libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
22562 commits 4 branches 5 tags 483 MiB
Commit graph

4135 commits

Author SHA1 Message Date
Takashi Norimatsu
ee998fee66 Add FAPI 2.0 security profile as default profile of client policies 
closes #21181
 2023-08-03 09:26:16 +02:00
Ricardo Martin
a8bca522c1
Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627) 
Closes #9004


Co-authored-by: Armel Soro <armel@rm3l.org>
 2023-08-02 09:36:50 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests 
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
 2023-08-01 11:44:25 +02:00
Alexander Schwartz
748c53df7f
Use Java mechanisms to read language files and default to UTF-8 (#21755) 
Closes #21753
 2023-08-01 11:27:10 +02:00
mposolda
6f6b5e8e84 Fix authenticatorConfig for javascript providers 
Closes #20005
 2023-07-31 19:28:25 +02:00
rmartinc
0a7fcf43fd Initial pagination in the admin REST API for identity providers 
Closes https://github.com/keycloak/keycloak/issues/21073
 2023-07-27 14:48:02 +02:00
Takashi Norimatsu
9a921441cc Adjustements to the behaviour of dpop_bound_access_tokens switch 
closes #21920
 2023-07-27 11:30:01 +02:00
Alexander Schwartz
1ec8d3a9a4 Convert LinkExpirationFormatterMethod to Java's ChoiceFormat pattern 
Closes #21887
 2023-07-27 10:30:37 +02:00
Takashi Norimatsu
6498b5baf3 DPoP: OIDC client registration support 
closes #21918
 2023-07-26 13:00:35 +02:00
Ricardo Martin
ee35cfe478
Add logout other sessions checkbox to TOTP, webauthn and recovery authn codes setup pages (#21897) 
* Add logout other sessions checkbox to TOTP, webauthn, recovery authn codes setup pages and to update-email page
Closes #10232
 2023-07-26 11:34:19 +02:00
Hunor Kovács
5eb505aba5
Handle error when Microsoft Graph API /me returns not successful (#21696) 
* Response from Microsoft Graph API /me can be error too. So if that happens, throw an exception instead of trying to extract the user id.

* Update services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java

Co-authored-by: Ondra Pelech <ondra.pelech@gmail.com>

---------

Co-authored-by: Ondra Pelech <ondra.pelech@gmail.com>
 2023-07-26 07:22:52 +00:00
Takashi Norimatsu
0ddef5dda8
DPoP support 1st phase (#21202) 
closes #21200


Co-authored-by: Dmitry Telegin <dmitryt@backbase.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2023-07-24 16:44:24 +02:00
Takashi Norimatsu
05b8b9ee51 Enhancing Pluggable Features of Token Manager 
closes #21182
 2023-07-24 09:16:29 +02:00
Takashi Norimatsu
2efd79f982 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification 
Closes #20584
 2023-07-24 09:11:30 +02:00
ali_dandach
ef19e08814
Fix String comparisona (#21752) 
Closes #21773
 2023-07-21 10:37:24 +02:00
mposolda
03716ed452 Keycloak forgets ui_locales parameter when using reset password 
closes #10981
 2023-07-18 09:24:12 +02:00
rmartinc
630e3b2312 Revert emailVerified to false if email modified on force-sync non-trusted broker 
Closes https://github.com/keycloak/security/issues/48
 2023-07-17 13:13:47 +02:00
vramik
47eeece827 Update javadoc for user search in UserResource 
Closes #21053
 2023-07-11 11:14:29 +02:00
Pedro Igor
376d20c285
Remove user credentials from admin event representation (#21561) 
Closes #17470
 2023-07-11 08:26:29 +02:00
rmartinc
13870f3a69 Improve error management in the github provider 
Closes https://github.com/keycloak/keycloak/issues/9429
 2023-07-10 16:09:08 -03:00
Václav Muzikář
97a37f565e
Align guava dependency with the Quarkus Platform BOM (#21544) 
Closes #21364
 2023-07-10 16:13:13 +02:00
Daniele Martinoli
1644432df3 Reviewed solution as per reviewer's comments 2023-07-10 08:31:47 -03:00
Daniele Martinoli
d148a789f7 added clientNote to show the sign out option 2023-07-10 08:31:47 -03:00
Patrick Jennings
399a23bd56
Find an appropriate key based on the given KID and JWA (#21160) 
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.

Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.

* Update js/apps/admin-ui/public/locales/en/clients.json

Co-authored-by: Marek Posolda <mposolda@gmail.com>

* Updating boolean variable name based on suggestions by Marek.

* Adding integration test specifically for the JWT parameters for regression #20847.

---------

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-07-10 13:28:55 +02:00
Daniele Martinoli
817f129484
fix: closes #21095 (#21289) 
* fix: closes #21095

* Added overloaded version of GroupUtils.toGroupHierarchy with additional full parameter.
 2023-07-10 12:13:26 +02:00
Daniele Martinoli
7b8dcb42ea Using "Account is disabled" message (and also added new test case) 2023-07-07 12:16:38 -03:00
Daniele Martinoli
13e2075ceb Applying reviewer comments 2023-07-07 09:00:51 -03:00
Daniele Martinoli
e6d7749cbf fix for 21476 2023-07-07 09:00:51 -03:00
Daniele Martinoli
b458356aa9 integrated reviewer comments 2023-07-07 08:59:36 -03:00
Daniele Martinoli
c9a226e220 Update services/src/main/java/org/keycloak/broker/provider/HardcodedGroupMapper.java 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-07-07 08:59:36 -03:00
Daniele Martinoli
96f09fcd90 Update services/src/main/java/org/keycloak/broker/provider/HardcodedGroupMapper.java 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-07-07 08:59:36 -03:00
Daniele Martinoli
83d88f6bb5 added Hardcoded Group mapper to IDP configuration 2023-07-07 08:59:36 -03:00
Erik Jan de Wit
2f5040f565 added locale selector for account console 
fixes: #20941
 2023-07-06 11:14:39 -03:00
Douglas Palmer
8cc04a6724 NullPointerException on reading auth.attemptedUsername in terms template 
closes #21294
 2023-07-04 16:07:44 -03:00
rmartinc
09e30b3c99 Support for JWE IDToken and UserInfo tokens in OIDC brokers 
Closes https://github.com/keycloak/keycloak/issues/21254
 2023-07-03 21:25:46 -03:00
mposolda
ccbddb2258 Fix updating locale on info/error page after authenticationSession was already removed 
Closes #13922
 2023-07-03 18:57:36 -03:00
Jon Koops
c0b0a25f71
Handle exceptions thrown when requesting storage-access permission (#21325) 2023-06-30 00:35:10 +00:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider (#20188) 
Closes #20191


Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-06-29 18:44:15 +02:00
Joshua Sorah
f695eeaa44 Refactor Admin REST API Documentation to use OpenAPI annotations. 
Removes dependencies on swagger-doclet
Adds dependencies on microprofile-openapi-api
Plugins for smallrye-open-api-maven-plugin, openapi-generator-maven-plugin

Customized ascii doc template for openapi-generator-maven-plugin, to give similar feel to previous documentation.

OpenAPI annotations added to Admin REST API resources.

Closes keycloak/keycloak#20433
 2023-06-29 17:03:38 +02:00
Fouad Almalki
b336732251
Add iat to JWT passed to CIBA HttpAuthenticationChannel (#21280) 
Closes #21283
 2023-06-29 07:55:57 +02:00
Marek Posolda
51a9712e59 Improper Client Certificate Validation for OAuth/OpenID clients (#20) 
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2023-06-28 17:52:48 -03:00
Ricardo Martin
1973d0f0d4 Check the redirect URI is http(s) when used for a form Post (#22) 
Closes https://github.com/keycloak/security/issues/22

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2023-06-28 17:52:48 -03:00
Pedro Igor
28aa1d730d Verify holder of the device code (#21) 
Closes https://github.com/keycloak/security/issues/32

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Conflicts:
    services/src/main/java/org/keycloak/protocol/oidc/grants/device/DeviceGrantType.java
 2023-06-28 15:45:26 +02:00
rmartinc
4bc11bdf7f Do not return an error when moving a group to the current parent 
Closes https://github.com/keycloak/keycloak/issues/21242
 2023-06-28 10:34:15 +02:00
rmartinc
a5a2753d11 Don't allow impersonate disabled users or service accounts 
Closes https://github.com/keycloak/keycloak/issues/21106
 2023-06-28 10:18:21 +02:00
Douglas Palmer
59e1a5d992 Custom theme - url.resourcesCommonPath references wrong theme 
closes #20085
 2023-06-28 08:25:44 +02:00
Douglas Palmer
c75bf31398 Empty shortVerificationUri not the same with default (null) value 
closes #20851
 2023-06-27 14:57:24 +02:00
Pedro Igor
d0691b0884 Support for the locale user attribute 
Closes #21163
 2023-06-27 09:21:08 -03:00
Erik Jan de Wit
3a3907ab15
changed to use ConfiguredProvider instead (#21097) 
fixes: #15344
 2023-06-27 08:00:32 -04:00
eatik
0cc464695e Allowing users with view-users permission to call configured-user-storage-credential-types endpoint as per issue #20783 
Closes #20783
 2023-06-26 11:05:35 -03:00