libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24990 commits 4 branches 5 tags 480 MiB
Commit graph

127 commits

Author SHA1 Message Date
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305) 
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
 2024-05-16 07:58:43 +02:00
Alexander Schwartz
8deca303e2
Update instruction on how to enable persistent sessions (#29490) 
Closes #29489

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-15 13:26:51 +02:00
christian2
e200ccfa53 Fix URL endpoint for Docker registry v2 authentication 
Closes #29132

Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
 2024-05-13 13:51:06 +02:00
Alexander Schwartz
6fbe207d64
Create documentation for persistent user sessions 
Closes #29218

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-05-13 11:02:45 +02:00
AndyMunro
4a5055c3cc Update create realm topics to replace Master 
Closes #29280

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-05-08 17:37:20 +02:00
Nathan Raj
8ff1ae0c08
Update stack-overflow.adoc (#29363) 
Corrected capitalisation for heading
 2024-05-08 16:06:33 +02:00
Thore
4b194d00be iso-date validator for the user-profile 
Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker.

Closes #11757

Signed-off-by: Thore <thore@kruess.xyz>
 2024-05-07 11:42:39 -03:00
Dimitri Papadopoulos Orfanos
9db1443367
Fix typos found by codespell in docs (#28890) 
Run `chmod -x` on files that need not be executable.

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-03 12:41:16 +00:00
Steven Hawkins
3b1ca46be2
fix: updating docs around -q parameter (#29151) 
closes: #27877

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-05-02 16:48:43 +02:00
Douglas Palmer
8d4d5c1c54 Remove redundant servers from the testsuite 
Closes #29089

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-30 17:39:32 +02:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393) 
Closes #26201.

Signed-off-by: Lex Cao <lexcao@foxmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-22 11:30:14 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872) 
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2024-04-18 16:02:24 +02:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available 
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-15 15:05:09 +02:00
Christopher Miles
1646315939 Deny list lower cases all passwords when loading from file 
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
 2024-04-15 08:49:37 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper (#28663) 
closes #28661


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-12 14:13:03 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default 
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-12 10:53:39 +02:00
Marek Posolda
13daaa55ba
Documentation for changes related to 'You are already logged in' scen… (#28595) 
closes #27879

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-11 08:18:41 +02:00
Giuseppe Graziano
c76cbc94d8 Add sub via protocol mapper to access token 
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-10 10:40:42 +02:00
Giuseppe Graziano
b4f791b632 Remove session_state from tokens 
Closes #27624

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-08 08:12:51 +02:00
Giuseppe Graziano
fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper 
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-02 08:44:28 +02:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Steven Hawkins
619775b8db
fix: simplifies the parsing routine, which accounts for leading 0's (#28102) 
closes: #27839

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-22 09:19:52 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
AndyMunro
d61b1ddb09 Edit use of Keycloak in Server Admin Guide 
Closes #27955

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-03-18 09:51:55 +01:00
Alexander Schwartz
62d24216e3 Remove offline session preloading 
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-15 15:19:27 +01:00
Stian Thorgersen
81f3f211f3
Delete all deprecated and unmaintained examples (#27855) 
Signed-off-by: stianst <stianst@gmail.com>
 2024-03-15 07:24:20 +01:00
Martin Bartoš
c5553b46b4
Update Welcome page image in docs 
Closes #27719

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-03-08 15:00:36 +01:00
Alexander Schwartz
fa12b14a32 Update docs about when emails for changed credentials are sent 
Closes #27620

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-03-07 07:16:16 +01:00
Alexander Schwartz
4b697009d3
Clean up feature IDs in the docs (#27418) 
Closes #27416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-06 12:32:06 +01:00
Lucy Linder
84d48a9877 Update documentation for reCAPTCHA support 
Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
 2024-03-04 20:28:06 +09:00
Takashi Norimatsu
3db04d8d8d Replace Security Key with Passkey in WebAuthn UIs and their documents 
closes #27147

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-29 10:31:05 +01:00
Marek Posolda
8dd0eb451d
Additional release notes for Keycloak 24 (#27339) 
closes #27142

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-02-29 08:43:22 +01:00
Alexander Schwartz
6de61f61f0 Adding missing explicit IDs for cross-references 
Closes #27316

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-28 08:37:52 +01:00
Pedro Igor
b98e115183 Updating docs and account message 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-22 22:58:22 +09:00
Pedro Igor
604274fb76 Allow setting an attribute as multivalued 
Closes #23539

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-02-22 12:56:44 +01:00
Takashi Norimatsu
1e12b15890 Supporting OAuth 2.1 for public clients 
closes #25316

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-22 10:57:29 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack 
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-22 09:34:51 +01:00
Takashi Norimatsu
9ea679ff35 Supporting OAuth 2.1 for confidential clients 
closes #25314

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-22 08:34:21 +01:00
Jon Koops
89af9e3ffd
Write announcement and documentation for Account Console v3 (#26318) 
Closes #26122

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-02-21 13:42:33 -05:00
Alexander Schwartz
3b6886d970
Add warning about too long attribute values as it can exhaust caches (#27126) 
Closes #27125

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-21 13:47:58 +01:00
Takashi Norimatsu
1bdbaa2ca5 Client policies: executor for validate and match a redirect URI 
closes #25637

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-20 08:37:33 +01:00
Joshua Sorah
018914d7fd Change Open ID Connect to OpenID Connect in UI and docs 
Closes #27093

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2024-02-19 17:01:57 +01:00
Takashi Norimatsu
849a920955 Rename Resident key to Discoverable Credential 
closes #9508

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-19 14:12:15 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension 
Closes #9758

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 08:09:34 +01:00
Marek Posolda
e2fb8406a3
Fixing the docs about default hashing iterations (#27020) 
closes #26816

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-02-15 08:11:44 +01:00
Joshua Sorah
b81233a4af
[docs] Align OAuth 2.0 Security Best Current Practice links (#24706) 
Closes keycloak/keycloak#24705

Signed-off-by: Joshua Sorah <jsorah@gmail.com>
 2024-02-13 13:53:56 +01:00
Pedro Igor
750bc2c09c Reviewing references to user attribute management and UIs 
Closes #26155

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-12 16:01:34 +01:00
mposolda
7af753e166 Documentation for AIA 
closes #25569

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-02-12 09:42:34 +01:00
Thomas Darimont
93fc6a6c54 Shorter lifespan for offline session cache entries in memory 
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-02-09 19:44:04 +01:00
Michael Schnitzler
fdfe41bdda fix documentation for resetting OTP in "reset credentials" flow (#26834) 
The former version stated that the "Reset OTP" step had to be disabled in the "reset credentials" authentication flow in order to keep the OTP unchanged. This leads to an error. More precisely, the "Reset - Conditional OTP" sub-flow has to be disabled.

Fixex #26834

Signed-off-by: Michael Schnitzler <schnitzler.michael+github@gmail.com>
 2024-02-07 11:57:58 -03:00