keycloak-scim

Author	SHA1	Message	Date
Stian Thorgersen	a32b58d337	Escape ldap id when using normal attribute syntax (#25 ) (#25036 ) Closes https://github.com/keycloak/security/issues/46 Co-authored-by: Ricardo Martin <rmartinc@redhat.com>	2023-11-27 11:38:14 +01:00
Thomas Darimont	d30d692335	Introduce MaxAuthAge Password policy (#12943 ) This policy allows to specify the maximum age of an authentication with which a password may be changed without re-authentication. Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible. A value of 0 will always require reauthentication to update the password. Add documentation for MaxAuthAgePasswordPolicy to server_admin Fixes #12943 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-20 14:48:17 +01:00
Hynek Mlnarik	70d0f731f5	Use session ID rather than broker session ID Closes: #24455 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2023-11-16 17:01:40 +01:00
Vlasta Ramik	d86e062a0e	Removal of retry blocks introduced for CRDB Closes #24095 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-11-16 13:50:56 +01:00
Hynek Mlnarik	26328a7c1e	Support for transient sessions via lightweight users Part-of: Add support for not importing brokered user into Keycloak database Closes: #11334	2023-10-25 12:02:35 +02:00
Marek Posolda	1bd6aca629	Remove RegistrationProfile class and handle migration (#24215 ) closes #24182 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-10-24 20:19:33 +02:00
mposolda	c18e8ff535	User profile tweaks in registration forms closes #24024	2023-10-20 06:31:21 -07:00
Marek Posolda	a6609bd969	Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517 ) Closes #12406 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-10 21:54:37 +02:00
Konstantinos Georgilakis	0044472f87	Add regex support in 'Condition - User attribute' execution Closes #265	2023-09-13 08:36:45 +02:00
Marek Posolda	506e2537ac	Registration flow fixed (#23064 ) Closes #21514 Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-09-08 08:05:05 +02:00
stianst	211c027adb	Remove use of Guava in services Closes #23009	2023-09-07 08:59:02 +02:00
Pedro Igor	ea3225a6e1	Decoupling legacy and dynamic user profiles and exposing metadata from admin api Closes #22532 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2023-08-29 08:14:47 -03:00
Marek Posolda	4dc929abb3	Missing client_id validation match when authenticating client with JW… (#22178 ) Closes #22177	2023-08-03 11:47:55 +02:00
mposolda	6f6b5e8e84	Fix authenticatorConfig for javascript providers Closes #20005	2023-07-31 19:28:25 +02:00
Ricardo Martin	ee35cfe478	Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages (#21897 ) * Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page Closes #10232	2023-07-26 11:34:19 +02:00
ali_dandach	ef19e08814	Fix String comparisona (#21752 ) Closes #21773	2023-07-21 10:37:24 +02:00
Daniele Martinoli	1644432df3	Reviewed solution as per reviewer's comments	2023-07-10 08:31:47 -03:00
Daniele Martinoli	d148a789f7	added clientNote to show the sign out option	2023-07-10 08:31:47 -03:00
Marek Posolda	51a9712e59	Improper Client Certificate Validation for OAuth/OpenID clients (#20 ) Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2023-06-28 17:52:48 -03:00
Daniele Martinoli	d9b271c22a	Extends the conditional user attribute authenticator to check the attributes of the joined groups (#20189 ) Closes #20007	2023-06-19 15:22:35 +02:00
Réda Housni Alaoui	eb9bb281ec	Require user to agree to 'terms and conditions' during registration	2023-06-08 10:39:00 -03:00
Marek Posolda	8080085cc1	Removing 'http challenge' authentication flow and related authenticators (#20731 ) closes #20497 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-06-08 14:52:34 +02:00
Saman-jafari	31db84e924	fix: issuedFor added to token to get client id into the token also redirect uri added to token and then passed to info template for "back to application" functionality test also added to check the availability of issueFor(azp) and redirect uri in Action Fixes #14860 Fixes #15136	2023-06-07 12:19:46 -03:00
ComplexSpaces	1af4a7a532	Pass webauthn signature algorithm IDs as integers instead of strings (#20832 ) closes #20831	2023-06-07 11:46:16 +02:00
Artur Baltabayev	041441f48f	Improved Reset OTP authenticator (#20572 ) * ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset. Closes #8753 --------- Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>	2023-06-06 08:30:44 -03:00
mposolda	bf9c5821cb	Fix for certificate revalidation closes https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542	2023-05-31 15:42:37 +02:00
Dominik Schlosser	8c58f39a49	Updates Datastore provider to contain full data model Closes #15490	2023-05-16 15:05:10 +02:00
Martin Bartoš	7cff857238	Migrate packages from javax.* to jakarta.* --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java - Modified --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified --- Quarkus3 branch sync no. 10 (17.3.2023) Resolved conflicts: keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java - Modified --- Quarkus3 branch sync no. 9 (10.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified --- Quarkus3 branch sync no. 8 (3.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java Modified - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified --- Quarkus3 branch sync no. 6 (17.2.2023) Resolved conflicts: keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified --- Quarkus3 branch sync no. 5 (10.2.2023) Resolved conflicts: /keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java Modified - Modified keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified --- Quarkus3 branch sync no. 4 (3.2.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified --- Quarkus3 branch sync no. 1 (18.1.2023) Resolved conflicts: keycloak/testsuite/client/ClientPoliciesTest.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified	2023-04-27 13:36:54 +02:00
mposolda	17c1b853e0	Custom implemention of OIDC Login Protocol doesn't get executed closes #19335	2023-03-31 11:54:32 -03:00
Michal Hajas	e49dfe534e	Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store Closes #17277	2023-03-29 16:43:01 +02:00
Marek Posolda	032ece9f7b	Clarify user session limits documentation and test SSO scenario (#19372 ) Closes #17374 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-03-29 10:08:45 +02:00
rmartinc	06ff8b016c	Don't set REMEMBER_ME if it's disabled at realm level Closes https://github.com/keycloak/keycloak/issues/11330	2023-03-07 15:01:58 +01:00
Michal Hajas	465019bec4	Extract attachDevice outside of storage layer Closes #17336	2023-03-03 17:58:34 +01:00
Zakaria Amine	fb5a7f654b	trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100 ) closes #15098	2023-03-03 17:49:27 +01:00
Zakaria Amine	0972edd6a5	Fix label for IdpReviewProfileAuthenticatorFactory (take 2) (#17062 ) Use static english text for IdpReviewProfileAuthenticatorFactory label config Closes #16658	2023-02-16 19:16:00 +01:00
drohwer89	4ff180da64	Terminating all sessions above the session limit (#16068 ) Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit. Closes #14689 Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-02-16 17:56:59 +01:00
Stian Thorgersen	d9025231f9	HTML Injection in Keycloak Admin REST API (#16765 ) Resolves #GHSA-m4fv-gm5m-4725 Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2023-02-01 14:34:15 +01:00
Zakaria Amine	f067c9aa26	Fix label for IdpReviewProfileAuthenticatorFactory (#15293 ) Closes #16658	2023-01-27 10:58:59 +01:00
mposolda	a804400c84	Added KERBEROS feature. Disable it when running tests on FIPS closes #14966	2023-01-25 18:38:46 +01:00
Pedro Igor	d797d07d8f	Ignore user profile attributes for service accounts Closes #13236	2023-01-10 16:26:53 +01:00
cknoblauch	ae74cadcfc	Add missing < to Javadoc	2023-01-04 14:06:53 +01:00
Michal Hajas	de7dd77aeb	Change id of TermsAndConditions required actions to uppercase Closes #9991	2022-12-07 10:51:37 -03:00
Pedro Igor	168734b817	Removing references to request and response from Resteasy Closes #15374	2022-12-01 08:38:24 -03:00
mposolda	3e9c729f9e	X.509 authentication fixes for FIPS Closes #14967	2022-11-25 11:50:30 +01:00
Stefan Guilhen	5c2a5fac31	Enable all test methods in ConcurrentLoginTest for JPA Map Storage - Tests still disabled for Hotrod and CHM - Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB. Closes #12707 Closes #13210	2022-11-24 13:36:22 +01:00
Stian Thorgersen	cf913af823	Add support for Microsoft Authenticator (#15272 ) Closes #15271	2022-11-02 12:56:07 +01:00
Stian Thorgersen	31aefd1489	OTP Application SPI (#14800 ) Closes #14800	2022-10-18 14:42:35 +02:00
Martin Kanis	761929d174	Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677 ) Closes #13334	2022-10-13 09:26:44 +02:00
Marcelo Daniel Silva Sales	22713bc144	Incorrect error message OIDC client authentication (#14656 ) closes #12162 Co-authored-by: Pedro Hos <pedro-hos@outlook.com>	2022-09-30 09:40:05 +02:00
David Anderson	a8db79a68c	Introduce crypto module using Wildfly Elytron (#14415 ) Closes #12702	2022-09-27 08:53:46 +02:00

1 2 3 4 5 ...

515 commits