libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
15311 commits 4 branches 5 tags 483 MiB
Commit graph

3964 commits

Author SHA1 Message Date
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
ce6b737e33 NPE in userinfo endpoint 
Closes #15429
 2023-01-02 13:53:29 +01:00
Pedro Igor
857b02be63 Allow managing the required settigs for the email attribute 
Closes #15026
 2022-12-15 13:11:06 -08:00
Pedro Igor
782d145cef Allow updating authz settings via default client registration provider 
Closes #9008
 2022-12-15 20:43:43 +01:00
Stian Thorgersen
a5670af745
Keycloak CI workflow refactoring (#15968) 
* Keycloak CI workflow refactoring

Closes #15861

* Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update CodeQL actions

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
 2022-12-14 16:12:23 +01:00
Stian Thorgersen
0f2ca3bfdd
fixes from release/20 (#15982) 
* Avoid path traversal vis double-url encoding of redirect URI (#8)

(cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f)

* Do not resolve user session if corresponding auth session does not exist (#7)

* Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9)

Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2022-12-14 07:46:17 +01:00
Stan Silvert
5ced20e1ee
Allow any admin role on GET profile call (#15967) 2022-12-13 15:56:22 -05:00
zak905
993d910520 avoid NPE in LegacyAttributes when using federated storage 
Closes #https://github.com/keycloak/keycloak/issues/15482
 2022-12-07 14:25:08 -03:00
Michal Hajas
de7dd77aeb Change id of TermsAndConditions required actions to uppercase 
Closes #9991
 2022-12-07 10:51:37 -03:00
mposolda
f4e91a5312 The redirect URI cannot be verified during logout in the case when client was removed 
closes #15866
 2022-12-07 08:20:30 +01:00
Pedro Igor
022d2864a6 Make sure JAX-RS resource methods are advertizing the media type they support 
Closes #15811
Closes #15810
 2022-12-06 08:13:43 -03:00
Václav Muzikář
7a0ad6ff21 Handle null in HttpRequestImpl 2022-12-02 12:17:10 +01:00
Pedro Igor
168734b817 Removing references to request and response from Resteasy 
Closes #15374
 2022-12-01 08:38:24 -03:00
mposolda
3e9c729f9e X.509 authentication fixes for FIPS 
Closes #14967
 2022-11-25 11:50:30 +01:00
Stefan Guilhen
5c2a5fac31 Enable all test methods in ConcurrentLoginTest for JPA Map Storage 
- Tests still disabled for Hotrod and CHM
- Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB.

Closes #12707
Closes #13210
 2022-11-24 13:36:22 +01:00
Alexander Schwartz
fd152e8a3e Modify RealmAdminResource.partialImport to work with InputStream 
Rework existing PartialImportManager to not interfere with transaction handling, and bundle everything related to AdminEventBuild and JAX-RS Repsonses inside the Resource.

Closes #13611
 2022-11-24 11:45:11 +01:00
Lex Cao
dd03137ea7 Strip secret of user when creating from admin API 
Closes #14843
 2022-11-24 11:38:42 +01:00
Pedro Igor
9e042b06b4 Avoid creating proxies at runtime for Rest-based SPIs 
Closes #15605
 2022-11-23 12:42:13 +01:00
Nagy Vilmos
4b6b607fe9
Should not hide IDP from login page (#14174) 
Closes #14173
 2022-11-23 10:49:21 +01:00
cgeorgilakis-grnet
085dd24875 Client registration service do not check client protocol for Bearer token 
Closes #15612
 2022-11-23 08:49:13 +01:00
Pedro Igor
28fc5b4574 Removing injection points for Resteasy objects and resolving instances from keycloak context instead 
Relates #15374
 2022-11-21 19:47:25 +01:00
Pedro Igor
6f7c62fc73 Remove unnecessary endpoints from our JAX-RS entensions 
Closes #15525
 2022-11-16 16:25:33 +01:00
Michal Hajas
6d683824a4 Deprecate DBLockProvider and replace it with new GlobalLockProvider 
Closes #9388
 2022-11-16 16:13:25 +01:00
Pedro Igor
10b7475b04 Removing unnecessary injection points from JAX-RS (sub)resources 
Closes #15450
 2022-11-16 08:55:55 -03:00
Alexander Schwartz
b6b6d01a8a Importing a representation by first creating the defaults, importing a representation and then copying it over to the real store. 
This is the foundation for a setup that's needed when importing the new file store for which importing the representation serves as a placeholder.

Closes #14583
 2022-11-16 09:56:13 +01:00
Douglas Palmer
9f532eecaf Weird export/re-import behaviour regarding post.logout.redirect.uris 
Closes #14884
 2022-11-15 09:24:32 +01:00
Stefan Guilhen
667f1f989f Fix ConcurrentLoginTest.concurrentCodeReuseShouldFail on CockroachDB 
- processGrantRequest in TokenManager is now executed in a separate retriable transaction.

Closes #13210
 2022-11-11 13:34:29 +01:00
stianst
eb17157e44 Stop adding .v2 to default theme if set in server config 
Closes #15392
 2022-11-11 08:49:41 -03:00
Pedro Igor
13b39cf48a Marking nested classes in brokering endpoints as static 
Closes #15443
 2022-11-10 16:10:09 -03:00
stianst
1de9c201c6 Refactor Profile 
Closes #15206
 2022-11-07 07:28:11 -03:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299) 
closes #14965
 2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114) 
Closes #14794
 2022-11-03 09:32:45 +01:00
Stian Thorgersen
cf913af823
Add support for Microsoft Authenticator (#15272) 
Closes #15271
 2022-11-02 12:56:07 +01:00
Alexander Schwartz
dd5a60c321 Allow a partial import to overwrite the default role 
Closes #9891
 2022-11-01 15:35:02 -03:00
Pedro Igor
f6985949b6
Close the session within resteasy boundaries (#15193) 
Closes #15192
 2022-11-01 11:06:34 +01:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models 
Closes #14720
 2022-10-25 09:01:33 +02:00
mposolda
55c514ad56 More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS 
Closes #14964
 2022-10-24 08:36:37 +02:00
Alexander Schwartz
440077de42 Reduce number of calls to the storage for clients and realms 
Closes #15038
 2022-10-21 15:08:39 +02:00
Stefan Guilhen
acaf1724dd Fix ComponentsTest failures with CockroachDB 
- Component addition/edition/removal is now executed in a retriable transaction.

Closes #13209
 2022-10-21 10:48:08 +02:00
Klaus Betz
76d9125c3f
feat: add DisplayIconClasses to IdentityProviderModel for third-party IDPs https://github.com/klausbetz/apple-identity-provider-keycloak/issues/10 (#14826) 
Closes #14974
 2022-10-18 15:54:06 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697) 
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
 2022-10-18 14:43:04 +02:00
Stian Thorgersen
31aefd1489
OTP Application SPI (#14800) 
Closes #14800
 2022-10-18 14:42:35 +02:00
Marek Posolda
0756ef9a75
Initial integration tests with BCFIPS distribution (#14895) 
Closes #14886
 2022-10-17 23:33:22 +02:00
Stian Thorgersen
f7490b7f7c
Fix issue where admin2 was not enabled by default if account2 was disabled (#14914) 
Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation

Closes #14889
 2022-10-17 15:17:54 +02:00
vramik
f49582cf63 MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable 
Closes #14678
 2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0 Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving 
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
   - moving a group
   - renaming a group
   - renaming a role
   - renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior

Closes #11236
 2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677) 
Closes #13334
 2022-10-13 09:26:44 +02:00
Stian Thorgersen
ded52c6228
Move session iframe pages (#14769) 
Closes #14767
 2022-10-13 08:16:20 +02:00
Lex Cao
8ea3f30d82 Support profile projection parameter for LinkedIn IDP 
Closes #13384
 2022-10-11 15:22:00 -03:00
Alexander Schwartz
b67ce73227 Cleanup MapUserSessionAdapter.getAuthenticatedClientSessions() 
Closes #14743
 2022-10-10 13:01:14 +02:00
Stian Thorgersen
fda26385ec
Add profile feature for hosting keycloak.js on the server (#14771) 
* Add profile feature for hosting keycloak.js on the server

Closes #14770

* Updated txt files for HelpCommandTest
 2022-10-10 08:00:50 +02:00
Takashi Norimatsu
148c7695ff Pluggable Features of Token Manager 
Closes #12065
 2022-10-07 08:43:34 +02:00
Hynek Mlnarik
36a1ce6a1a Ensure map storage providers are closed upon session close 
Fixes: #14730
 2022-10-05 14:16:19 +02:00
Marek Posolda
425b6b8df2
Parameters 'client_id' and 'response_type' not strictly required in O… (#14679) 
* Parameters 'client_id' and 'response_type' not strictly required in OIDC request object
Closes #14255
 2022-10-05 11:20:15 +02:00
Douglas Palmer
44aae52fb4
Fixed locale switcher on error page (#14728) 
Closes #14205
 2022-10-05 10:30:07 +02:00
Marek Posolda
c59660ca86
KEYCLOAK_SESSION not working for some user federation setups when user ID has special chars (#14560) 
closes #14354
 2022-10-05 08:59:30 +02:00
Alice Wood
1eb7e95b97 enhance existing group search functionality allow exact name search keycloak/keycloak#13973 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
 2022-09-30 10:37:52 +02:00
Marcelo Daniel Silva Sales
22713bc144
Incorrect error message OIDC client authentication (#14656) 
closes #12162


Co-authored-by: Pedro Hos <pedro-hos@outlook.com>
 2022-09-30 09:40:05 +02:00
David Anderson
a8db79a68c
Introduce crypto module using Wildfly Elytron (#14415) 
Closes #12702
 2022-09-27 08:53:46 +02:00
Alexander Schwartz
be2deb0517 Modify RealmsAdminResource.importRealm to work with InputStream 
Closes #13609
 2022-09-26 20:58:08 +02:00
Ivan Atanasov
4016dd95d2
Use temporary file to reduce the chance of serving partial gzipped resource (#14511) 
Closes #14510
 2022-09-23 07:51:41 +02:00
Alice Wood
55a660f50b enhance group search to allow searching for groups via attribute keycloak/keycloak#12964 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-09-19 15:19:36 +02:00
Takashi Norimatsu
0a832fc744 Intent support before issuing tokens (UK OpenBanking) 
Closes #12883
 2022-09-19 12:15:00 +02:00
Dmitry Telegin
cc2117bf7c UserInfo endpoint not fully standards compliant 
Closes #14184
 2022-09-16 10:15:08 +02:00
danielFesenmeyer
3af1134975 Update IDP link username when sync mode is "force" 
Closes #13049
 2022-09-14 08:02:17 -03:00
Václav Muzikář
e999aeeab8 Fix DefaultHostnameTest on Undertow 2022-09-13 14:41:23 -03:00
Christoph Leistert
7e5b45f999 Issue #8749: Add an option to control the order of the event query and admin event query 2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5 Move UserFederatedStorageProvider into legacy module 
Closes #13627
 2022-09-11 18:37:45 +02:00
Thomas Darimont
962a685b7b KEYCLOAK-15773 Control availability of admin api and admin-console via feature flags 
Inline profile checks for enabled admin-console to avoid issues during
static initialization with quarkus.

Potentially Re-enable admin-api feature if admin-console is enabled
via the admin/admin2 feature flag.

Add legacy admin console as deprecated feature flag
Throw exception if admin-api feature is disabled but admin-console is enabled

Adapt ProfileTest

Consider adminConsoleEnabled flag in QuarkusWelcomeResource
Fix check for Admin-Console / Admin-API feature dependency.

Add new features to approved help output files

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2022-09-09 18:18:51 -03:00
Pedro Igor
3518362002 Validate auth time when max_age is sent to brokered OPs 
Closes #14146
 2022-09-09 10:30:51 -03:00
Martin Bartoš
0fcf5d3936 Reuse of token in TOTP is possible 
Fixes #13607
 2022-09-09 08:56:02 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default (#14293) 
Closes #14292
 2022-09-09 13:47:51 +02:00
Dominik Guhr
f2b02f19e6 Closes #13786 2022-09-07 18:29:26 +02:00
cgeorgilakis
07b0df8f62
View groups from account console (#7933) 
Closes #8748
 2022-09-07 11:25:31 +02:00
Lex Cao
1f197aa96b
Add basic auth compliant to RFC 6749 (#14179) 
Closes #14179
 2022-09-07 10:09:30 +02:00
evtr
4469bdc0a9
RelayState max length not respected 
Fixes: #10227
 2022-09-06 22:01:14 +02:00
Stu Tomlinson
f57560afd3 Improve error messages for invalid SAML responses 
Closes #13534
 2022-09-06 21:49:14 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Pedro Igor
a6137b9b86 Do not empty attributes if they are not provided when user profile is enabled 
Closes #11096
 2022-09-06 12:59:05 +02:00
Michal Hajas
f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants 
Closes #14018
 2022-09-06 10:38:28 +02:00
Youssef El Houti
7f58c1c570 KEYCLOAK-19138 nginx x509 client trusted certificate lookup 2022-09-01 15:02:56 -03:00
Thomas Darimont
43623ea9d0 KEYCLOAK-18499 Add max_age support to oauth2 brokered logins 
Revise KcOidcBrokerPassMaxAgeTest to use setTimeOffset(...)
 2022-09-01 09:24:44 -03:00
Joerg Matysiak
a8019d78e7 Fixed handling of required setting for email in user profile. 
Resolves #13923
 2022-08-31 17:19:19 -03:00
Nagy Vilmos
f6db484172
Keep the locale related authNotes through the IdentityBroker flow. (#10444) 
Closes #8827
 2022-08-31 09:37:26 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling 
Closes #13189
 2022-08-31 08:42:47 +02:00
Moritz H
c4971d179c
KEYCLOAK-18273 Display Idp displayName if available (#8087) 
Co-authored-by: moritz.hilberg <moritz.hilberg@pwc.com>
 2022-08-30 15:32:27 -03:00
Manato Takai
1cdc21f0ff
Add duplicate parameter check for UserInfo endpoint. (#14024) 
Closes #14016
 2022-08-30 14:39:15 +02:00
Réda Housni Alaoui
3f088bfd21
KEYCLOAK-17013 Brute force protection: Successfully logged in user should not have to wait up to 5 seconds for event processing (#7748) 2022-08-29 19:41:35 +02:00
Tero Saarni
4f199c7245 Fix compilation errors with Eclipse Java compiler 2022-08-29 19:33:12 +02:00
Nemanja Hiršl
b7309e86d9
Closes #8992 - Extending DefaultBruteForceProtector (#8993) 
* Closes #8992 - Extending DefaultBruteForceProtector

* Update services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtectorFactory.java

* Update services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtectorFactory.java

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-08-29 16:43:13 +02:00
Stian Thorgersen
aeba5e9f4b
Add FreeMarkerProvider to prevent multiple instances of FreeMarker templates (#14062) 
* Add FreeMarkerProvider to prevent multiple instances of FreeMarker templates

Closes #19185
 2022-08-29 08:42:53 -03:00
jsarem
f0397f33b4
Expose same common informational variables to all email body templates (#13998) 
Closes #14017
 2022-08-29 08:09:18 +02:00
Jason
c6c65ad10b
Check IdP display name length before capitalizing (#13151) 
https://github.com/keycloak/keycloak/issues/13150

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-08-26 13:16:10 +02:00
Hawk Newton
b1487b9d72
Increase max size of additional request params (#8382) 
Closes #14015
 2022-08-26 09:34:43 +02:00
GQ
518d318f0c
Update CorsPreflightService.java (#8387) 
Adding DELETE & PUT

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-08-26 08:00:55 +02:00
Joerg Matysiak
62790b8ce0 Allow permission configuration for username and email in user profile. 
Enhanced Account API to respect access to these attributes.

Resolves #12599
 2022-08-25 21:54:51 -03:00
supersoaker
e47bbba7ef
added possibility to use user in terms.ftl (#7831) 2022-08-25 15:08:38 +02:00
Clay Risser
f145667144
Fixed spelling error (#13595) 
Fixes issue #13594

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2022-08-25 12:46:43 +02:00
Christoph Leistert
5408d25e09
Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm. (#10660) 
* Fixes #10656: Sub realm localization GET endpoints can be called using tokens issued by the master realm.

* Fixes #10656: Added some tests
 2022-08-25 09:02:07 +02:00
Erich Bremer
c98a760beb
remove javax.json and replace with FasterXML (#11554) 
remove javax.json and replace with FasterXML to be consistent with the rest of the project.

Closes #11544
 2022-08-25 08:49:22 +02:00
Pedro Igor
ddcf0f45f9 Run import within the context of the realm being imported 
Closes #12289
 2022-08-25 08:18:43 +02:00