Commit graph

4641 commits

Author SHA1 Message Date
mposolda
4f1985826c KEYCLOAK-12934 LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY user roles retrieve strategy role-ldap-mapper option should only be displayed if LDAP provider vendor is Active Directory 2020-04-14 20:01:55 +02:00
Pedro Igor
9eeeb10587 [KEYCLOAK-13589] - Can't add user in admin console when 'Email as username' is enabled 2020-04-14 19:29:48 +02:00
stianst
1f02f87a6e KEYCLOAK-13565 Add support for kc_action to keycloak.js
Co-authored-by mhajas <mhajas@redhat.com>
2020-04-14 19:23:56 +02:00
stianst
97b5654690 KEYCLOAK-13285 Enable check identity for email 2020-04-14 19:22:57 +02:00
mhajas
845195780e KEYCLOAK-13758 Exclude some tests for remote runs 2020-04-08 16:38:58 +02:00
Pedro Igor
b60b85ab65 [KEYCLOAK-7450] - Match subject when validating id_token returned from external OP 2020-04-06 13:43:19 +02:00
vramik
52b67f6172 KEYCLOAK-13660 Patch installation is not performed with -Dauth.server.patch.zips 2020-04-02 10:35:07 +02:00
mposolda
6f62c0ed98 KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console 2020-03-27 13:29:55 +01:00
aboullos
4b6e46d1a9 KEYCLOAK-13445 Modify SigningInTest for changes in credential type 2020-03-27 13:29:44 +01:00
mposolda
bf92bd16b0 KEYCLOAK-13383 WebAuthnRegisterAndLoginTest fails with -Dproduct with auth-server-eap 2020-03-26 16:27:23 +01:00
vramik
330d5b2c25 KEYCLOAK-13384 exclude IdentityProviderTest.failCreateInvalidUrl from remote-tests 2020-03-26 14:04:38 +01:00
vramik
780d11e790 KEYCLOAK-13571 KcinitTest fails with -Dproduct due to skipped maven plugin exacution 2020-03-26 14:03:11 +01:00
Pedro Igor
b812159193 [KEYCLOAK-10675] - Deleting an Identity Provider doesn't remove the associated IdP Mapper for that user 2020-03-26 11:41:17 +01:00
Pedro Igor
1b8369c7d5 [KEYCLOAK-13385] - Better message when saving a provider with invalid URLs 2020-03-26 08:46:44 +01:00
mhajas
b2b790cd1d KEYCLOAK-10797 Unignore hawtio on eap6 test 2020-03-24 15:10:40 +01:00
mhajas
8b96882a1c KEYCLOAK-12972 Fix fuse tests 2020-03-24 14:50:54 +01:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
mposolda
5ddd605ee9 KEYCLOAK-13259 2020-03-24 05:32:41 +01:00
mposolda
9474dd6208 KEYCLOAK-12986 BruteForceProtector does not log failures when login failure in PostBroker flow 2020-03-24 05:32:10 +01:00
Martin Kanis
e6e0e6945d KEYCLOAK-12156 LogoutEndpoint does not verify token type of id_token_hint
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-03-24 05:31:36 +01:00
Pedro Igor
ec63245ac8 [KEYCLOAK-13386] - SslRequired.EXTERNAL doesn't work for identity broker validations 2020-03-23 12:16:43 -03:00
mposolda
3e82473a90 KEYCLOAK-13369 Not possible to move groups in admin console 2020-03-23 10:17:23 +01:00
mposolda
61fd66e107 KEYCLOAK-13368 TestClassProvider undertow server not stopped after testsuite 2020-03-23 07:10:17 +01:00
Pavel Drozd
6cc897e319
KEYCLOAK-8372 - User Federation tests - fixing for different vendors (#6909) 2020-03-20 11:36:35 +01:00
Dmitry Telegin
3b24465141
KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking (#6828)
* KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking

* KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow

* KEYCLOAK-12870: remove "already authenticated as different user" check and message

* KEYCLOAK-12870: translations

* KEYCLOAK-12870: fix tests
2020-03-20 07:41:35 +01:00
Pedro Igor
2eab44d3f3 [KEYCLOAK-13273] - Remove group policy when group is removed 2020-03-20 07:40:18 +01:00
rmartinc
a8e74196d1 KEYCLOAK-4923: Client Service Account Roles are not exported 2020-03-19 11:38:33 -03:00
Aboullos
f8dc7c0329 KEYCLOAK-13007 Add LDAPAccountTest 2020-03-18 10:11:59 -03:00
Stan Silvert
fff8571cfd KEYCLOAK-12768: Prevent reserved characters in URLs 2020-03-18 07:40:24 +01:00
vmuzikar
89f483d578 KEYCLOAK-13257 Fix WelcomeScreenTest.accountSecurityTest 2020-03-17 15:31:05 -03:00
vmuzikar
e4f7eb78b5 KEYCLOAK-13256 Fix WebAuthn in new Account Console tests 2020-03-17 15:31:05 -03:00
Stefan Guilhen
8c627fdb20 [KEYCLOAK-13036] Fix KeycloakElytronCSVaultTest failures on IBM JDK
- credential store is generated on the fly for the test, avoiding incompatibilities between implementations of keystores
2020-03-17 17:07:55 +01:00
mposolda
56d1ab19a8 KEYCLOAK-11412 Display more nice error message when creating top level group with same name 2020-03-16 21:03:46 +01:00
mposolda
d7688f6b12 KEYCLOAK-12869 REST sends credential type when no credential exists and credential disabled 2020-03-16 21:02:40 +01:00
Stan Silvert
1f1ed36b71 KEYCLOAK-9782: Do not allow duplicate group name when updating 2020-03-13 10:13:45 -04:00
Sebastian Laskawiec
8774a0f4ba KEYCLOAK-12881 KEYCLOAK-13099 Update FederatedIdentities and Groups on POST 2020-03-12 14:57:02 +01:00
mposolda
72e4690248 KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage 2020-03-11 12:51:56 +01:00
mposolda
803f398dba KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage 2020-03-11 12:51:56 +01:00
Thomas Darimont
cd51ff3474 KEYCLOAK-13186 Remove role information from RefreshTokens
We now no longer expose role assignment information into the RefreshToken.

Previously RefreshTokens contained information about the realm and
client specific roles which are assigned to a user. Since the role
information is usually either taken from the AccessToken, IDToken or
the User-Info endpoint and the RefreshToken is an internal format which
is opaque to the client, it would be a waste of space to keep that
information in the RefreshToken.

See:
https://lists.jboss.org/pipermail/keycloak-dev/2019-April/011936.html
2020-03-11 06:28:22 +01:00
rmartinc
ad3b9fc389 KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups 2020-03-11 06:14:29 +01:00
mposolda
bc1146ac2f KEYCLOAK-10029 Offline token migration fix. Always test offline-token migration when run MigrationTest 2020-03-10 20:38:16 +01:00
Pedro Igor
b7a395a3ef [KEYCLOAK-11345] - Test basic features of Keycloak.X with current tetsuite 2020-03-10 15:59:35 +01:00
vramik
83461d033b KEYCLOAK-11808 update testsuite to use current jdbc driver version for migration testing 2020-03-09 15:05:12 +01:00
Sebastian Schuster
99aba33980 KEYCLOAK-13163 Fixed searching for user with fine-grained permissions 2020-03-09 09:56:13 -03:00
vmuzikar
8cfd4d60e6 KEYCLOAK-13069 Fix failing RH-SSO base tests 2020-03-09 13:50:40 +01:00
vramik
e4baef41d1 KEYCLOAK-11424 DBAllocatorUnavailableException 2020-03-09 08:59:02 +01:00
Phy
8aa5019efe KEYCLOAK-13074 Don't return LDAP group members if under IMPORT mode
If GroupLDAPStorageMapper is running under IMPORT mode, getGroupMembers should not return users in LDAP, which, according to how UserStorageManager.query works (getting both user federation and Keycloak storage), will cause duplicate users in the list.

A test has been added as well, which will fail before the fix in the mapper.
2020-03-06 11:44:36 +01:00
stianst
ed97d40939 KEYCLOAK-9851 Removed properties from realm json attributes that are included as fields 2020-03-05 17:59:50 +01:00
mabartos
a1bbab9eb2 KEYCLOAK-12799 Missing Cancel button on The WebAuthn setup screen when using AIA 2020-03-05 15:04:38 +01:00
Pedro Igor
23b4aee445 [KEYCLOAK-13056] - Searching clients with reduced permissions results in 403 2020-03-05 13:39:25 +01:00
Pedro Igor
30b07a1ff5 [KEYCLOAK-13175] - Setting the enforcement mode when fetching lazily fetching resources 2020-03-05 13:31:21 +01:00
stianst
75a772f52b KEYCLOAK-10967 Add JSON body methods for test ldap and smtp connections. Deprecate old form based methods. 2020-03-05 10:07:58 +01:00
Pedro Igor
2f489a41eb [KEYCLOAK-12192] - Missing Input Validation in IDP Authorization URLs 2020-03-05 06:32:35 +01:00
Hynek Mlnarik
0cf0955318 KEYCLOAK-13181 Fix NPE in EAP 6 adapter 2020-03-04 10:19:43 +01:00
Jon Koops
c1bf183998 KEYCLOAK-9346 Add new KeycloakPromise to support native promises
Co-authored-by: mhajas <mhajas@redhat.com>
2020-03-04 08:53:35 +01:00
Douglas Palmer
dfb67c3aa4 [KEYCLOAK-12980] Username not updated when "Email as username" is enabled 2020-03-03 10:26:35 +01:00
Pedro Igor
49b1dbba68 [KEYCLOAK-11804] - Block service accounts to authenticate or manage credentials 2020-03-03 06:48:02 +01:00
Hynek Mlnarik
f45f882f0c KEYCLOAK-11903 Test for XSW attacks 2020-03-02 21:26:13 +01:00
mhajas
df11a8a864 KEYCLOAK-12606 Add test 2020-03-02 20:07:52 +01:00
vramik
7c91e36e43 KEYCLOAK-10898 WildFly Adapter CLI based installation scripts 2020-03-02 10:08:45 +01:00
mhajas
d3bebb4746 KEYCLOAK-12884 Add more tests for SameSite 2020-02-28 16:19:44 +01:00
mhajas
9b81c42525 KEYCLOAK-13113 Exclude tests for Tomcat 2020-02-28 13:35:33 +01:00
mabartos
695fb92241 KEYCLOAK-13070 UserConsentWithUserStorageModelTest failing with ModelDuplicateException 2020-02-27 21:25:49 +01:00
Hynek Mlnarik
aecfe251e4 KEYCLOAK-12816 Fix representation to model conversion 2020-02-27 21:11:24 +01:00
Douglas Palmer
85d7216228 [KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import 2020-02-27 09:45:48 -03:00
vramik
f1e54455e7 KEYCLOAK-13111 Move execution of db-allocator-plugin to jpa profile 2020-02-27 11:51:05 +01:00
mhajas
9f3a6de453 KEYCLOAK-13096 Add compile scope hamcrest dependency to springboot tests 2020-02-27 11:18:54 +01:00
mhajas
3db55727ca KEYCLOAK-12979 Fix group-attribute parsing 2020-02-27 10:48:03 +01:00
vramik
e2bd99e9e4 KEYCLOAK-13097 fix UserStorageTest - add cleanup after test 2020-02-27 10:46:38 +01:00
Pedro Igor
a830818a84 [KEYCLOAK-12794] - Missing id token checks in oidc broker 2020-02-27 09:13:29 +01:00
Erik Jan de Wit
8297c0c878 KEYCLOAK-11155 split on first '=' instead of all 2020-02-27 09:12:51 +01:00
Erik Jan de Wit
93a1374558 KEYCLOAK-11129 coalesce possible null values 2020-02-27 09:11:29 +01:00
Pedro Igor
1c71eb93db [KEYCLOAK-11576] - Properly handling redirect_uri parser errors 2020-02-27 08:29:06 +01:00
stianst
950eae090f KEYCLOAK-13054 Unblock temporarily disabled user on password reset, and remove invalid error message 2020-02-27 08:05:46 +01:00
vmuzikar
de8ba75399 KEYCLOAK-12635 KEYCLOAK-12935 KEYCLOAK-13023 UI test fixes 2020-02-26 15:54:44 -03:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn (#6780)
* KEYCLOAK-12958 Preview feature profile for WebAuthn

* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server

* KEYCLOAK-12958 WebAuthn profile product/project

Co-authored-by: Marek Posolda <mposolda@gmail.com>
2020-02-26 08:45:26 +01:00
mhajas
8436a88075 KEYCLOAK-12962 Enforce 3.6.0 maven version for deploy phase 2020-02-25 16:36:26 +01:00
stianst
9e47022116 KEYCLOAK-8044 Clear theme caches on hot-deploy 2020-02-20 08:50:10 +01:00
stianst
d8d81ee162 KEYCLOAK-12268 Show page not found for /account/log if events are disabled for the realm 2020-02-20 08:49:30 +01:00
stianst
9a3a358b96 KEYCLOAK-11700 Lower-case passwords before checking with password blacklist 2020-02-20 08:33:46 +01:00
stianst
536824beb6 KEYCLOAK-12960 Use Long for time based values in JsonWebToken 2020-02-19 15:46:05 +01:00
mhajas
167f73f54e KEYCLOAK-12969 Don't use GenericFilter in server-authz test application 2020-02-19 11:06:28 -03:00
Stefan Guilhen
7a3998870c [KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs
- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
2020-02-18 16:38:19 -03:00
mposolda
eeeaafb5e7 KEYCLOAK-12858 Authenticator is sometimes required even when configured as alternative 2020-02-18 09:05:59 +01:00
Thomas Darimont
67ddd3b0eb KEYCLOAK-12926 Improve Locale based message lookup
We now consider intermediate Locales when performing a Locale based
ResourceBundle lookup, before using an Locale.ENGLISH fallback.

Co-authored-by: stianst <stianst@gmail.com>
2020-02-18 08:43:46 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
Adamczyk Błażej
497787d2cd [KEYCLOAK-10696] - fixed missing client role attributes after import 2020-02-17 10:01:19 +01:00
mposolda
a76c496c23 KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users 2020-02-14 20:24:42 +01:00
Douglas Palmer
876086c846 [KEYCLOAK-12161] "Back to Application" link is shown with link to current page 2020-02-14 10:37:32 -03:00
stianst
f0e3122792 KEYCLOAK-12953 Ignore empty realm frontendUrl 2020-02-14 11:33:07 +01:00
stianst
42773592ca KEYCLOAK-9632 Improve handling of user locale 2020-02-14 08:32:20 +01:00
Pedro Igor
7efaf9869a [KEYCLOAK-12864] - OIDCIdentityProvider with Reverse Proxy 2020-02-13 15:01:10 +01:00
Pedro Igor
421ec34557 [KEYCLOAK-8049] - Prevent users from not choosing a group 2020-02-13 10:10:46 +01:00
mabartos
90b35cc13d KEYCLOAK-10420 Broker tests don't work with RH-SSO 2020-02-12 18:33:55 +01:00
mabartos
1bdf77f409 KEYCLOAK-12065 UserSessionInitializerTest is failing 2020-02-12 17:39:28 +01:00
mhajas
c3f0b342bf KEYCLOAK-12964 Fix adapter remote tests execution deciding 2020-02-12 16:04:44 +01:00
mhajas
1bb238d20f KEYCLOAK-12950 Use maven-plugin to configure shrinkwrap resolver 2020-02-12 16:04:44 +01:00
mhajas
f28ca30e6d KEYCLOAK-12963 Exclude testNoPortInDestination test for remote container 2020-02-12 13:18:51 +01:00
Peter Zaoral
b0ffea699e KEYCLOAK-12186 Improve the OTP login form
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-02-12 11:25:02 +01:00
vramik
3d22644bbe KEYCLOAK-12237 Fix WelcomePageTest on Postgresql 2020-02-12 10:43:29 +01:00