libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
25026 commits 4 branches 5 tags 480 MiB
Commit graph

4590 commits

Author SHA1 Message Date
Pedro Igor
b019cf6129 Support unmanaged attributes for service accounts and make sure they are only managed through the admin api 
Closes #29362

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-21 16:56:18 -03:00
Marek Posolda
6dc28bc7b5
Clarify the documentation about step-up authentication (#29735) 
closes #28341

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-05-21 19:46:27 +02:00
Martin Kanis
97cd5f3b8d Provide an additional endpoint to allow sending both invitation and registration links depending on the email being associated with an user or not 
Closes #29482

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-21 12:29:10 -03:00
Hynek Mlnarik
65fcd44fe1 Use admin console correctly in KeycloakIdentity 
Fixes: #29688

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-05-21 13:35:44 +02:00
rmartinc
3304540855 Allow admin console whoami endpoint to applications that have a special attribute 
Closes #29640

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-20 09:51:07 +02:00
Richard van den Berg
cb3f248d73 Document getGroupById() will not set subGroups in JavaDoc 
Closes #27787

Signed-off-by: Richard van den Berg <richard@vdberg.org>
 2024-05-17 17:05:25 +02:00
Filipe Roque
e83f3af080 Call super constructor in subclasses of WebApplicationException 
Frameworks like Datadog dd-trace-java java agent inspect the known WebApplicationException
and mark the exception as an HTTP 500, because that is the default for the
non argument constructor.

https://github.com/keycloak/keycloak/issues/29451

Signed-off-by: Filipe Roque <froque@premium-minds.com>
 2024-05-17 16:25:59 +02:00
Ricardo Martin
74a80997c7
Fix CRL verification failing due to client cert not being in chain (#29582) 
closes #19853

Signed-off-by: Micah Algard <micahalgard@gmail.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Micah Algard <micahalgard@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-05-17 11:28:07 +02:00
Stefan Guilhen
bfa4660ecd Add OpenAPI documentation for the Organization API 
Closes #29479

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-16 14:59:30 -03:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305) 
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
 2024-05-16 07:58:43 +02:00
rmartinc
89d7108558 Restrict access to whoami endpoint for the admin console and users with realm access 
Closes #25219

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-15 19:06:57 +02:00
Pedro Igor
b4d231fd40 Fixing realm removal when removing groups and brokers associated with an organization 
Closes #29495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 14:29:27 +02:00
Pedro Igor
b5a854b68e
Minor improvements to invitation email templates (#29498) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 13:19:02 +02:00
Pedro Igor
1b583a1bab Email validation for managed members should only fail if it does not match the domain set to a broker 
Closes #29460

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 10:46:22 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests 
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-13 16:33:29 +02:00
kaustubh-rh
8a82b6b587
Added a check in ClientInitialAccessResource (#29353) 
closes #29311

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>
 2024-05-13 13:00:36 +02:00
vramik
fbdaf03972 Ensure master realm can't be removed 
Fixes #28896

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-13 07:47:48 -03:00
rmartinc
2cc051346d Allow empty CSP header in headers provider 
Closes #29458

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-13 10:51:31 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization 
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-10 21:28:11 -03:00
Stefan Guilhen
f0620353a4 Ensure master realm can't be removed 
Closes #28896

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 16:56:18 -03:00
Stefan Guilhen
ceed7bc120 Add ability to search organizations by attribute 
Closes #29411

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 16:45:41 -03:00
Pedro Igor
77b58275ca Improvements to the organization authentication flow 
Closes #29416
Closes #29417
Closes #29418

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-09 16:07:52 -03:00
Pedro Igor
a65508ca13 Simplifying the CORS SPI and the default implementation 
Closes #27646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-08 12:27:55 -03:00
Thomas Darimont
6ba8b3faa2 Revise ObjectMapper construction (#16295) 
Previously an ObjectMapper was created multiple times during startup:
two times during bootstrap and one additional time for the first request sent to Keycloak.
Additionally jackson modules, e.g. support for JSR310 java.time types
were not registered event-though they are present on the classpath.

This PR revises the initialization of the ObjectMapper.

- Ensure ObjectMapper is only initialized once
- Ensure that jackson modules on the classpath are properly

Fixes #16295

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-05-07 19:04:43 +02:00
Martin Kanis
d4b7e1a7d9 Prevent to manage groups associated with organizations from different APIs 
Closes #28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-07 11:16:40 -03:00
Pedro Igor
f8bc74d64f Adding SAML protocol mapper to map organization membership 
Closes #28732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 15:52:35 +02:00
Stefan Guilhen
aa945d5636 Add description field to OrganizationEntity 
Closes #29356

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-07 10:35:51 -03:00
Pedro Igor
c0325c9fdb Do not manage brokers through the Organization API 
Closes #29268

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 09:15:25 -03:00
Alice W
d1549a021e Update invitation changes based on review and revert deleted test from OrganizationMembertest 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
7553679116 Using a common name for token parameter and setting it to action urls when available from query parameters 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
5359840f10 Reverting changes to login action services 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
6ae8c1e262 Reverting changes to freemarker login forms provider 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
40a283b9e8 Token expiration tests and updates to registration required action 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
158162fb4f Review tests and having invitation related operations in a separate class 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
287f3a44ce registration link tests 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Alice W
ce2e83c7f9 Update test and link formation on invite of new user 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Alice W
694105da89 Update the handling of invite tokens for new user registration to work with the base level oauth flows and implicit grants 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Alice W
18356761db Add test for user invite registration and fix minor bug with registration link generation and email templating 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Pedro Igor
e0bdb42d41 adding test and minor updates to cover inviting existing users 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-06 17:57:13 -03:00
Alice W
584e92aaba Add support for organizational invites to new and existing users based on tokens 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971) 
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-06 14:46:56 -03:00
Alexander Schwartz
2ebad818f9
Provide details in the log when a client credential grant fails (#28927) 
Closes #28926

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-06 09:31:25 +02:00
Alexander Schwartz
a9532274e3
Generate translations for locales via built-in Java functionality (#29125) 
Closes #29124

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-05-06 09:30:14 +02:00
Giuseppe Graziano
c6d3e56cda Handle reset password flow with logged in user 
Closes #8887

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-05-06 09:10:47 +02:00
Thomas Darimont
ba43a10a6d
Improve details for user error events in OIDC protocol endpoints 
Closes #29166

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-05-06 08:32:31 +02:00
Pedro Igor
32d25f43d0 Support for mutiple identity providers 
Closes #28840

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-04 16:19:27 +02:00
Justin Tay
7bd48e9f9f Set logout token type to logout+jwt 
Closes #28939

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-05-03 14:51:10 +02:00
Giuseppe Graziano
8c3f7cc6e9 Ignore include in token scope for refresh token 
Closes #12326

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-05-03 09:05:03 +02:00
alexagc
5e00fe8b10 Ignore g-recaptcha-response in user profile validation 
Signed-off-by: alexagc <alexcanal@gmail.com>
 2024-05-02 17:12:54 -03:00