libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
25441 commits 4 branches 5 tags 483 MiB
Commit graph

6791 commits

Author SHA1 Message Date
Pedro Igor
f010f7df9b Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-03 11:55:04 -03:00
Martin Kanis
e1b735fc41 Identity-first login flow should be followed by asking for the user credentials 
Closes #30339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-03 11:55:04 -03:00
Giuseppe Graziano
02d64d959c Using _system client when account client is disabled for email actions 
Closes #17857

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-03 08:43:36 +02:00
cgeorgilakis-grnet
20cedb84eb Check refresh token flow response for offline based on refresh token request parameter 
Closes #30857

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-07-02 18:13:30 -03:00
Steven Hawkins
d534860e2b
fix: admin cli client should set the content when performing a merge (#30539) 
closes: #29878

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-06-28 15:56:07 +02:00
Pedro Igor
cc2ccc87b0 Filtering organization groups when managing or processing groups 
Closes #30589

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-28 10:27:18 -03:00
Steven Hawkins
aae1fa1417
fix: addresses cli erroneously wants a secret when env password is set (#30892) 
closes: #30866

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-06-28 11:48:42 +02:00
Thomas Darimont
690c6051bb Fix scope policy evaluation for client to client token exchange (#26435) 
Previously the scope from the token was not set available in the ClientModelIdentity attributes.
This caused the NPE in `org.keycloak.authorization.policy.provider.clientscope.ClientScopePolicyProvider.hasClientScope`(..)
when calling `identity.getAttributes().getValue("scope")`.

We now pass the provided decoded AccessToken down to the ClientModelIdentity creation
to allow to populate the required scope attribute.

We also ensure backwards compatibility for ClientPermissionManagement API.

Fixes #26435

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-06-28 10:33:20 +02:00
mposolda
f1b8a983d2 Cleanup mod_auth_mellon from the testsuite 
closes #30869

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-28 08:33:36 +02:00
Douglas Palmer
7a8c7502d2 Cleanup of adapter-spi module? 
Closes#30871

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-27 19:41:30 +02:00
Douglas Palmer
220f32aa85 Cleanup of adapter pages 
Closes #30870

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-27 18:57:22 +02:00
mposolda
7279f2092e Cleanup of test-apps and related adapter code 
closes #30867

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-27 15:10:31 +02:00
mposolda
e5a4c94f75 Added suffix to keycloak-admin-client artifacts in keycloak repository 
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-27 11:00:30 +02:00
Romain LABAT
6615691c63
Support for service accounts when fetch roles is enabled (#30687) 
Support for service accounts when fetch roles is enabled

Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-25 18:00:26 -03:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5 
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2 Issue: 26568 - bcfips version bump and fixes 
* bump BCFIPS to 1.0.2.5
               * fix bc-fips related test error
               * remove unused imports

               Closes: #26568

Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
 2024-06-25 11:07:27 +02:00
fwojnar
015fefad02
Remove Edge from supported web drivers (#30423) 
Closes #29921

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2024-06-24 17:24:55 +02:00
fwojnar
e30e6cba8e
Remove Safari from supported web drivers (#30424) 
Related to #29921

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2024-06-24 13:27:12 +02:00
fwojnar
640db99c27
Remove Appium from supported web drivers (#30483) 
Related to #29921

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2024-06-24 13:26:33 +02:00
Takashi Norimatsu
b0aac487a3 VC issuance in Authz Code flow with considering scope parameter 
closes #29725

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-06-24 10:53:19 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
mposolda
6a9e60bba0 Flow steps back when changing locale or refreshing page on 'Try another way page' 
closes #30520

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-06-21 11:22:15 +02:00
rmartinc
592c2250fc Add briefRepresentation query parameter to getUsersInRole endpoint 
Closes #29480

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-21 11:21:02 +02:00
Takashi Norimatsu
6b135ff6e7 client-jwt authentication fails on Token Introspection Endpoint 
closes #30599

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-06-21 10:47:25 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates 
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-20 14:36:14 -03:00
rmartinc
f690947cea Remove the SAML undertow adapter 
Closes #30554

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-20 09:47:14 +02:00
Giuseppe Graziano
6b07b67667 Removed saml filter adapter tests 
Closes #30553

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-20 09:42:59 +02:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072) 
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3 
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e External Infinispan as cache - Part 2 
Includes a new implementation for the providers:

* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory

Closes #28648

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1 
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Martin Kanis
dc109381e1 Refactor organization tests 
Closes #30338

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-19 09:34:24 -03:00
Martin Kanis
89f83e9788 Importing organizations failing if there is no broker and members in the representation 
Closes #30305

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-19 08:46:04 -03:00
Pedro Igor
57139cbefc Internal read-only attributes have precedence over unmanaged attribute policy 
Closes #30240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-19 12:05:01 +02:00
Alexander Schwartz
9ce47fc117 Trying to switch the database 
Closes #28311

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-19 10:30:36 +02:00
Giuseppe Graziano
24aa6e143d
REALM_CLIENT attribute to recognize realm clients (#30433) 
Closes #29413

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-19 10:22:13 +02:00
Stefan Guilhen
db846a792d Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches 
Closes #30414

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-06-18 13:14:28 -03:00
Francis Pouatcha
d4797e04a2
Enhance SupportedCredentialConfiguration to support optional claims object as defined in OpenID for Verifiable Credential Issuance specification (#30420) 
closes #30419 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-06-18 17:07:49 +02:00
rmartinc
fc65c73106 Upgrade adapters test to use wildfly 28 (jakarta only) via maven plugin 
Closes #30324

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-18 15:40:59 +02:00
rmartinc
38d8cf2cb3 Add UPDATE event to the client-roles condition 
Closes #30284

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-18 15:30:42 +02:00
Martin Bartoš
5ad3abaa96
Enable WebAuthn tests for Firefox (#30374) 
Closes #22075

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-06-18 10:36:01 +02:00
Jon Koops
08c3bb83f2
Remove Internet Explorer from supported web drivers (#29918) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-17 15:48:58 +00:00
rmartinc
c51640546d Improvements for ldap test authentication 
Closes #30434

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-15 10:01:24 +02:00
Thibault Morin
f6fa869b12
feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619) 
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP

Signed-off-by: tmorin <git@morin.io>

* Adding broker test and minor improvements

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing IdentityProviderTest

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Renaming methods related to idp initiated flows

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing partial_import_test.spec.ts

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-14 08:54:49 -03:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474) 
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-13 18:02:46 +02:00
Lukas Hanusovsky
ca0833b2e4
[#29412] DB Allocator removal - dependency cleanup. (#30406) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2024-06-13 13:31:52 +00:00
vramik
de2fdbe98f cache count 
Signed-off-by: vramik <vramik@redhat.com>
 2024-06-13 08:13:36 -03:00
vramik
d355e38424 Provide a cache layer for the organization model 
Closes #30087

Signed-off-by: vramik <vramik@redhat.com>
 2024-06-13 08:13:36 -03:00
Alfredo Moises Boullosa
a5cd6ed965 Add step to Google Social Login (#30335) 
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
 2024-06-12 17:27:02 +02:00
Stefan Guilhen
c49b5749ef Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP 
Closes #29784

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-06-12 10:42:21 -03:00