libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
23553 commits 4 branches 5 tags 483 MiB
Commit graph

4277 commits

Author SHA1 Message Date
Václav Muzikář
e4c348e99e
Add new --proxy-headers option (#25178) 
* Add new `--proxy-headers` option

Closes #23431

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>

* Address review comments vol. 03

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comments vol. 04

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-13 08:27:55 +01:00
Pedro Igor
78ba7d4a38 Do not allow removing username and email from user profile configuration 
Closes #25147

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-11 08:30:28 +01:00
Sophie Tauchert
1d56e0371e
Make sure authz endpoints are documented in openapi spec 
Closes: #25259

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
 2023-12-08 16:45:13 +01:00
mposolda
90bf88c540 Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers 
closes #24718

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-12-08 12:26:35 +01:00
saumeen prajapati
d829534237
Remove single quote from log string 
Closes #25060

Signed-off-by: saumeen prajapati <psaumeen@gmail.com>
 2023-12-07 20:08:07 +00:00
wojnarfilip
925c5572ad Re-enable Federated Access Token in user sessions 
Closes #25290

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
 2023-12-07 19:55:20 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification (#25323) 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24793
 2023-12-07 12:43:43 +00:00
Fouad Almalki
0e535d2bbe Retrieve ClientConnection by invoking getConnection() instead of getContextObject() 
Signed-off-by: Fouad Almalki <me@fouad.io>
 2023-12-07 13:11:54 +01:00
Stefan Guilhen
7b63d6d500 Remove ResponseSessionTask 
- this was tightly related to retriable transactions added to map store and is no longer needed.

Closes #25309

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2023-12-06 19:53:53 +01:00
Stefan Guilhen
8e918c2ebf Revert changes to OIDCIdentityProvider that enlisted the client logout requests in a separate transaction. 
Closes #25308

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2023-12-06 19:47:04 +01:00
rmartinc
522e8d2887 Workaround to allow percent chars in getGroupByPath via PathSegment 
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-06 14:22:34 -03:00
rmartinc
d004e9295f Do not allow remove a credential in account endpoint if provider marks it as not removable 
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-05 17:11:57 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi (#25206) 
Closes #24103

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-12-01 16:40:56 +00:00
Ricardo Martin
3b26e5d489
Add active RSA key to decryption if deprecated mode (#25205) 
Closes https://github.com/keycloak/keycloak/issues/24652

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-01 13:40:47 +00:00
mposolda
3fa2d155ca Decouple factory methods from the provider methods on UserProfileProvider implementation 
closes #25146

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-01 10:30:57 -03:00
Pedro Igor
c7f63d5843 Add options to change behavior on how unmanaged attributes are managed 
Closes #24934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473) 
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-30 08:57:17 +01:00
Douglas Palmer
d0b86d2f64 Register event not triggered on external to internal token exchange 
Closes #9684

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 15:30:47 -03:00
mposolda
479e6bc86b Update Kerberos provider for user-profile 
closes #25074

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider 
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d Remove lowercase for the hostname as recommended/advised by OAuth spec 
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 10:26:00 -03:00
rmartinc
b6cdcb3c27 Revert "Fix lowerCaseHostname to lower-case scheme and host properly" 
This reverts commit 1241bd2919.

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 10:26:00 -03:00
Douglas Palmer
5ce41a462b NPE in HardcodedUserSessionAttributeMapper on Token Exchange 
Closes #11996

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 09:35:49 -03:00
Douglas Palmer
7e78d29f8d NPE in User Session Note mapper on Token Exchange 
Closes #24200

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 09:35:49 -03:00
hokuda
a83b9d11fa Fix typo in the balloon help of SAML Username Template Importer 
closes #25033

Signed-off-by: hokuda <hisanobu.okuda@gmail.com>
 2023-11-29 09:32:16 -03:00
Douglas Palmer
e99bd4aa3a External to Internal Token exchange fails with Null pointer Exception if the user is not yet registered (first time token exchange) 
Closes #16059

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 09:16:14 -03:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled 
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-11-29 11:06:41 +00:00
Jon Koops
0b9dd21b0a
Attempt to request storage access for cookies (#25055) 
Closes #23872

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2023-11-27 18:23:40 +00:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider 
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax (#25) (#25036) 
Closes https://github.com/keycloak/security/issues/46

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2023-11-27 11:38:14 +01:00
Takashi Norimatsu
1f5ee9bf80 NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token 
closes #25022

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2023-11-27 08:49:48 +01:00
Sophie Tauchert
855aebabc2 Rename clientUuid path parameter to client-uuid for consistency 
Closes #24960

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
 2023-11-23 16:08:58 +01:00
Sophie Tauchert
496c0e7f03 Rename some path parameter placeholders to avoid duplicating {id} in the path 
Closes #24960

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
 2023-11-23 16:08:58 +01:00
Sophie Tauchert
3e17cb0452 Add correct annotation for 204 responses to POST methods returning void 
Closes #24960

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
 2023-11-23 16:08:58 +01:00
Douglas Palmer
efde3adf60 Wrong value for VALIDATED_ID_TOKEN stored in the brokered identity context for external token exchange 
Closes #23985

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-23 11:52:37 -03:00
Douglas Palmer
2ec1d2f7ea Fix logic error in AbstractOAuth2IdentityProvider 
Closes #24943

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-23 11:43:42 -03:00
Tero Saarni
fd58cb1bec Attempt to remove warning about not using inference 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2023-11-23 10:49:58 -03:00
Tero Saarni
e35f3d7e87 Fix compilation error with ServerInfoAdminResource 
This change fixes following type inference error:
* Type mismatch: cannot convert from Map<Boolean,Object> to Map<Boolean,List<String>>

The error comes when opening and compiling on vscode or Eclipse, which uses
Eclipse JDT compiler.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2023-11-23 10:49:58 -03:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings 
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2023-11-22 14:10:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943) 
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-20 14:48:17 +01:00
rmartinc
1241bd2919 Fix lowerCaseHostname to lower-case scheme and host properly 
Closes https://github.com/keycloak/keycloak/issues/24792

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-20 10:00:50 +01:00
Erik Jan de Wit
941457b805 added theme name as parameter 
moved messages to theme bundle

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-11-17 08:35:54 +01:00
rmartinc
5fad76070a Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience 
Closes https://github.com/keycloak/keycloak/issues/24659

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-16 18:22:16 +01:00
Hynek Mlnarik
70d0f731f5 Use session ID rather than broker session ID 
Closes: #24455

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2023-11-16 17:01:40 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB 
Closes #24095

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-11-16 13:50:56 +01:00
rmartinc
cca33baac3 Avoid NPE if RelayState is null and return a proper error 
Closes https://github.com/keycloak/keycloak/issues/24079

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-16 12:56:49 +01:00
Erik Jan de Wit
89abc094d1
userprofile shared (#23600) 
* move account ui user profile to shared

* use ui-shared on admin same error handling

also introduce optional renderer for added component

* move scroll form to ui-shared

* merged with main

* fix lock file

* fixed merge error

* fixed merge errors

* fixed tests

* moved user profile types to admin client

* fixed more types

* pr comments

* fixed some types
 2023-11-14 08:04:55 -03:00
Erik Jan de Wit
fe7833c957
Load Admin Console localizations from resource bundles (#24316) 
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-11-13 12:39:46 -05:00
Hynek Mlnařík
0ceaed0e2e
Transient users: Consents (#24496) 
closes #24494
 2023-11-10 11:18:27 +01:00