keycloak-scim

Author	SHA1	Message	Date
Clement Cureau	73378df52e	[KEYCLOAK-11621] Allow user creation via group permissions (Admin API) Problem: Using fine-grained admin permissions on groups, it is not permitted to create new users within a group. Cause: The POST /{realm}/users API does not check permission for each group part of the new user representation Solution: - Change access logic for POST /{realm}/users to require MANAGE_MEMBERS and MANAGE_MEMBERSHIP permissions on each of the incoming groups Tests: Manual API testing performed: 1. admin user from master realm: - POST /{realm}/users without groups => HTTP 201 user created - POST /{realm}/users with groups => HTTP 201 user created 2. user with MANAGE_MEMBERS & MANAGE_MEMBERSHIP permissions on group1 - POST /{realm}/users without groups => HTTP 403 user NOT created - POST /{realm}/users with group1 => HTTP 201 user created - POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created - POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created 3. user with MANAGE_MEMBERS permission on group1 - POST /{realm}/users without groups => HTTP 403 user NOT created - POST /{realm}/users with group1 => HTTP 403 user NOT created - POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created - POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created	2020-09-10 12:26:55 -03:00
testn	706299557e	KEYCLOAK-15174: ResourceServerAdapter.toEntity checks the wrong type	2020-09-10 12:19:25 -03:00
testn	c288175c03	KEYCLOAK-15208: PermissionTicketAdapter checks for the wrong type	2020-09-10 12:16:48 -03:00
Sebastian Laskawiec	e01159a943	KEYCLOAK-14767 OpenShift Review Endpoint audience fix	2020-09-09 11:57:24 -03:00
Takashi Norimatsu	cbb79f0430	KEYCLOAK-15448 FAPI-RW : Error Response on OIDC private_key_jwt Client Authentication Error (400 error=invalid_client)	2020-09-09 11:14:21 +02:00
mhajas	df52c12ebb	KEYCLOAK-15479 Replace enlistAfterCompletion with enlist in MapClientProvider	2020-09-09 08:27:38 +02:00
Benjamin Weimer	b2934e8dd0	KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found	2020-09-08 11:17:20 -03:00
Martin Kanis	4e9bdd44f3	KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak	2020-09-07 13:11:55 +02:00
stianst	76f7fbb984	KEYCLOAK-14548 Add support for cached gzip encoding of resources	2020-09-07 00:58:47 -07:00
Martin Bartos	e34ff6cd9c	[KEYCLOAK-14326] Identity Provider force sync is not working	2020-09-07 09:42:40 +02:00
Takashi Norimatsu	1d8230d438	KEYCLOAK-14190 Client Policy - Condition : The way of creating/updating a client	2020-09-04 09:54:55 +02:00
Luca Leonardo Scorcia	67b2d5ffdd	KEYCLOAK-14961 SAML Client: Add ability to request specific AuthnContexts to remote IdPs	2020-09-03 21:25:36 +02:00
Hynek Mlnarik	1c4a2db8e1	KEYCLOAK-14510 Properly close Response object	2020-09-03 11:23:05 +02:00
Simon Legner	bed664e4fe	KEYCLOAK-15186 Sort user federation table	2020-09-02 17:40:41 -04:00
stianst	a92bf0c3be	KEYCLOAK-15091 Fix issue with custom favicon.ico	2020-09-02 23:18:49 +02:00
Konstantinos Georgilakis	1fa93db1b4	KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing	2020-09-02 20:43:09 +02:00
Takashi Norimatsu	aad3bdcb88	KEYCLOAK-15251 keycloak-themes build fails in windows	2020-09-02 12:40:07 -04:00
Takashi Norimatsu	b93a6ed19f	KEYCLOAK-14919 Dynamic registration - Scope ignored	2020-09-02 13:59:22 +02:00
Takashi Norimatsu	107a429238	KEYCLOAK-15236 FAPI-RW : Error Response on OAuth 2.0 Mutual TLS Client Authentication Error (400 error=invalid_client)	2020-09-02 09:31:20 +02:00
mhajas	3928a49c77	KEYCLOAK-14816 Reset brute-force-detection data for the user after a successful password grant type flow	2020-09-01 21:45:17 +02:00
Hynek Mlnarik	583fa07bc4	KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking	2020-09-01 20:40:38 +02:00
testn	0362d3a430	KEYCLOAK-15113: Move away from deprecated Promise.success()/error()	2020-09-01 14:26:44 -04:00
Zack Powers	0001a930b4	KEYCLOAK-15068: Fix 15068 by parameterizing ProviderFactory with LoginFormsProvider.	2020-09-01 12:17:17 +02:00
Iavael	f021f72fcd	[KEYCLOAK-14663] Fix spelling in RU translation https://en.wiktionary.org/wiki/%D0%BF%D1%80%D0%B8%D0%B2%D0%B8%D0%BB%D0%B5%D0%B3%D0%B8%D1%8F	2020-09-01 12:01:13 +02:00
Jon Koops	b64cf3c315	KEYCLOAK-14980 Remove references to Bower	2020-09-01 11:49:58 +02:00
mhajas	bdccfef513	KEYCLOAK-14973 Create GroupStorageManager	2020-09-01 10:21:39 +02:00
Luca Leonardo Scorcia	03c07bd2d7	KEYCLOAK-14902 Replace SAML SP metadata export with link to descriptor	2020-08-31 22:26:30 +02:00
testn	b392084297	KEYCLOAK-15173: Fix bug in SAML11EvidenceType.remove()	2020-08-31 21:46:26 +02:00
Martin Bartos	9c847ab176	[KEYCLOAK-14432] Unhandled NPE in identity broker auth response	2020-08-31 14:14:42 +02:00
Martin Kanis	d59a74c364	KEYCLOAK-15102 Complement methods for accessing groups with Stream variants	2020-08-28 20:56:10 +02:00
kaibo-ondruska	6d45d715d3	KEYCLOAK-15369 fix Czech translation "Přihlasovací" should be "Přihlašovací"	2020-08-28 14:54:50 +02:00
Thomas Darimont	300b15e604	KEYCLOAK-15214 Improve SimpleHTTP - Added support for configuring socket, connect and request timeouts on request level. - Added support for HTTP HEAD and HTTP PATCH methods - Small refactorings	2020-08-26 10:34:11 +02:00
Martin Kanis	4be99772d8	KEYCLOAK-14967 Closing streams obtained from JPA layer	2020-08-25 21:47:24 +02:00
Thomas Darimont	df94cefbc1	KEYCLOAK-12729 Revise password policy not-email tests - Added missing cleanup to RegisterTest - Revised test-setup for AccountFormServiceTest	2020-08-21 14:55:07 +02:00
Thomas Darimont	0f967b7acb	KEYCLOAK-12729 Add password policy not-email Added test cases and initial translations	2020-08-21 14:55:07 +02:00
Stan Silvert	35931d60eb	KEYCLOAK-15137: Move PF4 css files to keycloak/common	2020-08-20 08:46:28 -04:00
mposolda	95d4feedfd	KEYCLOAK-14945 Improve the instructions for running the tests	2020-08-20 14:05:58 +02:00
mposolda	bd48d7914d	KEYCLOAK-15139 Backwards compatibility for LDAP Read-only mode with IMPORT_USERS enabled	2020-08-20 14:05:21 +02:00
Pratik Somanagoudar	f486e97c18	KEYCLOAK-15087 : Reduce get client and get roles calls in realm create	2020-08-20 08:49:51 -03:00
Hynek Mlnarik	6231b7c904	KEYCLOAK-15207 Fix map storage test failures	2020-08-20 07:53:54 +02:00
Pedro Igor	cb57c58b4b	[KEYCLOAK-14730] - Consent not working when using federation storage and client is displayed on consent screen	2020-08-19 10:08:21 +02:00
mposolda	a427784350	KEYCLOAK-14996 Fix performance bottleneck in GroupLDAPStorageMapper.getAllKcGroups	2020-08-18 18:04:32 +02:00
mhajas	ae39760a62	KEYCLOAK-14972 Add independent GroupProvider interface	2020-08-13 21:13:12 +02:00
Benjamin Weimer	fdcfa6e13e	KEYCLOAK-15156 backchannel logout offline session handling	2020-08-13 08:09:59 -03:00
Pedro Igor	db84699979	[KEYCLOAK-11322] - Update Quarkus 1.7.0.Final	2020-08-12 15:09:42 -03:00
David Hellwig	ddc2c25951	KEYCLOAK-2940 - draft - Backchannel Logout (#7272 ) * KEYCLOAK-2940 Backchannel Logout Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com> Co-authored-by: David Hellwig <hed4be@bosch.com>	2020-08-12 09:07:58 -03:00
Sebastian Paetzold	4ff34c1be9	KEYCLOAK-14890 Improve null handling in case of missing NameId	2020-08-06 10:45:22 -03:00
testn	d634ca3885	KEYCLOAK-14978: Optimize addDefaultClientScopes() when there is no default scopes This eliminates an extra database call to check whether the scopes already exist	2020-08-06 10:42:30 -03:00
testn	1c905761e6	KEYCLOAK-14966: Fix SAML11ConditionsType remove() has the wrong argument type	2020-08-06 10:37:31 -03:00
Lorent Lempereur	9200195f25	[KEYCLOAK-13950] SAML2 Identity Provider - Send Subject in SAML requests (missing translations)	2020-08-06 10:35:03 -03:00

... 2 3 4 5 6 ...

12757 commits