keycloak-scim

Author	SHA1	Message	Date
Takashi Norimatsu	1f5ee9bf80	NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token closes #25022 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2023-11-27 08:49:48 +01:00
rmartinc	1241bd2919	Fix lowerCaseHostname to lower-case scheme and host properly Closes https://github.com/keycloak/keycloak/issues/24792 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-20 10:00:50 +01:00
Hynek Mlnarik	70d0f731f5	Use session ID rather than broker session ID Closes: #24455 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2023-11-16 17:01:40 +01:00
Vlasta Ramik	d86e062a0e	Removal of retry blocks introduced for CRDB Closes #24095 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-11-16 13:50:56 +01:00
Hynek Mlnařík	0ceaed0e2e	Transient users: Consents (#24496 ) closes #24494	2023-11-10 11:18:27 +01:00
Joshua Sorah	7ca00975d4	Feature flag DPoP metadata in OIDC Well Known endpoint Closes keycloak/keycloak#24547 Signed-off-by: Joshua Sorah <jsorah@gmail.com>	2023-11-06 03:13:57 -08:00
rmartinc	d7bb59461d	Escape $ sign when replacing clientId in the role mappers Closes https://github.com/keycloak/keycloak/issues/23692	2023-11-01 20:47:15 +01:00
rokkiter	e1735138cb	clean util * (#24174 ) Signed-off-by: rokkiter <yongen.pan@daocloud.io>	2023-11-01 17:14:11 +01:00
Hynek Mlnarik	2c4d58f5af	Fix KcOidcBrokerTransientSessionsTest Closes: #24313	2023-10-26 14:36:01 +02:00
Hynek Mlnarik	26328a7c1e	Support for transient sessions via lightweight users Part-of: Add support for not importing brokered user into Keycloak database Closes: #11334	2023-10-25 12:02:35 +02:00
ggraziano	84112f57b5	Verification of iss at refresh token request Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method. Closes #22191	2023-10-24 23:42:11 +02:00
Thomas Darimont	e567210ed1	Add dedicated feature flag for oauth device grant flow (#23892 ) Closes #23891	2023-10-24 10:09:26 +02:00
shigeyuki kabano	6112b25648	Enhancing Light Weight Token(#22148 ) Closes #21183	2023-10-17 13:12:36 +02:00
Moritz Becker	e9f08b6500	Do not return empty scope field in token introspection response Closes #16526	2023-10-13 08:36:12 +02:00
duckboy81	197b39492e	Update TokenManager.java Fixed minor spelling typos	2023-10-12 14:56:24 +02:00
Marek Posolda	a6609bd969	Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517 ) Closes #12406 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-10 21:54:37 +02:00
rmartinc	10c1e3ba6d	Client roles should be mapped to any claim name Closes https://github.com/keycloak/keycloak/issues/22349	2023-09-27 08:11:22 -03:00
Maria Arias de Reyna	c15753266f	fix(Closes #21236 ): Adding client-id to logout event	2023-09-25 13:20:26 +02:00
Justin Tay	7d3104ee76	Allow public clients to use PAR endpoint Closes #8939	2023-09-21 13:57:42 +02:00
rmartinc	082b0ed308	verifyRedirectUri should return null when the passed redirectUri is invalid Closes https://github.com/keycloak/keycloak/issues/22778	2023-09-21 08:19:00 +02:00
rmartinc	f8a9e0134a	Ensure that the EncryptedKey is passed to the DecryptionKeyLocator for SAML Closes https://github.com/keycloak/keycloak/issues/22974	2023-09-20 15:09:18 +02:00
Jon Koops	e86bf1f0b2	Remove `P3P` header from authentication flow Closes #23348	2023-09-19 08:50:33 -03:00
stianst	211c027adb	Remove use of Guava in services Closes #23009	2023-09-07 08:59:02 +02:00
Pedro Igor	13e5a02b9f	Role mappers must return a single value when they are not multivalued Closes #20218	2023-08-31 19:16:12 +02:00
rmartinc	b67ede2a30	RedirectUtils needs to use KeycloakUriBuilder with no parameter parsing Closes https://github.com/keycloak/keycloak/issues/22424	2023-08-17 09:11:08 +02:00
Takashi Norimatsu	258711ef4f	DPoP verification in UserInfo endpoint closes #22215	2023-08-07 10:49:33 +02:00
Takashi Norimatsu	9d0960d405	Using DPoP token type in the access-token and as token_type in introspection response closes #21919	2023-08-07 10:40:18 +02:00
Takashi Norimatsu	9a921441cc	Adjustements to the behaviour of dpop_bound_access_tokens switch closes #21920	2023-07-27 11:30:01 +02:00
Takashi Norimatsu	0ddef5dda8	DPoP support 1st phase (#21202 ) closes #21200 Co-authored-by: Dmitry Telegin <dmitryt@backbase.com> Co-authored-by: mposolda <mposolda@gmail.com>	2023-07-24 16:44:24 +02:00
Takashi Norimatsu	05b8b9ee51	Enhancing Pluggable Features of Token Manager closes #21182	2023-07-24 09:16:29 +02:00
Takashi Norimatsu	2efd79f982	FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification Closes #20584	2023-07-24 09:11:30 +02:00
mposolda	03716ed452	Keycloak forgets ui_locales parameter when using reset password closes #10981	2023-07-18 09:24:12 +02:00
mposolda	ccbddb2258	Fix updating locale on info/error page after authenticationSession was already removed Closes #13922	2023-07-03 18:57:36 -03:00
Fouad Almalki	b336732251	Add iat to JWT passed to CIBA HttpAuthenticationChannel (#21280 ) Closes #21283	2023-06-29 07:55:57 +02:00
Ricardo Martin	1973d0f0d4	Check the redirect URI is http(s) when used for a form Post (#22 ) Closes https://github.com/keycloak/security/issues/22 Co-authored-by: Stian Thorgersen <stianst@gmail.com> Signed-off-by: Peter Skopek <pskopek@redhat.com>	2023-06-28 17:52:48 -03:00
Pedro Igor	28aa1d730d	Verify holder of the device code (#21 ) Closes https://github.com/keycloak/security/issues/32 Co-authored-by: Stian Thorgersen <stianst@gmail.com> Conflicts: services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java	2023-06-28 15:45:26 +02:00
Douglas Palmer	c75bf31398	Empty shortVerificationUri not the same with default (null) value closes #20851	2023-06-27 14:57:24 +02:00
Takashi Norimatsu	f6ecc3f3f8	FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request closes #20710	2023-06-26 12:09:25 +02:00
Douglas Palmer	a0d1ac6baa	processGrantRequest in TokenEndPoint uses new TokenManager instead of this.tokenMananager closes #20978	2023-06-23 08:12:44 +02:00
rmartinc	ecf52285bc	Simplify TokenManager expiration calculations using SessionExpirationUtils Closes https://github.com/keycloak/keycloak/issues/20794	2023-06-13 10:09:47 +02:00
rmartinc	61968bf747	Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper Closes https://github.com/keycloak/keycloak/issues/19767	2023-06-08 11:12:24 -03:00
Pedro Hos	9ebd94a3a8	Userinfo endpoint doesn't accept charset #20671 Closes 20671	2023-06-07 08:08:05 +02:00
rmartinc	81aa588ddc	Fix and correlate session timeout calculations in legacy and new map implementations Closes https://github.com/keycloak/keycloak/issues/14854 Closes https://github.com/keycloak/keycloak/issues/11990	2023-06-05 18:46:23 +02:00
Alexander Schwartz	cd9e0be9f0	Filter first, then sort, and avoid atomics Closes #20394	2023-06-05 11:23:54 +02:00
stianst	0832992e59	Removing OpenShift integration and moving to separate extension closes #20496 Co-authored-by: mposolda <mposolda@gmail.com>	2023-05-30 17:39:32 +02:00
Pedro Igor	c22972af9c	Avoid using user property mapper when resolving root user attributes Closes #20613	2023-05-29 14:30:05 +02:00
Yoshiyuki Tabata	bd37875a66	allow specifying format of "permission" parameter in the UMA grant token endpoint (#15947)	2023-05-29 08:56:39 -03:00
Dominik Schlosser	8c58f39a49	Updates Datastore provider to contain full data model Closes #15490	2023-05-16 15:05:10 +02:00
Alexander Schwartz	bd7f62acc3	Use retry-logic only for the map storage This is a performance optimization that the retry doesn't affect the legacy store. Closes #20176	2023-05-15 10:20:35 +02:00
Alexander Schwartz	0f481da77f	Avoid creating instances of HashMap to generate a single MapEntry This is a performance optimization. Closes #20176	2023-05-15 10:20:35 +02:00

1 2 3 4 5 ...

938 commits