libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
13875 commits 4 branches 5 tags 480 MiB
Commit graph

5406 commits

Author SHA1 Message Date
Mauro de Wit
2c238b9f04
session-limiting-feature (#8260) 
Closes #10077
 2022-02-08 19:16:06 +01:00
Martin Bartoš
571f2d5107 WebAuthnSigningInTest failures in pipeline 
Closes #9691
 2022-02-07 10:57:14 +01:00
Martin Bartoš
8573ea5fb2 KEYCLOAK-17690 Add missing test case for user email update 2022-02-07 10:56:11 +01:00
Marek Posolda
d9c8cb30a5
Closes #9498 - Fix cases when user is forced to re-authenticate (#9580) 2022-02-07 09:02:08 +01:00
Pedro Igor
f107f0596e Rename h2-file and h2-mem and removing defaults from production databases 
Closes #9973
 2022-02-04 15:43:51 -03:00
Martin Bartoš
d82122b982 Store information about transport media of WebAuthn authenticator 
Closes #9800
 2022-02-04 19:36:30 +01:00
Takashi Norimatsu
07d43f31f3 Expected Scopes of ClientScopesCondition created on Admin UI are not saved onto ClientScopesCondition.Configuration 
Closes #9371
 2022-02-04 18:02:15 +01:00
Martin Kanis
0471ec4941 Cross-site validation for lazy loading of offline sessions & Switch default offline sessions to lazy loaded 2022-02-03 21:43:47 +01:00
Konstantinos Georgilakis
a1f2f77b82 Device Authorization Grant with PKCE 
Closes #9710
 2022-02-03 08:37:07 +01:00
Daniel Gozalo
db4642d250 [fixes #9919] - Enable Dynamic Scopes for the resource-owner-password-credentials grant 
Change some calls to the new AuthorizationContextUtil class and add tests for the client-credentials grant
 2022-02-03 08:19:44 +01:00
Marek Posolda
d27635fb1b
Fixing for token revocation checks only (#9707) 
Closes #9705
 2022-02-02 15:21:44 +01:00
Martin Bartoš
191ef1874e Complete support for Passwordless tests 
Closes #9850
 2022-02-02 09:12:46 +01:00
Daniel Gozalo
3528e7ba54 [fixes #9224] - Get consented scopes from AuthorizationContext 
Always show the consent screen when a dynamic scope is requested and show the requested parameter

Improve the code that handles dynamic scopes consent and add some log traces

Add a test to check how we show dynamic scope in the consent screen and added missing template file change

Fix merge problem in comment and improve other comments

Fix the Dynamic Scope test by assigning it to the client as optional instead of default

Change how dynamic scopes are represented in the consent screen and adapt test
 2022-02-02 09:10:20 +01:00
Martin Bartoš
243b6ba552 Test scenarios for verifying of JS injection for WebAuthn Policy 
Closes #9544
 2022-02-01 11:16:12 +01:00
Martin Bartoš
47208b7a20 Extend and fix tests for Resident Keys for WebAuthn 
Closes #9796
 2022-02-01 11:11:04 +01:00
Stian Thorgersen
cc88fb2daa
Update default distribution to Quarkus (#9839) 
Closes #9837
 2022-02-01 09:42:09 +01:00
Martin Bartoš
c40e842b45
Verify the WebAuthn functionality and settings for authentication (#9851) 
* Verify the WebAuthn functionality and settings for authentication

Closes #9504
 2022-01-31 15:42:08 +01:00
Dominik Guhr
5a1f4b8889 Quarkus update to 2.7.0.Final 
Minor and micro dependency updates, some relocations (e.g. vault, ZipUtils), so some changes were needed to make this work.

Closes #9872
 2022-01-31 09:55:02 -03:00
Daniel Gozalo
dc814b85c7 Pass the UserId to the function that runs the inner function in the server as it was losing its value when defined globally for Wildfly and Quarkus 2022-01-31 13:02:22 +01:00
Alexander Schwartz
64cbbde7cf Adding workaround unstable tests due to Infinispan 12.1.7 
Closes #9867
 2022-01-30 20:58:51 +01:00
Martin Bartoš
2919342f3a Add test scenarios for Passwordless Webauthn AIA 
Closes #9795
 2022-01-27 11:02:43 +01:00
bal1imb
9621d513b5 KEYCLOAK-18727 Improve user search query 2022-01-26 17:03:05 +01:00
Daniel Gozalo
4136bf7700 [fixes #9750] Make sure a Dynamic scope isn't assignable to a client as a default scope, and only show non-dynamic scopes in the available client scopes client menu 2022-01-26 13:32:04 +01:00
Daniel Gozalo
dad51773ea [fixes #9223] - Create an internal representation of RAR that also handles Static and Dynamic Client Scopes 
Parse scopes to RAR representation and validate them against the requested scopes in the AuthorizationEndpointChecker

Parse scopes as RAR representation and add the created context on the different cache models in order to store the state and make it available for mappers in the ClientSessionContext

Create a new AuthorizationRequestSpi to provide different implementations for either dynamic scopes or RAR requests parsing

Move the AuthorizationRequest objects to server-spi

Add the AuthorizationRequestContext property to the MapAuthenticationSessionEntity and configure MapAuthenticationSessionAdapter to access it

Remove the AuthorizationRequestContext object from the cache adapters and entities and instead recalculate the RAR representations from scopes every time

Refactor the way we parse dynamic scopes and put everything behind the DYNAMIC_SCOPES feature flag

Added a login test and added a function to get the requested client scopes, including the dynamic one, behind a feature flag

Add a new filter to the Access Token dynamic scopes to avoid adding scopes that are not permitted for a user

Add tests around Dynamic Scopes: replaying existing tests while enabling the DYNAMIC_SCOPES feature and adding a few more

Test how the server genereates the AuthorizationDetails object

Fix formatting, move classes to better packages and fix parent test class by making it Abstract

Match Dynamic scopes to Optional scopes only and fix tests

Avoid running these tests on remote auth servers
 2022-01-26 13:19:23 +01:00
Pedro Igor
d28b54e5d5
Hide Hasicorp Vault from CLI (#9700) 
Closes #9688
 2022-01-25 14:24:35 +01:00
Pedro Igor
b53c5d5eee Build command should not allow runtime options 
Closes #9618
 2022-01-23 16:30:48 -03:00
Pedro Igor
7511725af4 GHA failing due to wrong scheme when downloading ISPN server 
Closes #9696
 2022-01-20 20:44:23 +01:00
Martin Kanis
ddcabe61b2 KEYCLOAK-19571 Add indices to HotRodClientEntity fields 2022-01-20 17:46:47 +01:00
Hynek Mlnařík
2877482e40 Limit time for running model tests 
Workaround for #9648
 2022-01-20 12:30:49 +01:00
Konstantinos Georgilakis
0c9ab32cf4 Fix scope bug in device authorization request 
Closes #9617
 2022-01-19 18:13:42 +01:00
vramik
22bcdcb630 MapRoleProvider could return also client roles when searching for realm roles 
Closes #9587
 2022-01-19 16:39:59 +01:00
Pedro Igor
0a9387ff4f Unified configuration option format and renaming keycloak.properties to keycloak.conf 
Closes #9606
 2022-01-19 08:47:15 -03:00
Konstantinos Georgilakis
db0b36460f KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider 2022-01-15 20:15:27 +01:00
Pedro Igor
4c747047ce
Backward compatibility for lower-case bearer type in token responses (#9538) 
Closes #9537
 2022-01-13 08:34:45 +01:00
Jon Koops
dea123169f
KEYCLOAK-14817 Allow JS adapter to be bundled as ES module (#9351) 2022-01-13 08:28:30 +01:00
Daniel Gozalo
8ea09d3816
[fixes #9222] - Let users configure Dynamic Client Scopes (#9327) 2022-01-12 14:27:24 +01:00
Martin Bartoš
8649ca3d50
Multiple active tabs when realm name equals name of the tab in Admin console (#9438) 
Closes #9421
 2022-01-11 16:01:28 -05:00
Marek Posolda
8f221bb21e
Validation for CIBA binding_message parameter (#9470) 
closes #9469
 2022-01-11 11:19:15 +01:00
Martin Bartoš
d75d28468e
KEYCLOAK-19490 Add more details about 2FA to authenticate page (#9252) 
Closes #9494
 2022-01-11 09:16:22 +01:00
Hynek Mlnařík
d39eb95705
Introduce per-field delegation of entities 2022-01-05 14:06:45 +01:00
vramik
dd3d7be2b4 Make JpaClientMapStorage generic 
Closes #9244
 2022-01-05 07:04:05 +01:00
Martin Bartoš
4700d21298 Upgrade Arquillian Graphene for WebAuthn tests 
Closes #9330
 2021-12-23 06:46:26 -08:00
Martin Bartoš
422ae0b3db CIAM-1693 WebAuthn tests failures on JBoss 2021-12-23 02:43:25 -08:00
Martin Bartoš
fd23d1bd06 CIAM-1694 SigningInTest failure - Missing WebAuthn category 2021-12-23 02:26:56 -08:00
Martin Bartoš
6d0b551b5e
CIAM-1692 OfflineTokenSpringBootTest is failing in pipeline due to Hamcrest dependency (#9300) 2021-12-22 13:59:29 +01:00
CorneliaLahnsteiner
dff79cee3c
KEYCLOAK-847 Add support for step up authentication (#7897) 
KEYCLOAK-847 Fix behavior of unknown not essential acr claim

Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2021-12-22 12:43:12 +01:00
Ben Tatham
f201760a4a Fixed #8892 "does not exists" language 2021-12-21 20:24:13 +01:00
Pedro Igor
4f568dff63 [fixes #9133] - Allow setting JDBC driver and transaction type 2021-12-21 09:57:21 -08:00
Martin Bartoš
408687f33a KEYCLOAK-19877 Update additional Arquillian dependencies 2021-12-21 07:58:35 -08:00
Pedro Igor
15d5a074b0 Avoid building configuration all the time when running tests 
Closes #9262
 2021-12-21 07:10:15 -08:00