Commit graph

3836 commits

Author SHA1 Message Date
Michal Hajas
f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants
Closes #14018
2022-09-06 10:38:28 +02:00
Youssef El Houti
7f58c1c570 KEYCLOAK-19138 nginx x509 client trusted certificate lookup 2022-09-01 15:02:56 -03:00
Thomas Darimont
43623ea9d0 KEYCLOAK-18499 Add max_age support to oauth2 brokered logins
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7 Fixed handling of required setting for email in user profile.
Resolves #13923
2022-08-31 17:19:19 -03:00
Nagy Vilmos
f6db484172
Keep the locale related authNotes through the IdentityBroker flow. (#10444)
Closes #8827
2022-08-31 09:37:26 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling
Closes #13189
2022-08-31 08:42:47 +02:00
Moritz H
c4971d179c
KEYCLOAK-18273 Display Idp displayName if available (#8087)
Co-authored-by: moritz.hilberg <moritz.hilberg@pwc.com>
2022-08-30 15:32:27 -03:00
Manato Takai
1cdc21f0ff
Add duplicate parameter check for UserInfo endpoint. (#14024)
Closes #14016
2022-08-30 14:39:15 +02:00
Réda Housni Alaoui
3f088bfd21
KEYCLOAK-17013 Brute force protection: Successfully logged in user should not have to wait up to 5 seconds for event processing (#7748) 2022-08-29 19:41:35 +02:00
Tero Saarni
4f199c7245 Fix compilation errors with Eclipse Java compiler 2022-08-29 19:33:12 +02:00
Nemanja Hiršl
b7309e86d9
Closes #8992 - Extending DefaultBruteForceProtector (#8993)
* Closes #8992 - Extending DefaultBruteForceProtector

* Update services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtectorFactory.java

* Update services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtectorFactory.java

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-29 16:43:13 +02:00
Stian Thorgersen
aeba5e9f4b
Add FreeMarkerProvider to prevent multiple instances of FreeMarker templates (#14062)
* Add FreeMarkerProvider to prevent multiple instances of FreeMarker templates

Closes #19185
2022-08-29 08:42:53 -03:00
jsarem
f0397f33b4
Expose same common informational variables to all email body templates (#13998)
Closes #14017
2022-08-29 08:09:18 +02:00
Jason
c6c65ad10b
Check IdP display name length before capitalizing (#13151)
https://github.com/keycloak/keycloak/issues/13150

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-26 13:16:10 +02:00
Hawk Newton
b1487b9d72
Increase max size of additional request params (#8382)
Closes #14015
2022-08-26 09:34:43 +02:00
GQ
518d318f0c
Update CorsPreflightService.java (#8387)
Adding DELETE & PUT

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-26 08:00:55 +02:00
Joerg Matysiak
62790b8ce0 Allow permission configuration for username and email in user profile.
Enhanced Account API to respect access to these attributes.

Resolves #12599
2022-08-25 21:54:51 -03:00
supersoaker
e47bbba7ef
added possibility to use user in terms.ftl (#7831) 2022-08-25 15:08:38 +02:00
Clay Risser
f145667144
Fixed spelling error (#13595)
Fixes issue #13594

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-25 12:46:43 +02:00
Christoph Leistert
5408d25e09
Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm. (#10660)
* Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm.

* Fixes #10656: Added some tests
2022-08-25 09:02:07 +02:00
Erich Bremer
c98a760beb
remove javax.json and replace with FasterXML (#11554)
remove javax.json and replace with FasterXML to be consistent with the rest of the project.

Closes #11544
2022-08-25 08:49:22 +02:00
Pedro Igor
ddcf0f45f9 Run import within the context of the realm being imported
Closes #12289
2022-08-25 08:18:43 +02:00
Pedro Igor
25be07be17 Allow introspecting tokens issued during token exchange with delegation semantics
Closes #9337
2022-08-24 09:47:04 -03:00
Takashi Norimatsu
8c1ea4b47c mTLS binding support for password grant
Closes #13662
2022-08-24 11:44:48 +02:00
Konstantinos Georgilakis
c5b9dc1e7b set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext)
Closes #13162
2022-08-23 17:33:07 +02:00
Konstantinos Georgilakis
baa89debd9 Correct isValidScope method of TokenManager for Dynamic scopes
Closes #13158
2022-08-23 16:30:04 +02:00
Konstantinos Georgilakis
2002fd983b Showing consent screen text instead of scope name in consent part of Application page in Account console
Closes #13109
2022-08-23 11:22:31 +02:00
rishabhsvats
c223291a1e Adds REGISTER event when new user login through first broker flow
Updates KcOidcBrokerEventTest, AbstractFirstBrokerLoginTest to factor in REGISTER event in first broker flow

Closes #11646

Correcting Indentation of AbstractFirstBrokerLoginTest
2022-08-23 10:43:56 +02:00
Stefan Guilhen
6d99686220
Fix user session deadlock by enlisting broker logout request after main logout transaction commits. (#13889)
- This also fixes broker test failures with CockroachDB

Closes #13348
Closes #13212
Closes #13214
2022-08-23 09:57:40 +02:00
David Anderson
ce1331f550
Remove bouncycastle dependency from keycloak-services (#13489)
Closes #12857


Co-authored-by: mposolda <mposolda@gmail.com>
2022-08-22 15:43:59 +02:00
Sebastian Schuster
fb978de0d8 12653 check if fine-grained permissions are enabled before retrieving group memberships of users 2022-08-22 09:34:46 -03:00
Sebastian Schuster
916cfbbaf1 13647 Added null checks and some comments/questions for discussions. Will be squashed later if accepted. 2022-08-22 09:34:12 -03:00
Sebastian Schuster
53472e097c 13647 fixed wrong feature flag for checking admin fine-grained authz 2022-08-22 09:34:12 -03:00
Pedro Igor
5f2191813a
Remove unnecessary code paths during startup (#13848)
Closes #13847
2022-08-19 14:54:11 +02:00
Pedro Igor
841c65d24f Return 404 when invoking authorization endpoints in case authz settings are disabled
Closes #10151
2022-08-16 16:37:44 -03:00
Markus Till
fa383bf76c
Suppress confirmation screen for logout in oidc (#13471)
Closes #13469
2022-08-10 18:25:50 +02:00
Marcelo Daniel Silva Sales
e44cea587f
NullPointer during OIDC logout client disabled (#13424)
closes #12624
2022-08-08 12:34:09 +02:00
Sebastian Knauer
21f700679f KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper 2022-08-03 13:07:12 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup (#13406)
Closes #13128
2022-07-29 18:03:56 +02:00
Pedro Hos
ee2c5391bd
Possible client enumeration in the authorization endpoint
Closes #12164
2022-07-26 09:10:06 +02:00
Stian Thorgersen
7158e781be
Update base URL for admin rest docs (#13305)
Closes #10464
2022-07-25 16:25:55 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282)
Closes #10135
2022-07-25 10:57:52 +02:00
Stian Thorgersen
a251d785db
Remove text based login flows (#13249)
* Remove text based login flows

Closes #8752

* Add display param back in case it's used by some custom authenticators
2022-07-22 15:15:25 +02:00
Pedro Igor
e14bd51656 Properly enable/disable metrics and health endpoints
Closes #11506

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-07-22 09:41:29 -03:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
2022-07-22 08:20:00 +02:00
Douglas Palmer
adeef6c2a0 Partial import feature does not import Identity Provider mappers in Keycloak #12861 2022-07-21 18:04:15 +02:00
Pedro Igor
3631a413d2 Allow token exchange when subjec_token is not associated with a session
Closes #12596
2022-07-20 15:42:26 -03:00
Alexander Schwartz
d30646b1f6 Refactor object locking for UserSessions
Closes #12717
2022-07-19 17:47:33 -03:00
Lex Cao
f0988a62b8
Use base64 url decoded for client secret when authenticating with Basic Auth (#12486)
Closes #11908
2022-07-16 09:38:41 +02:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241)
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
2022-07-14 12:07:02 -03:00