libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
26538 commits 4 branches 9 tags 483 MiB
Commit graph

248 commits

Author SHA1 Message Date
Andy
f994cc54d5
Remove robots.txt entirely 
* remove robots.txt entirely, as blocking page-
crawling prevents the `X-Robots-Tag` headers
(and similar meta tags) from working as intended.

Closes #17433

Signed-off-by: Andy <andy@slice.is>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-25 12:09:50 +00:00
Steven Hawkins
307041c021
fix: encapsulating where static import/export state is set/used (#33690) 
closes: #33596

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-10-22 16:03:39 +02:00
Ricardo Martin
a84a2c2ac2
Change order of absolute path and normalize in the theme folder (#34153) 
Closes #34028

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-22 09:53:30 +02:00
Jon Koops
008faf44cf Check if deviceRepresentation is set 
Closes #33814

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-11 16:02:20 +02:00
Jon Koops
3930356c21
Treat unencrypted local origins as an insecure context in Safari (#33700) 
Closes #33557

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-09 23:38:03 +02:00
Jon Koops
aacdf80664
Add shim for Web Crypto API to admin and account console (#33480) 
Closes #33330

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-03 10:51:23 +00:00
Stian Thorgersen
4a2fbf5339
Refactor loading of theme resources (#33326) 
Closes #33325

Signed-off-by: stianst <stianst@gmail.com>
 2024-10-01 08:02:05 +02:00
Steven Hawkins
9064d5159a
fix: validate that a full hostname url is expected (#33348) 
closes: #33347

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-09-27 13:57:14 +00:00
Stian Thorgersen
af5eef57bf
Improve handling for loopback redirect-uri validation (#195) (#33189) 
Closes #33116

Signed-off-by: stianst <stianst@gmail.com>
 2024-09-23 13:51:02 +02:00
Jon Koops
5e2f09f66d
Remove statically served Keycloak JS from the server (#33083) 
Closes #32827

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-09-22 19:05:01 +02:00
Steven Hawkins
58d742bb5c
fix: refining v2 hostname validation (#32659) 
closes: #32643

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-09-06 17:49:25 +02:00
mposolda
dad4477995 Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17 
closes #32586

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-03 15:58:57 +02:00
Stian Thorgersen
310824cc2b
Remove legacy cookies 
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-08-15 15:27:38 +02:00
Pascal Knüppel
f3341390f4
Issuer id must be a URL according to specification (#30961) 
fixes #30960

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-08-07 14:35:58 +02:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation(#30692) 
closes #30525 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-24 13:45:39 +02:00
rmartinc
5db3772d45 Remove TrustedHostClientRegistrationPolicyTest#testGithubDomain 
Closes #29271

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-23 11:33:38 +02:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user (#30054) 
* fix: adding password and service account based bootstrap and recovery

closes: #29324, #30002, #30003

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Fix tests

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-07-03 15:23:40 +02:00
Francis Pouatcha
d4797e04a2
Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification (#30420) 
closes #30419 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-06-18 17:07:49 +02:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966) 
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-07 12:02:36 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support (#28518) 
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-06-03 14:17:28 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity 
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 01:58:20 -03:00
Erwin Rohde
10544a5a93 socketTimeoutUnits and establishConnectionTimeoutUnits use TimeUnit set in HttpClientBuilder 
Closes #28881

Signed-off-by: Erwin Rohde <erwin@rohde.nu>
 2024-04-22 08:11:11 -03:00
Stefan Wiedemann
b08c644601
Support credentials issuance through oid4vci (#27931) 
closes #25940 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-04-22 11:37:55 +02:00
Ricardo Martin
4c2542b91f
Better management of domains in TrustedHostClientRegistrationPolicy (#139) (#28876) 
Closes keycloak/keycloak-private#63

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-18 16:06:50 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872) 
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2024-04-18 16:02:24 +02:00
rmartinc
41b706bb6a Initial security profile SPI to integrate default client policies 
Closes #27189

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-10 11:19:56 +02:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession (#28150) 
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
 2024-03-26 13:43:41 -04:00
Stian Thorgersen
3f9cebca39
Ability to set the default provider for an SPI (#28135) 
Closes #28134

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:45:08 +01:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options (#26833) 
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 16:22:41 +01:00
Steven Hawkins
35b9d8aa49
task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
Alexander Schwartz
6de5325d1c Limit the received content when handling the content as a String 
Closes #27293

Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-13 16:43:03 +01:00
Alexander Schwartz
595959398b
Instead of an InputStream that doesn't know about its encoding, use a String 
Closes #20916

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-07 10:24:36 +00:00
Albrecht Scheidig
cad34cbb04
Restore support for locales with extensions (#27285) 
Closes #27284

Signed-off-by: Albrecht Scheidig <albrecht.scheidig@hype.de>
 2024-02-29 17:16:44 +00:00
Takashi Norimatsu
1bdbaa2ca5 Client policies: executor for validate and match a redirect URI 
closes #25637

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-20 08:37:33 +01:00
Steven Hawkins
3a04acab51
fix: adds pfx as a recognized extension (#26876) 
closes #24661

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-13 15:38:12 +01:00
Stian Thorgersen
85ddac26ed
Remove code that expires old cookie paths (#26444) 
Closes #26416

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-24 13:43:03 +01:00
Takashi Norimatsu
b99f45ed3d Supporting EdDSA 
closes #15714

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>

Co-authored-by: Muhammad Zakwan Bin Mohd Zahid <muhammadzakwan.mohdzahid.fg@hitachi.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-01-24 12:10:41 +01:00
Ricardo Martin
097d68c86b
Escape action in the form_post.jwt and only decode path in RedirectUtils (#93) (#25995) 
Closes #90

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-09 08:20:14 +01:00
Ricardo Martin
32a70cbedd Strip off user-info from redirect URI when validating using wildcard (#61) 
Closes keycloak/keycloak-private#58
Closes https://issues.redhat.com/browse/RHBK-679

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-19 10:13:36 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473) 
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-30 08:57:17 +01:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider 
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d Remove lowercase for the hostname as recommended/advised by OAuth spec 
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 10:26:00 -03:00
rmartinc
b6cdcb3c27 Revert "Fix lowerCaseHostname to lower-case scheme and host properly" 
This reverts commit 1241bd2919.

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 10:26:00 -03:00
rmartinc
1241bd2919 Fix lowerCaseHostname to lower-case scheme and host properly 
Closes https://github.com/keycloak/keycloak/issues/24792

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-20 10:00:50 +01:00
rmartinc
082b0ed308 verifyRedirectUri should return null when the passed redirectUri is invalid 
Closes https://github.com/keycloak/keycloak/issues/22778
 2023-09-21 08:19:00 +02:00
rmartinc
f8a9e0134a Ensure that the EncryptedKey is passed to the DecryptionKeyLocator for SAML 
Closes https://github.com/keycloak/keycloak/issues/22974
 2023-09-20 15:09:18 +02:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address (#23109) 
Closes #22825
 2023-09-11 08:56:13 +02:00
Kaustubh B
5ee2ba9372 Added tests 2023-09-07 08:43:35 +02:00
rmartinc
b67ede2a30 RedirectUtils needs to use KeycloakUriBuilder with no parameter parsing 
Closes https://github.com/keycloak/keycloak/issues/22424
 2023-08-17 09:11:08 +02:00