libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24253 commits 4 branches 5 tags 480 MiB
Commit graph

4687 commits

Author SHA1 Message Date
Lucy Linder
aa6771205a Update ReCAPTCHA and add support for ReCAPTCHA Enterprise 
Closes #16138

Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
 2024-03-04 20:28:06 +09:00
vramik
032bb8e9cc Map Store Removal: Remove obsolete KeycloakModelUtils.isUsernameCaseSensitive method 
Closes #27438

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-02 04:40:46 +09:00
rmartinc
f970803738 Check email and username for duplicated if isLoginWithEmailAllowed 
Closes #27297

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-02 00:14:27 +09:00
Andy
137907f5ef Roles admin REST API: Don't expand composite roles 
Additionally:
- Import clean-up
- Added requireMapComposite as in RoleResource.addComposites

Closes #26951

Signed-off-by: synth3 <19573241+synth3@users.noreply.github.com>
 2024-03-02 00:03:03 +09:00
Takashi Norimatsu
1792af6850 OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor 
closes #27412

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-03-01 14:49:23 +01:00
Hynek Mlnarik
49bbed13b9 Localize admin error messages 
Fixes: #25977 (part of)

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-03-01 14:03:08 +01:00
graziang
082f9ec15b Update client scopes in Client Update Request in DCR 
Fix ClientScopesClientRegistrationPolicy.beforeUpdate because it was modifying the original clientRepresentation.
Add updateClientScopes method to set client scopes in Client Update Request in DCR.

Closes #24361

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-03-01 12:32:45 +01:00
Marek Posolda
ae0a0ea30b
SecureRedirectUrisEnforcerExecutor fixes (#27369) 
closes #27344

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-02-29 17:24:20 +01:00
Steven Hawkins
51590668f5
fix: provide a better error message when option parsing fails (#27354) 
closes: #16260

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-29 08:22:21 -05:00
Takashi Norimatsu
3db04d8d8d Replace Security Key with Passkey in WebAuthn UIs and their documents 
closes #27147

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-29 10:31:05 +01:00
Pedro Igor
326d63ce74 Make sure group searches are cached and entries invalidate accordingly 
Closes #26983

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-29 05:06:36 +09:00
Vlasta Ramik
ade3b31a91
Introduce new CLI config options for Infinispan remote store 
Closes #25676

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-28 15:49:19 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm 
Closes #25823

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-02-28 16:17:51 +01:00
Pedro Igor
788d146bf2 Use the target client when processing scopes for internal exchanges 
Closes #19183

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-28 15:18:43 +01:00
rmartinc
2bd9f09e29 Re-index CLIENT_ATTRIBUTES using name and value 
Closes #26618

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-28 11:07:03 +01:00
graziang
16a854c91b Add option to clients to use lightweight access token 
Add an "Always use lightweight access token" option on the client's Advanced tab in the "Advanced Settings" section that uses the already existing Constants.USE_LIGHTWEIGHT_ACCESS_TOKEN_ENABLED to store a boolean client attribute.
The attribute value is used to enable or disable the lightweight access token.
Closes #27238

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-02-28 10:18:26 +01:00
Pedro Igor
0c91fceaad Allow setting if both 'client_id' and 'id_token_hint' params should be sent in logout requests 
Closes #27281

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-27 20:37:27 +09:00
Dmitry Telegin
6a57614554 Fix disabled feature tests 2024-02-27 19:11:32 +09:00
rmartinc
562decde35 Perform internal introspect for the access token in the account app 
Closes #27243

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-27 09:19:20 +01:00
kaustubh-rh
03f6cda85a
Prevent user from removing built-in client scopes (#27134) 
Closes #26937

Signed-off-by: Kaustubh B <kbawanka@redhat.com>
 2024-02-26 11:16:23 +01:00
Gilvan Filho
83af01c4c0 Add failedLoginNotBefore to AttackDetectionResource 
Closes #17574

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
 2024-02-26 09:35:51 +01:00
graziang
cecce40aa5 Avoid regenerating the totpSecret on every reload of the OTP configuration page 
Using an auth note to store the totpSecret and passing its value in the TotpBean constructor to keep the totpSecret on page reload

Closes #26052

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-02-22 19:09:09 +01:00
Pedro Igor
604274fb76 Allow setting an attribute as multivalued 
Closes #23539

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-02-22 12:56:44 +01:00
Takashi Norimatsu
1e12b15890 Supporting OAuth 2.1 for public clients 
closes #25316

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-22 10:57:29 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack 
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-22 09:34:51 +01:00
Takashi Norimatsu
9ea679ff35 Supporting OAuth 2.1 for confidential clients 
closes #25314

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-22 08:34:21 +01:00
Peter Keuter
01d66a662b
Expose display name and locales when user has ANY admin role (#27160) 
* chore: expose display name and locales when user has view-realm

Signed-off-by: Peter Keuter <github@peterkeuter.nl>

* fix: supportedlocales are available as stream

Signed-off-by: Peter Keuter <github@peterkeuter.nl>

* fix: tests

Signed-off-by: Peter Keuter <github@peterkeuter.nl>

* fix: remove unnecessarily added ignore

Signed-off-by: Peter Keuter <github@peterkeuter.nl>

---------

Signed-off-by: Peter Keuter <github@peterkeuter.nl>
 2024-02-21 13:30:31 -05:00
Ricardo Martin
3bc074913e
Allow LDAP provider to search using any attribute configured via mappers (#26235) 
Closes #22436

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-21 08:48:39 +00:00
Takashi Norimatsu
1bdbaa2ca5 Client policies: executor for validate and match a redirect URI 
closes #25637

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-20 08:37:33 +01:00
Ryan Emerson
a2f027ee00 Use AWS JDBC Wrapper in CI tests. Resolves #27123 
Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-02-19 19:07:24 +01:00
Stefan Wiedemann
aa6b102e3d
Support EC Key-Imports for the JavaKeystoreKeyProvider #26936 (#27030) 
closes #26936

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-02-19 17:41:40 +01:00
Tomas Ondrusko
055a0e2231 Fix Microsoft social login test case 
Resolves #27120

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2024-02-19 15:56:58 +01:00
Pedro Hos
6b3fa8b7a7
Invalid redirect uri when identity provider alias has spaces (#22840) 
closes #22836


Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-02-19 14:40:42 +01:00
graziang
1f57fc141c UPDATED_PASSWORD required-action triggered only when login using password 
`UpdatePassword.evaluateTriggers` adds the required-action to the user by evaluating the expiration password policy. Added a check that skips the evaluation if no password used during auth flow. This check uses the value of an auth note set in the `validatePassword` method of the `AbstractUsernameFormAuthenticator`.
Manually adding UPDATED_PASSWORD required-action to the user continues to trigger the action regardless of the authentication method.

Closes #17155

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-02-16 18:16:36 +01:00
Marek Posolda
c94f9f5716
Remove random redirect after password reset (#27076) 
closes #20867

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2024-02-16 18:13:27 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension 
Closes #9758

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 08:09:34 +01:00
mposolda
eff6c3af78 During password reset, the baseURL is not shown on the info page after browser restart 
closes #21127

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-02-15 18:48:53 +01:00
Michal Hajas
e55ba5dcdc Make sure pagination is used even when first is null for getGroups endpoint 
Closes #25731

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-15 19:46:04 +09:00
mposolda
b4d289c562 Fixing UriValidator 
closes #26792

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-02-15 10:30:39 +01:00
rmartinc
4ff4c3f897 Increase internal algorithm security using HS512 and 128 byte hmac keys 
Closes #13080

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-15 08:16:45 +01:00
rmartinc
bc82929e3a Cors modifications for UserInfo endpoint 
Closes #26782

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-14 18:24:06 +01:00
Ryan Emerson
67f6f2f657
Add Multi-AZ Aurora DB to CI store-integration-tests 
Closes #26730

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-02-14 16:51:08 +01:00
rmartinc
bb12f3fb82 Do not require non-builtin attributes for service accounts 
Closes #26716

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-13 17:42:59 +01:00
Steven Hawkins
6bbf8358b4
task: addressing build warnings (#26877) 
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-13 17:04:43 +01:00
Steven Hawkins
3a04acab51
fix: adds pfx as a recognized extension (#26876) 
closes #24661

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-13 15:38:12 +01:00
Stian Thorgersen
23d5f2188d
Run adapters in a separate job on GitHub Actions (#26962) 
Closes #25892

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-13 12:38:58 +01:00
Stefan Guilhen
2161e72872 Add migration for the useTruststoreSpi config property in LDAP user storage provider 
- legacy `ldapsOnly` value now migrated to `always`.

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-12 11:53:19 +01:00
Pedro Igor
e50642ac32 Allow setting a default user profile configuration 
Closes #26489

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-12 11:16:48 +01:00
Stefan Guilhen
d3ae075a33 Fix MembershipType so that NPE is not thrown when an empty member is found within a group 
Closes #25883

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-09 19:04:37 +01:00
Réda Housni Alaoui
67718c653a UPDATE_EMAIL action token handling should allow the user to resume its navigation to the redirect uri 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-02-08 18:32:38 -03:00