libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24813 commits 4 branches 5 tags 480 MiB
Commit graph

686 commits

Author SHA1 Message Date
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715) 
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-23 09:23:37 +02:00
rmartinc
eac4b53751 Incorrect proxyMappings example in the guides 
Closes #25514

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-22 18:30:41 +02:00
Stefan Guilhen
8ca4bc77a1 Improve the performance of the queries used to find granted resources 
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time

Closes #28861

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-22 11:26:06 -03:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393) 
Closes #26201.

Signed-off-by: Lex Cao <lexcao@foxmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-22 11:30:14 +02:00
Alexander Schwartz
9d0b1ecee4 Review CLI option change for caching 
Closes #28750

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-20 18:30:24 +02:00
Pedro Ruivo
3de5357091 CLI options to disable encryption and authentication to external Infinispan 
Closes #28750

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
Pascal Knüppel
ef45629df4
Add docs for transient-users how to prevent profile-review (#28889) 
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>

#relatesTo https://github.com/keycloak/keycloak/discussions/26637
 2024-04-18 23:49:51 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872) 
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2024-04-18 16:02:24 +02:00
Martin Bartoš
7f74286106 Emphasize the need for setting container limit 
Closes #28729

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-18 15:44:27 +02:00
Thomas Darimont
eb2936f655 Add note about using groups with transient-users 
Document an additional approach for managing user-roles for transient-users via groups.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-04-18 14:49:18 +02:00
rmartinc
ddacfbdefd Remove deprecated LinkedIn social provider 
Closes #23127

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-18 10:10:58 +02:00
Peter Zaoral
e7dd5c1991
Hostname:v2 docs (#28123) 
* hostname.adoc now contains the new hostname guide
* the old hostname is now available under hostname-deprecated.adoc

Closes: #27729

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2024-04-17 09:31:14 +02:00
Martin Bartoš
1fb83bb165
Release notes and Migration guide for Hostname v2 (#28621) 
Closes #27730

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
 2024-04-17 09:29:59 +02:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available 
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-15 15:05:09 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli (#28276) 
* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-04-15 13:04:58 +00:00
Christopher Miles
1646315939 Deny list lower cases all passwords when loading from file 
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
 2024-04-15 08:49:37 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper (#28663) 
closes #28661


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-12 14:13:03 +02:00
Martin Bartoš
a3669a6562
Make general cache options runtime (#28542) 
Closes #27549

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-12 11:56:11 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default 
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-12 10:53:39 +02:00
Niko Köbler
67e4015f67 improve doc for transient users 
adding a note to pay attention especially to the default-roles

Signed-off-by: Niko Köbler <niko@n-k.de>
 2024-04-12 10:50:30 +02:00
Marek Posolda
74faddec8e
Release notes for lightweight access tokens and group together relate… (#28622) 
closes #28460

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-11 20:02:33 +02:00
Jon Koops
9b94b6f47e
Add release notes for changes to Account and Admin consoles (#28545) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-04-11 08:42:08 +02:00
Marek Posolda
13daaa55ba
Documentation for changes related to 'You are already logged in' scen… (#28595) 
closes #27879

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-11 08:18:41 +02:00
Giuseppe Graziano
33b747286e Changed userId value for refresh token events 
Closes #28567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-11 07:46:44 +02:00
Václav Muzikář
33f580daa4
Hostname v2 for Operator (#28599) 
Closes #27728

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-04-10 18:56:47 +02:00
Giuseppe Graziano
c76cbc94d8 Add sub via protocol mapper to access token 
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-10 10:40:42 +02:00
Martin Bartoš
b2c88e9876
docs: Support management port for health and metrics (#28213) 
Relates to #19334

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-04-09 14:33:30 +02:00
Alexander Schwartz
3ba9a905c9 Provide histograms for http server metrics 
Closes #28178

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 12:52:42 +02:00
Stian Thorgersen
a499512f35
Set SameSite for all cookies (#28467) 
Closes #28465

Signed-off-by: stianst <stianst@gmail.com>
 2024-04-09 12:29:19 +02:00
Steve Hawkins
9afe3a2560 fix: changing max threads default 
closes: #17483

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-04-09 12:14:56 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 (#26345) 
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-04-09 11:25:19 +02:00
Martin Bartoš
9c1790af68
Enable Syslog log handler (#28462) 
* Enable syslog log handler

Closes #27544

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Suggest an alternative to GELF

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-08 17:38:20 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
Giuseppe Graziano
b4f791b632 Remove session_state from tokens 
Closes #27624

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-08 08:12:51 +02:00
Stian Thorgersen
b9feaec38e
Ignore all links to GitHub when checking external links in docs due to rate limiting issues (#28472) 
Closes #28330

Signed-off-by: stianst <stianst@gmail.com>
 2024-04-05 15:36:38 +02:00
Pedro Igor
8fb6d43e07 Do not export ids when exporting authorization settings 
Closes #25975

Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-04 19:26:03 +02:00
Ryan Emerson
71eacdc1c5 Update HA Guide now that non-XA mode is the default. Fixes #28142 
Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-04-04 13:15:42 +02:00
Ryan Emerson
9bf131b5fb HA guide erroneously refers to AWS Global Accelerator. Fixes #28174 
Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-04-04 13:15:42 +02:00
Alexander Schwartz
c1a471755d Fix lists to be rendered as expected 
Closes #28377

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-04 11:16:57 +02:00
Alexander Schwartz
1d204e77a4
Fix source highlighting for log output (#28375) 
Closes #28374

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-03 08:32:48 +02:00
Clemens Zagler
b44252fde9 authz/client: Fix getPermissions returning wrong type 
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this

Closes #16520

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
 2024-04-02 11:09:43 -03:00
Giuseppe Graziano
fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper 
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-02 08:44:28 +02:00
Steven Hawkins
e9ad9d0564
fix: replace aesh with picocli (#27458) 
* fix: replace aesh with picocli

closes: #27388

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

* splitting the error handling for password input

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a change note about kcadm

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-03-28 14:34:06 +01:00
Gilvan Filho
757c524cc5 Password policy for not having username in the password 
closes #27643

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
 2024-03-28 08:29:03 +01:00
Alexander Schwartz
305dd5812e Make use of attributes consistent between old docs and new guides 
Closes #28215

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-26 17:07:54 +01:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
rmartinc
d4da0c816c Upgrading note to warn truststore changes affect webauthn registration 
Closes #28113

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-22 10:58:48 +01:00
Steven Hawkins
619775b8db
fix: simplifies the parsing routine, which accounts for leading 0's (#28102) 
closes: #27839

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-22 09:19:52 +01:00
Steven Hawkins
6cc66109d5
doc: add keycloak cr truststores (#28015) 
closes: #27892

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-22 08:27:15 +01:00