libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24546 commits 4 branches 5 tags 480 MiB
Commit graph

960 commits

Author SHA1 Message Date
Garth
91a6fda69c
removed deprecated annotations from ClusterProvider 
Closes #27515

Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
 2024-04-02 20:10:46 +02:00
Giuseppe Graziano
fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper 
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-02 08:44:28 +02:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database (#27977) 
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.

Closes #27976

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-03-28 09:17:07 +01:00
Gilvan Filho
757c524cc5 Password policy for not having username in the password 
closes #27643

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
 2024-03-28 08:29:03 +01:00
Lex Cao
a53cacc0a7 Fire logout event when logout other sessions (#26658) 
Closes #26658

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-03-27 11:13:48 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession (#28150) 
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
 2024-03-26 13:43:41 -04:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider (#28128) 
Closes #28120

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 12:44:11 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
Pedro Igor
32541f19a3 Allow managing members for an organization 
Closes #27934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-21 10:26:30 -03:00
Pedro Igor
7fc2269ba5 The bare minimum implementation for organization 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: vramik <vramik@redhat.com>
 2024-03-15 11:06:43 -03:00
Alexander Schwartz
6de5325d1c Limit the received content when handling the content as a String 
Closes #27293

Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-13 16:43:03 +01:00
Pedro Igor
9ad447390a Only remove attributes with empty values when updating user profile 
Closes #27797

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-13 15:03:08 +01:00
vramik
a81d6bb618 Organizations SPI 
Closes #27829

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-13 10:57:02 -03:00
Steve Hawkins
4091baf4c2 fix: accounting for the possibility of null flows from existing realms 
closes: #23980

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-08 14:25:23 +01:00
rmartinc
ea4155bbcd Remove recursively when deleting an authentication executor 
Closes #24795

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-07 14:43:23 +01:00
Alexander Schwartz
595959398b
Instead of an InputStream that doesn't know about its encoding, use a String 
Closes #20916

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-07 10:24:36 +00:00
Theresa Henze
653d09f39a trigger REMOVE_TOTP event on removal of an OTP credential 
Closes #15403

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
 2024-03-06 17:12:50 +01:00
vramik
7adcc98c6c Map Store Removal: Remove obsolete KeycloakModelUtils.isRealmProviderJpa method 
Closes #27445

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-04 12:22:04 +01:00
vramik
032bb8e9cc Map Store Removal: Remove obsolete KeycloakModelUtils.isUsernameCaseSensitive method 
Closes #27438

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-02 04:40:46 +09:00
graziang
082f9ec15b Update client scopes in Client Update Request in DCR 
Fix ClientScopesClientRegistrationPolicy.beforeUpdate because it was modifying the original clientRepresentation.
Add updateClientScopes method to set client scopes in Client Update Request in DCR.

Closes #24361

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-03-01 12:32:45 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core (#27032) 
* fix: partial removal of resteasy-core

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: fully removing resteasy-core

closes: #26315

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-29 11:43:13 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm 
Closes #25823

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-02-28 16:17:51 +01:00
Dmitry Telegin
c18c4bbeb8 Remove setContext() + minor cleanup 
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
 2024-02-27 19:11:32 +09:00
Dmitry Telegin
87c2df0ea4 Fix UMA 2024-02-27 19:11:32 +09:00
Dmitry Telegin
be3d0b6202 Split OAuth2GrantType and OAuth2GrantTypeFactory 2024-02-27 19:11:32 +09:00
Dmitry Telegin
c73516ba5b Revert dynamic grant type resolution 2024-02-27 19:11:32 +09:00
Dmitry Telegin
5f04ce310a simplify OAuth2GrantType.Context creation 2024-02-27 19:11:32 +09:00
Dmitry Telegin
b81bf85a06 rebase 2024-02-27 19:11:32 +09:00
Dmitry Telegin
854ec17fd3 - rework grant type resolution to use supports() in addition to grant type 
- replace initialize() with setContext()
- use EnvironmentDependentProviderFactory instead of runtime checks
- move OAuth2GrantTypeManager to server-spi-private
- javadocs, imports, minor fixes

Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
 2024-02-27 19:11:32 +09:00
Dmitry Telegin
983680ce0e OAuth 2.0 Grant Type SPI 
Closes: #26250

Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
 2024-02-27 19:11:32 +09:00
graziang
cecce40aa5 Avoid regenerating the totpSecret on every reload of the OTP configuration page 
Using an auth note to store the totpSecret and passing its value in the TotpBean constructor to keep the totpSecret on page reload

Closes #26052

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-02-22 19:09:09 +01:00
Pedro Igor
604274fb76 Allow setting an attribute as multivalued 
Closes #23539

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-02-22 12:56:44 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack 
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-22 09:34:51 +01:00
Pedro Igor
52fe8b0feb Allow overriding the default validators added to attributes 
Closes #27148

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-21 00:13:49 +09:00
Pedro Hos
6b3fa8b7a7
Invalid redirect uri when identity provider alias has spaces (#22840) 
closes #22836


Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-02-19 14:40:42 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension 
Closes #9758

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 08:09:34 +01:00
mposolda
b4d289c562 Fixing UriValidator 
closes #26792

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-02-15 10:30:39 +01:00
rmartinc
4ff4c3f897 Increase internal algorithm security using HS512 and 128 byte hmac keys 
Closes #13080

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-15 08:16:45 +01:00
rmartinc
bc82929e3a Cors modifications for UserInfo endpoint 
Closes #26782

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-14 18:24:06 +01:00
vibrown
161d03efd2 Added SPIs for ClientType and ClientTypeManager 
Grabbed the SPIs for ClientType and ClientTypeManager from Marek's Client Type prototype.

Closes #26431

Signed-off-by: vibrown <vibrown@redhat.com>

Cleaned up TODOs

Signed-off-by: vibrown <vibrown@redhat.com>

Added isSupported methods

Signed-off-by: vibrown <vibrown@redhat.com>
 2024-02-13 19:26:19 +01:00
Tero Saarni
ac1780a54f
Added event for temporary lockout for brute force protector (#26630) 
This change adds event for brute force protector when user account is
temporarily disabled.

It also lowers the priority of free-text log for failed login attempts.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-07 14:13:33 +00:00
Stian Thorgersen
4d9f33efe3
Add cookie type builder (#26848) 
Closes #26847

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-07 13:16:04 +01:00
Dmitry Telegin
da69beed4d CORS SPI - code review 
Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
 2024-02-06 15:27:53 -03:00
Dmitry Telegin
b0403e2268 CORS SPI 
Closes #25446

Signed-off-by: Dmitry Telegin <demetrio@carretti.pro>
 2024-02-06 15:27:53 -03:00
mposolda
f468885fdd Empty error message when validation issue due the PersonNameProhibitedValidator validation 
closes #26750

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-02-06 12:56:50 -03:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies (#26558) 
Closes #26557

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-06 15:14:04 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces (#26708) 
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-02 16:51:32 +01:00
Thomas Darimont
277af021d7 Improve ScheduledTask task-name handling 
This PR introduces a String getTaskName() default method to
the ScheduledTask interface and adjusts call sites to use the
implementation derived task name where possible.

Previously, ScheduledTask names were passed around separately, which
lead to unhelpful debug messages.
We now give ScheduledTask implementations control over their task-name
which allows for more flexible naming.

Enlist call StoreSyncEvent.fire(...) to after transaction to ensure realm is present in database.
Ensure that Realm is already committed before updating sync via UserStorageSyncManager
Align Sync task name generation for cancellation to support SyncFederationTest
Only log a message if sync task was actually canceled.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-02-02 09:57:03 -03:00
Lex Cao
a43ba73b93 Skip link only when client is not system when logout (#24595) 
Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-01-31 17:50:26 +01:00
rmartinc
01be4032d8 Enable verify-profile required action by default 
Closes #25985

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-31 13:32:53 +01:00