libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
14645 commits 4 branches 5 tags 480 MiB
Commit graph

5648 commits

Author SHA1 Message Date
Clara Fang
4643fd09e3 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() 
This should reduce GC pressure.

Closes #12644
 2022-06-29 08:53:09 +02:00
Konstantinos Georgilakis
ccc0449314 json device code flow error responses 
closes #11438
 2022-06-29 07:23:02 +02:00
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration (#12692) 
Closes #12625
 2022-06-29 07:17:09 +02:00
vramik
6335090092 Use JpaMapStorageProviderFactory for authorization services in model tests 
Closes #12743
 2022-06-28 15:01:49 +02:00
danielFesenmeyer
b6d8c27cac OIDC logout: In "legacy mode", support post_logout_redirect_uri param without requiring id_token_hint param 
Closes #12680
 2022-06-28 14:36:03 +02:00
leandrobortoli
c5d5659100 Fixed bug on client credentials grant when encryption key not found 
Closes #12348
 2022-06-27 13:00:21 +02:00
Lex Cao
f8a7c8e160
Validate name of client scope (#12571) 
Closes #12553
 2022-06-27 12:26:18 +02:00
Pedro Igor
3d2c3fbc6a Support JSON objects when evaluating claims in regex policy 
Closes #11514
 2022-06-23 14:04:09 -03:00
Pedro Igor
d3a40e8620 Use backend baseURL for UMA-related backend endpoints 
Closes #12549
 2022-06-23 10:35:26 -03:00
Takashi Norimatsu
a10eef882f DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent 
Closes #12455
 2022-06-22 13:01:35 +02:00
Takashi Norimatsu
d396ee7d30 CIBA flow : no error on invalid scope 
Closes #12589
 2022-06-22 12:55:55 +02:00
rmartinc
711440e513 [#11036] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL 2022-06-21 10:52:25 -03:00
Stefan Guilhen
7d96f3ad5a Events Map JPA implementation 
Closes #9667
 2022-06-21 13:53:48 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
26198e4b0b Disable tests irrelevant for map storage 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
1a227212de Simplify implementation of a federated storage by moving the default implementation to the abstract base class; this will also allow the quickstarts and implementations derived from that to run without changes. 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package 
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager(): 
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc Added LegacySessionSupport SPI 
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in 
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI 
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad Move realms, clients, groups, roles, clientscopes into legacy module 
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
  of direct creating of area providers by the session
 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Alexander Schwartz
850af55edc Ensure that only JDK 8 APIs are used where JDK 8 is still required. 
Closes #10842
 2022-06-20 14:44:33 -03:00
Michal Hajas
781183e551 Enable indexing for ResourceServerEntity 
Closes #12533
 2022-06-20 10:17:19 +02:00
Martin Bartoš
d8112d7b7e
DB migration tests execution for Quarkus (#12525) 
Closes #12524
 2022-06-20 10:12:37 +02:00
Alexander Schwartz
71e7982a49 Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest 
Also adding try/finally in other places in the integration tests where it was missing.

Closes #12530
 2022-06-16 13:42:55 +02:00
nehachopra27
39cff0750c
[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh (#12386) 
Co-authored-by: nchopra <nchopra@redhat.com>

Resolves #12385
 2022-06-15 11:29:11 -03:00
vramik
1b3a76d0af Do not persist client sessions of transient user sessions 
Closes #12357
 2022-06-15 10:54:23 +02:00
Martin Bartoš
0fef4305b6 Logout confirm page is failing to log the user out on auth-server-wildfly 
Fixes #11753
 2022-06-14 10:46:02 +02:00
mposolda
3aefb59d40 Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user 
Closes #12458
 2022-06-14 10:44:31 +02:00
Alexander Schwartz
c2043da78e When asserting a URL, allow for some time for any redirect to complete. 
Closes #12446
 2022-06-14 07:30:31 +02:00
Christoph Leistert
442eff0169
Closes #11851: Apply localization text from realm default locale when it is not defined for the requested language. (#11852) 2022-06-10 14:36:11 -04:00
Martin Bartoš
2cf089424a
ClientClientScopesTest failures in the test pipeline (#12440) 
Resolves #12439
 2022-06-10 09:13:25 -03:00
Alexander Schwartz
361a813d81 Keep a list of model instances in the JPA map session. 
This allows removing them from the persistence context on bulk delete.

Closes #12384
 2022-06-09 12:39:04 -03:00
Joerg Matysiak
3c19ad627f Repsect permissions configured to firstName and lastName when configured in user profile 
Resolves #12109
 2022-06-09 10:10:15 -03:00
Pedro Igor
8aecba1795 Fixing how realm frontendurl is cached when resolving the hostname 
Closes #11894
 2022-06-08 16:41:25 -03:00
Alexander Schwartz
9272c7a5ec Allow for the backend to return granted scopes in any order. 
Closes #12395
 2022-06-08 08:39:14 -03:00
mposolda
5d2bf6ea33 Cannot find ScriptEngine for JDK8 and Wildfly 
Closes #12247
 2022-06-08 11:11:36 +02:00
Pedro Igor
243e63c9f3 Do not set empty permissions to username and email attributes 
Closes #11647
 2022-06-07 10:59:35 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API (#11199) 2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration (#12244) 
Closes #12243
 2022-06-07 09:02:00 +02:00
Martin Kanis
df72cf72f2 Hot Rod map storage: Single-use (action token) no-downtime store 2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
Takashi Norimatsu
3889eeda30 Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API 
Closes #12295
 2022-06-06 11:30:48 +02:00
Michal Hajas
09c0a69a8f Add HotRod no downtime store for events 
Closes #9676
 2022-06-02 13:30:19 +02:00
Alexander Schwartz
6c3d25fd8f Limit the number of clientSessionIds in the test 
Before it was 1500 client sessions, now its only 150 client sessions. This should help to keep the test within its time constraint of 60 + 30 seconds.

Closes #12264
 2022-05-31 17:10:49 +02:00
mposolda
f90fbb9c71 Changing locale on logout confirmation did not work 
Closes #11951
 2022-05-31 16:03:58 +02:00
Takashi Norimatsu
d083b6c484 ciba http auth channel sends client_id and client_secret via delegation request 
Closes #10993
 2022-05-31 08:22:50 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store 
Closes #9669
 2022-05-30 21:05:34 +02:00
Pedro Igor
ea22989d89 Fixing ClientTokenExchangeTest to also run when TLS is disabled 
Closes #11818
 2022-05-30 11:23:46 -03:00
Pedro Hos
e121371401 /clients-registrations API doesn't return secret anymore and is not coherent #11116 
/clients-registrations API doesn't return secret anymore and is not coherent

fixing merge

/clients-registrations API doesn't return secret anymore and is not coherent

fixing test that was failing

Replace tabs with regular spaces

fixing identation

/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116

fixing test that was failing
 2022-05-30 15:18:56 +02:00
mposolda
4222de8f41 OIDC RP-Initiated Logout POST method support 
Closes #11958
 2022-05-30 14:10:58 +02:00
Michal Hajas
1a98765fb7 Fix cascade removal of client session on user session removal for CHM 
Closes #12146
 2022-05-30 09:58:54 +02:00
Marek Posolda
cf386efa40
Support for client_id parameter in OIDC RP-Initiated logout endpoint (#12202) 
Closes #12002


Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2022-05-27 14:12:37 +02:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 (#11322) 
Closes #9945
 2022-05-27 12:28:50 +02:00
Luca Leonardo Scorcia
27650ab816 Fix #10982 SAML Client - Introduce SAML Issuer validation 2022-05-27 10:58:10 +02:00
Martin Bartoš
d8cded994f
WebAuthn test failures in admin console (#12161) 
Resolves #12160
 2022-05-26 12:55:22 -03:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store 
Closes #11947
 2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
vramik
2cbc167435 JPA map storage: model tests fails with NPE 
Closes #12165
 2022-05-25 09:28:08 +02:00
Martin Bartoš
86f31e8df5 Fix BlacklistPasswordPolicyDefaultPath Failures on Windows 
Fixes #11967
 2022-05-24 17:26:19 -03:00
Martin Bartoš
bb3b88963b
New Account console tests failures (#12050) 
* New Account console tests failures, Fix additional tests, solve issue with headless browsers

Fixes #11323
 2022-05-24 09:36:08 +02:00
vramik
24171d2e47 Rename providers from jpa-map-storage to jpa 
Closes #12098
 2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled 
Closes #12118
 2022-05-23 13:01:30 +02:00
vramik
f8ca25d4a4 Add a profiles testsuite for jpa-map storage 
Closes #12045
 2022-05-20 09:17:33 +02:00
Stian Thorgersen
075e284455
Remove legacy (non-Elytron) WildFly adapter (#11789) 
Closes #11683
 2022-05-18 10:34:47 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation 
Closes #11189
 2022-05-17 12:57:35 +02:00
Michal Hajas
b86f205cda Make KeycloakServer runnable with external Infinispan server 
Closes #12011
Closes #12014
 2022-05-16 21:50:35 +02:00
Takashi Norimatsu
9541852a9b ID token encryption without specifying id_token_encrypted_response_enc does not follow OIDC Dynamic Client Registration specification 
Closes #11392
 2022-05-16 09:05:22 +02:00
Takashi Norimatsu
7fa24d247a Deprecated org.keycloak.jose.jws.Algorithm is used in OIDCAdvancedConfigWrapper 
Closes #11394
 2022-05-16 08:56:57 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one 
Fixes first part of: #11173

* Merge single-use token providers into one

* Remove PushedAuthzRequestStoreProvider

* Remove OAuth2DeviceTokenStoreProvider

* Delete SamlArtifactSessionMappingStoreProvider

* SingleUseTokenStoreProvider cleanup

* Addressing Michal's comments

* Add contains method

* Add revoked suffix

* Rename to SingleUseObjectProvider
 2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities 
Closes #11817
 2022-05-11 07:20:01 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing (#7943) 
Closes #11875
 2022-05-09 18:52:22 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services 
Closes #9679
 2022-05-06 15:31:38 +02:00
Michal Hajas
fc974fc019 Update composite roles on child role removal 
Closes #11769
 2022-05-05 15:18:18 +02:00
Stian Thorgersen
491b3262de
Remove Jetty 9.2 and 9.3 adapters (#11792) 
Closes #11791
 2022-05-04 15:24:46 +02:00
azilentech
f7f24c6ca3 Updated test scenarios 2022-05-03 10:59:31 -03:00
vramik
0d83b51b20 Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field 
Co-authored-by Michal Hajas <mhajas@redhat.com>

Closes #10883
 2022-05-03 12:56:27 +02:00
Hynek Mlnarik
1b1cf266eb Add support for async profiler to model testsuite 
Fixes: #11743
 2022-05-03 12:53:10 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups 
Closes: 11771

see also KEYCLOAK-18308
 2022-05-02 14:13:37 +02:00
Stian Thorgersen
52ca546cfa
Remove Fuse adapters (#11740) 
Closes #11677
 2022-05-02 09:55:52 +02:00
Alexander Schwartz
e2cf6ae92b Disable caching for map storage. 
Also aligns the properties with the integration test suite to avoid confusion.

Closes #11748
 2022-04-29 12:03:18 +02:00
Stian Thorgersen
b65d76edab
Remove EAP6 and AS7 adapters (#11605) 
Closes #11604
 2022-04-28 11:20:44 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed 
Closes #11076
 2022-04-28 11:09:17 +02:00
Alexander Schwartz
29233f33c8 Clear import/export properties at the end of the test 
This avoids the pollution of system properties that might lead to failures following tests.

Closes #11670
 2022-04-28 11:02:16 +02:00
Douglas Palmer
fdcbc9b27b
Automated test for session-limits authenticator with identity brokering (post-broker login flow) (#11723) 
Closes #11004
 2022-04-28 10:29:41 +02:00
Stian Thorgersen
e3f3e65ac5
Remove JDK7 support for adapters (#11607) 
Closes #11606
 2022-04-27 08:33:23 +02:00
vramik
5248815091 Disable infinispan realm and user cache for map storage tests 
Closes #11213
 2022-04-25 09:38:49 +02:00
Martin Bartoš
53ea60b8d5
Remove support for IE (#11271) 
Closes #11268
 2022-04-22 10:38:41 +02:00
Pedro Igor
76d83f46fa
Avoid clients exchanging tokens using tokens issued to other clients (#11542) 2022-04-20 19:14:55 +02:00
Stian Thorgersen
ac79fd0c23
Disallow special characters in usernames to prevent confusion with similarly looking usernames (#11531) 
Closes #11532

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
 2022-04-20 15:53:15 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117) 
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-04-20 14:25:16 +02:00
Martin Bartoš
3aa3db16ea
Fix error response for invalid characters (#11533) 
Fixes #11530
 2022-04-20 11:26:08 +02:00