JakartaEE dependencies
...
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238
Migrate packages from javax.* to jakarta.*
...
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java - Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java - Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
2023-04-27 13:36:54 +02:00
mposolda
1cbdf4d17e
Fix the issue with LDAP connectionUrl containing multiple hosts
...
Closes #17359
2023-04-16 17:41:22 +02:00
mposolda
4d8d6f8cd8
Preserve authentication flow IDs after import
...
closes #9564
2023-04-03 16:01:52 +02:00
Hynek Mlnarik
0d5363d0d5
Throw an exception rather than returning response
...
Closes : #17644
2023-04-03 14:43:50 +02:00
rmartinc
c6a1820a47
Use SimpleHttp for SOAP calls
...
Closes https://github.com/keycloak/keycloak/issues/17139
2023-03-31 10:57:47 -03:00
Alexander Schwartz
251f6151e8
Rework the Import SPI to be configurable via the Config API
...
Also rework the export/import CLI for Quarkus, so that runtime options are available.
Closes #17663
2023-03-24 15:28:55 -03:00
Alexander Schwartz
513bb809f3
Add a map storage global locking implementation for JPA
...
Closes #14734
2023-03-21 08:21:11 +01:00
Pedro Igor
a30b6842a6
Decouple the policy enforcer from adapters and provide a separate library
...
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
Alexander Schwartz
f6f179eaca
Rework the export to use CLI options and property mappers
...
Also, adding the wiring to support Model tests for the export.
Closes #13613
2023-03-07 08:22:12 +01:00
mposolda
a0192d61cc
Redirect loop with authentication success but access denied at default identity provider
...
closes #17441
2023-03-06 10:45:01 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version ( #17334 )
...
* Use a valid SemVer format for the SNAPSHOT version
* Update pom.xml
* Update pom.xml
---------
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Vilmos Nagy
4b0562da38
#16161 implement an EventBuilder constructor which can be called from scheduled tasks
2023-02-27 15:52:37 -03:00
Douglas Palmer
1d75000a0e
Create an SPI for DeviceActivityManager
...
closes #17134
2023-02-20 09:29:11 +01:00
Hynek Mlnarik
e30e1eca68
Ensure that concatenated Stream is closed once read
...
Fixes : #15781
2023-02-17 13:00:32 +01:00
Christian Hörtnagl
ff71cbc4f3
* fix typos in javadoc
2023-02-13 08:53:47 +01:00
laskasn
dc8b759c3d
Use encryption keys rather than sig for crypto in SAML
...
Closes #13606
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
2023-02-10 12:06:49 +01:00
Stefan Guilhen
1da6244ec0
Add retry logic to LoginActionsService#authenticate
...
In addition to that, avoid adding cookies on each retry.
Closes #15849
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-02-09 11:56:15 +01:00
Michal Hajas
6fa62e47db
Leverage HotRod client provided transaction
...
Closes #13280
2023-02-08 10:26:30 +01:00
Pedro Igor
7b58783255
Allow mapping claims to user attributes when exchanging tokens
...
Closes #8833
2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92
Revise blacklist password policy provider #8982
...
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages
Supported syntax variant:
`passwordBlacklist(wordlistFilename)`
Fixes #8982
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-02-07 10:36:39 +01:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys ( #16798 )
...
Closes #16797
2023-02-03 15:31:25 +01:00
Alexander Schwartz
c6aba2e3de
Make LockAcquiringTimeoutException a RuntimeException
...
Closes #16690
2023-01-31 08:21:32 +01:00
Marek Posolda
33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode ( #16699 )
...
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
2023-01-30 16:01:57 +01:00
mposolda
ac490a666c
Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key
...
Closes #16324
2023-01-10 20:39:59 +01:00
Pedro Igor
d797d07d8f
Ignore user profile attributes for service accounts
...
Closes #13236
2023-01-10 16:26:53 +01:00
Réda Housni Alaoui
dbe0c27bcf
Allowing client registration access token rotation deactivation
2023-01-05 20:53:57 +01:00
Michal Hajas
6566b58be1
Introduce Infinispan GlobalLock implementation
...
Closes #14721
2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41
Move transaction processing into session close
...
Fixes : #15223
2023-01-05 16:12:32 +01:00
Alexander Schwartz
0fee33bb95
Normalize JVM heap usage in tests and handle OOM situations
...
Closes #16089
2022-12-20 13:26:07 +01:00
Pedro Igor
857b02be63
Allow managing the required settigs for the email attribute
...
Closes #15026
2022-12-15 13:11:06 -08:00
Alexander Schwartz
e4804de9e3
Changing Quarkus transaction handling for JPA map storage to JTA
...
This has been recommended as the supported way of transaction handling by the Quarkus team.
Adding handling of exceptions thrown when committing JTA.
Re-adding handling of exceptions when interacting with the entity manager, plus wrapping access to queries to map exceptions during auto-flushing.
Closes #13222
2022-12-09 10:07:05 -03:00
douph1
4acd1afa3b
Use org.keycloak.common.util.Base64Url to encode/decode clientID
...
fix #15734
related #10227 #10231
2022-12-08 08:49:55 +01:00
Michal Hajas
de7dd77aeb
Change id of TermsAndConditions required actions to uppercase
...
Closes #9991
2022-12-07 10:51:37 -03:00
Stefan Guilhen
3a9e051301
Add debug log messages to KeycloakModelUtils.runJobInRetriableTransaction
...
Closes #15749
2022-12-01 15:19:37 -03:00
Pedro Igor
168734b817
Removing references to request and response from Resteasy
...
Closes #15374
2022-12-01 08:38:24 -03:00