keycloak-scim

Author	SHA1	Message	Date
Ricardo Martin	226daa41c7	Add service account mappers via client scope instead of dedicated scope (#34664 ) Closes #10417 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Ricardo Martin <rmartinc@redhat.com>	2024-11-07 08:45:11 +01:00
Giuseppe Graziano	612e2caae1	Refresh the login page when root auth session changes Closes #32658 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-11-04 18:31:42 +01:00
Thomas Darimont	3315ea718a	Add ability to enable OID4VCI Verifiable Credentials per realm (#34524 ) - Added new realm property verifiableCredentialsEnabled - Updated RealmRepresentation - Guarded route to Oid4VCI page - Add boolean switch to Realm settings page to control Verifiable Credentials enablement - We now only show the Verifiable Credentials page in the nave if the "Verifiable Credentials" realm setting is enabled. Fixes #34524 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-11-04 14:58:30 +01:00
Bernd Bohmann	7681687e0a	Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener inspired by https://github.com/aerogear/keycloak-metrics-spi https://github.com/please-openit/keycloak-native-metrics Closes #33043 Signed-off-by: Bernd Bohmann <bommel@apache.org> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-11-04 08:56:24 +01:00
vramik	d853dcab7d	Use specific error message from required actions for SamlProtocol if available Closes #34514 Signed-off-by: vramik <vramik@redhat.com>	2024-10-31 15:45:19 -03:00
vramik	3d91df42d8	Declining terms and conditions in account-console results in error Closes #28328 Signed-off-by: vramik <vramik@redhat.com>	2024-10-30 12:26:03 -03:00
Marek Posolda	3784fd1f67	Attempt to run snapshot Keycloak server against production DB should fail during migration closes #30364 Signed-off-by: mposolda <mposolda@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-10-28 15:02:26 +00:00
Ryan Emerson	902abfdae4	JDBC_PING as default discovery protocol Closes #29399 - Add ProviderFactory#dependsOn to allow dependencies between ProviderFactories to be explicitly defined - Disable Infinispan default shutdownhook disabled to ensure lifecycle is managed exclusively by Keycloak - Remove Infinispan shutdown hook in KeycloakRecorder and manage EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close Signed-off-by: Ryan Emerson <remerson@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-10-22 20:19:19 +00:00
Gilvan Filho	c4005d29f0	add linear strategy to brute force closes #25917 Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>	2024-10-22 10:33:22 -03:00
Simon Levermann	dcf1d83199	Enable enforcement of a minimum ACR at the client level (#16884 ) (#33205 ) closes #16884 Signed-off-by: Simon Levermann <github@simon.slevermann.de>	2024-10-21 13:54:02 +02:00
Pedro Igor	b76f4f9c1b	Avoid iterating over user policies when removing users Closes #19358 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-10-15 15:01:40 +02:00
Matt Eaton	9f0a348e4c	Allow certificate with duplicate principals in truststore. The previous implementation uses principal as a key for a hashmap storing one certificate per entry. To preserve lookups, the value is now a List of certificates. Additional logic was added to build certification validation chains using signature verification rather than just principal. Closes #33125 Signed-off-by: Matt Eaton <git@divinehawk.com>	2024-10-08 12:03:03 +02:00
mposolda	07cf71e818	Better logging when error happens during transaction commit closes #33275 Signed-off-by: mposolda <mposolda@gmail.com>	2024-10-08 11:14:10 +02:00
vramik	c1653448f3	[Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link Closes #33201 Signed-off-by: vramik <vramik@redhat.com>	2024-10-02 07:37:48 -03:00
Steven Hawkins	5d99d91818	fix: allows for the detection of a master realm with --import-realms (#32914 ) also moving initial bootstrapping after import closes: #32689 Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-09-30 14:40:16 +02:00
Maksim Zvankovich	90dc7c168c	Add organization admin crud events Closes #31421 Signed-off-by: Maksim Zvankovich <m.zvankovich@rheagroup.com> Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>	2024-09-27 09:09:28 +02:00
Stefan Guilhen	6424708695	Ensure organization id is preserved on export/import - Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs. Closes #33207 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-09-25 16:07:44 +02:00
Stian Thorgersen	af5eef57bf	Improve handling for loopback redirect-uri validation (#195 ) (#33189 ) Closes #33116 Signed-off-by: stianst <stianst@gmail.com>	2024-09-23 13:51:02 +02:00
Stefan Guilhen	900c496ffe	Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead Closes #32209 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-09-20 16:08:55 +02:00
Michal Hajas	d065be362a	Fix flaky UserSessionPersisterProviderTest Closes #32892 Signed-off-by: Michal Hajas <mhajas@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-20 13:24:34 +02:00
Alexander Schwartz	2a95d0abfa	Sort order of updates for user properties (#32853 ) This should reduce deadlocks on the user property table if the users are updated concurrently. Closes #32852 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-18 12:37:42 +02:00
Stefan Guilhen	5ff9e9147d	Remove unnecessary AbstractConfigPropertySynchronizer class (#33002 ) Closes #33000 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-09-18 08:58:32 +02:00
Pedro Ruivo	f67bec0417	Rename remote-cache Feature Renamed to "clusterless" Closes #32596 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-09-13 13:03:13 +02:00
Stian Thorgersen	40049f31fa	Remove ProxyClassLoader and PlatformProvider returning script classloader (#32806 ) Closes #32804 Signed-off-by: stianst <stianst@gmail.com>	2024-09-11 17:11:26 +02:00
rmartinc	b60621d819	Allow brute force to have http request/response and send emails Closes #29542 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-09-11 08:35:03 +02:00
Thomas Darimont	693a63b532	Handle ClientData parsing errors in SessionCodeChecks gracefully - Move ClientData parsing out of SessionCodeChecks ctor - Respond with a bad request if invalid client data is presented Closes #32515 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-05 10:50:27 +02:00
Alexander Schwartz	0e1a7c6f8e	Add information about token expiry to events Closes #28311 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-04 14:44:51 +02:00
Alexander Schwartz	4d1e1e0bcb	Show details for error messages where they were missing (#32534 ) Closes #32533 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-09-04 07:23:54 -04:00
Stefan Guilhen	557d7e87b2	Avoid iterating through all mappers when running the config event listeners Closes #32233 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-09-04 07:40:58 -03:00
Theresa Henze	a1c23fef8c	introduce event types to update/remove credentials Closes #10114 Signed-off-by: Theresa Henze <theresa.henze@bare.id>	2024-09-03 18:27:27 +02:00
Stefan Guilhen	88cca10472	Rename IDPSpi to IdentityProviderStorageSpi Closes #31639 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-26 15:10:09 -03:00
Vlasta Ramik	d63c0fbd13	Decouple Identity provider mappers from RealmModel (#32251 ) * Decouple Identity provider mappers from RealmModel Closes #31731 Signed-off-by: vramik <vramik@redhat.com>	2024-08-22 12:05:19 -03:00
Peter Zaoral	1b5fe5437a	Warnings for temporary admin user and service account (#31387 ) * UI banner, labels and log messages are shown when temporary admin account is used * added UI tests that check the elements' presence Signed-off-by: Peter Zaoral <pzaoral@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2024-08-21 09:30:24 +02:00
Pedro Igor	eeae50fb43	Make sure federationLink always map to the storage provider associated with federated users Closes #31670 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-20 11:27:22 +02:00
Stefan Guilhen	f82159cf65	Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. Closes #32090 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-19 09:06:35 -03:00
mposolda	3d787727f9	Add acr scope to all clients for those migrating from older than Keycloak 18 closes #31107 Signed-off-by: mposolda <mposolda@gmail.com>	2024-08-16 12:17:43 +02:00
Stefan Guilhen	aeb1951aba	Replace calls to deprecated RealmModel IDP methods - use the new provider instead Closes #31254 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-15 10:55:36 -03:00
Stian Thorgersen	310824cc2b	Remove legacy cookies Closes #16770 Signed-off-by: stianst <stianst@gmail.com> Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-08-15 15:27:38 +02:00
kaustubh-rh	cf8905efe8	Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. (#32067 ) * Stripping secrets for the credential representation Signed-off-by: kaustubh B <kbawanka@redhat.com>	2024-08-12 13:47:41 -03:00
Pedro Igor	3ab2446074	Do not return identity providers when querying the realm representation Closes #21072 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-07 10:06:51 -03:00
StephanSchrader	4d64092119	Fix persist config values for custom components (#31862 ) Closes #31858 Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de> Signed-off-by: Stephan Schrader <zstephanz@gmail.com> Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>	2024-08-07 14:40:30 +02:00
Michal Hajas	50c07c6e7c	Simplify configuration for MULTI_SITE Closes #31807 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-08-06 16:14:33 +00:00
Alexander Schwartz	aa91f60278	Caches the id-to-user mapping for the evaluation in the current session (#31794 ) Closes #31519 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-08-01 10:38:46 +02:00
rmartinc	a6c70d65ee	Do not generate secret when client rep do not specifiy public or bearer Closes #31444 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-30 18:32:15 +02:00
Pascal Knüppel	94784182df	Implement DPoP for all grantTypes (#29967 ) fixes #30179 fixes #30181 Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de> Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2024-07-29 16:30:54 +02:00
Stefan Guilhen	c16e88bcee	Make the IDPProvider via session.identityProviders() Closes #31252 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-07-29 16:02:26 +02:00
Pedro Igor	87c279d645	Respect the username value format when processing federated users Closes #31240 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:28:43 +02:00
Pedro Igor	1f8280c71a	Allow members joining multiple organizations Closes #30747 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-29 09:02:36 +02:00
Lex Cao	3818f8f575	Prevent removing flow that used by client flow overrides Closes #30707 Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-07-26 16:05:29 +02:00
Maciej Mierzwa	97e89e2071	feature: password age in days policy Closes #30210 Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>	2024-07-24 15:12:16 -03:00

1 2 3 4 5 ...

1095 commits