Alexander Schwartz
6f287e7ded
Avoid using methods on UserCredentialStoreManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6
SingleUserCredentialManager moving in
...
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e
Move User Storage SPI, introduce ExportImportManager
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51
Preparation for moving User Storage SPI
...
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad
Move realms, clients, groups, roles, clientscopes into legacy module
...
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
of direct creating of area providers by the session
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187
Introduce legacy datastore module and update dependencies
2022-06-21 08:53:06 +02:00
Alexander Schwartz
850af55edc
Ensure that only JDK 8 APIs are used where JDK 8 is still required.
...
Closes #10842
2022-06-20 14:44:33 -03:00
Michal Hajas
781183e551
Enable indexing for ResourceServerEntity
...
Closes #12533
2022-06-20 10:17:19 +02:00
Martin Bartoš
d8112d7b7e
DB migration tests execution for Quarkus ( #12525 )
...
Closes #12524
2022-06-20 10:12:37 +02:00
Alexander Schwartz
71e7982a49
Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest
...
Also adding try/finally in other places in the integration tests where it was missing.
Closes #12530
2022-06-16 13:42:55 +02:00
nehachopra27
39cff0750c
[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh ( #12386 )
...
Co-authored-by: nchopra <nchopra@redhat.com>
Resolves #12385
2022-06-15 11:29:11 -03:00
vramik
1b3a76d0af
Do not persist client sessions of transient user sessions
...
Closes #12357
2022-06-15 10:54:23 +02:00
Martin Bartoš
0fef4305b6
Logout confirm page is failing to log the user out on auth-server-wildfly
...
Fixes #11753
2022-06-14 10:46:02 +02:00
mposolda
3aefb59d40
Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user
...
Closes #12458
2022-06-14 10:44:31 +02:00
Alexander Schwartz
c2043da78e
When asserting a URL, allow for some time for any redirect to complete.
...
Closes #12446
2022-06-14 07:30:31 +02:00
Christoph Leistert
442eff0169
Closes #11851 : Apply localization text from realm default locale when it is not defined for the requested language. ( #11852 )
2022-06-10 14:36:11 -04:00
Martin Bartoš
2cf089424a
ClientClientScopesTest failures in the test pipeline ( #12440 )
...
Resolves #12439
2022-06-10 09:13:25 -03:00
Alexander Schwartz
361a813d81
Keep a list of model instances in the JPA map session.
...
This allows removing them from the persistence context on bulk delete.
Closes #12384
2022-06-09 12:39:04 -03:00
Joerg Matysiak
3c19ad627f
Repsect permissions configured to firstName and lastName when configured in user profile
...
Resolves #12109
2022-06-09 10:10:15 -03:00
Pedro Igor
8aecba1795
Fixing how realm frontendurl is cached when resolving the hostname
...
Closes #11894
2022-06-08 16:41:25 -03:00
Alexander Schwartz
9272c7a5ec
Allow for the backend to return granted scopes in any order.
...
Closes #12395
2022-06-08 08:39:14 -03:00
mposolda
5d2bf6ea33
Cannot find ScriptEngine for JDK8 and Wildfly
...
Closes #12247
2022-06-08 11:11:36 +02:00
Pedro Igor
243e63c9f3
Do not set empty permissions to username and email attributes
...
Closes #11647
2022-06-07 10:59:35 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API ( #11199 )
2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration ( #12244 )
...
Closes #12243
2022-06-07 09:02:00 +02:00
Martin Kanis
df72cf72f2
Hot Rod map storage: Single-use (action token) no-downtime store
2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435
Issue #9194 : Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256
2022-06-06 12:07:09 +02:00
Takashi Norimatsu
3889eeda30
Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API
...
Closes #12295
2022-06-06 11:30:48 +02:00
Michal Hajas
09c0a69a8f
Add HotRod no downtime store for events
...
Closes #9676
2022-06-02 13:30:19 +02:00
Alexander Schwartz
6c3d25fd8f
Limit the number of clientSessionIds in the test
...
Before it was 1500 client sessions, now its only 150 client sessions. This should help to keep the test within its time constraint of 60 + 30 seconds.
Closes #12264
2022-05-31 17:10:49 +02:00
mposolda
f90fbb9c71
Changing locale on logout confirmation did not work
...
Closes #11951
2022-05-31 16:03:58 +02:00
Takashi Norimatsu
d083b6c484
ciba http auth channel sends client_id and client_secret via delegation request
...
Closes #10993
2022-05-31 08:22:50 +02:00
vramik
be28e866b9
JPA map storage: Authorization services no-downtime store
...
Closes #9669
2022-05-30 21:05:34 +02:00
Pedro Igor
ea22989d89
Fixing ClientTokenExchangeTest to also run when TLS is disabled
...
Closes #11818
2022-05-30 11:23:46 -03:00
Pedro Hos
e121371401
/clients-registrations API doesn't return secret anymore and is not coherent #11116
...
/clients-registrations API doesn't return secret anymore and is not coherent
fixing merge
/clients-registrations API doesn't return secret anymore and is not coherent
fixing test that was failing
Replace tabs with regular spaces
fixing identation
/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116
fixing test that was failing
2022-05-30 15:18:56 +02:00
mposolda
4222de8f41
OIDC RP-Initiated Logout POST method support
...
Closes #11958
2022-05-30 14:10:58 +02:00
Michal Hajas
1a98765fb7
Fix cascade removal of client session on user session removal for CHM
...
Closes #12146
2022-05-30 09:58:54 +02:00
Marek Posolda
cf386efa40
Support for client_id parameter in OIDC RP-Initiated logout endpoint ( #12202 )
...
Closes #12002
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2022-05-27 14:12:37 +02:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 ( #11322 )
...
Closes #9945
2022-05-27 12:28:50 +02:00
Luca Leonardo Scorcia
27650ab816
Fix #10982 SAML Client - Introduce SAML Issuer validation
2022-05-27 10:58:10 +02:00
Martin Bartoš
d8cded994f
WebAuthn test failures in admin console ( #12161 )
...
Resolves #12160
2022-05-26 12:55:22 -03:00
Michal Hajas
bc59fad85b
Unify way how expirable entities are handled in the new store
...
Closes #11947
2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5
Map storage: Single-use objects (action token)
2022-05-25 16:47:10 +02:00
vramik
2cbc167435
JPA map storage: model tests fails with NPE
...
Closes #12165
2022-05-25 09:28:08 +02:00
Martin Bartoš
86f31e8df5
Fix BlacklistPasswordPolicyDefaultPath Failures on Windows
...
Fixes #11967
2022-05-24 17:26:19 -03:00
Martin Bartoš
bb3b88963b
New Account console tests failures ( #12050 )
...
* New Account console tests failures, Fix additional tests, solve issue with headless browsers
Fixes #11323
2022-05-24 09:36:08 +02:00
vramik
24171d2e47
Rename providers from jpa-map-storage to jpa
...
Closes #12098
2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9
JPA map storage: test failures after cache was disabled
...
Closes #12118
2022-05-23 13:01:30 +02:00
vramik
f8ca25d4a4
Add a profiles testsuite for jpa-map storage
...
Closes #12045
2022-05-20 09:17:33 +02:00
Stian Thorgersen
075e284455
Remove legacy (non-Elytron) WildFly adapter ( #11789 )
...
Closes #11683
2022-05-18 10:34:47 +02:00
Michal Hajas
0bda7e6038
Introduce map event store with CHM implementation
...
Closes #11189
2022-05-17 12:57:35 +02:00
Michal Hajas
b86f205cda
Make KeycloakServer runnable with external Infinispan server
...
Closes #12011
Closes #12014
2022-05-16 21:50:35 +02:00
Takashi Norimatsu
9541852a9b
ID token encryption without specifying id_token_encrypted_response_enc does not follow OIDC Dynamic Client Registration specification
...
Closes #11392
2022-05-16 09:05:22 +02:00
Takashi Norimatsu
7fa24d247a
Deprecated org.keycloak.jose.jws.Algorithm is used in OIDCAdvancedConfigWrapper
...
Closes #11394
2022-05-16 08:56:57 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one
...
Fixes first part of: #11173
* Merge single-use token providers into one
* Remove PushedAuthzRequestStoreProvider
* Remove OAuth2DeviceTokenStoreProvider
* Delete SamlArtifactSessionMappingStoreProvider
* SingleUseTokenStoreProvider cleanup
* Addressing Michal's comments
* Add contains method
* Add revoked suffix
* Rename to SingleUseObjectProvider
2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59
Make sure there is always Realm or ResourceServer when searching for authz entities
...
Closes #11817
2022-05-11 07:20:01 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing ( #7943 )
...
Closes #11875
2022-05-09 18:52:22 +02:00
Michal Hajas
6b5c417742
Add HotRod store for authorization services
...
Closes #9679
2022-05-06 15:31:38 +02:00
Michal Hajas
fc974fc019
Update composite roles on child role removal
...
Closes #11769
2022-05-05 15:18:18 +02:00
Stian Thorgersen
491b3262de
Remove Jetty 9.2 and 9.3 adapters ( #11792 )
...
Closes #11791
2022-05-04 15:24:46 +02:00
azilentech
f7f24c6ca3
Updated test scenarios
2022-05-03 10:59:31 -03:00
vramik
0d83b51b20
Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field
...
Co-authored-by Michal Hajas <mhajas@redhat.com>
Closes #10883
2022-05-03 12:56:27 +02:00
Hynek Mlnarik
1b1cf266eb
Add support for async profiler to model testsuite
...
Fixes : #11743
2022-05-03 12:53:10 +02:00
Sven-Torben Janus
0efa4afd49
Evaluate composite roles for hardcoded LDAP roles/groups
...
Closes: 11771
see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
Stian Thorgersen
52ca546cfa
Remove Fuse adapters ( #11740 )
...
Closes #11677
2022-05-02 09:55:52 +02:00
Alexander Schwartz
e2cf6ae92b
Disable caching for map storage.
...
Also aligns the properties with the integration test suite to avoid confusion.
Closes #11748
2022-04-29 12:03:18 +02:00
Stian Thorgersen
b65d76edab
Remove EAP6 and AS7 adapters ( #11605 )
...
Closes #11604
2022-04-28 11:20:44 +02:00
vramik
2ecf250e37
Deletion of all objects when realm is being removed
...
Closes #11076
2022-04-28 11:09:17 +02:00
Alexander Schwartz
29233f33c8
Clear import/export properties at the end of the test
...
This avoids the pollution of system properties that might lead to failures following tests.
Closes #11670
2022-04-28 11:02:16 +02:00
Douglas Palmer
fdcbc9b27b
Automated test for session-limits authenticator with identity brokering (post-broker login flow) ( #11723 )
...
Closes #11004
2022-04-28 10:29:41 +02:00
Stian Thorgersen
e3f3e65ac5
Remove JDK7 support for adapters ( #11607 )
...
Closes #11606
2022-04-27 08:33:23 +02:00
vramik
5248815091
Disable infinispan realm and user cache for map storage tests
...
Closes #11213
2022-04-25 09:38:49 +02:00
Martin Bartoš
53ea60b8d5
Remove support for IE ( #11271 )
...
Closes #11268
2022-04-22 10:38:41 +02:00
Pedro Igor
76d83f46fa
Avoid clients exchanging tokens using tokens issued to other clients ( #11542 )
2022-04-20 19:14:55 +02:00
Stian Thorgersen
ac79fd0c23
Disallow special characters in usernames to prevent confusion with similarly looking usernames ( #11531 )
...
Closes #11532
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
2022-04-20 15:53:15 +02:00
Stefan Guilhen
b29b27d731
Ensure code does not rely on a particular format for the realm id or component id
2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature ( #11117 )
...
Closes #9865
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-04-20 14:25:16 +02:00
Martin Bartoš
3aa3db16ea
Fix error response for invalid characters ( #11533 )
...
Fixes #11530
2022-04-20 11:26:08 +02:00
Pedro Igor
f1fd7af758
Remove policies when user is deleted ( #11385 )
...
Closes #11284
2022-04-20 09:23:46 +02:00
Stian Thorgersen
b79f01c72d
Upgrade to WildFly 26.1.0.Final ( #11094 )
...
Closes #10999
2022-04-20 08:38:10 +02:00
Martin Bartoš
e09f618cef
Ignore WebAuthnIdLessTest for Firefox ( #11299 )
...
Closes #11297
2022-04-19 14:45:24 +02:00
Martin Bartoš
2632fa7779
WebAuthnSigningInTest failures caused by different titles ( #11305 )
...
Fixes #11298
2022-04-19 14:44:51 +02:00
m-takai
5f0e27a792
Add duplicate parameters check process in Device Authz Endpoint.
...
AuthorizationEndpointRequest class already checks duplicated parameters but DeviceEndpoint class has not checked its error. Thus a check process is added in handleDeviceRequest()
Closes #11294
2022-04-19 14:20:39 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance ( #11220 )
...
Closes #11148
2022-04-19 09:10:14 +02:00
Martin Kanis
a2d7cd7a5c
Hot Rod map storage: User / client session no-downtime store
2022-04-14 15:34:22 +02:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint ( #9842 )
...
Resolves #10896
2022-04-13 13:57:22 -03:00
Giacomo Altiero
3b7243cd47
Support for UserInfo response encrypted ( #10519 )
...
Close #10517
2022-04-12 14:01:14 +02:00
Alexander Schwartz
a6dd9dc0f1
Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests.
...
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.
Closes #11211
2022-04-12 09:12:21 +02:00
Alexander Schwartz
5c810ad0e5
Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST"
...
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".
Also implementing a retry logic for all remaining errors regarding LDAP.
Closes #11171
2022-04-11 10:03:15 +02:00
Pedro Igor
834a276767
NPE when caching policies based on scopes without a resource
...
Closes #11180
2022-04-08 08:43:08 -03:00
Michal Hajas
1f2ebf4cba
Add HotRod no downtime store for Realms
...
Closes #9670
2022-04-08 09:36:01 +02:00
Pedro Igor
b4770c30fd
Fixing NPE when querying resources by type
...
Closes #11137
2022-04-07 15:10:20 -03:00
Tyler Andor
caebe50d7e
Updates patternfly libs and fixes breaking changes ( #10748 )
...
adding nvmrc
CIAM-1048 Device Activity screen PF updates
CIAM-1046: Personal Info sub-header update
Updates SigningInPage to use EmptyState component when there are no credentials.
rearanged some components used in signing in page
Displays ApplicationPage content in description list.
Updates refresh link on ContentPage, updates Resources screen.
CIAM-1049 Linked Accounts screen PF updates
CIAM-1043-General upstream updates
Updates AccountPage to display form errors.
fix: display Set up Authenticator Application link on large viewport
fix(page structure): rearranges page sections
CIAM-1254/Personal info PF4 updates & Sidebar text updates
updating layouts
updating layout on Signing in and Linked acounts
adding patternfly-additions
adding patternfly-addons styles
Updates Application page based on designs feedback.
moving page description
Updates status label on Applications page to be capitalized.
Updates the copy-fonts script for keycloak.v2 to copy all font directories instead of one.
update Personal info screen - set max width of 600px for form input fields
update Personal info - remove required indicator from input fields
General updates (#2 )
* removed the extra lines being shown
* tweaked general spacing
* general alignment and spacer application
* refactor to get proper alignments without css globals
* forgot to add the conditional on displaying the set up buttons
* try and adjust the alignments
Co-authored-by: zwitter <zwitter@redhat.com>
resolve merge conflicts
Device activity updates (#4 )
* update text to sentence case
* update device info columns to be dynamic across various viewport sizes
* update signed in device layout
* update based on feedback
Co-authored-by: Jon Szeto <jszeto@redhat.com>
Linked accounts update (#3 )
* linked accounts screen - updated icons & Linked/Unlinked Login Providers layout & update text to sentence case
Co-authored-by: Jon Szeto <jszeto@redhat.com>
fixing ts errors
cleaning up fonts and messages
final review updates
message update for Back to admin console link
fixing capitalization on 2fa
updating landing page welcome message
fix: reposition Back to... link
adjusting size for confirm modal
updating spacing and alignment issues
updating resources page
removing unused header class
fixes ts issues and updates node version to match the themes install
npm updates
fixing pf addons
adding chokidar to get babel:watch working
fixing issues from pull request feedback
fixing tests
fixes signingin page test
fixing tests
Co-authored-by: Tyler Andor <tandor@highereducation.com>
2022-04-06 13:00:38 +02:00
Stian Thorgersen
7c64f28934
Change admin console to load keycloak.js using a relative URL ( #11109 )
...
* Change admin console to load keycloak.js using a relative URL
Closes #11108
* fix tests
Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-04-06 09:35:26 +02:00
Michal Hajas
4c20388eb7
Remove SOAPException from SOAPBindingTest as RunOnServer cannot load it
...
Closes #11090
2022-04-04 15:53:55 +02:00
Martin Kanis
395bd447f2
Hot Rod map storage: Login failure no-downtime store
2022-04-01 20:43:18 +02:00
Douglas Palmer
f57d0dd100
Automated tests for session limits authenticator (browser, direct grant, reset password) ( #11046 )
...
Closes #11003
2022-04-01 18:44:38 +02:00
Marek Posolda
c50f09da25
Webauthn tests logout fix ( #11040 )
...
Closes #11030
2022-04-01 08:06:39 +02:00
Michal Hajas
44000caaf5
KEYCLOAK-19177 Disable ECP flow by default for all Saml clients; ecp flow creates only transient users sessions
2022-03-31 16:06:44 +02:00
Teubner, Malte
b5f70d8a32
Add scope parameter to admin-client TokenManager.
...
Closes #10759
2022-03-31 10:56:08 -03:00