091b1472ce
Introduce client secret rotation dynamic registration ( #10952 )
...
Closes #10609
2022-03-28 20:39:11 +02:00
99fa6275c1
KEYCLOAK-19313 configure the name format in Attribute Importer IdP Mapper
2022-03-25 09:42:22 +01:00
3ebfc91b75
Reduce logging of errors due to the bounded queue
...
Closes #10588
2022-03-23 15:42:06 +01:00
9c01d819cb
Client Policies : An executor rejecting all requests
...
Closes #9097
2022-03-23 12:45:38 +01:00
b773857a80
Display email address in login-verify-email.ftl ( #10870 )
...
Closes #8873
2022-03-23 12:44:21 +01:00
78549fe024
Avoid duplicating parsing logic in ModelVersion
...
This now allows handling of the 999-SNAPSHOT version.
Closes #10879
2022-03-23 10:34:43 +01:00
6efa45f93e
Update secret rotation when the policy is enabled using jwt ( #10853 )
...
Closes #10666
2022-03-23 08:25:58 +01:00
e493b08fa7
Add expiration field to root authentication session
2022-03-23 07:47:47 +01:00
99c06d1102
Authorization services refactoring
...
Closes : #10447
* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
fb92b95c33
Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible.
...
This reverts commit bc27c7c464Closes #10840
2022-03-22 10:23:25 +01:00
c71aa8b711
Set version to 999-SNAPSHOT ( #10784 )
2022-03-22 09:22:48 +01:00
0faf3987f6
Hot Rod map storage: Authentication session no-downtime store
2022-03-22 09:05:52 +01:00
ffa6df5547
Fixes to hostname ( #10820 )
...
Closes #10627
Closes #10331
2022-03-22 08:11:50 +01:00
92c4e6d585
KEYCLOAK-16134 Allow webauthn idless login flow ( #7860 )
...
Closes #10832
2022-03-21 11:37:33 +01:00
bc27c7c464
Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
...
Closes #10333
2022-03-18 11:20:52 +01:00
c18a682f50
Do not store undefined values in store
...
Closes #10744
2022-03-17 16:44:33 +01:00
9e12587181
Protocol mapper and client scope for 'acr' claim
...
Closes #10161
2022-03-11 09:23:25 +01:00
8ee7ae24de
Make WebAuthn feature default for the product version
...
Closes #10695
2022-03-10 19:00:54 +01:00
5c6b123aff
Support for the Recovery codes ( #8730 )
...
Closes #9540
Co-authored-by: Zachary Witter <torquekma@gmail.com >
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com >
2022-03-10 15:49:25 +01:00
8a0f1ccb34
Properly execute AuthenticationFlowCallbackProviderTest with Map storage
...
Closes #10268 , Closes #10225
2022-03-10 15:00:23 +01:00
a7c8aa1dd3
[ #10616 ] Incorrect username logged for federated accounts ( #10662 )
...
Closes #10616
2022-03-10 13:21:39 +01:00
0c25da542c
Update secret rotation when the policy is disabled ( #10674 )
...
Closes #10667
2022-03-10 13:03:09 +01:00
18f391d8c4
Fix spelling error in field and classname
...
It's always a converter, unless electricity is involved.
Closes #10573
2022-03-09 08:28:52 -03:00
7335abaf08
Keycloak 10489 support for client secret rotation ( #10603 )
...
Closes #10602
2022-03-09 00:05:14 +01:00
d394e51674
Introduce profile 'feature' for step-up authentication enabled by default
...
Closes #10315
2022-03-08 14:42:46 +01:00
48565832d4
[ #10608 ] Password blacklists folder
2022-03-08 08:22:34 -03:00
3c3f003a38
LDAP Map storage support to support read/write for roles
...
Closes #9929
2022-03-08 12:03:10 +01:00
93bba8e338
Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that.
...
Closes #10205
2022-03-08 10:41:05 +01:00
2bae2d2167
DeleteAccountTest failure in the test pipeline
...
Closes #10630
2022-03-08 08:33:31 +01:00
02d0fe82bc
Auth execution 'Condition - User Attribute' missing
...
Closes #9895
2022-03-08 08:24:48 +01:00
f77ce315bb
Disable Authz caching for new storage tests
...
Closes #10500
2022-03-07 10:22:55 -03:00
722ce950bf
Improve user search performance
...
Removes bulder.lower() from user search queries on email and username.
Closes #8893
2022-03-04 14:15:14 +01:00
201277b897
Handle OIDC authz request with "response_type" missing and "response_mode=form_post"
...
Closes #10144
2022-03-04 13:31:40 +01:00
ebfc24d6c1
Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure.
...
Adding additional information like a thread dump when it doesn't shutdown as expected.
Closes #10016
2022-03-04 10:47:01 +01:00
74581b5c10
Workaround for deadlock when shutting down Infinispan in 12.1.7.Final.
...
This is tracked in upstream issue https://issues.redhat.com/browse/ISPN-13664
Closes #10016
2022-03-04 10:47:01 +01:00
92f6c75328
Nonce parameter should be required in authorizationEndpoint only when "id_token" is included in response_type
...
Closes #10143
2022-03-03 13:26:39 +01:00
6801688dd4
Allow Edge tests in Admin Console
...
Closes #10539
2022-03-03 07:14:01 +01:00
700ceb77ec
Removal of invalid(depricated) SpringBootTest
...
Closes #10218
2022-03-02 09:04:47 +01:00
76101e3591
[ fixes #9225 ] - Get scopeIds from the AuthorizationRequestContext instead of session if DYNAMIC_SCOPES are enabled
...
Add a test to make sure ProtocolMappers run with Dynamic Scopes
Change the way we create the DefaultClientSessionContext with respect to OAuth2 scopes, and standardize the way we obtain them from the parameter
2022-03-01 13:47:58 +01:00
e2514ea2e6
Test WebAuthn with multiple browsers
...
Closes #10062
2022-02-28 09:10:39 +01:00
5ef8265b75
Remove Tomcat 7 adapter
...
Closes #9428
2022-02-28 07:50:36 +01:00
52712d2c82
ACR support in the javascript adapter
...
Closes #10154
2022-02-24 20:07:50 +01:00
6249e34177
Hot Rod map storage: Client scope no-downtime store
2022-02-24 13:30:27 +01:00
b4281468d0
Convert Map Realm Entities into interfaces
...
Closes #9736
2022-02-24 13:23:19 +01:00
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore
...
Closes #10442
2022-02-24 12:46:26 +01:00
209df44641
Fixing responses when unexpected errors occurs ( #10383 )
...
Closes #10338
2022-02-23 07:44:25 +01:00
8c3fc5a60e
Option for client to specify default acr level ( #10364 )
...
Closes #10160
2022-02-22 07:54:30 +01:00
febb447919
KEYCLOAK-19297 Use real 'external' client object id to store AuthenticatedClientSession in UserSession object, so that the client session can be looked by the client object id in further requests.
2022-02-18 12:42:59 +01:00
caf37b1f70
Support for acr_values_supported in OIDC well-known endpoint ( #10265 )
...
* Support for acr_values_supported in OIDC well-known endpoint
closes #10159
2022-02-18 11:33:31 +01:00
323c08c8cc
KEYCLOAK-19519 Encryption algorithm RSA-OAEP with A256GCM ( #8553 )
...
Closes #10300
2022-02-17 17:41:54 +01:00
Marcelo Daniel Silva Sales