libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions
25964 commits 4 branches 9 tags 483 MiB
Commit graph

4751 commits

Author SHA1 Message Date
Pedro Igor
079242c398 Binding brokering OIDC user sessions with the issuer of the ID Token to avoid looking up sessions by iterating over all brokers in a realm 
Closes #32091

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-09-03 17:51:20 +02:00
Thomas Darimont
88a5c96fff
Add kc_action to redirect URI after a required action is cancelled (#31925) 
Closes #31894

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-03 14:26:23 +00:00
mposolda
dad4477995 Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17 
closes #32586

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-03 15:58:57 +02:00
Alexander Schwartz
5bd3da657b Cache regex patterns in frequently used production code 
Closes #32428

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-02 08:57:03 -03:00
Jon Koops
2d17024b14
Remove redirect_uri support from OIDC logout endpoint 
Closes #10983

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2024-08-30 12:52:49 +00:00
Martin Kanis
e7d71d43c3 Identity Provider secret visible in Organization tab (API request) 
Closes #32486

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-30 09:26:25 -03:00
Douglas Palmer
ecbd856176 Brute force protection: Lockout permanently uses parameters configured under lockout temporarily 
Closes #30969

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-08-29 16:30:22 +02:00
Martin Kanis
7e6dd682d4 Validate organization alias for forbidden chars 
Closes #32392

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-28 21:59:38 +02:00
Pedro Igor
449557290b More options to organization scope mapper including adding organization attributes to tokens 
Closes #31642

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-27 09:40:55 -03:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Erik Jan de Wit
776a491989
added organizations table to account (#32311) 
* added organizations table to account

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-22 15:44:03 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel (#32251) 
* Decouple Identity provider mappers from RealmModel

Closes #31731

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-22 12:05:19 -03:00
Steven Hawkins
d9a92f5de3
fix: expose bootstrap-admin-* options (#32241) 
* fix: expose bootstrap-admin-* options

closes: #32176

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-21 15:52:38 +02:00
Peter Zaoral
6ab3b98743
Temporary admin account notice logged to org.keycloak.events (#32307) 
* removed the temporary admin accounts logging from JBossLoggingEventListenerProvider

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2024-08-21 13:31:57 +00:00
Pedro Igor
c1f6d5ca64 Support for selecting an organization when requesting the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-21 13:04:58 +02:00
Stefan Guilhen
585d179fe0 Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs. 
Closes #32238

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-21 07:49:01 -03:00
Peter Zaoral
1b5fe5437a
Warnings for temporary admin user and service account (#31387) 
* UI banner, labels and log messages are shown when temporary admin account is used
* added UI tests that check the elements' presence

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2024-08-21 09:30:24 +02:00
Pedro Ruivo
4675a4eda9 Deprecate UserSessionCrossDCManager 
Fixes #31878

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-21 08:52:39 +02:00
Pedro Igor
e3c0b918bd Returning a full representation when querying organizations 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:11:14 -03:00
Pedro Igor
4376a3c757 Add an endpoint to the organizations endpoint to return the organizations for a given user 
Closes #32158

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values 
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-19 08:45:23 -03:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18 
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-16 12:17:43 +02:00
Václav Muzikář
cb418b0bfc
Upgrade to Quarkus 3.13.2 (#31678) 
* Upgrade to Quarkus 3.13.2

Closes #31676

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-16 11:41:34 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values (#32137) 
closes #31595

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
 2024-08-16 08:58:27 +02:00
Alexander Schwartz
80d235fffb
Handle non-existing client gracefully (#32151) 
Closes #32150

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-15 16:08:40 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00 Support for resolving organization based on the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies 
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource 
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac Client Policy - Condition : Client - Client Attribute 
Closes https://github.com/keycloak/keycloak/issues/31766

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2024-08-14 09:56:56 +02:00
kaustubh-rh
cf8905efe8
Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. (#32067) 
* Stripping secrets for the credential representation

Signed-off-by: kaustubh B <kbawanka@redhat.com>
 2024-08-12 13:47:41 -03:00
Steven Hawkins
b72ddbcc45
fix: add a warning log if a deprecated admin env variable is used (#32038) 
closes: #31491

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-08-12 08:54:30 +02:00
rmartinc
347f595913 Add ECDH-ES encyption algorithms to the java keystore key provider 
Closes #32023

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a Conditionally redirect existing users to a broker based on their credentials 
Closes #31006

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-09 07:59:25 -03:00
rmartinc
2a06e1a6db Add SHAKE256 hash provider for Ed448 
Closes #31931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Steven Hawkins
7ce6f12fe3
fix: adds a check for duplicate users/clients to simplify cmd errors (#31583) 
also changes temp-admin-service to temp-admin

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-08-08 08:20:33 -04:00
Pedro Igor
3ab2446074 Do not return identity providers when querying the realm representation 
Closes #21072

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-07 10:06:51 -03:00
rmartinc
acbbfde4ab Adding upgrading notes for brute force changes 
Closes #31960

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-07 14:38:30 +02:00
Pascal Knüppel
f3341390f4
Issuer id must be a URL according to specification (#30961) 
fixes #30960

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-08-07 14:35:58 +02:00
Giuseppe Graziano
35c8c09b8d OIDC dynamic client registration with response_type=none 
Closes #19564

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-08-07 10:34:47 +02:00
rmartinc
8a09905e5c Remove the attempt in brute force when the off-thread finishes 
Closes #31881

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-06 15:30:49 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC (#31763) 
closes #31712 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1 Add a media type to error responses on OID4VC endpoints 
Closes #31585

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-08-02 12:09:09 +02:00
Justin Tay
f537343545 Allow empty key use in JWKS from identity provider 
Closes #31823

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-02 11:39:43 +02:00
rmartinc
773e309f75 Parse saml urls correctly if the bindings are different 
Closes #31780

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-02 11:34:06 +02:00