357 commits

Author	SHA1	Message	Date
Alex Morel	a1d3c6eb29	Provide SCIM2 client capabilities behing an experimental Feature Profile ... Closes #1234 Signed-off-by: Alex Morel <amorel@codelutin.com>	2024-11-04 17:58:26 +01:00
Steven Hawkins	b2ccde29bb	fix: persist build time spi options (#34157) ... closes: #33902 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-10-23 16:51:11 +02:00
Steven Hawkins	af1a5ea2a8	fix: refining https file type detection (#33703) ... also making common trustore logic align closes: #33649 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-10-22 13:05:56 -04:00
mposolda	b95d12a968	Add AuthzClientCryptoProvider to authz-client in keycloak main repository ... closes #33831 Signed-off-by: mposolda <mposolda@gmail.com>	2024-10-15 08:16:14 +02:00
Jon Koops	3930356c21	Treat unencrypted local origins as an insecure context in Safari (#33700) ... Closes #33557 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-10-09 23:38:03 +02:00
Jon Koops	aacdf80664	Add shim for Web Crypto API to admin and account console (#33480) ... Closes #33330 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-10-03 10:51:23 +00:00
Erik Jan de Wit	e8d8de8936	Use feature versions for admin3, account3, and login2 (#33458) ... Closes #33405 Signed-off-by: stianst <stianst@gmail.com>	2024-10-03 12:09:36 +02:00
Stefan Guilhen	9b7cf9d584	Ensure componentsByParentAndType in CachedRealm is returned as a concurrent multi-valued map ... Closes #30235 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-10-01 17:39:00 -03:00
Jon Koops	5e2f09f66d	Remove statically served Keycloak JS from the server (#33083) ... Closes #32827 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-09-22 19:05:01 +02:00
rmartinc	c532751ff4	Downgrade Java for client libraries to 8 ... Closes #33051 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-09-20 17:01:01 +02:00
Vlasta Ramik	4ce40be1af	Make the ORGANIZATION a default feature (#32404) ... Closes #32395 Signed-off-by: vramik <vramik@redhat.com>	2024-09-18 12:19:28 +02:00
Jan-Henrik Bruhn	da5fd31a5f	Fix KeycloakUriBuilder for Uris without a host name ... Signed-off-by: Jan-Henrik Bruhn <github@jhbruhn.de>	2024-09-18 08:42:06 +02:00
Martin Bartoš	7625e3b4ea	Improve error message when wrong KC profile is set (#32898) ... Closes #30454 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com>	2024-09-16 09:37:20 +02:00
Pedro Ruivo	f67bec0417	Rename remote-cache Feature ... Renamed to "clusterless" Closes #32596 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-09-13 13:03:13 +02:00
Pedro Ruivo	24fce87a8e	Deprecate old remote store (feedback) ... Closes #32577 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-11 14:08:53 +00:00
Pedro Ruivo	3274591fe1	Deprecate old remote store ... Closes #32577 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-04 10:25:51 +00:00
Martin Bartoš	afcbf79582	OTEL: Profile Feature ... Closes #32231 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-08-30 13:19:09 +02:00
Steven Hawkins	29eb0171de	task: remove hostname v1 (#32352) ... closes: #27731 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-08-28 17:48:06 +02:00
Michal Hajas	f5b2775939	Enable persistent sessions by default ... Run CI with the feature disabled to test also the old settings Closes #32265 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-08-21 17:37:54 +02:00
Pedro Igor	8e0436715c	Support for ALL and ANY organization scope values ... Related #31438 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-19 08:45:23 -03:00
Steven Hawkins	ea3937f37c	fix: always replacing placeholders (#31871) ... closes: #31625 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-08-12 16:20:47 +00:00
Justin Tay	966a454548	Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) ... Closes #23596 Closes #23597 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-08-08 17:29:35 +02:00
Michal Hajas	50c07c6e7c	Simplify configuration for MULTI_SITE ... Closes #31807 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-08-06 16:14:33 +00:00
Tero Saarni	62fd969fe1	Allow requests from local IPv6 addresses ... If administrator selects EXTERNAL for Require SSL setting, allow clear-text HTTP requests when client is coming from IPv6 link-local or unique local address (ULA). Previously only private IPv4 addresses were allowed and private IPv6 addresses were rejected. Closes #30678 Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2024-08-05 16:38:55 +02:00
Hynek Mlnarik	a7374f92be	Update login theme to login v2 ... Fixes: #29009 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-07-18 14:33:22 +02:00
Steven Hawkins	96511e55c6	startup, welcome, and cli handling of bootstrap-admin user (#30054) ... * fix: adding password and service account based bootstrap and recovery closes: #29324, #30002, #30003 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Fix tests Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>	2024-07-03 15:23:40 +02:00
Thomas Darimont	f34bb21af6	Fix deprecations in common module ... - Use charset in `Encode` class - Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase` - Remove usage of deprecated AccessController class in Reflections - Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction Fixes #22209 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-02 16:02:35 +00:00
rmartinc	c20dbc5c32	Add availability for features and make kerberos use it ... Closes #30730 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-26 14:33:38 +02:00
Douglas Palmer	5af3001122	Check if OSGI metadata can be removed entirely ... Closes #29104 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-25 14:12:33 +02:00
Jon Koops	df18629ffe	Use a default Java version from root POM (#29927) ... Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-21 14:19:31 +02:00
Pedro Ruivo	d2ae27a1e2	External Infinispan as cache - Part 1 ... Part 1 includes * New experimental feature to enable the new code * New providers using RemoteCache only * New test profile to run the tests with the experimental feature New providers' implementation for: * InfinispanConnectionProvider * AuthenticationSessionProvider * ClusterProvider Closes #28140 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Jon Koops	c7361ccf6e	Run the Vite dev server through the Keycloak server (#27311) ... Closes #19750 Closes #28643 Closes #30115 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-12 11:55:14 +02:00
Steven Hawkins	5059a02eb2	fix: minor refinements to collection utils (#29536) ... closes: #29535 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-06 10:07:34 -04:00
vramik	2b97859bca	Move Organization feature from EXPERIMENTAL to PREVIEW ... Closes#30137 Signed-off-by: vramik <vramik@redhat.com>	2024-06-04 09:57:03 -03:00
Jon Koops	a3b2dd0735	Remove deprecated ServerCookie class (#29916) ... Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-05-28 14:14:05 +00:00
Patrick Jennings	84acc953dd	Client type OIDC base read only defaults (#29706) ... closes #29742 closes #29422 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-22 09:07:19 +02:00
Dimitri Papadopoulos Orfanos	64a145e960	Fix user-facing typos in error messages (#29326) ... Update resource file and tests accordingly Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>	2024-05-16 09:55:41 +02:00
Takashi Norimatsu	b4e7d9b1aa	Passkeys: Supporting WebAuthn Conditional UI (#24305) ... closes #24264 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2024-05-16 07:58:43 +02:00
Alexander Schwartz	6fbe207d64	Create documentation for persistent user sessions ... Closes #29218 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-05-13 11:02:45 +02:00
Dimitri Papadopoulos Orfanos	cd8e0fd333	Fix user-facing typos in Javadoc (#28971) ... Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-05-06 18:57:55 +00:00
Pedro Ruivo	fe5bed6191	Retry fetching event from remote cache ... Closes #28303 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-06 17:27:07 +02:00
Michal Hajas	128bba34d3	Remove PERSISTENT_USER_SESSIONS_No_CACHE feature ... Closes #29264 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-05-06 08:53:39 +02:00
Steven Hawkins	4697cc956b	further refinement of context handling (#28182) ... * fully removing providers and moving the keycloaksession creation / final cleanup also deprecated Resteasy utility methods closes: #29223 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-02 11:21:01 -04:00
Ricardo Martin	fc6b6f0d94	Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872) ... Closes keycloak/keycloak-private#113 Closes keycloak/keycloak-private#134 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2024-04-18 16:02:24 +02:00
rmartinc	ddacfbdefd	Remove deprecated LinkedIn social provider ... Closes #23127 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-18 10:10:58 +02:00
Václav Muzikář	e4987f10f5	Hostname SPI v2 (#26345) ... * Hostname SPI v2 Closes: #26084 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Address review comment Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Partially revert the previous fix Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Do not polish values Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Remove filtering of denied categories Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-04-09 11:25:19 +02:00
Alexander Schwartz	c580c88c93	Persist online sessions to the database (#27977) ... Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one. Closes #27976 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-03-28 09:17:07 +01:00
Jon Koops	3382e16954	Remove Account Console version 2 (#27510) ... Closes #19664 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-03-27 10:53:28 +01:00
Steven Hawkins	be32f8b1bf	fix: limit the use of Resteasy to the KeycloakSession (#28150) ... * fix: limit the use of Resteasy to the KeycloakSession contextualizes other state to the KeycloakSession close: #28152	2024-03-26 13:43:41 -04:00
Steven Hawkins	7eab019748	task: deprecate WILDCARD and STRICT options (#26833) ... closes: #24893 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-21 16:22:41 +01:00