External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
22,794 Commits 26 Branches 288 Tags
Commit Graph

839 Commits

Author SHA1 Message Date
Stian Thorgersen
5d1e20efd3
Improve handling for loopback redirect-uri validation (#197) 
Signed-off-by: stianst <stianst@gmail.com>
 2024-09-16 13:34:01 +02:00
Ricardo Martin
ccf534a102 Fixes for LDAP group membership and search in chunks 
Closes #23966

(cherry picked from commit f78c54fa42c09f76870e093b5496cc99da5f0f3b)
 2024-06-18 10:54:53 +02:00
rmartinc
b9db6c1e74 Better management of the CSP header 
Closes https://github.com/keycloak/keycloak/issues/24568

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 2b769e5129a0db453bb8cc00452c33afdcd2c322)
 2024-04-18 14:39:21 +02:00
Marek Posolda
aa634aee88
CVE-2023-3597 - Secondary factor bypass in step-up authentication (#144) 
* Restrict the token types that can be verified when not using the user info endpoint

Closes #47

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Conflicts:
	core/src/main/java/org/keycloak/util/TokenUtil.java
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java

* Secondary factor bypass in step-up authentication
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-23 15:16:28 +01:00
Réda Housni Alaoui
e2ed9791ef Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
(cherry picked from commit 3f014c72994fdf48cfc4446e09a1f1d019021dd8)
 2024-02-22 07:16:03 +01:00
Michal Hajas
1d50fcd162 Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled 
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 2b2207af9354cb7f14b92ec5b6d9f6c19b1a9e46)

 Conflicts:
	common/src/main/java/org/keycloak/common/Profile.java
	common/src/test/java/org/keycloak/common/ProfileTest.java
	quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-11-30 19:31:19 +01:00
Bernd Bohmann
f3574b16d7 Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430) 
Closes #14820
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>

(cherry picked from commit bb2f59df87572d28d2b7986a602ee25d9667d9a8)
 2023-10-16 12:50:12 -04:00
Jon Koops
1ff31e4b52 Resolve several usability issues around User Profile 
Backports #23507, #23584, #23740, #23774, #22982

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-10-13 08:40:59 -03:00
Pedro Igor
772a44fcab Do not store empty attributes when updating user profile 
Backports #22960
 2023-10-09 20:38:22 +02:00
Pedro Igor
1e4f284e31 Allow updating email when email as username is set and edit username disabed 
#23438
 2023-09-27 10:52:26 +02:00
kaustubh-rh
e347d788ce
Unable to create user with long email address (#23132) 
closes #22825 


Co-authored-by: mposolda <mposolda@gmail.com>
 2023-09-13 11:31:51 +02:00
Marek Posolda
47b97b9404 Registration flow fixed (#23064) 
Closes #21514

Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
(cherry picked from commit 506e2537acf33c216833735ac90fc2ffe299bcfe)
 2023-09-08 10:06:53 +02:00
Pedro Igor
e88c0aa61d Decoupling legacy and dynamic user profiles and exposing metadata from admin api 
Closes #22532

    Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-09-07 11:27:53 +02:00
rmartinc
aa8dec5748 Remove option Nerver Expires for tokens in Advanced OIDC client configuration 
Closes https://github.com/keycloak/keycloak/issues/21927
 2023-08-03 18:08:50 +02:00
mposolda
29d5fc6c49 Fix authenticatorConfig for javascript providers 
Closes #20005

(cherry picked from commit 6f6b5e8e84b7acf4323d108da95ce9d79169a7fe)
 2023-08-01 08:59:28 +02:00
Michal Hajas
6d28c31c93 Check whether realm has store enabled for immediately sent events 
Closes #21698

Signed-off-by: Michal Hajas <mhajas@redhat.com>
(cherry picked from commit 07c27336aa71a6a39e9df42bc8e18cfa1d2bb154)
 2023-07-17 15:50:20 +02:00
Daniele Martinoli
817f129484
fix: closes #21095 (#21289) 
* fix: closes #21095

* Added overloaded version of GroupUtils.toGroupHierarchy with additional full parameter.
 2023-07-10 12:13:26 +02:00
Daniele Martinoli
13e2075ceb Applying reviewer comments 2023-07-07 09:00:51 -03:00
Daniele Martinoli
e6d7749cbf fix for 21476 2023-07-07 09:00:51 -03:00
Douglas Palmer
b59faa51d5 NPE in getDefaultRequiredActionCaseInsensitively 
closes #21123
 2023-07-04 12:15:22 -03:00
Thomas Darimont
637fa741b0
Align naming of OTP policy window setting with actual semantics (#20469) (#21316) 
Closes #20469
 2023-07-04 12:41:21 +02:00
mposolda
ccbddb2258 Fix updating locale on info/error page after authenticationSession was already removed 
Closes #13922
 2023-07-03 18:57:36 -03:00
Pedro Igor
28aa1d730d Verify holder of the device code (#21) 
Closes https://github.com/keycloak/security/issues/32

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
    services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
 2023-06-28 15:45:26 +02:00
Hynek Mlnarik
c092c76ae8 Remove ldapsOnly (Java) 
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.

Closes: #9313
 2023-06-28 08:30:09 +02:00
Pedro Igor
d0691b0884 Support for the locale user attribute 
Closes #21163
 2023-06-27 09:21:08 -03:00
Erik Jan de Wit
3a3907ab15
changed to use ConfiguredProvider instead (#21097) 
fixes: #15344
 2023-06-27 08:00:32 -04:00
Douglas Palmer
f526f7a091 Emails with non-ascii characters are not allowed since v21.0.0 
closes #20878
 2023-06-22 10:27:48 -03:00
Pedro Igor
eb5edb3a9b Support reading base32 encoded OTP secret 
Closes #9434
Closes #11561
 2023-06-22 08:08:13 -03:00
mposolda
dc3b037e3a Incorrect Signature algorithms presented by Client Authenticator 
closes #15853

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-06-21 08:55:58 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console (#21098) 
Co-authored-by: Jon Koops <jonkoops@gmail.com>

Closes #9864
 2023-06-20 20:46:57 +02:00
Alexander Schwartz
9425432f2c Handle HTTP response codes when retrieving data from remote endpoints 
Closes #20895
 2023-06-12 13:37:59 +02:00
rmartinc
f3fcf1f8c5 Session cross-reference / transaction mismatch 
Closes https://github.com/keycloak/keycloak/issues/20855
 2023-06-12 13:18:39 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces 
Fixes #20877

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json (#19394) 
Closes #19373
 2023-06-09 10:46:28 +02:00
Réda Housni Alaoui
eb9bb281ec Require user to agree to 'terms and conditions' during registration 2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators (#20731) 
closes #20497


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-08 14:52:34 +02:00
Alice Wood
7e56938b74 Extend group search attribute functionality to account for use case where only the leaf group is required 2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705 EventBuilder fixes to copy the store and session context 
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
 2023-06-07 08:34:27 -03:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator (#20572) 
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.

Closes #8753
---------

Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
 2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc Fix and correlate session timeout calculations in legacy and new map implementations 
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
 2023-06-05 18:46:23 +02:00
Alexander Schwartz
cd9e0be9f0 Filter first, then sort, and avoid atomics 
Closes #20394
 2023-06-05 11:23:54 +02:00
Pedro Igor
8aeee928e8
Allow configuring the referrer policy (#19917) 
* Allow configuring the referrer policy

Closes #17288

* fixed indentation

---------

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-05-30 12:27:12 -04:00
Stefan Guilhen
2252b09949 Remove deprecated default roles methods 
Closes #15046
 2023-05-23 22:32:52 +02:00
Dominik Schlosser
8c58f39a49 Updates Datastore provider to contain full data model 
Closes #15490
 2023-05-16 15:05:10 +02:00
Alexander Schwartz
910021408e Use entity locking only for the map storage 
This is a performance optimization that the new feature doesn't affect the old store.

Closes #20176
 2023-05-15 10:20:35 +02:00
Alexander Schwartz
2758d78865 Avoid exception when looking up the providerId 
This is a performance optimization, as creating an exception is expensive.

Closes #20176
 2023-05-15 10:20:35 +02:00
Martin Bartoš
6118e5cfb7 Use JakartaEE dependencies 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.* 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
 2023-04-27 13:36:54 +02:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts 
Closes #17359
 2023-04-16 17:41:22 +02:00
mposolda
4d8d6f8cd8 Preserve authentication flow IDs after import 
closes #9564
 2023-04-03 16:01:52 +02:00