libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
21695 commits 4 branches 5 tags 480 MiB
Commit graph

5960 commits

Author SHA1 Message Date
Alexander Schwartz
0b2802fa18 Fixing compile time warnings 
Avoiding calling deprecated methods, and adding compile time dependencies for annotations.

Closes #17499
 2023-03-09 15:42:55 +01:00
vramik
31e4c5cb7e Add storage-jpa-db property into Quarkus. Distinguish postgres and crdb for jpa map store. 
Closes #17305
 2023-03-09 11:09:56 +01:00
Tero Saarni
9052ec2b02
Add admin events for realm create/delete. (#10831) 
Closes #10733
 2023-03-07 15:57:06 +01:00
Simon Levermann
96c1cf3c49 Allow mapping of UserSessionNotes into UserInfo 
Fixes #15369
 2023-03-07 15:25:14 +01:00
rmartinc
a56b38c5a6 Don't remove session and don't reset restart cookie if passive check error 
Closes https://github.com/keycloak/keycloak/issues/11340
 2023-03-07 15:10:09 +01:00
rmartinc
06ff8b016c Don't set REMEMBER_ME if it's disabled at realm level 
Closes https://github.com/keycloak/keycloak/issues/11330
 2023-03-07 15:01:58 +01:00
Michal Hajas
837c64de3d Add support for pessimistic locking to HotRod 
Closes #13273
 2023-03-07 10:44:31 +01:00
Alexander Schwartz
f6f179eaca Rework the export to use CLI options and property mappers 
Also, adding the wiring to support Model tests for the export.

Closes #13613
 2023-03-07 08:22:12 +01:00
mposolda
a0192d61cc Redirect loop with authentication success but access denied at default identity provider 
closes #17441
 2023-03-06 10:45:01 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer 
Closes #17336
 2023-03-03 17:58:34 +01:00
Zakaria Amine
fb5a7f654b
trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds (#15100) 
closes #15098
 2023-03-03 17:49:27 +01:00
Jon Koops
6d2e57f93a
Move Keycloak JS into the NPM workspace (#17401) 2023-03-03 13:56:53 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Alexander Schwartz
95a6effcef Increase memory for the model tests to avoid an OOM error 
Closes #17427
 2023-03-03 10:55:03 +01:00
Alexander Schwartz
1e4401f521 Avoid returning the same entity multiple times from separate searches 
Closes #15604
 2023-03-02 08:21:38 +01:00
mposolda
b28bde542f referrer_url is not correctly computed in account console 
closes #16484
 2023-03-01 20:49:15 +01:00
Marek Posolda
59f4fe1c60
NPE on Theme after upgrade to 21 when parent or import theme not exists (#17350) 
* NPE on Theme after upgrade to 21 when parent or import theme not exists
closes #17313

* Update per review
 2023-03-01 15:46:37 +00:00
Michal Hajas
e02c95f9d3 Fix testReleaseAllLocksMethod timing out intermittently 
Closes #17337
 2023-03-01 14:55:50 +01:00
rmartinc
5cdf4d5791 Read-Only attributes should be modified if creation is delayed for LDAP 
Closes https://github.com/keycloak/keycloak/issues/16848
 2023-03-01 11:26:57 +01:00
Michal Hajas
7899c6c80a Make DeviceRepresentationProvider available for all model test profiles 
Closes #17329
 2023-02-28 14:55:48 +01:00
Pedro Igor
fbf5541802 Remove duplicated set-cookie header from response when expiring cookies 
Closes #17192
 2023-02-27 14:17:27 -03:00
lpa
3cd413dee1 SOAP backchannel logout for SAML protocol 
Closes #16293
 2023-02-27 14:24:12 +01:00
rmartinc
38a46726e4 Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers 
Closes https://github.com/keycloak/keycloak/issues/15624
 2023-02-27 10:14:48 -03:00
Miquel Simon
923a321a55
Run WebAuthn IT with Chrome. (#17256) 2023-02-23 20:58:13 +00:00
Václav Muzikář
557a22968c
Stabilize Account Console UI tests (#17243) 
Closes #17178
Closes #17102
Closes #17070
Closes #17045
Closes #17044
Closes #16875
Closes #16870
Closes #16715
Closes #16670
Closes #16646
Closes #16627
Closes #16620
 2023-02-23 12:35:08 +01:00
Marek Posolda
b9ab942ef8
FIPS related docs (#17196) 
* FIPS related docs
Closes #16444 #12432 #12429

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-02-22 12:47:15 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview (#17228) 
* Polish fips-mode switch for preview
Closes #17208 #17210 


Co-authored-by: mposolda <mposolda@gmail.com>
 2023-02-22 12:12:52 +01:00
mposolda
5ac8f7c1ef Link 'Sign out' incorrectly hardcoded to localhost in the authz example applications 
closes #17216
 2023-02-21 15:49:20 +01:00
Douglas Palmer
1d75000a0e Create an SPI for DeviceActivityManager 
closes #17134
 2023-02-20 09:29:11 +01:00
drohwer89
4ff180da64
Terminating all sessions above the session limit (#16068) 
Adjusts implementation of UserSessionLimitsAuthenticator to terminate all sessions above the session limit.

Closes #14689

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-02-16 17:56:59 +01:00
rmartinc
9995a3cdd4 lastSync value into COMPONENT_CONFIG is always updated 
Closes https://github.com/keycloak/keycloak/issues/17022
 2023-02-16 17:48:49 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode 
Closes #17119
 2023-02-16 08:00:21 -03:00
sui.jieqiang
1f6fa0501c Fix search user groups without limit 
Closes #12649
 2023-02-15 15:50:46 +01:00
rmartinc
fbc9177f27 Doublecheck if we need to override properties in java.security 
Closes https://github.com/keycloak/keycloak/issues/16702
 2023-02-15 12:33:48 +01:00
vramik
7b604d6784 Sync properties in map-storage-jpa-cocroach with other profiles 
Closes #17107
 2023-02-15 10:49:22 +01:00
Michal Hajas
1f929c78af Make lockTimeout more friendly for JPA map storage 
Closes #16616
 2023-02-15 10:38:18 +01:00
Hynek Mlnarik
bb0eb899a7 Add ability to run arq testsuite with file store 
Fixes: #17032
 2023-02-15 10:17:23 +01:00
Hynek Mlnarik
2665fb01a6 File storage: Fix path traversal 
Fixes: #17029
 2023-02-14 14:30:14 +01:00
Pedro Igor
9e46b9e43f Handling events after transaction completion using a separate session 
Closes #15656
 2023-02-14 13:10:57 +01:00
Václav Muzikář
a57821ed80 Fix JDK 17 InaccessibleObjectException with infinispan 2023-02-13 17:09:36 -03:00
Miquel Simon
48a22ff2f3
Added WebAuthn integration tests to CI workflow. (#16608) 2023-02-13 12:28:25 +00:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML 
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
 2023-02-10 12:06:49 +01:00
Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite (#16970) 
Closes #16969
 2023-02-09 12:21:33 +01:00
Pedro Igor
017ddc670b Removing references to old admin console test artifacts 2023-02-08 17:22:45 -03:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest (#16914) 
Closes #16896
 2023-02-08 14:49:49 +00:00
Dmitry Telegin
5f39aeb590 Pre-authorization hook for client policies 
Closes #9017
 2023-02-08 15:06:32 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction 
Closes #13280
 2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme (#16864) 
Closes #16862
 2023-02-08 09:22:39 +01:00
Hynek Mlnařík
f71ab092de
File store basis 
Fixes: #16676

---

* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite

---------

Co-authored-by: vramik <vramik@redhat.com>
 2023-02-07 14:59:23 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861) 
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
 2023-02-07 12:59:35 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens 
Closes #8833
 2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92 Revise blacklist password policy provider #8982 
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-02-07 10:36:39 +01:00
Martin Kanis
5ba004b447 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage 2023-02-07 10:01:32 +01:00
Stian Thorgersen
fc075a3d35
Remove old admin console tests (#16859) 
Closes #16858
 2023-02-07 08:51:36 +01:00
Denis Bernard
5db64133b8 Add Attribute to Group Mapper for SAML IDP 
Cleansing code as PR Comment

Add test for Advanced Attribute to Group Mapper

Closes #12950
 2023-02-06 10:58:48 -03:00
Pedro Igor
1a1ee78dbd Removing tests from base group broker mapper test classes 2023-02-06 10:58:48 -03:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798) 
Closes #16797
 2023-02-03 15:31:25 +01:00
rmartinc
f8f112d8d2
Upgrade twitter4j (#16828) 
Closes https://github.com/keycloak/keycloak/issues/16731
 2023-02-03 15:28:37 +01:00
mposolda
0e374c7a45 Any tests using PhantomJS failing in some linux environments 
closes #16818
 2023-02-03 15:19:57 +01:00
Stian Thorgersen
0fa209c29a
WelcomeScreenTest#resourcesTest (#16761) 
* Fix WelcomeScreenTest#resourcesTest

Closes #16669

* Add one more retry
 2023-02-03 09:41:48 +01:00
Marek Posolda
51bed81814
Fixes for OOB endpoint and KeycloakSanitizer (#16773) 
(cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)
 2023-02-02 08:34:50 +01:00
Pedro Igor
e3c41ec3a0 Ignoring test methods from parent classes 
Closes #15687
 2023-02-01 14:58:03 -08:00
Stian Thorgersen
d9025231f9
HTML Injection in Keycloak Admin REST API (#16765) 
Resolves #GHSA-m4fv-gm5m-4725

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-02-01 14:34:15 +01:00
Alexander Schwartz
c6aba2e3de Make LockAcquiringTimeoutException a RuntimeException 
Closes #16690
 2023-01-31 08:21:32 +01:00
Marek Posolda
33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode (#16699) 
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
 2023-01-30 16:01:57 +01:00
mposolda
7f017f540e BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication 
Closes #16678
 2023-01-30 08:40:46 +01:00
Martin Kanis
c4255e7301 Wrong property for events in map-storage-hot-rod on Undertow 2023-01-27 14:24:34 +01:00
mposolda
5591b5198b Still test failures with BCFIPS approved mode due the hardcoded keys 
Closes #16643
 2023-01-26 15:50:29 +01:00
Pedro Igor
f6602e611b Allow managing the username idn homograph validator 
Closes #13346
 2023-01-26 04:55:43 -08:00
Michal Hajas
eb59fdb772 Add transaction tests to model tests 
Closes: #15890
 2023-01-26 12:55:22 +01:00
mposolda
a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS 
closes #14966
 2023-01-25 18:38:46 +01:00
mposolda
16888eaeab Only available RSA key sizes should be shown in admin console 
Closes #16437
 2023-01-25 13:15:07 +01:00
mposolda
29888dbf1a Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant 
Closes #12420
 2023-01-25 08:26:15 +01:00
Miquel Simon
83147a67a0
Added New Account Console Tests to CI workflow. (#16547) 2023-01-24 16:01:03 +01:00
Hynek Mlnarik
977cc473bb Fix linebreaks in XML / SAML signatures 
See https://bugs.openjdk.org/browse/JDK-8264194
See https://issues.apache.org/jira/browse/SANTUARIO-482

Fixes: #14529
 2023-01-23 15:39:10 +01:00
Martin Bartoš
7d6e22bedd
DateTimeParse failures in New Account Console tests (#16531) 
Fixes #16514
 2023-01-19 09:39:03 -05:00
Stian Thorgersen
8d05895adb
Move Admin REST extension to main repository (#16530) 
Closes #16529
 2023-01-19 13:06:21 +01:00
Konstantinos Georgilakis
c73859794e Short verification_uri for Device Authorization Request 
Closes #16107
 2023-01-18 08:34:52 +01:00
Pedro Igor
33cb1ad7cd Support runnning tests using an embedded distribution 
Closes #16420
 2023-01-13 12:03:36 -08:00
Hynek Mlnarik
3119566407 Prevent endless loop in case of split-brain 
Fixes: #16427
 2023-01-13 16:23:18 +01:00
mposolda
79fa6bb3c9 Initial support for running testsuite in BCFIPS approved mode 
Closes #16429
 2023-01-13 02:59:06 -08:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
cc6597967a Refactoring ClientPoliciesTest 
Closes #14795
 2023-01-12 09:38:12 +01:00
Pedro Igor
9945135861
Verify if token is revoked when validating bearer tokens (#16394) 
Closes #16388
 2023-01-11 14:42:29 +01:00
mposolda
ac490a666c Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key 
Closes #16324
 2023-01-10 20:39:59 +01:00
Miquel Simon
7bd78f604a
Added MariaDB to Legacy Store IT. (#16157) 2023-01-10 17:37:27 +01:00
Pedro Igor
d797d07d8f Ignore user profile attributes for service accounts 
Closes #13236
 2023-01-10 16:26:53 +01:00
mposolda
4d55c6a647 Adding SAML tests for FIPS - with addition of XMLDSig security provider 
Closes #14969
 2023-01-10 08:37:03 +01:00
Pedro Igor
53ee95764e Do not show username field when updating profile if UPDATE_EMAIL feature is enabled and email as username is enabled 
Closes #16263
 2023-01-06 14:12:47 +01:00
Réda Housni Alaoui
141c9dd803
update-email: email change does not affect the username when "Email as username" option is checked (#15583) 
Closes #13988
 2023-01-06 14:04:48 +01:00
Miquel Simon
c2682157fb
Added MS SQL Server to Legacy Store IT. (#16121) 
* Added MS SQL Server to Legacy Store IT.

* Update testsuite/integration-arquillian/pom.xml

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-01-06 08:55:09 +01:00
Réda Housni Alaoui
dbe0c27bcf Allowing client registration access token rotation deactivation 2023-01-05 20:53:57 +01:00
mposolda
e374e309c6 Deprecate SHA1 based algorithms for sign SAML documents and assertions 
Closes #16240
 2023-01-05 20:45:20 +01:00
Michal Hajas
6566b58be1 Introduce Infinispan GlobalLock implementation 
Closes #14721
 2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41 Move transaction processing into session close 
Fixes: #15223
 2023-01-05 16:12:32 +01:00
Stian Thorgersen
6c1f981eec
Fix UserTest.sendResetPasswordEmailWithCustomLifespan (#16233) 
Closes #16232
 2023-01-04 13:03:33 +01:00
Stian Thorgersen
7dc16c69cb
Force refreshing token for admin client if time offset is set (#16242) 
Closes #16143
 2023-01-04 13:03:10 +01:00
mposolda
496c6d598e Some authorization adapter test failing on Java 17 
Closes #16216
 2023-01-03 13:03:26 +01:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
ce6b737e33 NPE in userinfo endpoint 
Closes #15429
 2023-01-02 13:53:29 +01:00
Stian Thorgersen
669086acd6
Suspend scheduled tasks if time offset is set to a large value (#16144) 2022-12-21 15:12:57 +01:00
Martin Kanis
c0e103dc95 Replace old HotRod index annotation with new one 2022-12-21 12:50:08 +01:00