libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23670 commits 4 branches 5 tags 480 MiB
Commit graph

6360 commits

Author SHA1 Message Date
Pedro Igor
d540584449 Using a valid URI when deleting cookies before/after running tests 
Closes #22691

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 15:13:12 -03:00
atharva kshirsagar
d7542c9344 Fix for empty realm name issue 
Throw ModelException if name is empty when creating/updating a realm

Closes #17449

Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-05 14:23:42 +01:00
Pedro Igor
8ff9e71eae Do not allow verifying email from a different account 
Closes #14776

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 12:45:07 +01:00
Pedro Igor
f476a42d66 Fixing the registration_client_uri to point to a valid URI after updating a client 
Closes #23229

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-01-05 12:41:36 +01:00
Ben Cresitello-Dittmar
057d8a00ac Implement Authentication Method Reference (AMR) claim from OIDC specification 
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.

This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.

The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.

Closes #19190

Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
 2024-01-03 14:59:05 -03:00
Jon Koops
07f9ead128 Upgrade Welcome theme to PatternFly 5 
Closes #21343

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-01-03 14:46:01 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features (#24811) 
also adding a common PropertyMapper validation method

closes #24668

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-01-03 17:56:31 +01:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-02 09:06:55 -03:00
Alexander Schwartz
9e890264df Adding a test case to check that the expiration time is set on logout tokens 
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-22 20:13:40 +01:00
Niko Köbler
5e623f42d4 add the exp claim to the backchannel logout token 
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.

As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.

resolves #25753

Signed-off-by: Niko Köbler <niko@n-k.de>
 2023-12-22 20:13:40 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email 
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-20 15:15:06 -03:00
rmartinc
c2e41b0eeb Make Locale updater generate an event and use the user profile 
Closes #24369

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-20 15:26:45 +01:00
Daniel Fesenmeyer
baafb670f7 Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java) 
Closes #25677

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
 2023-12-20 14:03:35 +01:00
Konstantinos Georgilakis
cf57af1d10 scope parameter in refresh flow 
Closes #12009

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-20 14:00:10 +01:00
mposolda
eb184a8554 More info on UserProfileContext 
closes #25691

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-19 13:00:31 -03:00
Pedro Igor
810ebf4efd Migration steps for enabling user profile by default 
Closes #25528

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-19 10:19:45 -03:00
Joshua Sorah
d411eafc42 Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207 
Closes keycloak/keycloak#25584

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-19 10:38:05 +01:00
Ricardo Martin
2ba7a51da6 Escape action in the form_post response mode (#60) 
Closes keycloak/keycloak-private#31
Closes https://issues.redhat.com/browse/RHBK-652

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis
ba8c22eaf0 Scope parameter in Oauth 2.0 token exchange 
Closes #21578

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration 
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-18 15:35:52 -03:00
rmartinc
d841971ff4 Updating the UP configuration needs to trigger an admin event 
Close #23896

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 19:24:30 +01:00
Steven Hawkins
ec28b68554
fix: improve group matching (#25627) 
closes #25451

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2023-12-18 11:46:02 +01:00
mposolda
cd154cf318 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect 
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-18 11:32:27 +01:00
Takashi Norimatsu
59536becec Client policies : executor for enforcing DPoP 
closes #25315

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2023-12-18 10:45:18 +01:00
Joshua Sorah
a10149bbe9 For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs 
Closes keycloak#25544

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-18 09:05:51 +01:00
Ricardo Martin
ae04b954a6
Fix for test SSSDUserProfileTest.test05MixedInternalDBUserProfile (#25570) 
Closes #25566

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-15 18:57:31 +00:00
Martin Bartoš
14fd61bacc PubKeySignRegisterTest failures in WebAuthn tests 
Fixes #9693

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-12-15 14:52:05 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation 
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
 2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215) 
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6 Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration 
closes #25416

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-14 14:43:28 +01:00
Tomas Ondrusko
26342d829c Update web elements of the Instagram login page 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-12-14 14:03:53 +01:00
rmartinc
c14bc6f2b0 Create terms and conditions execution when registration form is added 
Closes #21730

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-13 15:32:58 +01:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-13 08:27:55 +01:00
VR
1545b32a64 Revert changes related to map store in test classes in base testsuite 
Closes #24567

Signed-off-by: VR <vramik@redhat.com>
 2023-12-12 16:16:38 +01:00
Thomas Darimont
0f5bbae75c
Add support for POST logout in Keycloak JS (#25348) 
Closes #25167

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-12-11 14:55:48 +01:00
Pedro Igor
78ba7d4a38 Do not allow removing username and email from user profile configuration 
Closes #25147

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-11 08:30:28 +01:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks 
Closes #23966
 2023-12-08 17:55:17 +01:00
mposolda
90bf88c540 Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers 
closes #24718

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-12-08 12:26:35 +01:00
Lukas Hanusovsky
baf6186863
25208 MSSQL startup message - fix (#25378) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2023-12-07 16:27:16 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification (#25323) 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24793
 2023-12-07 12:43:43 +00:00
Pedro Igor
b1626172aa Removing unnecessary property from auth-server-migration maven profile 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-06 15:35:29 -03:00
rmartinc
522e8d2887 Workaround to allow percent chars in getGroupByPath via PathSegment 
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-06 14:22:34 -03:00
Peter Zaoral
340eb99412
Unable to use < as part of a password (admin-cli) (#24939) 
* escaped angle bracket characters in password

Closes #21951

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-12-06 17:27:44 +01:00
Pedro Igor
ab1173182c Make sure realm is available from session when migrating to 23 
Closes #25183

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-06 07:42:54 -03:00
rmartinc
d004e9295f Do not allow remove a credential in account endpoint if provider marks it as not removable 
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-05 17:11:57 +01:00
Vlasta Ramik
6f37fefd8d
Delete container providers from the base testsuite (#25168) 
Closes #24097

Signed-off-by: vramik <vramik@redhat.com>
 2023-12-04 14:44:35 +01:00
Alfredo Moises Boullosa
0b48bef0b1 Update springboot version 
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
 2023-12-04 11:15:51 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi (#25206) 
Closes #24103

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-12-01 16:40:56 +00:00
rmartinc
31b7c9d2c3 Add UP decorator to SSSD provider 
Closes https://github.com/keycloak/keycloak/issues/25075

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-01 15:41:05 +01:00
mposolda
3fa2d155ca Decouple factory methods from the provider methods on UserProfileProvider implementation 
closes #25146

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-01 10:30:57 -03:00