libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
14482 commits 4 branches 5 tags 480 MiB
Commit graph

789 commits

Author SHA1 Message Date
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration (#12692) 
Closes #12625
 2022-06-29 07:17:09 +02:00
Marek Posolda
3f5741e988
Possibility to switch between FIPS and non-FIPS during keycloak+quarkus seerver build (#12513) 
* Possibility to switch between FIPS and non-FIPS during keycloak+quarkus server build

Closes #12522
 2022-06-21 11:17:45 +02:00
vramik
df41f233d5 Introduce unique index for enums stored by storages 
Closes #12277
 2022-06-15 09:12:10 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration (#12244) 
Closes #12243
 2022-06-07 09:02:00 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117) 
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-04-20 14:25:16 +02:00
Giacomo Altiero
3b7243cd47
Support for UserInfo response encrypted (#10519) 
Close #10517
 2022-04-12 14:01:14 +02:00
Marek Posolda
aacae9b9ac
Support for frontchannel_logout_session_required OIDC client parameter (#11009) 
* Support for frontchannel_logout_session_required OIDC client parameter
Closes #10137
 2022-03-31 14:25:24 +02:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint (#10887) 
* OIDC RP-Initiated logout endpoint
Closes #10885

Co-Authored-By: Marek Posolda <mposolda@gmail.com>

* Review feedback

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
 2022-03-30 11:55:26 +02:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730) 
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
 2022-03-10 15:49:25 +01:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation (#10603) 
Closes #10602
 2022-03-09 00:05:14 +01:00
lars-christian stitz
74695c0242 Add @JsonProperty annotation to PathCacheConfig.lifespan. 
Closes #9756.
 2022-02-25 16:37:22 -03:00
Marek Posolda
caf37b1f70
Support for acr_values_supported in OIDC well-known endpoint (#10265) 
* Support for acr_values_supported in OIDC well-known endpoint
closes #10159
 2022-02-18 11:33:31 +01:00
Daniel Gozalo
3528e7ba54 [fixes #9224] - Get consented scopes from AuthorizationContext 
Always show the consent screen when a dynamic scope is requested and show the requested parameter

Improve the code that handles dynamic scopes consent and add some log traces

Add a test to check how we show dynamic scope in the consent screen and added missing template file change

Fix merge problem in comment and improve other comments

Fix the Dynamic Scope test by assigning it to the client as optional instead of default

Change how dynamic scopes are represented in the consent screen and adapt test
 2022-02-02 09:10:20 +01:00
Andrea Peruffo
24d6f75d11
CRD generation from RealmRepresentation (#9759) 
Enabling CRD generation from RealmRepresentation

Closes #9759
 2022-01-27 10:56:46 +01:00
Daniel Gozalo
dad51773ea [fixes #9223] - Create an internal representation of RAR that also handles Static and Dynamic Client Scopes 
Parse scopes to RAR representation and validate them against the requested scopes in the AuthorizationEndpointChecker

Parse scopes as RAR representation and add the created context on the different cache models in order to store the state and make it available for mappers in the ClientSessionContext

Create a new AuthorizationRequestSpi to provide different implementations for either dynamic scopes or RAR requests parsing

Move the AuthorizationRequest objects to server-spi

Add the AuthorizationRequestContext property to the MapAuthenticationSessionEntity and configure MapAuthenticationSessionAdapter to access it

Remove the AuthorizationRequestContext object from the cache adapters and entities and instead recalculate the RAR representations from scopes every time

Refactor the way we parse dynamic scopes and put everything behind the DYNAMIC_SCOPES feature flag

Added a login test and added a function to get the requested client scopes, including the dynamic one, behind a feature flag

Add a new filter to the Access Token dynamic scopes to avoid adding scopes that are not permitted for a user

Add tests around Dynamic Scopes: replaying existing tests while enabling the DYNAMIC_SCOPES feature and adding a few more

Test how the server genereates the AuthorizationDetails object

Fix formatting, move classes to better packages and fix parent test class by making it Abstract

Match Dynamic scopes to Optional scopes only and fix tests

Avoid running these tests on remote auth servers
 2022-01-26 13:19:23 +01:00
Dmitry Telegin
02d544b57b #9555 Multiple warnings caused by typed varargs in TokenVerifier 2022-01-14 02:54:47 -08:00
Marek Posolda
8f221bb21e
Validation for CIBA binding_message parameter (#9470) 
closes #9469
 2022-01-11 11:19:15 +01:00
CorneliaLahnsteiner
dff79cee3c
KEYCLOAK-847 Add support for step up authentication (#7897) 
KEYCLOAK-847 Fix behavior of unknown not essential acr claim

Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2021-12-22 12:43:12 +01:00
Konstantinos Georgilakis
63c9845cb9 KEYCLOAK-18276 client content screen enhancement 2021-11-18 13:15:02 +01:00
Pedro Igor
eaa96f6147 [KEYCLOAK-18255] - Vault Support in Dist.X 2021-11-03 09:23:33 -03:00
Takashi Norimatsu
a4f83c569d KEYCLOAK-19510 Nested JWT JOSE header needs to set JWT to cty field 2021-10-12 16:58:15 +02:00
R Yamada
891c8e1a12 [KEYCLOAK-17653] - OIDC Frontchannel logout support 2021-10-07 15:27:19 -03:00
Stefan Guilhen
9e676fce7e [KEYCLOAK-18559] Fix SAML adapters so they allow unescaped characters in URIs 
- Makes adapters bahavior consistent with containers that allow unescaped characters in URIs
 2021-07-29 12:11:32 +02:00
mposolda
05dfed721a KEYCLOAK-18636 The mtls_endpoint_aliases claim is not advertized in the discovery document 2021-07-28 13:32:31 +02:00
mposolda
643b3c4c5a KEYCLOAK-18594 CIBA Ping Mode 2021-07-27 08:33:17 +02:00
Vlastimil Elias
f307c56fe1 KEYCLOAK-18812 UserProfile metadata in Account REST API 2021-07-22 08:46:30 -03:00
Martin Bartoš
06077dc4ea KEYCLOAK-18466 Configure HTTP client timeouts for adapters - change property names 2021-07-22 10:54:59 +02:00
ruromero
464475caa0 [KEYCLOAK-17872] Add missing HTTPClient properties 
Signed-off-by: ruromero <rromerom@redhat.com>
 2021-07-22 10:54:59 +02:00
Martin Bartoš
23e3bc5f8f KEYCLOAK-18466 Configure HTTP client timeouts for adapters 2021-07-22 10:54:59 +02:00
Pedro Igor
d29d945cc4 [KEYCLOAK-18857] - Do not force default to RS256 when verifying tokens sent by clients and JWK does not hold an algorithm 2021-07-21 11:09:02 +02:00
Pedro Igor
54a0e84070 [KEYCLOAK-18741] - Review error messages when validating PAR requests 2021-07-20 14:08:49 -03:00
Pedro Igor
730d4e8ac9 [KEYCLOAK-18807] - Fixing claims in JARM responses 2021-07-20 08:23:33 +02:00
Pedro Igor
fe4e089e81 [KEYCLOAK-18745] - Client JWT authentication should allow PAR endpoint as audience 2021-07-19 14:23:53 -03:00
Pedro Igor
1baab67f3b [KEYCLOAK-18630] - Request object encryption support 2021-07-09 11:27:30 -03:00
Dmitry Telegin
3b3a61dfba KEYCLOAK-18639 Token Exchange SPI Milestone 1 2021-07-06 15:48:45 -03:00
Benjamin Weimer
8c1ea60b04 * Add sid claim to ID Token 
* deprecate session state parameter in ID Token
* remove charset=UTF-8 from backchannel logout post request Content-Type header
 2021-07-06 15:30:53 -03:00
Hryhorii Hevorkian
2803685cd7 KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak 
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2021-07-03 08:47:42 +02:00
lbortoli
e5ae113453 KEYCLOAK-18452 FAPI JARM: JWT Secured Authorization Response Mode for OAuth 2.0 2021-07-03 00:00:32 +02:00
Martin Bartoš
c1168ea6ea KEYCLOAK-18560 NoClassDefFoundError: Could not initialize class org.keycloak.util.JWKSUtils 2021-06-29 11:49:38 +02:00
Takashi Norimatsu
57c80483bb KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request 
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2021-06-29 08:07:40 +02:00
Yoshiyuki Tabata
52ced98f92 KEYCLOAK-18503 Regex Policy for authorization service 2021-06-24 08:49:41 -03:00
Vlastimil Elias
b7a4fd8745 KEYCLOAK-18423 - Support a user-friendly name property for user profile 
attributes
 2021-06-24 08:17:06 -03:00
Johannes Knutsen
ba8d27121c KEYCLOAK-12500 Avoid NPE when parsing JWKS and keys without the use parameter 2021-06-23 08:21:47 +02:00
Pedro Igor
ef3a0ee06c [KEYCLOAK-17399] - Declarative User Profile and UI 
Co-authored-by: Vlastimil Elias <velias@redhat.com>
 2021-06-14 11:28:32 +02:00
mposolda
070c68e18a KEYCLOAK-18069 Migration of client policies JSON from Keycloak 13 2021-06-10 10:40:14 +02:00
mposolda
91865fa93e KEYCLOAK-18368 Invalidate client session after refresh token re-use 2021-06-09 14:43:29 +02:00
Benjamin Weimer
f66354a80e KEYCLOAK-16947 add error parameters to access token response & improve logging 2021-06-07 17:53:30 +02:00
Pedro Igor
a0f8d2bc0e [KEYCLOAK-17399] - Review User Profile SPI 
Co-Authored-By: Vlastimil Elias <vlastimil.elias@worldonline.cz>
 2021-05-20 08:44:24 -03:00
mposolda
71dcbec642 KEYCLOAK-18108 Refactoring retrieve of condition/executor providers. Make sure correct configuration of executor/condition is used for particular provider 2021-05-18 12:20:47 +02:00