libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
14850 commits 4 branches 5 tags 480 MiB
Commit graph

3859 commits

Author SHA1 Message Date
Alice Wood
1eb7e95b97 enhance existing group search functionality allow exact name search keycloak/keycloak#13973 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
 2022-09-30 10:37:52 +02:00
Marcelo Daniel Silva Sales
22713bc144
Incorrect error message OIDC client authentication (#14656) 
closes #12162


Co-authored-by: Pedro Hos <pedro-hos@outlook.com>
 2022-09-30 09:40:05 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron (#14415) 
Closes #12702
 2022-09-27 08:53:46 +02:00
Alexander Schwartz
be2deb0517 Modify RealmsAdminResource.importRealm to work with InputStream 
Closes #13609
 2022-09-26 20:58:08 +02:00
Ivan Atanasov
4016dd95d2
Use temporary file to reduce the chance of serving partial gzipped resource (#14511) 
Closes #14510
 2022-09-23 07:51:41 +02:00
Alice Wood
55a660f50b enhance group search to allow searching for groups via attribute keycloak/keycloak#12964 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-09-19 15:19:36 +02:00
Takashi Norimatsu
0a832fc744 Intent support before issuing tokens (UK OpenBanking) 
Closes #12883
 2022-09-19 12:15:00 +02:00
Dmitry Telegin
cc2117bf7c UserInfo endpoint not fully standards compliant 
Closes #14184
 2022-09-16 10:15:08 +02:00
danielFesenmeyer
3af1134975 Update IDP link username when sync mode is "force" 
Closes #13049
 2022-09-14 08:02:17 -03:00
Václav Muzikář
e999aeeab8 Fix DefaultHostnameTest on Undertow 2022-09-13 14:41:23 -03:00
Christoph Leistert
7e5b45f999 Issue #8749: Add an option to control the order of the event query and admin event query 2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5 Move UserFederatedStorageProvider into legacy module 
Closes #13627
 2022-09-11 18:37:45 +02:00
Thomas Darimont
962a685b7b KEYCLOAK-15773 Control availability of admin api and admin-console via feature flags 
Inline profile checks for enabled admin-console to avoid issues during
static initialization with quarkus.

Potentially Re-enable admin-api feature if admin-console is enabled
via the admin/admin2 feature flag.

Add legacy admin console as deprecated feature flag
Throw exception if admin-api feature is disabled but admin-console is enabled

Adapt ProfileTest

Consider adminConsoleEnabled flag in QuarkusWelcomeResource
Fix check for Admin-Console / Admin-API feature dependency.

Add new features to approved help output files

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2022-09-09 18:18:51 -03:00
Pedro Igor
3518362002 Validate auth time when max_age is sent to brokered OPs 
Closes #14146
 2022-09-09 10:30:51 -03:00
Martin Bartoš
0fcf5d3936 Reuse of token in TOTP is possible 
Fixes #13607
 2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default (#14293) 
Closes #14292
 2022-09-09 13:47:51 +02:00
Dominik Guhr
f2b02f19e6 Closes #13786 2022-09-07 18:29:26 +02:00
cgeorgilakis
07b0df8f62
View groups from account console (#7933) 
Closes #8748
 2022-09-07 11:25:31 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 (#14179) 
Closes #14179
 2022-09-07 10:09:30 +02:00
evtr
4469bdc0a9
RelayState max length not respected 
Fixes: #10227
 2022-09-06 22:01:14 +02:00
Stu Tomlinson
f57560afd3 Improve error messages for invalid SAML responses 
Closes #13534
 2022-09-06 21:49:14 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Pedro Igor
a6137b9b86 Do not empty attributes if they are not provided when user profile is enabled 
Closes #11096
 2022-09-06 12:59:05 +02:00
Michal Hajas
f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants 
Closes #14018
 2022-09-06 10:38:28 +02:00
Youssef El Houti
7f58c1c570 KEYCLOAK-19138 nginx x509 client trusted certificate lookup 2022-09-01 15:02:56 -03:00
Thomas Darimont
43623ea9d0 KEYCLOAK-18499 Add max_age support to oauth2 brokered logins 
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
 2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7 Fixed handling of required setting for email in user profile. 
Resolves #13923
 2022-08-31 17:19:19 -03:00
Nagy Vilmos
f6db484172
Keep the locale related authNotes through the IdentityBroker flow. (#10444) 
Closes #8827
 2022-08-31 09:37:26 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling 
Closes #13189
 2022-08-31 08:42:47 +02:00
Moritz H
c4971d179c
KEYCLOAK-18273 Display Idp displayName if available (#8087) 
Co-authored-by: moritz.hilberg <moritz.hilberg@pwc.com>
 2022-08-30 15:32:27 -03:00
Manato Takai
1cdc21f0ff
Add duplicate parameter check for UserInfo endpoint. (#14024) 
Closes #14016
 2022-08-30 14:39:15 +02:00
Réda Housni Alaoui
3f088bfd21
KEYCLOAK-17013 Brute force protection: Successfully logged in user should not have to wait up to 5 seconds for event processing (#7748) 2022-08-29 19:41:35 +02:00
Tero Saarni
4f199c7245 Fix compilation errors with Eclipse Java compiler 2022-08-29 19:33:12 +02:00
Nemanja Hiršl
b7309e86d9
Closes #8992 - Extending DefaultBruteForceProtector (#8993) 
* Closes #8992 - Extending DefaultBruteForceProtector

* Update services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtectorFactory.java

* Update services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtectorFactory.java

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-08-29 16:43:13 +02:00
Stian Thorgersen
aeba5e9f4b
Add FreeMarkerProvider to prevent multiple instances of FreeMarker templates (#14062) 
* Add FreeMarkerProvider to prevent multiple instances of FreeMarker templates

Closes #19185
 2022-08-29 08:42:53 -03:00
jsarem
f0397f33b4
Expose same common informational variables to all email body templates (#13998) 
Closes #14017
 2022-08-29 08:09:18 +02:00
Jason
c6c65ad10b
Check IdP display name length before capitalizing (#13151) 
https://github.com/keycloak/keycloak/issues/13150

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-08-26 13:16:10 +02:00
Hawk Newton
b1487b9d72
Increase max size of additional request params (#8382) 
Closes #14015
 2022-08-26 09:34:43 +02:00
GQ
518d318f0c
Update CorsPreflightService.java (#8387) 
Adding DELETE & PUT

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-08-26 08:00:55 +02:00
Joerg Matysiak
62790b8ce0 Allow permission configuration for username and email in user profile. 
Enhanced Account API to respect access to these attributes.

Resolves #12599
 2022-08-25 21:54:51 -03:00
supersoaker
e47bbba7ef
added possibility to use user in terms.ftl (#7831) 2022-08-25 15:08:38 +02:00
Clay Risser
f145667144
Fixed spelling error (#13595) 
Fixes issue #13594

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-08-25 12:46:43 +02:00
Christoph Leistert
5408d25e09
Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm. (#10660) 
* Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm.

* Fixes #10656: Added some tests
 2022-08-25 09:02:07 +02:00
Erich Bremer
c98a760beb
remove javax.json and replace with FasterXML (#11554) 
remove javax.json and replace with FasterXML to be consistent with the rest of the project.

Closes #11544
 2022-08-25 08:49:22 +02:00
Pedro Igor
ddcf0f45f9 Run import within the context of the realm being imported 
Closes #12289
 2022-08-25 08:18:43 +02:00
Pedro Igor
25be07be17 Allow introspecting tokens issued during token exchange with delegation semantics 
Closes #9337
 2022-08-24 09:47:04 -03:00
Takashi Norimatsu
8c1ea4b47c mTLS binding support for password grant 
Closes #13662
 2022-08-24 11:44:48 +02:00
Konstantinos Georgilakis
c5b9dc1e7b set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext) 
Closes #13162
 2022-08-23 17:33:07 +02:00
Konstantinos Georgilakis
baa89debd9 Correct isValidScope method of TokenManager for Dynamic scopes 
Closes #13158
 2022-08-23 16:30:04 +02:00
Konstantinos Georgilakis
2002fd983b Showing consent screen text instead of scope name in consent part of Application page in Account console 
Closes #13109
 2022-08-23 11:22:31 +02:00