libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
14841 commits 4 branches 5 tags 480 MiB
Commit graph

3328 commits

Author SHA1 Message Date
Pedro Igor
eda33a0b21 Concurrency issue when caching JS policies 
Closes #12204
 2022-08-17 16:30:32 -03:00
Pedro Igor
15bbb46657 Avoid removing static path config from cache 
Closes #9855
 2022-08-17 16:29:59 -03:00
Martin Bartoš
5a2852530f Fix DB tests for Quarkus 
Fixes #13642
 2022-08-17 10:23:05 -03:00
Pedro Igor
841c65d24f Return 404 when invoking authorization endpoints in case authz settings are disabled 
Closes #10151
 2022-08-16 16:37:44 -03:00
Michal Hajas
ab431e3bd9 Fix KeycloakQuarkusServerDeployableContainer to correctly configure map store 
Closes #13721
 2022-08-11 16:55:06 +02:00
Pedro Igor
e3af0610e2 Support running base testsuite on Windows 
Closes #12648

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
 2022-08-10 20:03:53 -03:00
Markus Till
fa383bf76c
Suppress confirmation screen for logout in oidc (#13471) 
Closes #13469
 2022-08-10 18:25:50 +02:00
Michal Hajas
d55d110ff9 Run Infinispan using Testcontainers in base testsuite 
Closes #13620
 2022-08-10 16:36:44 +02:00
Marcelo Daniel Silva Sales
e44cea587f
NullPointer during OIDC logout client disabled (#13424) 
closes #12624
 2022-08-08 12:34:09 +02:00
Tero Saarni
2392af157b Forward quarkus server output to console in testsuite 2022-08-05 09:48:48 -03:00
Sebastian Knauer
21f700679f KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper 2022-08-03 13:07:12 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup (#13406) 
Closes #13128
 2022-07-29 18:03:56 +02:00
Hynek Mlnarik
143e6bc932 Replace undertow-map with quarkus-map 
Fixes: #12652
 2022-07-27 14:08:38 +02:00
Stian Thorgersen
ae33af92d9
Promote new admin console to default (#13243) 
Closes #13242
 2022-07-27 10:13:49 +02:00
Pedro Hos
ee2c5391bd
Possible client enumeration in the authorization endpoint 
Closes #12164
 2022-07-26 09:10:06 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282) 
Closes #10135
 2022-07-25 10:57:52 +02:00
Dominik Guhr
9bb1299d89 change optimised to optimized 
also: fix kc.bat to not use autobuild in devmode anymore, fix containers.adoc to not use auto_build naming, fix build command cli help as it is not required anymore to run it beforehand.
 2022-07-22 10:29:07 -03:00
Stian Thorgersen
a251d785db
Remove text based login flows (#13249) 
* Remove text based login flows

Closes #8752

* Add display param back in case it's used by some custom authenticators
 2022-07-22 15:15:25 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory 
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
 2022-07-22 08:20:00 +02:00
Douglas Palmer
adeef6c2a0 Partial import feature does not import Identity Provider mappers in Keycloak #12861 2022-07-21 18:04:15 +02:00
Stefan Guilhen
e9c55f45e5 Enable action token JPA provider in map-storage-jpa profile 
Closes #13139
 2022-07-20 16:30:20 -03:00
Pedro Igor
3631a413d2 Allow token exchange when subjec_token is not associated with a session 
Closes #12596
 2022-07-20 15:42:26 -03:00
Lex Cao
f0988a62b8
Use base64 url decoded for client secret when authenticating with Basic Auth (#12486) 
Closes #11908
 2022-07-16 09:38:41 +02:00
Pedro Igor
89028613d8 Introducing --optimise option 
Closes #10737
 2022-07-15 15:12:17 -03:00
Marcelo Daniel Silva Sales
f7a80409a9
Add flow to generate secret length based on signature algorithm (#13107) 
Closes #9376
 2022-07-15 11:06:07 +02:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241) 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
 2022-07-14 12:07:02 -03:00
kz-masa
d26cff270f
Delete unnecessary import statements (#12935) (#12936) 2022-07-12 19:37:15 -03:00
Martin Bartoš
216922233a
Remote base tests don't work with WildFly (#12842) 
Fixes #12841
 2022-07-12 15:14:09 +02:00
Martin Kanis
4b43612806 Disable WARN logging for Hot Rod RemoteQuery class 2022-07-11 16:48:56 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4 
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2022-07-11 12:17:51 -03:00
Martin Bartoš
07ab29378b Make WebAuthn required actions enabled by default 
Closes #12723
 2022-07-11 15:32:40 +02:00
Michal Hajas
0f86427dd0 Make user->client sessions relationship consistent 
Closes #12817
 2022-07-11 08:42:28 -03:00
Martin Bartoš
17f1d04960
Possibility to execute DB migration tests for Quarkus distribution (#12688) 
Closes #12685
 2022-07-11 12:23:41 +02:00
Takashi Norimatsu
29aad9dc45 PAR logic affecting /auth endpoint 
Closes #9289
 2022-07-11 11:56:37 +02:00
Alexander Schwartz
29a501552e Disable the JpaUserFederatedStorageProvider when map storage is enabled 
Closes #12895
 2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f Move methods from UserStorageUtil to LegacyRealmModel 
It is better suited to take methods removed from RealmModel earlier.

Closes #12805
 2022-07-07 09:57:17 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation (#12871) 2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider (#12897) 
Split PublicKeyStorageProvider

- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates

Resolves #12763

Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2022-07-05 09:57:51 -03:00
Stefan Guilhen
007fa1f374 Single Use Objects Map JPA implementation 
Closes #9852
 2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292 Move session persistence package to legacy-private module 
Also, disabling the jpa session persister when map storage is enabled.

Closes #12712
 2022-07-04 10:05:26 -03:00
Konstantinos Georgilakis
32f8f30f36 Include 'urn:ietf:params:oauth:grant-type:token-exchange' in grant_types_supported field of Keycloak OP metadata, if token-exchange is enabled 
closes #10888
 2022-06-30 17:13:47 -03:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType 
This reverts commit 3b5a578934.
 2022-06-30 12:20:51 -03:00
Alexander Schwartz
ddeab744d0 Moving RoleStorageProviderModel to the legacy modules 
Closes #12656
 2022-06-29 20:04:32 +02:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants 
Closes #12485
 2022-06-29 13:35:11 +02:00
Lex Cao
c3c8b9f0c8
Add client_secret to response when token_endpoint_auth_method is not private_key_jwt (#12609) 
Closes #12565
 2022-06-29 10:19:18 +02:00
Clara Fang
4643fd09e3 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() 
This should reduce GC pressure.

Closes #12644
 2022-06-29 08:53:09 +02:00
Konstantinos Georgilakis
ccc0449314 json device code flow error responses 
closes #11438
 2022-06-29 07:23:02 +02:00
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration (#12692) 
Closes #12625
 2022-06-29 07:17:09 +02:00
danielFesenmeyer
b6d8c27cac OIDC logout: In "legacy mode", support post_logout_redirect_uri param without requiring id_token_hint param 
Closes #12680
 2022-06-28 14:36:03 +02:00
leandrobortoli
c5d5659100 Fixed bug on client credentials grant when encryption key not found 
Closes #12348
 2022-06-27 13:00:21 +02:00
Lex Cao
f8a7c8e160
Validate name of client scope (#12571) 
Closes #12553
 2022-06-27 12:26:18 +02:00
Pedro Igor
3d2c3fbc6a Support JSON objects when evaluating claims in regex policy 
Closes #11514
 2022-06-23 14:04:09 -03:00
Pedro Igor
d3a40e8620 Use backend baseURL for UMA-related backend endpoints 
Closes #12549
 2022-06-23 10:35:26 -03:00
Takashi Norimatsu
a10eef882f DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent 
Closes #12455
 2022-06-22 13:01:35 +02:00
Takashi Norimatsu
d396ee7d30 CIBA flow : no error on invalid scope 
Closes #12589
 2022-06-22 12:55:55 +02:00
rmartinc
711440e513 [#11036] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL 2022-06-21 10:52:25 -03:00
Stefan Guilhen
7d96f3ad5a Events Map JPA implementation 
Closes #9667
 2022-06-21 13:53:48 +02:00
Hynek Mlnarik
26198e4b0b Disable tests irrelevant for map storage 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package 
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager(): 
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI 
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Martin Bartoš
d8112d7b7e
DB migration tests execution for Quarkus (#12525) 
Closes #12524
 2022-06-20 10:12:37 +02:00
Alexander Schwartz
71e7982a49 Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest 
Also adding try/finally in other places in the integration tests where it was missing.

Closes #12530
 2022-06-16 13:42:55 +02:00
nehachopra27
39cff0750c
[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh (#12386) 
Co-authored-by: nchopra <nchopra@redhat.com>

Resolves #12385
 2022-06-15 11:29:11 -03:00
Martin Bartoš
0fef4305b6 Logout confirm page is failing to log the user out on auth-server-wildfly 
Fixes #11753
 2022-06-14 10:46:02 +02:00
mposolda
3aefb59d40 Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user 
Closes #12458
 2022-06-14 10:44:31 +02:00
Alexander Schwartz
c2043da78e When asserting a URL, allow for some time for any redirect to complete. 
Closes #12446
 2022-06-14 07:30:31 +02:00
Christoph Leistert
442eff0169
Closes #11851: Apply localization text from realm default locale when it is not defined for the requested language. (#11852) 2022-06-10 14:36:11 -04:00
Alexander Schwartz
361a813d81 Keep a list of model instances in the JPA map session. 
This allows removing them from the persistence context on bulk delete.

Closes #12384
 2022-06-09 12:39:04 -03:00
Joerg Matysiak
3c19ad627f Repsect permissions configured to firstName and lastName when configured in user profile 
Resolves #12109
 2022-06-09 10:10:15 -03:00
Pedro Igor
8aecba1795 Fixing how realm frontendurl is cached when resolving the hostname 
Closes #11894
 2022-06-08 16:41:25 -03:00
Alexander Schwartz
9272c7a5ec Allow for the backend to return granted scopes in any order. 
Closes #12395
 2022-06-08 08:39:14 -03:00
Pedro Igor
243e63c9f3 Do not set empty permissions to username and email attributes 
Closes #11647
 2022-06-07 10:59:35 -03:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API (#11199) 2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration (#12244) 
Closes #12243
 2022-06-07 09:02:00 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
Takashi Norimatsu
3889eeda30 Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API 
Closes #12295
 2022-06-06 11:30:48 +02:00
mposolda
f90fbb9c71 Changing locale on logout confirmation did not work 
Closes #11951
 2022-05-31 16:03:58 +02:00
Takashi Norimatsu
d083b6c484 ciba http auth channel sends client_id and client_secret via delegation request 
Closes #10993
 2022-05-31 08:22:50 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store 
Closes #9669
 2022-05-30 21:05:34 +02:00
Pedro Igor
ea22989d89 Fixing ClientTokenExchangeTest to also run when TLS is disabled 
Closes #11818
 2022-05-30 11:23:46 -03:00
Pedro Hos
e121371401 /clients-registrations API doesn't return secret anymore and is not coherent #11116 
/clients-registrations API doesn't return secret anymore and is not coherent

fixing merge

/clients-registrations API doesn't return secret anymore and is not coherent

fixing test that was failing

Replace tabs with regular spaces

fixing identation

/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116

fixing test that was failing
 2022-05-30 15:18:56 +02:00
mposolda
4222de8f41 OIDC RP-Initiated Logout POST method support 
Closes #11958
 2022-05-30 14:10:58 +02:00
Marek Posolda
cf386efa40
Support for client_id parameter in OIDC RP-Initiated logout endpoint (#12202) 
Closes #12002


Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2022-05-27 14:12:37 +02:00
Luca Leonardo Scorcia
27650ab816 Fix #10982 SAML Client - Introduce SAML Issuer validation 2022-05-27 10:58:10 +02:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store 
Closes #11947
 2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
Martin Bartoš
86f31e8df5 Fix BlacklistPasswordPolicyDefaultPath Failures on Windows 
Fixes #11967
 2022-05-24 17:26:19 -03:00
vramik
24171d2e47 Rename providers from jpa-map-storage to jpa 
Closes #12098
 2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled 
Closes #12118
 2022-05-23 13:01:30 +02:00
vramik
f8ca25d4a4 Add a profiles testsuite for jpa-map storage 
Closes #12045
 2022-05-20 09:17:33 +02:00
Stian Thorgersen
075e284455
Remove legacy (non-Elytron) WildFly adapter (#11789) 
Closes #11683
 2022-05-18 10:34:47 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation 
Closes #11189
 2022-05-17 12:57:35 +02:00
Michal Hajas
b86f205cda Make KeycloakServer runnable with external Infinispan server 
Closes #12011
Closes #12014
 2022-05-16 21:50:35 +02:00
Takashi Norimatsu
9541852a9b ID token encryption without specifying id_token_encrypted_response_enc does not follow OIDC Dynamic Client Registration specification 
Closes #11392
 2022-05-16 09:05:22 +02:00