keycloak-scim

Author	SHA1	Message	Date
rmartinc	16afecd6b4	Allow automatic download of SAML certificates in the identity provider Closes https://github.com/keycloak/keycloak/issues/24424 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-29 18:03:31 +01:00
rmartinc	3bc028fe2d	Remove lowercase for the hostname as recommended/advised by OAuth spec Closes https://github.com/keycloak/keycloak/issues/25001 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-29 10:26:00 -03:00
Martin Bartoš	e71d850a03	Run SAML adapter tests with EAP 8 Closes #24168 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2023-11-28 14:07:44 +01:00
Pedro Igor	2c611cb8fc	User profile configuration scoped to user-federation provider closes #23878 Co-Authored-By: mposolda <mposolda@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-27 14:45:44 +01:00
Stian Thorgersen	a32b58d337	Escape ldap id when using normal attribute syntax (#25 ) (#25036 ) Closes https://github.com/keycloak/security/issues/46 Co-authored-by: Ricardo Martin <rmartinc@redhat.com>	2023-11-27 11:38:14 +01:00
Takashi Norimatsu	1f5ee9bf80	NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token closes #25022 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2023-11-27 08:49:48 +01:00
Thomas Darimont	8888e3d41c	Avoid deprecated API usage in testsuite/integration-arquillian/tests/base (#24904 ) - Removed unused imports - Avoided deprecated junit/hamcrest API - Avoid usage of JDK API scheduled for removal This should reduce the number of compiler warnings in the logs quite a bit closes #24995 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-24 09:37:34 +01:00
Sebastian Schuster	030f42ec83	More efficient listing of assigned and available client role mappings Closes #23404 Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2023-11-22 14:10:11 +01:00
Thomas Darimont	cd1e0e06c6	Avoid deprecated API usage in testsuite/integration-arquillian/util (#24870 ) Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-21 12:45:58 +01:00
Martin Bartoš	87ed656685	Start of MS-SQL fails in CI Closes #24846 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2023-11-20 15:09:11 +01:00
Thomas Darimont	d30d692335	Introduce MaxAuthAge Password policy (#12943 ) This policy allows to specify the maximum age of an authentication with which a password may be changed without re-authentication. Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible. A value of 0 will always require reauthentication to update the password. Add documentation for MaxAuthAgePasswordPolicy to server_admin Fixes #12943 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2023-11-20 14:48:17 +01:00
rmartinc	5fad76070a	Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience Closes https://github.com/keycloak/keycloak/issues/24659 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-16 18:22:16 +01:00
Vlasta Ramik	d86e062a0e	Removal of retry blocks introduced for CRDB Closes #24095 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-11-16 13:50:56 +01:00
rmartinc	cca33baac3	Avoid NPE if RelayState is null and return a proper error Closes https://github.com/keycloak/keycloak/issues/24079 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-16 12:56:49 +01:00
rmartinc	e3b2eec1ba	Make user profile validation success if the attribute was already wrong and read-only in the context Closes https://github.com/keycloak/keycloak/issues/24697 Signed-off-by: rmartinc <rmartinc@redhat.com>	2023-11-14 03:07:00 -08:00
Erik Jan de Wit	89abc094d1	userprofile shared (#23600 ) * move account ui user profile to shared * use ui-shared on admin same error handling also introduce optional renderer for added component * move scroll form to ui-shared * merged with main * fix lock file * fixed merge error * fixed merge errors * fixed tests * moved user profile types to admin client * fixed more types * pr comments * fixed some types	2023-11-14 08:04:55 -03:00
Réda Housni Alaoui	3f014c7299	Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058 ) closes #21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>	2023-11-13 19:13:01 +01:00
vramik	71b6757c2f	Remove quarkus options related to map store Signed-off-by: vramik <vramik@redhat.com> Closes #24098	2023-11-13 12:34:52 +01:00
vramik	926be135e8	Remove map related modules Signed-off-by: vramik <vramik@redhat.com> Closes #24100	2023-11-13 12:34:52 +01:00
vramik	76affa45c6	Delete removed `spi-events-store-jpa-max-detail-length` property from keycloak.conf in testsuite Signed-off-by: vramik <vramik@redhat.com> Fixes #17258	2023-11-13 08:34:09 +01:00
Hynek Mlnařík	0ceaed0e2e	Transient users: Consents (#24496 ) closes #24494	2023-11-10 11:18:27 +01:00
rmartinc	6963364514	Keep same name on update for LDAP attributes Closes https://github.com/keycloak/keycloak/issues/23888	2023-11-09 23:54:45 +01:00
mposolda	64836680d7	Failing test X509OCSPResponderTest due expired certificate closes #24650 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-09 13:34:51 +01:00
Alexander Schwartz	26e2fde115	Avoid reseting cachemanger to null to avoid a re-initialization (#24086 ) Also follow best practices of using volatile variables for double-locking, and not using shutdown caches. Closes #24085	2023-11-08 11:33:44 -05:00
vramik	6fa26d7ff4	Delete map dependencies from dependency management Closes #24101	2023-11-08 13:53:17 +01:00
mposolda	7863c3e563	Moving UPConfig and related classes from keycloak-services closes #24535 Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-07 12:41:29 +01:00
Peter Skopek	e5eded0eab	Add possibility to override fileName and base directory of Keycloak Quarkus distribution ZIP archive (#24284 ) Closes #24283 Signed-off-by: Peter Skopek <pskopek@redhat.com>	2023-11-07 10:31:58 +01:00
Joshua Sorah	7ca00975d4	Feature flag DPoP metadata in OIDC Well Known endpoint Closes keycloak/keycloak#24547 Signed-off-by: Joshua Sorah <jsorah@gmail.com>	2023-11-06 03:13:57 -08:00
vramik	593c14cd26	Data too long for column 'DETAILS_JSON' Closes #17258	2023-11-02 20:29:35 +01:00
Oliver	563ae104fd	[issue-14134] test partial import user with id Fix #14134	2023-11-02 05:56:12 -07:00
Martin Kanis	e05effe62d	Map Store Removal: Delete map profiles and scopes from model tests Closes #24093	2023-11-02 11:33:00 +01:00
Jon Koops	fe0a9459dd	Remove UTF-8 encoding header from property files (#24471 )	2023-11-01 16:03:26 -04:00
rmartinc	d7bb59461d	Escape $ sign when replacing clientId in the role mappers Closes https://github.com/keycloak/keycloak/issues/23692	2023-11-01 20:47:15 +01:00
Pedro Igor	be65ba8689	Make sure optional default attributes are removed when decorating the user-define user profile configuration Closes #24420	2023-11-01 14:54:09 +01:00
mposolda	0bd2b342d7	Update per review	2023-10-31 12:56:46 -07:00
mposolda	6f992915d7	Move some UserProfile and Validation classes into keycloak-server-spi closes #24387	2023-10-31 12:56:46 -07:00
Aboullos	75440abb5f	Fix compilation error on springboot (#24437 )	2023-10-31 19:29:05 +00:00
Justin Tay	3ff0476cc3	Allow customization of aud claim with JWT Authentication Closes #21445	2023-10-31 11:33:47 -07:00
rmartinc	1b630326b2	Fixes in LDAP tests when using AD Closing https://github.com/keycloak/keycloak/issues/24357	2023-10-31 13:34:37 +01:00
rmartinc	7deb4ca545	Group count and PartialExport permission fixes Closes https://github.com/keycloak/keycloak/issues/12171	2023-10-31 01:40:21 -07:00
Aboullos	c23e1e0e2b	Fix springboot tests (#24254 ) Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-31 09:06:09 +01:00
rmartinc	6484a3e705	Add userProfileEnabled attribute to realm response if admin can view users closes https://github.com/keycloak/keycloak/issues/19093	2023-10-30 07:39:03 -07:00
rmartinc	ea398c21da	Add a property to the User Profile Email Validator for max length of the local part Closes https://github.com/keycloak/keycloak/issues/24273	2023-10-27 15:09:42 +02:00
Alice	69497382d8	Group scalability upgrades (#22700 ) closes #22372 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-26 16:50:45 +02:00
Thomas Darimont	d56baa80b3	Add support for passing acr_values in auth requests in keycloak.js (#9383 ) (#24259 ) Fixes #9383	2023-10-25 15:33:39 +02:00
Hynek Mlnarik	c036980c37	Add TRANSIENT_USERS feature flag	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	d59ceb17e9	Add tests for offline access, introspection and userinfo endpoint	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	d70735f64d	Tests Part-of: Add support for not importing brokered user into Keycloak database Closes: #11334	2023-10-25 12:02:35 +02:00
ggraziano	84112f57b5	Verification of iss at refresh token request Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method. Closes #22191	2023-10-24 23:42:11 +02:00
Marek Posolda	1bd6aca629	Remove RegistrationProfile class and handle migration (#24215 ) closes #24182 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-10-24 20:19:33 +02:00
Martin Kanis	10a2c96c72	Users in role Rest API returns empty when User federation used (#23318 ) * Users in role Rest API returns empty when User federation used Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com> Co-authored-by: Martin Kanis <mkanis@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-24 11:10:20 -04:00
Martin Bartoš	9627187447	Adapter tests failing with Jakarta error (#24177 ) Fixes #24176	2023-10-24 10:11:48 -04:00
rmartinc	ad01ed1497	Do not reset the user profile configuration on disable Closes https://github.com/keycloak/keycloak/issues/23527	2023-10-24 03:05:34 -07:00
Thomas Darimont	e567210ed1	Add dedicated feature flag for oauth device grant flow (#23892 ) Closes #23891	2023-10-24 10:09:26 +02:00
Håvar Nøvik	bc55846809	Fixes a NullPointerException after import validation (#20151 ) * Fixes a NullPointerException after import validation If the import validation (when getting a user by email) returns null, indicating that the user entity should be removed from local storage, an email equality check results in a NullPointerException. This commit fixes this issue by explicitly checking for null. Closes #20150 --------- Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-23 17:19:25 -04:00
vramik	a0f04fa2be	Declarative User Profile export Closes #12062 Resolves #20885	2023-10-21 19:21:20 +02:00
Pedro Igor	e47389f199	Username now shown when creating a user and edit username is not allowed Closes #24183	2023-10-20 10:22:31 -07:00
Steven Hawkins	f4d1dd9b7f	improvement: validates the expected values of non-cli properties (#23797 ) also adds better messages for unknown options closes #13608	2023-10-20 17:21:03 +00:00
Pedro Igor	d4a5391013	Making sure public clients can RPT tokens Closes #14165	2023-10-20 17:53:10 +02:00
Pedro Igor	55a5a8c0eb	Ignore custom attributes when processing attributes in verify profile action Closes #24077	2023-10-20 17:51:40 +02:00
mposolda	c18e8ff535	User profile tweaks in registration forms closes #24024	2023-10-20 06:31:21 -07:00
kaustubh-rh	1ac2c0997d	Inconsistent handling of parenthesis in auth flow name (#24113 ) closes #16379	2023-10-20 10:00:46 +02:00
mposolda	04777299b0	After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly closes #23880	2023-10-19 19:23:50 +02:00
Vlasta Ramik	f6d582c761	Import migration step for kc22 Closes #24031 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-10-19 09:00:49 +02:00
rmartinc	d10ccc7245	Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions Closes: https://github.com/keycloak/keycloak/issues/21797 Closes: https://github.com/keycloak/keycloak/issues/21818	2023-10-19 08:31:49 +02:00
Pedro Igor	e91a0afca2	The username in account is required and don't change when email as username is enabled Closes #23976	2023-10-17 16:43:44 -03:00
wojnarfilip	b5ec155b64	Fix issue with overlapping WebElements in SocialLoginTest#PaypalLogin Closes #23960	2023-10-17 16:59:09 +02:00
shigeyuki kabano	6112b25648	Enhancing Light Weight Token(#22148 ) Closes #21183	2023-10-17 13:12:36 +02:00
Alexander Schwartz	50916d58b1	Clean up created test user to avoid conflict with other tests Closes #23804	2023-10-16 19:10:52 +02:00
wojnarfilip	f9386bd62b	Update login flow in OCP social login	2023-10-16 10:45:38 -03:00
Pedro Igor	9c19a8972b	Removing the default cache metadata Closes #23910	2023-10-13 16:32:55 +02:00
Lex Cao	eedc4ceb18	Fix unexpected expiration when import offline client session Closes #23397	2023-10-13 15:45:07 +02:00
Moritz Becker	e9f08b6500	Do not return empty scope field in token introspection response Closes #16526	2023-10-13 08:36:12 +02:00
Steven Hawkins	478ceb0b34	modification of kc.sh to remove param eval (#22585 ) * test * modification of kc.sh to remove eval of env/args Closes #22337 --------- Co-authored-by: rmartinc <rmartinc@redhat.com>	2023-10-12 17:10:53 +02:00
Vojtěch Boček	8871983b33	Add support for single-tenant mode to Microsoft Identity Provider (#20699 ) * Add support for single-tenant mode to Microsoft Identity Provider Fixes #20695 Closes #11207 * Add SocialLoginTest for Microsoft single-tenant variant	2023-10-10 16:35:36 -04:00
Marek Posolda	a6609bd969	Remove "You are already logged in" during authentication. Make other browser tabs to authenticate automatically when some browser tab successfully authenticate (#23517 ) Closes #12406 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-10 21:54:37 +02:00
Pedro Igor	7385ed56c7	Avoid creating the component when there is no component and configuration is not provided Closes #20970 Co-authored-by: Pedro Igor <psilva@redhat.com>	2023-10-10 13:28:48 +02:00
Tero Saarni	22d093f5c0	Fix multi-valued LDAP attribute support FullName LDAP storage mapper was delegating to single-valued setter even when multi-valued setter was called. Closes #22091 Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2023-10-06 14:36:02 +00:00
mposolda	cdb61215c9	UserProfileContext.ACCOUNT_OLD seems to be obsolete and not needed closes #23749	2023-10-06 11:27:48 -03:00
Pedro Igor	290bee0787	Resolve several usability issues around User Profile (#23537 ) Closes #23507, #23584, #23740, #23774 Co-authored-by: Jon Koops <jonkoops@gmail.com>	2023-10-06 10:15:39 -03:00
rmartinc	890600c33c	Remove backward compatibility for ECDSA tokens Closes https://github.com/keycloak/keycloak/issues/23734	2023-10-06 14:24:48 +02:00
Martin Kanis	0853d484ec	Remove transaction in InfinispanSingleUseObjectProvider#remove (#23708 ) Co-authored-by: mposolda <mposolda@gmail.com>	2023-10-06 10:00:04 +02:00
Garth	2dfbbff343	added AccountResource SPI, Provider and ProviderFactory. (#22317 ) Added AccountResource SPI, Provider and ProviderFactory. updated AccountLoader to load provider(s) and check if it is compatible with the chosen theme.	2023-10-05 15:08:01 +02:00
vramik	7f2f4aae67	Upgrade liquibase version to avoid a bug where a changeset is executed twice Closes #23220	2023-10-05 13:35:05 +02:00
Tomas Ondrusko	58131f1dcc	Update the Instagram login process Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-10-05 09:33:05 +02:00
Steven Hawkins	9a93b9a273	allows csv output to handle missing requested fields (#23459 ) * allows csv output to handle missing requested fields Closes #12330 * fixes the handling of the content type also makes it more explicit the expectation of applying csv and return fields * fix: consolidating the logic dealing with the content-type Closes #23580	2023-10-04 15:49:19 +02:00
Dmitry Telegin	085d0d73c9	Fix nonce/scope typo	2023-10-02 22:36:51 +02:00
Tomas Ondrusko	fcb91a83ba	Ignore query parameters while testing the LinkedIn profile picture URL (#23557 ) Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-10-02 14:36:17 +02:00
Tomas Ondrusko	3d42573813	Update PayPal social login flow to use 127.0.0.1 instead of localhost (#23532 ) Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>	2023-09-28 09:34:45 +00:00
fwojnar	56082cdd2d	Fixes issue in login flow of SocialLoginTest#twitterLogin (#23122 ) Co-authored-by: wojnarfilip <fwojnar@redhat.com>	2023-09-28 10:21:59 +02:00
Lucas Hedding	de5aa2e74d	Add createTimestamp to REST service (#23293 ) Closes #14009	2023-09-27 13:38:16 +02:00
rmartinc	10c1e3ba6d	Client roles should be mapped to any claim name Closes https://github.com/keycloak/keycloak/issues/22349	2023-09-27 08:11:22 -03:00
rmartinc	d90640b5a3	Change email checkserveridentity prop as angus mail sets it to true by default Closes https://github.com/keycloak/keycloak/issues/22395	2023-09-26 09:11:16 +02:00
Maria Arias de Reyna	c15753266f	fix(Closes #21236 ): Adding client-id to logout event	2023-09-25 13:20:26 +02:00
Pedro Igor	741f76887c	Allow updating email when email as username is set and edit username disabed #23438	2023-09-25 08:19:01 -03:00
Michal Hajas	496c5ad989	Use new findGroupByPath implementation and remove the old one Closes #23344 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-09-25 10:44:24 +02:00
Jon Koops	47d9ae71c4	Revert the new welcome screen experience (#23446 ) This reverts commit `bcab75a7ef`.	2023-09-21 16:03:00 +00:00
Justin Tay	7d3104ee76	Allow public clients to use PAR endpoint Closes #8939	2023-09-21 13:57:42 +02:00
rmartinc	7afd90982d	Align wildfly-core and wildfly version for tests Closes https://github.com/keycloak/keycloak/issues/23342	2023-09-21 10:53:57 +02:00
Michal Hajas	533f9e7093	Disable CockroachDB model tests since they are flaky (#23391 ) Closes #22645 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2023-09-20 16:04:11 +00:00

1 2 3 4 5 ...

6353 commits