libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
25816 commits 4 branches 5 tags 480 MiB
Commit graph

4734 commits

Author SHA1 Message Date
Stefan Guilhen
6e7b36e82f Add migration tests for the IDP changes 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values 
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-19 08:45:23 -03:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18 
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-16 12:17:43 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values (#32137) 
closes #31595

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
 2024-08-16 08:58:27 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00 Support for resolving organization based on the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies 
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource 
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac Client Policy - Condition : Client - Client Attribute 
Closes https://github.com/keycloak/keycloak/issues/31766

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2024-08-14 09:56:56 +02:00
Pedro Igor
d04d2bb852 Allow removing users federated from a kerberos provider 
Closes #31603

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-13 18:47:55 +02:00
rmartinc
a38d3b2f55 SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface 
Closes #32084

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-13 15:53:45 +02:00
rmartinc
347f595913 Add ECDH-ES encyption algorithms to the java keystore key provider 
Closes #32023

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a Conditionally redirect existing users to a broker based on their credentials 
Closes #31006

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-09 07:59:25 -03:00
Alexander Schwartz
07a168cb14 Deleted authentication sessions should not be re-surrected with an update 
Closes #31829

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-09 07:26:05 -03:00
rmartinc
2a06e1a6db Add SHAKE256 hash provider for Ed448 
Closes #31931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Pedro Igor
3ab2446074 Do not return identity providers when querying the realm representation 
Closes #21072

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-07 10:06:51 -03:00
StephanSchrader
4d64092119
Fix persist config values for custom components (#31862) 
Closes #31858

Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de>
Signed-off-by: Stephan Schrader <zstephanz@gmail.com>
Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>
 2024-08-07 14:40:30 +02:00
Giuseppe Graziano
35c8c09b8d OIDC dynamic client registration with response_type=none 
Closes #19564

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-08-07 10:34:47 +02:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Nikos Epping
4080ee2e84 Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper 
Fixes #31575

Signed-off-by: Nikos Epping <n.epping@evosec.de>
 2024-08-05 10:22:22 +02:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC (#31763) 
closes #31712 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1 Add a media type to error responses on OID4VC endpoints 
Closes #31585

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-08-02 12:09:09 +02:00
Justin Tay
f537343545 Allow empty key use in JWKS from identity provider 
Closes #31823

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-02 11:39:43 +02:00
rmartinc
773e309f75 Parse saml urls correctly if the bindings are different 
Closes #31780

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-02 11:34:06 +02:00
Thomas Darimont
282260dc95 Ensure issued_client_type is always added to successful token-exchange response (#31548) 
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1)
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type

Fixes #31548

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-30 18:33:51 +02:00
rmartinc
a6c70d65ee Do not generate secret when client rep do not specifiy public or bearer 
Closes #31444

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-30 18:32:15 +02:00
Pedro Igor
a79761a447 Support for blocking concurrent requests when brute force is enabled 
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-30 10:01:48 +02:00
Hynek Mlnarik
183cd6c957 Run tests with keycloak.v2 login theme 
The fixes (mostly selectors) are needed for tests.

In the future, to switch the keycloak.v2 to the default theme, do
the following:

- Update `ThemeSelectorProvider`: Uncomment relevant lines
- Update `testsuite/integration-arquillian/tests/pom.xml`: Revert the change in `<login.theme.default>` property
- Update `ThemeSelectorTest` per comment

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-30 10:01:17 +02:00
Martin Kanis
d91d6d18d5 Can not update organization group error when trying to create organisation from REST API 
Closes #31144

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes (#29967) 
fixes #30179
fixes #30181


Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-29 16:30:54 +02:00
Francis Pouatcha
cc78fd7ca0
Provided keycloak with a protocol mapper, that can allow to optionally add iat and nbf claims to VCs (#31620) 
closes #31581 


Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-29 09:32:48 +02:00
Pedro Igor
87c279d645 Respect the username value format when processing federated users 
Closes #31240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:28:43 +02:00
Pedro Igor
4d8c525644
Make sure changes to user profile metadata is not stored when calling decorators (#31549) 
Closes #30476

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:03:21 +02:00
Pedro Igor
04bd6653ec Invalidating domain cache and introducing cache for more query methods 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations 
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Giuseppe Graziano
12732333c8 Client scope assignment for client registration 
Closes #31062

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-26 17:33:49 +02:00
Stefan Guilhen
c9f5a0aa32 Testsuite: ensure realm is set in session context 
Closes #31636

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-26 11:11:44 -03:00
Lex Cao
3818f8f575 Prevent removing flow that used by client flow overrides 
Closes #30707

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-07-26 16:05:29 +02:00
vramik
01f5747eed If the user is federated before the broker is associated with an organization this user is not a managed user 
Closes #30744

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy 
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
 2024-07-24 15:12:16 -03:00
Kamesh Akella
33b3fd313c
Add migration tests for AuroraDB (#31396) 
Fixes #31024
Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
 2024-07-24 16:45:02 +02:00
Francis Pouatcha
30be268672
Enhance Verifiable Credential Signing Service Flexibility and Key Rotation(#30692) 
closes #30525 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-07-24 13:45:39 +02:00
Miquel Simon
aab7a912c4
Updated connection configuration for MSSQL test container 
Closes #31558

Signed-off-by: Miquel Simon <msimonma@redhat.com>
 2024-07-24 09:12:58 +00:00
Hynek Mlnarik
a7374f92be Update login theme to login v2 
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
Hynek Mlnarik
ab6ca323db Run docker tests with proper theme and fix chromedriver path 
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
mposolda
3110bb8989 Missing Cache-Control header when response_type parameter is missing in login request 
closes #29866

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-18 10:17:52 +02:00
rmartinc
5ea3becef5 Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest 
Closes #30188
Closes #30641

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-18 10:03:13 +02:00