keycloak · mposolda · Sep 9, 2024 · Sep 5, 2024 · Sep 9, 2024
diff --git a/admin-client/pom.xml b/admin-client/pom.xml
@@ -116,6 +116,7 @@
                                                 org/keycloak/Token.java,
                                                 org/keycloak/TokenIdGenerator.java,
                                                 org/keycloak/crypto/KeyUse.java,
+                                                org/keycloak/crypto/Algorithm.java,
                                                 org/keycloak/json/*.java,
                                                 org/keycloak/representations/adapters/action/GlobalRequestResult.java,
                                                 org/keycloak/representations/idm/**/*.java,
@@ -150,6 +151,20 @@
                                                 org/keycloak/common/util/StringPropertyReplacer.java,
                                                 org/keycloak/common/util/SystemEnvProperties.java,
                                                 org/keycloak/common/util/Time.java,
+                                                org/keycloak/common/crypto/CryptoConstants.java,
+                                                org/keycloak/common/constants/ServiceAccountConstants.java,
+                                            </includes>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <groupId>org.keycloak</groupId>
+                                            <artifactId>keycloak-server-spi</artifactId>
+                                            <version>${keycloak.version}</version>
+                                            <type>jar</type>
+                                            <classifier>sources</classifier>
+                                            <overWrite>true</overWrite>
+                                            <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
+                                            <includes>
+                                                org/keycloak/utils/StringUtil.java,
                                             </includes>
                                         </artifactItem>
                                     </artifactItems>

diff --git a/admin-client/src/main/java/org/keycloak/admin/client/resource/IdentityProvidersResource.java b/admin-client/src/main/java/org/keycloak/admin/client/resource/IdentityProvidersResource.java
@@ -47,7 +47,15 @@ public interface IdentityProvidersResource {
     @GET
     @Path("instances")
     @Produces(MediaType.APPLICATION_JSON)
-    List<IdentityProviderRepresentation> find(@QueryParam("search") String search, @QueryParam("briefRepresentation") Boolean briefRepresentation, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults);
+    List<IdentityProviderRepresentation> find(@QueryParam("search") String search, @QueryParam("briefRepresentation") Boolean briefRepresentation,
+                                              @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults);
+
+    @GET
+    @Path("instances")
+    @Produces(MediaType.APPLICATION_JSON)
+    List<IdentityProviderRepresentation> find(@QueryParam("search") String search, @QueryParam("briefRepresentation") Boolean briefRepresentation,
+                                              @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults,
+                                              @QueryParam("realmOnly") Boolean realmOnly);
 
     @POST
     @Path("instances")

diff --git a/...-client/src/main/java/org/keycloak/admin/client/resource/OrganizationMembersResource.java b/...-client/src/main/java/org/keycloak/admin/client/resource/OrganizationMembersResource.java
@@ -81,4 +81,14 @@ Response inviteUser(@FormParam("email") String email,
     @Path("invite-existing-user")
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
     Response inviteExistingUser(@FormParam("id") String id);
+
+    @Path("count")
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    Long count();
+
+    @Path("{id}/organizations")
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    List<OrganizationRepresentation> getOrganizations(@PathParam("id") String id);
 }
diff --git a/...client/src/main/java/org/keycloak/admin/client/resource/OrganizationsMembersResource.java b/...client/src/main/java/org/keycloak/admin/client/resource/OrganizationsMembersResource.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2024 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.admin.client.resource;
+
+import java.util.List;
+
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.MediaType;
+import org.keycloak.representations.idm.OrganizationRepresentation;
+
+public interface OrganizationsMembersResource {
+
+    @Path("{id}/organizations")
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    List<OrganizationRepresentation> getOrganizations(@PathParam("id") String id);
+}
diff --git a/admin-client/src/main/java/org/keycloak/admin/client/resource/OrganizationsResource.java b/admin-client/src/main/java/org/keycloak/admin/client/resource/OrganizationsResource.java
@@ -105,4 +105,7 @@ List<OrganizationRepresentation> searchByAttribute(
             @QueryParam("first") Integer first,
             @QueryParam("max") Integer max
     );
+
+    @Path("members")
+    OrganizationsMembersResource members();
 }
diff --git a/admin-client/src/main/java/org/keycloak/common/constants/ServiceAccountConstants.java b/admin-client/src/main/java/org/keycloak/common/constants/ServiceAccountConstants.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.common.constants;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public interface ServiceAccountConstants {
+
+    String CLIENT_AUTH = "client_auth";
+
+    String SERVICE_ACCOUNT_USER_PREFIX = "service-account-";
+
+    String CLIENT_ID_PROTOCOL_MAPPER = "Client ID";
+    String CLIENT_HOST_PROTOCOL_MAPPER = "Client Host";
+    String CLIENT_ADDRESS_PROTOCOL_MAPPER = "Client IP Address";
+
+    String CLIENT_ID_SESSION_NOTE = "clientId";
+    String CLIENT_ID = "client_id";
+    String CLIENT_HOST = "clientHost";
+    String CLIENT_ADDRESS = "clientAddress";
+
+}
diff --git a/admin-client/src/main/java/org/keycloak/common/crypto/CryptoConstants.java b/admin-client/src/main/java/org/keycloak/common/crypto/CryptoConstants.java
@@ -0,0 +1,27 @@
+package org.keycloak.common.crypto;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class CryptoConstants {
+
+    // JWE algorithms
+    public static final String A128KW = "A128KW";
+    public static final String RSA1_5 = "RSA1_5";
+    public static final String RSA_OAEP = "RSA-OAEP";
+    public static final String RSA_OAEP_256 = "RSA-OAEP-256";
+    public static final String ECDH_ES = "ECDH-ES";
+    public static final String ECDH_ES_A128KW = "ECDH-ES+A128KW";
+    public static final String ECDH_ES_A192KW = "ECDH-ES+A192KW";
+    public static final String ECDH_ES_A256KW = "ECDH-ES+A256KW";
+
+    // Constant for the OCSP provider
+    // public static final String OCSP = "OCSP";
+
+    /** Name of Java security provider used with non-fips BouncyCastle. Should be used in non-FIPS environment */
+    public static final String BC_PROVIDER_ID = "BC";
+
+    /** Name of Java security provider used with fips BouncyCastle. Should be used in FIPS environment */
+    public static final String BCFIPS_PROVIDER_ID = "BCFIPS";
+
+}
diff --git a/admin-client/src/main/java/org/keycloak/crypto/Algorithm.java b/admin-client/src/main/java/org/keycloak/crypto/Algorithm.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.crypto;
+
+import org.keycloak.common.crypto.CryptoConstants;
+
+public interface Algorithm {
+
+    /* RSA signing algorithms  */
+    String HS256 = "HS256";
+    String HS384 = "HS384";
+    String HS512 = "HS512";
+    String RS256 = "RS256";
+    String RS384 = "RS384";
+    String RS512 = "RS512";
+    String PS256 = "PS256";
+    String PS384 = "PS384";
+    String PS512 = "PS512";
+
+    /* ECDSA signing algorithms  */
+    String ES256 = "ES256";
+    String ES384 = "ES384";
+    String ES512 = "ES512";
+
+    /* EdDSA signing algorithms  */
+    String EdDSA = "EdDSA";
+    /* EdDSA Curve */
+    String Ed25519 = "Ed25519";
+    String Ed448 = "Ed448";
+
+    /* RSA Encryption Algorithms */
+    String RSA1_5 = CryptoConstants.RSA1_5;
+    String RSA_OAEP = CryptoConstants.RSA_OAEP;
+    String RSA_OAEP_256 = CryptoConstants.RSA_OAEP_256;
+
+    /* AES */
+    String AES = "AES";
+
+    String ECDH_ES = CryptoConstants.ECDH_ES;
+    String ECDH_ES_A128KW = CryptoConstants.ECDH_ES_A128KW;
+    String ECDH_ES_A192KW = CryptoConstants.ECDH_ES_A192KW;
+    String ECDH_ES_A256KW = CryptoConstants.ECDH_ES_A256KW;
+}
diff --git a/...client/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java b/...client/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java
@@ -41,7 +41,7 @@ public class IdentityProviderRepresentation {
      * <li><code>missing</code> - update profile page is presented for users with missing some of mandatory user profile fields
      * <li><code>off</code> - update profile page is newer shown after first login
      * </ul>
-     * 
+     *
      * @see #UPFLM_ON
      * @see #UPFLM_MISSING
      * @see #UPFLM_OFF
@@ -54,8 +54,10 @@ public class IdentityProviderRepresentation {
     protected boolean addReadTokenRoleOnCreate;
     protected boolean authenticateByDefault;
     protected boolean linkOnly;
+    protected boolean hideOnLogin;
     protected String firstBrokerLoginFlowAlias;
     protected String postBrokerLoginFlowAlias;
+    protected String organizationId;
     protected Map<String, String> config = new HashMap<>();
 
     public String getInternalId() {
@@ -106,10 +108,18 @@ public void setLinkOnly(boolean linkOnly) {
         this.linkOnly = linkOnly;
     }
 
+    public boolean isHideOnLogin() {
+        return this.hideOnLogin;
+    }
+
+    public void setHideOnLogin(boolean hideOnLogin) {
+        this.hideOnLogin = hideOnLogin;
+    }
+
     /**
-     * 
+     *
      * Deprecated because replaced by {@link #updateProfileFirstLoginMode}. Kept here to allow import of old realms.
-     * 
+     *
      * @deprecated {@link #setUpdateProfileFirstLoginMode(String)}
      */
     @Deprecated
@@ -194,4 +204,12 @@ public void setDisplayName(String displayName) {
         this.displayName = displayName;
     }
 
+    public String getOrganizationId() {
+        return this.organizationId;
+    }
+
+    public void setOrganizationId(String organizationId) {
+        this.organizationId = organizationId;
+    }
+
 }
diff --git a/admin-client/src/main/java/org/keycloak/representations/idm/UserRepresentation.java b/admin-client/src/main/java/org/keycloak/representations/idm/UserRepresentation.java
@@ -67,7 +67,6 @@ public UserRepresentation(UserRepresentation rep) {
         this.setUserProfileMetadata(rep.getUserProfileMetadata());
 
         this.self = rep.getSelf();
-        this.origin = rep.getOrigin();
         this.createdTimestamp = rep.getCreatedTimestamp();
         this.enabled = rep.isEnabled();
         this.totp = rep.isTotp();
@@ -220,13 +219,21 @@ public void setGroups(List<String> groups) {
      * Returns id of UserStorageProvider that loaded this user
      *
      * @return NULL if user stored locally
+     * @deprecated Use {@link #getFederationLink()} instead
      */
+    @Deprecated
     public String getOrigin() {
-        return origin;
+        return federationLink;
     }
 
+    /**
+     *
+     * @param origin the origin
+     * @deprecated Use {@link #setFederationLink(String)} instead
+     */
+    @Deprecated
     public void setOrigin(String origin) {
-        this.origin = origin;
+        // deprecated
     }
 
     public Set<String> getDisableableCredentialTypes() {