libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions
25868 commits 4 branches 9 tags 483 MiB
Commit graph

51 commits

Author SHA1 Message Date
kaustubh-rh
cf8905efe8
Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. (#32067) 
* Stripping secrets for the credential representation

Signed-off-by: kaustubh B <kbawanka@redhat.com>
 2024-08-12 13:47:41 -03:00
Dmitry Telegin
5ff3488c80 Incorrect version comparison in ModelVersion 
Closes #30935

Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
 2024-07-02 11:52:33 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400) 
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-23 08:38:36 +02:00
vramik
278341aff9 Add organizations enabled/disabled capability 
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-22 07:58:26 -03:00
Joerg Matysiak
76a5a27082 Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it 
Don't mask secrets at realm export

Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
 2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130 Make sure admin events are not referencing sensitive data from their representation 
Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
 2024-04-18 18:26:47 -03:00
Christopher Miles
1646315939 Deny list lower cases all passwords when loading from file 
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
 2024-04-15 08:49:37 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default 
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-12 10:53:39 +02:00
rmartinc
2b769e5129 Better management of the CSP header 
Closes https://github.com/keycloak/keycloak/issues/24568

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-08 08:19:57 +02:00
Marek Posolda
335a10fead
Handle 'You are already logged in' for expired authentication sessions (#27793) 
closes #24112

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-04-04 10:41:03 +02:00
Alexander Schwartz
6de5325d1c Limit the received content when handling the content as a String 
Closes #27293

Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-13 16:43:03 +01:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm 
Closes #25823

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-02-28 16:17:51 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack 
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-22 09:34:51 +01:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2023-11-13 19:13:01 +01:00
mposolda
6f992915d7 Move some UserProfile and Validation classes into keycloak-server-spi 
closes #24387
 2023-10-31 12:56:46 -07:00
rmartinc
ea398c21da Add a property to the User Profile Email Validator for max length of the local part 
Closes https://github.com/keycloak/keycloak/issues/24273
 2023-10-27 15:09:42 +02:00
rmartinc
05bac4ff0e Remove option Nerver Expires for tokens in Advanced OIDC client configuration 
Closes https://github.com/keycloak/keycloak/issues/21927
 2023-08-03 12:16:08 +02:00
Pedro Igor
eb5edb3a9b Support reading base32 encoded OTP secret 
Closes #9434
Closes #11561
 2023-06-22 08:08:13 -03:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces 
Fixes #20877

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json (#19394) 
Closes #19373
 2023-06-09 10:46:28 +02:00
rmartinc
81aa588ddc Fix and correlate session timeout calculations in legacy and new map implementations 
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
 2023-06-05 18:46:23 +02:00
Pedro Igor
8aeee928e8
Allow configuring the referrer policy (#19917) 
* Allow configuring the referrer policy

Closes #17288

* fixed indentation

---------

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-05-30 12:27:12 -04:00
Stefan Guilhen
2252b09949 Remove deprecated default roles methods 
Closes #15046
 2023-05-23 22:32:52 +02:00
Hynek Mlnarik
e30e1eca68 Ensure that concatenated Stream is closed once read 
Fixes: #15781
 2023-02-17 13:00:32 +01:00
douph1
4acd1afa3b Use org.keycloak.common.util.Base64Url to encode/decode clientID 
fix #15734
    related #10227 #10231
 2022-12-08 08:49:55 +01:00
danielFesenmeyer
f80a8fbed0 Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving 
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
   - moving a group
   - renaming a group
   - renaming a role
   - renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior

Closes #11236
 2022-10-13 13:23:29 +02:00
evtr
4469bdc0a9
RelayState max length not respected 
Fixes: #10227
 2022-09-06 22:01:14 +02:00
Bastian
343d181a4e
KEYCLOAK-18289: use utf-8 encoding for simplehttp (#8025) 
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-08-25 13:02:41 +02:00
David Anderson
865a180c00
Remove bc dependency from server-spi and server-spi-private (#13319) 
Closes #12858
 2022-07-26 11:52:16 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Vlastimil Elias
28e220fa6d KEYCLOAK-18497 - Support different input types in built-in dynamic forms 2021-09-20 09:14:49 -03:00
Thomas Darimont
af892d469c KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew 
Add test case
 2021-09-01 10:45:50 +02:00
Vlastimil Elias
afa6e31d36 [KEYCLOAK-19006] User Profile: Patched handling of the "whitespace-only" 
texts in pattern and length validators
 2021-08-10 08:43:58 -03:00
Vlastimil Elias
32f2f095fe KEYCLOAK-7724 User Profile default validations 2021-07-29 08:42:37 +02:00
Pedro Igor
ef3a0ee06c [KEYCLOAK-17399] - Declarative User Profile and UI 
Co-authored-by: Vlastimil Elias <velias@redhat.com>
 2021-06-14 11:28:32 +02:00
Vlastimil Elias
4ad1687f2b [KEYCLOAK-17399] UserProfile SPI - Validation SPI integration 2021-05-20 15:26:17 -03:00
Vlastimil Eliáš
0913a22c30
KEYCLOAK-2045 Simple Validation SPI for UserProfile SPI (#8053) 
* KEYCLOAK-2045 Simple Validation API

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2021-05-19 13:57:34 -03:00
Réda Housni Alaoui
6da396821a KEYCLOAK-17014 Searching all users from admin console is very slow 2021-02-03 21:54:46 +01:00
mhajas
f7e0af438d KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak 
(cherry picked from commit 0b49640231abc6e465542bd2608e1c908c079ced)
 2020-09-17 23:21:49 -07:00
Schlier, Fabian
ad836d1768 KEYCLOAK-14310 Added fix that considers Content-Type for data encoding and added corresponding test 2020-07-09 09:53:02 +02:00
stianst
90b29b0e31 KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy 2020-05-29 13:57:38 +02:00
mposolda
a878bec60f KEYCLOAK-14007 Missing RHSSO 7.4 version in MigrationModelManager 2020-04-30 08:38:40 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00
mposolda
803f398dba KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage 2020-03-11 12:51:56 +01:00
stianst
986213be23 KEYCLOAK-12877 Fix ModelVersion for testing pipeline 2020-02-05 12:04:01 +01:00
Andrei Arlou
363c789ab9 KEYCLOAK-12216 Fix minor warnings in tests from module "server-spi-private" 2019-11-26 08:35:35 +01:00
pastor
286d4778d0 KEYCLOAK-12002. SimpleHttp: considering encoding 2019-11-22 07:05:22 +01:00
vramik
74f6e362af KEYCLOAK-10878 Realm exports may fail with future community releases 2019-07-18 10:50:34 -03:00
mposolda
5b663dbc69 KEYCLOAK-9713 Warning in the log during export/import on current master 2019-04-24 10:56:43 +02:00
stianst
0d9ccba566 Some work on deprecated testsuite migration 2018-06-27 08:16:14 +02:00