libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
23553 commits 4 branches 5 tags 483 MiB
Commit graph

4277 commits

Author SHA1 Message Date
mposolda
7863c3e563 Moving UPConfig and related classes from keycloak-services 
closes #24535

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-07 12:41:29 +01:00
Joshua Sorah
7ca00975d4 Feature flag DPoP metadata in OIDC Well Known endpoint 
Closes keycloak/keycloak#24547

Signed-off-by: Joshua Sorah <jsorah@gmail.com>
 2023-11-06 03:13:57 -08:00
Oliver
563ae104fd [issue-14134] test partial import user with id 
Fix #14134
 2023-11-02 05:56:12 -07:00
rmartinc
d7bb59461d Escape $ sign when replacing clientId in the role mappers 
Closes https://github.com/keycloak/keycloak/issues/23692
 2023-11-01 20:47:15 +01:00
rokkiter
e1735138cb
clean util * (#24174) 
Signed-off-by: rokkiter <yongen.pan@daocloud.io>
 2023-11-01 17:14:11 +01:00
Pedro Igor
be65ba8689 Make sure optional default attributes are removed when decorating the user-define user profile configuration 
Closes #24420
 2023-11-01 14:54:09 +01:00
mposolda
0bd2b342d7 Update per review 2023-10-31 12:56:46 -07:00
mposolda
6f992915d7 Move some UserProfile and Validation classes into keycloak-server-spi 
closes #24387
 2023-10-31 12:56:46 -07:00
Justin Tay
3ff0476cc3 Allow customization of aud claim with JWT Authentication 
Closes #21445
 2023-10-31 11:33:47 -07:00
rmartinc
7deb4ca545 Group count and PartialExport permission fixes 
Closes https://github.com/keycloak/keycloak/issues/12171
 2023-10-31 01:40:21 -07:00
rmartinc
6484a3e705 Add userProfileEnabled attribute to realm response if admin can view users 
closes https://github.com/keycloak/keycloak/issues/19093
 2023-10-30 07:39:03 -07:00
Alice
69497382d8
Group scalability upgrades (#22700) 
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-26 16:50:45 +02:00
Hynek Mlnarik
2c4d58f5af Fix KcOidcBrokerTransientSessionsTest 
Closes: #24313
 2023-10-26 14:36:01 +02:00
rmartinc
faf398e3c3 Add openapi annotations to the UserProfileResource 
Closes https://github.com/keycloak/keycloak/issues/9318
 2023-10-25 07:44:24 -07:00
Hynek Mlnarik
a668c2cb2b Support for transient brokering in admin console 
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
26328a7c1e Support for transient sessions via lightweight users 
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
 2023-10-25 12:02:35 +02:00
ggraziano
84112f57b5 Verification of iss at refresh token request 
Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method.

Closes #22191
 2023-10-24 23:42:11 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration (#24215) 
closes #24182


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-10-24 20:19:33 +02:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow (#23892) 
Closes #23891
 2023-10-24 10:09:26 +02:00
Erik Jan de Wit
e4632c9e78 move to theme resource 2023-10-23 15:17:18 -07:00
Erik Jan de Wit
f3d387172e changed to realm, because that is the source 2023-10-23 15:17:18 -07:00
Erik Jan de Wit
0f878566ab add new locale endpoint that returns the messages 2023-10-23 15:17:18 -07:00
vramik
a0f04fa2be Declarative User Profile export 
Closes #12062
Resolves #20885
 2023-10-21 19:21:20 +02:00
Pedro Igor
e47389f199 Username now shown when creating a user and edit username is not allowed 
Closes #24183
 2023-10-20 10:22:31 -07:00
Pedro Igor
55a5a8c0eb Ignore custom attributes when processing attributes in verify profile action 
Closes #24077
 2023-10-20 17:51:40 +02:00
mposolda
c18e8ff535 User profile tweaks in registration forms 
closes #24024
 2023-10-20 06:31:21 -07:00
kaustubh-rh
1ac2c0997d
Inconsistent handling of parenthesis in auth flow name (#24113) 
closes #16379
 2023-10-20 10:00:46 +02:00
mposolda
04777299b0 After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly 
closes #23880
 2023-10-19 19:23:50 +02:00
Andrew
77c3e7190c
updates to method contracts and code impl to be more specific about providerAlias (#24070) 
closes #24072
 2023-10-18 08:33:06 +02:00
Pedro Igor
e91a0afca2 The username in account is required and don't change when email as username is enabled 
Closes #23976
 2023-10-17 16:43:44 -03:00
shigeyuki kabano
6112b25648 Enhancing Light Weight Token(#22148) 
Closes #21183
 2023-10-17 13:12:36 +02:00
Pedro Igor
9c19a8972b Removing the default cache metadata 
Closes #23910
 2023-10-13 16:32:55 +02:00
Charley Wu
31759f9c37
WebAuthn support for native applications. Support custom FIDO2 origin validation (#23156) 
Closes #23155
 2023-10-13 15:25:10 +02:00
Moritz Becker
e9f08b6500 Do not return empty scope field in token introspection response 
Closes #16526
 2023-10-13 08:36:12 +02:00
duckboy81
197b39492e Update TokenManager.java 
Fixed minor spelling typos
 2023-10-12 14:56:24 +02:00
ici-dev-gb
32b373f05f
Don't use top-level await for storage access checks (#23793) 
Closes #23743
 2023-10-12 09:28:01 +00:00
Vojtěch Boček
8871983b33
Add support for single-tenant mode to Microsoft Identity Provider (#20699) 
* Add support for single-tenant mode to Microsoft Identity Provider

Fixes #20695
Closes #11207

* Add SocialLoginTest for Microsoft single-tenant variant
 2023-10-10 16:35:36 -04:00
Marek Posolda
a6609bd969
Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517) 
Closes #12406


Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-10-10 21:54:37 +02:00
Pedro Igor
7385ed56c7 Avoid creating the component when there is no component and configuration is not provided 
Closes #20970

Co-authored-by: Pedro Igor <psilva@redhat.com>
 2023-10-10 13:28:48 +02:00
Daniel Fesenmeyer
dd37e02140 Improve logging in case of OIDC Identity provider errors: 
- log the full Redirection URL, when it contains an error parameter, or does not contain the state or code parameter
- log the token endpoint URL (without - possibly confidential - params) and the response body, when the token endpoint does not return a success response

Closes #23690
 2023-10-06 19:03:41 +02:00
mposolda
cdb61215c9 UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed 
closes #23749
 2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile (#23537) 
Closes #23507, #23584, #23740, #23774

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-10-06 10:15:39 -03:00
rmartinc
890600c33c Remove backward compatibility for ECDSA tokens 
Closes https://github.com/keycloak/keycloak/issues/23734
 2023-10-06 14:24:48 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. (#22317) 
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
 2023-10-05 15:08:01 +02:00
Justin Tay
55751a0830 Fix client assertion with invalid ES256, ES384, ES512 signatures 
Closes #23721
 2023-10-05 13:07:52 +02:00
Steve Hawkins
fb69936f14 Aligns the logic in the welcome resources 
as a result the quarkus one can be removed

closes keycloak#23243
 2023-09-28 19:33:12 -03:00
Jon Koops
1b6cb7b2a9
Always check storage access before placing test cookie (#23393) 2023-09-27 13:38:53 +02:00
Lucas Hedding
de5aa2e74d
Add createTimestamp to REST service (#23293) 
Closes #14009
 2023-09-27 13:38:16 +02:00
rmartinc
10c1e3ba6d Client roles should be mapped to any claim name 
Closes https://github.com/keycloak/keycloak/issues/22349
 2023-09-27 08:11:22 -03:00
rmartinc
d90640b5a3 Change email checkserveridentity prop as angus mail sets it to true by default 
Closes https://github.com/keycloak/keycloak/issues/22395
 2023-09-26 09:11:16 +02:00
Maria Arias de Reyna
c15753266f fix(Closes #21236): Adding client-id to logout event 2023-09-25 13:20:26 +02:00
Pedro Igor
741f76887c Allow updating email when email as username is set and edit username disabed 
#23438
 2023-09-25 08:19:01 -03:00
Michal Hajas
496c5ad989 Use new findGroupByPath implementation and remove the old one 
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-09-25 10:44:24 +02:00
Justin Tay
7d3104ee76 Allow public clients to use PAR endpoint 
Closes #8939
 2023-09-21 13:57:42 +02:00
rmartinc
082b0ed308 verifyRedirectUri should return null when the passed redirectUri is invalid 
Closes https://github.com/keycloak/keycloak/issues/22778
 2023-09-21 08:19:00 +02:00
rmartinc
f8a9e0134a Ensure that the EncryptedKey is passed to the DecryptionKeyLocator for SAML 
Closes https://github.com/keycloak/keycloak/issues/22974
 2023-09-20 15:09:18 +02:00
Jon Koops
e86bf1f0b2 Remove P3P header from authentication flow 
Closes #23348
 2023-09-19 08:50:33 -03:00
rmartinc
743bb696d9 Allow duplicated keys in advanced claim mappers 
Closes https://github.com/keycloak/keycloak/issues/22638
 2023-09-19 07:49:34 -03:00
Pedro Igor
217a09ce46 Switch to Resteasy Reactive 
Closes #10713
 2023-09-18 09:19:03 -03:00
Thomas Darimont
04d16ed170 Prevent NPE in AuthenticationManager.backchannelLogout (#23306) 
Previously, if the user was already removed from the userSession
and the log level was set to DEBUG, then an NPE was triggered by
the debug log statement during backchannelLogout.

Fixes #23306
 2023-09-18 08:16:51 +02:00
paul
f684a70048 KEYCLOAK-15985 Add Brute Force Detection Lockout Event 2023-09-15 10:32:07 -03:00
Pedro Igor
1442f14c45 Registration page not showing username when edit username is not enabled 
Closes #23185
 2023-09-14 07:32:39 -03:00
Justin Tay
658c0ef19f Send Client ID in token request with JWT Authentication 
Closes #21444
 2023-09-14 10:57:32 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix (#23184) 
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
 2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer
a68ad55a37 Support to define compatible mappers for (new) Identity Providers 
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers

Closes #21154
 2023-09-13 17:19:06 -03:00
Konstantinos Georgilakis
0044472f87 Add regex support in 'Condition - User attribute' execution 
Closes #265
 2023-09-13 08:36:45 +02:00
Erik Jan de Wit
0789d3c1cc
better features overview (#22641) 
Closes #17733
 2023-09-12 16:03:13 +02:00
Thomas Darimont
3908537254
Show expiration date for certificates in Admin Console (#23025) 
Closes #17743
 2023-09-12 07:56:09 -04:00
Marek Posolda
56b94148a0
Remove bearer-only occurences in the documentation when possible. Mak… (#23148) 
closes #23066


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-09-12 09:38:19 +02:00
Erik Jan de Wit
c7dcef7af8
fixed permissions for locale fetch (#23078) 
fixes: #23065
 2023-09-11 15:00:40 -04:00
Adeel Ahmad
4f90124612 Print 'key' in ReadOnlyAttributeUnchangedValidator failure log message 
This change is quite useful for debugging and helps identify which specific attribute makes the update fail. Currently, the full pattern is printed which consists of multiple attributes.
 2023-09-11 10:45:08 -03:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address (#23109) 
Closes #22825
 2023-09-11 08:56:13 +02:00
rmartinc
7da52a43bd Add old LinkedIn provider to the deprecated profile 
Closes https://github.com/keycloak/keycloak/issues/23067
 2023-09-08 10:05:17 +02:00
Marek Posolda
506e2537ac
Registration flow fixed (#23064) 
Closes #21514


Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-09-08 08:05:05 +02:00
Pedro Igor
bc31fde4c0 Broker claim mapper not recognizing claims from user info endpoint 
Closes #12137
 2023-09-07 16:34:45 +02:00
stianst
211c027adb Remove use of Guava in services 
Closes #23009
 2023-09-07 08:59:02 +02:00
Kaustubh B
5ee2ba9372 Added tests 2023-09-07 08:43:35 +02:00
Kaustubh B
c57e775102 Fixed Regex 2023-09-07 08:43:35 +02:00
rmartinc
8887be7887 Add a new identity provider for LinkedIn based on OIDC 
Closes https://github.com/keycloak/keycloak/issues/22383
 2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f Role mappers must return a single value when they are not multivalued 
Closes #20218
 2023-08-31 19:16:12 +02:00
Pedro Igor
ea3225a6e1 Decoupling legacy and dynamic user profiles and exposing metadata from admin api 
Closes #22532

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-08-29 08:14:47 -03:00
Pedro Igor
b779df6a55 Parsing response from user info rather than the access token 
Closes #22581
 2023-08-29 12:23:56 +02:00
rmartinc
b67ede2a30 RedirectUtils needs to use KeycloakUriBuilder with no parameter parsing 
Closes https://github.com/keycloak/keycloak/issues/22424
 2023-08-17 09:11:08 +02:00
Erik Jan de Wit
b4650b7742
use logged in realm as default (#22460) 2023-08-16 14:29:07 -04:00
t0xicCode
822c13ff6f Switch Trusted Host policy redirect verification to URI 
Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI.
The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used.
In contrast, the URI class simply parses the string, ensuring the format is valid.
The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs.
See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation.

Closes #22309
 2023-08-14 10:20:23 +02:00
Pedro Igor
baac060eb1 Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts 
Closes #21751
 2023-08-11 13:32:16 +02:00
Erik Jan de Wit
874d2063b8
only add realm access to the current realm (#21554) 
fixes: #21553
 2023-08-10 12:43:15 +02:00
Takashi Norimatsu
258711ef4f DPoP verification in UserInfo endpoint 
closes #22215
 2023-08-07 10:49:33 +02:00
Takashi Norimatsu
9d0960d405 Using DPoP token type in the access-token and as token_type in introspection response 
closes #21919
 2023-08-07 10:40:18 +02:00
Erik Jan de Wit
339619816a
lazy populate the treeview for groups (#21520) 
* added lazy parameter

fixes: #19954

* changed to only have the parameter

* fixed merge errors

* removed the `lazy` and now add subgroups on select

* lint

* fixed prettier

* fixed nullpointer

* fixed member tab
 2023-08-04 20:19:34 +00:00
Rishabh Dixit
d73298aab6 Add getStatus() to response obj 
Closes #22241
 2023-08-04 18:43:50 +02:00
Marek Posolda
4dc929abb3
Missing client_id validation match when authenticating client with JW… (#22178) 
Closes #22177
 2023-08-03 11:47:55 +02:00
Takashi Norimatsu
ee998fee66 Add FAPI 2.0 security profile as default profile of client policies 
closes #21181
 2023-08-03 09:26:16 +02:00
Ricardo Martin
a8bca522c1
Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627) 
Closes #9004


Co-authored-by: Armel Soro <armel@rm3l.org>
 2023-08-02 09:36:50 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests 
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
 2023-08-01 11:44:25 +02:00
Alexander Schwartz
748c53df7f
Use Java mechanisms to read language files and default to UTF-8 (#21755) 
Closes #21753
 2023-08-01 11:27:10 +02:00
mposolda
6f6b5e8e84 Fix authenticatorConfig for javascript providers 
Closes #20005
 2023-07-31 19:28:25 +02:00
rmartinc
0a7fcf43fd Initial pagination in the admin REST API for identity providers 
Closes https://github.com/keycloak/keycloak/issues/21073
 2023-07-27 14:48:02 +02:00
Takashi Norimatsu
9a921441cc Adjustements to the behaviour of dpop_bound_access_tokens switch 
closes #21920
 2023-07-27 11:30:01 +02:00
Alexander Schwartz
1ec8d3a9a4 Convert LinkExpirationFormatterMethod to Java's ChoiceFormat pattern 
Closes #21887
 2023-07-27 10:30:37 +02:00