libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions
22136 commits 4 branches 5 tags 483 MiB
Commit graph

22136 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yoshiyuki Tabata
f03ee2ec98 KEYCLOAK-14145 OIDC support for Client "offline" session lifespan 2020-06-04 14:24:52 +02:00
Pedro Igor
82cfb8e821 [KEYCLOAK-11330] - Data and conf directory on distribution 2020-06-04 08:29:59 -03:00
Denis
8d6f8d0465 EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows 2020-06-04 08:08:52 +02:00
Alfredo Boullosa
2ddfc94495 KEYCLOAK-14115 Add a refresh to avoid failure 2020-06-03 20:13:08 -04:00
Pedro Igor
357982adf6 [KEYCLOAK-11330] - Initial changes to get testsuite working for Quarkus 2020-06-03 09:57:24 -03:00
Thomas Darimont
ddeaa6b3c4 KEYCLOAK-14359 Close InputStream in org.keycloak.common.Version 2020-06-03 14:54:05 +02:00
Peter Skopek
465e00ccbf KEYCLOAK-14374 Add synchronization for 9.0.x branch 2020-06-03 14:43:19 +02:00
Pedro Igor
0870041b0b [KEYCLOAK-14335] - Not initializing entity associations and removing bi-directional ones 
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2020-06-02 11:31:10 -03:00
Jan Lieskovsky
a121f77ea4 [KEYCLOAK-12305] [Testsuite] Check LDAP federated user (in)valid 
login(s) using various authentication methods, bind credential
types, and connection encryption mechanisms

The tests cover various possible combinations of the following:
* Authentication method: Anonymous or Simple (default),
* Bind credential: Secret (default) or Vault,
* Connection encryption: Plaintext (default), SSL, or startTLS

Also, ignore the StartTLS LDAP tests for now till KEYCLOAK-14343
& KEYCLOAK-14354 are corrected (due these issues they aren't
working with auth server Wildfly). They will be re-enabled later
via KEYCLOAK-14358 once possible

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-06-02 14:44:17 +02:00
Peter Skopek
01032b9bb5 KEYCLOAK-12273 add variable exclusions to avoid test failures 2020-06-02 11:22:18 +02:00
Andy Munro
0ddeec4e1e KEYCLOAK-12273 update to the description of services and endpoints as suggested by Sebastian. Otherwise, I am done. 
However, I still need input from Sebastian on technical accuracy.
 2020-06-02 11:22:18 +02:00
Sebastian Laskawiec
8c12072a8c KEYCLOAK-12273 Operator documentation 2020-06-02 11:22:18 +02:00
Pedro Igor
e8dc10b4a1 [KEYCLOAK-11330] - Properly handling POST formdata and UriInfo 2020-06-02 09:36:40 +02:00
stianst
90b29b0e31 KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy 2020-05-29 13:57:38 +02:00
Benjamin Weimer
4265fdcab2 KEYCLOAK-14318 Client Empty Root URL and relative Base URL is valid 2020-05-29 11:21:28 +02:00
Takashi Norimatsu
067ff33d26 KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support 2020-05-29 08:44:03 +02:00
Lars Uffmann
941daa4e0f KEYCLOAK-10927 change parenthetical comments to "such as..." 2020-05-29 08:41:59 +02:00
Lars Uffmann
86f9e12e8e KEYCLOAK-10927 update documentation 2020-05-29 08:41:59 +02:00
mposolda
7f8c4c89d3 KEYCLOAK-14270 Improve documentation for fullName LDAP mapper about fallback to username 2020-05-28 21:37:51 +02:00
Thomas Darimont
ac2bf88e5a KEYCLOAK-13958 Document updating and regenerating a client secret with kcadm.sh 2020-05-28 20:36:32 +02:00
vmuzikar
f8dce7fc3e KEYCLOAK-13819 SAML brokering with POST binding is broken by new SameSite policies 2020-05-28 13:37:56 +02:00
Pedro Igor
ee83f8c16f [KEYCLOAK-11679] - Creating keys right after master realm creation 2020-05-28 10:55:25 +02:00
Pedro Igor
b6060c52b7 [KEYCLOAK-11679] - Avoid reflection when handlign startup event 2020-05-27 08:17:12 +02:00
Thomas Darimont
e825ec24cb KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow 
Revised tests
 2020-05-27 07:34:05 +02:00
Thomas Darimont
5a337d0376 KEYCLOAK-9635 Add AccessTokenHash to IDToken for OIDC Auth Code flow 
Added missing test
 2020-05-27 07:34:05 +02:00
Youssef El Houti
086bdd1700 add optional field at_hash to idToken when using Authorization Code flow since it improves performance and allows to follow the recommandation in RFC for clients to use hash for access_token validation 2020-05-27 07:34:05 +02:00
Pedro Igor
bc901d0025 [KEYCLOAK-14299] - Do not create keys during startup but on-demand 2020-05-26 15:13:26 -03:00
Torsten Juergeleit
6005503a3d Namespace support to group-ldap-mapper 
Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.

This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.

This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.

A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.

This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.

An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.
 2020-05-26 17:37:29 +02:00
Andy Munro
c82e2796b8 KEYCLOAK-13978 Duplicate groups note 2020-05-26 17:08:21 +02:00
Pedro Igor
f15821fe69 [KEYCLOAK-11679] - Server startup on Quarkus 2020-05-26 08:34:07 -03:00
Hynek Mlnarik
7deb89caab KEYCLOAK-10729 Do not serialize SAML signature 2020-05-25 15:38:17 +02:00
vmuzikar
e873c70374 KEYCLOAK-14236 Support for custom Firefox preferences 2020-05-22 09:24:41 -03:00
Stan Silvert
6a96576296 KEYCLOAK-14267: Update readme for New Account Console 2020-05-20 16:33:15 -04:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … (#6962) 
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).

* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.

Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
 2020-05-20 21:04:45 +02:00
Pedro Igor
cc776204f0 [KEYCLOAK-14264] - Temporary multi-database support 2020-05-20 16:38:28 +02:00
Denis
fd59bff36d KEYCLOAK-14265 Typos in Authentication part of Keycloak Documentation 2020-05-20 16:34:42 +02:00
Denis
8c7b69fc9e KEYCLOAK-13748 Create automated test for scenario with alternative subflow for credential reset 2020-05-20 14:06:53 +02:00
Stan Silvert
13d0491ff3 KEYCLOAK-14038: Re-allow special characters for Roles only 2020-05-20 07:53:23 -04:00
Takashi Norimatsu
c057b994e7 KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support 2020-05-20 09:01:59 +02:00
Pedro Igor
54db691b26 [KEYCLOAK-11784] - Quarkus Keycloak Application 2020-05-20 08:25:25 +02:00
mhajas
4b8c7dd7d7 KEYCLOAK-14048 Allow clock skew when testing refresh token actual expiration time 2020-05-20 08:12:54 +02:00
Tomas Kyjovsky
aa27bb5911 KEYCLOAK-14225 Performance testsuite DataLoader broken 
- removing hardcoded `jackson.version` from performance testsuite pom
- moving `jackson.annotations.version` from performance testsuite pom to the root pom
 2020-05-19 18:00:05 -03:00
mposolda
8797e5c4e5 KEYCLOAK-14244 Compilation error in latest master in LDAPStorageProvider 2020-05-19 21:34:53 +02:00
Takashi Norimatsu
be0ba79daa KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS 2020-05-19 17:00:41 +02:00
mposolda
12d965abf3 KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP 2020-05-19 16:58:25 +02:00
mposolda
a891a567a5 KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP 2020-05-19 16:57:43 +02:00
Pedro Igor
68024396f1 [KEYCLOAK-11784] - Quarkus Extension 
Co-authored-by: stianst <stianst@gmail.com>
 2020-05-19 14:57:15 +02:00
Jared Jennings
91aaed6370 Update token-exchange.adoc 
Token Exchange is no longer a draft, but an accepted RFC. Updated link to RFC.
 2020-05-19 13:19:24 +02:00
Martin Kanis
6f43b58ccf KEYCLOAK-14074 filterIdentityProviders compares providerId instead of alias 2020-05-19 09:46:21 +02:00
Kohei Tamura
0a4db5b3b5 KEYCLOAK-14227 Remove unnecessary double quotations 2020-05-19 09:44:45 +02:00