Pedro Igor
f970deac37
Do not grant scopes not granted for resources owned the resource server itself
...
Closes #25057
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-20 18:36:41 +01:00
René Zeidler
83a3500ccf
Attributes without a group should appear first
...
In the login theme, user profile attributes that
are not assigned to an attribute group should
appear before all other attributes. This aligns
the login theme (registration, verify profile,
etc.) with the account and admin console.
Fixes #27981
Signed-off-by: René Zeidler <rene.zeidler@gmx.de>
2024-03-19 18:40:01 +01:00
Peter Skopek
b77e228be4
Fix javadoc generation failure introduced with new dependencies
...
for OID4VCI support (#28038 )
Fixes #28038
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2024-03-19 14:14:53 +01:00
Stefan Wiedemann
67d3e1e467
Issue Verifiable Credentials in the VCDM format #25943 ( #27071 )
...
closes #25943
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-03-18 17:05:53 +01:00
cgeorgilakis-grnet
24f105e8fc
successful SAML IdP Logout Request with BaseID or EncryptedID and SessionIndex
...
Closes #23528
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-03-18 08:19:13 -03:00
Alexander Schwartz
62d24216e3
Remove offline session preloading
...
Closes #27602
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5
The bare minimum implementation for organization
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
2024-03-15 11:06:43 -03:00
Peter Keuter
e26a261e4e
Filter subgroups before paginating
...
Closes #27512
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
2024-03-15 10:57:57 +01:00
sebastien-helbert
e33bf39055
Review log message ( #23962 )
...
missing spaces added in log message
2024-03-14 13:44:22 +01:00
Alexander Schwartz
6de5325d1c
Limit the received content when handling the content as a String
...
Closes #27293
Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 16:43:03 +01:00
Réda Housni Alaoui
1bf90321ad
"Allowed Protocol Mapper Types" prevents clients from self-updating via client registration api ( #27578 )
...
closes #27558
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-03-13 14:00:34 +01:00
rmartinc
43a5779f6e
Do not challenge inside spnego authenticator is FORKED_FLOW
...
Closes #20637
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-12 14:23:03 +01:00
Pedro Igor
1e48cce3ae
Make sure empty configuration resolves to the system default configuration
...
Closes #27611
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-11 09:01:38 -03:00
Stefan Wiedemann
6fc69b6a01
Issue Verifiable Credentials in the SD-JWT-VC format ( #27207 )
...
closes #25942
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
2024-03-11 08:55:28 +01:00
Hynek Mlnarik
26468e11f2
Use correct path to account console
...
Fixes : #27709
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-03-08 14:31:32 +01:00
Ricardo Martin
299118c45a
Change oidcScopeMissing from WARN to DEBUG ( #27439 )
...
Closes #27391
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-08 10:50:21 +00:00
Erik Jan de Wit
7d104dbe9d
no result to parse on success ( #27336 )
...
* no result to parse on success
fixes : #27245
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* translate error message
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-03-08 09:56:23 +01:00
Pedro Igor
40385061f7
Make sure refresh token expiration is based on the current time when the token is issued
...
Closes #27180
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-07 15:23:19 +01:00
rmartinc
ea4155bbcd
Remove recursively when deleting an authentication executor
...
Closes #24795
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 14:43:23 +01:00
graziang
54b40d31b6
Revoked token cache expiration fix
...
Added 1 second to the duration of the cache for revoked tokens to prevent them from still being valid for 1 second after the expiration date of the access token.
Closes #26113
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-03-07 13:33:37 +01:00
Alexander Schwartz
595959398b
Instead of an InputStream that doesn't know about its encoding, use a String
...
Closes #20916
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-07 10:24:36 +00:00
rmartinc
dea15e25da
Only add the nonce claim to the ID Token (mapper for backwards compatibility)
...
Closes #26893
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 09:56:57 +01:00
Theresa Henze
653d09f39a
trigger REMOVE_TOTP event on removal of an OTP credential
...
Closes #15403
Signed-off-by: Theresa Henze <theresa.henze@bare.id>
2024-03-06 17:12:50 +01:00
graziang
39299eeb38
Encode role name parameter in the location header uri
...
The role is encoded to avoid template resolution by the URIBuilder. This fix avoids the exception when creating roles with names containing {patterns}.
Closes #27514
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-03-06 15:59:26 +01:00
rmartinc
82af0b6af6
Initial client policies integration for SAML
...
Closes #26654
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-06 15:18:35 +01:00
graziang
4fa940a31e
Device verification flow always requires consent
...
Force consent for device verification flow when there are no client scopes to approve by adding a default client scope to approve
Closes #26100
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-03-05 14:14:19 +01:00
Tero Saarni
e06fcbe6ae
Change supported criteria for Google Authenticator
...
List Google Authenticator as supported when
- hash algorithm is SHA256 or SHA512
- number of digits is 8
- OTP type is hotp
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-03-05 11:19:06 +01:00
Jon Koops
7afd75ba08
Use browser router for Account Console ( #22192 )
...
Closes #27442
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-04 12:38:28 +00:00
Steven Hawkins
be3e2fabc4
fix: remove the reliance on allowed classes ( #27368 )
...
closes : #25038
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-04 12:17:53 +00:00
Lucy Linder
aa6771205a
Update ReCAPTCHA and add support for ReCAPTCHA Enterprise
...
Closes #16138
Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-03-04 20:28:06 +09:00
vramik
032bb8e9cc
Map Store Removal: Remove obsolete KeycloakModelUtils.isUsernameCaseSensitive
method
...
Closes #27438
Signed-off-by: vramik <vramik@redhat.com>
2024-03-02 04:40:46 +09:00
rmartinc
f970803738
Check email and username for duplicated if isLoginWithEmailAllowed
...
Closes #27297
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-02 00:14:27 +09:00
Andy
137907f5ef
Roles admin REST API: Don't expand composite roles
...
Additionally:
- Import clean-up
- Added requireMapComposite as in RoleResource.addComposites
Closes #26951
Signed-off-by: synth3 <19573241+synth3@users.noreply.github.com>
2024-03-02 00:03:03 +09:00
Takashi Norimatsu
1792af6850
OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor
...
closes #27412
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-03-01 14:49:23 +01:00
graziang
082f9ec15b
Update client scopes in Client Update Request in DCR
...
Fix ClientScopesClientRegistrationPolicy.beforeUpdate because it was modifying the original clientRepresentation.
Add updateClientScopes method to set client scopes in Client Update Request in DCR.
Closes #24361
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-03-01 12:32:45 +01:00
Albrecht Scheidig
cad34cbb04
Restore support for locales with extensions ( #27285 )
...
Closes #27284
Signed-off-by: Albrecht Scheidig <albrecht.scheidig@hype.de>
2024-02-29 17:16:44 +00:00
Marek Posolda
ae0a0ea30b
SecureRedirectUrisEnforcerExecutor fixes ( #27369 )
...
closes #27344
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-29 17:24:20 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core ( #27032 )
...
* fix: partial removal of resteasy-core
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: fully removing resteasy-core
closes : #26315
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-29 11:43:13 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
...
Closes #25823
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
Pedro Igor
788d146bf2
Use the target client when processing scopes for internal exchanges
...
Closes #19183
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-28 15:18:43 +01:00
graziang
16a854c91b
Add option to clients to use lightweight access token
...
Add an "Always use lightweight access token" option on the client's Advanced tab in the "Advanced Settings" section that uses the already existing Constants.USE_LIGHTWEIGHT_ACCESS_TOKEN_ENABLED to store a boolean client attribute.
The attribute value is used to enable or disable the lightweight access token.
Closes #27238
Signed-off-by: graziang <g.graziano94@gmail.com>
2024-02-28 10:18:26 +01:00
Pedro Igor
0c91fceaad
Allow setting if both 'client_id' and 'id_token_hint' params should be sent in logout requests
...
Closes #27281
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-27 20:37:27 +09:00
Dmitry Telegin
c18c4bbeb8
Remove setContext() + minor cleanup
...
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-02-27 19:11:32 +09:00
Dmitry Telegin
87c2df0ea4
Fix UMA
2024-02-27 19:11:32 +09:00
Dmitry Telegin
be3d0b6202
Split OAuth2GrantType and OAuth2GrantTypeFactory
2024-02-27 19:11:32 +09:00
Dmitry Telegin
c73516ba5b
Revert dynamic grant type resolution
2024-02-27 19:11:32 +09:00
Dmitry Telegin
5f04ce310a
simplify OAuth2GrantType.Context creation
2024-02-27 19:11:32 +09:00
Dmitry Telegin
b81bf85a06
rebase
2024-02-27 19:11:32 +09:00
Dmitry Telegin
854ec17fd3
- rework grant type resolution to use supports() in addition to grant type
...
- replace initialize() with setContext()
- use EnvironmentDependentProviderFactory instead of runtime checks
- move OAuth2GrantTypeManager to server-spi-private
- javadocs, imports, minor fixes
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
2024-02-27 19:11:32 +09:00
Dmitry Telegin
cc9c8fe78a
Use EnvironmentDependentProviderFactory for DeviceGrantType
2024-02-27 19:11:32 +09:00