mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,651 Commits 20 Branches 287 Tags
feature/infinispan-16.0
Commit Graph

78 Commits

Author SHA1 Message Date
Peter Zaoral
0e959ad89e Delete operation for Client v2 (#44335) 
Closes: #43291

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2025-11-20 12:12:33 +01:00
Peter Zaoral
b9d94d325b Remove JSON Patch support from the Client API v2 MVP (#44120) 
Closes: #43572

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2025-11-18 09:42:10 +00:00
Stian Thorgersen
a2c1055f8d Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
Steven Hawkins
26bdee3052 fix: removing unknown field validation parameter (#44173) 
closes: #43728

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-12 17:27:05 +00:00
Steven Hawkins
63fc0eec28 task: use client v1 logic for v2 impl (#43982) 
* task: use client v1 logic for v2 impl

closes: #43733

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing the provider module

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-12 15:08:27 +01:00
Stian Thorgersen
d8275fe5df Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Václav Muzikář
9c86eae7ed Initial Client API v2 impl (#43395) 
Closes #43224

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-11-03 14:31:54 +01:00
Pedro Igor
c5b560e2d8 Update user profile to allow returning a brief user representation 
Closes #42225

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-21 12:52:31 +02:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
vramik
e4dc88de13 [FGAP] Make additional rest endpoints respect permissions 
Closes #40058

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-08 08:47:22 -03:00
vramik
114afee7f1 Use MgmtPermissionsV2 by default 
Closes #40192

Signed-off-by: vramik <vramik@redhat.com>
 2025-07-07 11:07:21 -03:00
vramik
f45b8e0c6d Move FGAP classes to specific package 
Signed-off-by: vramik <vramik@redhat.com>
 2025-05-22 09:53:16 -03:00
Pedro Igor
7aab9fade8 Move FGAP types to a specific package 
Closes #39712

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-22 09:53:16 -03:00
Pedro Igor
34ad280665 Build user representations when searching based on the user profile settings 
Closes #39595

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-14 10:42:25 +02:00
Pedro Igor
a035b904ff Return only manage permissions when listing users via administration console 
Closes #39641

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-12 16:02:21 -04:00
vramik
5c7e0c25f5 [FGAP] AvailableRoleMappings do not consider all-clients permissions 
Closes #38913

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-15 08:17:21 -03:00
vramik
9c02bb29d3 Fix AvailableRoleMappingResource 
Closes #35580

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-09 08:41:15 -03:00
Pedro Igor
1c57035d41 Support partial evaluation for the group resource type 
Closes #38273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-03-24 11:49:53 -03:00
vramik
a72d15b857 PartialEvaluator ignores view-* and manage-* roles 
Closes #38284

Signed-off-by: vramik <vramik@redhat.com>
 2025-03-24 08:30:59 -03:00
Pedro Igor
a4000575a4 Initial support for partial evaluation 
Closes #38085

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-03-19 13:30:52 -03:00
Pedro Igor
b200ab0792 Fix permissions for view-members and manage-members 
Closes #38013

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-03-17 08:27:36 -03:00
vramik
679f44692d Add Groups resource type and scopes to authorization schema and evaluation implementation 
Closes #35562

Signed-off-by: vramik <vramik@redhat.com>
 2025-02-12 10:07:09 -03:00
Erik Jan de Wit
0e1f1c69af added new endpoint that concatenates offline and regular sessions for clients (#36914) 
fixes: #36596

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2025-02-04 15:48:12 -05:00
vramik
879c399cde [FGAP] User can see itself even though he has negative permission to view itself 
Closes #36916

Signed-off-by: vramik <vramik@redhat.com>
 2025-01-29 09:35:30 -03:00
Alexander Schwartz
f392675d41 Fix missing response content type and more explicit error handling 
Closes #36410

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-14 09:44:56 +01:00
Alexander Schwartz
f4a208de6d Don't show global event listeners in the admin UI 
Closes #34602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-18 17:09:21 +01:00
Stefan Guilhen
abf0eb7f92 Update UP via provider instead of going through the UserProfileResource 
- prevents error when updating realm

Closes #34540

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-11-11 05:18:48 -03:00
Erik Jan de Wit
e8d8de8936 Use feature versions for admin3, account3, and login2 (#33458) 
Closes #33405

Signed-off-by: stianst <stianst@gmail.com>
 2024-10-03 12:09:36 +02:00
Daniel Fesenmeyer
87da4011f7 Bugfix: "User Profile" attributes not available for Users Attribute search, when admin user does not have view- or manage-realm realm-management role (#31771) 
- UIRealmResource: add "info" sub-resource to get realm-related information, which is visible for ALL admins (users having any realm-management role); for now, only provide the information whether any user profile provider is enabled
- UIRealmResourceTest: test the new endpoint, including permissions check
- UserDataTable.tsx: use this resource to get the info whether user profile providers are enabled, instead of using the realm components resource (which requires "view-realm" permissions)
- .../cypress/e2e/users_attribute_search_test.spec.ts: add cypress test to test the attribute search with minimum access rights
- further small changes for reuse of components, test-code etc

Closes #27536

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
 2024-09-20 14:06:08 -04:00
Thomas Darimont
d28adcb81b Avoid NPE if realm configuration contains invalid required action configuration (#32649) 
* Avoid NPE if realm configuration contains invalid required action configuration

If users removed implementations or renamed the provider id of a required action, then the realm configuration might contain dangling references to required actions.
If we then try to find the RequiredActionFactory to determine the if the required action is configurable then NPE is thrown. This PR prevents the NPE with a guard clause.

Fixes #32624

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

* Log a warning if required action with missing provider is detected.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

---------

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-04 15:04:58 -04:00
yelhouti
e8840df0e0 Fix: admin GUI not working with 1000s of realms 
Search by RealmName is done before loading all realms when filtering

Closes #31956

Signed-off-by: Youssef El Houti <youssef.elhouti@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-21 14:58:36 +02:00
Alexander Schwartz
80d235fffb Handle non-existing client gracefully (#32151) 
Closes #32150

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-15 16:08:40 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Andreas Blättlinger
f4178bfa26 Remove effective roles filtering to avoid inconsistency (#28099) 
* Changed effective roles filtering method

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>

* Adjusted remaining endpoints

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>

---------

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>
 2024-07-08 14:56:55 +02:00
Erik Jan de Wit
08ead04c43 added pagination to realm selector (#30219) 
* added pagination to realm selector

fixes: #29978
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix display name for recent and refresh on open

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-06-13 11:29:57 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400) 
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-23 08:38:36 +02:00
Pedro Igor
b019cf6129 Support unmanaged attributes for service accounts and make sure they are only managed through the admin api 
Closes #29362

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-21 16:56:18 -03:00
Hynek Mlnarik
65fcd44fe1 Use admin console correctly in KeycloakIdentity 
Fixes: #29688

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-05-21 13:35:44 +02:00
Alexander Schwartz
df47dee924 Rework the result for the session search to contain a single result per user sessions 
Closes #29203

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-03 13:51:14 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
Thomas Darimont
68617180a2 Show indicator for transient user in user sessions list in admin ui (28879) 
For transient users a transient label is now shown in the realm sessions and client sessions list in the admin ui.

Fixes #28879

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-04-19 09:48:41 +02:00
Hynek Mlnarik
146204c5cd Ensure correct treatment of auth and transient users 
This commit establishes consistency in retrieval of users and responses
between `org.keycloak.admin.ui.rest.UsersResource.getUser(String)` and
`org.keycloak.services.resources.admin.UsersResource.user(String)`

Fixes: #28666

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-04-15 10:17:34 +02:00
Steven Hawkins
35b9d8aa49 task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
Steve Hawkins
4091baf4c2 fix: accounting for the possibility of null flows from existing realms 
closes: #23980

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-08 14:25:23 +01:00
Réda Housni Alaoui
a3b3ee4b87 Ability to declare a default "First broker login flow" per Realm 
Closes #25823

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-02-28 16:17:51 +01:00
Oliver
bf89d53134 Show display name in realm selector (#27259) 
Solves #17735

Signed-off-by: Oliver Cremerius <antikalk@users.noreply.github.com>
 2024-02-26 14:04:38 +01:00
mposolda
692aeee17d Enable user profile by default 
closes #25151

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-01-11 12:48:44 -03:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-02 09:06:55 -03:00
Garth
9be7f0e474 added permission checking to ui-ext realm resource so realm names are not leaked to users without the appropriate permissions. #25679 (#25683) 
Closes: #25392
Closes: #25679

Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
 2024-01-02 11:46:43 +01:00