libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24049 commits 4 branches 5 tags 480 MiB
Commit graph

920 commits

Author SHA1 Message Date
Douglas Palmer
7e78d29f8d NPE in User Session Note mapper on Token Exchange 
Closes #24200

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 09:35:49 -03:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled 
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-11-29 11:06:41 +00:00
Tero Saarni
ab3758842c
Add configuration option for LDAP referral (#24852) 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2023-11-28 14:06:34 +01:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider 
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-27 14:45:44 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943) 
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-20 14:48:17 +01:00
vramik
42e5055cfb Delete SearchableModelField and its usages 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24722
 2023-11-16 18:44:49 +01:00
Hynek Mlnarik
70d0f731f5 Use session ID rather than broker session ID 
Closes: #24455

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2023-11-16 17:01:40 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB 
Closes #24095

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-11-16 13:50:56 +01:00
rmartinc
e3b2eec1ba Make user profile validation success if the attribute was already wrong and read-only in the context 
Closes https://github.com/keycloak/keycloak/issues/24697

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-14 03:07:00 -08:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2023-11-13 19:13:01 +01:00
Hynek Mlnařík
0ceaed0e2e
Transient users: Consents (#24496) 
closes #24494
 2023-11-10 11:18:27 +01:00
mposolda
7863c3e563 Moving UPConfig and related classes from keycloak-services 
closes #24535

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-07 12:41:29 +01:00
rokkiter
e1735138cb
clean util * (#24174) 
Signed-off-by: rokkiter <yongen.pan@daocloud.io>
 2023-11-01 17:14:11 +01:00
mposolda
0bd2b342d7 Update per review 2023-10-31 12:56:46 -07:00
mposolda
6f992915d7 Move some UserProfile and Validation classes into keycloak-server-spi 
closes #24387
 2023-10-31 12:56:46 -07:00
rmartinc
ea398c21da Add a property to the User Profile Email Validator for max length of the local part 
Closes https://github.com/keycloak/keycloak/issues/24273
 2023-10-27 15:09:42 +02:00
Alice
69497382d8
Group scalability upgrades (#22700) 
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-26 16:50:45 +02:00
Hynek Mlnarik
c036980c37 Add TRANSIENT_USERS feature flag 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
26328a7c1e Support for transient sessions via lightweight users 
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
1ec2a97f92 Create serializable lightweight user adapter 
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
35a226f928 Expose InMemoryUserAdapter to services and model modules 
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
 2023-10-25 12:02:35 +02:00
mposolda
c18e8ff535 User profile tweaks in registration forms 
closes #24024
 2023-10-20 06:31:21 -07:00
Pedro Igor
e91a0afca2 The username in account is required and don't change when email as username is enabled 
Closes #23976
 2023-10-17 16:43:44 -03:00
Charley Wu
31759f9c37
WebAuthn support for native applications. Support custom FIDO2 origin validation (#23156) 
Closes #23155
 2023-10-13 15:25:10 +02:00
Marek Posolda
a6609bd969
Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517) 
Closes #12406


Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-10-10 21:54:37 +02:00
Martin Bartoš
21a23ace1d Mark required config properties for LDAP Mappers 
Closes #23685
 2023-10-09 08:46:57 +02:00
Daniel Fesenmeyer
dd37e02140 Improve logging in case of OIDC Identity provider errors: 
- log the full Redirection URL, when it contains an error parameter, or does not contain the state or code parameter
- log the token endpoint URL (without - possibly confidential - params) and the response body, when the token endpoint does not return a success response

Closes #23690
 2023-10-06 19:03:41 +02:00
Steve Hawkins
7c6f173d3a adds the ability to set the default groups via kcadm 
Closes #19125
 2023-10-06 17:30:24 +02:00
mposolda
cdb61215c9 UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed 
closes #23749
 2023-10-06 11:27:48 -03:00
Pedro Igor
290bee0787
Resolve several usability issues around User Profile (#23537) 
Closes #23507, #23584, #23740, #23774

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-10-06 10:15:39 -03:00
Garth
2dfbbff343
added AccountResource SPI, Provider and ProviderFactory. (#22317) 
Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.
 2023-10-05 15:08:01 +02:00
Pedro Igor
741f76887c Allow updating email when email as username is set and edit username disabed 
#23438
 2023-09-25 08:19:01 -03:00
Michal Hajas
496c5ad989 Use new findGroupByPath implementation and remove the old one 
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-09-25 10:44:24 +02:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430) 
Closes #14820 
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-09-20 17:20:43 +02:00
paul
f684a70048 KEYCLOAK-15985 Add Brute Force Detection Lockout Event 2023-09-15 10:32:07 -03:00
Daniel Fesenmeyer
a68ad55a37 Support to define compatible mappers for (new) Identity Providers 
- Also allows to use existing mappers for custom Identity Providers without having to change those mappers

Closes #21154
 2023-09-13 17:19:06 -03:00
Pedro Igor
04dd9afc5e Do not store empty attributes when updating user profile 
Closes #22960
 2023-09-11 07:47:31 -03:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address (#23109) 
Closes #22825
 2023-09-11 08:56:13 +02:00
Marek Posolda
506e2537ac
Registration flow fixed (#23064) 
Closes #21514


Co-authored-by: Vilmos Nagy <vilmos.nagy@outlook.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-09-08 08:05:05 +02:00
Pedro Igor
ea3225a6e1 Decoupling legacy and dynamic user profiles and exposing metadata from admin api 
Closes #22532

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-08-29 08:14:47 -03:00
rmartinc
05bac4ff0e Remove option Nerver Expires for tokens in Advanced OIDC client configuration 
Closes https://github.com/keycloak/keycloak/issues/21927
 2023-08-03 12:16:08 +02:00
mposolda
6f6b5e8e84 Fix authenticatorConfig for javascript providers 
Closes #20005
 2023-07-31 19:28:25 +02:00
rmartinc
0a7fcf43fd Initial pagination in the admin REST API for identity providers 
Closes https://github.com/keycloak/keycloak/issues/21073
 2023-07-27 14:48:02 +02:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase (#21202) 
closes #21200


Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2023-07-24 16:44:24 +02:00
Takashi Norimatsu
2efd79f982 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification 
Closes #20584
 2023-07-24 09:11:30 +02:00
Richard Stiller
9b80746b3d
improve realm file to not switch randomly otpSupportedApplications by export (#21661) 2023-07-18 13:32:41 +00:00
Michal Hajas
07c27336aa Check whether realm has store enabled for immediately sent events 
Closes #21698

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-07-14 20:50:33 +02:00
Daniele Martinoli
817f129484
fix: closes #21095 (#21289) 
* fix: closes #21095

* Added overloaded version of GroupUtils.toGroupHierarchy with additional full parameter.
 2023-07-10 12:13:26 +02:00
Daniele Martinoli
13e2075ceb Applying reviewer comments 2023-07-07 09:00:51 -03:00
Daniele Martinoli
e6d7749cbf fix for 21476 2023-07-07 09:00:51 -03:00
Douglas Palmer
b59faa51d5 NPE in getDefaultRequiredActionCaseInsensitively 
closes #21123
 2023-07-04 12:15:22 -03:00
Thomas Darimont
637fa741b0
Align naming of OTP policy window setting with actual semantics (#20469) (#21316) 
Closes #20469
 2023-07-04 12:41:21 +02:00
mposolda
ccbddb2258 Fix updating locale on info/error page after authenticationSession was already removed 
Closes #13922
 2023-07-03 18:57:36 -03:00
Pedro Igor
28aa1d730d Verify holder of the device code (#21) 
Closes https://github.com/keycloak/security/issues/32

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
    services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
 2023-06-28 15:45:26 +02:00
Hynek Mlnarik
c092c76ae8 Remove ldapsOnly (Java) 
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.

Closes: #9313
 2023-06-28 08:30:09 +02:00
Pedro Igor
d0691b0884 Support for the locale user attribute 
Closes #21163
 2023-06-27 09:21:08 -03:00
Erik Jan de Wit
3a3907ab15
changed to use ConfiguredProvider instead (#21097) 
fixes: #15344
 2023-06-27 08:00:32 -04:00
Douglas Palmer
f526f7a091 Emails with non-ascii characters are not allowed since v21.0.0 
closes #20878
 2023-06-22 10:27:48 -03:00
Pedro Igor
eb5edb3a9b Support reading base32 encoded OTP secret 
Closes #9434
Closes #11561
 2023-06-22 08:08:13 -03:00
mposolda
dc3b037e3a Incorrect Signature algorithms presented by Client Authenticator 
closes #15853

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-06-21 08:55:58 +02:00
Stian Thorgersen
f82577a7f3
Removed old account console (#21098) 
Co-authored-by: Jon Koops <jonkoops@gmail.com>

Closes #9864
 2023-06-20 20:46:57 +02:00
Alexander Schwartz
9425432f2c Handle HTTP response codes when retrieving data from remote endpoints 
Closes #20895
 2023-06-12 13:37:59 +02:00
rmartinc
f3fcf1f8c5 Session cross-reference / transaction mismatch 
Closes https://github.com/keycloak/keycloak/issues/20855
 2023-06-12 13:18:39 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces 
Fixes #20877

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-09 17:11:20 +00:00
Rinus Wiskerke
fbfdb54745
Strip rotated client secret from export json (#19394) 
Closes #19373
 2023-06-09 10:46:28 +02:00
Réda Housni Alaoui
eb9bb281ec Require user to agree to 'terms and conditions' during registration 2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators (#20731) 
closes #20497


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-08 14:52:34 +02:00
Alice Wood
7e56938b74 Extend group search attribute functionality to account for use case where only the leaf group is required 2023-06-07 08:52:23 -03:00
rmartinc
9bc30f4705 EventBuilder fixes to copy the store and session context 
Closes https://github.com/keycloak/keycloak/issues/20757
Closes https://github.com/keycloak/keycloak/issues/20105
 2023-06-07 08:34:27 -03:00
Artur Baltabayev
041441f48f
Improved Reset OTP authenticator (#20572) 
* ResetOTP authenticator can now be configured, so that one or all existing OTP configurations are deleted upon reset.

Closes #8753
---------

Co-authored-by: bal1imb <Artur.Baltabayev@bosch.com>
 2023-06-06 08:30:44 -03:00
rmartinc
81aa588ddc Fix and correlate session timeout calculations in legacy and new map implementations 
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
 2023-06-05 18:46:23 +02:00
Alexander Schwartz
cd9e0be9f0 Filter first, then sort, and avoid atomics 
Closes #20394
 2023-06-05 11:23:54 +02:00
Pedro Igor
8aeee928e8
Allow configuring the referrer policy (#19917) 
* Allow configuring the referrer policy

Closes #17288

* fixed indentation

---------

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2023-05-30 12:27:12 -04:00
Stefan Guilhen
2252b09949 Remove deprecated default roles methods 
Closes #15046
 2023-05-23 22:32:52 +02:00
Dominik Schlosser
8c58f39a49 Updates Datastore provider to contain full data model 
Closes #15490
 2023-05-16 15:05:10 +02:00
Alexander Schwartz
910021408e Use entity locking only for the map storage 
This is a performance optimization that the new feature doesn't affect the old store.

Closes #20176
 2023-05-15 10:20:35 +02:00
Alexander Schwartz
2758d78865 Avoid exception when looking up the providerId 
This is a performance optimization, as creating an exception is expensive.

Closes #20176
 2023-05-15 10:20:35 +02:00
Martin Bartoš
6118e5cfb7 Use JakartaEE dependencies 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.* 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
 2023-04-27 13:36:54 +02:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts 
Closes #17359
 2023-04-16 17:41:22 +02:00
mposolda
4d8d6f8cd8 Preserve authentication flow IDs after import 
closes #9564
 2023-04-03 16:01:52 +02:00
Hynek Mlnarik
0d5363d0d5 Throw an exception rather than returning response 
Closes: #17644
 2023-04-03 14:43:50 +02:00
rmartinc
c6a1820a47 Use SimpleHttp for SOAP calls 
Closes https://github.com/keycloak/keycloak/issues/17139
 2023-03-31 10:57:47 -03:00
Alexander Schwartz
251f6151e8 Rework the Import SPI to be configurable via the Config API 
Also rework the export/import CLI for Quarkus, so that runtime options are available.

Closes #17663
 2023-03-24 15:28:55 -03:00
Alexander Schwartz
513bb809f3 Add a map storage global locking implementation for JPA 
Closes #14734
 2023-03-21 08:21:11 +01:00
Pedro Igor
a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library 
Closes keycloak#17353
 2023-03-17 11:40:51 +01:00
Alexander Schwartz
f6f179eaca Rework the export to use CLI options and property mappers 
Also, adding the wiring to support Model tests for the export.

Closes #13613
 2023-03-07 08:22:12 +01:00
mposolda
a0192d61cc Redirect loop with authentication success but access denied at default identity provider 
closes #17441
 2023-03-06 10:45:01 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Vilmos Nagy
4b0562da38 #16161 implement an EventBuilder constructor which can be called from scheduled tasks 2023-02-27 15:52:37 -03:00
Douglas Palmer
1d75000a0e Create an SPI for DeviceActivityManager 
closes #17134
 2023-02-20 09:29:11 +01:00
Hynek Mlnarik
e30e1eca68 Ensure that concatenated Stream is closed once read 
Fixes: #15781
 2023-02-17 13:00:32 +01:00
Christian Hörtnagl
ff71cbc4f3 * fix typos in javadoc 2023-02-13 08:53:47 +01:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML 
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
 2023-02-10 12:06:49 +01:00
Stefan Guilhen
1da6244ec0 Add retry logic to LoginActionsService#authenticate 
In addition to that, avoid adding cookies on each retry.

Closes #15849

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-02-09 11:56:15 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction 
Closes #13280
 2023-02-08 10:26:30 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens 
Closes #8833
 2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92 Revise blacklist password policy provider #8982 
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-02-07 10:36:39 +01:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798) 
Closes #16797
 2023-02-03 15:31:25 +01:00
Alexander Schwartz
c6aba2e3de Make LockAcquiringTimeoutException a RuntimeException 
Closes #16690
 2023-01-31 08:21:32 +01:00