libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
25056 commits 4 branches 5 tags 480 MiB
Commit graph

4893 commits

Author SHA1 Message Date
vramik
0508d279f7 Filter empty domains from OrganizationsRepresentation before running validation 
Closes #29809

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-23 09:53:51 -03:00
Marek Posolda
2efc163b89
Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database 
Closes #27941

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-23 12:00:18 +00:00
Daniel Fesenmeyer
c08621fa63 Always order required actions by priority (regardless of context) 
- AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action
- AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation)
- add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now)
- fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80)

Closes #16873

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
 2024-05-23 09:07:56 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400) 
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-23 08:38:36 +02:00
vramik
278341aff9 Add organizations enabled/disabled capability 
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-22 07:58:26 -03:00
Francis Pouatcha
542fc65923
Issue 29627: Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 (#29628) 
closes #29627 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>


Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-05-22 10:30:34 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions 
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-22 10:12:20 +02:00
Case Walker
f32cd91792 Upgrade owasp-java-html-sanitizer, address all fallout 
Signed-off-by: Case Walker <case.b.walker@gmail.com>
 2024-05-22 09:15:25 +02:00
Raffaele Lucca
a5a55dc66e
Protocol now is mandatory during client scope creation. (#29544) 
closes #29027

Signed-off-by: raff897 <85362193+raff897@users.noreply.github.com>
 2024-05-22 09:10:46 +02:00
Patrick Jennings
84acc953dd
Client type OIDC base read only defaults (#29706) 
closes #29742
closes #29422

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
 2024-05-22 09:07:19 +02:00
Pedro Igor
b019cf6129 Support unmanaged attributes for service accounts and make sure they are only managed through the admin api 
Closes #29362

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-21 16:56:18 -03:00
Martin Kanis
97cd5f3b8d Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not 
Closes #29482

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-21 12:29:10 -03:00
rmartinc
3304540855 Allow admin console whoami endpoint to applications that have a special attribute 
Closes #29640

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-20 09:51:07 +02:00
Stefan Guilhen
1aab371912 Fix errors when importing realms with the organization feature enabled 
Closes #29630

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-17 07:25:31 -03:00
Ricardo Martin
74a80997c7
Fix CRL verification failing due to client cert not being in chain (#29582) 
closes #19853

Signed-off-by: Micah Algard <micahalgard@gmail.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Micah Algard <micahalgard@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-05-17 11:28:07 +02:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages (#29326) 
Update resource file and tests accordingly

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
 2024-05-16 09:55:41 +02:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305) 
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
 2024-05-16 07:58:43 +02:00
rmartinc
89d7108558 Restrict access to whoami endpoint for the admin console and users with realm access 
Closes #25219

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-15 19:06:57 +02:00
Stefan Guilhen
c4760b8188 Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org. 
Closes #29481

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-14 15:39:18 -03:00
Martin Kanis
3985157f9f Make sure operations on a organization are based on realm they belong to 
Closes #28841

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-14 10:47:39 -03:00
Pedro Igor
b4d231fd40 Fixing realm removal when removing groups and brokers associated with an organization 
Closes #29495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 14:29:27 +02:00
Pedro Igor
b5a854b68e
Minor improvements to invitation email templates (#29498) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 13:19:02 +02:00
Pedro Igor
1b583a1bab Email validation for managed members should only fail if it does not match the domain set to a broker 
Closes #29460

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 10:46:22 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests 
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-13 16:33:29 +02:00
kaustubh-rh
8a82b6b587
Added a check in ClientInitialAccessResource (#29353) 
closes #29311

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>
 2024-05-13 13:00:36 +02:00
rmartinc
2cc051346d Allow empty CSP header in headers provider 
Closes #29458

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-13 10:51:31 +02:00
Giuseppe Graziano
d735668fcd Fix test failures after @DisableFeature 
Closes #29253

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-05-13 08:20:54 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization 
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-10 21:28:11 -03:00
Stefan Guilhen
f0620353a4 Ensure master realm can't be removed 
Closes #28896

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 16:56:18 -03:00
Stefan Guilhen
ceed7bc120 Add ability to search organizations by attribute 
Closes #29411

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 16:45:41 -03:00
Pedro Igor
77b58275ca Improvements to the organization authentication flow 
Closes #29416
Closes #29417
Closes #29418

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-09 16:07:52 -03:00
Pedro Igor
a65508ca13 Simplifying the CORS SPI and the default implementation 
Closes #27646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-08 12:27:55 -03:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final 
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-08 17:18:39 +02:00
Stefan Guilhen
dde2746595 Improve tests to ensure managed users disabled upon disabling the org can't be updated 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-07 18:11:52 -03:00
Pedro Igor
927ba48f7a Adding tests to cover using SAML brokers in an organization 
Closes #28732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 20:44:38 +02:00
Douglas Palmer
8d628d740e Can we remove undertow OIDC adapter? 
Closes #28788

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-07 19:47:46 +02:00
Thore
4b194d00be iso-date validator for the user-profile 
Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker.

Closes #11757

Signed-off-by: Thore <thore@kruess.xyz>
 2024-05-07 11:42:39 -03:00
Martin Kanis
d4b7e1a7d9 Prevent to manage groups associated with organizations from different APIs 
Closes #28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-07 11:16:40 -03:00
Pedro Igor
f8bc74d64f Adding SAML protocol mapper to map organization membership 
Closes #28732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 15:52:35 +02:00
Stefan Guilhen
aa945d5636 Add description field to OrganizationEntity 
Closes #29356

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-07 10:35:51 -03:00
Pedro Igor
c0325c9fdb Do not manage brokers through the Organization API 
Closes #29268

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 09:15:25 -03:00
Dinesh Solanki
2172741eb6
Refactor element identifiers from ID to class (#28690) 
Closes #24462

Signed-off-by: Dinesh Solanki <15937452+DineshSolanki@users.noreply.github.com>
 2024-05-07 13:56:21 +02:00
Alice W
d1549a021e Update invitation changes based on review and revert deleted test from OrganizationMembertest 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
40a283b9e8 Token expiration tests and updates to registration required action 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
158162fb4f Review tests and having invitation related operations in a separate class 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
287f3a44ce registration link tests 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Alice W
ce2e83c7f9 Update test and link formation on invite of new user 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Alice W
18356761db Add test for user invite registration and fix minor bug with registration link generation and email templating 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
e0bdb42d41 adding test and minor updates to cover inviting existing users 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-06 14:46:56 -03:00