libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
11971 commits 4 branches 9 tags 483 MiB
Commit graph

198 commits

Author SHA1 Message Date
Tero Saarni
1ac76fde59 KEYCLOAK-12242 KEYCLOAK-12280 
(cherry picked from commit 6f47d7fc2ccab4f31e373774c983501e83dffa4b)
 2019-12-18 13:29:21 +01:00
Cédric Couralet
bde94f2f08 KEYCLOAK-11770 add an hardcoded attribute mapper (#6396) 
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
 2019-12-10 12:57:46 +01:00
Martin Kanis
685d49c693 KEYCLOAK-11967 Violation of UNIQUE KEY constraint SIBLING_NAMES (#6485) 2019-11-26 16:00:50 +01:00
Ramon Spahr
0f00e23f96 KEYCLOAK-10977 Allow disabling Kerberos athentication with LDAP federation provider (#6422) 2019-11-18 14:12:26 +01:00
Andrei Arlou
b72fe79791 KEYCLOAK-12015 Use StandartCharsets in org.keycloak.storage.ldap.idm.query.EscapeStrategy (#6474) 2019-11-14 17:10:31 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459) 
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
 2019-11-14 14:45:05 +01:00
lounsbrough
e018ca3e29 KEYCLOAK-11802 Simplifying logic for determining disabled status (#6416) 
* KEYCLOAK-11802 Simplifying logic for determining disabled status
 2019-10-24 21:43:16 +02:00
Cédric Couralet
5f006b283a KEYCLOAK-8316 Add an option to ldap provider to trust emails on import 
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
 2019-10-04 16:28:02 +02:00
Felix Borchers
3d175dbe0c KEYCLOAK-11582 Fix ldap groups sync which fails when syncing back to MSAD (#6348) 
* KEYCLOAK-11582 Fix sync which fails when syncing to MSAD
 2019-10-03 20:13:12 +02:00
Sven-Torben Janus
1887d3b038 KEYCLOAK-10942 Incorporate comments from code review 
see https://github.com/keycloak/keycloak/pull/6251/files#r325212980
 2019-09-18 09:47:18 +02:00
Sven-Torben Janus
f261c43fab KEYCLOAK-10942 Support eDirectory GUID 
Convert eDirectory GUID which is in binary format to a UUID in dashed
string format.
 2019-09-18 09:47:18 +02:00
Jan Lieskovsky
7ab854fecf [KEYCLOAK-8253] When syncing flat (all groups being the top-level ones) structure 
of LDAP groups from federation provider to Keycloak, perform the search if the
currently processed group already exists in Keycloak in log(N) time

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2019-09-12 20:14:18 +02:00
Jan Lieskovsky
cfb225b499 [KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization 
(in the direction from LDAP provider to Keycloak) from exponential to
linear time in the case of syncing flat LDAP groups structure

Add a corresponding test (intentionally configured as to be ignored
by CI/CD due to higher demand on time, required fo the test completion)

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2019-09-12 09:54:13 +02:00
mhajas
9c2525ec1a KEYCLOAK-11245 Use transcription object for LDAP bindCredential 2019-09-09 19:39:53 +02:00
Sven-Torben Janus
c883c11e7e KEYCLOAK-10158 Use PEM cert as X.509 user identity 
Allows to use the full PEM encoded X.509 certificate from client cert
authentication as a user identity. Also allows to validate that user's
identity against LDAP in PEM (String and binary format). In addition,
a new custom attribute mapper allows to validate against LDAP when
certificate is stored in DER format (binay, Octet-String).

KEYCLOAK-10158 Allow lookup of certs in binary adn DER format from LDAP
 2019-07-08 11:58:26 +02:00
Ian Duffy
de0ee474dd Review feedback 2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4 [KEYCLOAK-10230] Support for LDAP with Start TLS 
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
 2019-05-27 21:30:01 +02:00
rmartinc
a9a4e9daae KEYCLOAK-9884: "user-attribute-ldap-mapper" is not propagating the change of "username" (uid) attribute. 2019-03-27 19:07:51 +01:00
rmartinc
2602c222cd KEYCLOAK-4640: LDAP memberships are being replaced instead of being added or deleted 2019-03-14 18:40:15 +01:00
mposolda
adc3017ff9 KEYCLOAK-8688 LDAPSyncTest is failing in some environments 2019-02-13 12:48:48 +01:00
Jonatas Esteves Silverio
0d9964c185 KEYCLOAK-7990 Use attribute name from config on LDAP group creation 
Use CommonLDAPGroupMapperConfig.getMembershipLdapAttribute() instead of
constant LDAPConstants.MEMBER to honor the "membership.ldap.attribute"
config key when creating a LDAP group. This fixes an error when trying
to create a group on a DS server configured with a different member
attribute than the standard "member" (eg. 389ds).
 2018-12-13 07:53:09 +01:00
mposolda
88141320ac KEYCLOAK-9002 StackOverflowError when reading LDAP-backed users via REST API 2018-12-07 12:25:05 +01:00
Pedro Igor
91637120ee [KEYCLOAK-5052] - LDAP group names containing / in the name violates SIBILING_NAME constraint in db 2018-11-23 08:48:08 -02:00
Jean-Loup Maillet
af47bd5da8 corrected groups set to be able to add group & explicit imports 2018-06-26 13:30:44 +02:00
J-Loup
0ee5c97b1c Tooltip correction on group selection 
Tooltip correction on group selection for hardcoded-ldap-group-mapper
 2018-06-26 13:30:44 +02:00
Jean-Loup Maillet
d07f13eace hardcoded-ldap-group-mapper 2018-06-26 13:30:44 +02:00
Rick van den Hof
2e22dcfc47 Add unit tests 2018-05-29 10:03:54 +02:00
Rick van den Hof
16fd6558a6 Enable adding of default groups 2018-05-29 10:03:54 +02:00
Lubos.Palisek
2bab2acf5b [KEYCLOAK-7239] Fixed ConcurrentModificationException while importing from LDAP with "ignoreMissingGroups" checked. 
Fixed test so that now it checks this use case.
 2018-04-26 18:54:00 +02:00
Ingo Bauersachs
5e4d173f1d KEYCLOAK-7194: avoid NullPointerException (#5157) 2018-04-20 09:24:12 +02:00
Douglas Palmer
cf056b3464 [KEYCLOAK-6069] Allow configuration of LDAP connection pooling 2018-04-06 20:27:11 +02:00
mposolda
b793e42c53 KEYCLOAK-5017 Adding user to newly created group caused sync all groups to LDAP 2017-12-13 09:15:47 +01:00
mposolda
bd25040e22 KEYCLOAK-5827 Retrieve member attribute from LDAP on group/role queries just when necessary 2017-11-15 15:29:19 +01:00
mposolda
c4a1764801 KEYCLOAK-5836 More logging around LDAP performance. Added LdapManyObjectsInitializerCommand to easily add many users and groups to the LDAP 2017-11-15 15:29:19 +01:00
mposolda
0c414eee80 KEYCLOAK-5848 Possibility to configure different attribute for GET_GROUPS_FROM_USER_MEMBEROF_STRATEGY 2017-11-14 15:05:26 +01:00
Bill Burke
54ebc21880 KEYCLOAK-5698 2017-10-19 19:38:56 -04:00
Cédric Couralet
656fc5d7c0 KEYCLOAK-4052 - add an option to validate Password Policy for ldap user storage 2017-10-13 13:54:50 +02:00
Markus Heberling
79c51a6a80 KEYCLOAK-5510 
Allow import of groups with missing subgroups.
 2017-09-21 13:11:49 +02:00
Przemyslaw Kadej
5b1a761b0f KEYCLOAK-5453 - Empty RDNs makes Keycloak unstable 2017-09-12 13:28:35 +02:00
filipe lautert
f1628ab903 KEYCLOAK-5381 Implementation of method LDAPStorageProvider.searchForUserByUserAttribute and tests for it. 2017-08-31 16:13:03 -03:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
mposolda
e91dd011c5 KEYCLOAK-4438 Disable kerberos flow when provider removed 2017-06-21 09:38:20 +02:00
mposolda
8adde64e2c KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout 2017-05-23 09:08:58 +02:00
Stian Thorgersen
54ee055bd8 KEYCLOAK-4671 Add server-private-spi to dependency deployer 2017-04-25 10:16:24 +02:00
mposolda
091b376624 KEYCLOAK-1590 Realm import per test class 2017-03-01 09:38:44 +01:00
mposolda
098d8e915d KEYCLOAK-4433 Added HardcodedLDAPAttributeMapper 2017-02-21 08:29:57 +01:00
Bill Burke
c3e72b11db KEYCLOAK-4382 2017-02-13 10:51:10 -05:00
Bill Burke
d9633dc20c Merge remote-tracking branch 'upstream/master' 2017-02-09 09:13:00 -05:00
Bill Burke
cf5e2a1d20 unlink/remoteimported 2017-02-08 19:48:22 -05:00
Bill Burke
f128be9b31 LDAP No-Import 2017-02-04 10:29:34 -05:00