libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
25346 commits 4 branches 5 tags 480 MiB
Commit graph

41 commits

Author SHA1 Message Date
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates 
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-20 14:36:14 -03:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3 
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1 
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Martin Kanis
89f83e9788 Importing organizations failing if there is no broker and members in the representation 
Closes #30305

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-06-19 08:46:04 -03:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474) 
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-13 18:02:46 +02:00
vramik
d355e38424 Provide a cache layer for the organization model 
Closes #30087

Signed-off-by: vramik <vramik@redhat.com>
 2024-06-13 08:13:36 -03:00
Alexander Schwartz
a161827766 Migration of sessions in KC25 should run only on migration, not on imports 
Closes #30351

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-12 23:16:54 +02:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966) 
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-06-07 12:02:36 +02:00
Pedro Igor
f8d55ca7cd Export import realm with organizations 
Closes #30006

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-05 09:50:03 +02:00
Andrejs Mivreniks
1cf87407fe Allow setting authentication flow execution priority value via Admin API 
Closes #20747

Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>
 2024-05-30 19:17:45 +02:00
mposolda
37c10b4d43 Improve documentation for the case when 'basic' client scope already exists 
closes #29880

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-29 13:32:05 +02:00
mposolda
ea1cdc10bd MigrateTo25_0_0 does not complete within default transaction timeout 
closes #29756

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-27 10:31:39 +02:00
Marek Posolda
2efc163b89
Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database 
Closes #27941

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-23 12:00:18 +00:00
vramik
278341aff9 Add organizations enabled/disabled capability 
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-22 07:58:26 -03:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions 
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-22 10:30:46 +02:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-06 14:46:56 -03:00
Stefan Guilhen
45e5e6cbbf Introduce filtered (and paginated) search for organization members 
Closes #28844

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-02 11:25:43 -03:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400. 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2024-04-22 11:42:18 -03:00
mposolda
c427e65354 Secondary factor bypass in step-up authentication 
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
 2024-04-19 14:43:53 +02:00
Joerg Matysiak
76a5a27082 Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it 
Don't mask secrets at realm export

Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
 2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130 Make sure admin events are not referencing sensitive data from their representation 
Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
 2024-04-18 18:26:47 -03:00
tqe1999
6e0fc8a774
fix integer overflow with explicit cast 
Closes #28564

Signed-off-by: tqe1999 <tqe1999@gmail.com>
 2024-04-11 10:58:44 +02:00
Alexander Schwartz
63e7523a6d Avoid unnecessary updates to the sessions during refreshes of tokens 
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 14:55:21 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
Giuseppe Graziano
fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper 
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-02 08:44:28 +02:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database (#27977) 
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.

Closes #27976

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-03-28 09:17:07 +01:00
Alexander Schwartz
62d24216e3 Remove offline session preloading 
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-15 15:19:27 +01:00
PetkoNosal
3989cb5e90
Fix missing log argument in MigrateTo24_0_0 
Closes #27779

Signed-off-by: Nosal, Peter (pn1895) <pn1895@att.com>
Co-authored-by: Nosal, Peter (pn1895) <pn1895@att.com>
 2024-03-13 16:36:27 +00:00
Pedro Igor
1e48cce3ae Make sure empty configuration resolves to the system default configuration 
Closes #27611

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-11 09:01:38 -03:00
Steve Hawkins
4091baf4c2 fix: accounting for the possibility of null flows from existing realms 
closes: #23980

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-08 14:25:23 +01:00
rmartinc
ea4155bbcd Remove recursively when deleting an authentication executor 
Closes #24795

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-07 14:43:23 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core (#27032) 
* fix: partial removal of resteasy-core

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: fully removing resteasy-core

closes: #26315

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-29 11:43:13 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm 
Closes #25823

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-02-28 16:17:51 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack 
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-22 09:34:51 +01:00
rmartinc
4ff4c3f897 Increase internal algorithm security using HS512 and 128 byte hmac keys 
Closes #13080

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-15 08:16:45 +01:00
Stefan Guilhen
2161e72872 Add migration for the useTruststoreSpi config property in LDAP user storage provider 
- legacy `ldapsOnly` value now migrated to `always`.

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-12 11:53:19 +01:00
Douglas Palmer
66f0d2ff1d blah 
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-07 15:55:06 -03:00
Douglas Palmer
d9d41b1a09 Brute Force Detection is disabled when updating frontenUrl via admin client 
Closes #21409

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-07 15:55:06 -03:00
Thomas Darimont
277af021d7 Improve ScheduledTask task-name handling 
This PR introduces a String getTaskName() default method to
the ScheduledTask interface and adjusts call sites to use the
implementation derived task name where possible.

Previously, ScheduledTask names were passed around separately, which
lead to unhelpful debug messages.
We now give ScheduledTask implementations control over their task-name
which allows for more flexible naming.

Enlist call StoreSyncEvent.fire(...) to after transaction to ensure realm is present in database.
Ensure that Realm is already committed before updating sync via UserStorageSyncManager
Align Sync task name generation for cancellation to support SyncFederationTest
Only log a message if sync task was actually canceled.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-02-02 09:57:03 -03:00
mposolda
cdc5d8fff8 Migrating Realm JSON with declarative user profile fails when scope selectors present on any attributes 
closes #26266

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-02-01 09:54:09 +01:00
Martin Kanis
7797f778d1 Map Store Removal: Rename legacy modules 
Closes #24107

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-25 16:29:16 +01:00