mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-06 06:49:53 -06:00
Code Issues Packages Projects Releases Wiki Activity
27,654 Commits 19 Branches 288 Tags
a0a314aecef200fdfe1f0f686fad992cd49836eb
Commit Graph

57 Commits

Author SHA1 Message Date
vramik
679f44692d Add Groups resource type and scopes to authorization schema and evaluation implementation 
Closes #35562

Signed-off-by: vramik <vramik@redhat.com>
 2025-02-12 10:07:09 -03:00
Erik Jan de Wit
0e1f1c69af added new endpoint that concatenates offline and regular sessions for clients (#36914) 
fixes: #36596

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2025-02-04 15:48:12 -05:00
vramik
879c399cde [FGAP] User can see itself even though he has negative permission to view itself 
Closes #36916

Signed-off-by: vramik <vramik@redhat.com>
 2025-01-29 09:35:30 -03:00
Alexander Schwartz
f392675d41 Fix missing response content type and more explicit error handling 
Closes #36410

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-14 09:44:56 +01:00
Alexander Schwartz
f4a208de6d Don't show global event listeners in the admin UI 
Closes #34602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-18 17:09:21 +01:00
Stefan Guilhen
abf0eb7f92 Update UP via provider instead of going through the UserProfileResource 
- prevents error when updating realm

Closes #34540

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-11-11 05:18:48 -03:00
Erik Jan de Wit
e8d8de8936 Use feature versions for admin3, account3, and login2 (#33458) 
Closes #33405

Signed-off-by: stianst <stianst@gmail.com>
 2024-10-03 12:09:36 +02:00
Daniel Fesenmeyer
87da4011f7 Bugfix: "User Profile" attributes not available for Users Attribute search, when admin user does not have view- or manage-realm realm-management role (#31771) 
- UIRealmResource: add "info" sub-resource to get realm-related information, which is visible for ALL admins (users having any realm-management role); for now, only provide the information whether any user profile provider is enabled
- UIRealmResourceTest: test the new endpoint, including permissions check
- UserDataTable.tsx: use this resource to get the info whether user profile providers are enabled, instead of using the realm components resource (which requires "view-realm" permissions)
- .../cypress/e2e/users_attribute_search_test.spec.ts: add cypress test to test the attribute search with minimum access rights
- further small changes for reuse of components, test-code etc

Closes #27536

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
 2024-09-20 14:06:08 -04:00
Thomas Darimont
d28adcb81b Avoid NPE if realm configuration contains invalid required action configuration (#32649) 
* Avoid NPE if realm configuration contains invalid required action configuration

If users removed implementations or renamed the provider id of a required action, then the realm configuration might contain dangling references to required actions.
If we then try to find the RequiredActionFactory to determine the if the required action is configurable then NPE is thrown. This PR prevents the NPE with a guard clause.

Fixes #32624

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

* Log a warning if required action with missing provider is detected.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

---------

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-04 15:04:58 -04:00
yelhouti
e8840df0e0 Fix: admin GUI not working with 1000s of realms 
Search by RealmName is done before loading all realms when filtering

Closes #31956

Signed-off-by: Youssef El Houti <youssef.elhouti@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-21 14:58:36 +02:00
Alexander Schwartz
80d235fffb Handle non-existing client gracefully (#32151) 
Closes #32150

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-15 16:08:40 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Andreas Blättlinger
f4178bfa26 Remove effective roles filtering to avoid inconsistency (#28099) 
* Changed effective roles filtering method

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>

* Adjusted remaining endpoints

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>

---------

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>
 2024-07-08 14:56:55 +02:00
Erik Jan de Wit
08ead04c43 added pagination to realm selector (#30219) 
* added pagination to realm selector

fixes: #29978
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix display name for recent and refresh on open

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-06-13 11:29:57 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400) 
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-23 08:38:36 +02:00
Pedro Igor
b019cf6129 Support unmanaged attributes for service accounts and make sure they are only managed through the admin api 
Closes #29362

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-21 16:56:18 -03:00
Hynek Mlnarik
65fcd44fe1 Use admin console correctly in KeycloakIdentity 
Fixes: #29688

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-05-21 13:35:44 +02:00
Alexander Schwartz
df47dee924 Rework the result for the session search to contain a single result per user sessions 
Closes #29203

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-03 13:51:14 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
Thomas Darimont
68617180a2 Show indicator for transient user in user sessions list in admin ui (28879) 
For transient users a transient label is now shown in the realm sessions and client sessions list in the admin ui.

Fixes #28879

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-04-19 09:48:41 +02:00
Hynek Mlnarik
146204c5cd Ensure correct treatment of auth and transient users 
This commit establishes consistency in retrieval of users and responses
between `org.keycloak.admin.ui.rest.UsersResource.getUser(String)` and
`org.keycloak.services.resources.admin.UsersResource.user(String)`

Fixes: #28666

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-04-15 10:17:34 +02:00
Steven Hawkins
35b9d8aa49 task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
Steve Hawkins
4091baf4c2 fix: accounting for the possibility of null flows from existing realms 
closes: #23980

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-08 14:25:23 +01:00
Réda Housni Alaoui
a3b3ee4b87 Ability to declare a default "First broker login flow" per Realm 
Closes #25823

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-02-28 16:17:51 +01:00
Oliver
bf89d53134 Show display name in realm selector (#27259) 
Solves #17735

Signed-off-by: Oliver Cremerius <antikalk@users.noreply.github.com>
 2024-02-26 14:04:38 +01:00
mposolda
692aeee17d Enable user profile by default 
closes #25151

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-01-11 12:48:44 -03:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-02 09:06:55 -03:00
Garth
9be7f0e474 added permission checking to ui-ext realm resource so realm names are not leaked to users without the appropriate permissions. #25679 (#25683) 
Closes: #25392
Closes: #25679

Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
 2024-01-02 11:46:43 +01:00
rmartinc
d841971ff4 Updating the UP configuration needs to trigger an admin event 
Close #23896

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 19:24:30 +01:00
mposolda
c81b533cf6 Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration 
closes #25416

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-14 14:43:28 +01:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-13 08:27:55 +01:00
Pedro Igor
c7f63d5843 Add options to change behavior on how unmanaged attributes are managed 
Closes #24934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-11-30 06:58:21 -03:00
Sebastian Schuster
030f42ec83 More efficient listing of assigned and available client role mappings 
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2023-11-22 14:10:11 +01:00
Réda Housni Alaoui
3f014c7299 Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2023-11-13 19:13:01 +01:00
Alice
69497382d8 Group scalability upgrades (#22700) 
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-26 16:50:45 +02:00
Erik Jan de Wit
339619816a lazy populate the treeview for groups (#21520) 
* added lazy parameter

fixes: #19954

* changed to only have the parameter

* fixed merge errors

* removed the `lazy` and now add subgroups on select

* lint

* fixed prettier

* fixed nullpointer

* fixed member tab
 2023-08-04 20:19:34 +00:00
Erik Jan de Wit
e24d51edca only use the names of the realms (#21576) 
* only use the names of the realms

fixes: #21555

* fixed merge error

* fixed test

* removed braces from arrow function
 2023-07-18 09:52:06 +02:00
Daniele Martinoli
817f129484 fix: closes #21095 (#21289) 
* fix: closes #21095

* Added overloaded version of GroupUtils.toGroupHierarchy with additional full parameter.
 2023-07-10 12:13:26 +02:00
Joshua Sorah
f695eeaa44 Refactor Admin REST API Documentation to use OpenAPI annotations. 
Removes dependencies on swagger-doclet
Adds dependencies on microprofile-openapi-api
Plugins for smallrye-open-api-maven-plugin, openapi-generator-maven-plugin

Customized ascii doc template for openapi-generator-maven-plugin, to give similar feel to previous documentation.

OpenAPI annotations added to Admin REST API resources.

Closes keycloak/keycloak#20433
 2023-06-29 17:03:38 +02:00
Erik Jan de Wit
c0ac409974 fixed pagination on the sessions tab (#20865) 
* fixed pagination on the sessions tab

fixes: #20835

* changed to use steam
 2023-06-14 08:25:27 +00:00
Daniele Martinoli
4eb05490f5 added per-instance filtering logic to search groups API (#20714) 2023-06-02 06:31:20 +00:00
Erik Jan de Wit
3862f82c2d added fine-grained auth on EffectiveRoleMappingResource (#20417) 2023-05-31 10:09:18 -04:00
Erik Jan de Wit
d76c295c09 Only show default role effective roles (#20285) 
fixes: #19982
 2023-05-30 14:17:10 -04:00
Erik Jan de Wit
b958d8b205 added PostBrokerLoginFlow to idp used by query (#20208) 
fixes: #19942
 2023-05-25 14:23:26 -04:00
Erik Jan de Wit
81580908c3 don't add access when fine grained access is off (#19991) 
fixes: #19990
 2023-05-02 10:50:18 +02:00
Peter Zaoral
c2d1cade8d Quarkus3 branch sync no. 7 
27.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Peter Zaoral
50c84d5805 Quarkus3 branch sync no. 2 
20.1.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
---
3.3.2023:
Resolved conflicts:
keycloak/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java - Modified

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Erik Jan de Wit
1f51ddb86e Use Admin API extension to group sessions (#19837) 
Fixes #19673
 2023-04-26 08:17:58 +00:00
Stan Silvert
c595e3430e Add access to full group tree. Fix access for members tab. Add missing (#19423) 
props to Access object.
Fixes #17589
 2023-03-31 15:11:13 -04:00