libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23847 commits 4 branches 5 tags 480 MiB
Commit graph

4337 commits

Author SHA1 Message Date
Florian Garcia
af0b9164e3
fix: hardcoded conditional rendering of client secret input field (#25776) 
Closes #22660

Signed-off-by: ImFlog <garcia.florian.perso@gmail.com>
Co-authored-by: useresd <yousifmagdi@gmail.com>
 2024-01-24 16:30:22 +01:00
Stian Thorgersen
85ddac26ed
Remove code that expires old cookie paths (#26444) 
Closes #26416

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-24 13:43:03 +01:00
Lex Cao
142c14138f Add verify email required action for IdP email verification 
Closes #26418

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-01-24 12:15:09 +01:00
Takashi Norimatsu
b99f45ed3d Supporting EdDSA 
closes #15714

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>

Co-authored-by: Muhammad Zakwan Bin Mohd Zahid <muhammadzakwan.mohdzahid.fg@hitachi.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-01-24 12:10:41 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273) 
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-23 13:50:31 +00:00
Douglas Palmer
ffa069a33b Invalidate authentication session on repeated Recovery Code failures 
Closes #26180

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-01-22 11:57:47 +01:00
Stian Thorgersen
656e680019
Remove unused HttpResponse.setWriteCookiesOnTransactionComplete (#26326) 
Closes #26325

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-20 11:31:10 +01:00
Martin Bartoš
98be32d9ff Parse default UserProfile configuration in the build time 
Closes #24890

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-01-19 17:05:59 -03:00
Douglas Palmer
e7d842ea32 Invalidate session secretly 
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-01-19 15:44:35 -03:00
Douglas Palmer
18d0105de0 Invalidate authentication session on repeated OTP failures 
Closes #26177
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-01-19 15:44:35 -03:00
Pedro Igor
62020ffc68 Make sure the component resolves to a UPConfig before cloning it 
Closes #26308
 2024-01-18 19:11:48 +01:00
rmartinc
2f0a0b6ad8 Remove deprecated mode for saml encryption 
Closes #26291

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-18 16:52:10 +01:00
cgeorgilakis-grnet
ccade62289 Enhance error logs and error events during UserInfo endpoint and Token Introspection failure 
Closes #24344

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-01-16 11:26:29 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading (#26160) 
Closes #25300

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-16 09:29:01 +01:00
cgeorgilakis-grnet
a3257ce08f OIDC Protocol Mappers with same claim 
Closes #25774

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-01-15 09:16:12 -03:00
rmartinc
e162974a8d Integrate registration with terms and conditions required action 
Closes #25891

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-15 10:19:30 +01:00
MikeTangoEcho
c2b132171d Add X509 thumbprint to JWT when using private_key_jwt 
Closes keycloak#12946

Signed-off-by: MikeTangoEcho <mathieu.thine@gmail.com>
 2024-01-12 16:01:01 +01:00
Lex Cao
47f7e3e8f1 Use email verification instead of executing action for send-verify-email endpoint 
Closes #15190

Add support for `send-verify-email` endpoint to use the `email-verification.ftl` instead of `executeActions.ftl`

Also introduce a new parameter `lifespan` to be able to override the default lifespan value (12 hours)

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-01-11 16:28:02 -03:00
mposolda
692aeee17d Enable user profile by default 
closes #25151

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-01-11 12:48:44 -03:00
Patrick Hamann
d36913a240 Ensure protocol forced reauthentication is correctly mapped during SAML identity brokering 
Closes #25980

Signed-off-by: Patrick Hamann <patrick@fastly.com>
 2024-01-10 20:46:35 +01:00
rmartinc
179ca3fa3a Sanitize logs in JBossLoggingEventListenerProvider 
Closes #25078

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-10 16:50:27 +01:00
Réda Housni Alaoui
3c05c123ea On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-09 16:04:52 -03:00
shigeyuki kabano
67e73d3d4e Enhancing Lightweight access token M2(keycloak#25716) 
Closes keycloak#23724

Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
 2024-01-09 09:42:30 +01:00
Ricardo Martin
097d68c86b
Escape action in the form_post.jwt and only decode path in RedirectUtils (#93) (#25995) 
Closes #90

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-09 08:20:14 +01:00
Steven Hawkins
d1d1d69840
fix: adds a general error message and descriptions for some exceptions (#25806) 
closes: #25746

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-01-08 18:19:40 +00:00
Felix Gustavsson
0f47071a29 Check if UMA is enabled on resource, if not reject the request. 
Closes #24422

Signed-off-by: Felix Gustavsson <felix.gustavsson@topgolf.com>
 2024-01-08 11:28:57 -03:00
agagancarczyk
768231d950
Localization tabs (#25532) 
* Add new localization tabs to Administration Console

Closes #23057

Signed-off-by: Agnieszka <agancarc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>

* css cleanup

Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>

* css cleanup

Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>

---------

Signed-off-by: Agnieszka <agancarc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
 2024-01-08 14:03:26 +00:00
atharva kshirsagar
d7542c9344 Fix for empty realm name issue 
Throw ModelException if name is empty when creating/updating a realm

Closes #17449

Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-05 14:23:42 +01:00
Pedro Igor
8ff9e71eae Do not allow verifying email from a different account 
Closes #14776

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 12:45:07 +01:00
Pedro Igor
f476a42d66 Fixing the registration_client_uri to point to a valid URI after updating a client 
Closes #23229

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 12:41:36 +01:00
Pedro Igor
986b6af4f5 Make sure the context path from the base URI is respected when building TOTP URIs 
Closes #21542

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 07:10:49 -03:00
Réda Housni Alaoui
a21e95c5ae In UserProfileContext.IDP_REVIEW, NPE on UserModel#getEmail because UserModelDelegate#delegate is null 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-03 15:00:30 -03:00
Ben Cresitello-Dittmar
057d8a00ac Implement Authentication Method Reference (AMR) claim from OIDC specification 
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.

This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.

The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.

Closes #19190

Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
 2024-01-03 14:59:05 -03:00
Jon Koops
07f9ead128 Upgrade Welcome theme to PatternFly 5 
Closes #21343

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-01-03 14:46:01 -03:00
Pedro Igor
15b10f58fc Make the user attribute available to the idp-review-user-profile.ftl template 
Closes #25872

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-03 13:26:33 -03:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-02 09:06:55 -03:00
Alexander Schwartz
9e890264df Adding a test case to check that the expiration time is set on logout tokens 
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-22 20:13:40 +01:00
Niko Köbler
5e623f42d4 add the exp claim to the backchannel logout token 
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.

As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.

resolves #25753

Signed-off-by: Niko Köbler <niko@n-k.de>
 2023-12-22 20:13:40 +01:00
DAHAG-ArisNourbakhsh
b52d97475a
Add raw OpenApi documentation files to rest-api documentation (#22940) 
Add raw OpenApi documentation files to rest-api documentation

Closes #21559

Signed-off-by: Aris Nourbakhsh <aris.nourbakhsh@dahag.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-21 12:07:33 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email 
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-20 15:15:06 -03:00
rmartinc
c2e41b0eeb Make Locale updater generate an event and use the user profile 
Closes #24369

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-20 15:26:45 +01:00
Konstantinos Georgilakis
cf57af1d10 scope parameter in refresh flow 
Closes #12009

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-20 14:00:10 +01:00
mposolda
eb184a8554 More info on UserProfileContext 
closes #25691

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-19 13:00:31 -03:00
Ricardo Martin
32a70cbedd Strip off user-info from redirect URI when validating using wildcard (#61) 
Closes keycloak/keycloak-private#58
Closes https://issues.redhat.com/browse/RHBK-679

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-19 10:13:36 -03:00
Joshua Sorah
d411eafc42 Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207 
Closes keycloak/keycloak#25584

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-19 10:38:05 +01:00
Ricardo Martin
2ba7a51da6 Escape action in the form_post response mode (#60) 
Closes keycloak/keycloak-private#31
Closes https://issues.redhat.com/browse/RHBK-652

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis
ba8c22eaf0 Scope parameter in Oauth 2.0 token exchange 
Closes #21578

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration 
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-18 15:35:52 -03:00
rmartinc
d841971ff4 Updating the UP configuration needs to trigger an admin event 
Close #23896

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 19:24:30 +01:00
mposolda
cd154cf318 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect 
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-18 11:32:27 +01:00