keycloak-scim

Author	SHA1	Message	Date
Alexander Schwartz	6f287e7ded	Avoid using methods on UserCredentialStoreManager	2022-06-21 08:53:06 +02:00
Alexander Schwartz	bc8fd21dc6	SingleUserCredentialManager moving in - UserStorageManager now handles authentication for old Kerberos+LDAP style - new getUserByCredential method in MapUserProvider would eventually do the same.	2022-06-21 08:53:06 +02:00
Alexander Schwartz	82094d113e	Move User Storage SPI, introduce ExportImportManager	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	703e868a51	Preparation for moving User Storage SPI - Introduction of new AdminRealmResource SPI - Moving handler of /realm/{realm}/user-storage into model/legacy-service - session.users() and userStorageManager() moved refers legacy module IMPORTANT: Broken as UserStorageSyncManager is not yet moved	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	36f76a37ad	Move realms, clients, groups, roles, clientscopes into legacy module - Introduces Datastore SPI for isolating data store methods - Introduces implementation of the datastore for legacy storage - Updates DefaultKeycloakSession to leverage Datastore SPI instead of direct creating of area providers by the session	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	247ff52187	Introduce legacy datastore module and update dependencies	2022-06-21 08:53:06 +02:00
Alexander Schwartz	850af55edc	Ensure that only JDK 8 APIs are used where JDK 8 is still required. Closes #10842	2022-06-20 14:44:33 -03:00
Michal Hajas	781183e551	Enable indexing for ResourceServerEntity Closes #12533	2022-06-20 10:17:19 +02:00
Martin Bartoš	d8112d7b7e	DB migration tests execution for Quarkus (#12525 ) Closes #12524	2022-06-20 10:12:37 +02:00
Alexander Schwartz	71e7982a49	Adding central time offset reset in model tests as it was missing for AuthenticationSessionTest and UserSessionPersisterProviderTest Also adding try/finally in other places in the integration tests where it was missing. Closes #12530	2022-06-16 13:42:55 +02:00
nehachopra27	39cff0750c	[Fix keycloak#12385] Update option to run kc.bat on windows instead of kc.sh (#12386 ) Co-authored-by: nchopra <nchopra@redhat.com> Resolves #12385	2022-06-15 11:29:11 -03:00
vramik	1b3a76d0af	Do not persist client sessions of transient user sessions Closes #12357	2022-06-15 10:54:23 +02:00
Martin Bartoš	0fef4305b6	Logout confirm page is failing to log the user out on auth-server-wildfly Fixes #11753	2022-06-14 10:46:02 +02:00
mposolda	3aefb59d40	Fix test failure in X509BrowserCRLTest on IBM JDK. Don't display details of exception message to the end user Closes #12458	2022-06-14 10:44:31 +02:00
Alexander Schwartz	c2043da78e	When asserting a URL, allow for some time for any redirect to complete. Closes #12446	2022-06-14 07:30:31 +02:00
Christoph Leistert	442eff0169	Closes #11851 : Apply localization text from realm default locale when it is not defined for the requested language. (#11852 )	2022-06-10 14:36:11 -04:00
Martin Bartoš	2cf089424a	ClientClientScopesTest failures in the test pipeline (#12440 ) Resolves #12439	2022-06-10 09:13:25 -03:00
Alexander Schwartz	361a813d81	Keep a list of model instances in the JPA map session. This allows removing them from the persistence context on bulk delete. Closes #12384	2022-06-09 12:39:04 -03:00
Joerg Matysiak	3c19ad627f	Repsect permissions configured to firstName and lastName when configured in user profile Resolves #12109	2022-06-09 10:10:15 -03:00
Pedro Igor	8aecba1795	Fixing how realm frontendurl is cached when resolving the hostname Closes #11894	2022-06-08 16:41:25 -03:00
Alexander Schwartz	9272c7a5ec	Allow for the backend to return granted scopes in any order. Closes #12395	2022-06-08 08:39:14 -03:00
mposolda	5d2bf6ea33	Cannot find ScriptEngine for JDK8 and Wildfly Closes #12247	2022-06-08 11:11:36 +02:00
Pedro Igor	243e63c9f3	Do not set empty permissions to username and email attributes Closes #11647	2022-06-07 10:59:35 -03:00
Sebastian Schuster	a0c402b93a	11198 added event information to consent granting and revocation via REST API (#11199 )	2022-06-07 11:29:20 +02:00
Stian Thorgersen	e49e8335e0	Refactor BouncyIntegration (#12244 ) Closes #12243	2022-06-07 09:02:00 +02:00
Martin Kanis	df72cf72f2	Hot Rod map storage: Single-use (action token) no-downtime store	2022-06-06 16:01:18 +02:00
rmartinc	5332a7d435	Issue #9194 : Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256	2022-06-06 12:07:09 +02:00
Takashi Norimatsu	3889eeda30	Client Policies: pkce-enforcer executor with client-access-type condition is not applied on client change via Admin API Closes #12295	2022-06-06 11:30:48 +02:00
Michal Hajas	09c0a69a8f	Add HotRod no downtime store for events Closes #9676	2022-06-02 13:30:19 +02:00
Alexander Schwartz	6c3d25fd8f	Limit the number of clientSessionIds in the test Before it was 1500 client sessions, now its only 150 client sessions. This should help to keep the test within its time constraint of 60 + 30 seconds. Closes #12264	2022-05-31 17:10:49 +02:00
mposolda	f90fbb9c71	Changing locale on logout confirmation did not work Closes #11951	2022-05-31 16:03:58 +02:00
Takashi Norimatsu	d083b6c484	ciba http auth channel sends client_id and client_secret via delegation request Closes #10993	2022-05-31 08:22:50 +02:00
vramik	be28e866b9	JPA map storage: Authorization services no-downtime store Closes #9669	2022-05-30 21:05:34 +02:00
Pedro Igor	ea22989d89	Fixing ClientTokenExchangeTest to also run when TLS is disabled Closes #11818	2022-05-30 11:23:46 -03:00
Pedro Hos	e121371401	/clients-registrations API doesn't return secret anymore and is not coherent #11116 /clients-registrations API doesn't return secret anymore and is not coherent fixing merge /clients-registrations API doesn't return secret anymore and is not coherent fixing test that was failing Replace tabs with regular spaces fixing identation /clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116 fixing test that was failing	2022-05-30 15:18:56 +02:00
mposolda	4222de8f41	OIDC RP-Initiated Logout POST method support Closes #11958	2022-05-30 14:10:58 +02:00
Michal Hajas	1a98765fb7	Fix cascade removal of client session on user session removal for CHM Closes #12146	2022-05-30 09:58:54 +02:00
Marek Posolda	cf386efa40	Support for client_id parameter in OIDC RP-Initiated logout endpoint (#12202 ) Closes #12002 Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2022-05-27 14:12:37 +02:00
Marek Posolda	eed944292b	Make script providers working on JDK 17 (#11322 ) Closes #9945	2022-05-27 12:28:50 +02:00
Luca Leonardo Scorcia	27650ab816	Fix #10982 SAML Client - Introduce SAML Issuer validation	2022-05-27 10:58:10 +02:00
Martin Bartoš	d8cded994f	WebAuthn test failures in admin console (#12161 ) Resolves #12160	2022-05-26 12:55:22 -03:00
Michal Hajas	bc59fad85b	Unify way how expirable entities are handled in the new store Closes #11947	2022-05-26 13:17:27 +02:00
Martin Kanis	0cb3c95ed5	Map storage: Single-use objects (action token)	2022-05-25 16:47:10 +02:00
vramik	2cbc167435	JPA map storage: model tests fails with NPE Closes #12165	2022-05-25 09:28:08 +02:00
Martin Bartoš	86f31e8df5	Fix BlacklistPasswordPolicyDefaultPath Failures on Windows Fixes #11967	2022-05-24 17:26:19 -03:00
Martin Bartoš	bb3b88963b	New Account console tests failures (#12050 ) * New Account console tests failures, Fix additional tests, solve issue with headless browsers Fixes #11323	2022-05-24 09:36:08 +02:00
vramik	24171d2e47	Rename providers from jpa-map-storage to jpa Closes #12098	2022-05-23 16:47:51 +02:00
vramik	0c3aa597f9	JPA map storage: test failures after cache was disabled Closes #12118	2022-05-23 13:01:30 +02:00
vramik	f8ca25d4a4	Add a profiles testsuite for jpa-map storage Closes #12045	2022-05-20 09:17:33 +02:00
Stian Thorgersen	075e284455	Remove legacy (non-Elytron) WildFly adapter (#11789 ) Closes #11683	2022-05-18 10:34:47 +02:00
Michal Hajas	0bda7e6038	Introduce map event store with CHM implementation Closes #11189	2022-05-17 12:57:35 +02:00
Michal Hajas	b86f205cda	Make KeycloakServer runnable with external Infinispan server Closes #12011 Closes #12014	2022-05-16 21:50:35 +02:00
Takashi Norimatsu	9541852a9b	ID token encryption without specifying id_token_encrypted_response_enc does not follow OIDC Dynamic Client Registration specification Closes #11392	2022-05-16 09:05:22 +02:00
Takashi Norimatsu	7fa24d247a	Deprecated org.keycloak.jose.jws.Algorithm is used in OIDCAdvancedConfigWrapper Closes #11394	2022-05-16 08:56:57 +02:00
Martin Kanis	0d6bbd437f	Merge single-use token providers into one Fixes first part of: #11173 * Merge single-use token providers into one * Remove PushedAuthzRequestStoreProvider * Remove OAuth2DeviceTokenStoreProvider * Delete SamlArtifactSessionMappingStoreProvider * SingleUseTokenStoreProvider cleanup * Addressing Michal's comments * Add contains method * Add revoked suffix * Rename to SingleUseObjectProvider	2022-05-11 13:58:58 +02:00
Michal Hajas	d3b43a9f59	Make sure there is always Realm or ResourceServer when searching for authz entities Closes #11817	2022-05-11 07:20:01 -03:00
Réda Housni Alaoui	5d87cdf1c6	KEYCLOAK-6455 Ability to require email to be verified before changing (#7943 ) Closes #11875	2022-05-09 18:52:22 +02:00
Michal Hajas	6b5c417742	Add HotRod store for authorization services Closes #9679	2022-05-06 15:31:38 +02:00
Michal Hajas	fc974fc019	Update composite roles on child role removal Closes #11769	2022-05-05 15:18:18 +02:00
Stian Thorgersen	491b3262de	Remove Jetty 9.2 and 9.3 adapters (#11792 ) Closes #11791	2022-05-04 15:24:46 +02:00
azilentech	f7f24c6ca3	Updated test scenarios	2022-05-03 10:59:31 -03:00
vramik	0d83b51b20	Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field Co-authored-by Michal Hajas <mhajas@redhat.com> Closes #10883	2022-05-03 12:56:27 +02:00
Hynek Mlnarik	1b1cf266eb	Add support for async profiler to model testsuite Fixes: #11743	2022-05-03 12:53:10 +02:00
Sven-Torben Janus	0efa4afd49	Evaluate composite roles for hardcoded LDAP roles/groups Closes: 11771 see also KEYCLOAK-18308	2022-05-02 14:13:37 +02:00
Stian Thorgersen	52ca546cfa	Remove Fuse adapters (#11740 ) Closes #11677	2022-05-02 09:55:52 +02:00
Alexander Schwartz	e2cf6ae92b	Disable caching for map storage. Also aligns the properties with the integration test suite to avoid confusion. Closes #11748	2022-04-29 12:03:18 +02:00
Stian Thorgersen	b65d76edab	Remove EAP6 and AS7 adapters (#11605 ) Closes #11604	2022-04-28 11:20:44 +02:00
vramik	2ecf250e37	Deletion of all objects when realm is being removed Closes #11076	2022-04-28 11:09:17 +02:00
Alexander Schwartz	29233f33c8	Clear import/export properties at the end of the test This avoids the pollution of system properties that might lead to failures following tests. Closes #11670	2022-04-28 11:02:16 +02:00
Douglas Palmer	fdcbc9b27b	Automated test for session-limits authenticator with identity brokering (post-broker login flow) (#11723 ) Closes #11004	2022-04-28 10:29:41 +02:00
Stian Thorgersen	e3f3e65ac5	Remove JDK7 support for adapters (#11607 ) Closes #11606	2022-04-27 08:33:23 +02:00
vramik	5248815091	Disable infinispan realm and user cache for map storage tests Closes #11213	2022-04-25 09:38:49 +02:00
Martin Bartoš	53ea60b8d5	Remove support for IE (#11271 ) Closes #11268	2022-04-22 10:38:41 +02:00
Pedro Igor	76d83f46fa	Avoid clients exchanging tokens using tokens issued to other clients (#11542 )	2022-04-20 19:14:55 +02:00
Stian Thorgersen	ac79fd0c23	Disallow special characters in usernames to prevent confusion with similarly looking usernames (#11531 ) Closes #11532 Co-authored-by: Douglas Palmer <dpalmer@redhat.com>	2022-04-20 15:53:15 +02:00
Stefan Guilhen	b29b27d731	Ensure code does not rely on a particular format for the realm id or component id	2022-04-20 14:40:38 +02:00
Pedro Igor	2cb5d8d972	Removing upload scripts feature (#11117 ) Closes #9865 Co-authored-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2022-04-20 14:25:16 +02:00
Martin Bartoš	3aa3db16ea	Fix error response for invalid characters (#11533 ) Fixes #11530	2022-04-20 11:26:08 +02:00
Pedro Igor	f1fd7af758	Remove policies when user is deleted (#11385 ) Closes #11284	2022-04-20 09:23:46 +02:00
Stian Thorgersen	b79f01c72d	Upgrade to WildFly 26.1.0.Final (#11094 ) Closes #10999	2022-04-20 08:38:10 +02:00
Martin Bartoš	e09f618cef	Ignore WebAuthnIdLessTest for Firefox (#11299 ) Closes #11297	2022-04-19 14:45:24 +02:00
Martin Bartoš	2632fa7779	WebAuthnSigningInTest failures caused by different titles (#11305 ) Fixes #11298	2022-04-19 14:44:51 +02:00
m-takai	5f0e27a792	Add duplicate parameters check process in Device Authz Endpoint. AuthorizationEndpointRequest class already checks duplicated parameters but DeviceEndpoint class has not checked its error. Thus a check process is added in handleDeviceRequest() Closes #11294	2022-04-19 14:20:39 +02:00
Pedro Igor	c5e4dc8cec	Associated permissions should only add resource type permissions if the resource is an instance (#11220 ) Closes #11148	2022-04-19 09:10:14 +02:00
Martin Kanis	a2d7cd7a5c	Hot Rod map storage: User / client session no-downtime store	2022-04-14 15:34:22 +02:00
msvechla	820ab52dce	Add support for filtering by enabled attribute on users count endpoint (#9842 ) Resolves #10896	2022-04-13 13:57:22 -03:00
Giacomo Altiero	3b7243cd47	Support for UserInfo response encrypted (#10519 ) Close #10517	2022-04-12 14:01:14 +02:00
Alexander Schwartz	a6dd9dc0f1	Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests. Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage. Closes #11211	2022-04-12 09:12:21 +02:00
Alexander Schwartz	5c810ad0e5	Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST" The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing". Also implementing a retry logic for all remaining errors regarding LDAP. Closes #11171	2022-04-11 10:03:15 +02:00
Pedro Igor	834a276767	NPE when caching policies based on scopes without a resource Closes #11180	2022-04-08 08:43:08 -03:00
Michal Hajas	1f2ebf4cba	Add HotRod no downtime store for Realms Closes #9670	2022-04-08 09:36:01 +02:00
Pedro Igor	b4770c30fd	Fixing NPE when querying resources by type Closes #11137	2022-04-07 15:10:20 -03:00
Tyler Andor	caebe50d7e	Updates patternfly libs and fixes breaking changes (#10748 ) adding nvmrc CIAM-1048 Device Activity screen PF updates CIAM-1046: Personal Info sub-header update Updates SigningInPage to use EmptyState component when there are no credentials. rearanged some components used in signing in page Displays ApplicationPage content in description list. Updates refresh link on ContentPage, updates Resources screen. CIAM-1049 Linked Accounts screen PF updates CIAM-1043-General upstream updates Updates AccountPage to display form errors. fix: display Set up Authenticator Application link on large viewport fix(page structure): rearranges page sections CIAM-1254/Personal info PF4 updates & Sidebar text updates updating layouts updating layout on Signing in and Linked acounts adding patternfly-additions adding patternfly-addons styles Updates Application page based on designs feedback. moving page description Updates status label on Applications page to be capitalized. Updates the copy-fonts script for keycloak.v2 to copy all font directories instead of one. update Personal info screen - set max width of 600px for form input fields update Personal info - remove required indicator from input fields General updates (#2) * removed the extra lines being shown * tweaked general spacing * general alignment and spacer application * refactor to get proper alignments without css globals * forgot to add the conditional on displaying the set up buttons * try and adjust the alignments Co-authored-by: zwitter <zwitter@redhat.com> resolve merge conflicts Device activity updates (#4) * update text to sentence case * update device info columns to be dynamic across various viewport sizes * update signed in device layout * update based on feedback Co-authored-by: Jon Szeto <jszeto@redhat.com> Linked accounts update (#3) * linked accounts screen - updated icons & Linked/Unlinked Login Providers layout & update text to sentence case Co-authored-by: Jon Szeto <jszeto@redhat.com> fixing ts errors cleaning up fonts and messages final review updates message update for Back to admin console link fixing capitalization on 2fa updating landing page welcome message fix: reposition Back to... link adjusting size for confirm modal updating spacing and alignment issues updating resources page removing unused header class fixes ts issues and updates node version to match the themes install npm updates fixing pf addons adding chokidar to get babel:watch working fixing issues from pull request feedback fixing tests fixes signingin page test fixing tests Co-authored-by: Tyler Andor <tandor@highereducation.com>	2022-04-06 13:00:38 +02:00
Stian Thorgersen	7c64f28934	Change admin console to load keycloak.js using a relative URL (#11109 ) * Change admin console to load keycloak.js using a relative URL Closes #11108 * fix tests Co-authored-by: Dominik Guhr <dguhr@redhat.com>	2022-04-06 09:35:26 +02:00
Michal Hajas	4c20388eb7	Remove SOAPException from SOAPBindingTest as RunOnServer cannot load it Closes #11090	2022-04-04 15:53:55 +02:00
Martin Kanis	395bd447f2	Hot Rod map storage: Login failure no-downtime store	2022-04-01 20:43:18 +02:00
Douglas Palmer	f57d0dd100	Automated tests for session limits authenticator (browser, direct grant, reset password) (#11046 ) Closes #11003	2022-04-01 18:44:38 +02:00
Marek Posolda	c50f09da25	Webauthn tests logout fix (#11040 ) Closes #11030	2022-04-01 08:06:39 +02:00
Michal Hajas	44000caaf5	KEYCLOAK-19177 Disable ECP flow by default for all Saml clients; ecp flow creates only transient users sessions	2022-03-31 16:06:44 +02:00
Teubner, Malte	b5f70d8a32	Add scope parameter to admin-client TokenManager. Closes #10759	2022-03-31 10:56:08 -03:00

1 2 3 4 5 ...

5626 commits