libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions
13524 commits 4 branches 9 tags 483 MiB
Commit graph

762 commits

Author SHA1 Message Date
R Yamada
891c8e1a12 [KEYCLOAK-17653] - OIDC Frontchannel logout support 2021-10-07 15:27:19 -03:00
stianst
f471a110cd KEYCLOAK-19408 Better client secrets 2021-09-29 18:19:43 +02:00
stianst
12c7bc7350 KEYCLOAK-19410 Compile issues in IntelliJ due to imports of sun packages 2021-09-28 14:59:33 +02:00
Takashi Norimatsu
375e47877e KEYCLOAK-18558 Client Policy - Endpoint : support Device Authorization Endpoint 2021-09-20 11:22:58 +02:00
Jess Thrysoee
b4fe7bbda2 KEYCLOAK-19344 Add CORS to Device Authorization Request 
Add CORS headers to the Device Authorization Request (OAuth 2.0 Device Authorization Grant)
to make it available for non-confidential public webbrowser based clients, e.g. SPA like
signage or kiosk webapps.
 2021-09-20 10:32:10 +02:00
David Hellwig
a6cd80c933
KEYCLOAK-16076 added new warining when cookies are disabled -with new branch- (#7632) 
* KEYCLOAK-16076 added new warining when cookies are disabled

Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
 2021-09-13 11:30:11 +02:00
Hynek Mlnarik
4518b3d3d1 KEYCLOAK-19143 Split note for broker and SP SAML request ID 2021-09-07 17:04:30 +02:00
Thomas Darimont
e217e9a175 KEYCLOAK-18818 Add CORS preflight handler to token revocation endpoint 2021-08-31 10:07:32 +02:00
Martin Kanis
b42f765c2a KEYCLOAK-18982 Token OIDC introspection endpoint should not update any of the timestamps 2021-08-05 18:21:16 +02:00
Yoshiyuki Tabata
b31b60fffe KEYCLOAK-18341 Support JWKS OAuth2 Client Metadata in the "by value" key loading method 2021-08-05 16:52:55 +02:00
mposolda
b1d39aa136 KEYCLOAK-18949 DirectGrant login should fail if authenticationSession contains some required actions 2021-08-04 08:50:27 +02:00
carlChen
a0b01b6ef4 KEYCLOAK-16703 The username returned by token introspect endpoint is null when remove or modify username mapper 2021-08-03 17:38:37 +02:00
mposolda
9b0e1fff8d KEYCLOAK-18903 More customizable OIDC WellKnown provider 2021-07-28 18:03:23 +02:00
mposolda
05dfed721a KEYCLOAK-18636 The mtls_endpoint_aliases claim is not advertized in the discovery document 2021-07-28 13:32:31 +02:00
mposolda
4520cbd38c KEYCLOAK-18904 Support cert-bound tokens when doing client credentials grant. Client policies support for client credentials grant 2021-07-28 07:24:30 +02:00
mposolda
643b3c4c5a KEYCLOAK-18594 CIBA Ping Mode 2021-07-27 08:33:17 +02:00
Hynek Mlnarik
8889122dc1 KEYCLOAK-18845 Remove key type in map storage (simplify generics) 2021-07-23 17:04:20 +02:00
Takashi Norimatsu
6436716514 KEYCLOAK-18834 Client Policies : ClientScopesCondition needs to be evaluated on CIBA backchannel authentication request and token request 2021-07-23 10:06:02 +02:00
Luca Leonardo Scorcia
6bd7420907 KEYCLOAK-17290 SAML Client - Generate AttributeConsumingService SP metadata section 2021-07-22 21:53:16 +02:00
Pedro Igor
d29d945cc4 [KEYCLOAK-18857] - Do not force default to RS256 when verifying tokens sent by clients and JWK does not hold an algorithm 2021-07-21 11:09:02 +02:00
Takashi Norimatsu
2c019c9ce5 KEYCLOAK-18832 FAPI-CIBA-ID1 conformance test : need to return 401 error=invalid_client if client authentication is not successfully completed on Backchannel Authentication endpoint 2021-07-21 10:13:55 +02:00
Takashi Norimatsu
8df36fbf28 KEYCLOAK-18828 FAPI-CIBA-ID1 conformance test : Additional checks of signed authentication request 2021-07-21 08:19:19 +02:00
Takashi Norimatsu
61fcbb307b KEYCLOAK-18830 FAPI-CIBA-ID1 conformance test : HolderOfKeyEnforcerExecutor needs to be executed on CIBA token request 2021-07-21 08:07:50 +02:00
Pedro Igor
54a0e84070 [KEYCLOAK-18741] - Review error messages when validating PAR requests 2021-07-20 14:08:49 -03:00
Pedro Igor
7f34af4016 Revert "[KEYCLOAK-18425] - Allow mapping user profile attributes" 
This reverts commit 3e07ca3c
 2021-07-20 14:08:09 -03:00
Takashi Norimatsu
f154b0b209 KEYCLOAK-18831 FAPI-CIBA-ID1 conformance test : need to return 400 if user authentication is not successfully completed 2021-07-20 10:46:16 +02:00
Pedro Igor
396a78bcc4 [KEYCLOAK-18723] - Configurable constraints for request object encryption 2021-07-20 09:28:09 +02:00
Pedro Igor
730d4e8ac9 [KEYCLOAK-18807] - Fixing claims in JARM responses 2021-07-20 08:23:33 +02:00
Pedro Igor
13a08362d4 [KEYCLOAK-18819] - SecureResponseType executor shall allow response_type=code when using JARM and response_mode=jwt 2021-07-20 08:16:19 +02:00
Takashi Norimatsu
f188f02d03 KEYCLOAK-18826 FAPI-CIBA-ID1 conformance test : ID Token needs to include auth_time claim 2021-07-19 15:11:23 +02:00
Takashi Norimatsu
63f04c1118 KEYCLOAK-18683 Client policy executor for check Backchannel signed request algorithms matching FAPI compliant algorithms 2021-07-19 14:48:31 +02:00
Pedro Igor
a79d28f115 [KEYCLOAK-18729] - Support JAR when using PAR 2021-07-19 11:42:20 +02:00
Pedro Igor
1baab67f3b [KEYCLOAK-18630] - Request object encryption support 2021-07-09 11:27:30 -03:00
Takashi Norimatsu
7cdcf0f93e KEYCLOAK-18654 Client Policy - Endpoint : support Token Request by CIBA Backchannel Authentication 2021-07-09 11:24:12 +02:00
Takashi Norimatsu
43eb2b7c90 KEYCLOAK-18123 Client Policy - Executor : Enforce Backchannel Authentication Request satisfying high security level 2021-07-09 09:11:13 +02:00
Takashi Norimatsu
63b737545f KEYCLOAK-18653 Client Policy - Endpoint : support Pushed Authorization Request Endpoint 2021-07-09 09:06:38 +02:00
Takashi Norimatsu
dce163d3e2 KEYCLOAK-18587 CIBA signed request: Client must configure the algorithm 2021-07-08 10:16:22 +02:00
Dmitry Telegin
3b3a61dfba KEYCLOAK-18639 Token Exchange SPI Milestone 1 2021-07-06 15:48:45 -03:00
Takashi Norimatsu
2b1624390a KEYCLOAK-17937 Client Policy - Endpoint : support CIBA Backchannel Authentication Endpoint 2021-07-03 08:57:20 +02:00
Hryhorii Hevorkian
2803685cd7 KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak 
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2021-07-03 08:47:42 +02:00
lbortoli
e5ae113453 KEYCLOAK-18452 FAPI JARM: JWT Secured Authorization Response Mode for OAuth 2.0 2021-07-03 00:00:32 +02:00
Pedro Igor
3e07ca3c22 [KEYCLOAK-18425] - Allow mapping user profile attributes 2021-07-01 10:19:28 -03:00
lbortoli
164f3df080 KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback. 2021-07-01 00:31:26 +02:00
Takashi Norimatsu
cef742ee3f KEYCLOAK-18583 Remove OIDCWellKnownProvider.isAsymmetricAlgorithm 2021-06-30 07:35:46 +02:00
Takashi Norimatsu
57c80483bb KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request 
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2021-06-29 08:07:40 +02:00
Martin Bartoš
7ffa2835ef KEYCLOAK-18391 CIBATest failure 2021-06-11 10:36:56 +02:00
Yoshiyuki Tabata
4d1576b96a KEYCLOAK-18328 "access_denied" instead of "interaction_required" should 
be returned when a user cancels the login
 2021-06-10 11:16:50 +02:00
mposolda
91865fa93e KEYCLOAK-18368 Invalidate client session after refresh token re-use 2021-06-09 14:43:29 +02:00
Michito Okai
bc6a746780 KEYCLOAK-18112 Token introspection of the revoked refresh token 2021-05-31 11:01:01 +02:00
Michal Hajas
4dcb69596b KEYCLOAK-18146 Search for clients by client attribute when doing saml artifact resolution 2021-05-27 23:02:22 +02:00