libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
14095 commits 4 branches 9 tags 483 MiB
Commit graph

3539 commits

Author SHA1 Message Date
Martin Bartoš
18581ca4f7 Test more recent versions of Spring Boot 
Closes #9934
 2022-02-17 16:08:57 +01:00
Martin Bartoš
314d303a99 Possibility to ignore tests for particular browsers 
Closes #10213
 2022-02-17 09:02:11 +01:00
Pedro Igor
a9668d14ce Proper error response when handing unexpected errors 
Closes #10176
 2022-02-16 15:35:38 -03:00
Martin Bartoš
bbe9ab38bc Unstable AuthenticationFlowCallbackProviderTest for undertow-map 
Closes #10225
 2022-02-16 15:49:08 +01:00
Pedro Igor
7da3953435 Path parameter is missing in the get account endpoint 
Closes #10055
 2022-02-15 15:44:05 -03:00
Marek Posolda
90d4e586b6
Show error in case of an unkown essential acr claim. Make sure correc… (#10088) 
* Show error in case of an unkown essential acr claim. Make sure correct acr is set after authentication flow during step-up authentication
Closes #8724

Co-authored-by: Cornelia Lahnsteiner <cornelia.lahnsteiner@prime-sign.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2022-02-15 09:02:05 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
Martin Kanis
26ac142b99 Hot Rod map storage: Roles no-downtime store 2022-02-11 14:31:34 +01:00
wojnarfilip
f54cd969f8 OTPPolicyTest failures resolve 
Tests pass locally, Closes #9692
 2022-02-11 14:06:17 +01:00
Michal Hajas
b50b8f883b Implement HotRod storage for Users 
Closes #9671
 2022-02-11 10:20:36 +01:00
Douglas Palmer
340d8da197
LDAP Integration tests fail on JDK-17 #9899 (#9980) 2022-02-11 09:03:16 +01:00
Martin Bartoš
6c09ec6de6 Hide 'unknown' transport media type label for WebAuthn authenticators 
Closes #10036
 2022-02-11 08:28:50 +01:00
Mauro de Wit
2c238b9f04
session-limiting-feature (#8260) 
Closes #10077
 2022-02-08 19:16:06 +01:00
Martin Bartoš
571f2d5107 WebAuthnSigningInTest failures in pipeline 
Closes #9691
 2022-02-07 10:57:14 +01:00
Martin Bartoš
8573ea5fb2 KEYCLOAK-17690 Add missing test case for user email update 2022-02-07 10:56:11 +01:00
Marek Posolda
d9c8cb30a5
Closes #9498 - Fix cases when user is forced to re-authenticate (#9580) 2022-02-07 09:02:08 +01:00
Martin Bartoš
d82122b982 Store information about transport media of WebAuthn authenticator 
Closes #9800
 2022-02-04 19:36:30 +01:00
Takashi Norimatsu
07d43f31f3 Expected Scopes of ClientScopesCondition created on Admin UI are not saved onto ClientScopesCondition.Configuration 
Closes #9371
 2022-02-04 18:02:15 +01:00
Martin Kanis
0471ec4941 Cross-site validation for lazy loading of offline sessions & Switch default offline sessions to lazy loaded 2022-02-03 21:43:47 +01:00
Konstantinos Georgilakis
a1f2f77b82 Device Authorization Grant with PKCE 
Closes #9710
 2022-02-03 08:37:07 +01:00
Daniel Gozalo
db4642d250 [fixes #9919] - Enable Dynamic Scopes for the resource-owner-password-credentials grant 
Change some calls to the new AuthorizationContextUtil class and add tests for the client-credentials grant
 2022-02-03 08:19:44 +01:00
Marek Posolda
d27635fb1b
Fixing for token revocation checks only (#9707) 
Closes #9705
 2022-02-02 15:21:44 +01:00
Martin Bartoš
191ef1874e Complete support for Passwordless tests 
Closes #9850
 2022-02-02 09:12:46 +01:00
Daniel Gozalo
3528e7ba54 [fixes #9224] - Get consented scopes from AuthorizationContext 
Always show the consent screen when a dynamic scope is requested and show the requested parameter

Improve the code that handles dynamic scopes consent and add some log traces

Add a test to check how we show dynamic scope in the consent screen and added missing template file change

Fix merge problem in comment and improve other comments

Fix the Dynamic Scope test by assigning it to the client as optional instead of default

Change how dynamic scopes are represented in the consent screen and adapt test
 2022-02-02 09:10:20 +01:00
Martin Bartoš
243b6ba552 Test scenarios for verifying of JS injection for WebAuthn Policy 
Closes #9544
 2022-02-01 11:16:12 +01:00
Martin Bartoš
47208b7a20 Extend and fix tests for Resident Keys for WebAuthn 
Closes #9796
 2022-02-01 11:11:04 +01:00
Martin Bartoš
c40e842b45
Verify the WebAuthn functionality and settings for authentication (#9851) 
* Verify the WebAuthn functionality and settings for authentication

Closes #9504
 2022-01-31 15:42:08 +01:00
Daniel Gozalo
dc814b85c7 Pass the UserId to the function that runs the inner function in the server as it was losing its value when defined globally for Wildfly and Quarkus 2022-01-31 13:02:22 +01:00
Martin Bartoš
2919342f3a Add test scenarios for Passwordless Webauthn AIA 
Closes #9795
 2022-01-27 11:02:43 +01:00
bal1imb
9621d513b5 KEYCLOAK-18727 Improve user search query 2022-01-26 17:03:05 +01:00
Daniel Gozalo
4136bf7700 [fixes #9750] Make sure a Dynamic scope isn't assignable to a client as a default scope, and only show non-dynamic scopes in the available client scopes client menu 2022-01-26 13:32:04 +01:00
Daniel Gozalo
dad51773ea [fixes #9223] - Create an internal representation of RAR that also handles Static and Dynamic Client Scopes 
Parse scopes to RAR representation and validate them against the requested scopes in the AuthorizationEndpointChecker

Parse scopes as RAR representation and add the created context on the different cache models in order to store the state and make it available for mappers in the ClientSessionContext

Create a new AuthorizationRequestSpi to provide different implementations for either dynamic scopes or RAR requests parsing

Move the AuthorizationRequest objects to server-spi

Add the AuthorizationRequestContext property to the MapAuthenticationSessionEntity and configure MapAuthenticationSessionAdapter to access it

Remove the AuthorizationRequestContext object from the cache adapters and entities and instead recalculate the RAR representations from scopes every time

Refactor the way we parse dynamic scopes and put everything behind the DYNAMIC_SCOPES feature flag

Added a login test and added a function to get the requested client scopes, including the dynamic one, behind a feature flag

Add a new filter to the Access Token dynamic scopes to avoid adding scopes that are not permitted for a user

Add tests around Dynamic Scopes: replaying existing tests while enabling the DYNAMIC_SCOPES feature and adding a few more

Test how the server genereates the AuthorizationDetails object

Fix formatting, move classes to better packages and fix parent test class by making it Abstract

Match Dynamic scopes to Optional scopes only and fix tests

Avoid running these tests on remote auth servers
 2022-01-26 13:19:23 +01:00
Martin Kanis
ddcabe61b2 KEYCLOAK-19571 Add indices to HotRodClientEntity fields 2022-01-20 17:46:47 +01:00
Konstantinos Georgilakis
0c9ab32cf4 Fix scope bug in device authorization request 
Closes #9617
 2022-01-19 18:13:42 +01:00
vramik
22bcdcb630 MapRoleProvider could return also client roles when searching for realm roles 
Closes #9587
 2022-01-19 16:39:59 +01:00
Konstantinos Georgilakis
db0b36460f KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider 2022-01-15 20:15:27 +01:00
Pedro Igor
4c747047ce
Backward compatibility for lower-case bearer type in token responses (#9538) 
Closes #9537
 2022-01-13 08:34:45 +01:00
Jon Koops
dea123169f
KEYCLOAK-14817 Allow JS adapter to be bundled as ES module (#9351) 2022-01-13 08:28:30 +01:00
Daniel Gozalo
8ea09d3816
[fixes #9222] - Let users configure Dynamic Client Scopes (#9327) 2022-01-12 14:27:24 +01:00
Martin Bartoš
8649ca3d50
Multiple active tabs when realm name equals name of the tab in Admin console (#9438) 
Closes #9421
 2022-01-11 16:01:28 -05:00
Marek Posolda
8f221bb21e
Validation for CIBA binding_message parameter (#9470) 
closes #9469
 2022-01-11 11:19:15 +01:00
Martin Bartoš
d75d28468e
KEYCLOAK-19490 Add more details about 2FA to authenticate page (#9252) 
Closes #9494
 2022-01-11 09:16:22 +01:00
vramik
dd3d7be2b4 Make JpaClientMapStorage generic 
Closes #9244
 2022-01-05 07:04:05 +01:00
Martin Bartoš
4700d21298 Upgrade Arquillian Graphene for WebAuthn tests 
Closes #9330
 2021-12-23 06:46:26 -08:00
Martin Bartoš
422ae0b3db CIAM-1693 WebAuthn tests failures on JBoss 2021-12-23 02:43:25 -08:00
Martin Bartoš
fd23d1bd06 CIAM-1694 SigningInTest failure - Missing WebAuthn category 2021-12-23 02:26:56 -08:00
Martin Bartoš
6d0b551b5e
CIAM-1692 OfflineTokenSpringBootTest is failing in pipeline due to Hamcrest dependency (#9300) 2021-12-22 13:59:29 +01:00
CorneliaLahnsteiner
dff79cee3c
KEYCLOAK-847 Add support for step up authentication (#7897) 
KEYCLOAK-847 Fix behavior of unknown not essential acr claim

Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2021-12-22 12:43:12 +01:00
Ben Tatham
f201760a4a Fixed #8892 "does not exists" language 2021-12-21 20:24:13 +01:00
Martin Bartoš
408687f33a KEYCLOAK-19877 Update additional Arquillian dependencies 2021-12-21 07:58:35 -08:00
Pedro Igor
15d5a074b0 Avoid building configuration all the time when running tests 
Closes #9262
 2021-12-21 07:10:15 -08:00
keycloak-bot
9f3d4a7d42 Set version to 17.0.0-SNAPSHOT 2021-12-20 10:50:39 +01:00
Michal Hajas
30cef7aa68 Fix app-server addHttpListener failure 2021-12-20 10:40:42 +01:00
Stian Thorgersen
45e9243054
Verify fine-grained admin permissions feature is enabled before checking fine-grained permissions when creating users (#9211) 
* Verify fine-grained admin permissions feature is enabled before checking fine-grained permissions when creating users

Co-authored-by: stianst <stianst@gmail.com>

* fixing test

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2021-12-17 14:45:56 +01:00
Stian Thorgersen
31345c49b1
Server-only upgrade to WildFly 25.0.1 (#9190) 
* WF 25.0.1 upgrade light

* Re-enable adapters with old WF versions

* Put server-overlay and server-legacy-dist back to reduce size of PR changes

* Remove some more changes that are not needed

* Fix issues adding to provider properties

* Fix user-profile updates for tests

* tls fixes

* Set WF to 23 for adapter tests

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2021-12-17 12:12:41 +01:00
Michal Hajas
5f0b65e854 Fix Cross DC test failures caused by Keycloak not increasing failure counter for blocked users 
Closes #9157
 2021-12-15 19:13:54 +01:00
vramik
c6312e3308 KEYCLOAK-18717 KEYCLOAK-18716 KEYCLOAK-18715 KEYCLOAK-18713 KEYCLOAK-18712 KEYCLOAK-18711 JPA clients no-downtime store 2021-12-15 13:32:49 +01:00
Marcelo Sales
afeaa6f593 KEYCLOAK-19391: Fix ldap query search adding custom serach filter 2021-12-15 08:54:52 +01:00
Michal Hajas
5aa9a09b20 Closes #8969 - Add Groups HotRod storage 2021-12-13 18:12:19 +01:00
stianst
85240c9606 Remove deprecated kcinit from keycloak 
Closes #9106
 2021-12-13 15:51:51 +01:00
thomasmicro
c474e770fe Clarify Admin UI Name of NoCookieFlowRedirectAuthenticator 
In the Admin UI, the Authenticator was simply called Browser Redirect/Refresh which gives the impression that it is a generic redirector (which would be a cool validator).

This Quick Fix changes the Name to "Browser Redirect for Cookie free authentication" which should bring more clarity.
 2021-12-13 13:14:49 +01:00
Martin Bartoš
8e8fab857e KEYCLOAK-19486 Verify the WebAuthn registration functionality 2021-12-13 09:46:07 +01:00
Martin Bartoš
faefeccbee KEYCLOAK-19487 Test cases for managing 2FA authenticators in account console 2021-12-12 11:36:51 +01:00
Pedro Igor
bf0f3d605c [fixes #9052] - Renaming cluster options to cache 2021-12-10 08:20:53 +01:00
Martin Bartoš
c5eeb704ee KEYCLOAK-19881 Make module 'other' independent 2021-12-08 11:04:12 +01:00
Martin Bartoš
4f66087bf4 Fix for WebAuthn tests 2021-12-08 10:12:48 +01:00
Martin Bartoš
5283db86c4 KEYCLOAK-19489 Verify WebAuthn settings in admin console 2021-12-08 10:12:48 +01:00
Martin Bartoš
12fe5e0012 Documentation and code polishing 2021-12-06 09:42:10 +01:00
Martin Bartoš
7d04f8c071 Resolve some issues with dependencies 2021-12-06 09:42:10 +01:00
Martin Bartoš
7dc01a5a6e KEYCLOAK-13319 Use newest WebDriver/Selenium for the WebAuthn testing 2021-12-06 09:42:10 +01:00
Alfredo Boullosa
a0b9e4f3eb KEYCLOAK-19853 Update Arquillian version 2021-12-04 06:45:43 +01:00
Pedro Igor
9a4ab82d08 [KEYCLOAK-19847] - Optimizations and refactoring for better/stable startup time 2021-12-02 08:57:23 -08:00
Pedro Igor
7bef534392 [KEYCLOAK-19859] - Patching request filter to properly end responses 2021-12-01 09:18:56 -08:00
Yoshiyuki Tabata
b1eeb0626e KEYCLOAK-13847 fix offline token refresh date 2021-12-01 08:30:08 +01:00
Nemanja Hiršl
c9e1e00b95 KEYCLOAK-19773 BFD and Direct Grant - inconsistent number of failures 
Do not "failure" on temporary or permanently locked users, but "forceChallenge"
Failure increments number of failures, and forceChallenge doesn't

Test cases cover:
1. Already disabled users
2. Temporarily disabled users by BFD
3. Permanently disabled users by BFD
 2021-11-24 15:28:18 +01:00
Martin Bartoš
1e1a6779be Issue 8814: Replace deprecated hamcrest-all dependencies 2021-11-23 13:56:28 +01:00
bal1imb
661aca4452 KEYCLOAK-19283 Implemented new identity provider mapper "Advanced claim to group mapper" alongside tests. 2021-11-19 16:54:39 +01:00
Hiroyuki Wada
884471c729 KEYCLOAK-19237 Avoid using stream that has been operated 2021-11-18 17:46:35 +01:00
Takashi Norimatsu
10c3e149d3 KEYCLOAK-19699 RSA key provider with key use = enc cannot select corresponding algorithm on Admin Console 2021-11-18 13:24:50 +01:00
Olivier Boudet
ed6eea26ea KEYCLOAK-19413 Allows to set login_hint on registration and reset-credentials pages 2021-11-18 13:17:10 +01:00
Konstantinos Georgilakis
63c9845cb9 KEYCLOAK-18276 client content screen enhancement 2021-11-18 13:15:02 +01:00
Pedro Igor
e14e56e0f3 [KEYCLOAK-19798] - Hostname support for Dist.X 
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2021-11-17 10:51:58 -03:00
Martin Bartoš
b17f0695ee 8793 User Profile multiple implementations 2021-11-15 08:46:34 +01:00
Michal Hajas
2f9a5aae0f KEYCLOAK-19028 Add HotRod Map storage implementation 2021-11-11 14:10:00 +01:00
David Perrenoud
36da2d20e9 KEYCLOAK-17039 Local file in a webview fails when requesting with "Origin: null" since 11.0.2 2021-11-11 10:55:33 +01:00
rmartinc
a4c4c00d00 [KEYCLOAK-14309] Duplicate sub claim at JSON level 2021-11-08 11:54:39 +01:00
Alec Henninger
cec6a8a884 KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error 2021-11-08 11:37:51 +01:00
Takashi Norimatsu
d0493b4306 KEYCLOAK-19723 Existing ECDSA key provider's key pair is not regenerated when its curve is changed on Admin Console 2021-11-05 10:05:40 +01:00
mposolda
5740e158e3 KEYCLOAK-18744 OpenBanking Brasil fix for X509 client authentication. More flexibility in Subject DN comparison. 2021-11-05 09:10:50 +01:00
Pedro Igor
3c00dba8ad [KEYCLOAK-19767] - Fixing testsuite to point to right persisted config 2021-11-04 15:06:49 -03:00
Dominik Guhr
579c5462b2 KEYCLOAK-19308 Grouping for help commands and refactoring of Propertymapper usage to provida a fluid API 2021-11-04 08:59:56 -03:00
Luca Leonardo Scorcia
e99b363ba0 KEYCLOAK-18879 Generate RequestedAttribute SP metadata for SAML Attribute Role Mappers 2021-11-04 11:15:32 +01:00
Bruno Oliveira da Silva
16db810b03 [KEYCLOAK-19754] - Update documentation files to remove problematic language in the main repository 2021-11-04 10:08:56 +01:00
Pedro Igor
eaa96f6147 [KEYCLOAK-18255] - Vault Support in Dist.X 2021-11-03 09:23:33 -03:00
Leonardo Brancalhão
a2a788ec39 KEYCLOAK-18401 Oracle test fixes 2021-11-02 11:55:38 +01:00
Martin Bartoš
bfce612641 KEYCLOAK-18338 Fix update user account with configured SSSD 2021-11-02 08:42:07 +01:00
Joerg Matysiak
afc5cb4d14 KEYCLOAK-19617 Simplify creation of custom user profiles 
* DeclarativeUserProfileProvider passes its ID to DeclarativeUserProfileModel, so this also works for derived classes.
* Moved creation of declarative user profile model to a protected factory method to allow subclasses to provide their own implementation.
* Added integration tests for custom user profile
* configured declarative-user-profile as default user profile provider in test servers
* Restore previously configured default provider after test with special provider settings
* Some refactoring in SpiProviderSwitchingUtils
 2021-10-28 08:26:11 -03:00
Martin Kanis
af97849feb KEYCLOAK-19030 Implement HotRodConnectionProvider 2021-10-27 14:07:19 +02:00
Konstantinos Georgilakis
a5c8c45551 KEYCLOAK-19388 correct AttributeConsumingService bug in SAML SP metadata 2021-10-21 20:24:46 +02:00
Takashi Norimatsu
263161ff66 KEYCLOAK-19540 FAPI 2.0 Baseline : Reject Resource Owner Password Credentials Grant 2021-10-21 09:13:12 +02:00