* DeclarativeUserProfileProvider passes its ID to DeclarativeUserProfileModel, so this also works for derived classes.
* Moved creation of declarative user profile model to a protected factory method to allow subclasses to provide their own implementation.
* Added integration tests for custom user profile
* configured declarative-user-profile as default user profile provider in test servers
* Restore previously configured default provider after test with special provider settings
* Some refactoring in SpiProviderSwitchingUtils
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
* [KEYCLOAK-15015] - Publishing the x5c for JWK
Co-authored-by: Vetle Bergstad <vetle.bergstad@evry.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Base fixes:
* [KEYCLOAK-15780] Upgrade Keycloak to Wildfly 21.0.0.Beta1 / Wildfly Core 13.0.0.Beta6
* [KEYCLOAK-16031] Upgrade Keycloak to Wildfly 21.0.0.Final / Wildfly Core 13.0.1.Final
* [KEYCLOAK-16442] Upgrade Keycloak to Wildfly 21.0.1.Final / Wildfly Core 13.0.3.Final
Other (dependent) fixes:
* [KEYCLOAK-15408] Deprecate former Wildfly and Wildfly Core versions in Arquillian's
testsuite pom.xml file as part of the upgrade script
* [KEYCLOAK-15442] Update the version of 'jboss-parent' as part of the Wildfly upgrade
script if necessary
* [KEYCLOAK-15474] Add --verbose and --force options to the Wildfly upgrade automated script
* [KEYCLOAK-15649] Update "urn:jboss:domain:infinispan:10.0" version as part of the Wildfly
upgrade automated script
* [KEYCLOAK-15652] Wildfly upgrade automated script - Align Python artifact version
comparsion algorithm with the Maven / Java one
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
- In order to make lastName/firstName/email/username field
configurable in profile
we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)
Fix tests with logic changes
- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes
Potential impact on users:
- When subclassing UserModel, consistency issues may occur since one can
now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported
Fix updateBrokeredUser method for all mappers
- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
Bug: delete cannot work - just delete it. Don't fix it in legacy mode
Rework mapper tests
- Fix old tests for Identity Broker:
Old tests did not work at all:
They tested that if you take a realm and assign the role,
this role is then assigned to the user in that realm,
which has nothing to do with identity brokering
Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
Added tests for UsernameTemplateMapper
Added tests to all RoleMappers
Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode
Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
- Introduces an abstract provider and factory that unifies code that is common to the existing implementations
- Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
and key names when constructing the vault entry id
- Introduces a keyResolvers property to the existing implementation via superclass that allows for the
configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
are tried in the order they were declared when retrieving a secret from the vault
- Adds more tests for the files-plaintext provider using the new key resolvers
- Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
needed because the new provider is available only as a Wildfly extension
