libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
26027 commits 4 branches 5 tags 483 MiB
Commit graph

6915 commits

Author SHA1 Message Date
rmartinc
b60621d819 Allow brute force to have http request/response and send emails 
Closes #29542

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-11 08:35:03 +02:00
cgeorgilakis-grnet
f8b1b3ee03 Search Identity Providers by alias or display name 
Closes #32588

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-09-10 21:52:59 +02:00
Erik Jan de Wit
d2e7c15f2f
added text and tooltip to idp (#32411) 
* added text and tooltip to idp

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>

* Update themes/src/main/resources/theme/keycloak.v2/login/login.ftl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2024-09-10 13:05:14 +02:00
Thomas Darimont
6b83a45b2e
Propagate locale when using app initiated registration URL 
Fixes #13505

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-10 12:25:17 +02:00
Martin Kanis
ccb166d0e9 Add caching when querying brokers by organization 
Closes #32574

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-09-09 09:24:43 -03:00
mposolda
03e0fb0601 Fix ResetOtpTest 
closes #32615

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-09 10:19:37 +02:00
Alexander Schwartz
b88ecc0237
Removing the extra two-minute Window for persistent user sessions (#32660) 
Closes #28418

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-09-09 09:28:48 +02:00
mposolda
e1d5f0c871 Fix ResetPasswordTest on chrome 128 
closes #32514
closes #32478
closes #32477
closes #32678
closes #32542
closes #32678
closes #32541

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-06 20:19:50 +02:00
Steven Hawkins
58d742bb5c
fix: refining v2 hostname validation (#32659) 
closes: #32643

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-09-06 17:49:25 +02:00
Giuseppe Graziano
a14548a7a2
Lightweight access tokens for Admin REST API (#32347) 
* Lightweight access tokens for Admin REST API

Closes #31513


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-09-04 18:04:23 +02:00
Stefan Guilhen
e7a4635620 Filter out org brokers from the account console 
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination

Closes #31944

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 09:00:52 -03:00
Alexander Schwartz
4d1e1e0bcb
Show details for error messages where they were missing (#32534) 
Closes #32533

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-09-04 07:23:54 -04:00
Stefan Guilhen
557d7e87b2 Avoid iterating through all mappers when running the config event listeners 
Closes #32233

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 07:40:58 -03:00
Theresa Henze
a1c23fef8c introduce event types to update/remove credentials 
Closes #10114

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
 2024-09-03 18:27:27 +02:00
Pedro Ruivo
ba861fc5d7 Remove version() projection from Ickle Queries 
Closes #32590

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-09-03 18:07:32 +02:00
Thomas Darimont
88a5c96fff
Add kc_action to redirect URI after a required action is cancelled (#31925) 
Closes #31894

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-03 14:26:23 +00:00
Martin Bartoš
db7694e7be
Update the welcome page to create a temporary admin user (#32283) 
Closes #30010

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
 2024-09-03 09:43:41 +02:00
Pedro Igor
4b5b1a4c25 Unignore backchannel logout tests 
Closes #20643

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-09-02 08:34:21 +02:00
Jon Koops
2d17024b14
Remove redirect_uri support from OIDC logout endpoint 
Closes #10983

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2024-08-30 12:52:49 +00:00
Martin Kanis
e7d71d43c3 Identity Provider secret visible in Organization tab (API request) 
Closes #32486

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-30 09:26:25 -03:00
Douglas Palmer
0b7ab47cf2 Flaky test BruteForceTest.testPermanentLockout() 
Closes #32498

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-08-30 10:14:05 +02:00
Douglas Palmer
ecbd856176 Brute force protection: Lockout permanently uses parameters configured under lockout temporarily 
Closes #30969

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-08-29 16:30:22 +02:00
Stefan Guilhen
a41b622aa5 Set the correct realm when setting up client exchange permissions 
Closes #32465

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-29 16:09:23 +02:00
Erik Jan de Wit
e410a83c3c Made the login more modular 
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-08-29 07:18:24 -04:00
Martin Kanis
7e6dd682d4 Validate organization alias for forbidden chars 
Closes #32392

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-28 21:59:38 +02:00
mposolda
cd947ce3bc Removing policy-enforcer from Keycloak repository 
closes #32191

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-28 07:40:20 -03:00
Pedro Igor
449557290b More options to organization scope mapper including adding organization attributes to tokens 
Closes #31642

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-27 09:40:55 -03:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Giuseppe Graziano
c2c74faec0 Removing BOM character from SAML entity descriptor 
Closes #30604

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-08-26 10:59:05 +02:00
Erik Jan de Wit
776a491989
added organizations table to account (#32311) 
* added organizations table to account

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-22 15:44:03 -03:00
Michal Hajas
f5b2775939 Enable persistent sessions by default 
Run CI with the feature disabled to test also the old settings
Closes #32265

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-21 17:37:54 +02:00
Erik Jan de Wit
e2d7a94459 Hynek's notes 
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-08-21 08:50:01 -04:00
Pedro Igor
c1f6d5ca64 Support for selecting an organization when requesting the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-21 13:04:58 +02:00
Pedro Igor
4376a3c757 Add an endpoint to the organizations endpoint to return the organizations for a given user 
Closes #32158

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00
Martin Bartoš
bf5cf47351
Management Interface is turned on even though nothing is exposed on it (#31938) 
* Management Interface is turned on even though nothing is exposed on it

Fixes #31818

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove conditional enablement, add relevancy description

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-19 15:52:59 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
6e7b36e82f Add migration tests for the IDP changes 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values 
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-19 08:45:23 -03:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18 
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-16 12:17:43 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values (#32137) 
closes #31595

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
 2024-08-16 08:58:27 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00 Support for resolving organization based on the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies 
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource 
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac Client Policy - Condition : Client - Client Attribute 
Closes https://github.com/keycloak/keycloak/issues/31766

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2024-08-14 09:56:56 +02:00
Pedro Igor
d04d2bb852 Allow removing users federated from a kerberos provider 
Closes #31603

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-13 18:47:55 +02:00
Pedro Ruivo
e13c9bf462 Retry remote cache operations with back off 
Implement a retry mechanism for remote cache writes.

Fixes #32030

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-13 15:55:59 +02:00
rmartinc
a38d3b2f55 SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface 
Closes #32084

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-13 15:53:45 +02:00