libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
25445 commits 4 branches 9 tags 483 MiB
Commit graph

614 commits

Author SHA1 Message Date
Pedro Igor
f010f7df9b Reverting removal of test assertions and keeping existing logic where only brokers the user is linked to is shown after identity-first login page 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-03 11:55:04 -03:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5 
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2 Issue: 26568 - bcfips version bump and fixes 
* bump BCFIPS to 1.0.2.5
               * fix bc-fips related test error
               * remove unused imports

               Closes: #26568

Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
 2024-06-25 11:07:27 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates 
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-20 14:36:14 -03:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072) 
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1 
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Peter Zaoral
cd2451d58b
Remove Oracle JDBC driver out of the box (#29895) 
Closes: #29491

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2024-05-31 17:21:19 +00:00
Martin Bartoš
76a6733f0a Replace PhantomJS by HtmlUnit 
Closes #9979

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-05-29 11:17:57 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity 
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-29 01:58:20 -03:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400) 
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-23 08:38:36 +02:00
Ricardo Martin
74a80997c7
Fix CRL verification failing due to client cert not being in chain (#29582) 
closes #19853

Signed-off-by: Micah Algard <micahalgard@gmail.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Micah Algard <micahalgard@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-05-17 11:28:07 +02:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final 
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-08 17:18:39 +02:00
Douglas Palmer
8d628d740e Can we remove undertow OIDC adapter? 
Closes #28788

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-05-07 19:47:46 +02:00
Stefan Guilhen
02e2ebf258 Add check to prevent deserialization issues when the context token is not an AccessTokenResponse. 
- also adds a test for the refresh token on first login scenario.

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-30 12:02:10 -03:00
Jon Koops
a6e2ab5523 Remove jaxrs-oauth-client and OIDC servlet-filter adapters 
Closes #28784

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-04-26 15:56:57 +02:00
Stefan Wiedemann
b08c644601
Support credentials issuance through oid4vci (#27931) 
closes #25940 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-04-22 11:37:55 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
mposolda
c427e65354 Secondary factor bypass in step-up authentication 
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
 2024-04-19 14:43:53 +02:00
Stian Thorgersen
0d60e58029
Restrict the token types that can be verified when not using the user info endpoint (#146) (#28866) 
Closes #47

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Conflicts:
	core/src/main/java/org/keycloak/util/TokenUtil.java
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-18 14:11:05 +02:00
Pedro Ruivo
63cb137b37 Remove usages of EnvironmentDependentProviderFactory.isSupported 
Closes #28751

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-16 09:43:23 +02:00
Martin Bartoš
a3669a6562
Make general cache options runtime (#28542) 
Closes #27549

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-12 11:56:11 +02:00
Giuseppe Graziano
c76cbc94d8 Add sub via protocol mapper to access token 
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-10 10:40:42 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 (#26345) 
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-04-09 11:25:19 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
Justin Tay
e765932df3 Skip unsupported keys in JWKS 
Closes #16064

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-08 08:42:31 +02:00
Justin Tay
89a5da1afd Allow empty key use in JWKS for client authentication 
Closes #28004

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-04 10:42:37 +02:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider (#28128) 
Closes #28120

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 12:44:11 +01:00
Steven Hawkins
35b9d8aa49
task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
vramik
032bb8e9cc Map Store Removal: Remove obsolete KeycloakModelUtils.isUsernameCaseSensitive method 
Closes #27438

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-02 04:40:46 +09:00
Ryan Emerson
a2f027ee00 Use AWS JDBC Wrapper in CI tests. Resolves #27123 
Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-02-19 19:07:24 +01:00
Steven Hawkins
37acb2fd09
task: upgrading to quarkus 3.7.0.CR1 (#26203) 
there are several downgrades from the quarkus versions, and some
additional logic needed to handle changes with re-creating the
configuration

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-01-31 18:23:07 +00:00
Stian Thorgersen
0fb6bdfcac
Cookie Provider - move remaining cookies (#26531) 
Closes #26500

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-29 11:06:37 +01:00
Martin Kanis
7797f778d1 Map Store Removal: Rename legacy modules 
Closes #24107

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-25 16:29:16 +01:00
Ricardo Martin
b58f35fb47
Revert "Enable verify profile required action by default for new realms" (#26495) 
This reverts commit 7f195acc14.

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-25 12:28:16 +01:00
rmartinc
7f195acc14 Enable verify profile required action by default for new realms 
Closes #25985

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-24 20:28:06 +01:00
Stian Thorgersen
85ddac26ed
Remove code that expires old cookie paths (#26444) 
Closes #26416

Signed-off-by: stianst <stianst@gmail.com>
 2024-01-24 13:43:03 +01:00
Takashi Norimatsu
b99f45ed3d Supporting EdDSA 
closes #15714

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>

Co-authored-by: Muhammad Zakwan Bin Mohd Zahid <muhammadzakwan.mohdzahid.fg@hitachi.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-01-24 12:10:41 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273) 
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-23 13:50:31 +00:00
Alexander Schwartz
a8eca6add0
Changing to the Infinispan BOM to avoid mis-aligned Infinispan dependencies (#26137) 
Closes #22922

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
 2024-01-15 09:20:47 +01:00
Pedro Igor
d540584449 Using a valid URI when deleting cookies before/after running tests 
Closes #22691

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 15:13:12 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features (#24811) 
also adding a common PropertyMapper validation method

closes #24668

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-01-03 17:56:31 +01:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-02 09:06:55 -03:00
mposolda
3fa2d155ca Decouple factory methods from the provider methods on UserProfileProvider implementation 
closes #25146

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-01 10:30:57 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473) 
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-30 08:57:17 +01:00
Martin Bartoš
e71d850a03 Run SAML adapter tests with EAP 8 
Closes #24168

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-28 14:07:44 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings 
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2023-11-22 14:10:11 +01:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2023-11-13 19:13:01 +01:00
vramik
926be135e8 Remove map related modules 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24100
 2023-11-13 12:34:52 +01:00