libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
14684 commits 4 branches 5 tags 483 MiB
Commit graph

3806 commits

Author SHA1 Message Date
Sebastian Schuster
fb978de0d8 12653 check if fine-grained permissions are enabled before retrieving group memberships of users 2022-08-22 09:34:46 -03:00
Sebastian Schuster
916cfbbaf1 13647 Added null checks and some comments/questions for discussions. Will be squashed later if accepted. 2022-08-22 09:34:12 -03:00
Sebastian Schuster
53472e097c 13647 fixed wrong feature flag for checking admin fine-grained authz 2022-08-22 09:34:12 -03:00
Pedro Igor
5f2191813a
Remove unnecessary code paths during startup (#13848) 
Closes #13847
 2022-08-19 14:54:11 +02:00
Pedro Igor
841c65d24f Return 404 when invoking authorization endpoints in case authz settings are disabled 
Closes #10151
 2022-08-16 16:37:44 -03:00
Markus Till
fa383bf76c
Suppress confirmation screen for logout in oidc (#13471) 
Closes #13469
 2022-08-10 18:25:50 +02:00
Marcelo Daniel Silva Sales
e44cea587f
NullPointer during OIDC logout client disabled (#13424) 
closes #12624
 2022-08-08 12:34:09 +02:00
Sebastian Knauer
21f700679f KEYCLOAK-19866 Fix user-defined- and xml-fragment-parsing/Add XPathAttributeMapper 2022-08-03 13:07:12 +02:00
Marek Posolda
7e925bfbff
Unit tests in "crypto/fips1402" passing on RHEL 8.6 with BC FIPS approved mode. Cleanup (#13406) 
Closes #13128
 2022-07-29 18:03:56 +02:00
Pedro Hos
ee2c5391bd
Possible client enumeration in the authorization endpoint 
Closes #12164
 2022-07-26 09:10:06 +02:00
Stian Thorgersen
7158e781be
Update base URL for admin rest docs (#13305) 
Closes #10464
 2022-07-25 16:25:55 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282) 
Closes #10135
 2022-07-25 10:57:52 +02:00
Stian Thorgersen
a251d785db
Remove text based login flows (#13249) 
* Remove text based login flows

Closes #8752

* Add display param back in case it's used by some custom authenticators
 2022-07-22 15:15:25 +02:00
Pedro Igor
e14bd51656 Properly enable/disable metrics and health endpoints 
Closes #11506

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
 2022-07-22 09:41:29 -03:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory 
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
 2022-07-22 08:20:00 +02:00
Douglas Palmer
adeef6c2a0 Partial import feature does not import Identity Provider mappers in Keycloak #12861 2022-07-21 18:04:15 +02:00
Pedro Igor
3631a413d2 Allow token exchange when subjec_token is not associated with a session 
Closes #12596
 2022-07-20 15:42:26 -03:00
Alexander Schwartz
d30646b1f6 Refactor object locking for UserSessions 
Closes #12717
 2022-07-19 17:47:33 -03:00
Lex Cao
f0988a62b8
Use base64 url decoded for client secret when authenticating with Basic Auth (#12486) 
Closes #11908
 2022-07-16 09:38:41 +02:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241) 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
 2022-07-14 12:07:02 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4 
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2022-07-11 12:17:51 -03:00
Takashi Norimatsu
29aad9dc45 PAR logic affecting /auth endpoint 
Closes #9289
 2022-07-11 11:56:37 +02:00
Alexander Schwartz
29a501552e Disable the JpaUserFederatedStorageProvider when map storage is enabled 
Closes #12895
 2022-07-07 10:47:42 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider (#12897) 
Split PublicKeyStorageProvider

- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates

Resolves #12763

Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2022-07-05 09:57:51 -03:00
Alexander Schwartz
4b20e90292 Move session persistence package to legacy-private module 
Also, disabling the jpa session persister when map storage is enabled.

Closes #12712
 2022-07-04 10:05:26 -03:00
Alexander Schwartz
d407a37ba3 Instead of returning instances with different semantics, throw an exception. 
This exception points the caller to the migration guide of Keycloak 19.

Closes #12556
 2022-07-01 14:12:39 -03:00
Konstantinos Georgilakis
32f8f30f36 Include 'urn:ietf:params:oauth:grant-type:token-exchange' in grant_types_supported field of Keycloak OP metadata, if token-exchange is enabled 
closes #10888
 2022-06-30 17:13:47 -03:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType 
This reverts commit 3b5a578934.
 2022-06-30 12:20:51 -03:00
Pedro Igor
605b51890e Enables the new store and the concurrenthashmap provider 
Closes #12651
 2022-06-30 10:55:22 -03:00
Alexander Schwartz
692ce0cd91 Moving ClientStorageProvider to the legacy modules 
This prepares the move of CachedObject and CacheableStorageProviderModel

Closes #12531

fixup! Moving ClientStorageProvider to the legacy modules
 2022-06-29 20:04:32 +02:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants 
Closes #12485
 2022-06-29 13:35:11 +02:00
Lex Cao
c3c8b9f0c8
Add client_secret to response when token_endpoint_auth_method is not private_key_jwt (#12609) 
Closes #12565
 2022-06-29 10:19:18 +02:00
Konstantinos Georgilakis
ccc0449314 json device code flow error responses 
closes #11438
 2022-06-29 07:23:02 +02:00
Marek Posolda
be1e31dc68
Introduce crypto/default module. Refactoring BouncyIntegration (#12692) 
Closes #12625
 2022-06-29 07:17:09 +02:00
vramik
91335ebaad Change returning type to Set in MapClientEntity when obtaining protocol mappers 
Closes #11136
 2022-06-28 21:47:56 +02:00
danielFesenmeyer
b6d8c27cac OIDC logout: In "legacy mode", support post_logout_redirect_uri param without requiring id_token_hint param 
Closes #12680
 2022-06-28 14:36:03 +02:00
Alexander Schwartz
4b499c869c Encapsulate MigrationModelManager in legacy module 
Closes #12214
 2022-06-28 10:53:04 +02:00
leandrobortoli
c5d5659100 Fixed bug on client credentials grant when encryption key not found 
Closes #12348
 2022-06-27 13:00:21 +02:00
Lex Cao
f8a7c8e160
Validate name of client scope (#12571) 
Closes #12553
 2022-06-27 12:26:18 +02:00
Pedro Igor
3d2c3fbc6a Support JSON objects when evaluating claims in regex policy 
Closes #11514
 2022-06-23 14:04:09 -03:00
Pedro Igor
d3a40e8620 Use backend baseURL for UMA-related backend endpoints 
Closes #12549
 2022-06-23 10:35:26 -03:00
Takashi Norimatsu
a10eef882f DeviceTokenRequestContext.getEvent returns a wrong ClientPolicyEvent 
Closes #12455
 2022-06-22 13:01:35 +02:00
Takashi Norimatsu
d396ee7d30 CIBA flow : no error on invalid scope 
Closes #12589
 2022-06-22 12:55:55 +02:00
rmartinc
711440e513 [#11036] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL 2022-06-21 10:52:25 -03:00
Alexander Schwartz
ae7c01b719 Moving the CacheRealmProvider interface to the legacy module 2022-06-21 08:53:06 +02:00
Alexander Schwartz
7855b93390 Moving the UserCache interface to the legacy module 
Co-Authored-By: hmlnarik@redhat.com
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
6376db0f9c code cleanup 2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Alexander Schwartz
3fe477885c when userStorageManager() is called recursively, provided a meaningful exception to the caller. 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00