libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
26538 commits 4 branches 5 tags 480 MiB
Commit graph

228 commits

Author SHA1 Message Date
Stefan Guilhen
8581886944 Add validation for role and time policies 
Closes #28978

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-10-21 15:51:38 -03:00
Pedro Igor
b76f4f9c1b Avoid iterating over user policies when removing users 
Closes #19358

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-15 15:01:40 +02:00
mposolda
b95d12a968 Add AuthzClientCryptoProvider to authz-client in keycloak main repository 
closes #33831

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-15 08:16:14 +02:00
rmartinc
c532751ff4 Downgrade Java for client libraries to 8 
Closes #33051

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-20 17:01:01 +02:00
mposolda
4b95b42590 Avoid releasing keycloak-authz-client-test artifact to maven repositories 
closes #31653

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-05 11:57:08 +02:00
mposolda
cd947ce3bc Removing policy-enforcer from Keycloak repository 
closes #32191

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-28 07:40:20 -03:00
mposolda
54a538b3ad Update RolePolicyRepresentation fields from 'boolean' to 'Boolean' 
closes #32117

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-14 13:11:06 +02:00
Krishna Kumar
fc80cc75fe
Make createPatSupplier private to public 
Closes #29986

Signed-off-by: Krishna Kumar <krishnachaurasia1998@gmail.com>
 2024-07-23 11:11:42 +00:00
Diego Ramp
ae74d923d2 fix bad debugv({}) in favor of more tolerant debugf(%s) 
Closes #31368

Signed-off-by: Diego Ramp <diego.ramp@mobi.ch>
 2024-07-18 10:34:32 +02:00
mposolda
06f6173c8a Add suffix to keycloak-authz-client artifact in keycloak repository 
closes #30926

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-17 14:59:09 +02:00
mposolda
5526976d1c Add suffix to keycloak-policy-enforcer artifacts in keycloak repository 
closes #30927

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-17 12:03:23 +02:00
Pedro Igor
cbf7f208fb
Avoid iterating and updating all group policies when removing groups (#31057) 
Closes #31056

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-08 13:57:20 +02:00
Romain LABAT
6615691c63
Support for service accounts when fetch roles is enabled (#30687) 
Support for service accounts when fetch roles is enabled

Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-25 18:00:26 -03:00
Douglas Palmer
5af3001122 Check if OSGI metadata can be removed entirely 
Closes #29104

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-25 14:12:33 +02:00
Stefan Guilhen
52c9e440d6 Guard against NPE when fetching users associated with user policies. 
Closes #28915

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 16:52:25 -03:00
Douglas Palmer
00bd6224fa Remove remaining Fuse adapter bits 
Closes #28787

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-06 09:02:26 +02:00
Steven Hawkins
9486432f3f
fix: removing httpclient override (#28304) 
we need to have a dependency on commons-logging-jboss-logging

closes: #21392

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-04-23 10:09:06 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715) 
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-23 09:23:37 +02:00
Pedro Igor
8e48bac278 Ordering the group and role ids in the policy representation 
Closes #28824

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-22 20:28:47 +02:00
Pedro Igor
4ec9fea8f7 Adding tests 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-03 08:04:17 -03:00
EnneS
365a3feafa Remove deleted roles from policy on update 
Closes #26915

Signed-off-by: EnneS <nathan.soulier26@gmail.com>
 2024-04-03 08:04:17 -03:00
Clemens Zagler
b44252fde9 authz/client: Fix getPermissions returning wrong type 
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this

Closes #16520

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
 2024-04-02 11:09:43 -03:00
Pedro Igor
d12711e858 Allow fetching roles when evaluating role licies 
Closes #20736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-05 15:54:02 +01:00
Clemens Zagler
dca50bba3f Authz-client: fix ClassCast Exception when getting resource permissions 
(#27483)

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
 2024-03-04 22:19:36 +09:00
Steven Hawkins
402c7d9b18
Removing version overrides and further aligning with quarkus versions (#26788) 
* elevating wildfly-elytron-http-oidc version management

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing testing dependency overrides

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* further version aligment with quarkus

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a resteay-core-spi that can be overriden

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing hamcrest override

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* aligning with 3.7.1

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-07 17:57:23 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces (#26708) 
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-02 16:51:32 +01:00
remi
b22efeec78 Add a toggle to use context attributes on the regex policy provider 
Signed-off-by: remi <remi.tuveri@gmail.com>
 2024-01-10 16:15:25 -03:00
Douglas Palmer
58d167fe59 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. 
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-01-08 19:32:01 -03:00
Alice W
cf19c06341 Add logging to the policy providers for general debugging purposes 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-01-05 11:56:00 -03:00
Alice
69497382d8
Group scalability upgrades (#22700) 
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-26 16:50:45 +02:00
Emilien Bondu
95a45f0910 Set headers before calling sendError() method 
Closes #23325
 2023-09-18 13:05:12 -03:00
Peter Zaoral
2b1c29a6f2 Use Quarkus Platform BOM 
Closes #20570
Closes #15870

Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
 2023-07-06 12:45:48 -03:00
Yoshiyuki Tabata
bd37875a66 allow specifying format of "permission" parameter in the UMA grant token 
endpoint (#15947)
 2023-05-29 08:56:39 -03:00
mposolda
1f5d3223ae Memory leak with PathCache.cache growing due the map was not synchronized 
closes #19096
 2023-05-24 08:16:58 -03:00
Pedro Igor
2cd82b9861 Exposing the authz client 2023-05-05 10:18:55 -03:00
Pedro Igor
79cd47a280 Built-in support for Jakarta Servlet 2023-04-28 08:26:58 +02:00
Hynek Mlnarik
0ddc71d987 Properly encode id in URL 
Closes: #19816
 2023-04-19 15:10:04 -03:00
Pedro Igor
409e1c3581 Policy Enforcer built-in support for Elytron and Jakarta 
Closes #19540
 2023-04-05 17:03:15 +02:00
Pedro Igor
a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library 
Closes keycloak#17353
 2023-03-17 11:40:51 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Pedro Igor
712656765e Authz client not updated with the way of encoding the basic header 
Closes #15086
 2022-10-24 08:45:30 +02:00
Pedro Igor
a0079b516b
Allow setting response mode (#14104) 
Closes #14083
 2022-09-09 14:28:47 +02:00
yaokai2
0c654fa53b Add java logging for auth server response. 
Closes #13557
 2022-08-30 10:12:26 -03:00
yaokai2
df1384f2c6 Revert "Print response from http call to keycloak server" 
This reverts commit a4cb23ac92ad95c3d06586b1c6ed7f4ccdef165e.
 2022-08-30 10:12:26 -03:00
yaokai2
fb57d1972f Print response from http call to keycloak server 
Closes #13557
 2022-08-30 10:12:26 -03:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist (#12797) 
Closes #12657

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-08-25 13:52:30 +02:00
Pedro Igor
eda33a0b21 Concurrency issue when caching JS policies 
Closes #12204
 2022-08-17 16:30:32 -03:00
Pedro Igor
3d2c3fbc6a Support JSON objects when evaluating claims in regex policy 
Closes #11514
 2022-06-23 14:04:09 -03:00
Alexander Schwartz
850af55edc Ensure that only JDK 8 APIs are used where JDK 8 is still required. 
Closes #10842
 2022-06-20 14:44:33 -03:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities 
Closes #11817
 2022-05-11 07:20:01 -03:00