libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
13067 commits 4 branches 5 tags 480 MiB
Commit graph

5034 commits

Author SHA1 Message Date
Stan Silvert
717d9515fa
KEYCLOAK-16890: Stored XSS attack on new acct console (#7867) 2021-03-22 11:24:12 +01:00
Stan Silvert
3b80eee5bf KEYCLOAK-17033: Reflected XSS attack with referrer in new account 
console
 2021-03-22 11:22:23 +01:00
Clement Cureau
0b68f24a09
[KEYCLOAK-14046] Include groups in user creation via Admin Console (#7035) 
* [KEYCLOAK-14046] Include groups in user creation via Admin Console

Since the POST /users API now supports providing groups membership, here is the UI
part!

- Added a field in the user creation UI to specify groups the newly created user
will be joining
- Added associated messages in english language

* Added UI integration tests

* Fixed UI tests

* Flatten nested groups in user creation groups searchbox

* Filtering out searched groups

* Removed unused injection

* Fixed UI tests

Co-authored-by: Clement Cureau <clement.cureau@cdiscount.com>
 2021-03-19 13:55:45 +01:00
mposolda
853a6d7327 KEYCLOAK-17000 Adding server tmp directory inside the auth-server home directory 2021-03-17 10:06:48 +01:00
Pascal Euhus
82fc401298 [KEYCLOAK-9841] use LDAPUser UUID as an identifier instead of username 2021-03-16 17:55:24 +01:00
Andrew Elwell
c76ca4ad13
Correct "doesn't exists" typos - fixes KEYCLOAK-14986 (#7316) 
* Correct "doesn't exists" typos

* Revert changes to imported package

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2021-03-16 11:52:36 +01:00
Yang Xie
db30b470c4 KEYCLOAK-17342 Make the default value of default signature algorithm show up in the admin console 2021-03-16 09:15:22 +01:00
Michito Okai
298ab0bc3e KEYCLOAK-7675 Support for Device Authorization Grant 2021-03-15 10:09:20 -03:00
Łukasz Dywicki
319195236b Fix failing test, cause oauth device flow is encoded using realm attributes. 2021-03-15 10:09:20 -03:00
Hiroyuki Wada
9d57b88dba KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant. 
Author:    Hiroyuki Wada <h2-wada@nri.co.jp>
Date:      Thu May 2 00:22:24 2019 +0900

Signed-off-by: Łukasz Dywicki <luke@code-house.org>
 2021-03-15 10:09:20 -03:00
Thomas Darimont
d2060913be KEYCLOAK-14412 Fixed compiler error in JavascriptAdapterTests 2021-03-11 13:03:08 -03:00
Thomas Darimont
b926cd20f1 KEYCLOAK-14412 Keycloak.js should honor scopes configured in initOptions and loginOptions 2021-03-11 13:03:08 -03:00
Hynek Mlnarik
4946484cb6 KEYCLOAK-17377 Fix invalidation cluster tests (do not hide failures) 2021-03-11 16:14:59 +01:00
Miquel Simon
1d54dd5e8b KEYCLOAK-16006. Fixed Spring Boot tests with new offset value. 2021-03-11 09:51:28 +01:00
Alfredo Boullosa
95d9cd2b38 KEYCLOAK-17376 - Fix DeviceActivityTest, SigningInTest and PermissionsTest 2021-03-10 09:00:30 +01:00
Lukas Hanusovsky
b3ea6f74be KEYCLOAK-16212 - Exclude Remote execution for the LDAPVaultCredentialsTest, fixed broken exclude Remote execution for the LDAPUserLoginTest. 2021-03-10 07:27:43 +01:00
Yang Xie
2605eddbe7 KEYCLOAK-17300 Add a method to check if the token revocation request has duplicate parameters 2021-03-09 18:27:38 +01:00
Alfredo Boullosa
3d76e2b775 KEYCLOAK-17378 - Fix DisableAuthorizationSettingsTest 2021-03-09 16:09:53 +01:00
Lukas Hanusovsky
ef57714eaa KEYCLOAK-17301 - fix -> added org.infinispan.commons module into jboss-deployment-structure.xml 2021-03-09 11:05:17 +01:00
vramik
6e501946b1 KEYCLOAK-17021 Client Scope map store 2021-03-08 21:59:28 +01:00
Michal Hajas
fc29a39e5a KEYCLOAK-16592 Do not require destination with SOAP binding 2021-03-05 19:52:00 +01:00
mposolda
99c1ee7f5a KEYCLOAK-16793 KEYCLOAK-16948 Cors on error responses for logoutEndpoint and tokenEndpoint 2021-03-05 14:14:53 +01:00
Martin Bartoš
d452041d7d KEYCLOAK-17304 ClientPoliciesTest - exclude mTLS tests for non-required SSL 2021-03-05 12:24:37 +01:00
Martin Bartoš
da6a017e86 KEYCLOAK-17307 ResetPasswordTest - wrong redirect URIs 2021-03-05 08:49:34 +01:00
Pavel Drozd
8203c4451e KEYCLOAK-14766 - Removed setting default password for LDAPRule configuration 2021-03-04 12:56:45 +01:00
Denis
23bfaef4bb KEYCLOAK-15535 Account Log of user login with realm not available details when update profile 2021-03-04 08:06:36 +01:00
Yang Xie
78754d1127 KEYCLOAK-17259 Add a method to check if the introspection request has duplicate parameters 2021-03-03 16:23:27 +01:00
Pedro Igor
0f30b3118a [KEYCLOAK-16676] - Client attributes should not be stored if null or empty 2021-03-03 15:37:05 +01:00
Pedro Igor
40efbb0f9c [KEYCLOAK-13942] - Invalidate pre-defined paths when paths are invalidated 2021-03-02 15:01:42 +01:00
Takashi Norimatsu
882f5ffea4 KEYCLOAK-15533 Client Policy : Extends Policy Interface to Migrate Client Registration Policies 
Co-authored-by: Hryhorii Hevorkian <hhe@adorsys.com.ua>
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
 2021-03-02 09:26:04 +01:00
i7a7467
b83064b142 KEYCLOAK-16679 Add algorithm settings for client assertion signature in OIDC identity broker 2021-03-01 18:11:25 +01:00
Takashi Norimatsu
c4bf8ecdf0 KEYCLOAK-16880 Client Policy - Condition : Negative Logic Support 2021-03-01 14:27:39 +01:00
mposolda
41dc94fead KEYCLOAK-14483 Broker state param fix 2021-02-24 19:07:58 -03:00
Alfredo Boullosa
52a939f61a KEYCLOAK-17125 Update Arquillian drone version to 2.5.2 2021-02-24 08:51:47 +01:00
mposolda
6f409d088a KEYCLOAK-15239 Reset Password Success Message not shown when Kerberos is Enabled 2021-02-23 16:15:50 -03:00
Pedro Igor
dbc6514bfc [KEYCLOAK-17206] - Avoid removing attributes when updating user and profile 2021-02-23 08:41:41 +01:00
Juan Manuel Rodriguez Alvarado
6255ebe6b5 [KEYCLOAK-16536] Implement Audit Events for Authorization Services requests 2021-02-22 17:28:59 -03:00
mposolda
ed8d5a257f KEYCLOAK-16517 Make sure that just real clients with standardFlow or implicitFlow enabled are considered for redirectUri during logout 2021-02-22 14:30:32 +01:00
mposolda
0058011265 KEYCLOAK-16006 User should not be required to re-authenticate after revoking consent to an application 2021-02-22 14:29:42 +01:00
Pedro Igor
1dc0b005fe [KEYCLOAK-17087] - X509 OCSP Validation Not Checking Intermediate CAs 2021-02-22 13:50:19 +01:00
Lukas Hanusovsky
4a2830bc2e KEYCLOAK-15849 : auth-remote-server exclude -> removed duplicated annotation, fixed @Test(timeout) bug -> replaced by lambda expression. 2021-02-22 13:40:47 +01:00
Pedro Igor
9356843c6c [KEYCLOAK-16521] - Fixing secret for non-confidential clients 2021-02-19 08:38:49 +01:00
Torsten Roemer
750f5fdb0a KEYCLOAK-14577 OIDCIdentityProvider incorrectly sets firstName and lastName in BrokeredIdentityContext 2021-02-18 19:50:27 +01:00
Torsten Roemer
00ee6bb9fa KEYCLOAK-14577 OIDCIdentityProvider incorrectly sets firstName and lastName in BrokeredIdentityContext 2021-02-18 19:50:27 +01:00
rmartinc
056b52fbbe KEYCLOAK-16800 userinfo fails with 500 Internal Server Error for service account token 2021-02-18 19:37:52 +01:00
Pedro Igor
431f137c37 [KEYCLOAK-17123] - Avoid validation and updates for read-only attributes during updates 2021-02-17 17:57:46 +01:00
stefvdwel
b97f5eb128 Added PermissionTicket count test. 2021-02-17 09:40:19 -03:00
Pedro Igor
2593c3dbc4 [KEYCLOAK-15893] - Incorrect resource match is returned for some cases when using wildcard in uri 2021-02-17 12:51:26 +01:00
mposolda
80bf0b6bad KEYCLOAK-16708 Unexpected exceptions during client authentication 2021-02-12 18:27:54 +01:00
Pedro Igor
ca2a761d4b [KEYCLOAK-16886] - Updating user account removes attributes 2021-02-12 12:01:50 -03:00
Michito Okai
33bb1fda38 KEYCLOAK-16931 Authorization Server Metadata of 
introspection_endpoint_auth_methods_supported and
introspection_endpoint_auth_signing_alg_values_supported
 2021-02-11 14:53:49 +01:00
Pedro Igor
7a4733acc9 [KEYCLOAK-14034] - Adding tests for matching uris once updated 2021-02-11 09:44:43 -03:00
mposolda
456cdc51f2 KEYCLOAK-15719 CORS headers missing on userinfo error response 2021-02-11 13:37:42 +01:00
diodfr
cb12fed96e KEYCLOAK-4544 Detect existing user before granting user autolink 2021-02-11 11:06:49 +01:00
Lukas Hanusovsky
223d0ea456 KEYCLOAK-16625 : Testsuite -> auth.server.remote: adding keystore file to a build directory. 2021-02-09 15:22:43 +01:00
Pedro Igor
f6c3ec5d9e [KEYCLOAK-14366] - Missing check for iss claim in JWT validation on Client Authentication (Token Endpoint) 2021-02-09 13:54:06 +01:00
Pedro Igor
ab9a38ec27 [KEYCLOAK-13115] - Unable to add a role to a user if username query matches multiple acounts 2021-02-09 13:49:25 +01:00
Pedro Igor
eb37a1ed69 [KEYCLOAK-17031] - ClientInvalidationClusterTest failing on Quarkus due to unreliable comparison 2021-02-05 16:09:27 +01:00
mposolda
f4b5942c6c KEYCLOAK-16755 ClearExpiredUserSessions optimization. Rely on infinispan expiration rather than Keycloak own background task. 2021-02-04 08:49:42 +01:00
Yang Xie
cffe24f815 KECLOAK-16009 Add a method to check if the token request has duplicate parameters 2021-02-03 16:10:41 +01:00
Lukas Hanusovsky
54c5b1514f KEYCLOAK-16939 : Performance testsuite -> new gc charts, sar profiles, new datasets, crossdc profile 2021-02-03 08:48:12 +01:00
Florian Apolloner
eeec82dea3 KEYCLOAK-16656 Only set execution authenticator for form flows. 2021-01-29 17:19:15 +01:00
Martin Kanis
8432513daa KEYCLOAK-16908 Refactor UserSessionPersisterProvider 2021-01-29 09:29:00 +01:00
Pedro Igor
922d7da3ae [KEYCLOAK-16497] - AuthzClient.create() fails when env variables are used in auth-server-url 2021-01-28 12:07:58 -03:00
Hynek Mlnarik
60e4bd622f KEYCLOAK-16828 Fix HttpClient failures and close HttpResponses 2021-01-28 08:38:34 +01:00
rmartinc
f3a4991b6a KEYCLOAK-15975 NPE in DefaultThemeManager.loadTheme() if theme directory is absent 2021-01-27 22:05:19 +01:00
Pedro Igor
0c501f8302 [KEYCLOAK-16837] - Authz client still relying on refresh tokens when doing client credentials 2021-01-27 12:23:32 -03:00
mposolda
99a70267d9 KEYCLOAK-16801 Improve performance of ClearExpiredEvents background task 2021-01-27 09:57:46 +01:00
Takashi Norimatsu
b89edabcfc KEYCLOAK-16889 Client Policy : Refactor Test Class 2021-01-27 09:06:08 +01:00
Hynek Mlnarik
6c07679446 KEYCLOAK-16584 Rename map to CRUD operations 
* rename putIfAbsent() to create(), get() to read(), put() to update(), remove() to delete()
* move ConcurrentHashMapStorage to org.keycloak.models.map.storage.chm package
* Add javadoc to MapStorage
 2021-01-20 16:20:56 +01:00
Martin Kanis
9f580e3ed8 KEYCLOAK-15695 Streamification cleanup 2021-01-20 14:39:53 +01:00
Thomas Darimont
6315fe5d22 KEYCLOAK-16464 Test mapping of enabled and emailVerified user model attribute to LDAP attributes 2021-01-20 09:24:06 +01:00
Takashi Norimatsu
bcf313f321 KEYCLOAK-16858 Client Policy - Improper retainAll operation in Client Scope Condition and other minor bugs 2021-01-20 09:10:21 +01:00
Martin Bartoš
9df7fdbc55 KEYCLOAK-14718 Adding test case for User Client Role Mapper 2021-01-19 17:49:36 +01:00
Michal Hajas
ba8e2fef6b KEYCLOAK-15524 Cleanup user related interfaces 2021-01-18 16:56:10 +01:00
mposolda
dae4a3eaf2 KEYCLOAK-16468 Support for deny list of metadata attributes not updateable by account REST and admin REST 
(cherry picked from commit 79db549c9d561b8d5efe3596370190c4da47e4e1)
(cherry picked from commit bf4401cddd5d3b0033820b1cb4904bd1c8b56db9)
 2021-01-18 13:17:51 +01:00
mposolda
eac3329d22 KEYCLOAK-14019 Improvements for request_uri parameter 
(cherry picked from commit da38b36297a5bd9890f7df031696b516268d6cff)
 2021-01-18 13:05:09 +01:00
Pedro Igor
c631013031 [KEYCLOAK-16515] - Scope permissions not added to result if previous permission is granted 2021-01-14 17:08:05 +01:00
Takashi Norimatsu
5f445ec18e KEYCLOAK-14200 Client Policy - Executor : Enforce Holder-of-Key Token 
Co-authored-by: Hryhorii Hevorkian <hhe@adorsys.com.ua>
 2021-01-12 11:21:41 +01:00
Takashi Norimatsu
f423c0dc51 KEYCLOAK-16249 Client Policy - Condition : Client - Any Client 2021-01-08 17:29:50 +01:00
vramik
1402d021de KEYCLOAK-14846 Default roles processing 2021-01-08 13:55:48 +01:00
Takashi Norimatsu
05dfac75ca KEYCLOAK-14202 Client Policy - Executor : Enforce secure signature algorithm for Signed JWT client authentication 
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
 2021-01-06 08:58:20 +01:00
Thomas Darimont
1a7600e356
KEYCLOAK-13923 Support PKCE for OIDC based Identity Providers (#7381) 
* KEYCLOAK-13923 - Support PKCE for Identity Provider

We now support usage of PKCE for OIDC based Identity Providers.

* KEYCLOAK-13923 Warn if PKCE information cannot be found code-to-token request in OIDCIdentityProvider

* KEYCLOAK-13923 Pull up PKCE handling from OIDC to OAuth IdentityProvider infrastructure

* KEYCLOAK-13923 Adding test for PKCE support for OAuth Identity providers

* KEYCLOAK-13923 Use URI from KeycloakContext instead of HttpRequest

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2021-01-05 10:59:59 -03:00
mposolda
d4a36d0d9c KEYCLOAK-16350 invalid_scope error response should be displayed for openid-connect/auth 2021-01-05 12:55:53 +01:00
vramik
dfa27b9f0f KEYCLOAK-14856 fix migration, add ssl for migration server 2021-01-05 11:05:18 +01:00
keycloak-bot
75be33ccad Set version to 13.0.0-SNAPSHOT 2020-12-16 17:31:55 +01:00
vramik
2ed8ed2543 KEYCLOAK-15390 fix ClientMappersOIDCTest 2020-12-16 15:14:35 +01:00
Stefan Guilhen
d6422e415c [KEYCLOAK-16508] Complement methods for accessing user sessions with Stream variants 2020-12-15 19:52:31 +01:00
Takashi Norimatsu
edabbc9449 KEYCLOAK-14203 Client Policy - Executor : Enforce HTTPS URIs 2020-12-15 09:31:20 +01:00
Martin Bartoš
24f1a9c5c4 KEYCLOAK-16583 Ignore tests which directly use WebAuthn Chrome testing feature 2020-12-14 16:39:32 +01:00
Martin Bartoš
cfc035ee42 KEYCLOAK-15066 Internal Server error when calling random idp endpoint 2020-12-14 16:37:53 +01:00
Cédric Couralet
f4abc86a66 KEYCLOAK-16112 don't remove username attribute 2020-12-14 15:46:25 +01:00
Takashi Norimatsu
200b53ed1e KEYCLOAK-14192 Client Policy - Condition : Author of a client - User Role 2020-12-14 15:37:05 +01:00
Michal Hajas
8e376aef51
KEYCLOAK-15847 Add MapUserProvider 2020-12-10 08:57:53 +01:00
Martin Kanis
3ddedc49f5 KEYCLOAK-11417 Internal server error on front channel logout with expired session 2020-12-09 14:45:04 +01:00
Martin Bartoš
873a69305f KEYCLOAK-15264 Import realm using directory provider twice with IGNORE_EXISTING will cause NPE for clientId 2020-12-08 11:28:07 +01:00
Hynek Mlnarik
8c0c542f09 KEYCLOAK-16489 Add ability to run model tests with LDAP 2020-12-07 20:54:06 +01:00
Martin Kanis
f6be378eca KEYCLOAK-14556 Authentication session map store 2020-12-07 20:48:59 +01:00
Lukas Hanusovsky
7f916ad20c KEYCLOAK-14231 - validate supported locales 2020-12-07 19:56:32 +01:00
Stefan Guilhen
edef93cd49 [KEYCLOAK-16232] Streamify the UserCredentialStore and UserCredentialManager interfaces 2020-12-07 19:48:35 +01:00