External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
23,456 Commits 26 Branches 288 Tags
Commit Graph

23456 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tomas Ondrusko
e44df38908 Fix Microsoft social login test case 
Resolves #27120

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
(cherry picked from commit 055a0e2231896370b8e663d6074f8891109b12d7)
 2024-02-20 11:43:47 +01:00
Stefan Guilhen
c6bee418d7 Check if kerberos auth is enabled before creating the kerberos principal in LDAPStorageProvider 
- prevents misleading warn messages from being logged

Closes #25294

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit 143ccbfa152f02b3df3882adfb6ccff4ad29d1a7)
 2024-02-16 17:21:51 +01:00
Alexander Schwartz
907aadfbf4 Use the appropriate database dialect to add quotes to the schema name 
Closes #25961

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-16 17:11:36 +01:00
Stefan Guilhen
c7a20935e7 Avoid changing the config value for the useTruststoreSpi property 
- prevents cached LDAPConfig entry from changing when retrieving this value

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit eac43822c342802512e226f9692c91aa12ae4fef)
 2024-02-16 16:55:14 +01:00
Stefan Guilhen
6c2433634b Fix MembershipType so that NPE is not thrown when an empty member is found within a group 
Closes #25883

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit d3ae075a33eebf91e171312a17a6edde13a2b5f3)
 2024-02-16 16:24:59 +01:00
Michal Hajas
b53600ac49 Add caching for subGroupsCount 
Closes #25731

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 14:32:41 +01:00
Michal Hajas
124d32f5b3 Make sure pagination is used even when first is null for getGroups endpoint 
Closes #25731

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 14:32:41 +01:00
Thomas Darimont
d73148089b Shorter lifespan for offline session cache entries in memory 
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 93fc6a6c543c30cd304d2145e51f252037f31b0a)
 2024-02-13 18:01:16 +01:00
Steven Hawkins
a26fd88208
Fipsdist test changes backport (#26928) 
* fix: switching the raw distribution to a weak readiness check (#26097)

also adding a thread dump if the server doesn't seem to stop properly

closes: #23786

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* addendum to #23786 - readiness check should end after the first dump (#26215)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Stabilizing the FipsDistTest

* increased the timeout to let Keycloak stop

Closes #26374

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>

* fix: increases another timeout to accomodate for the transaction timeout (#26566)

closes: #26529

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: completely removing problematic assertion (#26613)

closes: #26529

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
 2024-02-12 12:53:35 +00:00
Sebastian Schuster
bc6e222e98
use login realm (#25466) (#26926) 
fixes: #22431, fixes: #25152

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-02-09 17:11:52 +01:00
Dominik Topp
e42ca7ccdb Fix for freemarker template URL sanitization in template.ftl (#26838) 
closes #26826

Signed-off-by: Dominik Topp <19268966+dominiktopp@users.noreply.github.com>
(cherry picked from commit edd68d12fb7d02aebf6ed73e8fca3c698f075ee3)
 2024-02-08 14:18:03 +01:00
Stian Thorgersen
8056135e2a
Ignore empty attribute values when retriveing boolean/int/long (#26729) 
Resolves #26597, resolves #26665

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-02 13:31:30 +01:00
Václav Muzikář
56a33436f0
Fix createdAt format in Operator CSV (#26428) (#26553) 
Closes #26427

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
(cherry picked from commit 7a57bfb504cc09c2fffe72e2037986652bcb6267)
 2024-01-29 12:55:57 +01:00
Václav Muzikář
c1d60364c2
Upgrade to Quarkus 3.2.10.Final (#26534) 
Closes #26417

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-01-29 08:38:48 +01:00
Sebastian Schuster
7c6d5e42b6
Allow authorization changes with fine-grained client access and manage-authorization. (#25280) (#26394) 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
 2024-01-22 17:42:23 +00:00
Sebastian Schuster
6a1f19e8a3
Make role mapping tab visible with view user permissions (#26386) (#26391) 
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Salem Wafi <32916450+SalemWafi@users.noreply.github.com>
 2024-01-22 16:42:17 +00:00
Alexander Schwartz
081ddb0a7e
Remove product specific content about Linux only (#26376) 
Closes #26220

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-22 16:31:53 +01:00
rmartinc
b639314632 Assume test testEncryptedElementIsReadableInDep in FIPS mode 
Closes #26303

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-18 19:14:58 +01:00
rmartinc
f9049565a9 Sanitize logs in JBossLoggingEventListenerProvider 
Closes #25078

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 179ca3fa3ac25d901d1bd8a989a2146bb7384121)
 2024-01-15 10:11:10 +01:00
Alexander Schwartz
165c733e83
Remove conditionals about Linux vs. Windows (#26087) 
Closes #26028

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-15 09:24:19 +01:00
Stan Silvert
548c00d1e0
account.v3 allow adding scripts like in v2 (#26142) 
Fixes #25502

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2024-01-12 10:01:15 -05:00
Hynek Mlnařík
cdf60fcea0 Support OR condition for forms + authz (#24879) 
Closes: #24586

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit c03c2e953a7aae971748060a65ca6c8c5d12bcb4)
 2024-01-11 19:54:09 +01:00
Hynek Mlnařík
d9b2b7f82e Use proper attribute name in UI 
Fixes: #25827

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit 0bf1fe3eb34237d8ce568eac9a4c0d5681fe782b)
 2024-01-11 13:16:04 +01:00
Alexander Schwartz
c1157a3966
Fix OfflineServletAdapterTest failures, and improve logging (#26044) 
Closes #25714
Closes #14448

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

(cherry picked from commit 03372d2f41dd09dfc853db0762369e26fd8064e3)
 2024-01-11 12:58:27 +01:00
andymunro
2ac433d6d6
Clarify note about containers 
Closes #26006

(cherry picked from commit 964bdb4bc10557ee71e5625fada52f73b8063edb)

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-01-11 08:06:54 +01:00
AndyMunro
09d86a1058 Change RHDG to Infinispan 
Closes #26083

Signed-off-by: AndyMunro <amunro@redhat.com>
(cherry picked from commit 520c8499957ab25e23fdcc57aabb4689d0d3a302)
 2024-01-10 18:06:09 +01:00
Tomas Ondrusko
2b4e49e87e Update web elements of the Instagram login page 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
(cherry picked from commit 26342d829c9d5d381b02b857cbac8250ed4ffdf7)
 2024-01-09 15:54:02 +01:00
Sebastian Schuster
4c82f231d8
enable dot in attribute when user profile enabled 
Closes #24918

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-01-09 14:50:48 +00:00
Daniel Fesenmeyer
3947958ab6 Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java) 
Closes #25677

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
(cherry picked from commit baafb670f77688aedabf91dee513279f98823c93)
 2024-01-09 14:53:09 +01:00
Alexander Schwartz
397ee94d0a
Add the build step to the overall status check (#26014) 
Closes #25981

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-09 13:34:18 +01:00
Hynek Mlnařík
04f2f90c04
added permission checking to ui-ext realm resource so realm names are not leaked to users without the appropriate permissions. #25679 (#25683) (#25845) 
Closes: #25392
Closes: #25679

Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
(cherry picked from commit 9be7f0e474b49e6e8e4dcedcdb41e84a45171aa7)

Co-authored-by: Garth <244253+xgp@users.noreply.github.com>
 2024-01-09 10:25:46 +01:00
Steven Hawkins
1b65d4a0f4
fix: do not split on space for option errors (#25955) 
closes #25783

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-01-08 20:21:17 +00:00
Ryan Emerson
bcfcea65c6 Update Route53 HA guide to be compatible with ROSA and OpenShift 4.14.x (#25900) 
Closes #25733

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-08 16:34:50 +01:00
Pedro Ruivo
5ebcf584e2 High Availability Docs: use unbounded token for cross-site connection 
Expirable tokens are more secure but it requires manual intervention to
create and share them when they expire.

I have updated the documentation to use non-expirable tokens.

Closes #25909

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-08 16:34:24 +01:00
Ricardo Martin
4188bc33ae
Escape action in the form_post.jwt and only decode path in RedirectUtils (#93) 
Closes #90

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-04 13:46:43 +01:00
Jordi Mallach
c46920bfdd
Fix links in HTML email templates 
Closes #25878

Signed-off-by: Jordi Mallach <jordi@mallach.net>
 2024-01-03 17:58:51 +00:00
Réda Housni Alaoui
53731027be @NoCache is not considered anymore 
Closes #25120

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>

Conflicts:
	rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/UserResource.java
	services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
	services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
	services/src/main/java/org/keycloak/authorization/admin/ScopeService.java
	services/src/main/java/org/keycloak/services/resources/account/SessionResource.java
	testsuite/integration-arquillian/test-apps/servlets-jakarta/pom.xml
 2024-01-02 19:10:40 +01:00
Hynek Mlnařík
e3d24311c1 Do not show sign-out action for offline sessions (#25577) 
Closes: #24763

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit c6ce859493c786989824633a5f2ac227a84b71bc)
 2024-01-02 15:27:51 +01:00
Alexander Schwartz
de3634a1de Adding a test case to check that the expiration time is set on logout tokens 
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 9e890264dfa092028f9e71418728ff8d3b76d41b)
 2023-12-27 14:39:36 +01:00
Niko Köbler
9659182472 add the exp claim to the backchannel logout token 
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.

As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.

resolves #25753

Signed-off-by: Niko Köbler <niko@n-k.de>
(cherry picked from commit 5e623f42d49d09261b75fe19a4f6e37ab3f7344e)
 2023-12-27 14:39:36 +01:00
Niko Köbler
ca7b8d610b make css classes for password visibility configurable through theme properties 
Closes #25016

Signed-off-by: Niko Köbler <niko@n-k.de>
(cherry picked from commit a5f276ce28ee06de7fc1516028fc1d60f3e77a05)
 2023-12-22 11:37:23 +01:00
Alexander Schwartz
a28e8e0063
Adding parsing of "fixes"/"fixed" Keyword and the colon (#25755) 
Closes #25633

(cherry picked from commit a420b46913758d30360adeacbbad3f324f576a28)

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-22 10:45:44 +01:00
rmartinc
2b785ac7e1 Workaround to allow percent chars in getGroupByPath via PathSegment 
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 522e8d288762f2a892d1431ea8772e916123fcf0)
 2023-12-20 13:11:52 +01:00
mposolda
753485c1c5 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect 
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit cd154cf3189a8ccda78da1d8f36d64b1ff2fff1b)
 2023-12-18 14:47:00 -03:00
Alexander Schwartz
79f3ca5590
Showing the original exception plus any swallowed exceptions (#25616) 
Closes #25424

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit c4ada852331e7379e851a04759f3c0c9f80d04c8)
 2023-12-18 12:01:49 +01:00
Marek Posolda
48dcaf83eb
Change arg of getSubGroups to briefRepresentation (#25587) 
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
(cherry picked from commit 860978b15aecd6f5e63cd7c85e32c617311dd089)

Co-authored-by: Erwin Rooijakkers <erwin@rooijakkers.software>
 2023-12-18 10:49:35 +00:00
Alexander Schwartz
ff2242cabb
Avoid shutdown of Infinispan when using cache (#25615) 
Closes #24508

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit e01827693a20b79a6d4d61f2ecbaa5a659cb466c)
 2023-12-18 10:22:43 +01:00
Martin Bartoš
e1d0b45f61 PubKeySignRegisterTest failures in WebAuthn tests 
Fixes #9693

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-12-15 17:37:37 +01:00
rmartinc
3d16564f0d Do not allow remove a credential in account endpoint if provider marks it as not removable 
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit d004e9295fc22cdd9b4f3e261f1fb922e5ab4269)
 2023-12-15 13:42:49 +01:00
Hynek Mlnarik
496ca92320 Fix resource path for account console 
Closes: #25437

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit 5f18d8b94b83d5018cf5ec6f79f97313627655c9)
 2023-12-15 12:49:54 +01:00