libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23581 commits 4 branches 5 tags 480 MiB
Commit graph

6339 commits

Author SHA1 Message Date
Steven Hawkins
ec28b68554
fix: improve group matching (#25627) 
closes #25451

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2023-12-18 11:46:02 +01:00
mposolda
cd154cf318 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect 
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-18 11:32:27 +01:00
Takashi Norimatsu
59536becec Client policies : executor for enforcing DPoP 
closes #25315

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2023-12-18 10:45:18 +01:00
Joshua Sorah
a10149bbe9 For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs 
Closes keycloak#25544

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-18 09:05:51 +01:00
Ricardo Martin
ae04b954a6
Fix for test SSSDUserProfileTest.test05MixedInternalDBUserProfile (#25570) 
Closes #25566

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-15 18:57:31 +00:00
Martin Bartoš
14fd61bacc PubKeySignRegisterTest failures in WebAuthn tests 
Fixes #9693

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-12-15 14:52:05 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation 
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
 2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215) 
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6 Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration 
closes #25416

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-14 14:43:28 +01:00
Tomas Ondrusko
26342d829c Update web elements of the Instagram login page 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-12-14 14:03:53 +01:00
rmartinc
c14bc6f2b0 Create terms and conditions execution when registration form is added 
Closes #21730

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-13 15:32:58 +01:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-13 08:27:55 +01:00
VR
1545b32a64 Revert changes related to map store in test classes in base testsuite 
Closes #24567

Signed-off-by: VR <vramik@redhat.com>
 2023-12-12 16:16:38 +01:00
Thomas Darimont
0f5bbae75c
Add support for POST logout in Keycloak JS (#25348) 
Closes #25167

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-12-11 14:55:48 +01:00
Pedro Igor
78ba7d4a38 Do not allow removing username and email from user profile configuration 
Closes #25147

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-11 08:30:28 +01:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks 
Closes #23966
 2023-12-08 17:55:17 +01:00
mposolda
90bf88c540 Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers 
closes #24718

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-12-08 12:26:35 +01:00
Lukas Hanusovsky
baf6186863
25208 MSSQL startup message - fix (#25378) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2023-12-07 16:27:16 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification (#25323) 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24793
 2023-12-07 12:43:43 +00:00
Pedro Igor
b1626172aa Removing unnecessary property from auth-server-migration maven profile 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-06 15:35:29 -03:00
rmartinc
522e8d2887 Workaround to allow percent chars in getGroupByPath via PathSegment 
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-06 14:22:34 -03:00
Peter Zaoral
340eb99412
Unable to use < as part of a password (admin-cli) (#24939) 
* escaped angle bracket characters in password

Closes #21951

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-12-06 17:27:44 +01:00
Pedro Igor
ab1173182c Make sure realm is available from session when migrating to 23 
Closes #25183

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-06 07:42:54 -03:00
rmartinc
d004e9295f Do not allow remove a credential in account endpoint if provider marks it as not removable 
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-05 17:11:57 +01:00
Vlasta Ramik
6f37fefd8d
Delete container providers from the base testsuite (#25168) 
Closes #24097

Signed-off-by: vramik <vramik@redhat.com>
 2023-12-04 14:44:35 +01:00
Alfredo Moises Boullosa
0b48bef0b1 Update springboot version 
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
 2023-12-04 11:15:51 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi (#25206) 
Closes #24103

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-12-01 16:40:56 +00:00
rmartinc
31b7c9d2c3 Add UP decorator to SSSD provider 
Closes https://github.com/keycloak/keycloak/issues/25075

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-01 15:41:05 +01:00
mposolda
3fa2d155ca Decouple factory methods from the provider methods on UserProfileProvider implementation 
closes #25146

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-01 10:30:57 -03:00
Pedro Igor
c5bcdbdc3f Make sure username is lowercase when normalizing attributes 
Closes #25173

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-01 12:16:13 +01:00
Martin Kanis
4279bbc6b5 Map Store Removal: Delete map profiles from testsuite 
Closes #24094

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2023-11-30 14:59:02 +01:00
vramik
587cef7de4 Delete Profile.Feature.MAP_STORAGE 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24102
 2023-11-30 13:04:39 +01:00
Pedro Igor
c7f63d5843 Add options to change behavior on how unmanaged attributes are managed 
Closes #24934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473) 
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-30 08:57:17 +01:00
Douglas Palmer
d0b86d2f64 Register event not triggered on external to internal token exchange 
Closes #9684

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 15:30:47 -03:00
mposolda
479e6bc86b Update Kerberos provider for user-profile 
closes #25074

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider 
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d Remove lowercase for the hostname as recommended/advised by OAuth spec 
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 10:26:00 -03:00
Martin Bartoš
e71d850a03 Run SAML adapter tests with EAP 8 
Closes #24168

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-28 14:07:44 +01:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider 
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax (#25) (#25036) 
Closes https://github.com/keycloak/security/issues/46

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2023-11-27 11:38:14 +01:00
Takashi Norimatsu
1f5ee9bf80 NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token 
closes #25022

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2023-11-27 08:49:48 +01:00
Thomas Darimont
8888e3d41c
Avoid deprecated API usage in testsuite/integration-arquillian/tests/base (#24904) 
- Removed unused imports
- Avoided deprecated junit/hamcrest API
- Avoid usage of JDK API scheduled for removal

This should reduce the number of compiler warnings in the logs quite a bit

closes #24995 

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-24 09:37:34 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings 
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2023-11-22 14:10:11 +01:00
Thomas Darimont
cd1e0e06c6
Avoid deprecated API usage in testsuite/integration-arquillian/util (#24870) 
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-21 12:45:58 +01:00
Martin Bartoš
87ed656685 Start of MS-SQL fails in CI 
Closes #24846

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-20 15:09:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943) 
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-20 14:48:17 +01:00
rmartinc
5fad76070a Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience 
Closes https://github.com/keycloak/keycloak/issues/24659

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-16 18:22:16 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB 
Closes #24095

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-11-16 13:50:56 +01:00
rmartinc
cca33baac3 Avoid NPE if RelayState is null and return a proper error 
Closes https://github.com/keycloak/keycloak/issues/24079

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-16 12:56:49 +01:00