UNIX.dog
/
keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
21,676 Commits 1 Branch 0 Tags 434 MiB
Commit Graph

649 Commits

Author SHA1 Message Date
Michal Hajas 338fefe66c
Remove deprecated IS_CLIENT_ROLE field (#17654) 
Closes #17147
 2023-03-21 09:31:11 +01:00
Michal Hajas 465019bec4 Extract attachDevice outside of storage layer 
Closes #17336
 2023-03-03 17:58:34 +01:00
Jon Koops 972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Pedro Igor fbf5541802 Remove duplicated set-cookie header from response when expiring cookies 
Closes #17192
 2023-02-27 14:17:27 -03:00
vramik 055b7c3b16 Remove deprecated methods from `login-failure` area from `user-session` interface 
Closes #15053
 2023-02-17 13:03:02 +01:00
Michal Hajas 1c79a5666d Deprecate RoleModel.SearchableFields.IS_CLIENT_ROLE field 
Closes #17144
 2023-02-16 20:50:46 +01:00
Dmitry Telegin 5f39aeb590 Pre-authorization hook for client policies 
Closes #9017
 2023-02-08 15:06:32 +01:00
Thomas Darimont e38b7adf92 Revise blacklist password policy provider #8982 
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-02-07 10:36:39 +01:00
Klaus Betz 20a7a5acdb fix: consider identity provider models from third-party packages 2023-01-31 06:05:02 -08:00
Marek Posolda 33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode (#16699) 
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
 2023-01-30 16:01:57 +01:00
mposolda ac490a666c Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key 
Closes #16324
 2023-01-10 20:39:59 +01:00
Hynek Mlnarik 071fc03f41 Move transaction processing into session close 
Fixes: #15223
 2023-01-05 16:12:32 +01:00
Michal Hajas de7dd77aeb Change id of TermsAndConditions required actions to uppercase 
Closes #9991
 2022-12-07 10:51:37 -03:00
Pedro Igor 022d2864a6 Make sure JAX-RS resource methods are advertizing the media type they support 
Closes #15811
Closes #15810
 2022-12-06 08:13:43 -03:00
Pedro Igor 168734b817 Removing references to request and response from Resteasy 
Closes #15374
 2022-12-01 08:38:24 -03:00
stianst eb17157e44 Stop adding .v2 to default theme if set in server config 
Closes #15392
 2022-11-11 08:49:41 -03:00
Michal Hajas 883e83e625 Remove deprecated methods from data providers and models 
Closes #14720
 2022-10-25 09:01:33 +02:00
Stefan Guilhen acaf1724dd Fix ComponentsTest failures with CockroachDB 
- Component addition/edition/removal is now executed in a retriable transaction.

Closes #13209
 2022-10-21 10:48:08 +02:00
Klaus Betz 76d9125c3f
feat: add DisplayIconClasses to IdentityProviderModel for third-party IDPs https://github.com/klausbetz/apple-identity-provider-keycloak/issues/10 (#14826) 
Closes #14974
 2022-10-18 15:54:06 +02:00
Stian Thorgersen 31aefd1489
OTP Application SPI (#14800) 
Closes #14800
 2022-10-18 14:42:35 +02:00
Stian Thorgersen f7490b7f7c
Fix issue where admin2 was not enabled by default if account2 was disabled (#14914) 
Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation

Closes #14889
 2022-10-17 15:17:54 +02:00
danielFesenmeyer f80a8fbed0 Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving 
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
   - moving a group
   - renaming a group
   - renaming a role
   - renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior

Closes #11236
 2022-10-13 13:23:29 +02:00
Martin Kanis 761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677) 
Closes #13334
 2022-10-13 09:26:44 +02:00
Takashi Norimatsu 148c7695ff Pluggable Features of Token Manager 
Closes #12065
 2022-10-07 08:43:34 +02:00
Alice Wood 1eb7e95b97 enhance existing group search functionality allow exact name search keycloak/keycloak#13973 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
 2022-09-30 10:37:52 +02:00
Alice Wood 55a660f50b enhance group search to allow searching for groups via attribute keycloak/keycloak#12964 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-09-19 15:19:36 +02:00
Alexander Schwartz 1d2d3e5ca5 Move UserFederatedStorageProvider into legacy module 
Closes #13627
 2022-09-11 18:37:45 +02:00
Martin Bartoš 0fcf5d3936 Reuse of token in TOTP is possible 
Fixes #13607
 2022-09-09 08:56:02 -03:00
vramik 869ccc82b2 Enable MapUserProvider storing username with the letter case significance 
Closes #10245
Closes #11602
 2022-09-09 11:46:11 +02:00
Christoph Leistert cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Michal Hajas f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants 
Closes #14018
 2022-09-06 10:38:28 +02:00
Thomas Darimont 43623ea9d0 KEYCLOAK-18499 Add max_age support to oauth2 brokered logins 
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
 2022-09-01 09:24:44 -03:00
David Anderson 865a180c00
Remove bc dependency from server-spi and server-spi-private (#13319) 
Closes #12858
 2022-07-26 11:52:16 +02:00
Alexander Schwartz cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory 
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
 2022-07-22 08:20:00 +02:00
Vlasta Ramik ec853a6b83
JPA map storage: User / client session no-downtime store (#12241) 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
 2022-07-14 12:07:02 -03:00
Pedro Igor 5b48d72730 Upgrade Resteasy v4 
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2022-07-11 12:17:51 -03:00
Michal Hajas 0f86427dd0 Make user->client sessions relationship consistent 
Closes #12817
 2022-07-11 08:42:28 -03:00
Stefan Guilhen 007fa1f374 Single Use Objects Map JPA implementation 
Closes #9852
 2022-07-04 10:05:51 -03:00
Alexander Schwartz d407a37ba3 Instead of returning instances with different semantics, throw an exception. 
This exception points the caller to the migration guide of Keycloak 19.

Closes #12556
 2022-07-01 14:12:39 -03:00
Alexander Schwartz a191d7eb3c Moving CachedObject to the legacy modules 
Closes #12656
 2022-06-29 20:04:32 +02:00
Alexander Schwartz ddeab744d0 Moving RoleStorageProviderModel to the legacy modules 
Closes #12656
 2022-06-29 20:04:32 +02:00
Alexander Schwartz 05f8f3038f Moving GroupStorageProviderModel to the legacy modules 
Closes #12656
 2022-06-29 20:04:32 +02:00
Alexander Schwartz 692ce0cd91 Moving ClientStorageProvider to the legacy modules 
This prepares the move of CachedObject and CacheableStorageProviderModel

Closes #12531

fixup! Moving ClientStorageProvider to the legacy modules
 2022-06-29 20:04:32 +02:00
Alexander Schwartz 05dcc188bb Move over caching related interfaces to the legacy module 
Closes #12531
 2022-06-29 20:04:32 +02:00
Alexander Schwartz 7855b93390 Moving the UserCache interface to the legacy module 
Co-Authored-By: hmlnarik@redhat.com
 2022-06-21 08:53:06 +02:00
Alexander Schwartz 6376db0f9c code cleanup 2022-06-21 08:53:06 +02:00
Alexander Schwartz cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz 30b5c646e1 Deprecated old KeycloakSession APIs 2022-06-21 08:53:06 +02:00
Alexander Schwartz 1a227212de Simplify implementation of a federated storage by moving the default implementation to the abstract base class; this will also allow the quickstarts and implementations derived from that to run without changes. 2022-06-21 08:53:06 +02:00