libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions
22234 commits 4 branches 9 tags 483 MiB
Commit graph

902 commits

Author SHA1 Message Date
Douglas Palmer
c75bf31398 Empty shortVerificationUri not the same with default (null) value 
closes #20851
 2023-06-27 14:57:24 +02:00
Takashi Norimatsu
f6ecc3f3f8 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request 
closes #20710
 2023-06-26 12:09:25 +02:00
Douglas Palmer
a0d1ac6baa processGrantRequest in TokenEndPoint uses new TokenManager instead of this.tokenMananager 
closes #20978
 2023-06-23 08:12:44 +02:00
rmartinc
ecf52285bc Simplify TokenManager expiration calculations using SessionExpirationUtils 
Closes https://github.com/keycloak/keycloak/issues/20794
 2023-06-13 10:09:47 +02:00
rmartinc
61968bf747 Use OIDCAttributeMapperHelper.mapClaim in the GroupMembershipMapper 
Closes https://github.com/keycloak/keycloak/issues/19767
 2023-06-08 11:12:24 -03:00
Pedro Hos
9ebd94a3a8 Userinfo endpoint doesn't accept charset #20671 
Closes 20671
 2023-06-07 08:08:05 +02:00
rmartinc
81aa588ddc Fix and correlate session timeout calculations in legacy and new map implementations 
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
 2023-06-05 18:46:23 +02:00
Alexander Schwartz
cd9e0be9f0 Filter first, then sort, and avoid atomics 
Closes #20394
 2023-06-05 11:23:54 +02:00
stianst
0832992e59 Removing OpenShift integration and moving to separate extension 
closes #20496

Co-authored-by: mposolda <mposolda@gmail.com>
 2023-05-30 17:39:32 +02:00
Pedro Igor
c22972af9c Avoid using user property mapper when resolving root user attributes 
Closes #20613
 2023-05-29 14:30:05 +02:00
Yoshiyuki Tabata
bd37875a66 allow specifying format of "permission" parameter in the UMA grant token 
endpoint (#15947)
 2023-05-29 08:56:39 -03:00
Dominik Schlosser
8c58f39a49 Updates Datastore provider to contain full data model 
Closes #15490
 2023-05-16 15:05:10 +02:00
Alexander Schwartz
bd7f62acc3 Use retry-logic only for the map storage 
This is a performance optimization that the retry doesn't affect the legacy store.

Closes #20176
 2023-05-15 10:20:35 +02:00
Alexander Schwartz
0f481da77f Avoid creating instances of HashMap to generate a single MapEntry 
This is a performance optimization.

Closes #20176
 2023-05-15 10:20:35 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.* 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
 2023-04-27 13:36:54 +02:00
rmartinc
04ac3a64ee Adding support for rsa-oaep for SAML encryption 
Closes https://github.com/keycloak/keycloak/issues/19689
 2023-04-26 10:46:10 +02:00
Marek Posolda
8d01109158
Invalid parameter redirect_uri when using an invalid client_id (#19731) 
closes #19662
 2023-04-17 15:12:59 +02:00
Stian Thorgersen
f4cabea08c
Make sure the code is bound to the user session (#18) (#17380) (#17389) 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-04-14 14:42:12 +02:00
alwibrm
9f15cf432b
Respecting key use of EC keys in JWKS 2023-04-03 19:06:25 -03:00
rmartinc
c6a1820a47 Use SimpleHttp for SOAP calls 
Closes https://github.com/keycloak/keycloak/issues/17139
 2023-03-31 10:57:47 -03:00
Pedro Igor
6086201fe0 Do not verify identity cookie when processing required actions 
Closes #17539
 2023-03-31 09:56:27 +02:00
mposolda
709c6b5a47 Regressions in redirect URL verification when redirect_uri has encoded path or default port 
closes #16851
closes #16587
 2023-03-30 14:20:10 +02:00
rmartinc
2bb9de1a8c Allow application/jwt media type for userinfo endpoint 
Closes: https://github.com/keycloak/keycloak/issues/19346
 2023-03-28 08:47:35 -03:00
Konstantinos Georgilakis
fd28cd2d4b Service Accounts Client must create the Client ID mapper with Token Claim Name as client_id 
closes #16329
 2023-03-23 11:45:34 +01:00
tomjo
705d20d4a2 AllowAllDockerProtocolMapper now allows multiple resourceScopes delimited by spaces as specified by the docker auth token spec. 
Closes #17187
 2023-03-23 09:43:43 +01:00
rmartinc
cab7e50410 Better handling for SAML signatures in POST and REDIRECT bindings 
Closes https://github.com/keycloak/keycloak/issues/17456
 2023-03-15 09:06:59 -03:00
Simon Levermann
96c1cf3c49 Allow mapping of UserSessionNotes into UserInfo 
Fixes #15369
 2023-03-07 15:25:14 +01:00
rmartinc
a56b38c5a6 Don't remove session and don't reset restart cookie if passive check error 
Closes https://github.com/keycloak/keycloak/issues/11340
 2023-03-07 15:10:09 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer 
Closes #17336
 2023-03-03 17:58:34 +01:00
Pedro Igor
fbf5541802 Remove duplicated set-cookie header from response when expiring cookies 
Closes #17192
 2023-02-27 14:17:27 -03:00
lpa
3cd413dee1 SOAP backchannel logout for SAML protocol 
Closes #16293
 2023-02-27 14:24:12 +01:00
rmartinc
38a46726e4 Implement UserInfoTokenMapper in HardcodedRole and RoleNameMapper mappers 
Closes https://github.com/keycloak/keycloak/issues/15624
 2023-02-27 10:14:48 -03:00
mposolda
f180115d27 Log some details if error happens in CIBA authentication request 
Closes #14650
 2023-02-23 14:36:28 +01:00
Yohan Siguret
82423f38a1 Add user id to TOKEN_EXCHANGE events 
Co-authored-by: thaDude <ogdude@googlemail.com>
 2023-02-22 17:13:48 -03:00
Alexander Schwartz
54048f1e6c Callers need to indicate if cookies need to be set at the end of the transaction 
Closes #17141
 2023-02-21 11:54:32 +01:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML 
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
 2023-02-10 12:06:49 +01:00
Dmitry Telegin
5f39aeb590 Pre-authorization hook for client policies 
Closes #9017
 2023-02-08 15:06:32 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens 
Closes #8833
 2023-02-07 10:57:35 +01:00
Konstantinos Georgilakis
c73859794e Short verification_uri for Device Authorization Request 
Closes #16107
 2023-01-18 08:34:52 +01:00
Pedro Igor
9945135861
Verify if token is revoked when validating bearer tokens (#16394) 
Closes #16388
 2023-01-11 14:42:29 +01:00
mposolda
ac490a666c Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key 
Closes #16324
 2023-01-10 20:39:59 +01:00
Mark Andreev
d900540034 Fix NPE if user not exists 
Check "userSession.getId().equals(clientUser.getId())" fails if getUserFromToken return non existed user. It is happens when AccessToken.subject relates to non existed user.

Closes #16297
 2023-01-09 06:43:39 -08:00
ムハマドザクワンビンムハマドザヒド / MOHDZAHID,BIN MUHAMMADZAKWAN
ce6b737e33 NPE in userinfo endpoint 
Closes #15429
 2023-01-02 13:53:29 +01:00
Stian Thorgersen
0f2ca3bfdd
fixes from release/20 (#15982) 
* Avoid path traversal vis double-url encoding of redirect URI (#8)

(cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f)

* Do not resolve user session if corresponding auth session does not exist (#7)

* Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9)

Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2022-12-14 07:46:17 +01:00
mposolda
f4e91a5312 The redirect URI cannot be verified during logout in the case when client was removed 
closes #15866
 2022-12-07 08:20:30 +01:00
Pedro Igor
022d2864a6 Make sure JAX-RS resource methods are advertizing the media type they support 
Closes #15811
Closes #15810
 2022-12-06 08:13:43 -03:00
Pedro Igor
168734b817 Removing references to request and response from Resteasy 
Closes #15374
 2022-12-01 08:38:24 -03:00
Stefan Guilhen
5c2a5fac31 Enable all test methods in ConcurrentLoginTest for JPA Map Storage 
- Tests still disabled for Hotrod and CHM
- Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB.

Closes #12707
Closes #13210
 2022-11-24 13:36:22 +01:00
Pedro Igor
28fc5b4574 Removing injection points for Resteasy objects and resolving instances from keycloak context instead 
Relates #15374
 2022-11-21 19:47:25 +01:00
Pedro Igor
10b7475b04 Removing unnecessary injection points from JAX-RS (sub)resources 
Closes #15450
 2022-11-16 08:55:55 -03:00