External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
24,477 Commits 26 Branches 288 Tags
Commit Graph

24477 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
stianst
fb2bd05840 Set version to 24.0.9 24.0.9 2024-11-27 10:32:04 +01:00
Steven Hawkins
0537659e91
fix: ensures that properties are runtime properties are filtered (#218) 
closes: #CVE-2024-10451

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-11-18 11:33:15 +01:00
Peter Zaoral
22f0f81507
fix: prevent inclusion of characters that could lead to FileVault path traversal (#219) 
Closes: #211

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-11-18 09:28:05 +01:00
Steven Hawkins
d0eaed4d82
fix: returning addresses instead of hosts on the ClientConnection (#217) 
also consolidates checks of whether a host or address is local

closes: #CVE-2024-9666

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-11-18 09:25:36 +01:00
Douglas Palmer
c4160df1e8
EMBARGOED CVE-2024-10270 org.keycloak/keycloak-services: Keycloak Denial of Service (#216) 
Closes #CVE-2024-10270

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-11-14 09:47:34 +01:00
Václav Muzikář
3da16eed1f
Update docs with security warning around client certificate lookup (#215) 
Closes #203

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-11-13 16:18:26 +01:00
Stan Silvert
b01a55710d
Let create/edit client role w/ fine-grained auth. (#34672) 
Fixes #31537


(cherry picked from commit 85a0fa389cebf7e31031e49be43b91e82230e2ac)

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2024-11-07 16:39:03 +01:00
Erik Jan de Wit
b82d67e4cd
added exact search option to attributes (#34135) 
(cherry picked from commit a339e79d3ecbd35c12abd3c67717fc5ea466b415)

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-10-23 14:32:47 -04:00
vramik
3f095fe9b5 Wildcard search not working for custom user attributes 
Closes #32451

Signed-off-by: vramik <vramik@redhat.com>

(cherry picked from commit b7eaa9b0cb8bd8e1216ecd27ca71390abbd4c9dc)
 2024-10-22 15:57:35 -03:00
vramik
ce695ac8e3 12671 querying by user attribute no longer forces case insensitivity for keys 
Closes #12671

Signed-off-by: vramik <vramik@redhat.com>

(cherry picked from commit 05425549844f8e222b62ee01de1bd5c69b64c9ca)
 2024-10-18 06:54:05 -03:00
Alexander Schwartz
3d91f8c73d Fixing link to external docs 
Closes #33991

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-17 18:22:49 -03:00
Ryan Emerson
280b68af78 AuroraDB IT - Error creating EC2 runner instance 
Closes #33874

- Use venv to install python dependencies
- Utilise latest ansible version
- Utilise RHEL 9 image to update python versions

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-10-17 12:24:45 +02:00
Ricardo Martin
99eafb1a5e Fix CRL verification failing due to client cert not being in chain (#29582) 
closes #19853

Signed-off-by: Micah Algard <micahalgard@gmail.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>

Co-authored-by: Micah Algard <micahalgard@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 74a80997c79928bc928bc7ff9402b47f06aa3a97)
 2024-10-17 10:38:59 +02:00
rmartinc
dc96ac56d7 Change certificates for SAML testing 
Closes #34004

In upstream this was solved by e9c9efc3f4dac20cf6a791fd3efaa246612038bd
but the backport needs to strip the commit and just maintain the
certificate changes.

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-17 09:15:05 +02:00
rmartinc
7719933d44 Run all maven commands inside the ubi docker container 
Closes #33881

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-17 09:15:05 +02:00
mposolda
b4b43efa69 Temporarily comment FIPS CI until it is figured what causes the issue 
closes #33875

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-17 09:15:05 +02:00
Ricardo Martin
99dc668d55
Bump @playwright/test from 1.47.2 to 1.48.0 (#33993) 
Bumps [@playwright/test](https://github.com/microsoft/playwright) from 1.47.2 to 1.48.0.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.47.2...v1.48.0)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...


(cherry picked from commit d334eeaebc3ff91cb309406f789e52835176a859)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-16 14:41:52 +02:00
Ricardo Martin
e2904a31af
Bump manusa/actions-setup-minikube from 2.11.0 to 2.13.0 (#33801) (#33934) 
Bumps [manusa/actions-setup-minikube](https://github.com/manusa/actions-setup-minikube) from 2.11.0 to 2.13.0.
- [Release notes](https://github.com/manusa/actions-setup-minikube/releases)
- [Commits](https://github.com/manusa/actions-setup-minikube/compare/v2.11.0...v2.13.0)

---
updated-dependencies:
- dependency-name: manusa/actions-setup-minikube
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 268229dbe8e5a5035d4aaec09f59433a46946c9d)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-15 12:50:24 +02:00
Alexander Schwartz
28638dc97e Fixing broken links after KC26 docs changes 
Closes #33576

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-14 10:50:40 +02:00
mposolda
d38f0ec19f Better logging when error happens during transaction commit 
closes #33275

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 07cf71e818e7feca1a36164c216a225f198d50f0)
 2024-10-08 13:15:49 +02:00
Ricardo Martin
47b91ac68b
Fixes a race condition in the test suite causing sporadic failures (#33561) 
Closes #33064

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-10-04 14:38:01 +00:00
Giuseppe Graziano
5344aada5e Remove root auth session after backchannel logout 
Closes #32197

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
(cherry picked from commit b46fab230824a2304daafe74be019e8bd4ee590a)
 2024-10-03 08:49:56 +02:00
mposolda
1e4bb18638 Add link to EAP 8 documentation to the SAML documentation 
closes #33426

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-02 19:11:55 +02:00
Stefan Guilhen
2cc3854381
Sort the IDPs in the admin console admin and organization tables by alias (#32999) (#33081) 
- prevent issues when ordering by guiOrder due to pagination of results

Closes #32669

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit 6503d202ac9994a5ea6dafc0f800b1a5f1fd8e76)
 2024-09-20 22:34:11 +02:00
Erik Jan de Wit
b385f36c7c
add error to the console for debugging 
fixes: #33040

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
(cherry picked from commit 9e42e8013d7581e0e188226095ff695a51cee2d7)
 2024-09-20 22:28:14 +02:00
Stian Thorgersen
babfcba148
Improve handling for loopback redirect-uri validation (#196) 
Signed-off-by: stianst <stianst@gmail.com>
 2024-09-16 13:33:04 +02:00
Ricardo Martin
1100c672ca
Use references to obtain the signed elements in a signature (#193) 
Closes keycloak/keycloak-private#191

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-13 12:49:29 +02:00
Alexander Schwartz
e655b90efd
Do not automatically re-import users if they already exist locally when searching by attributes (#32887) 
Closes #32870

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-13 12:42:55 +02:00
Thomas Darimont
073e773a35 Ensure realm attributes import happens before client import 
Adjusted import file for KC24.

Fixes #32799

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
(cherry picked from commit 445a7da9020e4c48561d99040edca36cda61d4cf)
 2024-09-12 09:14:54 +02:00
Erik Jan de Wit
1ed55ded25
better parsing of value and default value 
fixes: #31085

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
(cherry picked from commit 64c6dc00c02fa9e6b0589b86690ba3aac35805bc)
 2024-09-10 10:13:06 +02:00
cgeorgilakis-grnet
b9bd644dc5 Check refresh token flow response for offline based on refresh token request parameter 
Closes #30857

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
(cherry picked from commit 20cedb84eb2084c22cab4f263ce00ba9fb79ffc1)
 2024-09-10 08:52:08 +02:00
Ricardo Martin
5e06da2f67 Honor turnOffChangeSessionIdOnLogin in SAML adapter (#186) 
Closes keycloak/keycloak-private#183

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-04 16:15:06 +02:00
Steven Hawkins
83f6f1f78a
fix: mark slf4j as not optional for the operator (#32652) 
closes: #32651

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-09-04 16:13:52 +02:00
Ricardo Martin
d7013507eb
SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface (#32235) 
Closes #32084

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-20 09:18:27 +02:00
Ricardo Martin
ab486123dc
better unset check (#32062) (#32206) 
* better unset check

fixes: #32059
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* better explanation

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix min value

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Steal some code from `react-hook-form`

Signed-off-by: Jon Koops <jonkoops@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
(cherry picked from commit 862854bc2915516a1d7a9b3874c39bdfc48f8422)

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-08-19 10:52:06 +02:00
Alexander Schwartz
18649c9a99
Caches the id-to-user mapping for the evaluation in the current session (#32139) 
Closes #31519

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-16 10:16:28 +02:00
rmartinc
4875c117a3 Adding upgrading notes for brute force changes 
Closes #31960

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:21:27 +02:00
rmartinc
c8053dd812 Remove the attempt in brute force when the off-thread finishes 
Closes #31881

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:21:27 +02:00
Pedro Igor
461fa631dc Support for blocking concurrent requests when brute force is enabled 
Closes #31726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-08 17:21:27 +02:00
Erik Jan de Wit
ab94847f1e
removed strange searching pagination logic (#31430) (#31911) 
fixes: #31386

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
(cherry picked from commit 28c1035c5ba80ec853810457cc48596d31597565)
 2024-08-06 12:45:58 +01:00
Jon Koops
bd38e1d323
Only allow a known refferer URI for the Account Console (#28743) (#31814) 
Closes #27628

Signed-off-by: Jon Koops <jonkoops@gmail.com>
(cherry picked from commit 3216e7c781a9bb6399d33255e6b10275b3cc81f9)
 2024-08-01 13:08:52 +02:00
Alexander Schwartz
a1cfc4d816
Trigger clearing the user cache when the duplicate email allowed flag changes (#31723) 
Closes #31045

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-30 14:58:17 +02:00
Marek Posolda
fa0e3dfc11 Documentation for Delete Credential action and related changes (#31719) 
closes #31718

Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
(cherry picked from commit 5b521173518a80b9ce87ae8fd48bb13e86a657ca)
 2024-07-30 10:16:16 +02:00
Alexander Schwartz
21bcb63e7f
All CURL commands should check the HTTP response code (#31600) 
Closes #31598

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-26 12:38:48 +02:00
Miquel Simon
da1110863f
LDAPSyncTest - additional removal of users at the end of the test 
Necessary when running with external AD

Closes #27499

(cherry picked from commit be7775a9bee8debe35be6d1b2cf2df2838d6ca5a)

Signed-off-by: Pavel Drozd <pdrozd@redhat.com>
Co-authored-by: Pavel Drozd <pdrozd@redhat.com>
 2024-07-26 12:17:33 +02:00
Steven Hawkins
db2876c604
fix: backport of looking for separated --spi arguments for the config (#31576) (#31632) 
closes: #31578

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit c0ed46a011c56d3e52c08b4017f86418d8d97104)
 2024-07-25 17:05:38 +00:00
rmartinc
a736fa2f28 Add availability for features and make kerberos use it 
Closes #30730

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit c20dbc5c320176aa4d0ae4ee03b0ff14f73913de)
 2024-07-25 13:00:30 +02:00
Alexander Schwartz
95387bcef8 Filter out null values when looking up entries by ID 
This should prevent null elements in the stream when doing concurrent operations.

Closes #28865

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-24 15:25:22 -03:00
Miquel Simon
015ac68a8a Updated connection configuration for MSSQL test container 
Closes #31558

Signed-off-by: Miquel Simon <msimonma@redhat.com>
(cherry picked from commit aab7a912c46527c3da2aa254aefd653504fd1cef)
Signed-off-by: Miquel Simon <msimonma@redhat.com>
 2024-07-24 16:33:40 +02:00
Erik Jan de Wit
dff6cffcee
Automatically re-authenticate on single-logout (#28723) (#31154) 
Automatically forces the user to re-authenticate from the Admin and Account consoles when a single-logout occurs.

Closes #23832
Closes #23833




(cherry picked from commit 957859d8465e3e72c036dca88f6ef73b5ade650e)

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-07-22 12:18:01 +02:00