mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-07 15:41:29 -05:00
Code Issues Packages Projects Releases Wiki Activity
24,695 Commits 34 Branches 304 Tags
d2fd6bd221ad5850cbb2ef4c15b38f2249dc7b10
Commit Graph

4497 Commits

Author SHA1 Message Date
Patrick Jennings 5e0d323304 Log exception when failure to augment client and re-throw instead of returning the raw client. 
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-04-15 09:39:34 +02:00
Patrick Jennings 551a3db987 Updating validation logic to match our expectations on what applicable should mean. 
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-04-15 09:39:34 +02:00
Patrick Jennings 03db2e8b56 Integration tests around client type parameter validation. Throw common ClientTypeException with invalid params requested during client creation/update requests. This gets translated into ErrorResponseException in the Resource handlers. 
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-04-15 09:39:34 +02:00
Patrick Jennings 9814733dd3 DefaultClientType service will now validate all client type default values and respond with bad request message with the affending parameters that attempt to override readonly in the client type config. 
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-04-15 09:39:34 +02:00
Patrick Jennings c0f5dab209 If client cannot be augmented due to error, we shall return the un-augmented client entity. 
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-04-15 09:39:34 +02:00
Patrick Jennings 42202ae45e Translate client type exception during client create into bad request response. 
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-04-15 09:39:34 +02:00
Giuseppe Graziano 4672366eb9 Simplified checks in IntrospectionEndpoint (#28642) 
Closes #24466

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
 2024-04-12 21:19:04 +02:00
Marek Posolda e6747bfd23 Adjust priority of SubMapper (#28663) 
closes #28661


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-12 14:13:03 +02:00
Pedro Igor 61b1eec504 Prevent members with an email other than the domain set to an organization 
Closes #28644

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-12 08:33:18 -03:00
rmartinc 6d74e6b289 Escape slashes in full group path representation but disabled by default 
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-12 10:53:39 +02:00
Douglas Palmer 69ba92808d DefaultBruteForceProtector leverages a single thread to write success/failed events 
Closes #14084

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-12 09:53:40 +02:00
Pedro Igor 8f8094408e Encapsulate the logic to set attributes into the domain model 
Closes #28646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-11 15:32:21 -03:00
Marek Posolda 74faddec8e Release notes for lightweight access tokens and group together relate… (#28622) 
closes #28460

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-11 20:02:33 +02:00
Giuseppe Graziano 33b747286e Changed userId value for refresh token events 
Closes #28567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-11 07:46:44 +02:00
Stefan Guilhen 9a466f90ab Add ability to set one or more internet domain to an organization. 
Closed #28274

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-10 13:18:12 -03:00
devjos cccddc0810 Fix brute force detection for LDAP read-only users 
Closes #28579

Signed-off-by: devjos <github_11837948@feido.de>
 2024-04-10 16:36:11 +02:00
vramik 00ce3e34bd Manage a single identity provider for an organization 
Closes #28272

Signed-off-by: vramik <vramik@redhat.com>
 2024-04-10 09:47:51 -03:00
Martin Kanis 51fa054ba7 Manage organization attributes 
Closes #28253

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-04-10 09:10:49 -03:00
rmartinc 41b706bb6a Initial security profile SPI to integrate default client policies 
Closes #27189

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-10 11:19:56 +02:00
Giuseppe Graziano c76cbc94d8 Add sub via protocol mapper to access token 
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-10 10:40:42 +02:00
mposolda aa619f0170 Redirect error to client right-away when browser tab detects that another browser tab authenticated 
closes #27880

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-04-09 17:59:34 +02:00
Václav Muzikář e4987f10f5 Hostname SPI v2 (#26345) 
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-04-09 11:25:19 +02:00
vibrown 3fffc5182e Added ClientType implementation from Marek's prototype 
Signed-off-by: vibrown <vibrown@redhat.com>

More updates

Signed-off-by: vibrown <vibrown@redhat.com>

Added client type logic from Marek's prototype

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

Testing to see if skipRestart was cause of test failures in MR
 2024-04-08 20:20:37 +02:00
Pedro Igor 52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
rmartinc 2b769e5129 Better management of the CSP header 
Closes https://github.com/keycloak/keycloak/issues/24568

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-08 08:19:57 +02:00
Giuseppe Graziano b4f791b632 Remove session_state from tokens 
Closes #27624

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-08 08:12:51 +02:00
Alexander Schwartz 647bce49c8 Add error details to events to be able to track down root causes 
Closes #28429

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-04 20:28:45 +02:00
Justin Tay 30cd40e097 Use realm default signature algorithm for id_token_signed_response_alg 
Closes #9695

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-04 11:37:28 +02:00
Justin Tay 89a5da1afd Allow empty key use in JWKS for client authentication 
Closes #28004

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-04 10:42:37 +02:00
Marek Posolda 335a10fead Handle 'You are already logged in' for expired authentication sessions (#27793) 
closes #24112

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-04-04 10:41:03 +02:00
Anar Sultanov 6708f1f12d Update method for sending identity broker link confirmation 
Signed-off-by: Anar Sultanov <anar.sultanov@assessio.se>
 2024-04-03 19:08:51 -03:00
Hynek Mlnarik 8ef3423f4a Present effective sync mode value 
When sync mode value is missing in the config of newly created identity
provider, the provider does not store any. When no value is
found, the identity provider behaves as if `LEGACY` was used (#6705).

This PR ensures the correct sync mode is returned from the REST endpoint,
regardless of whether it has been stored in the database or not.

Fixes: #26019

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-04-03 15:49:18 +02:00
Pedro Igor fefeb83588 Changes the contract to make it simpler and rely on the realm available from the current session 
Closes #28403

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-03 14:45:31 +02:00
Nicola Beghin a7e5c861cc fixes SAMLIdentityProvider not honoring SamlAuthenticationPreprocessor (keycloak/keycloak#27875) 
Signed-off-by: Nicola Beghin <nicolabeghin@gmail.com>
 2024-04-02 10:58:15 +02:00
Giuseppe Graziano fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper 
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-02 08:44:28 +02:00
Pedro Igor b9a7152a29 Avoid commiting the transaction prematurely when creating users through the User API 
Closes #28217

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-27 19:16:09 -03:00
Lex Cao a53cacc0a7 Fire logout event when logout other sessions (#26658) 
Closes #26658

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-03-27 11:13:48 +01:00
Jon Koops 3382e16954 Remove Account Console version 2 (#27510) 
Closes #19664

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-03-27 10:53:28 +01:00
Steven Hawkins be32f8b1bf fix: limit the use of Resteasy to the KeycloakSession (#28150) 
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
 2024-03-26 13:43:41 -04:00
vramik fa1571f231 Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member 
Closes #27993

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-26 14:02:09 -03:00
vramik e7bc796553 When the realm has registrationEmailAsUsername set to false (default) it's not possible to add a member to an org 
Closes #28216

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-26 14:02:09 -03:00
Pedro Igor a470711dfb Resolve the user federation link as null when decorating the user profile metadata in the LDAP provider 
Closes #28100

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-26 10:14:49 -03:00
Stian Thorgersen 8cbd39083e Default password hashing algorithm should be set to default password hash provider (#28128) 
Closes #28120

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 12:44:11 +01:00
Stian Thorgersen 3f9cebca39 Ability to set the default provider for an SPI (#28135) 
Closes #28134

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:45:08 +01:00
Reda Bourial a41d865600 fix for SMTP email sending fails because of tls certificate verification even with tls-hostname-verifier=ANY (#27756) 
Signed-off-by: Reda Bourial <reda.bourial@gmail.com>
 2024-03-21 17:06:42 +01:00
Steven Hawkins 7eab019748 task: deprecate WILDCARD and STRICT options (#26833) 
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 16:22:41 +01:00
Steven Hawkins 35b9d8aa49 task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
Giuseppe Graziano 939420cea1 Always include offline_access scope when refreshing with offline token 
Closes #27878

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-03-21 14:32:31 +01:00
Pedro Igor 32541f19a3 Allow managing members for an organization 
Closes #27934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-21 10:26:30 -03:00
Martin Kanis 4154d27941 Invalidating offline token is not working from client sessions tab 
Closes #27275

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-03-21 09:04:58 -03:00