libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
14703 commits 4 branches 5 tags 483 MiB
Commit graph

724 commits

Author SHA1 Message Date
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled 
Closes #12118
 2022-05-23 13:01:30 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation 
Closes #11189
 2022-05-17 12:57:35 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one 
Fixes first part of: #11173

* Merge single-use token providers into one

* Remove PushedAuthzRequestStoreProvider

* Remove OAuth2DeviceTokenStoreProvider

* Delete SamlArtifactSessionMappingStoreProvider

* SingleUseTokenStoreProvider cleanup

* Addressing Michal's comments

* Add contains method

* Add revoked suffix

* Rename to SingleUseObjectProvider
 2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities 
Closes #11817
 2022-05-11 07:20:01 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing (#7943) 
Closes #11875
 2022-05-09 18:52:22 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services 
Closes #9679
 2022-05-06 15:31:38 +02:00
Dominik Guhr
acd4f5f793 set the standardcharset to UTF-8 
Closes #10462
 2022-05-03 16:14:34 -03:00
vramik
0d83b51b20 Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field 
Co-authored-by Michal Hajas <mhajas@redhat.com>

Closes #10883
 2022-05-03 12:56:27 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed 
Closes #11076
 2022-04-28 11:09:17 +02:00
Hynek Mlnarik
0ce5dfc09c Remove dependency of map on services 
Fixes: 8903
 2022-04-22 17:27:21 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117) 
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-04-20 14:25:16 +02:00
Pedro Igor
f1fd7af758
Remove policies when user is deleted (#11385) 
Closes #11284
 2022-04-20 09:23:46 +02:00
Pedro Igor
b4770c30fd Fixing NPE when querying resources by type 
Closes #11137
 2022-04-07 15:10:20 -03:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint (#10887) 
* OIDC RP-Initiated logout endpoint
Closes #10885

Co-Authored-By: Marek Posolda <mposolda@gmail.com>

* Review feedback

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
 2022-03-30 11:55:26 +02:00
Andrea Peruffo
da5db5a813
Fix NPEs during realm import (#10962) 
Closes #10961
 2022-03-29 21:48:37 +02:00
Martin Kanis
e493b08fa7 Add expiration field to root authentication session 2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring 
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
 2022-03-22 20:49:40 +01:00
Alexander Schwartz
fb92b95c33 Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible. 
This reverts commit bc27c7c464.

Closes #10840
 2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Clara Fang
bc27c7c464 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() 
Closes #10333
 2022-03-18 11:20:52 +01:00
mposolda
9e12587181 Protocol mapper and client scope for 'acr' claim 
Closes #10161
 2022-03-11 09:23:25 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730) 
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
 2022-03-10 15:49:25 +01:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation (#10603) 
Closes #10602
 2022-03-09 00:05:14 +01:00
rmartinc
48565832d4 [#10608] Password blacklists folder 2022-03-08 08:22:34 -03:00
mposolda
93bba8e338 Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that. 
Closes #10205
 2022-03-08 10:41:05 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore 
Closes #10442
 2022-02-24 12:46:26 +01:00
bal1imb
07d47cf6c2 KEYCLOAK-19501 Removed exception handling on failed event persistence in the EventBuilder class. 2022-02-23 15:41:20 -03:00
Marek Posolda
8c3fc5a60e
Option for client to specify default acr level (#10364) 
Closes #10160
 2022-02-22 07:54:30 +01:00
Marek Posolda
90d4e586b6
Show error in case of an unkown essential acr claim. Make sure correc… (#10088) 
* Show error in case of an unkown essential acr claim. Make sure correct acr is set after authentication flow during step-up authentication
Closes #8724

Co-authored-by: Cornelia Lahnsteiner <cornelia.lahnsteiner@prime-sign.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2022-02-15 09:02:05 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
Francis PEROT
623aaf1e8b Fixes collection comparison ignoring order 
Use of containsAll() does not permit to compare if 2 lists are equals
(ignoring order)
Previous implementation of CollectionUtil.collectionEquals(...) was not taking care of specific cases where you can have [ A, A, B ] and [ A, B, B ] and complexity was O(n²)
Using Map, complexity is now O(n)

Closes #9920
 2022-02-11 10:01:41 +01:00
Mauro de Wit
2c238b9f04
session-limiting-feature (#8260) 
Closes #10077
 2022-02-08 19:16:06 +01:00
Stian Thorgersen
2e5cb103ee
Update to UA Parser 1.5.2 (#10030) 2022-02-08 11:28:59 +01:00
Marek Posolda
d9c8cb30a5
Closes #9498 - Fix cases when user is forced to re-authenticate (#9580) 2022-02-07 09:02:08 +01:00
Konstantinos Georgilakis
a1f2f77b82 Device Authorization Grant with PKCE 
Closes #9710
 2022-02-03 08:37:07 +01:00
Daniel Gozalo
3528e7ba54 [fixes #9224] - Get consented scopes from AuthorizationContext 
Always show the consent screen when a dynamic scope is requested and show the requested parameter

Improve the code that handles dynamic scopes consent and add some log traces

Add a test to check how we show dynamic scope in the consent screen and added missing template file change

Fix merge problem in comment and improve other comments

Fix the Dynamic Scope test by assigning it to the client as optional instead of default

Change how dynamic scopes are represented in the consent screen and adapt test
 2022-02-02 09:10:20 +01:00
Alexander Schwartz
df7ddbf9b3 Added ModelIllegalStateException to handle lazy loading exception. 
Closes #9645
 2022-01-31 10:10:41 +01:00
Takashi Norimatsu
ef134390c2 Client Policies : Condition's negative logic configuration is not shown in Admin Console's form view 
Closes #9447
 2022-01-27 09:55:22 +01:00
vramik
873a44459a Convert MapClientScopeEntity to interface 
Closes #9657
 2022-01-23 16:56:25 +01:00
Thomas Darimont
438fc2865f Fix embedded theme-resources lookup in Keycloak.X 
Previously lookups for embedded theme-resources did not work for Keycloak.X because of a missing
`ClasspathThemeResourceProvider` registration.

This PR ensures that a `ClasspathThemeResourceProvider` is registered in Keycloak.X based deployments.

Added empty constructors to ClasspathThemeResourceProvider to enable dynamic instantiation by Quarkus.

Fixes #9653
 2022-01-21 09:52:26 -03:00
Daniel Gozalo
8ea09d3816
[fixes #9222] - Let users configure Dynamic Client Scopes (#9327) 2022-01-12 14:27:24 +01:00
CorneliaLahnsteiner
dff79cee3c
KEYCLOAK-847 Add support for step up authentication (#7897) 
KEYCLOAK-847 Fix behavior of unknown not essential acr claim

Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2021-12-22 12:43:12 +01:00
keycloak-bot
9f3d4a7d42 Set version to 17.0.0-SNAPSHOT 2021-12-20 10:50:39 +01:00
vramik
e61da278ba When ternary conditional operator uses primitive type it could throw NPE in some cases 
Closes #9137
 2021-12-15 10:25:54 +01:00
Hynek Mlnarik
2785cab596 Simplify component model overrides 
Fixes #9021
 2021-12-08 10:58:56 +01:00
Hynek Mlnarik
95614e8b40 Fix NPE for component creation when realm unset but config known 
Fixes #9019
 2021-12-07 20:15:05 +01:00
Martin Bartoš
1e1a6779be Issue 8814: Replace deprecated hamcrest-all dependencies 2021-11-23 13:56:28 +01:00
bal1imb
661aca4452 KEYCLOAK-19283 Implemented new identity provider mapper "Advanced claim to group mapper" alongside tests. 2021-11-19 16:54:39 +01:00
Takashi Norimatsu
10c3e149d3 KEYCLOAK-19699 RSA key provider with key use = enc cannot select corresponding algorithm on Admin Console 2021-11-18 13:24:50 +01:00
Alec Henninger
cec6a8a884 KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error 2021-11-08 11:37:51 +01:00
Pedro Igor
eaa96f6147 [KEYCLOAK-18255] - Vault Support in Dist.X 2021-11-03 09:23:33 -03:00
Martin Bartoš
bfce612641 KEYCLOAK-18338 Fix update user account with configured SSSD 2021-11-02 08:42:07 +01:00
R Yamada
891c8e1a12 [KEYCLOAK-17653] - OIDC Frontchannel logout support 2021-10-07 15:27:19 -03:00
stianst
f471a110cd KEYCLOAK-19408 Better client secrets 2021-09-29 18:19:43 +02:00
Daniel Fesenmeyer
339224578e KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role) 
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
 2021-09-22 13:56:29 +02:00
Nikolas Laskaris
8f09d34272
KEYCLOAK-18288 (#8096) 
RealmsAdminResource now returns also a brief representation (not by default, to be backwards compatible) for realms[] if the appropriate flag is sent.
 2021-09-20 15:32:15 -04:00
Vlastimil Elias
28e220fa6d KEYCLOAK-18497 - Support different input types in built-in dynamic forms 2021-09-20 09:14:49 -03:00
Vlastimil Elias
2be5f528e4 KEYCLOAK-18700 - consistently record User profile attribute changes in 
UPDATE_PROFILE event
 2021-09-15 08:26:01 -03:00
David Hellwig
a6cd80c933
KEYCLOAK-16076 added new warining when cookies are disabled -with new branch- (#7632) 
* KEYCLOAK-16076 added new warining when cookies are disabled

Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
 2021-09-13 11:30:11 +02:00
Martin Bartoš
7c243c8427 KEYCLOAK-18590 Save Button Enabled For Empty Attributes 2021-09-01 10:51:20 +02:00
Thomas Darimont
fd2787ae7d KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew 
Make TimeBasedOTP#clockSkewIndexToDelta private.
 2021-09-01 10:45:50 +02:00
Thomas Darimont
af892d469c KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew 
Add test case
 2021-09-01 10:45:50 +02:00
Thomas Darimont
5898f9c390 KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew 
Previously the TimeBasedOTP only looked behind to mitigate clock skew.
We now look around (look ahead + look behind) to better accommodate clock skew.
 2021-09-01 10:45:50 +02:00
Martin Bartos
18cef60bbd KEYCLOAK-19037 Problems with validation of Email field that contains uppercase character 2021-08-19 11:13:42 +02:00
Vlastimil Elias
afa6e31d36 [KEYCLOAK-19006] User Profile: Patched handling of the "whitespace-only" 
texts in pattern and length validators
 2021-08-10 08:43:58 -03:00
Simen Heggestøyl
624a9a3ed7 KEYCLOAK-18509 Fix permission error when deleting client 2021-08-05 11:55:24 -03:00
Thomas Darimont
17da3ee8d9 KEYCLOAK-18380 Fix Groups search by name returns unwanted groups 
Previously the group search did not apply a given search query as filter
for groups along the group path.

We now filter the found groups with the given group search query if present.
 2021-08-05 11:43:56 +02:00
keycloak-bot
262ec3d031 Set version to 16.0.0-SNAPSHOT 2021-07-30 14:56:10 +02:00
Vlastimil Elias
32f2f095fe KEYCLOAK-7724 User Profile default validations 2021-07-29 08:42:37 +02:00
mposolda
643b3c4c5a KEYCLOAK-18594 CIBA Ping Mode 2021-07-27 08:33:17 +02:00
Joerg Matysiak
9dff21d0a7 KEYCLOAK-18552 
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
 2021-07-23 09:26:21 -03:00
Vlastimil Elias
61aa4e6a70 KEYCLOAK-18750 - Set "Email Verified" to false when email changed in 
UserProfile Provider
 2021-07-19 11:19:29 -03:00
bal1imb
fbaeb18a5f KEYCLOAK-18471 Added ID to admin event object. 2021-07-16 12:46:07 +02:00
Pedro Igor
f1face6973 [KEYCLOAK-18748] - Do not remove attributes when declarative provider is enabled 2021-07-15 12:00:39 -03:00
Pedro Igor
1baab67f3b [KEYCLOAK-18630] - Request object encryption support 2021-07-09 11:27:30 -03:00
Vlastimil Elias
6686482ba5 [KEYCLOAK-18591] - Support a dynamic IDP user review form 2021-07-09 10:05:26 -03:00
Pedro Igor
4099833be8 [KEYCLOAK-18693] - Declarative profile validating read-only attribute if it exists 2021-07-08 15:22:02 -03:00
Dmitry Telegin
3b3a61dfba KEYCLOAK-18639 Token Exchange SPI Milestone 1 2021-07-06 15:48:45 -03:00
Hryhorii Hevorkian
2803685cd7 KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak 
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2021-07-03 08:47:42 +02:00
Vlastimil Elias
04ff2c327b [KEYCLOAK-18429] Support a dynamic update profile form 2021-07-02 10:22:47 -03:00
Vlastimil Elias
f32447bcc1 [KEYCLOAK-18424] GUI order for user profile attributes 2021-07-02 08:37:24 -03:00
lbortoli
164f3df080 KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback. 2021-07-01 00:31:26 +02:00
Vlastimil Elias
bcfa6e4309 KEYCLOAK-18592 - put attribute validators configuration into freemarker 
template for user profile pages
 2021-06-30 09:01:12 -03:00
Takashi Norimatsu
57c80483bb KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request 
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2021-06-29 08:07:40 +02:00
Pedro Igor
948f453e2d [KEYCLOAK-18427] - Allowing switching to declarative provider 2021-06-28 15:50:04 -03:00
Vlastimil Elias
512bcd14f7 [KEYCLOAK-18428] - dynamic registration form 2021-06-25 17:11:15 -03:00
Vlastimil Elias
b7a4fd8745 KEYCLOAK-18423 - Support a user-friendly name property for user profile 
attributes
 2021-06-24 08:17:06 -03:00
Vlastimil Elias
458c841c39 [KEYCLOAK-18447] Dynamically select attributes based on requested scopes 2021-06-22 08:54:03 -03:00
rmartinc
b8452374d2 [KEYCLOAK-18473] Add max length to password policy 2021-06-22 10:15:48 +02:00
keycloak-bot
13f7831a77 Set version to 15.0.0-SNAPSHOT 2021-06-18 10:42:27 +02:00
Pedro Igor
ef3a0ee06c [KEYCLOAK-17399] - Declarative User Profile and UI 
Co-authored-by: Vlastimil Elias <velias@redhat.com>
 2021-06-14 11:28:32 +02:00
mposolda
070c68e18a KEYCLOAK-18069 Migration of client policies JSON from Keycloak 13 2021-06-10 10:40:14 +02:00
mposolda
ab13e3e4fe KEYCLOAK-17939 Enable Client policies feature by default 2021-05-31 12:31:52 +02:00
vramik
2bf727d408 KEYCLOAK-17753 remove KeycloakModelUtils.isClientScopeUsed method 2021-05-28 21:07:14 +02:00
Michal Hajas
4dcb69596b KEYCLOAK-18146 Search for clients by client attribute when doing saml artifact resolution 2021-05-27 23:02:22 +02:00
Stian Thorgersen
2cb59e2503
KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients 2021-05-27 22:28:56 +02:00
Hynek Mlnarik
3d8f152787 KEYCLOAK-17747 KEYCLOAK-17754 Optimize getClients() calls 2021-05-27 22:12:56 +02:00
Martin Kanis
122fbe1bc6 KEYCLOAK-18298 ClearExpiredUserSessions timeouts with large number of sessions 2021-05-27 16:31:10 +02:00
vramik
3aa06c2721 KEYCLOAK-18073 avoid ModelDuplicateException during parallel starup of servers 2021-05-27 07:10:35 +02:00