keycloak-scim

Author	SHA1	Message	Date
Pedro Igor	f010f7df9b	Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-03 11:55:04 -03:00
Martin Kanis	e1b735fc41	Identity-first login flow should be followed by asking for the user credentials Closes #30339 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-07-03 11:55:04 -03:00
Giuseppe Graziano	02d64d959c	Using _system client when account client is disabled for email actions Closes #17857 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet	20cedb84eb	Check refresh token flow response for offline based on refresh token request parameter Closes #30857 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2024-07-02 18:13:30 -03:00
Steven Hawkins	d534860e2b	fix: admin cli client should set the content when performing a merge (#30539 ) closes: #29878 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-28 15:56:07 +02:00
Pedro Igor	cc2ccc87b0	Filtering organization groups when managing or processing groups Closes #30589 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-28 10:27:18 -03:00
Steven Hawkins	aae1fa1417	fix: addresses cli erroneously wants a secret when env password is set (#30892 ) closes: #30866 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-28 11:48:42 +02:00
Thomas Darimont	690c6051bb	Fix scope policy evaluation for client to client token exchange (#26435 ) Previously the scope from the token was not set available in the ClientModelIdentity attributes. This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..) when calling `identity.getAttributes().getValue("scope")`. We now pass the provided decoded AccessToken down to the ClientModelIdentity creation to allow to populate the required scope attribute. We also ensure backwards compatibility for ClientPermissionManagement API. Fixes #26435 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-06-28 10:33:20 +02:00
Douglas Palmer	220f32aa85	Cleanup of adapter pages Closes #30870 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-27 18:57:22 +02:00
mposolda	7279f2092e	Cleanup of test-apps and related adapter code closes #30867 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-27 15:10:31 +02:00
Romain LABAT	6615691c63	Support for service accounts when fetch roles is enabled (#30687 ) Support for service accounts when fetch roles is enabled Signed-off-by: Romain LABAT <contact@romainlabat.fr> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-25 18:00:26 -03:00
rmartinc	e9c9efc3f4	Upgrade bc-fips to 1.0.2.5 Closes #26568 Closes #27884 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-25 11:07:27 +02:00
Andre F de M	0f061a75e2	Issue: 26568 - bcfips version bump and fixes * bump BCFIPS to 1.0.2.5 * fix bc-fips related test error * remove unused imports Closes: #26568 Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>	2024-06-25 11:07:27 +02:00
fwojnar	015fefad02	Remove Edge from supported web drivers (#30423 ) Closes #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 17:24:55 +02:00
fwojnar	e30e6cba8e	Remove Safari from supported web drivers (#30424 ) Related to #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 13:27:12 +02:00
fwojnar	640db99c27	Remove Appium from supported web drivers (#30483 ) Related to #29921 Signed-off-by: wojnarfilip <fwojnar@redhat.com> Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2024-06-24 13:26:33 +02:00
Takashi Norimatsu	b0aac487a3	VC issuance in Authz Code flow with considering scope parameter closes #29725 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-06-24 10:53:19 +02:00
Jon Koops	df18629ffe	Use a default Java version from root POM (#29927 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-21 14:19:31 +02:00
mposolda	6a9e60bba0	Flow steps back when changing locale or refreshing page on 'Try another way page' closes #30520 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-21 11:22:15 +02:00
rmartinc	592c2250fc	Add briefRepresentation query parameter to getUsersInRole endpoint Closes #29480 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-21 11:21:02 +02:00
Takashi Norimatsu	6b135ff6e7	client-jwt authentication fails on Token Introspection Endpoint closes #30599 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-06-21 10:47:25 +02:00
Pedro Igor	a0ad680346	Adding an alias to organization and exposing them to templates Closes #30312 Closes #30313 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-20 14:36:14 -03:00
Pedro Ruivo	5fc12480fd	External Infinispan as cache - Part 4 (#30072 ) UserSessionProvider implementation to make use of Infinispan remote cache. Closes #28755 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	9006218559	External Infinispan as cache - Part 3 Implementation of UserLoginFailureProvider using remote caches only. Closes #28754 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Pedro Ruivo	833aad661e	External Infinispan as cache - Part 2 Includes a new implementation for the providers: * StickySessionEncoderProviderFactory * LoadBalancerCheckProviderFactory * SingleUseObjectProviderFactory Closes #28648 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Martin Kanis	dc109381e1	Refactor organization tests Closes #30338 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-19 09:34:24 -03:00
Martin Kanis	89f83e9788	Importing organizations failing if there is no broker and members in the representation Closes #30305 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-19 08:46:04 -03:00
Pedro Igor	57139cbefc	Internal read-only attributes have precedence over unmanaged attribute policy Closes #30240 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-19 12:05:01 +02:00
Giuseppe Graziano	24aa6e143d	REALM_CLIENT attribute to recognize realm clients (#30433 ) Closes #29413 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-19 10:22:13 +02:00
Stefan Guilhen	db846a792d	Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches Closes #30414 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-06-18 13:14:28 -03:00
Francis Pouatcha	d4797e04a2	Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification (#30420 ) closes #30419 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-06-18 17:07:49 +02:00
rmartinc	fc65c73106	Upgrade adapters test to use wildfly 28 (jakarta only) via maven plugin Closes #30324 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-18 15:40:59 +02:00
rmartinc	38d8cf2cb3	Add UPDATE event to the client-roles condition Closes #30284 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-18 15:30:42 +02:00
Martin Bartoš	5ad3abaa96	Enable WebAuthn tests for Firefox (#30374 ) Closes #22075 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-06-18 10:36:01 +02:00
rmartinc	c51640546d	Improvements for ldap test authentication Closes #30434 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-15 10:01:24 +02:00
Thibault Morin	f6fa869b12	feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619 ) * feat: add Artifact Binding on brokering scenarios when Keycloak is SP Signed-off-by: tmorin <git@morin.io> * Adding broker test and minor improvements Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Fixing IdentityProviderTest Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Renaming methods related to idp initiated flows Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Fixing partial_import_test.spec.ts Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> --------- Signed-off-by: tmorin <git@morin.io> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-14 08:54:49 -03:00
Pedro Ruivo	18a6c79011	Infinispan Protostream Marshaller (#29474 ) Closes #29394 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-13 18:02:46 +02:00
Lukas Hanusovsky	ca0833b2e4	[#29412 ] DB Allocator removal - dependency cleanup. (#30406 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2024-06-13 13:31:52 +00:00
vramik	de2fdbe98f	cache count Signed-off-by: vramik <vramik@redhat.com>	2024-06-13 08:13:36 -03:00
vramik	d355e38424	Provide a cache layer for the organization model Closes #30087 Signed-off-by: vramik <vramik@redhat.com>	2024-06-13 08:13:36 -03:00
Alfredo Moises Boullosa	a5cd6ed965	Add step to Google Social Login (#30335 ) Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>	2024-06-12 17:27:02 +02:00
Stefan Guilhen	c49b5749ef	Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP Closes #29784 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-06-12 10:42:21 -03:00
Martin Kanis	ae69b3b260	Introduce packages for organization tests Closes #30337 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-12 10:02:06 -03:00
rmartinc	7d42ab822b	Remove adapter app-server-undertow profile which is not used Closes #30347 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-12 14:40:06 +02:00
Patrick Jennings	75925dcf6c	Client type configuration inheritance (#30056 ) closes #30213 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-06-10 18:59:08 +02:00
rmartinc	7d05a7a013	Logout from all clients after IdP logout is performed Closes #25234 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-10 11:58:09 -03:00
Giuseppe Graziano	6067f93984	Improvements to refresh token rotation with multiple tabs (#29966 ) Closes #14122 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-07 12:02:36 +02:00
Steven Hawkins	c7e9ee2bff	fix: adds handling for all kcadm prompts as env variables (#29430 ) closes: #21961 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-06 13:08:23 +00:00
Bruno Oliveira da Silva	f34baf3c24	Update license headers (#29942 ) Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>	2024-06-06 14:06:09 +02:00
Pedro Igor	94c194f1f4	Prevent users to unlink from their home identity provider when they are a managed member Closes #30092 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2024-06-05 13:57:01 +02:00
mposolda	0bf613782f	Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error closes #30102 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-05 13:55:02 +02:00
rmartinc	eedfd0ef51	Missing auth checks in some admin endpoints (#166 ) Closes keycloak/keycloak-private#156 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-05 12:04:47 +02:00
Giuseppe Graziano	d5e82356f9	Encrypted KC_RESTART cookie and removed sensitive notes Closes #keycloak/keycloak-private#162 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-05 10:33:44 +02:00
Pedro Igor	f8d55ca7cd	Export import realm with organizations Closes #30006 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-05 09:50:03 +02:00
Martin Kanis	33331788a4	Introduce count method to avoid fetching all organization upon checking for existence Closes #29697 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-04 10:45:28 -03:00
Martin Kanis	173f09fa6b	Malformed dependency version causing the build failure Closes #30134 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-06-04 13:44:14 +02:00
Thomas Darimont	35a4a17aa5	Add support for application/jwt media-type in token introspection (#29842 ) Fixes #29841 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-06-03 19:06:21 +02:00
Martin Bartoš	262fc09edc	OpenJDK 21 support (#28518 ) * OpenJDK 21 support Closes #28517 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * x509 SAN UPN other name is not handled in JDK 21 (#904) closes #29968 Signed-off-by: mposolda <mposolda@gmail.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2024-06-03 14:17:28 +02:00
mposolda	9074696382	Editing built-in client policy profiles are silently reverted closes #27184 Signed-off-by: mposolda <mposolda@gmail.com>	2024-06-03 14:00:37 +02:00
Pedro Igor	4c39fcc79d	Allow to configure if users are automatically redirected when the email domain matches an organization Closes #30050 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-03 13:34:21 +02:00
raff897	6d6131cade	Backchannel logout url with curly brackets closes #30023 Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>	2024-06-03 09:51:39 +02:00
Ricardo Martin	0cd0d03c08	Remove all adapter-core code moved to util (#30012 ) * Remove all tests that are only executed for undertow app server * Remove installation steps for OIDC adapter in wildfly/eap app server * Remove the util adapters package except HttpClientBuilder * Remove HttpClientBuilder and use plain apache http client Closes #29912 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-03 09:28:02 +02:00
Pedro Ruivo	ad32f8bdbc	auth-server-feature does not work for auth-server-quarkus-embedded (#30045 ) Fixes #29259 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-03 08:47:52 +02:00
rmartinc	068ce5a61f	Modify xpath for account console logout in the webauthn tests Closes #30024 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-31 15:14:35 +02:00
Stefan Wiedemann	0f6f9543ba	Add oid4vci to the account console (#29174 ) closes #25945 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com> Co-authored-by: Erik Jan de Wit <edewit@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-05-31 15:11:32 +02:00
Patrick Jennings	5144f8d85f	Improve Client Type Integration Tests (#29944 ) closes #30017 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-31 09:53:22 +02:00
Andrejs Mivreniks	1cf87407fe	Allow setting authentication flow execution priority value via Admin API Closes #20747 Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>	2024-05-30 19:17:45 +02:00
Martin Bartoš	3f49036192	Unify approach for WebAuthn tests (#29781 ) Closes #29780 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-30 14:21:27 +02:00
rmartinc	44ce2fb74d	Modify authz tests to not depende on adapter-core code Closes #29882 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-30 08:02:29 +02:00
Pedro Igor	320f8eb1b4	Improve invitation messages and flow Closes #29945 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 17:51:06 +02:00
Erik Jan de Wit	f088b0009c	initial ui for organizations (#29643 ) * initial screen Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * more screens Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added members tab Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added the backend Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added member add / invite models Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * initial version of the identity provider section Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * add link and unlink providers Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * small fix Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * PR comments Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Do not validate broker domain when the domain is an empty string Closes #29759 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added filter and value Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added first name last name Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * refresh menu when realm organization is changed Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * changed to record Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * changed to form data Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * fixed lint error Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Changing name of invitation parameters Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Chancing name of parameters on the client Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Enable organization at the realm before running tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Domain help message Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Handling model validation errors when creating organizations Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Message key for organizationDetails Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Do not change kc.org attribute on group Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * add realm into the context Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * tests Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Changing button in invitation model to use Send instead of Save Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Better message when validating the organization domain Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Fixing compilation error after rebase Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * fixed test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * removed wait as it no longer required and skip flacky test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * skip tests that are flaky Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * stabilize user create test Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> --------- Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 14:34:02 +02:00
Martin Bartoš	76a6733f0a	Replace PhantomJS by HtmlUnit Closes #9979 Co-authored-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-29 11:17:57 +02:00
Martin Bartoš	b1a90972b6	Upgrade Selenium and Arquillian dependencies in testsuite Closes #29778 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-29 11:17:57 +02:00
Pedro Igor	bbb83236f5	Do not lower-case the username from the IdP when creating the federated identity Closes #28495 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 01:58:20 -03:00
Stefan Guilhen	694ffaf289	Allow organizations in different realms to have the same domain Closes #29886 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-28 08:02:30 -03:00
Francis Pouatcha	4317a474d1	JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification (#29635 ) closes #29634 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com> Co-authored-by: DYLANE BENGONO <85441363+bengo237@users.noreply.github.com>	2024-05-28 12:51:56 +02:00
Yutaka Obuchi	68d9dcecb5	Supporting OID4VCI AuthZCode flow: (#29685 ) closes #29724 Signed-off-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com> Co-authored-by: Yutaka Obuchi <yutaka.obuchi.sd@hitachi.com> Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-05-28 12:29:31 +02:00
Martin Bartoš	d396dfed6a	Upgrade old Keycloak version for DB migration tests (#29884 ) Closes #29883 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-05-28 11:32:31 +02:00
Jon Koops	66ef3bf2d7	Remove Opera from supported web drivers (#29903 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-05-28 09:01:40 +00:00
Douglas Palmer	b9c04bb8bc	Refactor PolicyEnforcer tests to remove dependency on keycloak-adapter-core and remove keycloak-adapter-core Closes #29189 Closes #28791 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-27 15:00:13 -03:00
Stefan Wiedemann	5a68056f2a	Fix oid4vc mappers Closes #29805 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-05-27 11:28:46 +02:00
mposolda	ea1cdc10bd	MigrateTo25_0_0 does not complete within default transaction timeout closes #29756 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-27 10:31:39 +02:00
Pedro Igor	2d4d32764c	Show a message when confirming an invitation link Closes #29794 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-27 08:33:22 +02:00
rmartinc	b258b459d7	Generate RESTART_AUTHENTICATION event on success Closes #29385 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-23 19:08:22 +02:00
vramik	0508d279f7	Filter empty domains from OrganizationsRepresentation before running validation Closes #29809 Signed-off-by: vramik <vramik@redhat.com>	2024-05-23 09:53:51 -03:00
Marek Posolda	2efc163b89	Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database Closes #27941 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-23 12:00:18 +00:00
Daniel Fesenmeyer	c08621fa63	Always order required actions by priority (regardless of context) - AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action - AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation) - add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now) - fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80) Closes #16873 Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>	2024-05-23 09:07:56 +02:00
Thomas Darimont	ab376d9101	Make required actions configurable (#28400 ) - Add tests for crud operations on configurable required actions - Add support exposing the required action configuration via RequiredActionContext - Make configSaveError message reusable in other contexts - Introduced admin-ui specific endpoint for retrieving required actions with config metadata Fixes #28400 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-05-23 08:38:36 +02:00
vramik	278341aff9	Add organizations enabled/disabled capability Closes #28804 Signed-off-by: vramik <vramik@redhat.com>	2024-05-22 07:58:26 -03:00
Francis Pouatcha	542fc65923	Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 (#29628 ) closes #29627 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com> Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-05-22 10:30:34 +02:00
rmartinc	f7044ba5c2	Use SessionExpirationUtils for validate user and client sessions Check client session is valid in TokenManager Closes #24936 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-22 10:12:20 +02:00
Case Walker	f32cd91792	Upgrade owasp-java-html-sanitizer, address all fallout Signed-off-by: Case Walker <case.b.walker@gmail.com>	2024-05-22 09:15:25 +02:00
Raffaele Lucca	a5a55dc66e	Protocol now is mandatory during client scope creation. (#29544 ) closes #29027 Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>	2024-05-22 09:10:46 +02:00
Patrick Jennings	84acc953dd	Client type OIDC base read only defaults (#29706 ) closes #29742 closes #29422 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-22 09:07:19 +02:00
Pedro Igor	b019cf6129	Support unmanaged attributes for service accounts and make sure they are only managed through the admin api Closes #29362 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-21 16:56:18 -03:00
Martin Kanis	97cd5f3b8d	Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not Closes #29482 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-05-21 12:29:10 -03:00
rmartinc	3304540855	Allow admin console whoami endpoint to applications that have a special attribute Closes #29640 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-20 09:51:07 +02:00
Stefan Guilhen	1aab371912	Fix errors when importing realms with the organization feature enabled Closes #29630 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-17 07:25:31 -03:00
Ricardo Martin	74a80997c7	Fix CRL verification failing due to client cert not being in chain (#29582 ) closes #19853 Signed-off-by: Micah Algard <micahalgard@gmail.com> Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Micah Algard <micahalgard@gmail.com> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-05-17 11:28:07 +02:00
Dimitri Papadopoulos Orfanos	64a145e960	Fix user-facing typos in error messages (#29326 ) Update resource file and tests accordingly Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>	2024-05-16 09:55:41 +02:00

1 2 3 4 5 ...

4257 commits