libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23608 commits 4 branches 5 tags 480 MiB
Commit graph

4299 commits

Author SHA1 Message Date
DAHAG-ArisNourbakhsh
b52d97475a
Add raw OpenApi documentation files to rest-api documentation (#22940) 
Add raw OpenApi documentation files to rest-api documentation

Closes #21559

Signed-off-by: Aris Nourbakhsh <aris.nourbakhsh@dahag.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-21 12:07:33 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email 
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-20 15:15:06 -03:00
rmartinc
c2e41b0eeb Make Locale updater generate an event and use the user profile 
Closes #24369

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-20 15:26:45 +01:00
Konstantinos Georgilakis
cf57af1d10 scope parameter in refresh flow 
Closes #12009

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-20 14:00:10 +01:00
mposolda
eb184a8554 More info on UserProfileContext 
closes #25691

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-19 13:00:31 -03:00
Ricardo Martin
32a70cbedd Strip off user-info from redirect URI when validating using wildcard (#61) 
Closes keycloak/keycloak-private#58
Closes https://issues.redhat.com/browse/RHBK-679

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-19 10:13:36 -03:00
Joshua Sorah
d411eafc42 Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207 
Closes keycloak/keycloak#25584

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-19 10:38:05 +01:00
Ricardo Martin
2ba7a51da6 Escape action in the form_post response mode (#60) 
Closes keycloak/keycloak-private#31
Closes https://issues.redhat.com/browse/RHBK-652

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis
ba8c22eaf0 Scope parameter in Oauth 2.0 token exchange 
Closes #21578

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration 
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-18 15:35:52 -03:00
rmartinc
d841971ff4 Updating the UP configuration needs to trigger an admin event 
Close #23896

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 19:24:30 +01:00
mposolda
cd154cf318 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect 
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-18 11:32:27 +01:00
Takashi Norimatsu
59536becec Client policies : executor for enforcing DPoP 
closes #25315

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2023-12-18 10:45:18 +01:00
Yoshiyuki Tabata
0ca73829d0
Fix OpenAPI spec POST /admin/realms/{realm}/clients 
Closes #21536 

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2023-12-18 10:08:54 +01:00
Yoshiyuki Tabata
66ee27f413 Fix OpenAPI spec POST /admin/realms/{realm}/clients-initial-access 
Closes #25656

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2023-12-18 09:12:02 +01:00
Joshua Sorah
a10149bbe9 For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs 
Closes keycloak#25544

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-18 09:05:51 +01:00
Yoshiyuki Tabata
5bdadaacbc
Modify OpenAPI spec POST /admin/realms 
Closes #25565

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2023-12-18 08:41:23 +01:00
Sophie Tauchert
3ab24afe93 Add response annotations to resourceserver 
Closes: #25604

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
 2023-12-15 19:45:39 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation 
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
 2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215) 
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6 Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration 
closes #25416

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-14 14:43:28 +01:00
Douglas Palmer
4b11afa87b
NullPointerException when key is not available in the database (#25395) 
* NullPointerException when key is not available in the database
Closes #24485
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>


Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-12-14 09:57:53 +01:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers option (#25178) 
* Add new `--proxy-headers` option

Closes #23431

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>

* Address review comments vol. 03

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comments vol. 04

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-13 08:27:55 +01:00
Pedro Igor
78ba7d4a38 Do not allow removing username and email from user profile configuration 
Closes #25147

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-11 08:30:28 +01:00
Sophie Tauchert
1d56e0371e
Make sure authz endpoints are documented in openapi spec 
Closes: #25259

Signed-off-by: Sophie Tauchert <sophie@999eagle.moe>
 2023-12-08 16:45:13 +01:00
mposolda
90bf88c540 Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers 
closes #24718

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-12-08 12:26:35 +01:00
saumeen prajapati
d829534237
Remove single quote from log string 
Closes #25060

Signed-off-by: saumeen prajapati <psaumeen@gmail.com>
 2023-12-07 20:08:07 +00:00
wojnarfilip
925c5572ad Re-enable Federated Access Token in user sessions 
Closes #25290

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
 2023-12-07 19:55:20 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification (#25323) 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24793
 2023-12-07 12:43:43 +00:00
Fouad Almalki
0e535d2bbe Retrieve ClientConnection by invoking getConnection() instead of getContextObject() 
Signed-off-by: Fouad Almalki <me@fouad.io>
 2023-12-07 13:11:54 +01:00
Stefan Guilhen
7b63d6d500 Remove ResponseSessionTask 
- this was tightly related to retriable transactions added to map store and is no longer needed.

Closes #25309

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2023-12-06 19:53:53 +01:00
Stefan Guilhen
8e918c2ebf Revert changes to OIDCIdentityProvider that enlisted the client logout requests in a separate transaction. 
Closes #25308

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2023-12-06 19:47:04 +01:00
rmartinc
522e8d2887 Workaround to allow percent chars in getGroupByPath via PathSegment 
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-06 14:22:34 -03:00
rmartinc
d004e9295f Do not allow remove a credential in account endpoint if provider marks it as not removable 
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-05 17:11:57 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi (#25206) 
Closes #24103

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-12-01 16:40:56 +00:00
Ricardo Martin
3b26e5d489
Add active RSA key to decryption if deprecated mode (#25205) 
Closes https://github.com/keycloak/keycloak/issues/24652

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-01 13:40:47 +00:00
mposolda
3fa2d155ca Decouple factory methods from the provider methods on UserProfileProvider implementation 
closes #25146

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-01 10:30:57 -03:00
Pedro Igor
c7f63d5843 Add options to change behavior on how unmanaged attributes are managed 
Closes #24934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473) 
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-30 08:57:17 +01:00
Douglas Palmer
d0b86d2f64 Register event not triggered on external to internal token exchange 
Closes #9684

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 15:30:47 -03:00
mposolda
479e6bc86b Update Kerberos provider for user-profile 
closes #25074

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider 
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d Remove lowercase for the hostname as recommended/advised by OAuth spec 
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 10:26:00 -03:00
rmartinc
b6cdcb3c27 Revert "Fix lowerCaseHostname to lower-case scheme and host properly" 
This reverts commit 1241bd2919.

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 10:26:00 -03:00
Douglas Palmer
5ce41a462b NPE in HardcodedUserSessionAttributeMapper on Token Exchange 
Closes #11996

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 09:35:49 -03:00
Douglas Palmer
7e78d29f8d NPE in User Session Note mapper on Token Exchange 
Closes #24200

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 09:35:49 -03:00
hokuda
a83b9d11fa Fix typo in the balloon help of SAML Username Template Importer 
closes #25033

Signed-off-by: hokuda <hisanobu.okuda@gmail.com>
 2023-11-29 09:32:16 -03:00
Douglas Palmer
e99bd4aa3a External to Internal Token exchange fails with Null pointer Exception if the user is not yet registered (first time token exchange) 
Closes #16059

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 09:16:14 -03:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled 
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-11-29 11:06:41 +00:00