Dominik Schlosser
2c9e279213
Make createWebAuthnRegistrationManager protected to allow cutomizations in subclasses ( #33639 )
...
closes #33678
Signed-off-by: Dominik Schlosser <dominik.schlosser@gmail.com>
2024-10-08 10:35:27 +02:00
Ricardo Martin
611e6d102e
Create session for the requester client in Token Exchange ( #31290 )
...
Closes #31180
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-10-08 10:24:10 +02:00
Gilles Etchepareborde
593afbb4e0
This PR intends to always set the event type in order to prevent error when firing an error event.
...
Closes #30453
Signed-off-by: Gilles Etchepareborde <etchepar@yahoo.fr>
2024-10-08 10:15:53 +02:00
rmartinc
44b1290917
Return next action if the current action is not supported in AIA
...
Closes #33513
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-10-08 09:54:53 +02:00
Pedro Aguiar
14f14152de
update/fix-typo-to-a-to-a
...
- Corrected "Map a custom user attribute to a to a SAML attribute." by removing the repeated "to a".
Closes : #33603
Signed-off-by: Pedro Aguiar <contact@codespearhead.com>
2024-10-04 19:44:43 +00:00
Steven Hawkins
cb3954fc7b
fix: ensuring placeholders can be used with --import-realm ( #33589 )
...
closes : #33578
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-10-04 16:59:55 +00:00
mposolda
c8ca0462a4
Prevent multiple logout confirmation actions
...
closes #32435
Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-03 15:31:55 +02:00
Maksim Zvankovich
35eba8be8c
Add option to include the organization id in the organization claims
...
Closes #32746
Signed-off-by: Maksim Zvankovich <m.zvankovich@nexovagroup.eu>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-03 08:11:36 -03:00
Jon Koops
aacdf80664
Add shim for Web Crypto API to admin and account console ( #33480 )
...
Closes #33330
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-03 10:51:23 +00:00
Erik Jan de Wit
e8d8de8936
Use feature versions for admin3, account3, and login2 ( #33458 )
...
Closes #33405
Signed-off-by: stianst <stianst@gmail.com>
2024-10-03 12:09:36 +02:00
Stian Thorgersen
6092524d79
Fix theme resource loading on Windows, and enable additional test in jdk-integration-tests ( #33512 )
...
Closes #33508
Signed-off-by: stianst <stianst@gmail.com>
2024-10-03 11:37:49 +02:00
vramik
c1653448f3
[Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link
...
Closes #33201
Signed-off-by: vramik <vramik@redhat.com>
2024-10-02 07:37:48 -03:00
Ricardo Martin
6e471a8477
Add the nonce attribute when the client session context is recreated ( #33422 )
...
Closes #33355
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Tomas Kralik <tomas.kralik@pbktechnology.cz>
2024-10-02 09:44:25 +02:00
Pedro Igor
ef48a3a360
Avoid running org related code if there are no orgs in a realm
...
Closes #33424
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-02 09:39:25 +02:00
Giuseppe Graziano
b46fab2308
Remove root auth session after backchannel logout
...
Closes #32197
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-10-01 11:56:57 +02:00
mposolda
e582a17a7c
Fix client-attributes condition configuration
...
closes #33390
Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-01 10:12:28 +02:00
Stian Thorgersen
4a2fbf5339
Refactor loading of theme resources ( #33326 )
...
Closes #33325
Signed-off-by: stianst <stianst@gmail.com>
2024-10-01 08:02:05 +02:00
Alexander Schwartz
5c503a55e9
Optimize caching and use of DB connections when Organisations are enabled
...
Closes #33353
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
rmartinc
8bbae59b60
Add LOGIN_WEBAUTHN as possible initial login page for locale bean
...
Closes #33336
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-30 18:59:39 +02:00
Steven Hawkins
5d99d91818
fix: allows for the detection of a master realm with --import-realms ( #32914 )
...
also moving initial bootstrapping after import
closes : #32689
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-09-30 14:40:16 +02:00
Steven Hawkins
f1a7a4804e
fix: adds additional info / warnings to hostname v2 ( #33261 )
...
* fix: adds additional info / warnings to hostname v2
closes : #24815
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* refining the proxy-headers language from #33209
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding hostname-strict-https
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* moving removed property check to the quarkus side
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/HostnameV2PropertyMappers.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* Update docs/guides/server/hostname.adoc
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-09-28 08:48:09 +00:00
Steven Hawkins
9064d5159a
fix: validate that a full hostname url is expected ( #33348 )
...
closes : #33347
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-09-27 13:57:14 +00:00
Manish Mehta
d57050656e
Fix for Issue# 32622 ( https://github.com/keycloak/keycloak/issues/32622 )
...
The expected Destination Path needs to properly point to the client that is created for IDP-initiated SSO flow. This is especially an issue when Keycloak is behind a reverse proxy that terminates TLS.
Signed-off-by: Manish Mehta <ManishMehta@users.noreply.github.com>
2024-09-27 09:20:09 +02:00
rmartinc
1d23c3c720
Use note to detect the IDP verify email action is already done
...
Closes #31563
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-27 09:16:53 +02:00
Maksim Zvankovich
90dc7c168c
Add organization admin crud events
...
Closes #31421
Signed-off-by: Maksim Zvankovich <m.zvankovich@rheagroup.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-27 09:09:28 +02:00
Stefan Guilhen
6424708695
Ensure organization id is preserved on export/import
...
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.
Closes #33207
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-25 16:07:44 +02:00
Stian Thorgersen
af5eef57bf
Improve handling for loopback redirect-uri validation ( #195 ) ( #33189 )
...
Closes #33116
Signed-off-by: stianst <stianst@gmail.com>
2024-09-23 13:51:02 +02:00
keshavprashantdeshpande
402aa42201
Add subgroup count to groupByPath ( #33161 )
...
Closes #31410
Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>
2024-09-23 08:28:06 +02:00
Erik Jan de Wit
d01f531b82
removed server side translation in favour of client side ( #32985 )
...
fixes : #32984
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-23 07:42:07 +02:00
Jon Koops
5e2f09f66d
Remove statically served Keycloak JS from the server ( #33083 )
...
Closes #32827
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-09-22 19:05:01 +02:00
Stefan Guilhen
900c496ffe
Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead
...
Closes #32209
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-20 16:08:55 +02:00
Stefan Guilhen
e065070751
Set realm when importing users via keycloak-add-user.json
...
Closes #33060
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-20 15:24:41 +02:00
Steve Hawkins
493252befd
fix: include debug logging for init
...
closes : #33109
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-09-20 15:21:50 +02:00
Stefan Guilhen
42cde0cfdd
Fix various issues holding up CI ( #33086 )
...
- Disables the remote operator tests, which will have to be fixed later.
- Fixes the action expired error which occurs when accessing regular registration page with Organizations enabled.
- Fixes a race condition in the test suite causing sporadic failures.
Closes #33064
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-09-19 21:23:21 +02:00
vramik
fcb31a5aa6
Implement invitation-only self-registration for realm users
...
Closes #31643
Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 13:50:23 +02:00
Alexander Schwartz
2a95d0abfa
Sort order of updates for user properties ( #32853 )
...
This should reduce deadlocks on the user property table if the users are updated concurrently.
Closes #32852
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-18 12:37:42 +02:00
Alexander Schwartz
8ef7007e3c
Avoid using plain log messages in ServiceLogger ( #32893 )
...
Closes #32891
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-18 12:36:58 +02:00
stianst
c137482d77
Improve FolderThemeProvider
...
Closes #33015
Signed-off-by: stianst <stianst@gmail.com>
2024-09-18 12:17:23 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin ( #32918 )
...
Closes #32573
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-18 09:05:57 +02:00
Stian Thorgersen
76307872f6
Update bootstrap admin client to use lightweight access token, and disable standard flow ( #33014 )
...
Closes #33010 , closes #33011
Signed-off-by: stianst <stianst@gmail.com>
2024-09-17 12:23:19 +00:00
rmartinc
5fe916861d
Return 404 on invalid theme type
...
Closes #32798
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-17 09:09:34 +02:00
Giuseppe Graziano
e6c5ee31e4
Admin API with Lightweight access token and transient session
...
Closes #32802
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-09-16 09:30:15 +02:00
Nate Drake
75973157aa
Fix a few typos ( #32929 )
...
Signed-off-by: Nate Drake <ndrake@gmail.com>
2024-09-15 10:12:26 +00:00
Pedro Ruivo
f67bec0417
Rename remote-cache Feature
...
Renamed to "clusterless"
Closes #32596
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Stian Thorgersen
40049f31fa
Remove ProxyClassLoader and PlatformProvider returning script classloader ( #32806 )
...
Closes #32804
Signed-off-by: stianst <stianst@gmail.com>
2024-09-11 17:11:26 +02:00
rmartinc
b60621d819
Allow brute force to have http request/response and send emails
...
Closes #29542
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-11 08:35:03 +02:00
cgeorgilakis-grnet
f8b1b3ee03
Search Identity Providers by alias or display name
...
Closes #32588
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-09-10 21:52:59 +02:00
Thomas Darimont
6b83a45b2e
Propagate locale when using app initiated registration URL
...
Fixes #13505
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-10 12:25:17 +02:00
Garth
7988f026e0
Add a PasswordPoliciesBean to the FreeMarker context.
...
Closes #32553
Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
2024-09-10 12:19:53 +02:00
Alexander Schwartz
b88ecc0237
Removing the extra two-minute Window for persistent user sessions ( #32660 )
...
Closes #28418
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-09-09 09:28:48 +02:00