libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
26633 commits 4 branches 5 tags 483 MiB
Commit graph

825 commits

Author SHA1 Message Date
Thomas Darimont
3315ea718a Add ability to enable OID4VCI Verifiable Credentials per realm (#34524) 
- Added new realm property verifiableCredentialsEnabled
- Updated RealmRepresentation
- Guarded route to Oid4VCI page
- Add boolean switch to Realm settings page to control Verifiable Credentials enablement
- We now only show the Verifiable Credentials page in the nave if the "Verifiable Credentials" realm setting is enabled.

Fixes #34524

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-11-04 14:58:30 +01:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol 
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-22 20:19:19 +00:00
Gilvan Filho
c4005d29f0 add linear strategy to brute force 
closes #25917

Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
 2024-10-22 10:33:22 -03:00
mposolda
703f16ea86 Hide the 'Delete' button in the account console when DeleteCredentialAction is disabled or unavailable 
closes #30204

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-22 11:07:08 +02:00
mposolda
07cf71e818 Better logging when error happens during transaction commit 
closes #33275

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-08 11:14:10 +02:00
Erik Jan de Wit
e8d8de8936
Use feature versions for admin3, account3, and login2 (#33458) 
Closes #33405

Signed-off-by: stianst <stianst@gmail.com>
 2024-10-03 12:09:36 +02:00
vramik
c1653448f3 [Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link 
Closes #33201

Signed-off-by: vramik <vramik@redhat.com>
 2024-10-02 07:37:48 -03:00
mposolda
e582a17a7c Fix client-attributes condition configuration 
closes #33390

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-01 10:12:28 +02:00
Steven Hawkins
5d99d91818
fix: allows for the detection of a master realm with --import-realms (#32914) 
also moving initial bootstrapping after import

closes: #32689

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-09-30 14:40:16 +02:00
Stefan Guilhen
6424708695 Ensure organization id is preserved on export/import 
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.

Closes #33207

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-25 16:07:44 +02:00
Stefan Guilhen
900c496ffe
Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead 
Closes #32209

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-09-20 16:08:55 +02:00
vramik
fcb31a5aa6 Implement invitation-only self-registration for realm users 
Closes #31643

Signed-off-by: vramik <vramik@redhat.com>
 2024-09-18 13:50:23 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin (#32918) 
Closes #32573

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-18 09:05:57 +02:00
Thomas Darimont
b68cae9fd1 Revise KeyURI generation in OTPPolicy 
- More idiomatic URLEncoder usage
- Replace `:` character with space in issuer if present in OTP label
- Ease testing for OTP KeyURI generation

Fixes #32833

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-12 08:55:49 +02:00
cgeorgilakis-grnet
f8b1b3ee03 Search Identity Providers by alias or display name 
Closes #32588

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-09-10 21:52:59 +02:00
Stefan Guilhen
e7a4635620 Filter out org brokers from the account console 
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination

Closes #31944

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 09:00:52 -03:00
Stefan Guilhen
557d7e87b2 Avoid iterating through all mappers when running the config event listeners 
Closes #32233

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 07:40:58 -03:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel (#32251) 
* Decouple Identity provider mappers from RealmModel

Closes #31731

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-22 12:05:19 -03:00
yelhouti
e8840df0e0
Fix: admin GUI not working with 1000s of realms 
Search by RealmName is done before loading all realms when filtering

Closes #31956

Signed-off-by: Youssef El Houti <youssef.elhouti@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-21 14:58:36 +02:00
Erik Jan de Wit
35ce3c0a1f Make login v2 the default reverting test code 
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-08-21 08:50:01 -04:00
Stefan Guilhen
585d179fe0 Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs. 
Closes #32238

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-21 07:49:01 -03:00
Pedro Ruivo
4675a4eda9 Deprecate UserSessionCrossDCManager 
Fixes #31878

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-21 08:52:39 +02:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00 Support for resolving organization based on the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-15 10:32:15 -03:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource 
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-15 09:12:57 -03:00
Nikos Epping
4080ee2e84 Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper 
Fixes #31575

Signed-off-by: Nikos Epping <n.epping@evosec.de>
 2024-08-05 10:22:22 +02:00
Pedro Ruivo
e62604b1ec ConditionalRemover interface for External Infinispan feature 
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries

On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.

Fixes #31046

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-30 15:16:17 +02:00
Stefan Guilhen
f45529de8c Deprecate IDP related methods in RealmModel 
- delegate to the new provider

Closes #31253

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Stefan Guilhen
c16e88bcee Make the IDPProvider via session.identityProviders() 
Closes #31252

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Pedro Igor
87c279d645 Respect the username value format when processing federated users 
Closes #31240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators (#31549) 
Closes #30476

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:03:21 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations 
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens 
Closes #31296

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-26 11:46:14 +02:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy 
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
 2024-07-24 15:12:16 -03:00
Stefan Guilhen
913a2aa071 Add new model spi for identity providers 
Closes #31249

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-23 15:50:54 -03:00
Hynek Mlnarik
a7374f92be Update login theme to login v2 
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
Johannes Knutsen
b41f3599ea Add @JsonIgnore to SingleUseObjectKeyModel's getExpiration() 
Closes #31171

Signed-off-by: Johannes Knutsen <johannes@kodet.no>
 2024-07-10 10:19:01 +02:00
Baljit Singh
94934d1ad4 allow override of begin transaction 
Closes #31005

Signed-off-by: Baljit Singh <baljit.singh@verizon.com>
 2024-07-05 10:13:20 +02:00
Pedro Igor
cc2ccc87b0 Filtering organization groups when managing or processing groups 
Closes #30589

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-28 10:27:18 -03:00
Pascal Knüppel
c4ebd0cd0c
Add event for ClientScope created (#30715) 
closes #30795 

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-06-27 19:05:29 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates 
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-20 14:36:14 -03:00
CARBONNEAUX Mathieu
acf79b81c7
add RS256 algorithm to webauthn default policy (#30528) 
closes #28020 

Signed-off-by: Mathieu CARBONNEAUX <mathieu.carbonneaux@ch2o.info>
 2024-06-19 10:16:46 +02:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474) 
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-13 18:02:46 +02:00
vramik
d355e38424 Provide a cache layer for the organization model 
Closes #30087

Signed-off-by: vramik <vramik@redhat.com>
 2024-06-13 08:13:36 -03:00