libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
25666 commits 4 branches 5 tags 480 MiB
Commit graph

4255 commits

Author SHA1 Message Date
Thomas Darimont
282260dc95 Ensure issued_client_type is always added to successful token-exchange response (#31548) 
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1)
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type

Fixes #31548

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-30 18:33:51 +02:00
rmartinc
a6c70d65ee Do not generate secret when client rep do not specifiy public or bearer 
Closes #31444

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-30 18:32:15 +02:00
Pedro Igor
a79761a447 Support for blocking concurrent requests when brute force is enabled 
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-30 10:01:48 +02:00
Hynek Mlnarik
183cd6c957 Run tests with keycloak.v2 login theme 
The fixes (mostly selectors) are needed for tests.

In the future, to switch the keycloak.v2 to the default theme, do
the following:

- Update `ThemeSelectorProvider`: Uncomment relevant lines
- Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property
- Update `ThemeSelectorTest` per comment

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-30 10:01:17 +02:00
Martin Kanis
d91d6d18d5 Can not update organization group error when trying to create organisation from REST API 
Closes #31144

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes (#29967) 
fixes #30179
fixes #30181


Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-29 16:30:54 +02:00
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs (#31620) 
closes #31581 


Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645 Respect the username value format when processing federated users 
Closes #31240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators (#31549) 
Closes #30476

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:03:21 +02:00
Pedro Igor
04bd6653ec Invalidating domain cache and introducing cache for more query methods 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations 
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Giuseppe Graziano
12732333c8 Client scope assignment for client registration 
Closes #31062

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-26 17:33:49 +02:00
Stefan Guilhen
c9f5a0aa32 Testsuite: ensure realm is set in session context 
Closes #31636

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-26 11:11:44 -03:00
Lex Cao
3818f8f575 Prevent removing flow that used by client flow overrides 
Closes #30707

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-07-26 16:05:29 +02:00
vramik
01f5747eed If the user is federated before the broker is associated with an organization this user is not a managed user 
Closes #30744

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy 
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
 2024-07-24 15:12:16 -03:00
Kamesh Akella
33b3fd313c
Add migration tests for AuroraDB (#31396) 
Fixes #31024
Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
 2024-07-24 16:45:02 +02:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation(#30692) 
closes #30525 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-24 13:45:39 +02:00
Miquel Simon
aab7a912c4
Updated connection configuration for MSSQL test container 
Closes #31558

Signed-off-by: Miquel Simon <msimonma@redhat.com>
 2024-07-24 09:12:58 +00:00
Hynek Mlnarik
a7374f92be Update login theme to login v2 
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
Hynek Mlnarik
ab6ca323db Run docker tests with proper theme and fix chromedriver path 
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
mposolda
3110bb8989 Missing Cache-Control header when response_type parameter is missing in login request 
closes #29866

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-18 10:17:52 +02:00
rmartinc
5ea3becef5 Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest 
Closes #30188
Closes #30641

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-18 10:03:13 +02:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential (#30920) 
closes #30918

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-07-18 09:52:02 +02:00
Martin Kanis
e5848bdcf9 Cannot set unmanagedAttributePolicy without profile attributes 
Closes #31153

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-17 09:53:59 -03:00
Ricardo Martin
3d12c05005
Correctly moves to the next required action (#31358) 
Closes #31014

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>


Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-07-17 09:38:29 +02:00
Pedro Igor
de1de06354 Avoid adding organization flows if they are already exist 
Closes #31182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-17 08:28:00 +02:00
Stefano Azzalini
6d67c1f9cc
Normalize default authentication flow descriptions to start with an uppercase letter (#31277) 
Closes #31291

Signed-off-by: Stefano Azzalini <stefano.azzalini@luminator.com>
 2024-07-16 13:49:35 +02:00
Lex Cao
6c71ad2884 Fallback to no override flow when missing in client override 
Closes #30765

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-07-16 11:33:41 +02:00
Thomas Darimont
2140e573f2
Fix test LDAP connection with multiple ldap connection urls 
Previously, the given connection string was check with URI.create(..) which
failed when multiple space separated LDAP URLs were given.

Closes #31267

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-16 08:57:50 +02:00
Martin Kanis
887db25f00 Allow auto-redirect existing users federated from organization broker when using the username 
Closes #30746

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-15 13:48:45 -03:00
mposolda
1864cf1827 Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25 
closes #31224

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-15 18:30:35 +02:00
Pedro Igor
c33585a5f4 All pubic brokers are shown during authentication rather than only those associated with the current organization 
Closes #31246

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-12 17:51:39 +02:00
Giuseppe Graziano
1df60461a9 Avoid race condition when using initial-access-token 
Closes #27294

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-12 16:33:02 +02:00
Douglas Palmer
9300903674 page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt 
Closes #25440

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-07-12 16:24:21 +02:00
Pascal Knüppel
4028ada2a5
Add required default-context value to VerifiableCredential (#30959) 
closes #30958

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-11 18:25:11 +02:00
Steven Hawkins
4970a9b729
fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD 
closes: #30658

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-07-11 18:07:57 +02:00
rmartinc
096e335a92 Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider 
Closes #30880
Closes #29755

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-11 12:40:45 +02:00
Pedro Igor
da6c9ab7c1 Bruteforce protector does not work when using organizations 
Closes #31204

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-11 00:26:47 +02:00
Jon Koops
a0c99a7ae0
Show full error details in admin and account consoles 
Closes #30705

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-07-10 16:20:26 +02:00
Martin Kanis
922eaa9fc8
Disable username prohibited chars validator when email as username is… (#31140) 
* Disable username prohibited chars validator when email as the username is set

Closes #25339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-10 09:46:24 -03:00
Pedro Igor
d475833361 Do not expose kc.org attribute in user representations 
Closes #31143

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-10 13:43:23 +02:00
Alexander Schwartz
d70f78072e
Make persistent sessions co-exist with remote cache feature (#30859) 
Closes #30855

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-09 09:03:36 +02:00
rmartinc
f78a46485d TE should create a transient session when there is no initial session in client-to-client exchange 
Closes #30614

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-08 15:44:38 -03:00
Pedro Igor
ead1b4a851
Testing ldap connection should not process or bind the credentials (#31081) 
Closes #30821

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-08 13:58:02 +02:00
Pedro Igor
cbf7f208fb
Avoid iterating and updating all group policies when removing groups (#31057) 
Closes #31056

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-08 13:57:20 +02:00
wojnarfilip
3c429b7506 Update social login tests login flows 
Signed-off-by: wojnarfilip <fwojnar@redhat.com>
 2024-07-08 08:48:31 +02:00
Pedro Igor
f010f7df9b Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-03 11:55:04 -03:00
Martin Kanis
e1b735fc41 Identity-first login flow should be followed by asking for the user credentials 
Closes #30339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-03 11:55:04 -03:00