libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
14764 commits 4 branches 5 tags 483 MiB
Commit graph

14764 commits

This branch
This branch
All branches
Author SHA1 Message Date
andreaTP
533a332ca9 Append the legacy CRD using a Json patch 2022-03-14 18:09:33 -03:00
Alexander Schwartz
8d1a47f768 adding missing log4j configuration to prevent errors in the log 
Closes #10613
 2022-03-14 10:12:49 -03:00
Pedro Igor
ad865e75c1 Change the flush mode to auto and fixing how entities are checked if they are loaded in the EM 
Closes #10411
 2022-03-11 12:21:52 -03:00
Bruno Oliveira da Silva
f06ba05405
The CodeQL analysis is broken due to the large content of the SARIF file (#10606) 
The issue was originally caused by high number of flows paths per alert
generated by the LDAP federation module. That was identified taking the
SARIF file generated and running:

```
jq '.runs[0].results | map({query_id: .rule.id, numPaths: .codeFlows |
length})' java.sarif

```

Together we reduced the number of flows paths, adding optimizations to
skip some paths and avoid false alerts.

Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>

Closes #10203

Co-authored-by: Joshua Mulliken <joshua@mulliken.net>
 2022-03-11 13:55:17 +01:00
Stian Thorgersen
30d2dcb7b3
Updates readme to new Quarkus container images (#10706) 
Closes #10564
 2022-03-11 11:09:24 +01:00
Dominik Guhr
fb41c52675
Update to Quarkus 2.7.4 (#10687) 
includes ispn 13.0.6

Closes #10685
 2022-03-11 09:25:34 +01:00
Bruno Oliveira da Silva
68c7032f1e
Mismatch between RESTEasy dependency on Operator and Quarkus distribution Closes #10702 (#10703) 2022-03-11 09:24:54 +01:00
mposolda
9e12587181 Protocol mapper and client scope for 'acr' claim 
Closes #10161
 2022-03-11 09:23:25 +01:00
Martin Bartoš
8ee7ae24de Make WebAuthn feature default for the product version 
Closes #10695
 2022-03-10 19:00:54 +01:00
Dominik Guhr
5233f2a729 Remove wrong message from build command help 
Closes #10664
 2022-03-10 13:36:48 -03:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730) 
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
 2022-03-10 15:49:25 +01:00
Martin Bartoš
8a0f1ccb34 Properly execute AuthenticationFlowCallbackProviderTest with Map storage 
Closes #10268, Closes #10225
 2022-03-10 15:00:23 +01:00
rmartinc
a7c8aa1dd3
[#10616] Incorrect username logged for federated accounts (#10662) 
Closes #10616
 2022-03-10 13:21:39 +01:00
Marcelo Daniel Silva Sales
0c25da542c
Update secret rotation when the policy is disabled (#10674) 
Closes #10667
 2022-03-10 13:03:09 +01:00
Martin Kanis
1a4d7c297a
Change authentication sessions map to set (#10596) 2022-03-10 08:45:24 +01:00
andreaTP
6504c058dd Harden operator CI 2022-03-09 10:30:18 -03:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname 
It's always a converter, unless electricity is involved.

Closes #10573
 2022-03-09 08:28:52 -03:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation (#10603) 
Closes #10602
 2022-03-09 00:05:14 +01:00
andreaTP
fd2cd688b8 TLS config in the operator 2022-03-08 15:21:11 -03:00
Dominik Guhr
1710b38cf8 Update to quarkus 2.7.3 
Full changelog on quarkus side: https://github.com/quarkusio/quarkus/releases/tag/2.7.3.Final | startup performance: no degradation | manual smoke tests: passed

Closes #10641
 2022-03-08 13:45:25 -03:00
Pedro Igor
c11a6e3ef0 Allow using an additional persistence unit and datasource 
Closes #10579
 2022-03-08 12:09:49 -03:00
mposolda
d394e51674 Introduce profile 'feature' for step-up authentication enabled by default 
Closes #10315
 2022-03-08 14:42:46 +01:00
rmartinc
48565832d4 [#10608] Password blacklists folder 2022-03-08 08:22:34 -03:00
Dominik Guhr
8454dc5a5d Support for console-JSON and FILE logging 
See logging.adoc for details on the usage

Closes #10523, #10607 and #10415
 2022-03-08 08:19:03 -03:00
Alexander Schwartz
3c3f003a38 LDAP Map storage support to support read/write for roles 
Closes #9929
 2022-03-08 12:03:10 +01:00
mposolda
93bba8e338 Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that. 
Closes #10205
 2022-03-08 10:41:05 +01:00
Martin Bartoš
2bae2d2167 DeleteAccountTest failure in the test pipeline 
Closes #10630
 2022-03-08 08:33:31 +01:00
Martin Bartoš
02d0fe82bc Auth execution 'Condition - User Attribute' missing 
Closes #9895
 2022-03-08 08:24:48 +01:00
Michal Hajas
f77ce315bb Disable Authz caching for new storage tests 
Closes #10500
 2022-03-07 10:22:55 -03:00
Joaquim Fellmann
f569db2e42 Update kubernetes cache-stack documentation 
Closes #10341
 2022-03-07 07:32:18 -03:00
Alexander Schwartz
e1318d52d7 Add section on how to add the initial admin user 
Closes #10531

Co-authored-by: Dominik Guhr <89905860+DGuhr@users.noreply.github.com>
 2022-03-04 13:25:09 -03:00
Michael Parlee
722ce950bf Improve user search performance 
Removes bulder.lower() from user search queries on email and username.

Closes #8893
 2022-03-04 14:15:14 +01:00
Takashi Norimatsu
201277b897 Handle OIDC authz request with "response_type" missing and "response_mode=form_post" 
Closes #10144
 2022-03-04 13:31:40 +01:00
Martin Kanis
6c64d465ea Convert authentication session entities into interface 2022-03-04 10:50:18 +01:00
Alexander Schwartz
ebfc24d6c1 Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure. 
Adding additional information like a thread dump when it doesn't shutdown as expected.

Closes #10016
 2022-03-04 10:47:01 +01:00
Alexander Schwartz
74581b5c10 Workaround for deadlock when shutting down Infinispan in 12.1.7.Final. 
This is tracked in upstream issue https://issues.redhat.com/browse/ISPN-13664

Closes #10016
 2022-03-04 10:47:01 +01:00
Jonathan Vila
c4b978b6c8 Operator Clustering support 
Co-authored-by: Jonathan Vila <jvilalop@redhat.com>
Co-authored-by: Andrea Peruffo <andrea.peruffo1982@gmail.com>
 2022-03-03 16:22:01 -03:00
Takashi Norimatsu
92f6c75328 Nonce parameter should be required in authorizationEndpoint only when "id_token" is included in response_type 
Closes #10143
 2022-03-03 13:26:39 +01:00
Alfredo Boullosa
6801688dd4 Allow Edge tests in Admin Console 
Closes #10539
 2022-03-03 07:14:01 +01:00
wojnarfilip
700ceb77ec Removal of invalid(depricated) SpringBootTest 
Closes #10218
 2022-03-02 09:04:47 +01:00
Jon Koops
beaf8d0348
Remove Node modules from source control (#9963) 2022-03-02 08:49:17 +01:00
Andrea Peruffo
f20cdd6d2a
Add Pod-Template to the Keycloak Deployment Spec (#10098) 2022-03-02 08:13:57 +01:00
Jeff Tian
e2f8e9a4c8 docs: fix typo: if -> is 2022-03-02 07:24:00 +01:00
giacomo.altiero
91d37b5686 Single offlineSession imported in Infinispan with correctly calculated lifespan and maxIdle parameters 
Close #8776
 2022-03-01 14:51:29 +01:00
Daniel Gozalo
76101e3591 [fixes #9225] - Get scopeIds from the AuthorizationRequestContext instead of session if DYNAMIC_SCOPES are enabled 
Add a test to make sure ProtocolMappers run with Dynamic Scopes

Change the way we create the DefaultClientSessionContext with respect to OAuth2 scopes, and standardize the way we obtain them from the parameter
 2022-03-01 13:47:58 +01:00
andreaTP
8e6489459d Fix operator CI 2022-02-28 13:06:41 +01:00
Martin Bartoš
e2514ea2e6 Test WebAuthn with multiple browsers 
Closes #10062
 2022-02-28 09:10:39 +01:00
stianst
5ef8265b75 Remove Tomcat 7 adapter 
Closes #9428
 2022-02-28 07:50:36 +01:00
lars-christian stitz
74695c0242 Add @JsonProperty annotation to PathCacheConfig.lifespan. 
Closes #9756.
 2022-02-25 16:37:22 -03:00
Luc Berger
c93fee0c68
Update sha256 import to be default import (#10468) 
This should fix the "Failed to compile. ./node_modules/keycloak-js/dist/keycloak.mjs
Can't import the named export 'sha256' from non EcmaScript module (only default export is available)" error.

Closes #10314
 2022-02-25 12:51:34 -05:00