keycloak-scim

Author	SHA1	Message	Date
CARBONNEAUX Mathieu	acf79b81c7	add RS256 algorithm to webauthn default policy (#30528 ) closes #28020 Signed-off-by: Mathieu CARBONNEAUX <mathieu.carbonneaux@ch2o.info>	2024-06-19 10:16:46 +02:00
Pedro Ruivo	18a6c79011	Infinispan Protostream Marshaller (#29474 ) Closes #29394 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-13 18:02:46 +02:00
vramik	d355e38424	Provide a cache layer for the organization model Closes #30087 Signed-off-by: vramik <vramik@redhat.com>	2024-06-13 08:13:36 -03:00
Giuseppe Graziano	6067f93984	Improvements to refresh token rotation with multiple tabs (#29966 ) Closes #14122 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-07 12:02:36 +02:00
Pedro Igor	4c39fcc79d	Allow to configure if users are automatically redirected when the email domain matches an organization Closes #30050 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-03 13:34:21 +02:00
mposolda	37c10b4d43	Improve documentation for the case when 'basic' client scope already exists closes #29880 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-29 13:32:05 +02:00
Pedro Igor	bbb83236f5	Do not lower-case the username from the IdP when creating the federated identity Closes #28495 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 01:58:20 -03:00
Stefan Guilhen	694ffaf289	Allow organizations in different realms to have the same domain Closes #29886 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-28 08:02:30 -03:00
mposolda	ea1cdc10bd	MigrateTo25_0_0 does not complete within default transaction timeout closes #29756 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-27 10:31:39 +02:00
Pedro Igor	2d4d32764c	Show a message when confirming an invitation link Closes #29794 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-27 08:33:22 +02:00
Daniel Fesenmeyer	c08621fa63	Always order required actions by priority (regardless of context) - AuthenticationManager#actionRequired: make sure that the highest prioritized required action is performed first, possibly before the currently requested required action - AuthenticationManager#nextRequiredAction: make sure that the next action is requested via URL, also based on highest priority (-> requested URL will match actually performed action, unless required actions for the user are changed by a parallel operation) - add tests to RequiredActionPriorityTest, add helper method for priority setup to ApiUtil (for easier and more robust setup than up-to-now) - fix test WebAuthnRegisterAndLoginTest - which failed because WebAuthnRegisterFactory (prio 70) is now executed before WebAuthnPasswordlessRegisterFactory (prio 80) Closes #16873 Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>	2024-05-23 09:07:56 +02:00
Thomas Darimont	ab376d9101	Make required actions configurable (#28400 ) - Add tests for crud operations on configurable required actions - Add support exposing the required action configuration via RequiredActionContext - Make configSaveError message reusable in other contexts - Introduced admin-ui specific endpoint for retrieving required actions with config metadata Fixes #28400 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-05-23 08:38:36 +02:00
vramik	278341aff9	Add organizations enabled/disabled capability Closes #28804 Signed-off-by: vramik <vramik@redhat.com>	2024-05-22 07:58:26 -03:00
Alexander Schwartz	80de3a0a71	Allow migration of non-persistent sessions to persistent sessions Closes #29375 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-22 10:30:46 +02:00
rmartinc	f7044ba5c2	Use SessionExpirationUtils for validate user and client sessions Check client session is valid in TokenManager Closes #24936 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-22 10:12:20 +02:00
Nicola Beghin	3d1c20b4a5	Add new `ProviderConfigProperty` type for URLs in Admin Console (#27743 ) Closes #27673 Signed-off-by: Nicola Beghin <nicolabeghin@gmail.com>	2024-05-14 09:34:49 +00:00
mposolda	d8a7773947	Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests closes #12298 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-13 16:33:29 +02:00
Pedro Igor	b50d481b10	Make sure organization groups can not be managed but when managing an organization Closes #29431 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-10 21:28:11 -03:00
Stefan Guilhen	aa945d5636	Add description field to OrganizationEntity Closes #29356 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-07 10:35:51 -03:00
Dimitri Papadopoulos Orfanos	cd8e0fd333	Fix user-facing typos in Javadoc (#28971 ) Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-05-06 18:57:55 +00:00
Stefan Guilhen	dae1eada3d	Add enabled field to OrganizationEntity Closes #28891 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-06 14:46:56 -03:00
Pedro Igor	32d25f43d0	Support for mutiple identity providers Closes #28840 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-04 16:19:27 +02:00
Giuseppe Graziano	8c3f7cc6e9	Ignore include in token scope for refresh token Closes #12326 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-05-03 09:05:03 +02:00
Steven Hawkins	4697cc956b	further refinement of context handling (#28182 ) * fully removing providers and moving the keycloaksession creation / final cleanup also deprecated Resteasy utility methods closes: #29223 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-02 11:21:01 -04:00
Stefan Guilhen	45e5e6cbbf	Introduce filtered (and paginated) search for organization members Closes #28844 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-02 11:25:43 -03:00
Alexander Schwartz	d69872fa11	Batch writes originating from logins/logouts for persistent sessions All writes for the sessions are handled by a background thread which batches them. Closes #28862 Wait for persistent-store to contain update instead of cache which has the change immediately since it is in memory + introduce new model-test profile Closes #29141 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-04-30 14:07:35 +02:00
Pedro Igor	51352622aa	Allow adding realm users as an organization member Closes #29023 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-29 08:37:47 -03:00
mruzicka	ae1aaef96c	Avoid re-creating required action comparator (#29122 ) closes #29130 Signed-off-by: Michal Růžička <michal.ruza@gmail.com>	2024-04-29 09:18:50 +02:00
vramik	d65649d5c0	Make sure organization are only manageable by the admin users with the manage-realm role Closes #28733 Signed-off-by: vramik <vramik@redhat.com>	2024-04-23 12:16:57 -03:00
Mark Banierink	ad32896725	replaced and removed deprecated token methods (#27715 ) closes #19671 Signed-off-by: Mark Banierink <mark.banierink@nedap.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-23 09:23:37 +02:00
Tero Saarni	64862d568e	Convert database errors to 500 instead of 400. Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2024-04-22 11:42:18 -03:00
Pedro Igor	1e3837421e	Organization member onboarding using the organization identity provider Closes #28273 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-17 07:24:01 -03:00
Stefan Guilhen	2ab8bf852d	Add validation for the organization's internet domains. Closes #28634 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-15 09:03:52 -03:00
Pedro Igor	61b1eec504	Prevent members with an email other than the domain set to an organization Closes #28644 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-12 08:33:18 -03:00
Alexander Schwartz	b4cfebd8d5	Persistent sessions code also for offline sessions (#28319 ) Persistent sessions code also for offline sessions Closes #28318 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-04-12 13:15:02 +02:00
rmartinc	6d74e6b289	Escape slashes in full group path representation but disabled by default Closes #23900 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-12 10:53:39 +02:00
Pedro Igor	8f8094408e	Encapsulate the logic to set attributes into the domain model Closes #28646 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-11 15:32:21 -03:00
Stefan Guilhen	9a466f90ab	Add ability to set one or more internet domain to an organization. Closed #28274 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-10 13:18:12 -03:00
Martin Kanis	51fa054ba7	Manage organization attributes Closes #28253 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-04-10 09:10:49 -03:00
rmartinc	41b706bb6a	Initial security profile SPI to integrate default client policies Closes #27189 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-10 11:19:56 +02:00
Alexander Schwartz	63e7523a6d	Avoid unnecessary updates to the sessions during refreshes of tokens Closes #28388 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-04-09 14:55:21 +02:00
Václav Muzikář	e4987f10f5	Hostname SPI v2 (#26345 ) * Hostname SPI v2 Closes: #26084 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Address review comment Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Partially revert the previous fix Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Do not polish values Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Remove filtering of denied categories Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-04-09 11:25:19 +02:00
vibrown	3fffc5182e	Added ClientType implementation from Marek's prototype Signed-off-by: vibrown <vibrown@redhat.com> More updates Signed-off-by: vibrown <vibrown@redhat.com> Added client type logic from Marek's prototype Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> updates Signed-off-by: vibrown <vibrown@redhat.com> Testing to see if skipRestart was cause of test failures in MR	2024-04-08 20:20:37 +02:00
Pedro Igor	52ba9b4b7f	Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user Closes #28248 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-08 09:05:16 -03:00
Pedro Igor	fefeb83588	Changes the contract to make it simpler and rely on the realm available from the current session Closes #28403 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-03 14:45:31 +02:00
Pedro Igor	b9a7152a29	Avoid commiting the transaction prematurely when creating users through the User API Closes #28217 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-27 19:16:09 -03:00
Jon Koops	3382e16954	Remove Account Console version 2 (#27510 ) Closes #19664 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-03-27 10:53:28 +01:00
Steven Hawkins	be32f8b1bf	fix: limit the use of Resteasy to the KeycloakSession (#28150 ) * fix: limit the use of Resteasy to the KeycloakSession contextualizes other state to the KeycloakSession close: #28152	2024-03-26 13:43:41 -04:00
vramik	fa1571f231	Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member Closes #27993 Signed-off-by: vramik <vramik@redhat.com>	2024-03-26 14:02:09 -03:00
Stian Thorgersen	8cbd39083e	Default password hashing algorithm should be set to default password hash provider (#28128 ) Closes #28120 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 12:44:11 +01:00

1 2 3 4 5 ...

778 commits