libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
14039 commits 4 branches 5 tags 480 MiB
Commit graph

3128 commits

Author SHA1 Message Date
Pedro Igor
ffa6df5547
Fixes to hostname (#10820) 
Closes #10627
Closes #10331
 2022-03-22 08:11:50 +01:00
Joaquim Fellmann
92c4e6d585
KEYCLOAK-16134 Allow webauthn idless login flow (#7860) 
Closes #10832
 2022-03-21 11:37:33 +01:00
Clara Fang
bc27c7c464 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() 
Closes #10333
 2022-03-18 11:20:52 +01:00
Michal Hajas
c18a682f50 Do not store undefined values in store 
Closes #10744
 2022-03-17 16:44:33 +01:00
mposolda
9e12587181 Protocol mapper and client scope for 'acr' claim 
Closes #10161
 2022-03-11 09:23:25 +01:00
Martin Bartoš
8ee7ae24de Make WebAuthn feature default for the product version 
Closes #10695
 2022-03-10 19:00:54 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730) 
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
 2022-03-10 15:49:25 +01:00
Martin Bartoš
8a0f1ccb34 Properly execute AuthenticationFlowCallbackProviderTest with Map storage 
Closes #10268, Closes #10225
 2022-03-10 15:00:23 +01:00
rmartinc
a7c8aa1dd3
[#10616] Incorrect username logged for federated accounts (#10662) 
Closes #10616
 2022-03-10 13:21:39 +01:00
Marcelo Daniel Silva Sales
0c25da542c
Update secret rotation when the policy is disabled (#10674) 
Closes #10667
 2022-03-10 13:03:09 +01:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname 
It's always a converter, unless electricity is involved.

Closes #10573
 2022-03-09 08:28:52 -03:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation (#10603) 
Closes #10602
 2022-03-09 00:05:14 +01:00
mposolda
d394e51674 Introduce profile 'feature' for step-up authentication enabled by default 
Closes #10315
 2022-03-08 14:42:46 +01:00
rmartinc
48565832d4 [#10608] Password blacklists folder 2022-03-08 08:22:34 -03:00
mposolda
93bba8e338 Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that. 
Closes #10205
 2022-03-08 10:41:05 +01:00
Martin Bartoš
02d0fe82bc Auth execution 'Condition - User Attribute' missing 
Closes #9895
 2022-03-08 08:24:48 +01:00
Michal Hajas
f77ce315bb Disable Authz caching for new storage tests 
Closes #10500
 2022-03-07 10:22:55 -03:00
Michael Parlee
722ce950bf Improve user search performance 
Removes bulder.lower() from user search queries on email and username.

Closes #8893
 2022-03-04 14:15:14 +01:00
Takashi Norimatsu
201277b897 Handle OIDC authz request with "response_type" missing and "response_mode=form_post" 
Closes #10144
 2022-03-04 13:31:40 +01:00
Takashi Norimatsu
92f6c75328 Nonce parameter should be required in authorizationEndpoint only when "id_token" is included in response_type 
Closes #10143
 2022-03-03 13:26:39 +01:00
Daniel Gozalo
76101e3591 [fixes #9225] - Get scopeIds from the AuthorizationRequestContext instead of session if DYNAMIC_SCOPES are enabled 
Add a test to make sure ProtocolMappers run with Dynamic Scopes

Change the way we create the DefaultClientSessionContext with respect to OAuth2 scopes, and standardize the way we obtain them from the parameter
 2022-03-01 13:47:58 +01:00
stianst
5ef8265b75 Remove Tomcat 7 adapter 
Closes #9428
 2022-02-28 07:50:36 +01:00
mposolda
52712d2c82 ACR support in the javascript adapter 
Closes #10154
 2022-02-24 20:07:50 +01:00
Martin Kanis
6249e34177 Hot Rod map storage: Client scope no-downtime store 2022-02-24 13:30:27 +01:00
Michal Hajas
b4281468d0 Convert Map Realm Entities into interfaces 
Closes #9736
 2022-02-24 13:23:19 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore 
Closes #10442
 2022-02-24 12:46:26 +01:00
Pedro Igor
209df44641
Fixing responses when unexpected errors occurs (#10383) 
Closes #10338
 2022-02-23 07:44:25 +01:00
Marek Posolda
8c3fc5a60e
Option for client to specify default acr level (#10364) 
Closes #10160
 2022-02-22 07:54:30 +01:00
Marek Posolda
caf37b1f70
Support for acr_values_supported in OIDC well-known endpoint (#10265) 
* Support for acr_values_supported in OIDC well-known endpoint
closes #10159
 2022-02-18 11:33:31 +01:00
Filipe Bojikian Rissi
323c08c8cc
KEYCLOAK-19519 Encryption algorithm RSA-OAEP with A256GCM (#8553) 
Closes #10300
 2022-02-17 17:41:54 +01:00
Martin Bartoš
314d303a99 Possibility to ignore tests for particular browsers 
Closes #10213
 2022-02-17 09:02:11 +01:00
Pedro Igor
a9668d14ce Proper error response when handing unexpected errors 
Closes #10176
 2022-02-16 15:35:38 -03:00
Martin Bartoš
bbe9ab38bc Unstable AuthenticationFlowCallbackProviderTest for undertow-map 
Closes #10225
 2022-02-16 15:49:08 +01:00
Pedro Igor
7da3953435 Path parameter is missing in the get account endpoint 
Closes #10055
 2022-02-15 15:44:05 -03:00
Marek Posolda
90d4e586b6
Show error in case of an unkown essential acr claim. Make sure correc… (#10088) 
* Show error in case of an unkown essential acr claim. Make sure correct acr is set after authentication flow during step-up authentication
Closes #8724

Co-authored-by: Cornelia Lahnsteiner <cornelia.lahnsteiner@prime-sign.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2022-02-15 09:02:05 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
Martin Kanis
26ac142b99 Hot Rod map storage: Roles no-downtime store 2022-02-11 14:31:34 +01:00
Michal Hajas
b50b8f883b Implement HotRod storage for Users 
Closes #9671
 2022-02-11 10:20:36 +01:00
Martin Bartoš
6c09ec6de6 Hide 'unknown' transport media type label for WebAuthn authenticators 
Closes #10036
 2022-02-11 08:28:50 +01:00
Mauro de Wit
2c238b9f04
session-limiting-feature (#8260) 
Closes #10077
 2022-02-08 19:16:06 +01:00
Martin Bartoš
8573ea5fb2 KEYCLOAK-17690 Add missing test case for user email update 2022-02-07 10:56:11 +01:00
Marek Posolda
d9c8cb30a5
Closes #9498 - Fix cases when user is forced to re-authenticate (#9580) 2022-02-07 09:02:08 +01:00
Takashi Norimatsu
07d43f31f3 Expected Scopes of ClientScopesCondition created on Admin UI are not saved onto ClientScopesCondition.Configuration 
Closes #9371
 2022-02-04 18:02:15 +01:00
Martin Kanis
0471ec4941 Cross-site validation for lazy loading of offline sessions & Switch default offline sessions to lazy loaded 2022-02-03 21:43:47 +01:00
Konstantinos Georgilakis
a1f2f77b82 Device Authorization Grant with PKCE 
Closes #9710
 2022-02-03 08:37:07 +01:00
Daniel Gozalo
db4642d250 [fixes #9919] - Enable Dynamic Scopes for the resource-owner-password-credentials grant 
Change some calls to the new AuthorizationContextUtil class and add tests for the client-credentials grant
 2022-02-03 08:19:44 +01:00
Marek Posolda
d27635fb1b
Fixing for token revocation checks only (#9707) 
Closes #9705
 2022-02-02 15:21:44 +01:00
Daniel Gozalo
3528e7ba54 [fixes #9224] - Get consented scopes from AuthorizationContext 
Always show the consent screen when a dynamic scope is requested and show the requested parameter

Improve the code that handles dynamic scopes consent and add some log traces

Add a test to check how we show dynamic scope in the consent screen and added missing template file change

Fix merge problem in comment and improve other comments

Fix the Dynamic Scope test by assigning it to the client as optional instead of default

Change how dynamic scopes are represented in the consent screen and adapt test
 2022-02-02 09:10:20 +01:00
Daniel Gozalo
dc814b85c7 Pass the UserId to the function that runs the inner function in the server as it was losing its value when defined globally for Wildfly and Quarkus 2022-01-31 13:02:22 +01:00
Martin Bartoš
2919342f3a Add test scenarios for Passwordless Webauthn AIA 
Closes #9795
 2022-01-27 11:02:43 +01:00