libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
25687 commits 4 branches 9 tags 483 MiB
Commit graph

6852 commits

Author SHA1 Message Date
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC (#31763) 
closes #31712 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1 Add a media type to error responses on OID4VC endpoints 
Closes #31585

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-08-02 12:09:09 +02:00
Justin Tay
f537343545 Allow empty key use in JWKS from identity provider 
Closes #31823

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-02 11:39:43 +02:00
rmartinc
773e309f75 Parse saml urls correctly if the bindings are different 
Closes #31780

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-02 11:34:06 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature 
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-01 16:16:19 +02:00
Ryan Emerson
176ac3404a EmbeddedInfinispanSplitBrainTest fails with "IllegalState Session not bound to a realm" 
Closes #31828

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-08-01 13:58:41 +02:00
Ryan Emerson
8d7e18ec29 Clear local caches on split-brain heal 
Closes #25837

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-07-31 13:59:06 +02:00
Pedro Ruivo
17e30e9ec1 Persist revoke tokens with remote cache feature 
Stores the revoked tokens into the database and preloads them during
startup.

Fixes #31760

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-31 11:02:38 +02:00
Thomas Darimont
282260dc95 Ensure issued_client_type is always added to successful token-exchange response (#31548) 
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1)
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type

Fixes #31548

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-30 18:33:51 +02:00
rmartinc
a6c70d65ee Do not generate secret when client rep do not specifiy public or bearer 
Closes #31444

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-30 18:32:15 +02:00
Pedro Ruivo
e62604b1ec ConditionalRemover interface for External Infinispan feature 
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries

On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.

Fixes #31046

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-30 15:16:17 +02:00
Pedro Igor
a79761a447 Support for blocking concurrent requests when brute force is enabled 
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-30 10:01:48 +02:00
Hynek Mlnarik
183cd6c957 Run tests with keycloak.v2 login theme 
The fixes (mostly selectors) are needed for tests.

In the future, to switch the keycloak.v2 to the default theme, do
the following:

- Update `ThemeSelectorProvider`: Uncomment relevant lines
- Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property
- Update `ThemeSelectorTest` per comment

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-30 10:01:17 +02:00
Martin Kanis
d91d6d18d5 Can not update organization group error when trying to create organisation from REST API 
Closes #31144

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes (#29967) 
fixes #30179
fixes #30181


Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-29 16:30:54 +02:00
Stefan Guilhen
17c01c9380 Enable new IDP Storage SPI in JPA model tests 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs (#31620) 
closes #31581 


Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645 Respect the username value format when processing federated users 
Closes #31240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators (#31549) 
Closes #30476

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:03:21 +02:00
Pedro Igor
04bd6653ec Invalidating domain cache and introducing cache for more query methods 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations 
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Giuseppe Graziano
12732333c8 Client scope assignment for client registration 
Closes #31062

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-26 17:33:49 +02:00
Stefan Guilhen
c9f5a0aa32 Testsuite: ensure realm is set in session context 
Closes #31636

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-26 11:11:44 -03:00
Lex Cao
3818f8f575 Prevent removing flow that used by client flow overrides 
Closes #30707

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-07-26 16:05:29 +02:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens 
Closes #31296

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-26 11:46:14 +02:00
vramik
01f5747eed If the user is federated before the broker is associated with an organization this user is not a managed user 
Closes #30744

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy 
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
 2024-07-24 15:12:16 -03:00
Kamesh Akella
33b3fd313c
Add migration tests for AuroraDB (#31396) 
Fixes #31024
Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
 2024-07-24 16:45:02 +02:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation(#30692) 
closes #30525 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-24 13:45:39 +02:00
Miquel Simon
aab7a912c4
Updated connection configuration for MSSQL test container 
Closes #31558

Signed-off-by: Miquel Simon <msimonma@redhat.com>
 2024-07-24 09:12:58 +00:00
Hynek Mlnarik
a7374f92be Update login theme to login v2 
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
Hynek Mlnarik
ab6ca323db Run docker tests with proper theme and fix chromedriver path 
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
mposolda
3110bb8989 Missing Cache-Control header when response_type parameter is missing in login request 
closes #29866

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-18 10:17:52 +02:00
rmartinc
5ea3becef5 Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest 
Closes #30188
Closes #30641

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-18 10:03:13 +02:00
Pascal Knüppel
018a0802bc
Remove java.util.Date from VerifiableCredential (#30920) 
closes #30918

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-07-18 09:52:02 +02:00
mposolda
06f6173c8a Add suffix to keycloak-authz-client artifact in keycloak repository 
closes #30926

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-17 14:59:09 +02:00
Martin Kanis
e5848bdcf9 Cannot set unmanagedAttributePolicy without profile attributes 
Closes #31153

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-17 09:53:59 -03:00
mposolda
5526976d1c Add suffix to keycloak-policy-enforcer artifacts in keycloak repository 
closes #30927

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-17 12:03:23 +02:00
Ricardo Martin
3d12c05005
Correctly moves to the next required action (#31358) 
Closes #31014

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>


Co-authored-by: Giuseppe Graziano <g.graziano94@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-07-17 09:38:29 +02:00
Pedro Igor
de1de06354 Avoid adding organization flows if they are already exist 
Closes #31182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-17 08:28:00 +02:00
Stefano Azzalini
6d67c1f9cc
Normalize default authentication flow descriptions to start with an uppercase letter (#31277) 
Closes #31291

Signed-off-by: Stefano Azzalini <stefano.azzalini@luminator.com>
 2024-07-16 13:49:35 +02:00
Lex Cao
6c71ad2884 Fallback to no override flow when missing in client override 
Closes #30765

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-07-16 11:33:41 +02:00
Thomas Darimont
2140e573f2
Fix test LDAP connection with multiple ldap connection urls 
Previously, the given connection string was check with URI.create(..) which
failed when multiple space separated LDAP URLs were given.

Closes #31267

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-16 08:57:50 +02:00
Martin Kanis
887db25f00 Allow auto-redirect existing users federated from organization broker when using the username 
Closes #30746

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-15 13:48:45 -03:00
mposolda
1864cf1827 Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25 
closes #31224

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-15 18:30:35 +02:00
Pedro Igor
c33585a5f4 All pubic brokers are shown during authentication rather than only those associated with the current organization 
Closes #31246

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-12 17:51:39 +02:00
Giuseppe Graziano
1df60461a9 Avoid race condition when using initial-access-token 
Closes #27294

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-12 16:33:02 +02:00
Douglas Palmer
9300903674 page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt 
Closes #25440

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-07-12 16:24:21 +02:00
Pascal Knüppel
4028ada2a5
Add required default-context value to VerifiableCredential (#30959) 
closes #30958

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-11 18:25:11 +02:00