libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
26603 commits 4 branches 5 tags 483 MiB
Commit graph

7025 commits

Author SHA1 Message Date
Giuseppe Graziano
612e2caae1 Refresh the login page when root auth session changes 
Closes #32658

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-11-04 18:31:42 +01:00
Alexander Schwartz
8be4237fd4
Fix failing test AdminEventQueryTest by adding required session parameter (#34612) 
Closes #34611

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-04 12:28:59 +01:00
Bernd Bohmann
7681687e0a
Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener 
inspired by
https://github.com/aerogear/keycloak-metrics-spi
https://github.com/please-openit/keycloak-native-metrics

Closes #33043

Signed-off-by: Bernd Bohmann <bommel@apache.org>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-11-04 08:56:24 +01:00
Stefan Guilhen
af434d6bc1 Add checks to prevent GroupLDAPStorageMapper from performing operations on groups it does not manage 
Closes #11008
Closes #17593
Closes #19652

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-11-01 15:49:55 -03:00
Thomas Darimont
36b01cbea0 Revise PAR request object parameter handlig (#34352) 
We now store the original parameter value as-is, in case only a single parameter value is provided. In case multiple parameter values are provided
for the same parameter, we only retain the first parameter.
This ensures that the original value is retained. Previously the value list from the
`decodedFormParameters` `MultivaluedMap` was converted to a String while replacing '[' and ']'
with an empty string, which corrupted the original parameter values stored.

Fixes #34352

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-10-31 16:26:31 +01:00
Pedro Igor
db780ed6c7 Trying to make sure there is no active tasks and introduce a timeout 
Closes #34432

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-31 12:10:22 +01:00
rmartinc
78aa08941a Fix NPE in ConditionalOtpFormAuthenticator if no configuration 
Closes #34298

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-31 07:48:07 -03:00
vramik
b27a5d05b4 Fix error message in test 
Signed-off-by: vramik <vramik@redhat.com>
 2024-10-30 12:26:03 -03:00
vramik
3d91df42d8 Declining terms and conditions in account-console results in error 
Closes #28328

Signed-off-by: vramik <vramik@redhat.com>
 2024-10-30 12:26:03 -03:00
Giuseppe Graziano
3d663802bb Fix flaky test for concurrent client creation on H2 database 
Closes #29290

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-10-29 20:58:50 -03:00
rmartinc
b52256facc Set client in context for dynamic scopes calculation 
Closes #33684

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-28 17:32:06 -03:00
Marek Posolda
3784fd1f67
Attempt to run snapshot Keycloak server against production DB should fail during migration 
closes #30364

Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-28 15:02:26 +00:00
Douglas Palmer
c816d5e030 Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP_bruteForceEnabled 
Closes #34075

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-10-28 11:30:38 -03:00
Pedro Ruivo
84f4bd8af1 Client Scope updates are not replicated between Keycloak nodes 
Fixes #33731

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-10-25 11:22:15 +02:00
rmartinc
e41553bcfb Create a new logout session when initiating it for another client 
Closes #34207

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-25 10:02:23 +02:00
Douglas Palmer
fd1dd49ade Flaky Test: BrowserFlowTest.testAlternativeNonInteractiveExecutorInSubflow() 
Closes #34273

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-10-24 22:36:11 +02:00
Martin Kanis
4f3ced9560 ConcurrentModificationException when restarting user sessions 
Closes #34093

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-10-24 21:26:50 +02:00
Steven Hawkins
b2ccde29bb
fix: persist build time spi options (#34157) 
closes: #33902

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-10-23 16:51:11 +02:00
Pedro Ruivo
f507caae6c Deleting a user leads to ISPN marshalling exception 
Fixes #34224

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-10-23 11:53:25 +02:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol 
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-22 20:19:19 +00:00
Gilvan Filho
c4005d29f0 add linear strategy to brute force 
closes #25917

Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
 2024-10-22 10:33:22 -03:00
rmartinc
6d52520730 Load client keys using SubjectPublicKeyInfo and upload jwks type into the jwks attributes for OIDC ones 
Closes #33820

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-22 14:24:15 +02:00
Martin Kanis
01026fab79 Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP_bruteForceEnabled 
Closes #34075

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-10-22 08:06:56 -03:00
mposolda
703f16ea86 Hide the 'Delete' button in the account console when DeleteCredentialAction is disabled or unavailable 
closes #30204

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-22 11:07:08 +02:00
Pedro Igor
6d5923d560 Tests for role and time policy configuration validation 
Closes #28978

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-22 05:43:05 -03:00
Douglas Palmer
271e749c82 ResetPasswordTest.resetPasswordExpiredCode Error -> AbstractKeycloakTest.deleteAllCookiesForRealm:297 
Closes #33940

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-10-22 09:09:16 +02:00
rmartinc
2004467749 Check alias is unique for authenticator config when it is created 
Closes #31727

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-21 15:25:32 +02:00
Simon Levermann
dcf1d83199
Enable enforcement of a minimum ACR at the client level (#16884) (#33205) 
closes #16884 

Signed-off-by: Simon Levermann <github@simon.slevermann.de>
 2024-10-21 13:54:02 +02:00
Douglas Palmer
2dd754533d Flaky Test ResetPasswordTest.resetPasswordLoggedUser:188->openResetPasswordUrlAndDoFlow:252 
Closes #34023

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-10-21 08:36:49 +02:00
Igor Petrov
8e872818c5 feat: eliminate client secret requirement 
This commit eliminates neccessity for providing client secret when
constructing client via Admin Client API. The requirement for client
secret became obsolete when Keycloak onboarded a X509 certificate
authorizer.

closes #33755

Signed-off-by: Igor Petrov <igor.petrov-ext@camunda.com>
 2024-10-18 16:35:15 +02:00
Pedro Igor
3a9bab35b6 Fixing action token lifespan information in the invitation email 
Closes #34049

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-18 09:10:14 +02:00
Pedro Igor
d1dba15964 Do not show domain match message in the identity-first login when no login hint is provided 
Closes #34069

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-18 09:05:27 +02:00
Pedro Igor
ee38d551ce Respect the locale set to a user when redering verify email pages 
Closes #34063

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-18 09:04:38 +02:00
Stefan Guilhen
7d8ff710c2 Invalidate user session when associated IdP is missing (previously removed) 
Closes #31724

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-10-17 16:30:51 -03:00
Pascal Knüppel
41ee68611f
Allow to create EC certificates if new EC-key-provider is created (#31843) 
Closes #31842

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-10-17 16:05:59 +02:00
Thomas Darimont
6a4ec24015 Users have to authenticate first before account-console is loaded 
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-10-17 07:53:20 -03:00
Thomas Darimont
c400eff9b0 Account console backend should redirect to login on missing auth (#31469) 
Adapted the login redirect logic from the old account console.

Fixes #31469

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-10-17 07:53:20 -03:00
rmartinc
13655007a6 Remove online session for offline access in direct access grants and client credentials 
Closes #32650

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-17 10:49:05 +02:00
Martin Kanis
a8a5c96510 Fix unstable testPostBrokerLoginFlowWithOTP_bruteForceEnabled test 
Closes #33549

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-10-15 15:36:05 -03:00
Martin Kanis
8fb5ecaa6c Auth not possible for auth session where user was enabled in the meantime 
Closes #33883

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-10-15 14:28:36 -03:00
Jon Koops
228c21a7a0
Allow Keycloak JS to be initialized without passing options (#33950) 
Closes #8935

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-15 17:46:15 +02:00
Pedro Igor
b76f4f9c1b Avoid iterating over user policies when removing users 
Closes #19358

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-15 15:01:40 +02:00
Martin Kanis
0ebf862b63 LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and user already exists 
Closes #32266

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-10-11 09:16:17 -03:00
rmartinc
7e5734fd48 Fix incorrect filter in docker protocol 
Closes #33776

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-11 08:58:18 +02:00
Pedro Igor
9a3d81c23e Only process organization selection when the user is identified 
Closes #33699

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-10 16:24:25 +02:00
rmartinc
a74e60f4d7 Check email with ignorecase when setting basic attributes in IdP 
Closes #31848

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-10 09:55:58 +02:00
Jon Koops
3930356c21
Treat unencrypted local origins as an insecure context in Safari (#33700) 
Closes #33557

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-09 23:38:03 +02:00
Douglas Palmer
a276b3bb3d Flaky test: org.keycloak.testsuite.forms.BrowserButtonsTest#appInitiatedRegistrationWithBackButton 
Closes #32676

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-10-09 08:00:57 +02:00
rmartinc
467e881725 Use clickLink in delete credential page 
Closes #33505

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-08 12:22:53 +02:00
mposolda
07cf71e818 Better logging when error happens during transaction commit 
closes #33275

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-08 11:14:10 +02:00