libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
26030 commits 4 branches 5 tags 480 MiB
Commit graph

4767 commits

Author SHA1 Message Date
rmartinc
b60621d819 Allow brute force to have http request/response and send emails 
Closes #29542

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-11 08:35:03 +02:00
cgeorgilakis-grnet
f8b1b3ee03 Search Identity Providers by alias or display name 
Closes #32588

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-09-10 21:52:59 +02:00
Thomas Darimont
6b83a45b2e
Propagate locale when using app initiated registration URL 
Fixes #13505

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-10 12:25:17 +02:00
Garth
7988f026e0 Add a PasswordPoliciesBean to the FreeMarker context. 
Closes #32553

Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
 2024-09-10 12:19:53 +02:00
Alexander Schwartz
b88ecc0237
Removing the extra two-minute Window for persistent user sessions (#32660) 
Closes #28418

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-09-09 09:28:48 +02:00
Steven Hawkins
58d742bb5c
fix: refining v2 hostname validation (#32659) 
closes: #32643

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-09-06 17:49:25 +02:00
Thomas Darimont
211224f613
Use correct error value in Token Exchange error responses 
The Token Exchange [RFC8693 Section-2.2.2](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.2) requires
that the error code for invalid requests is `invalid_request`.
Previously, Keycloak used `invalid_token` as the error code.

Fixes #31547

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-05 18:35:36 +02:00
keshavprashantdeshpande
9f5f8e017e
Improve message for failing partial import of realm (#32667) 
Closes #28017
Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-05 15:12:37 +02:00
mposolda
866101e72e Optimize LogoutEndpoint.backchannelLogout endpoint 
closes #32683

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-05 13:49:31 +02:00
Thomas Darimont
693a63b532
Handle ClientData parsing errors in SessionCodeChecks gracefully 
- Move ClientData parsing out of SessionCodeChecks ctor
- Respond with a bad request if invalid client data is presented

Closes #32515

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-05 10:50:27 +02:00
Giuseppe Graziano
a14548a7a2
Lightweight access tokens for Admin REST API (#32347) 
* Lightweight access tokens for Admin REST API

Closes #31513


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-09-04 18:04:23 +02:00
cgeorgilakis-grnet
e6b271895e Make update IdentityProvider admin REST API more efficient 
Closes #32388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-09-04 11:49:32 -03:00
Alexander Schwartz
0e1a7c6f8e Add information about token expiry to events 
Closes #28311

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-04 14:44:51 +02:00
Stefan Guilhen
e7a4635620 Filter out org brokers from the account console 
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination

Closes #31944

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 09:00:52 -03:00
Alexander Schwartz
4d1e1e0bcb
Show details for error messages where they were missing (#32534) 
Closes #32533

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-09-04 07:23:54 -04:00
Theresa Henze
a1c23fef8c introduce event types to update/remove credentials 
Closes #10114

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
 2024-09-03 18:27:27 +02:00
Pedro Igor
079242c398 Binding brokering OIDC user sessions with the issuer of the ID Token to avoid looking up sessions by iterating over all brokers in a realm 
Closes #32091

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-09-03 17:51:20 +02:00
Thomas Darimont
88a5c96fff
Add kc_action to redirect URI after a required action is cancelled (#31925) 
Closes #31894

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-03 14:26:23 +00:00
mposolda
dad4477995 Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17 
closes #32586

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-03 15:58:57 +02:00
Alexander Schwartz
5bd3da657b Cache regex patterns in frequently used production code 
Closes #32428

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-02 08:57:03 -03:00
Jon Koops
2d17024b14
Remove redirect_uri support from OIDC logout endpoint 
Closes #10983

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2024-08-30 12:52:49 +00:00
Martin Kanis
e7d71d43c3 Identity Provider secret visible in Organization tab (API request) 
Closes #32486

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-30 09:26:25 -03:00
Douglas Palmer
ecbd856176 Brute force protection: Lockout permanently uses parameters configured under lockout temporarily 
Closes #30969

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-08-29 16:30:22 +02:00
Martin Kanis
7e6dd682d4 Validate organization alias for forbidden chars 
Closes #32392

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-28 21:59:38 +02:00
Pedro Igor
449557290b More options to organization scope mapper including adding organization attributes to tokens 
Closes #31642

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-27 09:40:55 -03:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Erik Jan de Wit
776a491989
added organizations table to account (#32311) 
* added organizations table to account

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-22 15:44:03 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel (#32251) 
* Decouple Identity provider mappers from RealmModel

Closes #31731

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-22 12:05:19 -03:00
Steven Hawkins
d9a92f5de3
fix: expose bootstrap-admin-* options (#32241) 
* fix: expose bootstrap-admin-* options

closes: #32176

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-21 15:52:38 +02:00
Peter Zaoral
6ab3b98743
Temporary admin account notice logged to org.keycloak.events (#32307) 
* removed the temporary admin accounts logging from JBossLoggingEventListenerProvider

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2024-08-21 13:31:57 +00:00
Pedro Igor
c1f6d5ca64 Support for selecting an organization when requesting the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-21 13:04:58 +02:00
Stefan Guilhen
585d179fe0 Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs. 
Closes #32238

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-21 07:49:01 -03:00
Peter Zaoral
1b5fe5437a
Warnings for temporary admin user and service account (#31387) 
* UI banner, labels and log messages are shown when temporary admin account is used
* added UI tests that check the elements' presence

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2024-08-21 09:30:24 +02:00
Pedro Ruivo
4675a4eda9 Deprecate UserSessionCrossDCManager 
Fixes #31878

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-21 08:52:39 +02:00
Pedro Igor
e3c0b918bd Returning a full representation when querying organizations 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:11:14 -03:00
Pedro Igor
4376a3c757 Add an endpoint to the organizations endpoint to return the organizations for a given user 
Closes #32158

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values 
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-19 08:45:23 -03:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18 
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-16 12:17:43 +02:00
Václav Muzikář
cb418b0bfc
Upgrade to Quarkus 3.13.2 (#31678) 
* Upgrade to Quarkus 3.13.2

Closes #31676

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-16 11:41:34 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values (#32137) 
closes #31595

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
 2024-08-16 08:58:27 +02:00
Alexander Schwartz
80d235fffb
Handle non-existing client gracefully (#32151) 
Closes #32150

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-15 16:08:40 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00 Support for resolving organization based on the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies 
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource 
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac Client Policy - Condition : Client - Client Attribute 
Closes https://github.com/keycloak/keycloak/issues/31766

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2024-08-14 09:56:56 +02:00
kaustubh-rh
cf8905efe8
Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. (#32067) 
* Stripping secrets for the credential representation

Signed-off-by: kaustubh B <kbawanka@redhat.com>
 2024-08-12 13:47:41 -03:00