libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
25917 commits 4 branches 5 tags 480 MiB
Commit graph

4744 commits

Author SHA1 Message Date
Martin Kanis
7e6dd682d4 Validate organization alias for forbidden chars 
Closes #32392

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-28 21:59:38 +02:00
Pedro Igor
449557290b More options to organization scope mapper including adding organization attributes to tokens 
Closes #31642

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-27 09:40:55 -03:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Erik Jan de Wit
776a491989
added organizations table to account (#32311) 
* added organizations table to account

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-22 15:44:03 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel (#32251) 
* Decouple Identity provider mappers from RealmModel

Closes #31731

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-22 12:05:19 -03:00
Steven Hawkins
d9a92f5de3
fix: expose bootstrap-admin-* options (#32241) 
* fix: expose bootstrap-admin-* options

closes: #32176

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-21 15:52:38 +02:00
Peter Zaoral
6ab3b98743
Temporary admin account notice logged to org.keycloak.events (#32307) 
* removed the temporary admin accounts logging from JBossLoggingEventListenerProvider

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2024-08-21 13:31:57 +00:00
Pedro Igor
c1f6d5ca64 Support for selecting an organization when requesting the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-21 13:04:58 +02:00
Stefan Guilhen
585d179fe0 Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs. 
Closes #32238

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-21 07:49:01 -03:00
Peter Zaoral
1b5fe5437a
Warnings for temporary admin user and service account (#31387) 
* UI banner, labels and log messages are shown when temporary admin account is used
* added UI tests that check the elements' presence

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2024-08-21 09:30:24 +02:00
Pedro Ruivo
4675a4eda9 Deprecate UserSessionCrossDCManager 
Fixes #31878

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-21 08:52:39 +02:00
Pedro Igor
e3c0b918bd Returning a full representation when querying organizations 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:11:14 -03:00
Pedro Igor
4376a3c757 Add an endpoint to the organizations endpoint to return the organizations for a given user 
Closes #32158

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values 
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-19 08:45:23 -03:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18 
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-16 12:17:43 +02:00
Václav Muzikář
cb418b0bfc
Upgrade to Quarkus 3.13.2 (#31678) 
* Upgrade to Quarkus 3.13.2

Closes #31676

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-16 11:41:34 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values (#32137) 
closes #31595

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
 2024-08-16 08:58:27 +02:00
Alexander Schwartz
80d235fffb
Handle non-existing client gracefully (#32151) 
Closes #32150

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-15 16:08:40 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00 Support for resolving organization based on the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies 
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource 
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac Client Policy - Condition : Client - Client Attribute 
Closes https://github.com/keycloak/keycloak/issues/31766

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2024-08-14 09:56:56 +02:00
kaustubh-rh
cf8905efe8
Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. (#32067) 
* Stripping secrets for the credential representation

Signed-off-by: kaustubh B <kbawanka@redhat.com>
 2024-08-12 13:47:41 -03:00
Steven Hawkins
b72ddbcc45
fix: add a warning log if a deprecated admin env variable is used (#32038) 
closes: #31491

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-08-12 08:54:30 +02:00
rmartinc
347f595913 Add ECDH-ES encyption algorithms to the java keystore key provider 
Closes #32023

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a Conditionally redirect existing users to a broker based on their credentials 
Closes #31006

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-09 07:59:25 -03:00
rmartinc
2a06e1a6db Add SHAKE256 hash provider for Ed448 
Closes #31931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Steven Hawkins
7ce6f12fe3
fix: adds a check for duplicate users/clients to simplify cmd errors (#31583) 
also changes temp-admin-service to temp-admin

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-08-08 08:20:33 -04:00
Pedro Igor
3ab2446074 Do not return identity providers when querying the realm representation 
Closes #21072

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-07 10:06:51 -03:00
rmartinc
acbbfde4ab Adding upgrading notes for brute force changes 
Closes #31960

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-07 14:38:30 +02:00
Pascal Knüppel
f3341390f4
Issuer id must be a URL according to specification (#30961) 
fixes #30960

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-08-07 14:35:58 +02:00
Giuseppe Graziano
35c8c09b8d OIDC dynamic client registration with response_type=none 
Closes #19564

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-08-07 10:34:47 +02:00
rmartinc
8a09905e5c Remove the attempt in brute force when the off-thread finishes 
Closes #31881

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-06 15:30:49 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC (#31763) 
closes #31712 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1 Add a media type to error responses on OID4VC endpoints 
Closes #31585

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-08-02 12:09:09 +02:00
Justin Tay
f537343545 Allow empty key use in JWKS from identity provider 
Closes #31823

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-02 11:39:43 +02:00
rmartinc
773e309f75 Parse saml urls correctly if the bindings are different 
Closes #31780

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-02 11:34:06 +02:00
Thomas Darimont
282260dc95 Ensure issued_client_type is always added to successful token-exchange response (#31548) 
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1)
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type

Fixes #31548

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-30 18:33:51 +02:00
Alexander Schwartz
11b19bc272
For persistent sessions, don't remove user session if there is no session in the remote store (#31756) 
Closes #31115

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-30 17:57:09 +02:00
Pedro Igor
a79761a447 Support for blocking concurrent requests when brute force is enabled 
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-07-30 10:01:48 +02:00
Martin Kanis
d91d6d18d5 Can not update organization group error when trying to create organisation from REST API 
Closes #31144

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-29 17:39:56 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes (#29967) 
fixes #30179
fixes #30181


Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-29 16:30:54 +02:00
Stefan Guilhen
f45529de8c Deprecate IDP related methods in RealmModel 
- delegate to the new provider

Closes #31253

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Stefan Guilhen
c16e88bcee Make the IDPProvider via session.identityProviders() 
Closes #31252

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00