External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
24,464 Commits 26 Branches 288 Tags
Commit Graph

24464 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
rmartinc
dc96ac56d7 Change certificates for SAML testing 
Closes #34004

In upstream this was solved by e9c9efc3f4dac20cf6a791fd3efaa246612038bd
but the backport needs to strip the commit and just maintain the
certificate changes.

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-17 09:15:05 +02:00
rmartinc
7719933d44 Run all maven commands inside the ubi docker container 
Closes #33881

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-17 09:15:05 +02:00
mposolda
b4b43efa69 Temporarily comment FIPS CI until it is figured what causes the issue 
closes #33875

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-17 09:15:05 +02:00
Ricardo Martin
99dc668d55
Bump @playwright/test from 1.47.2 to 1.48.0 (#33993) 
Bumps [@playwright/test](https://github.com/microsoft/playwright) from 1.47.2 to 1.48.0.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.47.2...v1.48.0)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...


(cherry picked from commit d334eeaebc3ff91cb309406f789e52835176a859)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-16 14:41:52 +02:00
Ricardo Martin
e2904a31af
Bump manusa/actions-setup-minikube from 2.11.0 to 2.13.0 (#33801) (#33934) 
Bumps [manusa/actions-setup-minikube](https://github.com/manusa/actions-setup-minikube) from 2.11.0 to 2.13.0.
- [Release notes](https://github.com/manusa/actions-setup-minikube/releases)
- [Commits](https://github.com/manusa/actions-setup-minikube/compare/v2.11.0...v2.13.0)

---
updated-dependencies:
- dependency-name: manusa/actions-setup-minikube
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 268229dbe8e5a5035d4aaec09f59433a46946c9d)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-15 12:50:24 +02:00
Alexander Schwartz
28638dc97e Fixing broken links after KC26 docs changes 
Closes #33576

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-14 10:50:40 +02:00
mposolda
d38f0ec19f Better logging when error happens during transaction commit 
closes #33275

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 07cf71e818e7feca1a36164c216a225f198d50f0)
 2024-10-08 13:15:49 +02:00
Ricardo Martin
47b91ac68b
Fixes a race condition in the test suite causing sporadic failures (#33561) 
Closes #33064

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-10-04 14:38:01 +00:00
Giuseppe Graziano
5344aada5e Remove root auth session after backchannel logout 
Closes #32197

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
(cherry picked from commit b46fab230824a2304daafe74be019e8bd4ee590a)
 2024-10-03 08:49:56 +02:00
mposolda
1e4bb18638 Add link to EAP 8 documentation to the SAML documentation 
closes #33426

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-02 19:11:55 +02:00
Stefan Guilhen
2cc3854381
Sort the IDPs in the admin console admin and organization tables by alias (#32999) (#33081) 
- prevent issues when ordering by guiOrder due to pagination of results

Closes #32669

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit 6503d202ac9994a5ea6dafc0f800b1a5f1fd8e76)
 2024-09-20 22:34:11 +02:00
Erik Jan de Wit
b385f36c7c
add error to the console for debugging 
fixes: #33040

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
(cherry picked from commit 9e42e8013d7581e0e188226095ff695a51cee2d7)
 2024-09-20 22:28:14 +02:00
Stian Thorgersen
babfcba148
Improve handling for loopback redirect-uri validation (#196) 
Signed-off-by: stianst <stianst@gmail.com>
 2024-09-16 13:33:04 +02:00
Ricardo Martin
1100c672ca
Use references to obtain the signed elements in a signature (#193) 
Closes keycloak/keycloak-private#191

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-13 12:49:29 +02:00
Alexander Schwartz
e655b90efd
Do not automatically re-import users if they already exist locally when searching by attributes (#32887) 
Closes #32870

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-13 12:42:55 +02:00
Thomas Darimont
073e773a35 Ensure realm attributes import happens before client import 
Adjusted import file for KC24.

Fixes #32799

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
(cherry picked from commit 445a7da9020e4c48561d99040edca36cda61d4cf)
 2024-09-12 09:14:54 +02:00
Erik Jan de Wit
1ed55ded25
better parsing of value and default value 
fixes: #31085

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
(cherry picked from commit 64c6dc00c02fa9e6b0589b86690ba3aac35805bc)
 2024-09-10 10:13:06 +02:00
cgeorgilakis-grnet
b9bd644dc5 Check refresh token flow response for offline based on refresh token request parameter 
Closes #30857

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
(cherry picked from commit 20cedb84eb2084c22cab4f263ce00ba9fb79ffc1)
 2024-09-10 08:52:08 +02:00
Ricardo Martin
5e06da2f67 Honor turnOffChangeSessionIdOnLogin in SAML adapter (#186) 
Closes keycloak/keycloak-private#183

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-04 16:15:06 +02:00
Steven Hawkins
83f6f1f78a
fix: mark slf4j as not optional for the operator (#32652) 
closes: #32651

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-09-04 16:13:52 +02:00
Ricardo Martin
d7013507eb
SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface (#32235) 
Closes #32084

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-20 09:18:27 +02:00
Ricardo Martin
ab486123dc
better unset check (#32062) (#32206) 
* better unset check

fixes: #32059
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* better explanation

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix min value

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Steal some code from `react-hook-form`

Signed-off-by: Jon Koops <jonkoops@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
(cherry picked from commit 862854bc2915516a1d7a9b3874c39bdfc48f8422)

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-08-19 10:52:06 +02:00
Alexander Schwartz
18649c9a99
Caches the id-to-user mapping for the evaluation in the current session (#32139) 
Closes #31519

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-16 10:16:28 +02:00
rmartinc
4875c117a3 Adding upgrading notes for brute force changes 
Closes #31960

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:21:27 +02:00
rmartinc
c8053dd812 Remove the attempt in brute force when the off-thread finishes 
Closes #31881

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:21:27 +02:00
Pedro Igor
461fa631dc Support for blocking concurrent requests when brute force is enabled 
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-08 17:21:27 +02:00
Erik Jan de Wit
ab94847f1e
removed strange searching pagination logic (#31430) (#31911) 
fixes: #31386

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
(cherry picked from commit 28c1035c5ba80ec853810457cc48596d31597565)
 2024-08-06 12:45:58 +01:00
Jon Koops
bd38e1d323
Only allow a known refferer URI for the Account Console (#28743) (#31814) 
Closes #27628

Signed-off-by: Jon Koops <jonkoops@gmail.com>
(cherry picked from commit 3216e7c781a9bb6399d33255e6b10275b3cc81f9)
 2024-08-01 13:08:52 +02:00
Alexander Schwartz
a1cfc4d816
Trigger clearing the user cache when the duplicate email allowed flag changes (#31723) 
Closes #31045

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-30 14:58:17 +02:00
Marek Posolda
fa0e3dfc11 Documentation for Delete Credential action and related changes (#31719) 
closes #31718

Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
(cherry picked from commit 5b521173518a80b9ce87ae8fd48bb13e86a657ca)
 2024-07-30 10:16:16 +02:00
Alexander Schwartz
21bcb63e7f
All CURL commands should check the HTTP response code (#31600) 
Closes #31598

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-26 12:38:48 +02:00
Miquel Simon
da1110863f
LDAPSyncTest - additional removal of users at the end of the test 
Necessary when running with external AD

Closes #27499

(cherry picked from commit be7775a9bee8debe35be6d1b2cf2df2838d6ca5a)

Signed-off-by: Pavel Drozd <pdrozd@redhat.com>
Co-authored-by: Pavel Drozd <pdrozd@redhat.com>
 2024-07-26 12:17:33 +02:00
Steven Hawkins
db2876c604
fix: backport of looking for separated --spi arguments for the config (#31576) (#31632) 
closes: #31578

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit c0ed46a011c56d3e52c08b4017f86418d8d97104)
 2024-07-25 17:05:38 +00:00
rmartinc
a736fa2f28 Add availability for features and make kerberos use it 
Closes #30730

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit c20dbc5c320176aa4d0ae4ee03b0ff14f73913de)
 2024-07-25 13:00:30 +02:00
Alexander Schwartz
95387bcef8 Filter out null values when looking up entries by ID 
This should prevent null elements in the stream when doing concurrent operations.

Closes #28865

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-24 15:25:22 -03:00
Miquel Simon
015ac68a8a Updated connection configuration for MSSQL test container 
Closes #31558

Signed-off-by: Miquel Simon <msimonma@redhat.com>
(cherry picked from commit aab7a912c46527c3da2aa254aefd653504fd1cef)
Signed-off-by: Miquel Simon <msimonma@redhat.com>
 2024-07-24 16:33:40 +02:00
Erik Jan de Wit
dff6cffcee
Automatically re-authenticate on single-logout (#28723) (#31154) 
Automatically forces the user to re-authenticate from the Admin and Account consoles when a single-logout occurs.

Closes #23832
Closes #23833




(cherry picked from commit 957859d8465e3e72c036dca88f6ef73b5ade650e)

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-07-22 12:18:01 +02:00
Erik Jan de Wit
6b76886b40
Truncate the clientId (#28406) (#31398) 
* Truncate the clientId

fixes: #28284

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fxed tests

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
(cherry picked from commit 73e22b32c9b6c77c79d1e011efdf9902e63a295b)
 2024-07-22 12:16:04 +02:00
Douglas Palmer
3500618ee2 Failure reset time is applied to Permanent Lockout 
Closes #28821

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-07-18 18:49:28 +02:00
rmartinc
12d76a619a Wait for the brute force off-thread processing in AbstractAdvancedBrokerTest 
Closes #30188
Closes #30641

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 5ea3becef57fa239961bd52f3d89235e86c238aa)
 2024-07-18 16:13:54 +02:00
Aboullos
fd1433cf1b
Add step to Google Social Login 
Closes #30335 

Signed-off-by: Alfredo Moises Boullosa <aboullos@redhat.com>
 2024-07-18 11:08:15 +02:00
Erik Jan de Wit
2366d99870
only start searching on enter and search button click (#28040) (#31360) 
fixes: #27917

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
(cherry picked from commit b321c4b406818aa569b8d80a9b959a9f2ae86f4a)
 2024-07-17 14:14:44 +02:00
Erik Jan de Wit
8f8ca8f381
use label function to fetch the translation (#28473) (#31155) 
* use label function to fetch the translation

fixes: #28443
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* removed export from unWrap

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
(cherry picked from commit 9190114c60ee165a795f3604c15526ebad5cb41c)
 2024-07-17 08:41:51 +01:00
Pedro Ruivo
6378de9199 Add default stack in cache-ispn.xml 
A bug in Infinispan prevents the metrics to be registered if the "stack"
is not specified.
Change the default configuration shipped with Keycloak to use the UDP
stack as default.
UDP is the default in previous Keycloak versions.

Fixes #31218

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-16 14:42:33 -03:00
Ricardo Martin
2a3f4c33b2
Fix test LDAP connection with multiple ldap connection urls 
Previously, the given connection string was check with URI.create(..) which
failed when multiple space separated LDAP URLs were given.

Closes #31267

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-16 14:15:42 +00:00
rmartinc
eb1f1b04bd Change link to https://github.com/eclipse/microprofile/wiki/JWT_Auth 
Closes #31219

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit e80c3fee9bd762a6ddc7b82867b6d19175a8694d)
 2024-07-12 08:59:04 +02:00
rmartinc
3e1ac0b3ad Do not compare user DN using DN comparison as Ad can login via username@domain 
Closes #31196

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit bd90ead892b6a8ba00da747e8e870babc820a14e)
 2024-07-11 17:09:45 +02:00
Pedro Igor
234d69d541 Testing ldap connection should not process or bind the credentials (#31081) 
Closes #30821

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-11 00:23:45 +02:00
rmartinc
15ffd83585 Improve consent deletion when a realm is removed 
Closes #30992

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit ce195b81f82e21c97616431cd6fb0e3b05b4e729)
 2024-07-10 16:15:27 +02:00
Sascha Marcel Schmidt
f669ab3233 fix(operator): Scale statefulset to 0 to prepare for update (#30450) 
When performing a keycloak update, the operator is supposed to make sure that
potential database migrations are run with only one pod active. This change
makes the operator scale down the stateful set to zero pods in preparation for
the update. The next reconciliation loop will scale the stateful set back up
and change the image, making sure migrations are being run on the first pod
that is brought up. This also makes sure that the rollover works even if the
infinispan versions are incompatible. (ref: #30449)

Signed-off-by: Schmidt, Sascha (sasschmidt) <sascha.schmidt@breuninger.de>
(cherry picked from commit 13ef6fb1c8564aa22003cf4d1507d982f63e2f5f)
 2024-07-09 19:04:36 +02:00