libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23588 commits 4 branches 5 tags 480 MiB
Commit graph

455 commits

Author SHA1 Message Date
rmartinc
4e7bd76954 Use conditions instead of String for filters and just use default escape strategy 
Closes https://github.com/keycloak/keycloak/issues/24767

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-14 15:50:46 -03:00
rmartinc
c8009b4627 Ensure that all LDAP conditions escape attribute values 
Closes https://github.com/keycloak/keycloak/issues/24767

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-14 15:50:46 -03:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks 
Closes #23966
 2023-12-08 17:55:17 +01:00
rmartinc
31b7c9d2c3 Add UP decorator to SSSD provider 
Closes https://github.com/keycloak/keycloak/issues/25075

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-01 15:41:05 +01:00
mposolda
479e6bc86b Update Kerberos provider for user-profile 
closes #25074

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-29 15:21:26 -03:00
Tero Saarni
ab3758842c
Add configuration option for LDAP referral (#24852) 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2023-11-28 14:06:34 +01:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider 
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax (#25) (#25036) 
Closes https://github.com/keycloak/security/issues/46

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2023-11-27 11:38:14 +01:00
rmartinc
6963364514 Keep same name on update for LDAP attributes 
Closes https://github.com/keycloak/keycloak/issues/23888
 2023-11-09 23:54:45 +01:00
Alice
69497382d8
Group scalability upgrades (#22700) 
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-26 16:50:45 +02:00
rmartinc
d10ccc7245 Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions 
Closes: https://github.com/keycloak/keycloak/issues/21797
Closes: https://github.com/keycloak/keycloak/issues/21818
 2023-10-19 08:31:49 +02:00
Martin Bartoš
21a23ace1d Mark required config properties for LDAP Mappers 
Closes #23685
 2023-10-09 08:46:57 +02:00
Bruno Oliveira
50589d7657 Weak hashing algorithm usage in SSSD User federation 
Closes #23713
 2023-10-05 07:46:45 -03:00
Michal Hajas
496c5ad989 Use new findGroupByPath implementation and remove the old one 
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-09-25 10:44:24 +02:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430) 
Closes #14820 
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-09-20 17:20:43 +02:00
Pedro Igor
217a09ce46 Switch to Resteasy Reactive 
Closes #10713
 2023-09-18 09:19:03 -03:00
Hynek Mlnarik
8effe31fdf Fix ldap:// with STARTTLS 
Closes: #21935
 2023-09-14 10:07:09 +02:00
rmartinc
48ab2b1688 FullNameLDAPStoreMapper removes values for other attributes 
Closes https://github.com/keycloak/keycloak/issues/22526
 2023-09-13 08:11:32 +02:00
stianst
211c027adb Remove use of Guava in services 
Closes #23009
 2023-09-07 08:59:02 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation 
closes #20045
 2023-08-30 13:24:48 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531) 
closes #22352 #9422
 2023-08-29 11:21:01 +00:00
rmartinc
7336ff07ac Check RDN attribute for DN membership 
Closes https://github.com/keycloak/keycloak/issues/20718
 2023-07-21 11:13:45 +02:00
mposolda
0ea2891eee Remove support for OpenJDK 11 on the server side 
closes #15014
 2023-07-03 13:12:22 -03:00
rmartinc
f21c35c21f Compare SSSD email ignoring the case 
Closes https://github.com/keycloak/keycloak/issues/21394
 2023-07-03 12:06:29 -03:00
Stijn Last
91e543f415
Improve error messages when testing LDAP connection (#21013) 
Closes #15434
 2023-07-01 19:45:49 +02:00
Hynek Mlnarik
c092c76ae8 Remove ldapsOnly (Java) 
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.

Closes: #9313
 2023-06-28 08:30:09 +02:00
vramik
535bba5792 Update UserQueryProvider methods 
Closes #20438
 2023-06-12 16:04:26 +02:00
Alexander Schwartz
512e30b210 Add escaping for fields with wildcard search 
Closes #20510
 2023-05-31 14:38:04 +02:00
vramik
a175efcb72 Split UserQueryProvider into UserQueryMethods and UserCountMethods and make LdapStorageProvider implement only UserQueryMethods 
Co-authored-by: mhajas <mhajas@redhat.com>

Closed #20156
 2023-05-31 11:47:54 +02:00
stianst
0832992e59 Removing OpenShift integration and moving to separate extension 
closes #20496

Co-authored-by: mposolda <mposolda@gmail.com>
 2023-05-30 17:39:32 +02:00
damien-malescot
1007d6a6d8 Fix AD/LDS password expiration 
Closes #13084
 2023-05-29 09:20:25 +02:00
vramik
bdbbd2959d User search with LDAP federation not consistent 
Closes #10195
 2023-05-23 11:48:33 +02:00
vramik
fd6a6ec3ad Make LDAP searchForUsersStream consistent with other storages 
Co-authored-by: mhajas <mhajas@redhat.com>

Closes #17294
 2023-05-19 08:40:41 +02:00
Pedro Hos
ca06c49909 Removing duplicated serverPrincipal at LDAPStorageProviderFactory.java 
closes #20101
 2023-05-16 15:20:38 +02:00
rmartinc
025778fe9c SSSD User Federation integration for quarkus distribution 
Closes https://github.com/keycloak/keycloak/issues/16165
 2023-05-09 11:32:52 +02:00
rmartinc
87905c186d Upgrade dbus-java to 4.3.0. Incorporated: dbus-java-core and dbus-java-transport-native-unixsocket 2023-05-09 11:32:52 +02:00
Martin Bartoš
6118e5cfb7 Use JakartaEE dependencies 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.* 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
 2023-04-27 13:36:54 +02:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts 
Closes #17359
 2023-04-16 17:41:22 +02:00
Hynek Mlnarik
6014070431 Fix memory leak in LDAP 
The caching in LDAP stores and reuses the session at the time of creating
`LDAPIdentityStore`. On top of that, there is not much cached, since apart
from the session which must not be part of long-lived cache, only config
is cached in the objects which is anyway always recomputed.

The cache for the LDAP still retains the LDAPConfig to keep
the `logLDAPConfig` call upon config change.

Closes: #19396
 2023-04-06 11:09:00 +02:00
Hynek Mlnarik
0d5363d0d5 Throw an exception rather than returning response 
Closes: #17644
 2023-04-03 14:43:50 +02:00
rmartinc
89dfeeec38 The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties 
Closes https://github.com/keycloak/keycloak/issues/10412
 2023-03-30 21:45:07 +02:00
Hiroyuki Wada
46eb2e1b84 Fix attribute deleted from LDAP is not immediately reflected even if it is "Always Read Value From LDAP" 2023-03-21 10:28:41 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Alexander Schwartz
1e4401f521 Avoid returning the same entity multiple times from separate searches 
Closes #15604
 2023-03-02 08:21:38 +01:00
rmartinc
5cdf4d5791 Read-Only attributes should be modified if creation is delayed for LDAP 
Closes https://github.com/keycloak/keycloak/issues/16848
 2023-03-01 11:26:57 +01:00
Alexander Schwartz
d4604984d0
Compatibility with Maven4 and parallel builds (#16312) 
Closes #16308
 2023-02-14 11:44:53 +01:00
mposolda
a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS 
closes #14966
 2023-01-25 18:38:46 +01:00
Hynek Mlnařík
60ce949304 Ignore unknown clients in LDAP role mapper 
Fixes: #10958
 2022-12-01 09:51:05 +01:00
rmartinc
b7188c3891
Unknown bind DN using LDAP anonymous bind aka bind type none (#15546) 
Closes #15497
 2022-11-23 10:23:46 +01:00