libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
25445 commits 4 branches 9 tags 483 MiB
Commit graph

822 commits

Author SHA1 Message Date
Pedro Igor
f010f7df9b Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-03 11:55:04 -03:00
Douglas Palmer
7a8c7502d2 Cleanup of adapter-spi module? 
Closes#30871

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-27 19:41:30 +02:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5 
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2 Issue: 26568 - bcfips version bump and fixes 
* bump BCFIPS to 1.0.2.5
               * fix bc-fips related test error
               * remove unused imports

               Closes: #26568

Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
 2024-06-25 11:07:27 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates 
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-20 14:36:14 -03:00
rmartinc
f690947cea Remove the SAML undertow adapter 
Closes #30554

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-20 09:47:14 +02:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072) 
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1 
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
rmartinc
fc65c73106 Upgrade adapters test to use wildfly 28 (jakarta only) via maven plugin 
Closes #30324

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-18 15:40:59 +02:00
rmartinc
7d42ab822b Remove adapter app-server-undertow profile which is not used 
Closes #30347

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-12 14:40:06 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support (#28518) 
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-06-03 14:17:28 +02:00
Ricardo Martin
0cd0d03c08
Remove all adapter-core code moved to util (#30012) 
* Remove all tests that are only executed for undertow app server
* Remove installation steps for OIDC adapter in wildfly/eap app server
* Remove the util adapters package except HttpClientBuilder
* Remove HttpClientBuilder and use plain apache http client
Closes #29912

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-03 09:28:02 +02:00
Peter Zaoral
cd2451d58b
Remove Oracle JDBC driver out of the box (#29895) 
Closes: #29491

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2024-05-31 17:21:19 +00:00
Martin Bartoš
76a6733f0a Replace PhantomJS by HtmlUnit 
Closes #9979

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-05-29 11:17:57 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity 
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 01:58:20 -03:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400) 
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-23 08:38:36 +02:00
Ricardo Martin
74a80997c7
Fix CRL verification failing due to client cert not being in chain (#29582) 
closes #19853

Signed-off-by: Micah Algard <micahalgard@gmail.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Micah Algard <micahalgard@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-05-17 11:28:07 +02:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final 
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-08 17:18:39 +02:00
Douglas Palmer
8d628d740e Can we remove undertow OIDC adapter? 
Closes #28788

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-07 19:47:46 +02:00
Douglas Palmer
00bd6224fa Remove remaining Fuse adapter bits 
Closes #28787

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-06 09:02:26 +02:00
Douglas Palmer
051c0197db Remove old-WildFly, EAP 7.4 and 6.4 SAML adapters 
Closes #28785

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-03 15:39:05 +02:00
Douglas Palmer
e0176a7e31 Remove Wildfly and EAP OIDC adapters 
Closes #23381

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-02 20:16:55 +02:00
Douglas Palmer
8d4d5c1c54 Remove redundant servers from the testsuite 
Closes #29089

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-30 17:39:32 +02:00
Stefan Guilhen
02e2ebf258 Add check to prevent deserialization issues when the context token is not an AccessTokenResponse. 
- also adds a test for the refresh token on first login scenario.

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-30 12:02:10 -03:00
Jon Koops
a6e2ab5523 Remove jaxrs-oauth-client and OIDC servlet-filter adapters 
Closes #28784

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-04-26 15:56:57 +02:00
Douglas Palmer
cca660067a Remove JAAS login modules 
Closes #28789

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-26 09:30:35 +02:00
Douglas Palmer
b2f09feebf Remove servlet filter saml adapters 
Closes #28786

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-26 09:30:35 +02:00
Douglas Palmer
a4a7d023a7 Remove Jetty OIDC adapter 
Closes #28779

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-26 09:30:35 +02:00
Douglas Palmer
c5dbab2740 Remove Jetty SAML adapter 
Closes #28782

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-26 09:30:35 +02:00
Douglas Palmer
43aa10e091 Remove Tomcat OIDC adapter 
Closes #28778

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-26 09:30:35 +02:00
Douglas Palmer
98faf6e6a0 Remove Tomcat SAML adapter 
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>

Closes #28783
 2024-04-26 09:30:35 +02:00
Stefan Wiedemann
b08c644601
Support credentials issuance through oid4vci (#27931) 
closes #25940 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-04-22 11:37:55 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
mposolda
c427e65354 Secondary factor bypass in step-up authentication 
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
 2024-04-19 14:43:53 +02:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint (#146) (#28866) 
Closes #47

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Conflicts:
	core/src/main/java/org/keycloak/util/TokenUtil.java
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-18 14:11:05 +02:00
Pedro Ruivo
63cb137b37 Remove usages of EnvironmentDependentProviderFactory.isSupported 
Closes #28751

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-16 09:43:23 +02:00
Šimon Vacek
0205262c91
Workflow failure: Fuse adapter tests 
Closes: #27021

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2024-04-15 17:28:16 +02:00
Martin Bartoš
a3669a6562
Make general cache options runtime (#28542) 
Closes #27549

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-12 11:56:11 +02:00
Giuseppe Graziano
c76cbc94d8 Add sub via protocol mapper to access token 
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-10 10:40:42 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 (#26345) 
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-04-09 11:25:19 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
Justin Tay
e765932df3 Skip unsupported keys in JWKS 
Closes #16064

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-08 08:42:31 +02:00
Justin Tay
89a5da1afd Allow empty key use in JWKS for client authentication 
Closes #28004

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-04 10:42:37 +02:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider (#28128) 
Closes #28120

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 12:44:11 +01:00
Steven Hawkins
35b9d8aa49
task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
vramik
032bb8e9cc Map Store Removal: Remove obsolete KeycloakModelUtils.isUsernameCaseSensitive method 
Closes #27438

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-02 04:40:46 +09:00
Ryan Emerson
a2f027ee00 Use AWS JDBC Wrapper in CI tests. Resolves #27123 
Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-02-19 19:07:24 +01:00
Stian Thorgersen
23d5f2188d
Run adapters in a separate job on GitHub Actions (#26962) 
Closes #25892

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-13 12:38:58 +01:00