mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-25 08:38:50 -06:00
Code Issues Packages Projects Releases Wiki Activity
25,338 Commits 24 Branches 291 Tags
9d5ccfb22d00a9f63eb62289c1e6dfd855ecd151
Commit Graph

4655 Commits

Author SHA1 Message Date
Ricardo Martin
3760161268 Add the nonce attribute when the client session context is recreated (#33422) 
Closes #33355

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Tomas Kralik <tomas.kralik@pbktechnology.cz>
(cherry picked from commit 6e471a8477)
 2024-10-03 18:28:05 +02:00
Giuseppe Graziano
d82438a611 Remove root auth session after backchannel logout 
Closes #32197

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
(cherry picked from commit b46fab2308)
 2024-10-02 09:41:50 +02:00
rmartinc
3af1fb04f1 Use note to detect the IDP verify email action is already done 
Closes #31563

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 1d23c3c720)
 2024-09-27 11:48:03 +02:00
Stian Thorgersen
9f37a83c51 Improve handling for loopback redirect-uri validation (#195) 
Signed-off-by: stianst <stianst@gmail.com>
 2024-09-17 08:49:29 +02:00
Jon Koops
f253f90610 Do not send attributes when unlocking the user (#32993) 
Closes #31165

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
(cherry picked from commit 0410653e71)

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-09-17 08:49:02 +02:00
Steven Hawkins
966bc4640b fix: refining v2 hostname validation (#32659) (#32809) 
closes: #32643

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit 58d742bb5c)
 2024-09-11 17:55:00 +02:00
Alexander Schwartz
01ae858fe9 Handle non-existing client gracefully (#32167) 
Closes #32150

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-16 10:15:51 +02:00
rmartinc
2a8f104f26 Adding upgrading notes for brute force changes 
Closes #31960

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-09 09:49:47 +02:00
rmartinc
99f92ad5ff Remove the attempt in brute force when the off-thread finishes 
Closes #31881

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-09 09:49:47 +02:00
Pedro Igor
2fb358e1a2 Support for blocking concurrent requests when brute force is enabled 
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-09 09:49:47 +02:00
Alexander Schwartz
10aaa67d1a For persistent sessions, don't remove user session if there is no session in the remote store (#31787) 
Closes #31115

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-31 12:00:23 +02:00
Alexander Schwartz
213063bed1 Trigger clearing the user cache when the duplicate email allowed flag changes (#31722) 
Closes #31045

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-30 14:58:32 +02:00
Giuseppe Graziano
b65ec7f2c7 Client scope assignment for client registration 
Closes #31062

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
(cherry picked from commit 12732333c8)
 2024-07-29 16:26:24 +02:00
Ricardo Martin
d12adba078 Correctly moves to the next required action (#31358) 
Closes #31014

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>

Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 3d12c05005)
 2024-07-17 12:26:09 +02:00
Lucy Linder
e41db1cb1f Fix ReCAPTCHA Enterprise failing due to new properties in response 
The assessment response added a new field called accountDefenderAssessment.
This commit adds the new property, and also ensures new properties won't be
problematic next time by ignoring unknown properties on the top level object.

Closes: #30917

Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
 2024-07-09 13:18:08 +02:00
Jon Koops
601b5a7e78 Use the Keycloak server URL for common resources 
Closes #30541

Signed-off-by: Jon Koops <jonkoops@gmail.com>
(cherry picked from commit cd0dbdf264)
 2024-06-26 16:07:54 +00:00
Jon Koops
28cd9684b0 Use correct host URL for Admin Console requests (#30535) (#30579) 
Closes #30432

Signed-off-by: Jon Koops <jonkoops@gmail.com>
(cherry picked from commit 77fb3c4dd4)
 2024-06-19 15:50:19 -04:00
Jon Koops
0958928d98 Run the Vite dev server through the Keycloak server (#27311) (#30373) 
Closes #19750
Closes #28643
Closes #30115

Signed-off-by: Jon Koops <jonkoops@gmail.com>
(cherry picked from commit c7361ccf6e)
 2024-06-12 15:27:59 +00:00
rmartinc
ee60406a58 Logout from all clients after IdP logout is performed 
Closes #25234

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 7d05a7a013)
 2024-06-11 10:37:36 +02:00
e.sergeenko
f00c2f3eb0 Add ability to get realm attributes 
Closes #30241

Signed-off-by: e.sergeenko <sergeenkoegor@yandex.ru>
 2024-06-07 13:05:06 +02:00
rmartinc
760e01b9db Improvements for openapi annotations in AuthenticationManagementResource 
Closes #29788

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-07 13:04:00 +02:00
Giuseppe Graziano
6067f93984 Improvements to refresh token rotation with multiple tabs (#29966) 
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-07 12:02:36 +02:00
vickeybrown
c96c6c4feb Default SAML client type (#29493) 
closes #29492 

Signed-off-by: Vickey Brown <vibrown@redhat.com>
 2024-06-07 11:43:43 +02:00
Erik Jan de Wit
5897334ddb Align environment variables between consoles (#30125) 
* change to make authServerUrl the same as authUrl

fixes: #29641
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Remove `authUrl` entirely

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Remove file that is unrelated

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Split out and align environment variables between consoles

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Restore removed variables to preserve backwards compatibility

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Also deprecate the `authUrl` for the Admin Console

Signed-off-by: Jon Koops <jonkoops@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-06-06 08:36:46 +02:00
Pedro Igor
94c194f1f4 Prevent users to unlink from their home identity provider when they are a managed member 
Closes #30092

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2024-06-05 13:57:01 +02:00
mposolda
0bf613782f Updating client policies in JSON editor is buggy. Attempt to update global client policies should throw the error 
closes #30102

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-05 13:55:02 +02:00
rmartinc
eedfd0ef51 Missing auth checks in some admin endpoints (#166) 
Closes keycloak/keycloak-private#156

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-05 12:04:47 +02:00
Giuseppe Graziano
d5e82356f9 Encrypted KC_RESTART cookie and removed sensitive notes 
Closes #keycloak/keycloak-private#162

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-05 10:33:44 +02:00
Pedro Igor
f8d55ca7cd Export import realm with organizations 
Closes #30006

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-05 09:50:03 +02:00
Martin Kanis
33331788a4 Introduce count method to avoid fetching all organization upon checking for existence 
Closes #29697

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-04 10:45:28 -03:00
Thomas Darimont
35a4a17aa5 Add support for application/jwt media-type in token introspection (#29842) 
Fixes #29841

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-06-03 19:06:21 +02:00
Martin Bartoš
262fc09edc OpenJDK 21 support (#28518) 
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-06-03 14:17:28 +02:00
mposolda
9074696382 Editing built-in client policy profiles are silently reverted 
closes #27184

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-03 14:00:37 +02:00
Pedro Igor
4c39fcc79d Allow to configure if users are automatically redirected when the email domain matches an organization 
Closes #30050

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-03 13:34:21 +02:00
vramik
a8ceada973 Fix creation of domains when creating the organization 
Closes #29005

Signed-off-by: vramik <vramik@redhat.com>
 2024-06-03 10:22:20 +02:00
raff897
6d6131cade Backchannel logout url with curly brackets 
closes #30023

Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
 2024-06-03 09:51:39 +02:00
Stefan Wiedemann
0f6f9543ba Add oid4vci to the account console (#29174) 
closes #25945

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>


Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-05-31 15:11:32 +02:00
Patrick Jennings
5144f8d85f Improve Client Type Integration Tests (#29944) 
closes #30017

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-05-31 09:53:22 +02:00
Andrejs Mivreniks
1cf87407fe Allow setting authentication flow execution priority value via Admin API 
Closes #20747

Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>
 2024-05-30 19:17:45 +02:00
Pedro Igor
320f8eb1b4 Improve invitation messages and flow 
Closes #29945

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 17:51:06 +02:00
Erik Jan de Wit
f088b0009c initial ui for organizations (#29643) 
* initial screen

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* more screens

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added members tab

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added the backend

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added member add / invite models

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* initial version of the identity provider section

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* add link and unlink providers

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* small fix

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* PR comments

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Do not validate broker domain when the domain is an empty string

Closes #29759

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added filter and value

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added first name last name

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* refresh menu when realm organization is changed

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to record

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to form data

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed lint error

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Changing name of invitation parameters

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Chancing name of parameters on the client

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Enable organization at the realm before running tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Domain help message

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Handling model validation errors when creating organizations

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Message key for organizationDetails

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Do not change kc.org attribute on group

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* add realm into the context

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* tests

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Changing button in invitation model to use Send instead of Save

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Better message when validating the organization domain

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Fixing compilation error after rebase

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* removed wait as it no longer required and skip flacky test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* skip tests that are flaky

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* stabilize user create test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 14:34:02 +02:00
Thomas Darimont
4edb204777 Add reason details in event before error event is submitted for broken SAML requests (#29948) 
Previously the reason was omitted in the details because it was set after the event was already submitted.

Fixes #29948

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-05-29 08:34:28 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity 
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 01:58:20 -03:00
mposolda
49a2aaf7bc Adding realmName to be logged by jboss-logging event listener 
closes #27506

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-28 18:41:43 +02:00
Francis Pouatcha
583054b929 Enhancement: Add support for RSA encryption key imports in JavaKeystoreKeyProvider (#29853) 
closes #29852 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-05-28 13:56:20 +02:00
Stefan Guilhen
694ffaf289 Allow organizations in different realms to have the same domain 
Closes #29886

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-28 08:02:30 -03:00
Francis Pouatcha
4317a474d1 JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification (#29635) 
closes #29634 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>


Co-authored-by: DYLANE BENGONO <85441363+bengo237@users.noreply.github.com>
 2024-05-28 12:51:56 +02:00
Sebastian Prehn
b5d0154bb1 Improve documentation on ClientRolemappingsRessource 
Closes #29266

Signed-off-by: Sebastian Prehn <sebastian.prehn@ero.eu>
 2024-05-28 09:06:31 +02:00
BaptisteMcd
8d76ce3f54 Fix: Added LDSigningServiceProvider entry for LD-Credentials/VCDM 
Closes #29885

Signed-off-by: Baptiste Marchand <baptiste.marchand01@gmail.com>
 2024-05-27 14:42:09 +00:00
Stefan Wiedemann
5a68056f2a Fix oid4vc mappers 
Closes #29805

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-05-27 11:28:46 +02:00