keycloak-scim

Author	SHA1	Message	Date
Pedro Igor	fa79b686b6	Refactoring user profile interfaces and consolidating user representation for both admin and account context Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-13 08:27:55 +01:00
Pedro Igor	78ba7d4a38	Do not allow removing username and email from user profile configuration Closes #25147 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-12-11 08:30:28 +01:00
Sophie Tauchert	1d56e0371e	Make sure authz endpoints are documented in openapi spec Closes: #25259 Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>	2023-12-08 16:45:13 +01:00
mposolda	90bf88c540	Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers closes #24718 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-12-08 12:26:35 +01:00
saumeen prajapati	d829534237	Remove single quote from log string Closes #25060 Signed-off-by: saumeen prajapati <psaumeen@gmail.com>	2023-12-07 20:08:07 +00:00
wojnarfilip	925c5572ad	Re-enable Federated Access Token in user sessions Closes #25290 Signed-off-by: wojnarfilip <fwojnar@redhat.com>	2023-12-07 19:55:20 +01:00
Vlasta Ramik	df465456b8	Map Store Removal: Remove `LockObjectsForModification` (#25323 ) Signed-off-by: vramik <vramik@redhat.com> Closes #24793	2023-12-07 12:43:43 +00:00
Fouad Almalki	0e535d2bbe	Retrieve ClientConnection by invoking getConnection() instead of getContextObject() Signed-off-by: Fouad Almalki <me@fouad.io>	2023-12-07 13:11:54 +01:00
Stefan Guilhen	7b63d6d500	Remove ResponseSessionTask - this was tightly related to retriable transactions added to map store and is no longer needed. Closes #25309 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2023-12-06 19:53:53 +01:00
Stefan Guilhen	8e918c2ebf	Revert changes to OIDCIdentityProvider that enlisted the client logout requests in a separate transaction. Closes #25308 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2023-12-06 19:47:04 +01:00
rmartinc	522e8d2887	Workaround to allow percent chars in getGroupByPath via PathSegment Closes #25111 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-06 14:22:34 -03:00
rmartinc	d004e9295f	Do not allow remove a credential in account endpoint if provider marks it as not removable Closes #25220 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-05 17:11:57 +01:00
Michal Hajas	ec061e77ed	Remove GlobalLockProviderSpi (#25206 ) Closes #24103 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-12-01 16:40:56 +00:00
Ricardo Martin	3b26e5d489	Add active RSA key to decryption if deprecated mode (#25205 ) Closes https://github.com/keycloak/keycloak/issues/24652 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-12-01 13:40:47 +00:00
mposolda	3fa2d155ca	Decouple factory methods from the provider methods on UserProfileProvider implementation closes #25146 Signed-off-by: mposolda <mposolda@gmail.com>	2023-12-01 10:30:57 -03:00
Pedro Igor	c7f63d5843	Add options to change behavior on how unmanaged attributes are managed Closes #24934 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2023-11-30 06:58:21 -03:00
Steven Hawkins	8c3df19722	feature: add option for creating a global truststore (#24473 ) closes #24148 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2023-11-30 08:57:17 +01:00
Douglas Palmer	d0b86d2f64	Register event not triggered on external to internal token exchange Closes #9684 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2023-11-29 15:30:47 -03:00
mposolda	479e6bc86b	Update Kerberos provider for user-profile closes #25074 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-29 15:21:26 -03:00
rmartinc	16afecd6b4	Allow automatic download of SAML certificates in the identity provider Closes https://github.com/keycloak/keycloak/issues/24424 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-29 18:03:31 +01:00
rmartinc	3bc028fe2d	Remove lowercase for the hostname as recommended/advised by OAuth spec Closes https://github.com/keycloak/keycloak/issues/25001 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-29 10:26:00 -03:00
rmartinc	b6cdcb3c27	Revert "Fix lowerCaseHostname to lower-case scheme and host properly" This reverts commit `1241bd2919`. Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-29 10:26:00 -03:00
Douglas Palmer	5ce41a462b	NPE in HardcodedUserSessionAttributeMapper on Token Exchange Closes #11996 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2023-11-29 09:35:49 -03:00
Douglas Palmer	7e78d29f8d	NPE in User Session Note mapper on Token Exchange Closes #24200 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2023-11-29 09:35:49 -03:00
hokuda	a83b9d11fa	Fix typo in the balloon help of SAML Username Template Importer closes #25033 Signed-off-by: hokuda <hisanobu.okuda@gmail.com>	2023-11-29 09:32:16 -03:00
Douglas Palmer	e99bd4aa3a	External to Internal Token exchange fails with Null pointer Exception if the user is not yet registered (first time token exchange) Closes #16059 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2023-11-29 09:16:14 -03:00
Michal Hajas	2b2207af93	Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled Closes #25077 Signed-off-by: Michal Hajas <mhajas@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-11-29 11:06:41 +00:00
Jon Koops	0b9dd21b0a	Attempt to request storage access for cookies (#25055 ) Closes #23872 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2023-11-27 18:23:40 +00:00
Pedro Igor	2c611cb8fc	User profile configuration scoped to user-federation provider closes #23878 Co-Authored-By: mposolda <mposolda@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-27 14:45:44 +01:00
Stian Thorgersen	a32b58d337	Escape ldap id when using normal attribute syntax (#25 ) (#25036 ) Closes https://github.com/keycloak/security/issues/46 Co-authored-by: Ricardo Martin <rmartinc@redhat.com>	2023-11-27 11:38:14 +01:00
Takashi Norimatsu	1f5ee9bf80	NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token closes #25022 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2023-11-27 08:49:48 +01:00
Sophie Tauchert	855aebabc2	Rename clientUuid path parameter to client-uuid for consistency Closes #24960 Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>	2023-11-23 16:08:58 +01:00
Sophie Tauchert	496c0e7f03	Rename some path parameter placeholders to avoid duplicating {id} in the path Closes #24960 Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>	2023-11-23 16:08:58 +01:00
Sophie Tauchert	3e17cb0452	Add correct annotation for 204 responses to POST methods returning void Closes #24960 Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>	2023-11-23 16:08:58 +01:00
Douglas Palmer	efde3adf60	Wrong value for VALIDATED_ID_TOKEN stored in the brokered identity context for external token exchange Closes #23985 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2023-11-23 11:52:37 -03:00
Douglas Palmer	2ec1d2f7ea	Fix logic error in AbstractOAuth2IdentityProvider Closes #24943 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2023-11-23 11:43:42 -03:00
Tero Saarni	fd58cb1bec	Attempt to remove warning about not using inference Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2023-11-23 10:49:58 -03:00
Tero Saarni	e35f3d7e87	Fix compilation error with ServerInfoAdminResource This change fixes following type inference error: * Type mismatch: cannot convert from Map<Boolean,Object> to Map<Boolean,List<String>> The error comes when opening and compiling on vscode or Eclipse, which uses Eclipse JDT compiler. Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2023-11-23 10:49:58 -03:00
Sebastian Schuster	030f42ec83	More efficient listing of assigned and available client role mappings Closes #23404 Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2023-11-22 14:10:11 +01:00
Thomas Darimont	d30d692335	Introduce MaxAuthAge Password policy (#12943 ) This policy allows to specify the maximum age of an authentication with which a password may be changed without re-authentication. Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible. A value of 0 will always require reauthentication to update the password. Add documentation for MaxAuthAgePasswordPolicy to server_admin Fixes #12943 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-20 14:48:17 +01:00
rmartinc	1241bd2919	Fix lowerCaseHostname to lower-case scheme and host properly Closes https://github.com/keycloak/keycloak/issues/24792 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-20 10:00:50 +01:00
Erik Jan de Wit	941457b805	added theme name as parameter moved messages to theme bundle Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2023-11-17 08:35:54 +01:00
rmartinc	5fad76070a	Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience Closes https://github.com/keycloak/keycloak/issues/24659 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-16 18:22:16 +01:00
Hynek Mlnarik	70d0f731f5	Use session ID rather than broker session ID Closes: #24455 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2023-11-16 17:01:40 +01:00
Vlasta Ramik	d86e062a0e	Removal of retry blocks introduced for CRDB Closes #24095 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-11-16 13:50:56 +01:00
rmartinc	cca33baac3	Avoid NPE if RelayState is null and return a proper error Closes https://github.com/keycloak/keycloak/issues/24079 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-16 12:56:49 +01:00
Erik Jan de Wit	89abc094d1	userprofile shared (#23600 ) * move account ui user profile to shared * use ui-shared on admin same error handling also introduce optional renderer for added component * move scroll form to ui-shared * merged with main * fix lock file * fixed merge error * fixed merge errors * fixed tests * moved user profile types to admin client * fixed more types * pr comments * fixed some types	2023-11-14 08:04:55 -03:00
Erik Jan de Wit	fe7833c957	Load Admin Console localizations from resource bundles (#24316 ) Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2023-11-13 12:39:46 -05:00
Hynek Mlnařík	0ceaed0e2e	Transient users: Consents (#24496 ) closes #24494	2023-11-10 11:18:27 +01:00
mposolda	7863c3e563	Moving UPConfig and related classes from keycloak-services closes #24535 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-07 12:41:29 +01:00
Joshua Sorah	7ca00975d4	Feature flag DPoP metadata in OIDC Well Known endpoint Closes keycloak/keycloak#24547 Signed-off-by: Joshua Sorah <jsorah@gmail.com>	2023-11-06 03:13:57 -08:00
Oliver	563ae104fd	[issue-14134] test partial import user with id Fix #14134	2023-11-02 05:56:12 -07:00
rmartinc	d7bb59461d	Escape $ sign when replacing clientId in the role mappers Closes https://github.com/keycloak/keycloak/issues/23692	2023-11-01 20:47:15 +01:00
rokkiter	e1735138cb	clean util * (#24174 ) Signed-off-by: rokkiter <yongen.pan@daocloud.io>	2023-11-01 17:14:11 +01:00
Pedro Igor	be65ba8689	Make sure optional default attributes are removed when decorating the user-define user profile configuration Closes #24420	2023-11-01 14:54:09 +01:00
mposolda	0bd2b342d7	Update per review	2023-10-31 12:56:46 -07:00
mposolda	6f992915d7	Move some UserProfile and Validation classes into keycloak-server-spi closes #24387	2023-10-31 12:56:46 -07:00
Justin Tay	3ff0476cc3	Allow customization of aud claim with JWT Authentication Closes #21445	2023-10-31 11:33:47 -07:00
rmartinc	7deb4ca545	Group count and PartialExport permission fixes Closes https://github.com/keycloak/keycloak/issues/12171	2023-10-31 01:40:21 -07:00
rmartinc	6484a3e705	Add userProfileEnabled attribute to realm response if admin can view users closes https://github.com/keycloak/keycloak/issues/19093	2023-10-30 07:39:03 -07:00
Alice	69497382d8	Group scalability upgrades (#22700 ) closes #22372 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-26 16:50:45 +02:00
Hynek Mlnarik	2c4d58f5af	Fix KcOidcBrokerTransientSessionsTest Closes: #24313	2023-10-26 14:36:01 +02:00
rmartinc	faf398e3c3	Add openapi annotations to the UserProfileResource Closes https://github.com/keycloak/keycloak/issues/9318	2023-10-25 07:44:24 -07:00
Hynek Mlnarik	a668c2cb2b	Support for transient brokering in admin console Part-of: Add support for not importing brokered user into Keycloak database Closes: #11334	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	26328a7c1e	Support for transient sessions via lightweight users Part-of: Add support for not importing brokered user into Keycloak database Closes: #11334	2023-10-25 12:02:35 +02:00
ggraziano	84112f57b5	Verification of iss at refresh token request Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method. Closes #22191	2023-10-24 23:42:11 +02:00
Marek Posolda	1bd6aca629	Remove RegistrationProfile class and handle migration (#24215 ) closes #24182 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-10-24 20:19:33 +02:00
Thomas Darimont	e567210ed1	Add dedicated feature flag for oauth device grant flow (#23892 ) Closes #23891	2023-10-24 10:09:26 +02:00
Erik Jan de Wit	e4632c9e78	move to theme resource	2023-10-23 15:17:18 -07:00
Erik Jan de Wit	f3d387172e	changed to realm, because that is the source	2023-10-23 15:17:18 -07:00
Erik Jan de Wit	0f878566ab	add new locale endpoint that returns the messages	2023-10-23 15:17:18 -07:00
vramik	a0f04fa2be	Declarative User Profile export Closes #12062 Resolves #20885	2023-10-21 19:21:20 +02:00
Pedro Igor	e47389f199	Username now shown when creating a user and edit username is not allowed Closes #24183	2023-10-20 10:22:31 -07:00
Pedro Igor	55a5a8c0eb	Ignore custom attributes when processing attributes in verify profile action Closes #24077	2023-10-20 17:51:40 +02:00
mposolda	c18e8ff535	User profile tweaks in registration forms closes #24024	2023-10-20 06:31:21 -07:00
kaustubh-rh	1ac2c0997d	Inconsistent handling of parenthesis in auth flow name (#24113 ) closes #16379	2023-10-20 10:00:46 +02:00
mposolda	04777299b0	After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly closes #23880	2023-10-19 19:23:50 +02:00
Andrew	77c3e7190c	updates to method contracts and code impl to be more specific about providerAlias (#24070 ) closes #24072	2023-10-18 08:33:06 +02:00
Pedro Igor	e91a0afca2	The username in account is required and don't change when email as username is enabled Closes #23976	2023-10-17 16:43:44 -03:00
shigeyuki kabano	6112b25648	Enhancing Light Weight Token(#22148 ) Closes #21183	2023-10-17 13:12:36 +02:00
Pedro Igor	9c19a8972b	Removing the default cache metadata Closes #23910	2023-10-13 16:32:55 +02:00
Charley Wu	31759f9c37	WebAuthn support for native applications. Support custom FIDO2 origin validation (#23156 ) Closes #23155	2023-10-13 15:25:10 +02:00
Moritz Becker	e9f08b6500	Do not return empty scope field in token introspection response Closes #16526	2023-10-13 08:36:12 +02:00
duckboy81	197b39492e	Update TokenManager.java Fixed minor spelling typos	2023-10-12 14:56:24 +02:00
ici-dev-gb	32b373f05f	Don't use top-level `await` for storage access checks (#23793 ) Closes #23743	2023-10-12 09:28:01 +00:00
Vojtěch Boček	8871983b33	Add support for single-tenant mode to Microsoft Identity Provider (#20699 ) * Add support for single-tenant mode to Microsoft Identity Provider Fixes #20695 Closes #11207 * Add SocialLoginTest for Microsoft single-tenant variant	2023-10-10 16:35:36 -04:00
Marek Posolda	a6609bd969	Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517 ) Closes #12406 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-10 21:54:37 +02:00
Pedro Igor	7385ed56c7	Avoid creating the component when there is no component and configuration is not provided Closes #20970 Co-authored-by: Pedro Igor <psilva@redhat.com>	2023-10-10 13:28:48 +02:00
Daniel Fesenmeyer	dd37e02140	Improve logging in case of OIDC Identity provider errors: - log the full Redirection URL, when it contains an error parameter, or does not contain the state or code parameter - log the token endpoint URL (without - possibly confidential - params) and the response body, when the token endpoint does not return a success response Closes #23690	2023-10-06 19:03:41 +02:00
mposolda	cdb61215c9	UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed closes #23749	2023-10-06 11:27:48 -03:00
Pedro Igor	290bee0787	Resolve several usability issues around User Profile (#23537 ) Closes #23507, #23584, #23740, #23774 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-06 10:15:39 -03:00
rmartinc	890600c33c	Remove backward compatibility for ECDSA tokens Closes https://github.com/keycloak/keycloak/issues/23734	2023-10-06 14:24:48 +02:00
Garth	2dfbbff343	added AccountResource SPI, Provider and ProviderFactory. (#22317 ) Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.	2023-10-05 15:08:01 +02:00
Justin Tay	55751a0830	Fix client assertion with invalid ES256, ES384, ES512 signatures Closes #23721	2023-10-05 13:07:52 +02:00
Steve Hawkins	fb69936f14	Aligns the logic in the welcome resources as a result the quarkus one can be removed closes keycloak#23243	2023-09-28 19:33:12 -03:00
Jon Koops	1b6cb7b2a9	Always check storage access before placing test cookie (#23393 )	2023-09-27 13:38:53 +02:00
Lucas Hedding	de5aa2e74d	Add createTimestamp to REST service (#23293 ) Closes #14009	2023-09-27 13:38:16 +02:00
rmartinc	10c1e3ba6d	Client roles should be mapped to any claim name Closes https://github.com/keycloak/keycloak/issues/22349	2023-09-27 08:11:22 -03:00
rmartinc	d90640b5a3	Change email checkserveridentity prop as angus mail sets it to true by default Closes https://github.com/keycloak/keycloak/issues/22395	2023-09-26 09:11:16 +02:00
Maria Arias de Reyna	c15753266f	fix(Closes #21236 ): Adding client-id to logout event	2023-09-25 13:20:26 +02:00

1 2 3 4 5 ...

4326 commits