libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23249 commits 4 branches 5 tags 480 MiB
Commit graph

4202 commits

Author SHA1 Message Date
Tero Saarni
22d093f5c0
Fix multi-valued LDAP attribute support 
FullName LDAP storage mapper was delegating to single-valued setter even
when multi-valued setter was called.

Closes #22091

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2023-10-06 14:36:02 +00:00
mposolda
cdb61215c9 UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed 
closes #23749
 2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile (#23537) 
Closes #23507, #23584, #23740, #23774

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-10-06 10:15:39 -03:00
rmartinc
890600c33c Remove backward compatibility for ECDSA tokens 
Closes https://github.com/keycloak/keycloak/issues/23734
 2023-10-06 14:24:48 +02:00
Martin Kanis
0853d484ec
Remove transaction in InfinispanSingleUseObjectProvider#remove (#23708) 
Co-authored-by: mposolda <mposolda@gmail.com>
 2023-10-06 10:00:04 +02:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. (#22317) 
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
 2023-10-05 15:08:01 +02:00
vramik
7f2f4aae67 Upgrade liquibase version to avoid a bug where a changeset is executed twice 
Closes #23220
 2023-10-05 13:35:05 +02:00
Tomas Ondrusko
58131f1dcc Update the Instagram login process 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-10-05 09:33:05 +02:00
Steven Hawkins
9a93b9a273
allows csv output to handle missing requested fields (#23459) 
* allows csv output to handle missing requested fields

Closes #12330

* fixes the handling of the content type

also makes it more explicit the expectation of applying csv and return
fields

* fix: consolidating the logic dealing with the content-type

Closes #23580
 2023-10-04 15:49:19 +02:00
Dmitry Telegin
085d0d73c9 Fix nonce/scope typo 2023-10-02 22:36:51 +02:00
Tomas Ondrusko
fcb91a83ba
Ignore query parameters while testing the LinkedIn profile picture URL (#23557) 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-10-02 14:36:17 +02:00
Tomas Ondrusko
3d42573813
Update PayPal social login flow to use 127.0.0.1 instead of localhost (#23532) 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-09-28 09:34:45 +00:00
fwojnar
56082cdd2d
Fixes issue in login flow of SocialLoginTest#twitterLogin (#23122) 
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
 2023-09-28 10:21:59 +02:00
Lucas Hedding
de5aa2e74d
Add createTimestamp to REST service (#23293) 
Closes #14009
 2023-09-27 13:38:16 +02:00
rmartinc
10c1e3ba6d Client roles should be mapped to any claim name 
Closes https://github.com/keycloak/keycloak/issues/22349
 2023-09-27 08:11:22 -03:00
rmartinc
d90640b5a3 Change email checkserveridentity prop as angus mail sets it to true by default 
Closes https://github.com/keycloak/keycloak/issues/22395
 2023-09-26 09:11:16 +02:00
Maria Arias de Reyna
c15753266f fix(Closes #21236): Adding client-id to logout event 2023-09-25 13:20:26 +02:00
Pedro Igor
741f76887c Allow updating email when email as username is set and edit username disabed 
#23438
 2023-09-25 08:19:01 -03:00
Michal Hajas
496c5ad989 Use new findGroupByPath implementation and remove the old one 
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-09-25 10:44:24 +02:00
Jon Koops
47d9ae71c4
Revert the new welcome screen experience (#23446) 
This reverts commit bcab75a7ef.
 2023-09-21 16:03:00 +00:00
Justin Tay
7d3104ee76 Allow public clients to use PAR endpoint 
Closes #8939
 2023-09-21 13:57:42 +02:00
rmartinc
7afd90982d Align wildfly-core and wildfly version for tests 
Closes https://github.com/keycloak/keycloak/issues/23342
 2023-09-21 10:53:57 +02:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430) 
Closes #14820 
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-09-20 17:20:43 +02:00
Jon Koops
e86bf1f0b2 Remove P3P header from authentication flow 
Closes #23348
 2023-09-19 08:50:33 -03:00
rmartinc
743bb696d9 Allow duplicated keys in advanced claim mappers 
Closes https://github.com/keycloak/keycloak/issues/22638
 2023-09-19 07:49:34 -03:00
wojnarfilip
5603ee7b46 Fixes login flow in Microsoft social login test 
Closes #22657
 2023-09-18 14:21:41 +02:00
Pedro Igor
217a09ce46 Switch to Resteasy Reactive 
Closes #10713
 2023-09-18 09:19:03 -03:00
paul
f684a70048 KEYCLOAK-15985 Add Brute Force Detection Lockout Event 2023-09-15 10:32:07 -03:00
Jon Koops
bcab75a7ef
Add new version of Welcome theme based on PatternFly 5 (#23008) 2023-09-14 08:24:17 -04:00
Andreas Blaettlinger
86c0e338d9 Toggle visibility of password input fields in login-ftl-based pages 
Closes #22067
 2023-09-14 08:04:35 -03:00
Pedro Igor
1442f14c45 Registration page not showing username when edit username is not enabled 
Closes #23185
 2023-09-14 07:32:39 -03:00
Justin Tay
658c0ef19f Send Client ID in token request with JWT Authentication 
Closes #21444
 2023-09-14 10:57:32 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix (#23184) 
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
 2023-09-14 10:35:47 +02:00
Daniel Fesenmeyer
a68ad55a37 Support to define compatible mappers for (new) Identity Providers 
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers

Closes #21154
 2023-09-13 17:19:06 -03:00
Jacek Kowalski
f5182deb30
Fix valid redirect URIs for built-in account-console client on realm rename (#20894) 
Closes #9541

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-09-13 15:28:07 +02:00
Konstantinos Georgilakis
0044472f87 Add regex support in 'Condition - User attribute' execution 
Closes #265
 2023-09-13 08:36:45 +02:00
rmartinc
48ab2b1688 FullNameLDAPStoreMapper removes values for other attributes 
Closes https://github.com/keycloak/keycloak/issues/22526
 2023-09-13 08:11:32 +02:00
vramik
d34a371971 Enable ZeroDowntimeTest 
Closes #21825
 2023-09-11 19:09:30 +02:00
Pedro Igor
04dd9afc5e Do not store empty attributes when updating user profile 
Closes #22960
 2023-09-11 07:47:31 -03:00
rmartinc
7da52a43bd Add old LinkedIn provider to the deprecated profile 
Closes https://github.com/keycloak/keycloak/issues/23067
 2023-09-08 10:05:17 +02:00
Marek Posolda
506e2537ac
Registration flow fixed (#23064) 
Closes #21514


Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-09-08 08:05:05 +02:00
Pedro Igor
bc31fde4c0 Broker claim mapper not recognizing claims from user info endpoint 
Closes #12137
 2023-09-07 16:34:45 +02:00
Kaustubh B
5ee2ba9372 Added tests 2023-09-07 08:43:35 +02:00
rmartinc
8887be7887 Add a new identity provider for LinkedIn based on OIDC 
Closes https://github.com/keycloak/keycloak/issues/22383
 2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f Role mappers must return a single value when they are not multivalued 
Closes #20218
 2023-08-31 19:16:12 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation 
closes #20045
 2023-08-30 13:24:48 +02:00
vramik
4cd34f8423 Update logging properties for showing SQL statements and JDBC parameters 
Closes #22815
 2023-08-30 12:52:08 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531) 
closes #22352 #9422
 2023-08-29 11:21:01 +00:00
Pedro Igor
ea3225a6e1 Decoupling legacy and dynamic user profiles and exposing metadata from admin api 
Closes #22532

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-08-29 08:14:47 -03:00
Pedro Igor
b779df6a55 Parsing response from user info rather than the access token 
Closes #22581
 2023-08-29 12:23:56 +02:00
Tomas Ondrusko
e70ffd0105
Handle GitHub logout properly (#22463) 
Add profile info update to GitHub login test cases

Closes #22461

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-08-28 10:06:12 +02:00
t0xicCode
822c13ff6f Switch Trusted Host policy redirect verification to URI 
Switch parsing of the redirect URIs for the Trusted Host Client Registration Policy from URL to URI.
The java URL class tries to instantiate a handler for the scheme, which fails when a "custom" scheme, such as those used in phone apps is used.
In contrast, the URI class simply parses the string, ensuring the format is valid.
The other URLs (baseUrl, rootUrl, adminUrl) are still parsed as URLs.
See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata for the Client Registration parameter documentation.

Closes #22309
 2023-08-14 10:20:23 +02:00
Pedro Igor
baac060eb1 Fixing how e-mail attribute permissions are set for both USER_API and ACCOUNT contexts 
Closes #21751
 2023-08-11 13:32:16 +02:00
Erik Jan de Wit
874d2063b8
only add realm access to the current realm (#21554) 
fixes: #21553
 2023-08-10 12:43:15 +02:00
wojnarfilip
6c070d587f Closes #22282 2023-08-10 12:05:20 +02:00
Takashi Norimatsu
258711ef4f DPoP verification in UserInfo endpoint 
closes #22215
 2023-08-07 10:49:33 +02:00
Takashi Norimatsu
9d0960d405 Using DPoP token type in the access-token and as token_type in introspection response 
closes #21919
 2023-08-07 10:40:18 +02:00
Marek Posolda
4dc929abb3
Missing client_id validation match when authenticating client with JW… (#22178) 
Closes #22177
 2023-08-03 11:47:55 +02:00
Takashi Norimatsu
ee998fee66 Add FAPI 2.0 security profile as default profile of client policies 
closes #21181
 2023-08-03 09:26:16 +02:00
Ricardo Martin
a8bca522c1
Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627) 
Closes #9004


Co-authored-by: Armel Soro <armel@rm3l.org>
 2023-08-02 09:36:50 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests 
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
 2023-08-01 11:44:25 +02:00
mposolda
6f6b5e8e84 Fix authenticatorConfig for javascript providers 
Closes #20005
 2023-07-31 19:28:25 +02:00
Vlasta Ramik
29b67fc8df
Inconsistent Wildcard handling for JPA (#21671) 
* Inconsistent Wildcard handling for JPA

Closes #20610

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-07-27 17:03:22 +02:00
rmartinc
0a7fcf43fd Initial pagination in the admin REST API for identity providers 
Closes https://github.com/keycloak/keycloak/issues/21073
 2023-07-27 14:48:02 +02:00
Takashi Norimatsu
9a921441cc Adjustements to the behaviour of dpop_bound_access_tokens switch 
closes #21920
 2023-07-27 11:30:01 +02:00
Takashi Norimatsu
6498b5baf3 DPoP: OIDC client registration support 
closes #21918
 2023-07-26 13:00:35 +02:00
Ricardo Martin
ee35cfe478
Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages (#21897) 
* Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page
Closes #10232
 2023-07-26 11:34:19 +02:00
Marek Posolda
bb8ba1af5a
Fix script tests on windows (#21942) 
Closes #21778 #21779 #21780
 2023-07-25 12:37:21 +00:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase (#21202) 
closes #21200


Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2023-07-24 16:44:24 +02:00
Takashi Norimatsu
05b8b9ee51 Enhancing Pluggable Features of Token Manager 
closes #21182
 2023-07-24 09:16:29 +02:00
Takashi Norimatsu
2efd79f982 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification 
Closes #20584
 2023-07-24 09:11:30 +02:00
rmartinc
7336ff07ac Check RDN attribute for DN membership 
Closes https://github.com/keycloak/keycloak/issues/20718
 2023-07-21 11:13:45 +02:00
todor
897965f604 KEYCLOAK-20343 Add message bundle to export/import 
Closes #20343
 2023-07-20 23:00:28 +02:00
Alexander Schwartz
7c9593f88a
Upgrade Infinispan to 14.0.13.Final (#21565) 
Closes #21564
 2023-07-20 16:59:19 +00:00
Václav Muzikář
776bcbcbd4
Update bcpkix and bcprov dependencies (#21543) 
Closes #21360
 2023-07-20 11:57:18 +02:00
vramik
13d412989c Disable ZeroDowntimeTest 
Closes #21823
 2023-07-19 20:35:08 +02:00
Lukas Hanusovsky
086b85fad4
[20455] Arquillian reflection bug -> using different setter to avoid overloading. (#21806) 2023-07-19 14:43:36 +02:00
rmartinc
ed1934d73a Ensure that the flow tested to be deleted is a built in flow 
Closes https://github.com/keycloak/keycloak/issues/20763
 2023-07-19 08:56:32 +02:00
mposolda
03716ed452 Keycloak forgets ui_locales parameter when using reset password 
closes #10981
 2023-07-18 09:24:12 +02:00
rmartinc
630e3b2312 Revert emailVerified to false if email modified on force-sync non-trusted broker 
Closes https://github.com/keycloak/security/issues/48
 2023-07-17 13:13:47 +02:00
Michal Hajas
07c27336aa Check whether realm has store enabled for immediately sent events 
Closes #21698

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-07-14 20:50:33 +02:00
Pedro Igor
57423bca2b
Additional test for logout when using multiple tabs (#21518) 
Closes #21451
 2023-07-11 11:22:20 +02:00
Pedro Igor
376d20c285
Remove user credentials from admin event representation (#21561) 
Closes #17470
 2023-07-11 08:26:29 +02:00
rmartinc
13870f3a69 Improve error management in the github provider 
Closes https://github.com/keycloak/keycloak/issues/9429
 2023-07-10 16:09:08 -03:00
Pedro Igor
94074f4a98
Remove unnecessary tests (#21551) 
Closes #21099
 2023-07-10 13:36:21 +00:00
Daniele Martinoli
75741d17ab Updated test case in RequiredActionResetPasswordTest 2023-07-10 08:31:47 -03:00
Patrick Jennings
399a23bd56
Find an appropriate key based on the given KID and JWA (#21160) 
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.

Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.

* Update js/apps/admin-ui/public/locales/en/clients.json

Co-authored-by: Marek Posolda <mposolda@gmail.com>

* Updating boolean variable name based on suggestions by Marek.

* Adding integration test specifically for the JWT parameters for regression #20847.

---------

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-07-10 13:28:55 +02:00
Daniele Martinoli
7b8dcb42ea Using "Account is disabled" message (and also added new test case) 2023-07-07 12:16:38 -03:00
Daniele Martinoli
2a95e2c245 updated failed login test case with new error message 2023-07-07 09:00:51 -03:00
Daniele Martinoli
44570d12ee fixed error in IdentityProviderTest 2023-07-07 08:59:36 -03:00
Daniele Martinoli
83d88f6bb5 added Hardcoded Group mapper to IDP configuration 2023-07-07 08:59:36 -03:00
A. Tammy
497d08af1c
make cli usable on OpenBSD (#16462) 
Signed-off-by: Aisha Tammy <aisha@bsd.ac>
Co-authored-by: Aisha Tammy <aisha@bsd.ac>
 2023-07-07 08:58:41 +02:00
Peter Zaoral
2b1c29a6f2 Use Quarkus Platform BOM 
Closes #20570
Closes #15870

Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
 2023-07-06 12:45:48 -03:00
Martin Bartoš
a1a80433e3
Fix flaky OfflineServletsAdapterTest test (#21416) 
Fixes #20013
 2023-07-04 10:57:20 +00:00
rmartinc
09e30b3c99 Support for JWE IDToken and UserInfo tokens in OIDC brokers 
Closes https://github.com/keycloak/keycloak/issues/21254
 2023-07-03 21:25:46 -03:00
mposolda
ccbddb2258 Fix updating locale on info/error page after authenticationSession was already removed 
Closes #13922
 2023-07-03 18:57:36 -03:00
Martin Bartoš
e3e123b577 JavascriptAdapterTest is broken due to the multiple initialization of JS adapter 
Fixes #21412
 2023-07-03 16:44:22 -03:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider (#20188) 
Closes #20191


Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-06-29 18:44:15 +02:00
Marek Posolda
51a9712e59 Improper Client Certificate Validation for OAuth/OpenID clients (#20) 
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2023-06-28 17:52:48 -03:00
Ricardo Martin
1973d0f0d4 Check the redirect URI is http(s) when used for a form Post (#22) 
Closes https://github.com/keycloak/security/issues/22

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2023-06-28 17:52:48 -03:00