mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30

Go to file

Avoid NPE if realm configuration contains invalid required action configuration (#32649 ) (#33056 )

* Avoid NPE if realm configuration contains invalid required action configuration

If users removed implementations or renamed the provider id of a required action, then the realm configuration might contain dangling references to required actions.
If we then try to find the RequiredActionFactory to determine the if the required action is configurable then NPE is thrown. This PR prevents the NPE with a guard clause.

Fixes #32624

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

* Log a warning if required action with missing provider is detected.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

---------

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
(cherry picked from commit d28adcb81bc41d8ddd2aae11eaafae8846c6f5be)

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>

2024-09-20 14:02:44 -04:00

.github

Cache node binary for Windows to avoid download failures (#32053 )

2024-08-13 09:04:21 +02:00

.idea

Add Intellij project icon

2023-09-18 12:39:16 +02:00

.mvn

Update Maven dependency versions for docs

2024-02-01 13:42:25 +01:00

adapters

Honor turnOffChangeSessionIdOnLogin in SAML adapter (#185 )

2024-08-20 09:35:52 +02:00

authz

Support for service accounts when fetch roles is enabled

2024-06-28 09:30:02 +02:00

boms

Refactor PolicyEnforcer tests to remove dependency on keycloak-adapter-core and remove keycloak-adapter-core

2024-05-27 15:00:13 -03:00

common

Run the Vite dev server through the Keycloak server (#27311 ) (#30373 )

2024-06-12 15:27:59 +00:00

core

Offline tokens created in Keycloak 14 or earlier will not work on Keycloak 25

2024-07-16 10:12:07 +02:00

crypto

OpenJDK 21 support (#28518 )

2024-06-03 14:17:28 +02:00

dependencies

Map Store Removal: Rename legacy modules

2024-01-25 16:29:16 +01:00

distribution

All CURL commands should check the HTTP response code (#31601 )

2024-07-26 12:38:27 +02:00

docs

Remove information about online_user_session table

2024-08-16 11:32:15 +02:00

federation

Do not automatically re-import users if they already exist locally when searching by attributes (#32886 )

2024-09-13 12:43:08 +02:00

integration

Remove @NoCache annotation in admin client interfaces (#32795 )

2024-09-11 15:15:34 +02:00

Do not send attributes when unlocking the user (#32993 )

2024-09-17 08:49:02 +02:00

misc

Use Maven wrapper instead of platform dependent Maven version (#29988 )

2024-06-03 15:45:39 +02:00

model

Ensure realm attributes import happens before client import

2024-09-11 16:38:54 +02:00

operator

All CURL commands should check the HTTP response code (#31601 )

2024-07-26 12:38:27 +02:00

quarkus

fix: backport of looking for separated --spi arguments for the config (#31576 )

2024-07-25 15:34:34 +00:00

rest

Avoid NPE if realm configuration contains invalid required action configuration (#32649 ) (#33056 )

2024-09-20 14:02:44 -04:00

saml-core

Use references to obtain the signed elements in a signature (#188 )

2024-09-17 08:49:29 +02:00

saml-core-api

SAML element EncryptionMethod can consist any element

2024-04-09 14:15:56 +02:00

server-spi

Add @JsonIgnore to SingleUseObjectKeyModel's getExpiration()

2024-07-10 13:40:52 +02:00

server-spi-private

Improve handling for loopback redirect-uri validation (#195 )

2024-09-17 08:49:29 +02:00

services

Improve handling for loopback redirect-uri validation (#195 )

2024-09-17 08:49:29 +02:00

test-poc

Use Quarkus fork join worker for Test PoC

2024-06-06 12:06:59 +02:00

testsuite

Improve handling for loopback redirect-uri validation (#195 )

2024-09-17 08:49:29 +02:00

themes

Include rfc4648 in the import map for login v2

2024-09-10 10:11:42 +02:00

util

Artifact SLF4J LOG4J-12 has been relocated (#20113 )

2023-05-05 13:57:45 +02:00

.editorconfig

Don't apply editorconfig auto-formatting to properties file for now

2024-05-29 19:00:06 +02:00

.gitattributes

Use lf as line-ending for sh files

2022-07-19 08:57:57 +02:00

.gitignore

Move all JavaScript projects into single PNPM workspace (#24537 )

2024-04-02 16:14:58 +02:00

.gitleaks.toml

Ignore a false positive in internal code scan (#27811 )

2024-03-12 15:49:46 +01:00

ADOPTERS.md

add Bundesagentur für Arbeit to ADOPTERS.md (#26784 )

2024-02-05 14:32:49 +01:00

CONTRIBUTING.md

Add DCO to CONTRIBUTING.md (#24384 )

2023-10-31 08:44:43 +01:00

eslint.config.js

Add Playwright ESLint plugin (#30082 )

2024-06-03 14:13:20 +02:00

get-version.sh

Use Maven wrapper instead of platform dependent Maven version (#29988 )

2024-06-03 15:45:39 +02:00

GOVERNANCE.md

Update governance model around changes in maintainership (#29292 )

2024-05-22 08:24:10 +02:00

LICENSE.txt

Added text version of ASL2 license

2019-11-08 12:43:10 +01:00

MAINTAINERS.md

Add Alexander Schwartz to the list of maintainers

2023-06-27 06:45:06 -03:00

maven-settings.xml

[KEYCLOAK-11764] Upgrade to Wildfly 19

2020-04-24 08:19:43 -03:00

mvnw

Update Maven Wrapper to 3.2.0

2023-09-12 08:56:15 +02:00

mvnw.cmd

Update Maven Wrapper to 3.2.0

2023-09-12 08:56:15 +02:00

package.json

Bump prettier from 3.3.0 to 3.3.1

2024-06-07 22:22:16 +02:00

pnpm-lock.yaml

Run the Vite dev server through the Keycloak server (#27311 ) (#30373 )

2024-06-12 15:27:59 +00:00

pnpm-workspace.yaml

Move all JavaScript projects into single PNPM workspace (#24537 )

2024-04-02 16:14:58 +02:00

pom.xml

SAML IdMapperUpdaterSessionListener should be added always and must implement HttpSessionIdListener interface (#32234 )

2024-08-20 09:18:40 +02:00

PR-CHECKLIST.md

Introduce CODEOWNERS (#16637 )

2023-01-30 13:05:45 +01:00

README.md

Add some badges to README.md (#27921 )

2024-03-15 11:25:21 +01:00

SECURITY-INSIGHTS.yml

Provide an OpenSSF security insights manifest file

2024-02-15 11:02:33 -03:00

set-version.sh

Use Maven wrapper instead of platform dependent Maven version (#29988 )

2024-06-03 15:45:39 +02:00

tsconfig.eslint.json

changed name and added version number (#28157 )

2024-04-19 14:10:34 -04:00

tsconfig.json

Move ESLint configuration to project root (#28639 )

2024-04-12 08:34:18 +00:00

README.md

Open Source Identity and Access Management

Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users.

Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.

Help and Documentation

Documentation
User Mailing List - Mailing list for help and general questions about Keycloak

Reporting Security Vulnerabilities

If you have found a security vulnerability, please look at the instructions on how to properly report it.

Reporting an issue

If you believe you have discovered a defect in Keycloak, please open an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.

Getting started

To run Keycloak, download the distribution from our website. Unzip and run:

bin/kc.[sh|bat] start-dev

Alternatively, you can use the Docker image by running:

docker run quay.io/keycloak/keycloak start-dev

For more details refer to the Keycloak Documentation.

Building from Source

To build from source, refer to the building and working with the code base guide.

Testing

To run tests, refer to the running tests guide.

Writing Tests

To write tests, refer to the writing tests guide.

Contributing

Before contributing to Keycloak, please read our contributing guidelines. Participation in the Keycloak project is governed by the CNCF Code of Conduct.

Other Keycloak Projects

Keycloak - Keycloak Server and Java adapters
Keycloak QuickStarts - QuickStarts for getting started with Keycloak
Keycloak Node.js Connect - Node.js adapter for Keycloak

License

Apache License, Version 2.0

Languages

Java 91.4%

TypeScript 7.4%

Fluent 0.5%

FreeMarker 0.2%

JavaScript 0.1%

Other 0.1%