libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
12462 commits 4 branches 5 tags 483 MiB
Commit graph

3051 commits

Author SHA1 Message Date
Denis
8c7b69fc9e KEYCLOAK-13748 Create automated test for scenario with alternative subflow for credential reset 2020-05-20 14:06:53 +02:00
Stan Silvert
13d0491ff3 KEYCLOAK-14038: Re-allow special characters for Roles only 2020-05-20 07:53:23 -04:00
Takashi Norimatsu
c057b994e7 KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support 2020-05-20 09:01:59 +02:00
mhajas
4b8c7dd7d7 KEYCLOAK-14048 Allow clock skew when testing refresh token actual expiration time 2020-05-20 08:12:54 +02:00
Takashi Norimatsu
be0ba79daa KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS 2020-05-19 17:00:41 +02:00
mposolda
12d965abf3 KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP 2020-05-19 16:58:25 +02:00
Martin Kanis
6f43b58ccf KEYCLOAK-14074 filterIdentityProviders compares providerId instead of alias 2020-05-19 09:46:21 +02:00
Thomas Darimont
6211fa90e0 KEYCLOAK-10932 Honor given_name and family_name in OIDC brokering 
Previously firstname and lastname were derived from the name claim.
We now use direct mappings to extract firstname and lastname from
given_name and family_name claims.

Added test to KcOidcFirstBrokerLoginTest

Marked org.keycloak.broker.provider.BrokeredIdentityContext#setName
as deprecated to avoid breaking existing integrations.
 2020-05-19 09:10:43 +02:00
vramik
37e23cb0a2 KEYCLOAK-14062 Add postgres10 2020-05-18 13:36:18 +02:00
Stan Silvert
a827d20a90 KEYCLOAK-11201: Use snowpack instead of SystemJs. 
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2020-05-15 08:58:26 +02:00
Pedro Igor
35f622f48e [KEYCLOAK-11719] - Remove need for servlets/undertow from Quarkus dist 
Co-authored-by: MatthewC <matthewc@backbase.com>
 2020-05-13 09:28:58 +02:00
Álvaro Gómez Giménez
666832d1be KEYCLOAK-13066 Include resourceType in ScopePermissionRepresentation 2020-05-12 17:11:35 -03:00
Sven-Torben Janus
82d3251ab4 Remove *-imports 2020-05-12 20:50:18 +02:00
Sven-Torben Janus
fcb0e450a0 KEYCLOAK-13817 Return local user from LDAPStorageProvider 2020-05-12 20:50:18 +02:00
Yoshiyuki Tabata
f7d00fc2e9 KEYCLOAK-13844 "exp" claim should not be "0" when using offline token 2020-05-12 16:14:37 +02:00
stianst
49db2c13a5 KEYCLOAK-8141 Fix issue where attribute values are duplicated if updates to user are done in parallell 2020-05-12 09:06:44 +02:00
Pedro Igor
44c49d69a7 [KEYCLOAK-13071] - AuthorizationTokenService swallows Exceptions thrown by KeycloakIdentity 2020-05-08 09:21:37 +02:00
Takashi Norimatsu
3716bd96ad KEYCLOAK-14093 Specify Signature Algorithm in Signed JWT with Client Secret 2020-05-07 11:28:39 +02:00
vramik
4a70494285 KEYCLOAK-14086 Outdated wildfly deprecated version 2020-05-07 08:39:18 +02:00
Stan Silvert
deead471a9 KEYCLOAK-12852: Internal query params not removed after AIA 2020-05-06 16:07:21 -03:00
Takashi Norimatsu
0d0617d44a KEYCLOAK-13720 Specify Signature Algorithm in Signed JWT Client Authentication 2020-05-05 17:43:00 +02:00
rmartinc
f0852fd362 KEYCLOAK-13823: "Dir" Full export/import: On import, service account roles and authorization info are not imported 2020-05-05 17:05:56 +02:00
Vanrar68
85feda3beb KEYCLOAK-13998 ConditionalRoleAuthenticator doesn't work with composite roles 2020-05-05 08:39:04 +02:00
Erik Jan de Wit
1f462a2ae2 KEYCLOAK-12916 add name or username in toolbar 
Update testsuite/integration-arquillian/tests/other/base-ui/src/test/java/org/keycloak/testsuite/ui/account2/page/fragment/LoggedInPageHeader.java

Co-Authored-By: Václav Muzikář <vaclav@muzikari.cz>

Moved concatenation to messages_en.properties

fix: renamed loggedInUser to landingLoggedInUser

for the welcome page

moved `loggedInUserName` to WelcomePageScrips
 2020-05-04 14:58:27 -04:00
Martin Bartos
7ebdca48d3 [KEYCLOAK-13572] Doesn't observe After events due to assume check 2020-05-04 17:31:44 +02:00
Michael Riedmann
66c7ec6b08 [KEYCLOAK-13995] added test for clientUpdate with ProtocolMappers 2020-05-04 17:13:57 +02:00
Erik Jan de Wit
435815249b KEYCLOAK-12783 changed to base account url for new console 2020-05-04 07:16:15 -04:00
Hynek Mlnarik
32f13016fa KEYCLOAK-12874 Align Destination field existence check with spec 2020-05-04 09:19:44 +02:00
Erik Jan de Wit
b19b3a40ad KEYCLOAK-14004 fixed the test 2020-04-30 12:47:18 -04:00
Martin Kanis
aa309b96a8 KEYCLOAK-13682 NPE when refreshing token after enabling consent 2020-04-30 08:46:21 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
Yoshiyuki Tabata
874642fe9e KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC 2020-04-28 15:34:25 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00
Yoshiyuki Tabata
b40c12c712 KEYCLOAK-5325 Provide OAuth token revocation capability 2020-04-28 15:25:22 +02:00
Martin Kanis
be28bfee1d KEYCLOAK-13636 Missing wildfly-dist in EAP 7.4.0.CD19 build 2020-04-28 08:55:42 -03:00
Stan Silvert
09b54a9473 KEYCLOAK-12776: Make it easier to change the logo and logo link. 2020-04-27 12:29:38 -04:00
Erik Jan de Wit
ab2d1546b4 fix merge errors 2020-04-27 09:09:31 -04:00
Erik Jan de Wit
e093fa218d Fixed console for test 2020-04-27 09:09:31 -04:00
Erik Jan de Wit
7580be8708 KEYCLOAK-13121 added the basic functionality 2020-04-27 09:09:31 -04:00
Stefan Guilhen
da1138a8d2 [KEYCLOAK-13005] Make sure the master URL is used if the consumer POST or REDIRECT URL is an empty string 
- Fixes issue where admin console sets an empty string when the consumer POST or REDIRECT URL is deleted
 2020-04-27 14:25:03 +02:00
Erik Jan de Wit
db8cb63565 KEYCLOAK-12936 only change the locale in the AccountPage. 2020-04-27 07:04:06 -04:00
Pedro Igor
44b489b571 [KEYCLOAK-13656] - Deny request if requested scope is not associated to resource or any typed resources 2020-04-27 08:39:38 +02:00
Pedro Igor
dacbe22d53 [KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource 2020-04-27 08:38:55 +02:00
Martin Idel
7e8018c7ca KEYCLOAK-11862 Add Sync mode option 
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported

Fix updateBrokeredUser method for all mappers

- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
  Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
  The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
  Bug: delete cannot work - just delete it. Don't fix it in legacy mode

Rework mapper tests

- Fix old tests for Identity Broker:
  Old tests did not work at all:
  They tested that if you take a realm and assign the role,
  this role is then assigned to the user in that realm,
  which has nothing to do with identity brokering
  Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
  Added tests for UsernameTemplateMapper
  Added tests to all RoleMappers
  Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode

Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
 2020-04-24 15:54:32 +02:00
Pedro Igor
8f5e58234e [KEYCLOAK-11317] - IDP review profile allows empty username 2020-04-24 10:52:59 -03:00
Douglas Palmer
d4eeed306b [KEYCLOAK-11764] Upgrade to Wildfly 19 2020-04-24 08:19:43 -03:00
Erik Jan de Wit
3cdfb422ad KEYCLOAK-12173 removed escaping of '&' 2020-04-23 16:10:57 -04:00
Bart Monhemius
9389332675 [KEYCLOAK-13927] Accept only ticketId instead of the PermissionTicketRepresentation for delete in PermissionResource 2020-04-23 15:59:43 -03:00
Bart Monhemius
acc5ab9e44 [KEYCLOAK-13927] Allow deleting permission tickets with the Authz client 2020-04-23 15:59:43 -03:00
Martin Kanis
a04c70531a KEYCLOAK-9623 Disabling logged in user will not allow other user to login after he is thrown out of his session 2020-04-23 14:40:25 +02:00
Takashi Norimatsu
8513760e25 KEYCLOAK-12176 WebAuthn: show the attestation statement format in the admin console 2020-04-23 10:01:19 +02:00
mhajas
1db87acc98 KEYCLOAK-13852 reset time at the end of testTokenConcurrentRefresh test 2020-04-22 15:06:28 +02:00
mposolda
83255e1b08 KEYCLOAK-13922 MigrationModelTest failing in latest master 2020-04-22 14:05:34 +02:00
Thomas Darimont
12e53e6f11 KEYCLOAK-11003 Remove UPDATE_PASSWORD RequiredAction on non-temporary password reset 
We now remove a potentially existing UPDATE_PASSWORD action when
explicitly assigning a non-temporary password.

Adapted tests to use a temporary password when UpdatePassword required actions
were used.
 2020-04-22 10:59:49 +02:00
Thomas Darimont
f9f71039ae KEYCLOAK-13566 ValidateUsername should raise USER_NOT_FOUND event if the user lookup fails 2020-04-21 21:11:11 +02:00
Pedro Igor
cbab159aa8 [KEYCLOAK-8071] - Properly validating requested scopes 2020-04-21 12:23:59 +02:00
mposolda
38195ca789 KEYCLOAK-12842 Not possible to update user with multivalued LDAP RDN 2020-04-21 11:35:41 +02:00
aboullos
2945eb63b7 KEYCLOAK-8836 Add test to check product name on welcome page 
Modify import

KEYCLOAK-8836 Add test to check product name on welcome page
 2020-04-21 11:30:20 +02:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
mposolda
b29810c923 KEYCLOAK-13306 Model fixes for check realm when lookup by ID 
(cherry picked from commit e40a62de31f6f5d326234314a9e285010665f707)
 2020-04-21 08:19:50 +02:00
mposolda
821405e175 KEYCLOAK-10852 Inconsistency when using 'forgot password' after changing email directly in LDAP 2020-04-16 12:28:41 +02:00
Pedro Igor
acfbdf6b0e [KEYCLOAK-13187] - Concurrency issue when refreshing tokens and updating security context state 2020-04-16 12:25:42 +02:00
Pedro Igor
21597b1ff2 [KEYCLOAK-13581] - Fixing client pagination when permission is enabled 2020-04-14 16:57:27 -03:00
mposolda
4f1985826c KEYCLOAK-12934 LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY user roles retrieve strategy role-ldap-mapper option should only be displayed if LDAP provider vendor is Active Directory 2020-04-14 20:01:55 +02:00
Pedro Igor
9eeeb10587 [KEYCLOAK-13589] - Can't add user in admin console when 'Email as username' is enabled 2020-04-14 19:29:48 +02:00
stianst
1f02f87a6e KEYCLOAK-13565 Add support for kc_action to keycloak.js 
Co-authored-by mhajas <mhajas@redhat.com>
 2020-04-14 19:23:56 +02:00
stianst
97b5654690 KEYCLOAK-13285 Enable check identity for email 2020-04-14 19:22:57 +02:00
mhajas
845195780e KEYCLOAK-13758 Exclude some tests for remote runs 2020-04-08 16:38:58 +02:00
Pedro Igor
b60b85ab65 [KEYCLOAK-7450] - Match subject when validating id_token returned from external OP 2020-04-06 13:43:19 +02:00
vramik
52b67f6172 KEYCLOAK-13660 Patch installation is not performed with -Dauth.server.patch.zips 2020-04-02 10:35:07 +02:00
mposolda
6f62c0ed98 KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console 2020-03-27 13:29:55 +01:00
aboullos
4b6e46d1a9 KEYCLOAK-13445 Modify SigningInTest for changes in credential type 2020-03-27 13:29:44 +01:00
mposolda
bf92bd16b0 KEYCLOAK-13383 WebAuthnRegisterAndLoginTest fails with -Dproduct with auth-server-eap 2020-03-26 16:27:23 +01:00
vramik
330d5b2c25 KEYCLOAK-13384 exclude IdentityProviderTest.failCreateInvalidUrl from remote-tests 2020-03-26 14:04:38 +01:00
vramik
780d11e790 KEYCLOAK-13571 KcinitTest fails with -Dproduct due to skipped maven plugin exacution 2020-03-26 14:03:11 +01:00
Pedro Igor
b812159193 [KEYCLOAK-10675] - Deleting an Identity Provider doesn't remove the associated IdP Mapper for that user 2020-03-26 11:41:17 +01:00
Pedro Igor
1b8369c7d5 [KEYCLOAK-13385] - Better message when saving a provider with invalid URLs 2020-03-26 08:46:44 +01:00
mhajas
b2b790cd1d KEYCLOAK-10797 Unignore hawtio on eap6 test 2020-03-24 15:10:40 +01:00
mhajas
8b96882a1c KEYCLOAK-12972 Fix fuse tests 2020-03-24 14:50:54 +01:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
mposolda
5ddd605ee9 KEYCLOAK-13259 2020-03-24 05:32:41 +01:00
mposolda
9474dd6208 KEYCLOAK-12986 BruteForceProtector does not log failures when login failure in PostBroker flow 2020-03-24 05:32:10 +01:00
Martin Kanis
e6e0e6945d KEYCLOAK-12156 LogoutEndpoint does not verify token type of id_token_hint 
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
 2020-03-24 05:31:36 +01:00
Pedro Igor
ec63245ac8 [KEYCLOAK-13386] - SslRequired.EXTERNAL doesn't work for identity broker validations 2020-03-23 12:16:43 -03:00
mposolda
3e82473a90 KEYCLOAK-13369 Not possible to move groups in admin console 2020-03-23 10:17:23 +01:00
mposolda
61fd66e107 KEYCLOAK-13368 TestClassProvider undertow server not stopped after testsuite 2020-03-23 07:10:17 +01:00
Pavel Drozd
6cc897e319
KEYCLOAK-8372 - User Federation tests - fixing for different vendors (#6909) 2020-03-20 11:36:35 +01:00
Dmitry Telegin
3b24465141
KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking (#6828) 
* KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking

* KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow

* KEYCLOAK-12870: remove "already authenticated as different user" check and message

* KEYCLOAK-12870: translations

* KEYCLOAK-12870: fix tests
 2020-03-20 07:41:35 +01:00
Pedro Igor
2eab44d3f3 [KEYCLOAK-13273] - Remove group policy when group is removed 2020-03-20 07:40:18 +01:00
rmartinc
a8e74196d1 KEYCLOAK-4923: Client Service Account Roles are not exported 2020-03-19 11:38:33 -03:00
Aboullos
f8dc7c0329 KEYCLOAK-13007 Add LDAPAccountTest 2020-03-18 10:11:59 -03:00
Stan Silvert
fff8571cfd KEYCLOAK-12768: Prevent reserved characters in URLs 2020-03-18 07:40:24 +01:00
vmuzikar
89f483d578 KEYCLOAK-13257 Fix WelcomeScreenTest.accountSecurityTest 2020-03-17 15:31:05 -03:00
vmuzikar
e4f7eb78b5 KEYCLOAK-13256 Fix WebAuthn in new Account Console tests 2020-03-17 15:31:05 -03:00
Stefan Guilhen
8c627fdb20 [KEYCLOAK-13036] Fix KeycloakElytronCSVaultTest failures on IBM JDK 
- credential store is generated on the fly for the test, avoiding incompatibilities between implementations of keystores
 2020-03-17 17:07:55 +01:00
mposolda
56d1ab19a8 KEYCLOAK-11412 Display more nice error message when creating top level group with same name 2020-03-16 21:03:46 +01:00
mposolda
d7688f6b12 KEYCLOAK-12869 REST sends credential type when no credential exists and credential disabled 2020-03-16 21:02:40 +01:00
Stan Silvert
1f1ed36b71 KEYCLOAK-9782: Do not allow duplicate group name when updating 2020-03-13 10:13:45 -04:00
Sebastian Laskawiec
8774a0f4ba KEYCLOAK-12881 KEYCLOAK-13099 Update FederatedIdentities and Groups on POST 2020-03-12 14:57:02 +01:00
mposolda
72e4690248 KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage 2020-03-11 12:51:56 +01:00