libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions
12624 commits 4 branches 9 tags 483 MiB
Commit graph

643 commits

Author SHA1 Message Date
Martin Kanis
5d5e56dde3 KEYCLOAK-15199 Complement methods for accessing roles with Stream variants 2020-09-16 16:29:51 +02:00
Benjamin Weimer
f874e9a43c KEYCLOAK-9874 include realm and client roles in user info response 2020-09-16 10:01:02 +02:00
vmuzikar
a9a719b88c KEYCLOAK-15270 Account REST API doesn't verify audience 2020-09-14 08:43:09 -03:00
Sebastian Laskawiec
e01159a943 KEYCLOAK-14767 OpenShift Review Endpoint audience fix 2020-09-09 11:57:24 -03:00
Benjamin Weimer
b2934e8dd0 KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found 2020-09-08 11:17:20 -03:00
Martin Kanis
4e9bdd44f3 KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak 2020-09-07 13:11:55 +02:00
mhajas
3928a49c77 KEYCLOAK-14816 Reset brute-force-detection data for the user after a successful password grant type flow 2020-09-01 21:45:17 +02:00
Martin Kanis
d59a74c364 KEYCLOAK-15102 Complement methods for accessing groups with Stream variants 2020-08-28 20:56:10 +02:00
Benjamin Weimer
fdcfa6e13e KEYCLOAK-15156 backchannel logout offline session handling 2020-08-13 08:09:59 -03:00
David Hellwig
ddc2c25951
KEYCLOAK-2940 - draft - Backchannel Logout (#7272) 
* KEYCLOAK-2940 Backchannel Logout

Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com>
Co-authored-by: David Hellwig <hed4be@bosch.com>
 2020-08-12 09:07:58 -03:00
zak905
8597edba8e KEYCLOAK-14851: make AIA max auth age configurable per AIA 2020-08-04 13:30:37 -04:00
Yoshiyuki Tabata
cd76ed0d74 KEYCLOAK-14289 OAuth Authorization Server Metadata for Token Revocation 2020-07-29 11:41:56 +02:00
Takashi Norimatsu
0191f91850 KEYCLOAK-14380 Support Requesting Claims using the claims Request Parameter 2020-07-29 09:53:28 +02:00
Hynek Mlnarik
c566b46e8f KEYCLOAK-14549 Make ClientProvider independent of RealmProvider 
Co-Authored-By: vramik <vramik@redhat.com>
 2020-07-22 00:08:15 +02:00
Takashi Norimatsu
e0fbfa722e KEYCLOAK-14189 Client Policy : Basics 2020-07-21 07:50:08 +02:00
Thomas Vitale
4cd5ace800 KEYCLOAK-9321 Remove invalid token_introspection_endpoint 
The discovery document is advertizing both token_introspection_endpoint
and introspection_endpoint. The former has been removed as it is not
defined by OAuth2/OIDC.
 2020-07-17 11:41:28 +02:00
Luca Leonardo Scorcia
d6934c64fd Refactor SAML metadata generation to use the SAMLMetadataWriter class 2020-07-09 09:39:35 +02:00
vmuzikar
001fe9eb11 KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked 
Co-authored-by: mhajas <mhajas@redhat.com>
 2020-06-30 17:11:20 -03:00
Hiroyuki Wada
f73b51818b KEYCLOAK-14113 Support for exchanging to SAML 2.0 token 2020-06-19 22:08:42 +02:00
Martin Bartos
ec9bf6206e [KEYCLOAK-13202] Reset password redirects to account client 2020-06-18 13:08:36 +02:00
Yoshiyuki Tabata
f03ee2ec98 KEYCLOAK-14145 OIDC support for Client "offline" session lifespan 2020-06-04 14:24:52 +02:00
Pedro Igor
e8dc10b4a1 [KEYCLOAK-11330] - Properly handling POST formdata and UriInfo 2020-06-02 09:36:40 +02:00
Youssef El Houti
086bdd1700 add optional field at_hash to idToken when using Authorization Code flow since it improves performance and allows to follow the recommandation in RFC for clients to use hash for access_token validation 2020-05-27 07:34:05 +02:00
Takashi Norimatsu
be0ba79daa KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS 2020-05-19 17:00:41 +02:00
Yoshiyuki Tabata
f7d00fc2e9 KEYCLOAK-13844 "exp" claim should not be "0" when using offline token 2020-05-12 16:14:37 +02:00
Agniswar Mandal
8646d0668a KEYCLOAK-14072 docker-compose.yaml file generated creates an invalid urls 
* Updated Invalid URLs

The docker-compose.yaml file generated creates an invalid url for REGISTRY_AUTH_TOKEN_REALM and REGISTRY_AUTH_TOKEN_ISSUER. Fixed

* KEYCLOAK-14072 JIRA#14072

Test coverage fix for the the JIRA#14072
 2020-05-07 08:40:52 +02:00
Takashi Norimatsu
0d0617d44a KEYCLOAK-13720 Specify Signature Algorithm in Signed JWT Client Authentication 2020-05-05 17:43:00 +02:00
Hynek Mlnarik
32f13016fa KEYCLOAK-12874 Align Destination field existence check with spec 2020-05-04 09:19:44 +02:00
Martin Kanis
aa309b96a8 KEYCLOAK-13682 NPE when refreshing token after enabling consent 2020-04-30 08:46:21 +02:00
stianst
a77c35ea8f KEYCLOAK-14009 Add fix for token revocation endpoint 2020-04-29 17:22:25 +02:00
Yoshiyuki Tabata
874642fe9e KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC 2020-04-28 15:34:25 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00
Yoshiyuki Tabata
b40c12c712 KEYCLOAK-5325 Provide OAuth token revocation capability 2020-04-28 15:25:22 +02:00
Stefan Guilhen
da1138a8d2 [KEYCLOAK-13005] Make sure the master URL is used if the consumer POST or REDIRECT URL is an empty string 
- Fixes issue where admin console sets an empty string when the consumer POST or REDIRECT URL is deleted
 2020-04-27 14:25:03 +02:00
Martin Idel
7e8018c7ca KEYCLOAK-11862 Add Sync mode option 
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported

Fix updateBrokeredUser method for all mappers

- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
  Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
  The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
  Bug: delete cannot work - just delete it. Don't fix it in legacy mode

Rework mapper tests

- Fix old tests for Identity Broker:
  Old tests did not work at all:
  They tested that if you take a realm and assign the role,
  this role is then assigned to the user in that realm,
  which has nothing to do with identity brokering
  Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
  Added tests for UsernameTemplateMapper
  Added tests to all RoleMappers
  Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode

Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
 2020-04-24 15:54:32 +02:00
Martin Kanis
a04c70531a KEYCLOAK-9623 Disabling logged in user will not allow other user to login after he is thrown out of his session 2020-04-23 14:40:25 +02:00
Pedro Igor
cbab159aa8 [KEYCLOAK-8071] - Properly validating requested scopes 2020-04-21 12:23:59 +02:00
Pedro Igor
b60b85ab65 [KEYCLOAK-7450] - Match subject when validating id_token returned from external OP 2020-04-06 13:43:19 +02:00
Martin Kanis
e6e0e6945d KEYCLOAK-12156 LogoutEndpoint does not verify token type of id_token_hint 
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
 2020-03-24 05:31:36 +01:00
mposolda
bc1146ac2f KEYCLOAK-10029 Offline token migration fix. Always test offline-token migration when run MigrationTest 2020-03-10 20:38:16 +01:00
stianst
b84160786b KEYCLOAK-12885 Make sure empty protocol in client scope doesn't result in NPE in well-known endpoint 2020-03-05 13:43:46 +01:00
stianst
b39b84c5dc KEYCLOAK-13102 Remove error log message on invalid response_type 2020-03-05 08:47:12 +01:00
vramik
7c91e36e43 KEYCLOAK-10898 WildFly Adapter CLI based installation scripts 2020-03-02 10:08:45 +01:00
Pedro Igor
1c71eb93db [KEYCLOAK-11576] - Properly handling redirect_uri parser errors 2020-02-27 08:29:06 +01:00
Stefan Guilhen
7a3998870c [KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs 
- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
 2020-02-18 16:38:19 -03:00
stianst
42773592ca KEYCLOAK-9632 Improve handling of user locale 2020-02-14 08:32:20 +01:00
Peter Skopek
622a97bd1c KEYCLOAK-12228 Sensitive Data Exposure 
from patch of hiba haddad haddadhiba0@gmail.com
 2020-02-12 09:57:31 +01:00
Martin Kanis
1d54f2ade3 KEYCLOAK-9563 Improve access token checks for userinfo endpoint 2020-02-11 15:09:21 +01:00
Dmitry Telegin
b6c5acef25 KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID 2020-02-06 08:53:31 +01:00
rmartinc
d39dfd8688 KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters 2020-02-05 11:30:28 +01:00