libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23887 commits 4 branches 5 tags 480 MiB
Commit graph

4615 commits

Author SHA1 Message Date
Alexander Schwartz
9e890264df Adding a test case to check that the expiration time is set on logout tokens 
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-22 20:13:40 +01:00
Niko Köbler
5e623f42d4 add the exp claim to the backchannel logout token 
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.

As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.

resolves #25753

Signed-off-by: Niko Köbler <niko@n-k.de>
 2023-12-22 20:13:40 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email 
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-20 15:15:06 -03:00
rmartinc
c2e41b0eeb Make Locale updater generate an event and use the user profile 
Closes #24369

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-20 15:26:45 +01:00
Daniel Fesenmeyer
baafb670f7 Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java) 
Closes #25677

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
 2023-12-20 14:03:35 +01:00
Konstantinos Georgilakis
cf57af1d10 scope parameter in refresh flow 
Closes #12009

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-20 14:00:10 +01:00
mposolda
eb184a8554 More info on UserProfileContext 
closes #25691

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-19 13:00:31 -03:00
Pedro Igor
810ebf4efd Migration steps for enabling user profile by default 
Closes #25528

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-19 10:19:45 -03:00
Joshua Sorah
d411eafc42 Ensure 'iss' is returned when 'prompt=none' and user is not authenticated, per RFC9207 
Closes keycloak/keycloak#25584

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-19 10:38:05 +01:00
Ricardo Martin
2ba7a51da6 Escape action in the form_post response mode (#60) 
Closes keycloak/keycloak-private#31
Closes https://issues.redhat.com/browse/RHBK-652

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 18:10:41 -03:00
Konstantinos Georgilakis
ba8c22eaf0 Scope parameter in Oauth 2.0 token exchange 
Closes #21578

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration 
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-18 15:35:52 -03:00
rmartinc
d841971ff4 Updating the UP configuration needs to trigger an admin event 
Close #23896

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-18 19:24:30 +01:00
Steven Hawkins
ec28b68554
fix: improve group matching (#25627) 
closes #25451

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2023-12-18 11:46:02 +01:00
mposolda
cd154cf318 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect 
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-18 11:32:27 +01:00
Takashi Norimatsu
59536becec Client policies : executor for enforcing DPoP 
closes #25315

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2023-12-18 10:45:18 +01:00
Joshua Sorah
a10149bbe9 For post logout redirect URI - Make '+' represent existing redirect URIs and merge with existing post logout redirect URIs 
Closes keycloak#25544

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2023-12-18 09:05:51 +01:00
Ricardo Martin
ae04b954a6
Fix for test SSSDUserProfileTest.test05MixedInternalDBUserProfile (#25570) 
Closes #25566

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-15 18:57:31 +00:00
Martin Bartoš
14fd61bacc PubKeySignRegisterTest failures in WebAuthn tests 
Fixes #9693

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-12-15 14:52:05 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation 
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
 2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215) 
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2023-12-14 11:15:06 -03:00
mposolda
c81b533cf6 Update UserProfileProvider.setConfiguration. Tuning of UserProfileProvider.getConfiguration 
closes #25416

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-14 14:43:28 +01:00
Tomas Ondrusko
26342d829c Update web elements of the Instagram login page 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2023-12-14 14:03:53 +01:00
rmartinc
c14bc6f2b0 Create terms and conditions execution when registration form is added 
Closes #21730

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-13 15:32:58 +01:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-13 08:27:55 +01:00
VR
1545b32a64 Revert changes related to map store in test classes in base testsuite 
Closes #24567

Signed-off-by: VR <vramik@redhat.com>
 2023-12-12 16:16:38 +01:00
Thomas Darimont
0f5bbae75c
Add support for POST logout in Keycloak JS (#25348) 
Closes #25167

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-12-11 14:55:48 +01:00
Pedro Igor
78ba7d4a38 Do not allow removing username and email from user profile configuration 
Closes #25147

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-11 08:30:28 +01:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks 
Closes #23966
 2023-12-08 17:55:17 +01:00
mposolda
90bf88c540 Introduce ProtocolMapper.getEffectiveModel to make sure values displayed in the admin console UI are 'effective' values used when processing mappers 
closes #24718

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2023-12-08 12:26:35 +01:00
Lukas Hanusovsky
baf6186863
25208 MSSQL startup message - fix (#25378) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2023-12-07 16:27:16 +01:00
Pedro Igor
b1626172aa Removing unnecessary property from auth-server-migration maven profile 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-06 15:35:29 -03:00
rmartinc
522e8d2887 Workaround to allow percent chars in getGroupByPath via PathSegment 
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-06 14:22:34 -03:00
Peter Zaoral
340eb99412
Unable to use < as part of a password (admin-cli) (#24939) 
* escaped angle bracket characters in password

Closes #21951

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-12-06 17:27:44 +01:00
Pedro Igor
ab1173182c Make sure realm is available from session when migrating to 23 
Closes #25183

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-06 07:42:54 -03:00
rmartinc
d004e9295f Do not allow remove a credential in account endpoint if provider marks it as not removable 
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-05 17:11:57 +01:00
Vlasta Ramik
6f37fefd8d
Delete container providers from the base testsuite (#25168) 
Closes #24097

Signed-off-by: vramik <vramik@redhat.com>
 2023-12-04 14:44:35 +01:00
Alfredo Moises Boullosa
0b48bef0b1 Update springboot version 
Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
 2023-12-04 11:15:51 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi (#25206) 
Closes #24103

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-12-01 16:40:56 +00:00
rmartinc
31b7c9d2c3 Add UP decorator to SSSD provider 
Closes https://github.com/keycloak/keycloak/issues/25075

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-01 15:41:05 +01:00
mposolda
3fa2d155ca Decouple factory methods from the provider methods on UserProfileProvider implementation 
closes #25146

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-12-01 10:30:57 -03:00
Pedro Igor
c5bcdbdc3f Make sure username is lowercase when normalizing attributes 
Closes #25173

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-01 12:16:13 +01:00
Martin Kanis
4279bbc6b5 Map Store Removal: Delete map profiles from testsuite 
Closes #24094

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2023-11-30 14:59:02 +01:00
vramik
587cef7de4 Delete Profile.Feature.MAP_STORAGE 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24102
 2023-11-30 13:04:39 +01:00
Pedro Igor
c7f63d5843 Add options to change behavior on how unmanaged attributes are managed 
Closes #24934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-11-30 06:58:21 -03:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473) 
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-30 08:57:17 +01:00
Douglas Palmer
d0b86d2f64 Register event not triggered on external to internal token exchange 
Closes #9684

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-29 15:30:47 -03:00
mposolda
479e6bc86b Update Kerberos provider for user-profile 
closes #25074

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-29 15:21:26 -03:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider 
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d Remove lowercase for the hostname as recommended/advised by OAuth spec 
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 10:26:00 -03:00
Martin Bartoš
e71d850a03 Run SAML adapter tests with EAP 8 
Closes #24168

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-28 14:07:44 +01:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider 
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax (#25) (#25036) 
Closes https://github.com/keycloak/security/issues/46

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2023-11-27 11:38:14 +01:00
Takashi Norimatsu
1f5ee9bf80 NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token 
closes #25022

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2023-11-27 08:49:48 +01:00
Thomas Darimont
8888e3d41c
Avoid deprecated API usage in testsuite/integration-arquillian/tests/base (#24904) 
- Removed unused imports
- Avoided deprecated junit/hamcrest API
- Avoid usage of JDK API scheduled for removal

This should reduce the number of compiler warnings in the logs quite a bit

closes #24995 

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-24 09:37:34 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings 
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2023-11-22 14:10:11 +01:00
Thomas Darimont
cd1e0e06c6
Avoid deprecated API usage in testsuite/integration-arquillian/util (#24870) 
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-21 12:45:58 +01:00
Martin Bartoš
87ed656685 Start of MS-SQL fails in CI 
Closes #24846

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-20 15:09:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943) 
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-20 14:48:17 +01:00
rmartinc
5fad76070a Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience 
Closes https://github.com/keycloak/keycloak/issues/24659

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-16 18:22:16 +01:00
rmartinc
cca33baac3 Avoid NPE if RelayState is null and return a proper error 
Closes https://github.com/keycloak/keycloak/issues/24079

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-16 12:56:49 +01:00
rmartinc
e3b2eec1ba Make user profile validation success if the attribute was already wrong and read-only in the context 
Closes https://github.com/keycloak/keycloak/issues/24697

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-14 03:07:00 -08:00
Erik Jan de Wit
89abc094d1
userprofile shared (#23600) 
* move account ui user profile to shared

* use ui-shared on admin same error handling

also introduce optional renderer for added component

* move scroll form to ui-shared

* merged with main

* fix lock file

* fixed merge error

* fixed merge errors

* fixed tests

* moved user profile types to admin client

* fixed more types

* pr comments

* fixed some types
 2023-11-14 08:04:55 -03:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2023-11-13 19:13:01 +01:00
vramik
71b6757c2f Remove quarkus options related to map store 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24098
 2023-11-13 12:34:52 +01:00
vramik
926be135e8 Remove map related modules 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24100
 2023-11-13 12:34:52 +01:00
vramik
76affa45c6 Delete removed spi-events-store-jpa-max-detail-length property from keycloak.conf in testsuite 
Signed-off-by: vramik <vramik@redhat.com>

Fixes #17258
 2023-11-13 08:34:09 +01:00
Hynek Mlnařík
0ceaed0e2e
Transient users: Consents (#24496) 
closes #24494
 2023-11-10 11:18:27 +01:00
rmartinc
6963364514 Keep same name on update for LDAP attributes 
Closes https://github.com/keycloak/keycloak/issues/23888
 2023-11-09 23:54:45 +01:00
mposolda
64836680d7 Failing test X509OCSPResponderTest due expired certificate 
closes #24650

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-09 13:34:51 +01:00
vramik
6fa26d7ff4 Delete map dependencies from dependency management 
Closes #24101
 2023-11-08 13:53:17 +01:00
mposolda
7863c3e563 Moving UPConfig and related classes from keycloak-services 
closes #24535

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-07 12:41:29 +01:00
Peter Skopek
e5eded0eab
Add possibility to override fileName and base directory of Keycloak Quarkus distribution ZIP archive (#24284) 
Closes #24283

Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2023-11-07 10:31:58 +01:00
Joshua Sorah
7ca00975d4 Feature flag DPoP metadata in OIDC Well Known endpoint 
Closes keycloak/keycloak#24547

Signed-off-by: Joshua Sorah <jsorah@gmail.com>
 2023-11-06 03:13:57 -08:00
vramik
593c14cd26 Data too long for column 'DETAILS_JSON' 
Closes #17258
 2023-11-02 20:29:35 +01:00
Oliver
563ae104fd [issue-14134] test partial import user with id 
Fix #14134
 2023-11-02 05:56:12 -07:00
Jon Koops
fe0a9459dd
Remove UTF-8 encoding header from property files (#24471) 2023-11-01 16:03:26 -04:00
rmartinc
d7bb59461d Escape $ sign when replacing clientId in the role mappers 
Closes https://github.com/keycloak/keycloak/issues/23692
 2023-11-01 20:47:15 +01:00
Pedro Igor
be65ba8689 Make sure optional default attributes are removed when decorating the user-define user profile configuration 
Closes #24420
 2023-11-01 14:54:09 +01:00
mposolda
0bd2b342d7 Update per review 2023-10-31 12:56:46 -07:00
mposolda
6f992915d7 Move some UserProfile and Validation classes into keycloak-server-spi 
closes #24387
 2023-10-31 12:56:46 -07:00
Aboullos
75440abb5f
Fix compilation error on springboot (#24437) 2023-10-31 19:29:05 +00:00
Justin Tay
3ff0476cc3 Allow customization of aud claim with JWT Authentication 
Closes #21445
 2023-10-31 11:33:47 -07:00
rmartinc
1b630326b2 Fixes in LDAP tests when using AD 
Closing https://github.com/keycloak/keycloak/issues/24357
 2023-10-31 13:34:37 +01:00
rmartinc
7deb4ca545 Group count and PartialExport permission fixes 
Closes https://github.com/keycloak/keycloak/issues/12171
 2023-10-31 01:40:21 -07:00
Aboullos
c23e1e0e2b
Fix springboot tests (#24254) 
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-31 09:06:09 +01:00
rmartinc
6484a3e705 Add userProfileEnabled attribute to realm response if admin can view users 
closes https://github.com/keycloak/keycloak/issues/19093
 2023-10-30 07:39:03 -07:00
rmartinc
ea398c21da Add a property to the User Profile Email Validator for max length of the local part 
Closes https://github.com/keycloak/keycloak/issues/24273
 2023-10-27 15:09:42 +02:00
Alice
69497382d8
Group scalability upgrades (#22700) 
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-26 16:50:45 +02:00
Thomas Darimont
d56baa80b3
Add support for passing acr_values in auth requests in keycloak.js (#9383) (#24259) 
Fixes #9383
 2023-10-25 15:33:39 +02:00
Hynek Mlnarik
c036980c37 Add TRANSIENT_USERS feature flag 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d59ceb17e9 Add tests for offline access, introspection and userinfo endpoint 2023-10-25 12:02:35 +02:00
Hynek Mlnarik
d70735f64d Tests 
Part-of: Add support for not importing brokered user into Keycloak database

Closes: #11334
 2023-10-25 12:02:35 +02:00
ggraziano
84112f57b5 Verification of iss at refresh token request 
Added iss checking using the existing TokenVerifier.RealmUrlCheck in the verifyRefreshToken method.

Closes #22191
 2023-10-24 23:42:11 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration (#24215) 
closes #24182


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-10-24 20:19:33 +02:00
Martin Kanis
10a2c96c72
Users in role Rest API returns empty when User federation used (#23318) 
* Users in role Rest API returns empty when User federation used

Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-24 11:10:20 -04:00
Martin Bartoš
9627187447
Adapter tests failing with Jakarta error (#24177) 
Fixes #24176
 2023-10-24 10:11:48 -04:00
rmartinc
ad01ed1497 Do not reset the user profile configuration on disable 
Closes https://github.com/keycloak/keycloak/issues/23527
 2023-10-24 03:05:34 -07:00
Thomas Darimont
e567210ed1
Add dedicated feature flag for oauth device grant flow (#23892) 
Closes #23891
 2023-10-24 10:09:26 +02:00
vramik
a0f04fa2be Declarative User Profile export 
Closes #12062
Resolves #20885
 2023-10-21 19:21:20 +02:00