83e854785b
Parsing response from user info rather than the access token
...
Closes #22581
2023-08-29 14:52:32 +02:00
ef0f8ea532
lazy populate the treeview for groups ( #21520 ) ( #22656 )
...
Fixes : #19954
2023-08-23 17:42:06 +02:00
4570718ec6
RedirectUtils needs to use KeycloakUriBuilder with no parameter parsing
...
Closes https://github.com/keycloak/keycloak/issues/22424
2023-08-17 16:09:52 +02:00
adec6c5f01
Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts
...
Closes #21751
2023-08-11 17:02:49 +02:00
29d5fc6c49
Fix authenticatorConfig for javascript providers
...
Closes #20005
(cherry picked from commit 6f6b5e8e84
2023-08-01 08:59:28 +02:00
75305269d1
Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages ( #21897 )
...
* Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page
Closes #10232
2023-07-28 08:34:47 +02:00
6b83b3880f
Keycloak forgets ui_locales parameter when using reset password
...
closes #10981
(cherry picked from commit 03716ed452
2023-07-26 15:33:17 +02:00
87a50d3ba7
Revert emailVerified to false if email modified on force-sync non-trusted broker
...
Closes https://github.com/keycloak/security/issues/48
2023-07-17 13:14:45 +02:00
47eeece827
Update javadoc for user search in UserResource
...
Closes #21053
2023-07-11 11:14:29 +02:00
376d20c285
Remove user credentials from admin event representation ( #21561 )
...
Closes #17470
2023-07-11 08:26:29 +02:00
13870f3a69
Improve error management in the github provider
...
Closes https://github.com/keycloak/keycloak/issues/9429
2023-07-10 16:09:08 -03:00
97a37f565e
Align guava dependency with the Quarkus Platform BOM ( #21544 )
...
Closes #21364
2023-07-10 16:13:13 +02:00
1644432df3
Reviewed solution as per reviewer's comments
2023-07-10 08:31:47 -03:00
d148a789f7
added clientNote to show the sign out option
2023-07-10 08:31:47 -03:00
399a23bd56
Find an appropriate key based on the given KID and JWA ( #21160 )
...
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.
Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.
* Update js/apps/admin-ui/public/locales/en/clients.json
Co-authored-by: Marek Posolda <mposolda@gmail.com >
* Updating boolean variable name based on suggestions by Marek.
* Adding integration test specifically for the JWT parameters for regression #20847 .
---------
Co-authored-by: Marek Posolda <mposolda@gmail.com >
2023-07-10 13:28:55 +02:00
817f129484
fix: closes #21095 ( #21289 )
...
* fix: closes #21095
* Added overloaded version of GroupUtils.toGroupHierarchy with additional full parameter.
2023-07-10 12:13:26 +02:00
7b8dcb42ea
Using "Account is disabled" message (and also added new test case)
2023-07-07 12:16:38 -03:00
13e2075ceb
Applying reviewer comments
2023-07-07 09:00:51 -03:00
e6d7749cbf
fix for 21476
2023-07-07 09:00:51 -03:00
b458356aa9
integrated reviewer comments
2023-07-07 08:59:36 -03:00
c9a226e220
Update services/src/main/java/org/keycloak/broker/provider/HardcodedGroupMapper.java
...
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com >
2023-07-07 08:59:36 -03:00
96f09fcd90
Update services/src/main/java/org/keycloak/broker/provider/HardcodedGroupMapper.java
...
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com >
2023-07-07 08:59:36 -03:00
83d88f6bb5
added Hardcoded Group mapper to IDP configuration
2023-07-07 08:59:36 -03:00
2f5040f565
added locale selector for account console
...
fixes : #20941
2023-07-06 11:14:39 -03:00
8cc04a6724
NullPointerException on reading auth.attemptedUsername in terms template
...
closes #21294
2023-07-04 16:07:44 -03:00
09e30b3c99
Support for JWE IDToken and UserInfo tokens in OIDC brokers
...
Closes https://github.com/keycloak/keycloak/issues/21254
2023-07-03 21:25:46 -03:00
ccbddb2258
Fix updating locale on info/error page after authenticationSession was already removed
...
Closes #13922
2023-07-03 18:57:36 -03:00
c0b0a25f71
Handle exceptions thrown when requesting storage-access permission ( #21325 )
2023-06-30 00:35:10 +00:00
e2ac9487f7
Conditional login through identity provider ( #20188 )
...
Closes #20191
Co-authored-by: Jon Koops <jonkoops@gmail.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
Co-authored-by: Marek Posolda <mposolda@gmail.com >
2023-06-29 18:44:15 +02:00
f695eeaa44
Refactor Admin REST API Documentation to use OpenAPI annotations.
...
Removes dependencies on swagger-doclet
Adds dependencies on microprofile-openapi-api
Plugins for smallrye-open-api-maven-plugin, openapi-generator-maven-plugin
Customized ascii doc template for openapi-generator-maven-plugin, to give similar feel to previous documentation.
OpenAPI annotations added to Admin REST API resources.
Closes keycloak/keycloak#20433
2023-06-29 17:03:38 +02:00
b336732251
Add iat to JWT passed to CIBA HttpAuthenticationChannel ( #21280 )
...
Closes #21283
2023-06-29 07:55:57 +02:00
51a9712e59
Improper Client Certificate Validation for OAuth/OpenID clients ( #20 )
...
Co-authored-by: Stian Thorgersen <stianst@gmail.com >
2023-06-28 17:52:48 -03:00
1973d0f0d4
Check the redirect URI is http(s) when used for a form Post ( #22 )
...
Closes https://github.com/keycloak/security/issues/22
Co-authored-by: Stian Thorgersen <stianst@gmail.com >
Signed-off-by: Peter Skopek <pskopek@redhat.com >
2023-06-28 17:52:48 -03:00
28aa1d730d
Verify holder of the device code ( #21 )
...
Closes https://github.com/keycloak/security/issues/32
Co-authored-by: Stian Thorgersen <stianst@gmail.com >
Conflicts:
services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
2023-06-28 15:45:26 +02:00
4bc11bdf7f
Do not return an error when moving a group to the current parent
...
Closes https://github.com/keycloak/keycloak/issues/21242
2023-06-28 10:34:15 +02:00
a5a2753d11
Don't allow impersonate disabled users or service accounts
...
Closes https://github.com/keycloak/keycloak/issues/21106
2023-06-28 10:18:21 +02:00
59e1a5d992
Custom theme - url.resourcesCommonPath references wrong theme
...
closes #20085
2023-06-28 08:25:44 +02:00
c75bf31398
Empty shortVerificationUri not the same with default (null) value
...
closes #20851
2023-06-27 14:57:24 +02:00
d0691b0884
Support for the locale user attribute
...
Closes #21163
2023-06-27 09:21:08 -03:00
3a3907ab15
changed to use ConfiguredProvider instead ( #21097 )
...
fixes : #15344
2023-06-27 08:00:32 -04:00
0cc464695e
Allowing users with view-users permission to call configured-user-storage-credential-types endpoint as per issue #20783
...
Closes #20783
2023-06-26 11:05:35 -03:00
f6ecc3f3f8
FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request
...
closes #20710
2023-06-26 12:09:25 +02:00
7fe7dfc529
ResourceType lost during clonning
...
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Closes #20947
2023-06-23 09:31:44 +02:00
a0d1ac6baa
processGrantRequest in TokenEndPoint uses new TokenManager instead of this.tokenMananager
...
closes #20978
2023-06-23 08:12:44 +02:00
aff6cc1cbd
Running mappers during account linking
...
Closes #11195
Co-authored-by: mposolda <mposolda@gmail.com >
Co-authored-by: toddkazakov
2023-06-22 17:41:31 +02:00
41e253c054
Check whether CREATE_REALM role exists in realm role mappings before hasRole check for user.
...
Closes #20332
2023-06-22 15:35:50 +02:00
f526f7a091
Emails with non-ascii characters are not allowed since v21.0.0
...
closes #20878
2023-06-22 10:27:48 -03:00
eb5edb3a9b
Support reading base32 encoded OTP secret
...
Closes #9434
Closes #11561
2023-06-22 08:08:13 -03:00
137f8d807a
Account Console II doesn't remove TOTP from UserStorage
...
closes #19575
2023-06-22 07:56:44 +02:00
2493f11331
count users by custom user attribute
...
closes #14747
2023-06-21 11:56:22 -03:00
Pedro Igor