libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23750 commits 4 branches 5 tags 480 MiB
Commit graph

4589 commits

Author SHA1 Message Date
MikeTangoEcho
c2b132171d Add X509 thumbprint to JWT when using private_key_jwt 
Closes keycloak#12946

Signed-off-by: MikeTangoEcho <mathieu.thine@gmail.com>
 2024-01-12 16:01:01 +01:00
Lex Cao
47f7e3e8f1 Use email verification instead of executing action for send-verify-email endpoint 
Closes #15190

Add support for `send-verify-email` endpoint to use the `email-verification.ftl` instead of `executeActions.ftl`

Also introduce a new parameter `lifespan` to be able to override the default lifespan value (12 hours)

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-01-11 16:28:02 -03:00
Jon Koops
5eb7363ddd
Promote Account Console v3 to default and deprecate v2 (#25852) 
Closes #19663

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-01-11 19:42:10 +01:00
mposolda
692aeee17d Enable user profile by default 
closes #25151

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-01-11 12:48:44 -03:00
Patrick Hamann
d36913a240 Ensure protocol forced reauthentication is correctly mapped during SAML identity brokering 
Closes #25980

Signed-off-by: Patrick Hamann <patrick@fastly.com>
 2024-01-10 20:46:35 +01:00
remi
b22efeec78 Add a toggle to use context attributes on the regex policy provider 
Signed-off-by: remi <remi.tuveri@gmail.com>
 2024-01-10 16:15:25 -03:00
rmartinc
42f0488d76 Avoid returning duplicated users in LDAP and unsynced 
Closes #24141

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-10 12:47:15 +01:00
Réda Housni Alaoui
3c05c123ea On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-09 16:04:52 -03:00
Alexander Schwartz
03372d2f41
Fix OfflineServletAdapterTest failures, and improve logging (#25724) 
Closes #25714
Closes #14448

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-09 14:59:20 +01:00
shigeyuki kabano
67e73d3d4e Enhancing Lightweight access token M2(keycloak#25716) 
Closes keycloak#23724

Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
 2024-01-09 09:42:30 +01:00
Ricardo Martin
097d68c86b
Escape action in the form_post.jwt and only decode path in RedirectUtils (#93) (#25995) 
Closes #90

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-09 08:20:14 +01:00
Alexander Schwartz
0a16b64805 Stabilizing test cases by adding cleanups 
Closes #24651

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-08 19:32:01 -03:00
Douglas Palmer
58d167fe59 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. 
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-01-08 19:32:01 -03:00
Steven Hawkins
d1d1d69840
fix: adds a general error message and descriptions for some exceptions (#25806) 
closes: #25746

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-01-08 18:19:40 +00:00
Felix Gustavsson
0f47071a29 Check if UMA is enabled on resource, if not reject the request. 
Closes #24422

Signed-off-by: Felix Gustavsson <felix.gustavsson@topgolf.com>
 2024-01-08 11:28:57 -03:00
Tomas Ondrusko
e4fa5c034a
Update web element of the LinkedIn login page (#25905) 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2024-01-08 11:32:45 +01:00
Pedro Igor
d540584449 Using a valid URI when deleting cookies before/after running tests 
Closes #22691

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 15:13:12 -03:00
atharva kshirsagar
d7542c9344 Fix for empty realm name issue 
Throw ModelException if name is empty when creating/updating a realm

Closes #17449

Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-05 14:23:42 +01:00
Pedro Igor
8ff9e71eae Do not allow verifying email from a different account 
Closes #14776

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 12:45:07 +01:00
Pedro Igor
f476a42d66 Fixing the registration_client_uri to point to a valid URI after updating a client 
Closes #23229

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 12:41:36 +01:00
Ben Cresitello-Dittmar
057d8a00ac Implement Authentication Method Reference (AMR) claim from OIDC specification 
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.

This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.

The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.

Closes #19190

Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
 2024-01-03 14:59:05 -03:00
Jon Koops
07f9ead128 Upgrade Welcome theme to PatternFly 5 
Closes #21343

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-01-03 14:46:01 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features (#24811) 
also adding a common PropertyMapper validation method

closes #24668

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-01-03 17:56:31 +01:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-02 09:06:55 -03:00
Alexander Schwartz
9e890264df Adding a test case to check that the expiration time is set on logout tokens 
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-22 20:13:40 +01:00
Niko Köbler
5e623f42d4 add the exp claim to the backchannel logout token 
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.

As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.

resolves #25753

Signed-off-by: Niko Köbler <niko@n-k.de>
 2023-12-22 20:13:40 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email 
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-20 15:15:06 -03:00
rmartinc
c2e41b0eeb Make Locale updater generate an event and use the user profile 
Closes #24369

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-20 15:26:45 +01:00
Daniel Fesenmeyer
baafb670f7 Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java) 
Closes #25677

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
 2023-12-20 14:03:35 +01:00
Konstantinos Georgilakis
cf57af1d10 scope parameter in refresh flow 
Closes #12009

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-20 14:00:10 +01:00
mposolda
eb184a8554 More info on UserProfileContext 
closes #25691

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-19 13:00:31 -03:00
Pedro Igor
810ebf4efd Migration steps for enabling user profile by default 
Closes #25528

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-19 10:19:45 -03:00
Joshua Sorah
d411eafc42 Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207 
Closes keycloak/keycloak#25584

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-19 10:38:05 +01:00
Ricardo Martin
2ba7a51da6 Escape action in the form_post response mode (#60) 
Closes keycloak/keycloak-private#31
Closes https://issues.redhat.com/browse/RHBK-652

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis
ba8c22eaf0 Scope parameter in Oauth 2.0 token exchange 
Closes #21578

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration 
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-18 15:35:52 -03:00
rmartinc
d841971ff4 Updating the UP configuration needs to trigger an admin event 
Close #23896

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 19:24:30 +01:00
Steven Hawkins
ec28b68554
fix: improve group matching (#25627) 
closes #25451

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2023-12-18 11:46:02 +01:00
mposolda
cd154cf318 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect 
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-18 11:32:27 +01:00
Takashi Norimatsu
59536becec Client policies : executor for enforcing DPoP 
closes #25315

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2023-12-18 10:45:18 +01:00
Joshua Sorah
a10149bbe9 For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs 
Closes keycloak#25544

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-18 09:05:51 +01:00
Ricardo Martin
ae04b954a6
Fix for test SSSDUserProfileTest.test05MixedInternalDBUserProfile (#25570) 
Closes #25566

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-15 18:57:31 +00:00
Martin Bartoš
14fd61bacc PubKeySignRegisterTest failures in WebAuthn tests 
Fixes #9693

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-12-15 14:52:05 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation 
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
 2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215) 
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6 Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration 
closes #25416

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-14 14:43:28 +01:00
Tomas Ondrusko
26342d829c Update web elements of the Instagram login page 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-12-14 14:03:53 +01:00
rmartinc
c14bc6f2b0 Create terms and conditions execution when registration form is added 
Closes #21730

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-13 15:32:58 +01:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-13 08:27:55 +01:00
VR
1545b32a64 Revert changes related to map store in test classes in base testsuite 
Closes #24567

Signed-off-by: VR <vramik@redhat.com>
 2023-12-12 16:16:38 +01:00