libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions
11030 commits 4 branches 9 tags 483 MiB
Commit graph

123 commits

Author SHA1 Message Date
mposolda
3eb9134e02 KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint 2016-08-12 15:51:14 +02:00
Bill Burke
83306963e8 jta transaction abstraction 2016-08-08 12:32:36 -04:00
Bill Burke
46b4bb0909 KEYCLOAK-3268 2016-07-27 09:28:48 -04:00
Erik Mulder
f4ead484de KEYCLOAK-2474 Possibility to add custom SPI and extend the data model 2016-06-20 10:56:33 +02:00
Pedro Igor
086c29112a [KEYCLOAK-2753] - Fine-grained Authorization Services 2016-06-17 02:07:34 -03:00
Bill Burke
4c9a0b45d4 Merge pull request #2229 from thomasdarimont/issue/KEYCLOAK-2489-script-based-authenticator-definitions 
KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
 2016-06-05 11:12:05 -04:00
Thomas Darimont
a2d1c8313d KEYCLOAK-3081: Add client mapper to map user roles to token 
Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token.
Each protocol mapper supports to use a prefix string that is prepended to each role name.

 The client role protocol mapper can specify from which client the roles should be considered.
 Composite Roles are resolved recursively.

Background:
Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures.
In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure
(e.g. comma separated list) as a top-level  (ID/Access) Token attribute that can easily be matched with a regex.

In order to differentiate between client specific roles and realm roles it is possible to configure
both separately to be able to use the same role names with different contexts rendered as separate token attributes.
 2016-06-03 15:52:58 +02:00
Thomas Darimont
c8d47926b8 KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions. 
This is a POC for script based authenticator support.
Introduced a ScriptBasedAuthenticator that is bootstraped via a
ScriptBasedAuthenticatorFactory can be execute a configured script
against a provided execution context.
Added an alias property to the AuthFlowExecutionRepresentation in order
to be able to differentiate multiple instances of an Authenticator
within the same AuthFlow.

For convenience editing the AngularJS bindings for the ACE editor were
added for fancy script editing - this needs to be cut down a bit wrt to
themes and supported scripts - e.g. we probably don't expect users to write
authenticator scripts in Cobol...
Removed currently not needed ACE sytax highlighting and themes.

Scripting is now available to all keycloak components that have access to the KeycloakSession.
Introduced new Scripting SPI for configurable scripting providers.
 2016-04-27 14:37:13 +02:00
Pedro Igor
81e4f4b351 [KEYCLOAK-2835] - Adding SOAP binding to the list of supported SingleSignOnService. 2016-04-20 08:48:59 -03:00
Stian Thorgersen
bdfc9b8efc KEYCLOAK-2637 
ModelExceptionMapper uses AdminMessagesProvider which loads messages outside of themes
 2016-03-11 12:08:28 +01:00
Bill Burke
fd49213cb9 KEYCLOAK-2477 2016-02-17 17:02:14 -05:00
Stian Thorgersen
c7a8742a36 KEYCLOAK-1524 
Source code headers
 2016-02-03 11:20:22 +01:00
Bill Burke
6c020661e8 saml subsystem model changes 2016-01-30 07:13:13 -05:00
Bill Burke
449bc5c4dc KEYCLOAK-2387 2016-01-26 14:19:53 -05:00
Vlastimil Elias
4e23311318 KEYCLOAK-2348 - Social login provider for Microsoft account - KC master 
branch
 2016-01-22 11:03:08 +01:00
Bill Burke
efd8317259 final re-org work 2016-01-20 17:26:26 -05:00
Bill Burke
d9487a8745 social broker reorg 2016-01-20 16:46:38 -05:00
Bill Burke
01f3c6ceb7 reorg event log/email 2016-01-20 15:38:09 -05:00
Bill Burke
4ed1eb66ee truststore httpclient 2016-01-19 17:29:16 -05:00
Bill Burke
46634b386e reorg freemarker 2016-01-19 11:33:59 -05:00
Bill Burke
b403c9b934 broker and social 2016-01-16 09:15:17 -05:00
Bill Burke
007e9530ec brute force refactr, mv protocol 2016-01-15 19:25:28 -05:00
Bill Burke
5017d71383 exportimport and timer and events 2016-01-15 19:07:17 -05:00
Thomas Darimont
46991764d4 KEYCLOAK-2040 - Add support for Conditional OTP auth. 
Previously it was not possible to conditionally show a OTP authentication
form. This PR adds support to conditionally require OTP authentication
based on a custom user attribute, a role, a request header pattern
(with black- and whitelisting) as well as a configurable default in
case no condition matches.
 2016-01-11 17:39:42 +01:00
Bill Burke
64de96d34b installation provider 2016-01-06 16:49:58 -05:00
tsudot
162dd4051d KEYCLOAK-1900 Add password hash SPI and provider 
- Default encoder set to Pbkdf2PasswordEncoder
 2015-12-08 13:25:59 +01:00
Stian Thorgersen
be040eaa18 KEYCLOAK-2133 KEYCLOAK-1782 2015-11-25 18:58:05 +01:00
Bill Burke
41331111da resolve conflicts 2015-11-18 09:39:19 -05:00
Bill Burke
bff334d365 group token/assertion and tests 2015-11-18 09:36:47 -05:00
Stian Thorgersen
bad0a95123 KEYCLOAK-1749 Client registration service 
Changed endpoints of client registration to just clients

Started installation

Added adapter config retrival to client reg
 2015-11-16 13:24:56 +01:00
mposolda
4ca442d1b2 KEYCLOAK-1750 Option updateProfileOnFirstLogin moved from IdentityProvider to IdpReviewProfile authenticator 2015-11-10 11:06:23 +01:00
mposolda
99e75c69a0 KEYCLOAK-1750 First broker login - support for change password after first social login 2015-11-10 10:25:31 +01:00
mposolda
adbf2b22ad KEYCLOAK-1750 Improve first time login with social. Added 'first broker login' flow 2015-11-09 10:34:55 +01:00
Stian Thorgersen
2faf0eccdb Refactored client registration service 2015-10-12 08:31:39 +02:00
Stian Thorgersen
55deedd3b8 KEYCLOAK-1868 Import clients through admin console 
KEYCLOAK-1869 Add root url to clients that should be used to resolve relative urls
 2015-09-29 12:16:05 +02:00
mposolda
7028496601 KEYCLOAK-1295 pluggable client authentication. Support authenticate clients with signed JWT 2015-08-17 23:21:23 +02:00
Bill Burke
c0f3d851db reset password refactor/flow 2015-08-16 12:23:15 -04:00
Bill Burke
fe9dc4a28d non-browser flow 2015-07-21 20:56:05 -04:00
Stian Thorgersen
1642ac2394 KEYCLOAK-1385 Introduce end-of-line normalization 2015-07-17 13:46:51 +02:00
Bill Burke
39aa09ca36 form action refactor 2015-07-01 14:07:02 -04:00
Bill Burke
afa65d9ead registration flow 2015-06-29 22:12:06 -04:00
Bill Burke
064d677fdc form auth 2015-06-24 21:07:38 -04:00
Bill Burke
70fd7bea99 cleanup authenticators 2015-06-17 17:15:01 -04:00
Bill Burke
c51cc4703b kerberos fixes 2015-06-14 20:58:02 -04:00
Bill Burke
3f62cd9271 terms and conditions 2015-06-11 14:39:08 -04:00
Bill Burke
3dd282e11b pluggable required actions backend 2015-06-10 11:38:01 -04:00
Bill Burke
95349e6e2e clientsession.action to String 2015-06-10 09:21:23 -04:00
Bill Burke
c12fe28b2d phased auth spi introduction 2015-06-03 10:55:03 -04:00
Bill Burke
a2718a889d unfinished working auth spi 2015-05-27 14:28:47 -04:00
Bill Burke
f5e301fe0d merge 2015-05-22 16:15:55 -04:00
Bill Burke
68976f5b0c auth spi datamodel 2015-05-22 16:03:26 -04:00
Leonardo Loch Zanivan
f807c999b6 Initial messages SPI implementation for Admin REST Services. 2015-05-13 11:13:49 -03:00
Stian Thorgersen
4fbbf39c51 KEYCLOAK-1187 Admin console and endpoints 2015-04-13 13:29:31 +02:00
mposolda
477d8b35e3 KEYCLOAK-1116 KEYCLOAK-1117 JSON migration and removal of ClientModel.claimsMask 2015-03-26 11:49:22 +01:00
Stian Thorgersen
ffbb2df1f3 KEYCLOAK-571 OpenID Connect Discovery 
KEYCLOAK-1091 JSON Web Key Set endpoint
KEYCLOAK-790 One OpenID Connect token endpoint URL
 2015-03-12 11:45:13 +01:00
Bill Burke
cdf22669f4 test oidc mappers 2015-03-09 09:05:39 -04:00
Bill Burke
1de285b724 mappers 2015-03-06 18:42:20 -05:00
mposolda
db07d79009 KEYCLOAK-1066 Kerberos credential delegation support 2015-03-06 12:59:29 +01:00
Bill Burke
db2c01caa9 more mappers 2015-03-05 19:55:53 -05:00
Bill Burke
2da925505e saml attribute mappers 2015-02-28 11:17:06 -05:00
Bill Burke
430daf4c39 Merge remote-tracking branch 'upstream/master' 2015-02-25 11:35:04 -05:00
Stian Thorgersen
b6a512b494 KEYCLOAK-934 Extract dependencies into modules 2015-02-25 12:05:48 +01:00
Bill Burke
c20ad93807 claim mappings next phase 2015-02-24 19:37:07 -05:00
Bill Burke
69582ee3be more claims work 2015-02-21 10:26:55 -05:00
Bill Burke
20f12ea960 changes 2015-02-20 09:22:49 -05:00
Stian Thorgersen
67ba1de56f KEYCLOAK-999 Load providers from file-system 2015-01-28 09:15:07 +01:00
Bill Burke
e3609cc85b app importer 2014-10-28 11:54:58 -04:00
Bill Burke
75a3093dda login refactor phase 2, still more to do 2014-09-29 16:15:33 -04:00
Stian Thorgersen
b23463a1d2 KEYCLOAK-653 Add theme support to welcome-pages 2014-09-11 15:58:29 +02:00
Bill Burke
8c5ae9d052 fix mimetype 2014-04-30 14:24:37 -04:00
Stian Thorgersen
c06009d5fb KEYCLOAK-430 Fix bundled war example 2014-04-28 13:36:34 +01:00
Stian Thorgersen
d6e5e376bf Theme support for admin 2014-04-25 13:58:58 +01:00
Stian Thorgersen
97897cab1d KEYCLOAK-15 Customize login and registration forms 2014-02-04 11:45:24 +00:00