libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24847 commits 4 branches 5 tags 480 MiB
Commit graph

400 commits

Author SHA1 Message Date
Stefan Guilhen
02e2ebf258 Add check to prevent deserialization issues when the context token is not an AccessTokenResponse. 
- also adds a test for the refresh token on first login scenario.

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-30 12:02:10 -03:00
Stefan Wiedemann
b08c644601
Support credentials issuance through oid4vci (#27931) 
closes #25940 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-04-22 11:37:55 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
mposolda
c427e65354 Secondary factor bypass in step-up authentication 
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
 2024-04-19 14:43:53 +02:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint (#146) (#28866) 
Closes #47

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Conflicts:
	core/src/main/java/org/keycloak/util/TokenUtil.java
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-18 14:11:05 +02:00
Pedro Ruivo
63cb137b37 Remove usages of EnvironmentDependentProviderFactory.isSupported 
Closes #28751

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-16 09:43:23 +02:00
Giuseppe Graziano
c76cbc94d8 Add sub via protocol mapper to access token 
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-10 10:40:42 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
Justin Tay
e765932df3 Skip unsupported keys in JWKS 
Closes #16064

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-08 08:42:31 +02:00
Justin Tay
89a5da1afd Allow empty key use in JWKS for client authentication 
Closes #28004

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-04 10:42:37 +02:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider (#28128) 
Closes #28120

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 12:44:11 +01:00
vramik
032bb8e9cc Map Store Removal: Remove obsolete KeycloakModelUtils.isUsernameCaseSensitive method 
Closes #27438

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-02 04:40:46 +09:00
Steven Hawkins
37acb2fd09
task: upgrading to quarkus 3.7.0.CR1 (#26203) 
there are several downgrades from the quarkus versions, and some
additional logic needed to handle changes with re-creating the
configuration

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-01-31 18:23:07 +00:00
Stian Thorgersen
0fb6bdfcac
Cookie Provider - move remaining cookies (#26531) 
Closes #26500

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-29 11:06:37 +01:00
Martin Kanis
7797f778d1 Map Store Removal: Rename legacy modules 
Closes #24107

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-25 16:29:16 +01:00
Stian Thorgersen
85ddac26ed
Remove code that expires old cookie paths (#26444) 
Closes #26416

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-24 13:43:03 +01:00
Takashi Norimatsu
b99f45ed3d Supporting EdDSA 
closes #15714

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>

Co-authored-by: Muhammad Zakwan Bin Mohd Zahid <muhammadzakwan.mohdzahid.fg@hitachi.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-01-24 12:10:41 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273) 
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-23 13:50:31 +00:00
Alexander Schwartz
a8eca6add0
Changing to the Infinispan BOM to avoid mis-aligned Infinispan dependencies (#26137) 
Closes #22922

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
 2024-01-15 09:20:47 +01:00
Pedro Igor
d540584449 Using a valid URI when deleting cookies before/after running tests 
Closes #22691

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 15:13:12 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features (#24811) 
also adding a common PropertyMapper validation method

closes #24668

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-01-03 17:56:31 +01:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-02 09:06:55 -03:00
mposolda
3fa2d155ca Decouple factory methods from the provider methods on UserProfileProvider implementation 
closes #25146

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-01 10:30:57 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473) 
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-30 08:57:17 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings 
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2023-11-22 14:10:11 +01:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2023-11-13 19:13:01 +01:00
vramik
926be135e8 Remove map related modules 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24100
 2023-11-13 12:34:52 +01:00
vramik
6fa26d7ff4 Delete map dependencies from dependency management 
Closes #24101
 2023-11-08 13:53:17 +01:00
mposolda
7863c3e563 Moving UPConfig and related classes from keycloak-services 
closes #24535

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-07 12:41:29 +01:00
rmartinc
1b630326b2 Fixes in LDAP tests when using AD 
Closing https://github.com/keycloak/keycloak/issues/24357
 2023-10-31 13:34:37 +01:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow (#23892) 
Closes #23891
 2023-10-24 10:09:26 +02:00
mposolda
04777299b0 After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly 
closes #23880
 2023-10-19 19:23:50 +02:00
shigeyuki kabano
6112b25648 Enhancing Light Weight Token(#22148) 
Closes #21183
 2023-10-17 13:12:36 +02:00
Alexander Schwartz
50916d58b1 Clean up created test user to avoid conflict with other tests 
Closes #23804
 2023-10-16 19:10:52 +02:00
Pedro Igor
9c19a8972b Removing the default cache metadata 
Closes #23910
 2023-10-13 16:32:55 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. (#22317) 
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
 2023-10-05 15:08:01 +02:00
rmartinc
d90640b5a3 Change email checkserveridentity prop as angus mail sets it to true by default 
Closes https://github.com/keycloak/keycloak/issues/22395
 2023-09-26 09:11:16 +02:00
Michal Hajas
496c5ad989 Use new findGroupByPath implementation and remove the old one 
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-09-25 10:44:24 +02:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430) 
Closes #14820 
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-09-20 17:20:43 +02:00
Justin Tay
658c0ef19f Send Client ID in token request with JWT Authentication 
Closes #21444
 2023-09-14 10:57:32 +02:00
Daniel Fesenmeyer
a68ad55a37 Support to define compatible mappers for (new) Identity Providers 
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers

Closes #21154
 2023-09-13 17:19:06 -03:00
mposolda
6f6b5e8e84 Fix authenticatorConfig for javascript providers 
Closes #20005
 2023-07-31 19:28:25 +02:00
Takashi Norimatsu
05b8b9ee51 Enhancing Pluggable Features of Token Manager 
closes #21182
 2023-07-24 09:16:29 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console (#21098) 
Co-authored-by: Jon Koops <jonkoops@gmail.com>

Closes #9864
 2023-06-20 20:46:57 +02:00
vramik
535bba5792 Update UserQueryProvider methods 
Closes #20438
 2023-06-12 16:04:26 +02:00
rmartinc
9bc30f4705 EventBuilder fixes to copy the store and session context 
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
 2023-06-07 08:34:27 -03:00
Aboullos
612fe33ade
Remove AccountUpdateProfilePage from the testsuite (#19362) 
closes #15202
 2023-06-02 11:46:49 +02:00
mposolda
bf9c5821cb Fix for certificate revalidation 
closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542
 2023-05-31 15:42:37 +02:00
vramik
a175efcb72 Split UserQueryProvider into UserQueryMethods and UserCountMethods and make LdapStorageProvider implement only UserQueryMethods 
Co-authored-by: mhajas <mhajas@redhat.com>

Closed #20156
 2023-05-31 11:47:54 +02:00