libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
14353 commits 4 branches 5 tags 480 MiB
Commit graph

14353 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pedro Igor
243e63c9f3 Do not set empty permissions to username and email attributes 
Closes #11647
 2022-06-07 10:59:35 -03:00
Pedro Igor
5f349195bb Provide a separate guide for configuring the server truststore 
Closes #12260
 2022-06-07 10:57:37 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API (#11199) 2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration (#12244) 
Closes #12243
 2022-06-07 09:02:00 +02:00
Martin Kanis
df72cf72f2 Hot Rod map storage: Single-use (action token) no-downtime store 2022-06-06 16:01:18 +02:00
Bruno Oliveira da Silva
a102e28dbb Update webauthn4j to 0.20.0 
A new version which contains a couple of
bug fixes plus CVE updates for its dependencies:

Breaking changes
    - Add EdDSA support #662
    - Correct AuthenticationAlgorithm(0x0011) value #657

Dependency Upgrades
    - Bump spring-boot-dependencies from 2.6.7 to 2.7.0 #661
    - Bump jacksonVersion from 2.13.2 to 2.13.3 #660
    - Bump kerby-asn1 from 2.0.1 to 2.0.2 #659
Bump checker-qual from 3.21.4 to 3.22.0 #654

Resolves #12311
 2022-06-06 13:45:17 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
Alexander Bokovoy
1915f11cba OAuth2DeviceConfig: fix polling interval defaults 
Instead of DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL, constant for the
lifespan was used to initialize the default polling interval.

This leads to inability to continuously poll the result as the result
stuck in the actionTokens cache for far longer than expected (600
seconds instead of 5 seconds). As a result, only the first request for
the token succeeds if a resource owner already did grant the access. If
that has not happened, any additional polling within 600 seconds would
get rejected with a 'slow_down' response.

This makes hard to write OAuth 2.0 clients using device code
authorization grant flow against multiple IdPs. Microsoft's
implementation of OAuth 2.0 device code grant flow requires 'nudging'
the Authorization Server's token endpoint before it even starts
recognizing the device code. Keycloak mismatch of the polling interval
default makes this flow impossible.

Closes #12327

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 2022-06-06 11:54:56 +02:00
Takashi Norimatsu
3889eeda30 Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API 
Closes #12295
 2022-06-06 11:30:48 +02:00
Nick Farley
91e88f554e Replaces instances of himself with more inclusive language 
Closes #12300
 2022-06-03 12:25:14 -03:00
andreaTP
f9c6ea84ad Respect http-relative-path with probes 2022-06-03 12:23:36 -03:00
vramik
c31d37ddf1 Each JpaRootEntity should have its own current schema version 
Closes #12272
 2022-06-02 17:16:34 +02:00
Michal Hajas
09c0a69a8f Add HotRod no downtime store for events 
Closes #9676
 2022-06-02 13:30:19 +02:00
andreaTP
0a8e132c7c Refactor the packages structure of the operator 2022-06-01 17:30:47 -03:00
Adam Jones
74870a2ac6
Update issues link to GitHub issues rather than JBoss/RedHat JIRA (#12218) 
* Update welcome page link to GitHub issues rather than JBoss/RedHat JIRA

* Update GOVERNANCE.md

* Update index.ftl
 2022-06-01 15:20:36 +02:00
Salih Candir
990df8feb5
fix wrong xRobotsTag label bound (#12288) 
Set the `for` attribute of the xRobotsTag label to `xRobotsTag`

Closes #12286
 2022-06-01 15:18:38 +02:00
Martin Kanis
75754eca6b Extract timestamp from Expirable entity 2022-06-01 13:03:31 +02:00
Alexander Schwartz
6c3d25fd8f Limit the number of clientSessionIds in the test 
Before it was 1500 client sessions, now its only 150 client sessions. This should help to keep the test within its time constraint of 60 + 30 seconds.

Closes #12264
 2022-05-31 17:10:49 +02:00
mposolda
f90fbb9c71 Changing locale on logout confirmation did not work 
Closes #11951
 2022-05-31 16:03:58 +02:00
andreaTP
8f54f03f17 Fix CodeQl actions syntax 2022-05-31 08:53:42 -03:00
andreaTP
8912b6dc96 Improve Operator CI robustness 2022-05-31 08:52:40 -03:00
Takashi Norimatsu
d083b6c484 ciba http auth channel sends client_id and client_secret via delegation request 
Closes #10993
 2022-05-31 08:22:50 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store 
Closes #9669
 2022-05-30 21:05:34 +02:00
andreaTP
7c7588e8db Make OLM tests Maven build self-contained 2022-05-30 15:23:11 -03:00
Pedro Igor
ea22989d89 Fixing ClientTokenExchangeTest to also run when TLS is disabled 
Closes #11818
 2022-05-30 11:23:46 -03:00
Pedro Hos
e121371401 /clients-registrations API doesn't return secret anymore and is not coherent #11116 
/clients-registrations API doesn't return secret anymore and is not coherent

fixing merge

/clients-registrations API doesn't return secret anymore and is not coherent

fixing test that was failing

Replace tabs with regular spaces

fixing identation

/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116

fixing test that was failing
 2022-05-30 15:18:56 +02:00
mposolda
4222de8f41 OIDC RP-Initiated Logout POST method support 
Closes #11958
 2022-05-30 14:10:58 +02:00
Pedro Igor
c0fd3b89ea Fixing docs to state that substitution only works when importing at startup 
Closes #12069
 2022-05-30 08:09:00 -03:00
Stefan Guilhen
808738220f Change CodeGenerateUtil so that it doesn't add/remove the code in an inner transaction 
Fixes #11617
 2022-05-30 12:55:48 +02:00
Michal Hajas
9b36ea0269 Add cascade removal of client session on user session removal for HotRod 
Closes #12096
 2022-05-30 09:58:54 +02:00
Michal Hajas
1a98765fb7 Fix cascade removal of client session on user session removal for CHM 
Closes #12146
 2022-05-30 09:58:54 +02:00
Marek Posolda
cf386efa40
Support for client_id parameter in OIDC RP-Initiated logout endpoint (#12202) 
Closes #12002


Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2022-05-27 14:12:37 +02:00
Alexander Schwartz
063960aaa3 Deferred indexes are not available on CockroachDB, therefore, only use them on PostgreSQL 
Closes #12176
 2022-05-27 08:51:20 -03:00
Dmitry Telegin
86883fd68a
Remove org.keycloak.protocol.oidc.TokenManager.RefreshResult (#12196) 
Closes #12194
 2022-05-27 13:00:10 +02:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 (#11322) 
Closes #9945
 2022-05-27 12:28:50 +02:00
Luca Leonardo Scorcia
27650ab816 Fix #10982 SAML Client - Introduce SAML Issuer validation 2022-05-27 10:58:10 +02:00
Robert Pocklington
c462468577
Fix typo in keycloak.d.ts (#12197) 
Resolves #12212
 2022-05-26 15:45:10 -03:00
Martin Bartoš
d8cded994f
WebAuthn test failures in admin console (#12161) 
Resolves #12160
 2022-05-26 12:55:22 -03:00
andreaTP
d66710205c Refactor dist config to a common module 2022-05-26 12:07:03 -03:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store 
Closes #11947
 2022-05-26 13:17:27 +02:00
Ian
78b88765ec
use toString() instead of cast String or it will fail when using Spring configtree (#10980) 
Resolves #10979
Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
 2022-05-25 16:41:00 -03:00
Alexander Schwartz
8fe263e7b3 Build operator dependencies first before testing it 
Closes #11641
 2022-05-25 16:40:13 -03:00
Pedro Igor
6156272f39
Persisted config source not loading properties at runtime (#12157) 
Co-authored-by: Dominik Guhr <dguhr@redhat.com>
 2022-05-25 16:29:37 -03:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
dependabot[bot]
6dda69a634
Update github/codeql-action from 2.1.10 to 2.1.11 (#12150) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-25 10:51:51 -03:00
Pedro Igor
26c87af9f4 Avoiding unnecessary roundtrips to the database when evaluating permissions 
Closes #12148

Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2022-05-25 12:23:15 +02:00
vramik
ad3da7f5e4 JPA map storage: disable failing on unknown properties when deserializing the object 
Closes #12173
 2022-05-25 09:31:40 +02:00
vramik
2cbc167435 JPA map storage: model tests fails with NPE 
Closes #12165
 2022-05-25 09:28:08 +02:00
andreaTP
756b6c2f87 Filter CodeQL actions to only run on main repo 2022-05-24 17:51:16 -03:00
Martin Bartoš
86f31e8df5 Fix BlacklistPasswordPolicyDefaultPath Failures on Windows 
Fixes #11967
 2022-05-24 17:26:19 -03:00