keycloak-scim

Author	SHA1	Message	Date
Pedro Igor	28aa1d730d	Verify holder of the device code (#21 ) Closes https://github.com/keycloak/security/issues/32 Co-authored-by: Stian Thorgersen <stianst@gmail.com> Conflicts: services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java	2023-06-28 15:45:26 +02:00
Douglas Palmer	c75bf31398	Empty shortVerificationUri not the same with default (null) value closes #20851	2023-06-27 14:57:24 +02:00
Takashi Norimatsu	f6ecc3f3f8	FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request closes #20710	2023-06-26 12:09:25 +02:00
Douglas Palmer	a0d1ac6baa	processGrantRequest in TokenEndPoint uses new TokenManager instead of this.tokenMananager closes #20978	2023-06-23 08:12:44 +02:00
rmartinc	ecf52285bc	Simplify TokenManager expiration calculations using SessionExpirationUtils Closes https://github.com/keycloak/keycloak/issues/20794	2023-06-13 10:09:47 +02:00
rmartinc	61968bf747	Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper Closes https://github.com/keycloak/keycloak/issues/19767	2023-06-08 11:12:24 -03:00
Pedro Hos	9ebd94a3a8	Userinfo endpoint doesn't accept charset #20671 Closes 20671	2023-06-07 08:08:05 +02:00
rmartinc	81aa588ddc	Fix and correlate session timeout calculations in legacy and new map implementations Closes https://github.com/keycloak/keycloak/issues/14854 Closes https://github.com/keycloak/keycloak/issues/11990	2023-06-05 18:46:23 +02:00
Alexander Schwartz	cd9e0be9f0	Filter first, then sort, and avoid atomics Closes #20394	2023-06-05 11:23:54 +02:00
stianst	0832992e59	Removing OpenShift integration and moving to separate extension closes #20496 Co-authored-by: mposolda <mposolda@gmail.com>	2023-05-30 17:39:32 +02:00
Pedro Igor	c22972af9c	Avoid using user property mapper when resolving root user attributes Closes #20613	2023-05-29 14:30:05 +02:00
Yoshiyuki Tabata	bd37875a66	allow specifying format of "permission" parameter in the UMA grant token endpoint (#15947)	2023-05-29 08:56:39 -03:00
Dominik Schlosser	8c58f39a49	Updates Datastore provider to contain full data model Closes #15490	2023-05-16 15:05:10 +02:00
Alexander Schwartz	bd7f62acc3	Use retry-logic only for the map storage This is a performance optimization that the retry doesn't affect the legacy store. Closes #20176	2023-05-15 10:20:35 +02:00
Alexander Schwartz	0f481da77f	Avoid creating instances of HashMap to generate a single MapEntry This is a performance optimization. Closes #20176	2023-05-15 10:20:35 +02:00
Martin Bartoš	7cff857238	Migrate packages from javax.* to jakarta.* --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java - Modified --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified --- Quarkus3 branch sync no. 10 (17.3.2023) Resolved conflicts: keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java - Modified --- Quarkus3 branch sync no. 9 (10.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified --- Quarkus3 branch sync no. 8 (3.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java Modified - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified --- Quarkus3 branch sync no. 6 (17.2.2023) Resolved conflicts: keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified --- Quarkus3 branch sync no. 5 (10.2.2023) Resolved conflicts: /keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java Modified - Modified keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified --- Quarkus3 branch sync no. 4 (3.2.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified --- Quarkus3 branch sync no. 1 (18.1.2023) Resolved conflicts: keycloak/testsuite/client/ClientPoliciesTest.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified	2023-04-27 13:36:54 +02:00
rmartinc	04ac3a64ee	Adding support for rsa-oaep for SAML encryption Closes https://github.com/keycloak/keycloak/issues/19689	2023-04-26 10:46:10 +02:00
Marek Posolda	8d01109158	Invalid parameter redirect_uri when using an invalid client_id (#19731 ) closes #19662	2023-04-17 15:12:59 +02:00
Stian Thorgersen	f4cabea08c	Make sure the code is bound to the user session (#18 ) (#17380 ) (#17389 ) Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-04-14 14:42:12 +02:00
alwibrm	9f15cf432b	Respecting key use of EC keys in JWKS	2023-04-03 19:06:25 -03:00
rmartinc	c6a1820a47	Use SimpleHttp for SOAP calls Closes https://github.com/keycloak/keycloak/issues/17139	2023-03-31 10:57:47 -03:00
Pedro Igor	6086201fe0	Do not verify identity cookie when processing required actions Closes #17539	2023-03-31 09:56:27 +02:00
mposolda	709c6b5a47	Regressions in redirect URL verification when redirect_uri has encoded path or default port closes #16851 closes #16587	2023-03-30 14:20:10 +02:00
rmartinc	2bb9de1a8c	Allow application/jwt media type for userinfo endpoint Closes: https://github.com/keycloak/keycloak/issues/19346	2023-03-28 08:47:35 -03:00
Konstantinos Georgilakis	fd28cd2d4b	Service Accounts Client must create the Client ID mapper with Token Claim Name as client_id closes #16329	2023-03-23 11:45:34 +01:00
tomjo	705d20d4a2	AllowAllDockerProtocolMapper now allows multiple resourceScopes delimited by spaces as specified by the docker auth token spec. Closes #17187	2023-03-23 09:43:43 +01:00
rmartinc	cab7e50410	Better handling for SAML signatures in POST and REDIRECT bindings Closes https://github.com/keycloak/keycloak/issues/17456	2023-03-15 09:06:59 -03:00
Simon Levermann	96c1cf3c49	Allow mapping of UserSessionNotes into UserInfo Fixes #15369	2023-03-07 15:25:14 +01:00
rmartinc	a56b38c5a6	Don't remove session and don't reset restart cookie if passive check error Closes https://github.com/keycloak/keycloak/issues/11340	2023-03-07 15:10:09 +01:00
Michal Hajas	465019bec4	Extract attachDevice outside of storage layer Closes #17336	2023-03-03 17:58:34 +01:00
Pedro Igor	fbf5541802	Remove duplicated set-cookie header from response when expiring cookies Closes #17192	2023-02-27 14:17:27 -03:00
lpa	3cd413dee1	SOAP backchannel logout for SAML protocol Closes #16293	2023-02-27 14:24:12 +01:00
rmartinc	38a46726e4	Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers Closes https://github.com/keycloak/keycloak/issues/15624	2023-02-27 10:14:48 -03:00
mposolda	f180115d27	Log some details if error happens in CIBA authentication request Closes #14650	2023-02-23 14:36:28 +01:00
Yohan Siguret	82423f38a1	Add user id to TOKEN_EXCHANGE events Co-authored-by: thaDude <ogdude@googlemail.com>	2023-02-22 17:13:48 -03:00
Alexander Schwartz	54048f1e6c	Callers need to indicate if cookies need to be set at the end of the transaction Closes #17141	2023-02-21 11:54:32 +01:00
laskasn	dc8b759c3d	Use encryption keys rather than sig for crypto in SAML Closes #13606 Co-authored-by: mhajas <mhajas@redhat.com> Co-authored-by: hmlnarik <hmlnarik@redhat.com>	2023-02-10 12:06:49 +01:00
Dmitry Telegin	5f39aeb590	Pre-authorization hook for client policies Closes #9017	2023-02-08 15:06:32 +01:00
Pedro Igor	7b58783255	Allow mapping claims to user attributes when exchanging tokens Closes #8833	2023-02-07 10:57:35 +01:00
Konstantinos Georgilakis	c73859794e	Short verification_uri for Device Authorization Request Closes #16107	2023-01-18 08:34:52 +01:00
Pedro Igor	9945135861	Verify if token is revoked when validating bearer tokens (#16394 ) Closes #16388	2023-01-11 14:42:29 +01:00
mposolda	ac490a666c	Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key Closes #16324	2023-01-10 20:39:59 +01:00
Mark Andreev	d900540034	Fix NPE if user not exists Check "userSession.getId().equals(clientUser.getId())" fails if getUserFromToken return non existed user. It is happens when AccessToken.subject relates to non existed user. Closes #16297	2023-01-09 06:43:39 -08:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID，BIN MUHAMMADZAKWAN	ce6b737e33	NPE in userinfo endpoint Closes #15429	2023-01-02 13:53:29 +01:00
Stian Thorgersen	0f2ca3bfdd	fixes from release/20 (#15982 ) * Avoid path traversal vis double-url encoding of redirect URI (#8) (cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f) * Do not resolve user session if corresponding auth session does not exist (#7) * Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9) Co-authored-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2022-12-14 07:46:17 +01:00
mposolda	f4e91a5312	The redirect URI cannot be verified during logout in the case when client was removed closes #15866	2022-12-07 08:20:30 +01:00
Pedro Igor	022d2864a6	Make sure JAX-RS resource methods are advertizing the media type they support Closes #15811 Closes #15810	2022-12-06 08:13:43 -03:00
Pedro Igor	168734b817	Removing references to request and response from Resteasy Closes #15374	2022-12-01 08:38:24 -03:00
Stefan Guilhen	5c2a5fac31	Enable all test methods in ConcurrentLoginTest for JPA Map Storage - Tests still disabled for Hotrod and CHM - Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB. Closes #12707 Closes #13210	2022-11-24 13:36:22 +01:00
Pedro Igor	28fc5b4574	Removing injection points for Resteasy objects and resolving instances from keycloak context instead Relates #15374	2022-11-21 19:47:25 +01:00

1 2 3 4 5 ...

903 commits