keycloak-scim

Author	SHA1	Message	Date
vramik	d65649d5c0	Make sure organization are only manageable by the admin users with the manage-realm role Closes #28733 Signed-off-by: vramik <vramik@redhat.com>	2024-04-23 12:16:57 -03:00
Mark Banierink	ad32896725	replaced and removed deprecated token methods (#27715 ) closes #19671 Signed-off-by: Mark Banierink <mark.banierink@nedap.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-23 09:23:37 +02:00
Tero Saarni	64862d568e	Convert database errors to 500 instead of 400. Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2024-04-22 11:42:18 -03:00
Pedro Igor	1e3837421e	Organization member onboarding using the organization identity provider Closes #28273 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-17 07:24:01 -03:00
Stefan Guilhen	2ab8bf852d	Add validation for the organization's internet domains. Closes #28634 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-15 09:03:52 -03:00
Pedro Igor	61b1eec504	Prevent members with an email other than the domain set to an organization Closes #28644 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-12 08:33:18 -03:00
Alexander Schwartz	b4cfebd8d5	Persistent sessions code also for offline sessions (#28319 ) Persistent sessions code also for offline sessions Closes #28318 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-04-12 13:15:02 +02:00
rmartinc	6d74e6b289	Escape slashes in full group path representation but disabled by default Closes #23900 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-12 10:53:39 +02:00
Pedro Igor	8f8094408e	Encapsulate the logic to set attributes into the domain model Closes #28646 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-11 15:32:21 -03:00
Stefan Guilhen	9a466f90ab	Add ability to set one or more internet domain to an organization. Closed #28274 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-10 13:18:12 -03:00
Martin Kanis	51fa054ba7	Manage organization attributes Closes #28253 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-04-10 09:10:49 -03:00
rmartinc	41b706bb6a	Initial security profile SPI to integrate default client policies Closes #27189 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-10 11:19:56 +02:00
Alexander Schwartz	63e7523a6d	Avoid unnecessary updates to the sessions during refreshes of tokens Closes #28388 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-04-09 14:55:21 +02:00
Václav Muzikář	e4987f10f5	Hostname SPI v2 (#26345 ) * Hostname SPI v2 Closes: #26084 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Address review comment Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Partially revert the previous fix Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Do not polish values Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Remove filtering of denied categories Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-04-09 11:25:19 +02:00
vibrown	3fffc5182e	Added ClientType implementation from Marek's prototype Signed-off-by: vibrown <vibrown@redhat.com> More updates Signed-off-by: vibrown <vibrown@redhat.com> Added client type logic from Marek's prototype Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> Testing to see if skipRestart was cause of test failures in MR	2024-04-08 20:20:37 +02:00
Pedro Igor	52ba9b4b7f	Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user Closes #28248 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-08 09:05:16 -03:00
Pedro Igor	fefeb83588	Changes the contract to make it simpler and rely on the realm available from the current session Closes #28403 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-03 14:45:31 +02:00
Pedro Igor	b9a7152a29	Avoid commiting the transaction prematurely when creating users through the User API Closes #28217 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-27 19:16:09 -03:00
Jon Koops	3382e16954	Remove Account Console version 2 (#27510 ) Closes #19664 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-03-27 10:53:28 +01:00
Steven Hawkins	be32f8b1bf	fix: limit the use of Resteasy to the KeycloakSession (#28150 ) * fix: limit the use of Resteasy to the KeycloakSession contextualizes other state to the KeycloakSession close: #28152	2024-03-26 13:43:41 -04:00
vramik	fa1571f231	Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member Closes #27993 Signed-off-by: vramik <vramik@redhat.com>	2024-03-26 14:02:09 -03:00
Stian Thorgersen	8cbd39083e	Default password hashing algorithm should be set to default password hash provider (#28128 ) Closes #28120 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 12:44:11 +01:00
Stian Thorgersen	cae92cbe8c	Argon2 password hashing provider (#28031 ) Closes #28030 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 07:08:09 +01:00
Pedro Igor	32541f19a3	Allow managing members for an organization Closes #27934 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-21 10:26:30 -03:00
Alexander Schwartz	62d24216e3	Remove offline session preloading Closes #27602 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-15 15:19:27 +01:00
Pedro Igor	7fc2269ba5	The bare minimum implementation for organization Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: vramik <vramik@redhat.com>	2024-03-15 11:06:43 -03:00
Peter Keuter	e26a261e4e	Filter subgroups before paginating Closes #27512 Signed-off-by: Peter Keuter <github@peterkeuter.nl>	2024-03-15 10:57:57 +01:00
vramik	66c9f173f2	Organization SPI Fixes #27830 Signed-off-by: vramik <vramik@redhat.com>	2024-03-13 12:25:43 -03:00
vramik	a81d6bb618	Organizations SPI Closes #27829 Signed-off-by: vramik <vramik@redhat.com>	2024-03-13 10:57:02 -03:00
stianst	15717cc152	Remove deprecated cookie code Closes #26813 Signed-off-by: stianst <stianst@gmail.com>	2024-03-12 17:24:14 +01:00
Martin Bartoš	e4aa1b5f95	Conditionally enable and disable CLI options (#25333 ) * Conditionally enable and disable CLI options Closes #13113 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Support for duplicates in config Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Fix rendering config options in docs Fixes #26515 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Reorder OptionsDistTest Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-03-07 20:36:43 +00:00
rmartinc	82af0b6af6	Initial client policies integration for SAML Closes #26654 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-03-06 15:18:35 +01:00
Steven Hawkins	8d9439913c	fix: removal of resteasy-core (#27032 ) * fix: partial removal of resteasy-core Signed-off-by: Steve Hawkins <shawkins@redhat.com> * fix: fully removing resteasy-core closes: #26315 Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-02-29 11:43:13 +00:00
Takashi Norimatsu	3db04d8d8d	Replace Security Key with Passkey in WebAuthn UIs and their documents closes #27147 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-02-29 10:31:05 +01:00
Pedro Igor	326d63ce74	Make sure group searches are cached and entries invalidate accordingly Closes #26983 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-02-29 05:06:36 +09:00
Réda Housni Alaoui	a3b3ee4b87	Ability to declare a default "First broker login flow" per Realm Closes #25823 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-02-28 16:17:51 +01:00
Pedro Igor	604274fb76	Allow setting an attribute as multivalued Closes #23539 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-02-22 12:56:44 +01:00
Douglas Palmer	b0ef746f39	Permanently lock users out after X temporary lockouts during a brute force attack Closes #26172 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-02-22 09:34:51 +01:00
Vlasta Ramik	76453550a5	User attribute value length extension Closes #9758 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-02-16 08:09:34 +01:00
mposolda	f468885fdd	Empty error message when validation issue due the PersonNameProhibitedValidator validation closes #26750 Signed-off-by: mposolda <mposolda@gmail.com>	2024-02-06 12:56:50 -03:00
Stian Thorgersen	3e08a1713b	Ignore empty attribute values when retriveing boolean/int/long (#26729 ) (#26737 ) Resolves #26597, resolves #26665 Signed-off-by: stianst <stianst@gmail.com>	2024-02-06 15:29:34 +01:00
Stian Thorgersen	c4b1fd092a	Use code from RestEasy to create and set cookies (#26558 ) Closes #26557 Signed-off-by: stianst <stianst@gmail.com>	2024-02-06 15:14:04 +01:00
Stian Thorgersen	0fb6bdfcac	Cookie Provider - move remaining cookies (#26531 ) Closes #26500 Signed-off-by: stianst <stianst@gmail.com>	2024-01-29 11:06:37 +01:00
Stian Thorgersen	bc3c27909e	Cookie Provider (#26499 ) Closes #26500 Signed-off-by: stianst <stianst@gmail.com>	2024-01-26 10:45:00 +01:00
Marek Posolda	651d99db25	Allow selecting attributes from user profile when managing token mappers (#26415 ) * Allow selecting attributes from user profile when managing token mappers closes #24250 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-01-25 17:01:02 +01:00
Erik Jan de Wit	28c9f98930	moved login screen to patternfly 5 (#25340 ) * moved login screen to patternfly 5 Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added Feature flag to enable login v2 Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * removed the old css and only include logo and background styles Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * changed to experimental Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added login2 Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * added windows help texts Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> --------- Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-01-25 13:45:53 +01:00
Thomas Darimont	e7363905fa	Change password hashing defaults according to OWASP recommendations (#16629 ) Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2): - Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512 - Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000 - Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000 - Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000 - Adapt PasswordHashingTest to new defaults - The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations. - Document changes in changes document with note on performance and how to keep the old behaviour. - Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly Fixes #16629 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-01-24 18:35:51 +01:00
Stian Thorgersen	656e680019	Remove unused HttpResponse.setWriteCookiesOnTransactionComplete (#26326 ) Closes #26325 Signed-off-by: stianst <stianst@gmail.com>	2024-01-20 11:31:10 +01:00
Alexander Schwartz	b9498b91cb	Deprecating the offline session preloading (#26160 ) Closes #25300 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-01-16 09:29:01 +01:00
Thomas Darimont	9d429400d4	Avoid calling primitive wrapper constructors in server-spi-private (#24163 ) Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-01-11 11:54:44 +01:00

1 2 3 4 5 ...

750 commits