libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
24529 commits 4 branches 9 tags 483 MiB
Commit graph

4462 commits

Author SHA1 Message Date
Pedro Igor
b9a7152a29 Avoid commiting the transaction prematurely when creating users through the User API 
Closes #28217

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-27 19:16:09 -03:00
Lex Cao
a53cacc0a7 Fire logout event when logout other sessions (#26658) 
Closes #26658

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-03-27 11:13:48 +01:00
Jon Koops
3382e16954
Remove Account Console version 2 (#27510) 
Closes #19664

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-03-27 10:53:28 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession (#28150) 
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
 2024-03-26 13:43:41 -04:00
vramik
fa1571f231 Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member 
Closes #27993

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-26 14:02:09 -03:00
vramik
e7bc796553 When the realm has registrationEmailAsUsername set to false (default) it's not possible to add a member to an org 
Closes #28216

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-26 14:02:09 -03:00
Pedro Igor
a470711dfb Resolve the user federation link as null when decorating the user profile metadata in the LDAP provider 
Closes #28100

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-26 10:14:49 -03:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider (#28128) 
Closes #28120

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 12:44:11 +01:00
Stian Thorgersen
3f9cebca39
Ability to set the default provider for an SPI (#28135) 
Closes #28134

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:45:08 +01:00
Reda Bourial
a41d865600 fix for SMTP email sending fails because of tls certificate verification even with tls-hostname-verifier=ANY (#27756) 
Signed-off-by: Reda Bourial <reda.bourial@gmail.com>
 2024-03-21 17:06:42 +01:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options (#26833) 
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 16:22:41 +01:00
Steven Hawkins
35b9d8aa49
task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
Giuseppe Graziano
939420cea1 Always include offline_access scope when refreshing with offline token 
Closes #27878

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-03-21 14:32:31 +01:00
Pedro Igor
32541f19a3 Allow managing members for an organization 
Closes #27934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-21 10:26:30 -03:00
Martin Kanis
4154d27941 Invalidating offline token is not working from client sessions tab 
Closes #27275

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-03-21 09:04:58 -03:00
Pedro Igor
f970deac37 Do not grant scopes not granted for resources owned the resource server itself 
Closes #25057

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-20 18:36:41 +01:00
René Zeidler
83a3500ccf Attributes without a group should appear first 
In the login theme, user profile attributes that
are not assigned to an attribute group should
appear before all other attributes. This aligns
the login theme (registration, verify profile,
etc.) with the account and admin console.

Fixes #27981

Signed-off-by: René Zeidler <rene.zeidler@gmx.de>
 2024-03-19 18:40:01 +01:00
Peter Skopek
b77e228be4 Fix javadoc generation failure introduced with new dependencies 
for OID4VCI support (#28038)

Fixes #28038

Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2024-03-19 14:14:53 +01:00
Stefan Wiedemann
67d3e1e467
Issue Verifiable Credentials in the VCDM format #25943 (#27071) 
closes #25943


Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-03-18 17:05:53 +01:00
cgeorgilakis-grnet
24f105e8fc successful SAML IdP Logout Request with BaseID or EncryptedID and SessionIndex 
Closes #23528

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-03-18 08:19:13 -03:00
Alexander Schwartz
62d24216e3 Remove offline session preloading 
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5 The bare minimum implementation for organization 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: vramik <vramik@redhat.com>
 2024-03-15 11:06:43 -03:00
Peter Keuter
e26a261e4e
Filter subgroups before paginating 
Closes #27512

Signed-off-by: Peter Keuter <github@peterkeuter.nl>
 2024-03-15 10:57:57 +01:00
sebastien-helbert
e33bf39055
Review log message (#23962) 
missing spaces added in log message
 2024-03-14 13:44:22 +01:00
Alexander Schwartz
6de5325d1c Limit the received content when handling the content as a String 
Closes #27293

Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-13 16:43:03 +01:00
Réda Housni Alaoui
1bf90321ad
"Allowed Protocol Mapper Types" prevents clients from self-updating via client registration api (#27578) 
closes #27558 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-03-13 14:00:34 +01:00
rmartinc
43a5779f6e Do not challenge inside spnego authenticator is FORKED_FLOW 
Closes #20637

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-12 14:23:03 +01:00
Pedro Igor
1e48cce3ae Make sure empty configuration resolves to the system default configuration 
Closes #27611

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-11 09:01:38 -03:00
Stefan Wiedemann
6fc69b6a01
Issue Verifiable Credentials in the SD-JWT-VC format (#27207) 
closes #25942

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>


Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-03-11 08:55:28 +01:00
Hynek Mlnarik
26468e11f2 Use correct path to account console 
Fixes: #27709

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-03-08 14:31:32 +01:00
Ricardo Martin
299118c45a
Change oidcScopeMissing from WARN to DEBUG (#27439) 
Closes #27391

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-08 10:50:21 +00:00
Erik Jan de Wit
7d104dbe9d
no result to parse on success (#27336) 
* no result to parse on success

fixes: #27245
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* translate error message

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-03-08 09:56:23 +01:00
Pedro Igor
40385061f7 Make sure refresh token expiration is based on the current time when the token is issued 
Closes #27180

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-07 15:23:19 +01:00
rmartinc
ea4155bbcd Remove recursively when deleting an authentication executor 
Closes #24795

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-07 14:43:23 +01:00
graziang
54b40d31b6 Revoked token cache expiration fix 
Added 1 second to the duration of the cache for revoked tokens to prevent them from still being valid for 1 second after the expiration date of the access token.

Closes #26113

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-03-07 13:33:37 +01:00
Alexander Schwartz
595959398b
Instead of an InputStream that doesn't know about its encoding, use a String 
Closes #20916

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-07 10:24:36 +00:00
rmartinc
dea15e25da Only add the nonce claim to the ID Token (mapper for backwards compatibility) 
Closes #26893

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-07 09:56:57 +01:00
Theresa Henze
653d09f39a trigger REMOVE_TOTP event on removal of an OTP credential 
Closes #15403

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
 2024-03-06 17:12:50 +01:00
graziang
39299eeb38 Encode role name parameter in the location header uri 
The role is encoded to avoid template resolution by the URIBuilder. This fix avoids the exception when creating roles with names containing {patterns}.

Closes #27514

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-03-06 15:59:26 +01:00
rmartinc
82af0b6af6 Initial client policies integration for SAML 
Closes #26654

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-06 15:18:35 +01:00
graziang
4fa940a31e Device verification flow always requires consent 
Force consent for device verification flow when there are no client scopes to approve by adding a default client scope to approve

Closes #26100

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-03-05 14:14:19 +01:00
Tero Saarni
e06fcbe6ae Change supported criteria for Google Authenticator 
List Google Authenticator as supported when
- hash algorithm is SHA256 or SHA512
- number of digits is 8
- OTP type is hotp

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2024-03-05 11:19:06 +01:00
Jon Koops
7afd75ba08
Use browser router for Account Console (#22192) 
Closes #27442

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-03-04 12:38:28 +00:00
Steven Hawkins
be3e2fabc4
fix: remove the reliance on allowed classes (#27368) 
closes: #25038

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-04 12:17:53 +00:00
Lucy Linder
aa6771205a Update ReCAPTCHA and add support for ReCAPTCHA Enterprise 
Closes #16138

Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
 2024-03-04 20:28:06 +09:00
vramik
032bb8e9cc Map Store Removal: Remove obsolete KeycloakModelUtils.isUsernameCaseSensitive method 
Closes #27438

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-02 04:40:46 +09:00
rmartinc
f970803738 Check email and username for duplicated if isLoginWithEmailAllowed 
Closes #27297

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-02 00:14:27 +09:00
Andy
137907f5ef Roles admin REST API: Don't expand composite roles 
Additionally:
- Import clean-up
- Added requireMapComposite as in RoleResource.addComposites

Closes #26951

Signed-off-by: synth3 <19573241+synth3@users.noreply.github.com>
 2024-03-02 00:03:03 +09:00
Takashi Norimatsu
1792af6850 OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor 
closes #27412

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-03-01 14:49:23 +01:00
graziang
082f9ec15b Update client scopes in Client Update Request in DCR 
Fix ClientScopesClientRegistrationPolicy.beforeUpdate because it was modifying the original clientRepresentation.
Add updateClientScopes method to set client scopes in Client Update Request in DCR.

Closes #24361

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-03-01 12:32:45 +01:00