libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
14403 commits 4 branches 5 tags 480 MiB
Commit graph

5574 commits

Author SHA1 Message Date
Takashi Norimatsu
9541852a9b ID token encryption without specifying id_token_encrypted_response_enc does not follow OIDC Dynamic Client Registration specification 
Closes #11392
 2022-05-16 09:05:22 +02:00
Takashi Norimatsu
7fa24d247a Deprecated org.keycloak.jose.jws.Algorithm is used in OIDCAdvancedConfigWrapper 
Closes #11394
 2022-05-16 08:56:57 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one 
Fixes first part of: #11173

* Merge single-use token providers into one

* Remove PushedAuthzRequestStoreProvider

* Remove OAuth2DeviceTokenStoreProvider

* Delete SamlArtifactSessionMappingStoreProvider

* SingleUseTokenStoreProvider cleanup

* Addressing Michal's comments

* Add contains method

* Add revoked suffix

* Rename to SingleUseObjectProvider
 2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities 
Closes #11817
 2022-05-11 07:20:01 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing (#7943) 
Closes #11875
 2022-05-09 18:52:22 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services 
Closes #9679
 2022-05-06 15:31:38 +02:00
Michal Hajas
fc974fc019 Update composite roles on child role removal 
Closes #11769
 2022-05-05 15:18:18 +02:00
Stian Thorgersen
491b3262de
Remove Jetty 9.2 and 9.3 adapters (#11792) 
Closes #11791
 2022-05-04 15:24:46 +02:00
azilentech
f7f24c6ca3 Updated test scenarios 2022-05-03 10:59:31 -03:00
vramik
0d83b51b20 Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field 
Co-authored-by Michal Hajas <mhajas@redhat.com>

Closes #10883
 2022-05-03 12:56:27 +02:00
Hynek Mlnarik
1b1cf266eb Add support for async profiler to model testsuite 
Fixes: #11743
 2022-05-03 12:53:10 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups 
Closes: 11771

see also KEYCLOAK-18308
 2022-05-02 14:13:37 +02:00
Stian Thorgersen
52ca546cfa
Remove Fuse adapters (#11740) 
Closes #11677
 2022-05-02 09:55:52 +02:00
Alexander Schwartz
e2cf6ae92b Disable caching for map storage. 
Also aligns the properties with the integration test suite to avoid confusion.

Closes #11748
 2022-04-29 12:03:18 +02:00
Stian Thorgersen
b65d76edab
Remove EAP6 and AS7 adapters (#11605) 
Closes #11604
 2022-04-28 11:20:44 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed 
Closes #11076
 2022-04-28 11:09:17 +02:00
Alexander Schwartz
29233f33c8 Clear import/export properties at the end of the test 
This avoids the pollution of system properties that might lead to failures following tests.

Closes #11670
 2022-04-28 11:02:16 +02:00
Douglas Palmer
fdcbc9b27b
Automated test for session-limits authenticator with identity brokering (post-broker login flow) (#11723) 
Closes #11004
 2022-04-28 10:29:41 +02:00
Stian Thorgersen
e3f3e65ac5
Remove JDK7 support for adapters (#11607) 
Closes #11606
 2022-04-27 08:33:23 +02:00
vramik
5248815091 Disable infinispan realm and user cache for map storage tests 
Closes #11213
 2022-04-25 09:38:49 +02:00
Martin Bartoš
53ea60b8d5
Remove support for IE (#11271) 
Closes #11268
 2022-04-22 10:38:41 +02:00
Pedro Igor
76d83f46fa
Avoid clients exchanging tokens using tokens issued to other clients (#11542) 2022-04-20 19:14:55 +02:00
Stian Thorgersen
ac79fd0c23
Disallow special characters in usernames to prevent confusion with similarly looking usernames (#11531) 
Closes #11532

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
 2022-04-20 15:53:15 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117) 
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-04-20 14:25:16 +02:00
Martin Bartoš
3aa3db16ea
Fix error response for invalid characters (#11533) 
Fixes #11530
 2022-04-20 11:26:08 +02:00
Pedro Igor
f1fd7af758
Remove policies when user is deleted (#11385) 
Closes #11284
 2022-04-20 09:23:46 +02:00
Stian Thorgersen
b79f01c72d
Upgrade to WildFly 26.1.0.Final (#11094) 
Closes #10999
 2022-04-20 08:38:10 +02:00
Martin Bartoš
e09f618cef
Ignore WebAuthnIdLessTest for Firefox (#11299) 
Closes #11297
 2022-04-19 14:45:24 +02:00
Martin Bartoš
2632fa7779
WebAuthnSigningInTest failures caused by different titles (#11305) 
Fixes #11298
 2022-04-19 14:44:51 +02:00
m-takai
5f0e27a792 Add duplicate parameters check process in Device Authz Endpoint. 
AuthorizationEndpointRequest class already checks duplicated parameters but DeviceEndpoint class has not checked its error. Thus a check process is added in handleDeviceRequest()

Closes #11294
 2022-04-19 14:20:39 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance (#11220) 
Closes #11148
 2022-04-19 09:10:14 +02:00
Martin Kanis
a2d7cd7a5c Hot Rod map storage: User / client session no-downtime store 2022-04-14 15:34:22 +02:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint (#9842) 
Resolves #10896
 2022-04-13 13:57:22 -03:00
Giacomo Altiero
3b7243cd47
Support for UserInfo response encrypted (#10519) 
Close #10517
 2022-04-12 14:01:14 +02:00
Alexander Schwartz
a6dd9dc0f1 Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests. 
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.

Closes #11211
 2022-04-12 09:12:21 +02:00
Alexander Schwartz
5c810ad0e5 Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST" 
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".

Also implementing a retry logic for all remaining errors regarding LDAP.

Closes #11171
 2022-04-11 10:03:15 +02:00
Pedro Igor
834a276767 NPE when caching policies based on scopes without a resource 
Closes #11180
 2022-04-08 08:43:08 -03:00
Michal Hajas
1f2ebf4cba Add HotRod no downtime store for Realms 
Closes #9670
 2022-04-08 09:36:01 +02:00
Pedro Igor
b4770c30fd Fixing NPE when querying resources by type 
Closes #11137
 2022-04-07 15:10:20 -03:00
Tyler Andor
caebe50d7e
Updates patternfly libs and fixes breaking changes (#10748) 
adding nvmrc

CIAM-1048 Device Activity screen PF updates

CIAM-1046: Personal Info sub-header update

Updates SigningInPage to use EmptyState component when there are no credentials.

rearanged some components used in signing in page

Displays ApplicationPage content in description list.

Updates refresh link on ContentPage, updates Resources screen.

CIAM-1049 Linked Accounts screen PF updates

CIAM-1043-General upstream updates

Updates AccountPage to display form errors.

fix: display Set up Authenticator Application link on large viewport

fix(page structure): rearranges page sections

CIAM-1254/Personal info PF4 updates & Sidebar text updates

updating layouts

updating layout on Signing in and Linked acounts

adding patternfly-additions

adding patternfly-addons styles

Updates Application page based on designs feedback.

moving page description

Updates status label on Applications page to be capitalized.

Updates the copy-fonts script for keycloak.v2 to copy all font directories instead of one.

update Personal info screen - set max width of 600px for form input fields

update Personal info - remove required indicator from input fields

General updates (#2)

* removed the extra lines being shown

* tweaked general spacing

* general alignment and spacer application

* refactor to get proper alignments without css globals

* forgot to add the conditional on displaying the set up buttons

* try and adjust the alignments

Co-authored-by: zwitter <zwitter@redhat.com>

resolve merge conflicts

Device activity updates (#4)

* update text to sentence case

* update device info columns to be dynamic across various viewport sizes

* update signed in device layout

* update based on feedback

Co-authored-by: Jon Szeto <jszeto@redhat.com>

Linked accounts update (#3)

* linked accounts screen - updated icons & Linked/Unlinked Login Providers layout & update text to sentence case

Co-authored-by: Jon Szeto <jszeto@redhat.com>

fixing ts errors

cleaning up fonts and messages

final review updates

message update for Back to admin console link

fixing capitalization on 2fa

updating landing page welcome message

fix: reposition Back to... link

adjusting size for confirm modal

updating spacing and alignment issues

updating resources page

removing unused header class

fixes ts issues and updates node version to match the themes install

npm updates

fixing pf addons

adding chokidar to get babel:watch working

fixing issues from pull request feedback

fixing tests

fixes signingin page test

fixing tests

Co-authored-by: Tyler Andor <tandor@highereducation.com>
 2022-04-06 13:00:38 +02:00
Stian Thorgersen
7c64f28934
Change admin console to load keycloak.js using a relative URL (#11109) 
* Change admin console to load keycloak.js using a relative URL

Closes #11108

* fix tests

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
 2022-04-06 09:35:26 +02:00
Michal Hajas
4c20388eb7 Remove SOAPException from SOAPBindingTest as RunOnServer cannot load it 
Closes #11090
 2022-04-04 15:53:55 +02:00
Martin Kanis
395bd447f2 Hot Rod map storage: Login failure no-downtime store 2022-04-01 20:43:18 +02:00
Douglas Palmer
f57d0dd100
Automated tests for session limits authenticator (browser, direct grant, reset password) (#11046) 
Closes #11003
 2022-04-01 18:44:38 +02:00
Marek Posolda
c50f09da25
Webauthn tests logout fix (#11040) 
Closes #11030
 2022-04-01 08:06:39 +02:00
Michal Hajas
44000caaf5 KEYCLOAK-19177 Disable ECP flow by default for all Saml clients; ecp flow creates only transient users sessions 2022-03-31 16:06:44 +02:00
Teubner, Malte
b5f70d8a32 Add scope parameter to admin-client TokenManager. 
Closes #10759
 2022-03-31 10:56:08 -03:00
iingawal
6016b461db
Fix for "updatedAt" user attribute in "profile" client scope should use number instead of String (#11020) 
Closes #10081


Co-authored-by: Indrajit Ingawale <iingawal@iingawal.pnq.csb>
 2022-03-31 14:33:03 +02:00
Marek Posolda
aacae9b9ac
Support for frontchannel_logout_session_required OIDC client parameter (#11009) 
* Support for frontchannel_logout_session_required OIDC client parameter
Closes #10137
 2022-03-31 14:25:24 +02:00
vramik
8ff768b33b JPA map storage: Authentication session no-downtime store 
Closes #9665
 2022-03-30 13:43:35 +02:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint (#10887) 
* OIDC RP-Initiated logout endpoint
Closes #10885

Co-Authored-By: Marek Posolda <mposolda@gmail.com>

* Review feedback

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
 2022-03-30 11:55:26 +02:00
Andrea Peruffo
da5db5a813
Fix NPEs during realm import (#10962) 
Closes #10961
 2022-03-29 21:48:37 +02:00
Marcelo Daniel Silva Sales
091b1472ce
Introduce client secret rotation dynamic registration (#10952) 
Closes #10609
 2022-03-28 20:39:11 +02:00
Konstantinos Georgilakis
99fa6275c1 KEYCLOAK-19313 configure the name format in Attribute Importer IdP Mapper 2022-03-25 09:42:22 +01:00
Alexander Schwartz
3ebfc91b75 Reduce logging of errors due to the bounded queue 
Closes #10588
 2022-03-23 15:42:06 +01:00
Takashi Norimatsu
9c01d819cb Client Policies : An executor rejecting all requests 
Closes #9097
 2022-03-23 12:45:38 +01:00
iingawal
b773857a80
Display email address in login-verify-email.ftl (#10870) 
Closes #8873
 2022-03-23 12:44:21 +01:00
Alexander Schwartz
78549fe024 Avoid duplicating parsing logic in ModelVersion 
This now allows handling of the 999-SNAPSHOT version.

Closes #10879
 2022-03-23 10:34:43 +01:00
Marcelo Daniel Silva Sales
6efa45f93e
Update secret rotation when the policy is enabled using jwt (#10853) 
Closes #10666
 2022-03-23 08:25:58 +01:00
Martin Kanis
e493b08fa7 Add expiration field to root authentication session 2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring 
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
 2022-03-22 20:49:40 +01:00
Alexander Schwartz
fb92b95c33 Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible. 
This reverts commit bc27c7c464.

Closes #10840
 2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6 Hot Rod map storage: Authentication session no-downtime store 2022-03-22 09:05:52 +01:00
Pedro Igor
ffa6df5547
Fixes to hostname (#10820) 
Closes #10627
Closes #10331
 2022-03-22 08:11:50 +01:00
Joaquim Fellmann
92c4e6d585
KEYCLOAK-16134 Allow webauthn idless login flow (#7860) 
Closes #10832
 2022-03-21 11:37:33 +01:00
Clara Fang
bc27c7c464 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() 
Closes #10333
 2022-03-18 11:20:52 +01:00
Michal Hajas
c18a682f50 Do not store undefined values in store 
Closes #10744
 2022-03-17 16:44:33 +01:00
mposolda
9e12587181 Protocol mapper and client scope for 'acr' claim 
Closes #10161
 2022-03-11 09:23:25 +01:00
Martin Bartoš
8ee7ae24de Make WebAuthn feature default for the product version 
Closes #10695
 2022-03-10 19:00:54 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730) 
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
 2022-03-10 15:49:25 +01:00
Martin Bartoš
8a0f1ccb34 Properly execute AuthenticationFlowCallbackProviderTest with Map storage 
Closes #10268, Closes #10225
 2022-03-10 15:00:23 +01:00
rmartinc
a7c8aa1dd3
[#10616] Incorrect username logged for federated accounts (#10662) 
Closes #10616
 2022-03-10 13:21:39 +01:00
Marcelo Daniel Silva Sales
0c25da542c
Update secret rotation when the policy is disabled (#10674) 
Closes #10667
 2022-03-10 13:03:09 +01:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname 
It's always a converter, unless electricity is involved.

Closes #10573
 2022-03-09 08:28:52 -03:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation (#10603) 
Closes #10602
 2022-03-09 00:05:14 +01:00
mposolda
d394e51674 Introduce profile 'feature' for step-up authentication enabled by default 
Closes #10315
 2022-03-08 14:42:46 +01:00
rmartinc
48565832d4 [#10608] Password blacklists folder 2022-03-08 08:22:34 -03:00
Alexander Schwartz
3c3f003a38 LDAP Map storage support to support read/write for roles 
Closes #9929
 2022-03-08 12:03:10 +01:00
mposolda
93bba8e338 Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that. 
Closes #10205
 2022-03-08 10:41:05 +01:00
Martin Bartoš
2bae2d2167 DeleteAccountTest failure in the test pipeline 
Closes #10630
 2022-03-08 08:33:31 +01:00
Martin Bartoš
02d0fe82bc Auth execution 'Condition - User Attribute' missing 
Closes #9895
 2022-03-08 08:24:48 +01:00
Michal Hajas
f77ce315bb Disable Authz caching for new storage tests 
Closes #10500
 2022-03-07 10:22:55 -03:00
Michael Parlee
722ce950bf Improve user search performance 
Removes bulder.lower() from user search queries on email and username.

Closes #8893
 2022-03-04 14:15:14 +01:00
Takashi Norimatsu
201277b897 Handle OIDC authz request with "response_type" missing and "response_mode=form_post" 
Closes #10144
 2022-03-04 13:31:40 +01:00
Alexander Schwartz
ebfc24d6c1 Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure. 
Adding additional information like a thread dump when it doesn't shutdown as expected.

Closes #10016
 2022-03-04 10:47:01 +01:00
Alexander Schwartz
74581b5c10 Workaround for deadlock when shutting down Infinispan in 12.1.7.Final. 
This is tracked in upstream issue https://issues.redhat.com/browse/ISPN-13664

Closes #10016
 2022-03-04 10:47:01 +01:00
Takashi Norimatsu
92f6c75328 Nonce parameter should be required in authorizationEndpoint only when "id_token" is included in response_type 
Closes #10143
 2022-03-03 13:26:39 +01:00
Alfredo Boullosa
6801688dd4 Allow Edge tests in Admin Console 
Closes #10539
 2022-03-03 07:14:01 +01:00
wojnarfilip
700ceb77ec Removal of invalid(depricated) SpringBootTest 
Closes #10218
 2022-03-02 09:04:47 +01:00
Daniel Gozalo
76101e3591 [fixes #9225] - Get scopeIds from the AuthorizationRequestContext instead of session if DYNAMIC_SCOPES are enabled 
Add a test to make sure ProtocolMappers run with Dynamic Scopes

Change the way we create the DefaultClientSessionContext with respect to OAuth2 scopes, and standardize the way we obtain them from the parameter
 2022-03-01 13:47:58 +01:00
Martin Bartoš
e2514ea2e6 Test WebAuthn with multiple browsers 
Closes #10062
 2022-02-28 09:10:39 +01:00
stianst
5ef8265b75 Remove Tomcat 7 adapter 
Closes #9428
 2022-02-28 07:50:36 +01:00
mposolda
52712d2c82 ACR support in the javascript adapter 
Closes #10154
 2022-02-24 20:07:50 +01:00
Martin Kanis
6249e34177 Hot Rod map storage: Client scope no-downtime store 2022-02-24 13:30:27 +01:00
Michal Hajas
b4281468d0 Convert Map Realm Entities into interfaces 
Closes #9736
 2022-02-24 13:23:19 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore 
Closes #10442
 2022-02-24 12:46:26 +01:00
Pedro Igor
209df44641
Fixing responses when unexpected errors occurs (#10383) 
Closes #10338
 2022-02-23 07:44:25 +01:00
Marek Posolda
8c3fc5a60e
Option for client to specify default acr level (#10364) 
Closes #10160
 2022-02-22 07:54:30 +01:00