Johannes Knutsen
0cc62b520e
Remove duplicate code block introduced with commit c3a15cb3 ( #36465 )
...
Closes #36464
Signed-off-by: Johannes Knutsen <johannes@knutsen.me >
2025-01-15 11:50:38 +01:00
rmartinc
25953f2fbb
Add option to sign the IdP metadata for SAML
...
Closes #34132
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-01-15 11:50:26 +01:00
Giuseppe Graziano
32d5db532f
ClientProtocolCondition.getProviderId() fix
...
Closes #36447
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com >
2025-01-15 11:48:46 +01:00
Stian Thorgersen
c1c147cb17
Restrict access to environment variables when at the server runtime ( #36472 )
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-01-15 09:36:19 +01:00
mposolda
0332319538
Make @EnableFeature to handle the case with added provider of currently non-used SPI
...
closes #36425
Signed-off-by: mposolda <mposolda@gmail.com >
2025-01-15 09:20:01 +01:00
Stian Thorgersen
fd9db3a00e
EMBARGOED CVE-2024-11734 org.keycloak/keycloak-quarkus-server: Denial of Service in Keycloak Server via Security Headers ( #228 ) ( #36470 )
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com >
Co-authored-by: Douglas Palmer <dpalmer@redhat.com >
2025-01-15 08:51:55 +01:00
vramik
0a632fdefa
[FGAP] Add adminPermissionClientCheck to authorization services REST endpoints
...
Closes #35945
Signed-off-by: vramik <vramik@redhat.com >
2025-01-10 08:56:48 -03:00
rmartinc
153ba20ea3
Incorrect manage permission for getting a specific execution
...
Closes #36121
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-01-09 10:13:51 +01:00
Kevin Tang
4136a677e7
WebAuthn registration now respects the configured extra origins policy ( #35404 )
...
closes #35110
Signed-off-by: Kevin Tang <kevin.tang@inventage.com >
2025-01-09 09:41:03 +01:00
Tobi
02691a8d76
Add nullcheck to passwordAgePredicate
...
Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com >
2025-01-08 15:55:10 +01:00
Steven Hawkins
696bc07103
fix: remove the use of regex for determining local addresses ( #36228 )
...
closes : #36227
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2025-01-07 17:42:30 +00:00
Martin Kanis
1c4dd66f52
Translations specified in the admin console do not override the translations specified in a theme
...
Closes #36037
Signed-off-by: Martin Kanis <mkanis@redhat.com >
2025-01-07 14:59:11 +01:00
Pedro Igor
58c344dfeb
Error when re-authenticating when organization is enabled
...
Closes #36249
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-01-07 11:51:09 +01:00
Martin Bartoš
0cfeabe6cf
Upgrade to Quarkus 3.15.2 ( #35078 )
...
* Upgrade to Quarkus 3.15.2
Closes #35077
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Remove workaround for overridden micrometer dependencies
Closes #33469
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Unable to use custom handlers for HTTP OPTIONS method in subresources
Fixes #36009
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-01-07 11:37:39 +01:00
Michal Hajas
3839f8e3b5
Add metric for password validations ( #36049 )
...
Closes #36048
Signed-off-by: Michal Hajas <mhajas@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2025-01-07 10:05:47 +01:00
Pedro Igor
abaf8489e7
Fix NPE when exchanging external using the issuer value
...
Closes #36053
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-01-06 17:20:10 +01:00
Pedro Igor
f13688edd6
Re-calculate the organization scope when re-authenticating in the browser flow
...
Closes #35935
Closes #35830
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-01-02 20:52:24 +01:00
Patrick Weiner
2eae680108
Add functions and set existing functions to protected in BackchannelAuthenticationCallbackEndpoint to allow developers easier customization when overriding. ( #24993 )
...
Two new methods added when approving device code, one before and one after approving, to allow additional checks.
Closes #24992
Signed-off-by: Patrick Weiner <patrick.weiner@prime-sign.com >
2024-12-20 16:54:21 +01:00
Marek Posolda
a3fd076960
Adding ConditionalClientScopeAuthenticator ( #36020 )
...
closes #36081
Signed-off-by: mposolda <mposolda@gmail.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
Signed-off-by: Marek Posolda <mposolda@gmail.com >
2024-12-20 09:53:51 +01:00
Martin Kanis
dbd9429256
Incomplete registration form when edit email is disabled and email is set as username
...
Closes #34876
Signed-off-by: Martin Kanis <mkanis@redhat.com >
2024-12-19 15:38:11 -03:00
rmartinc
1fc6d595d9
Check minValidityToken to refresh the token if it is equals
...
Closes #36038
Signed-off-by: rmartinc <rmartinc@redhat.com >
2024-12-19 13:54:55 +01:00
Ingrid Kamga
206436fde9
Offload format-specific credential building to dedicated credential builder providers ( #32951 ) ( #35046 )
...
Closes #32951
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com >
2024-12-19 12:42:41 +01:00
Rungsikorn Rungsikavanich
41696b964b
Add client ID length validation ( #35725 )
...
Closes #35723
Signed-off-by: Rungsikorn Rungsikavarnich <rungsikorn@me.com >
2024-12-19 11:19:59 +01:00
Richie B2B
c81246e2d0
Correct documention of GET GroupResources
...
Closes #27694
Signed-off-by: Richard van den Berg <richard@vdberg.org >
2024-12-19 11:10:42 +01:00
Richard van den Berg
481acac41f
Document behaviour of GET GroupResources
...
Closes #27694
Signed-off-by: Richard van den Berg <richard@vdberg.org >
2024-12-18 19:24:22 +01:00
Pedro Igor
93c1740538
Support for initial CRUD operations when managing admin permissions
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
Closes #35987
2024-12-18 07:43:13 -03:00
rmartinc
e7e6185175
Fix expires_in in internal to external token exchange
...
Closes #35704
Signed-off-by: rmartinc <rmartinc@redhat.com >
2024-12-18 09:08:19 +01:00
mposolda
9b01e958dc
Failed to authenticate client with method client_secret_jwt when client has keys generated
...
closes #34547
Signed-off-by: mposolda <mposolda@gmail.com >
2024-12-17 20:43:25 +01:00
Benedikt Rohlf
1f278b75fc
Display IDP Display Name instead of IDP Alias
...
This commit close the Issue where the IDP alias is displayed instead of the IDP display name in the existing account link. The alias will continue to be used when no display name is set.
Close #33408
Signed-off-by: Benedikt Rohlf <benedikt.rohlf@gmx.de >
2024-12-17 11:25:34 +01:00
Thomas Darimont
3cdbbc5b15
Add support for Initiating User Registration via prompt=create ( #10701 ) ( #35903 )
...
Fixes #10701
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com >
2024-12-16 19:54:52 +01:00
Manuel Schallar
7e08b095a3
Use optional realm attribute for request param max size/number ( #25007 )
...
closes #25006
Enable fail-fast toggle for additional request parameter parsing
Enable configuration of an overall size of additional request parameters
Everything is backwardscompatible. No configuration necessary when upgrading.
Signed-off-by: Manuel Schallar <manuel.schallar@prime-sign.com >
Co-authored-by: Manuel Schallar <manuel.schallar@prime-sign.com >
2024-12-16 14:03:12 +01:00
Pedro Igor
a33d5c646e
Better path parameter names for organization and member APIs
...
Closes #35745
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2024-12-12 13:02:33 +01:00
Alaa
6f469b9dd1
Fix missing userId in LOGIN_ERROR event for permanent lockout with separate username/password forms
...
Signed-off-by: Alaa <alaainamor@gmail.com >
2024-12-12 11:17:34 +01:00
Ricardo Martin
bbca6116b0
Implement a conditional authenticator to check if a sub-flow was executed or not previously in the process ( #35668 )
...
Closes #35231
Signed-off-by: rmartinc <rmartinc@redhat.com >
Co-authored-by: Marek Posolda <mposolda@gmail.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
2024-12-12 11:16:30 +01:00
rmartinc
8e13e761b9
Use UPDATE_CREDENTIAL as the enet type in RecoveryAuthnCodesAction
...
Closes #35760
Signed-off-by: rmartinc <rmartinc@redhat.com >
2024-12-12 09:35:45 +01:00
mposolda
efdc42c2a4
Token revocation may not correctly revoke related access tokens
...
closes #35813
Signed-off-by: mposolda <mposolda@gmail.com >
2024-12-11 18:25:35 +01:00
Nicola Baiocco
4c263f4897
fix: refactor LightweightUserAdapter instantiation for DefaultTokenEx… ( #35363 )
...
Closes #28241
Signed-off-by: Nicola Baiocco <nicola.baiocco@intesys.it >
2024-12-11 14:46:14 +01:00
mposolda
349fc63de1
Keycloak arquillian testsuite not working with the default embedded undertow
...
closes #35802
Signed-off-by: mposolda <mposolda@gmail.com >
2024-12-11 13:42:27 +01:00
ch-lepp
3255e50580
Other clients but Account-Management can link account ( #35728 )
...
closes #12309
Signed-off-by: ch-lepp <ch.lepp@deg.local >
2024-12-11 13:21:37 +01:00
mposolda
3fca2f3b7f
When using the token revocation endpoint with refresh-token, only particular clientSession related to given refresh token should be terminated
...
closes #35486
Signed-off-by: mposolda <mposolda@gmail.com >
2024-12-10 15:55:59 +01:00
Steven Hawkins
80890737d4
fix: using regex to expand local ipv6 matching ( #35736 )
...
closes : #35675
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2024-12-09 14:33:28 +00:00
Martin Bartoš
d7aa0042fd
Apache HTTP client OpenTelemetry instrumentation
...
Closes #32094
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-12-06 11:43:36 +01:00
Stian Thorgersen
5bc4ab1429
Delete OpenShift 3.x identity provider ( #34331 )
...
Closes #34330
Signed-off-by: stianst <stianst@gmail.com >
2024-12-06 11:24:47 +01:00
vramik
044807f162
[FGAP] Create new internal client which would hold the authorization objects for feature V2
...
Closes #34565
Signed-off-by: vramik <vramik@redhat.com >
2024-12-05 11:56:13 -03:00
Steven Hawkins
4c7dea5d70
fix: changing the bootstrapping suggestion to the command ( #35616 )
...
closes : #35526
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2024-12-05 14:31:53 +01:00
Andreas Blättlinger
a1f5234571
Always set lang attribute in login templates ( #35361 )
...
Closes #35103
Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com >
2024-12-04 15:24:42 -03:00
Steven Hawkins
806e140f45
fix: ensuring quarkus-embedded does does not use system.exit ( #35574 )
...
closes : #35550
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2024-12-04 12:08:16 +01:00
rmartinc
d19ba82779
Set clientId in the VerifyEmailActionToken when no one is passed
...
Closes #35317
Signed-off-by: rmartinc <rmartinc@redhat.com >
2024-12-03 15:55:17 +01:00
mposolda
4ad4a8d37b
Support for multiple values of some parameters in the grant SPI
...
closes #35506
Signed-off-by: mposolda <mposolda@gmail.com >
2024-12-03 13:25:11 +01:00
Douglas Palmer
d553f3967b
Step-up authentication with existing cookie not working when using Authentication Flow Overrides per client ( #35376 )
...
closes #12919
Signed-off-by: Douglas Palmer <dpalmer@redhat.com >
Signed-off-by: Jonathan Putney <jputney@noverant.com >
Signed-off-by: Douglas Palmer <dpalmer@redhat.com >
Co-authored-by: Jonathan Putney <jputney@noverant.com >
Co-authored-by: Douglas Palmer <dpalmer@redhat.com >
2024-12-03 12:39:18 +01:00