libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
25978 commits 4 branches 5 tags 480 MiB
Commit graph

6905 commits

Author SHA1 Message Date
Stefan Guilhen
e7a4635620 Filter out org brokers from the account console 
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination

Closes #31944

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 09:00:52 -03:00
Alexander Schwartz
4d1e1e0bcb
Show details for error messages where they were missing (#32534) 
Closes #32533

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-09-04 07:23:54 -04:00
Stefan Guilhen
557d7e87b2 Avoid iterating through all mappers when running the config event listeners 
Closes #32233

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 07:40:58 -03:00
Theresa Henze
a1c23fef8c introduce event types to update/remove credentials 
Closes #10114

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
 2024-09-03 18:27:27 +02:00
Pedro Ruivo
ba861fc5d7 Remove version() projection from Ickle Queries 
Closes #32590

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-09-03 18:07:32 +02:00
Thomas Darimont
88a5c96fff
Add kc_action to redirect URI after a required action is cancelled (#31925) 
Closes #31894

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-03 14:26:23 +00:00
Martin Bartoš
db7694e7be
Update the welcome page to create a temporary admin user (#32283) 
Closes #30010

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
 2024-09-03 09:43:41 +02:00
Pedro Igor
4b5b1a4c25 Unignore backchannel logout tests 
Closes #20643

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-09-02 08:34:21 +02:00
Jon Koops
2d17024b14
Remove redirect_uri support from OIDC logout endpoint 
Closes #10983

Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2024-08-30 12:52:49 +00:00
Martin Kanis
e7d71d43c3 Identity Provider secret visible in Organization tab (API request) 
Closes #32486

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-30 09:26:25 -03:00
Douglas Palmer
0b7ab47cf2 Flaky test BruteForceTest.testPermanentLockout() 
Closes #32498

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-08-30 10:14:05 +02:00
Douglas Palmer
ecbd856176 Brute force protection: Lockout permanently uses parameters configured under lockout temporarily 
Closes #30969

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-08-29 16:30:22 +02:00
Stefan Guilhen
a41b622aa5 Set the correct realm when setting up client exchange permissions 
Closes #32465

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-29 16:09:23 +02:00
Erik Jan de Wit
e410a83c3c Made the login more modular 
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-08-29 07:18:24 -04:00
Martin Kanis
7e6dd682d4 Validate organization alias for forbidden chars 
Closes #32392

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-28 21:59:38 +02:00
mposolda
cd947ce3bc Removing policy-enforcer from Keycloak repository 
closes #32191

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-28 07:40:20 -03:00
Pedro Igor
449557290b More options to organization scope mapper including adding organization attributes to tokens 
Closes #31642

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-27 09:40:55 -03:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Giuseppe Graziano
c2c74faec0 Removing BOM character from SAML entity descriptor 
Closes #30604

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-08-26 10:59:05 +02:00
Erik Jan de Wit
776a491989
added organizations table to account (#32311) 
* added organizations table to account

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-22 15:44:03 -03:00
Michal Hajas
f5b2775939 Enable persistent sessions by default 
Run CI with the feature disabled to test also the old settings
Closes #32265

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-21 17:37:54 +02:00
Erik Jan de Wit
e2d7a94459 Hynek's notes 
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-08-21 08:50:01 -04:00
Pedro Igor
c1f6d5ca64 Support for selecting an organization when requesting the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-21 13:04:58 +02:00
Pedro Igor
4376a3c757 Add an endpoint to the organizations endpoint to return the organizations for a given user 
Closes #32158

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:11:14 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00
Martin Bartoš
bf5cf47351
Management Interface is turned on even though nothing is exposed on it (#31938) 
* Management Interface is turned on even though nothing is exposed on it

Fixes #31818

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove conditional enablement, add relevancy description

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-19 15:52:59 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
6e7b36e82f Add migration tests for the IDP changes 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values 
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-19 08:45:23 -03:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18 
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-16 12:17:43 +02:00
himanshi1099
7459992e40
Realm update validation for incorrect timeout values (#32137) 
closes #31595

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
 2024-08-16 08:58:27 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Pedro Igor
96acc62c00 Support for resolving organization based on the organization scope 
Closes #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-15 10:32:15 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies 
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-08-15 15:27:38 +02:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource 
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-15 09:12:57 -03:00
Yoshiyuki Tabata
cb6eb187ac Client Policy - Condition : Client - Client Attribute 
Closes https://github.com/keycloak/keycloak/issues/31766

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2024-08-14 09:56:56 +02:00
Pedro Igor
d04d2bb852 Allow removing users federated from a kerberos provider 
Closes #31603

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-13 18:47:55 +02:00
Pedro Ruivo
e13c9bf462 Retry remote cache operations with back off 
Implement a retry mechanism for remote cache writes.

Fixes #32030

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-13 15:55:59 +02:00
rmartinc
a38d3b2f55 SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface 
Closes #32084

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-13 15:53:45 +02:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions 
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-12 20:35:50 +02:00
rmartinc
347f595913 Add ECDH-ES encyption algorithms to the java keystore key provider 
Closes #32023

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-09 15:57:51 +02:00
Martin Kanis
da0864682a Conditionally redirect existing users to a broker based on their credentials 
Closes #31006

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-09 07:59:25 -03:00
Alexander Schwartz
07a168cb14 Deleted authentication sessions should not be re-surrected with an update 
Closes #31829

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-09 07:26:05 -03:00
rmartinc
2a06e1a6db Add SHAKE256 hash provider for Ed448 
Closes #31931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:36:54 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Pedro Igor
3ab2446074 Do not return identity providers when querying the realm representation 
Closes #21072

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-07 10:06:51 -03:00
StephanSchrader
4d64092119
Fix persist config values for custom components (#31862) 
Closes #31858

Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de>
Signed-off-by: Stephan Schrader <zstephanz@gmail.com>
Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>
 2024-08-07 14:40:30 +02:00
Martin Kanis
e750b44e9d Flaky test: org.keycloak.testsuite.model.DBLockTest#testTwoLocksCurrently 
Closes #25794

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-07 09:00:37 -03:00
Giuseppe Graziano
35c8c09b8d OIDC dynamic client registration with response_type=none 
Closes #19564

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-08-07 10:34:47 +02:00