361 commits

Author	SHA1	Message	Date
Alex Morel	1c7f7e7e54	Provide SCIM2 client capabilities behing an experimental Feature Profile ... Closes #1234 Signed-off-by: Alex Morel <amorel@codelutin.com>	2024-11-07 11:15:18 +01:00
vramik	a2ba3c8ace	Feature in higher version takes precedence even if it has lower type order ... Closes #34635 Signed-off-by: vramik <vramik@redhat.com>	2024-11-07 10:55:42 +01:00
vramik	b1ff9511d1	Fine grained admin permissions feature V2 ... Closes #34563 Signed-off-by: vramik <vramik@redhat.com>	2024-11-07 10:55:42 +01:00
Ricardo Martin	226daa41c7	Add service account mappers via client scope instead of dedicated scope (#34664) ... Closes #10417 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Ricardo Martin <rmartinc@redhat.com>	2024-11-07 08:45:11 +01:00
Bernd Bohmann	7681687e0a	Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener ... inspired by https://github.com/aerogear/keycloak-metrics-spi https://github.com/please-openit/keycloak-native-metrics Closes #33043 Signed-off-by: Bernd Bohmann <bommel@apache.org> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-11-04 08:56:24 +01:00
Steven Hawkins	b2ccde29bb	fix: persist build time spi options (#34157) ... closes: #33902 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-10-23 16:51:11 +02:00
Steven Hawkins	af1a5ea2a8	fix: refining https file type detection (#33703) ... also making common trustore logic align closes: #33649 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-10-22 13:05:56 -04:00
mposolda	b95d12a968	Add AuthzClientCryptoProvider to authz-client in keycloak main repository ... closes #33831 Signed-off-by: mposolda <mposolda@gmail.com>	2024-10-15 08:16:14 +02:00
Jon Koops	3930356c21	Treat unencrypted local origins as an insecure context in Safari (#33700) ... Closes #33557 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-10-09 23:38:03 +02:00
Jon Koops	aacdf80664	Add shim for Web Crypto API to admin and account console (#33480) ... Closes #33330 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-10-03 10:51:23 +00:00
Erik Jan de Wit	e8d8de8936	Use feature versions for admin3, account3, and login2 (#33458) ... Closes #33405 Signed-off-by: stianst <stianst@gmail.com>	2024-10-03 12:09:36 +02:00
Stefan Guilhen	9b7cf9d584	Ensure componentsByParentAndType in CachedRealm is returned as a concurrent multi-valued map ... Closes #30235 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-10-01 17:39:00 -03:00
Jon Koops	5e2f09f66d	Remove statically served Keycloak JS from the server (#33083) ... Closes #32827 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-09-22 19:05:01 +02:00
rmartinc	c532751ff4	Downgrade Java for client libraries to 8 ... Closes #33051 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-09-20 17:01:01 +02:00
Vlasta Ramik	4ce40be1af	Make the ORGANIZATION a default feature (#32404) ... Closes #32395 Signed-off-by: vramik <vramik@redhat.com>	2024-09-18 12:19:28 +02:00
Jan-Henrik Bruhn	da5fd31a5f	Fix KeycloakUriBuilder for Uris without a host name ... Signed-off-by: Jan-Henrik Bruhn <github@jhbruhn.de>	2024-09-18 08:42:06 +02:00
Martin Bartoš	7625e3b4ea	Improve error message when wrong KC profile is set (#32898) ... Closes #30454 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com>	2024-09-16 09:37:20 +02:00
Pedro Ruivo	f67bec0417	Rename remote-cache Feature ... Renamed to "clusterless" Closes #32596 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-09-13 13:03:13 +02:00
Pedro Ruivo	24fce87a8e	Deprecate old remote store (feedback) ... Closes #32577 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-11 14:08:53 +00:00
Pedro Ruivo	3274591fe1	Deprecate old remote store ... Closes #32577 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-04 10:25:51 +00:00
Martin Bartoš	afcbf79582	OTEL: Profile Feature ... Closes #32231 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-08-30 13:19:09 +02:00
Steven Hawkins	29eb0171de	task: remove hostname v1 (#32352) ... closes: #27731 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-08-28 17:48:06 +02:00
Michal Hajas	f5b2775939	Enable persistent sessions by default ... Run CI with the feature disabled to test also the old settings Closes #32265 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-08-21 17:37:54 +02:00
Pedro Igor	8e0436715c	Support for ALL and ANY organization scope values ... Related #31438 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-19 08:45:23 -03:00
Steven Hawkins	ea3937f37c	fix: always replacing placeholders (#31871) ... closes: #31625 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-08-12 16:20:47 +00:00
Justin Tay	966a454548	Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) ... Closes #23596 Closes #23597 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-08-08 17:29:35 +02:00
Michal Hajas	50c07c6e7c	Simplify configuration for MULTI_SITE ... Closes #31807 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-08-06 16:14:33 +00:00
Tero Saarni	62fd969fe1	Allow requests from local IPv6 addresses ... If administrator selects EXTERNAL for Require SSL setting, allow clear-text HTTP requests when client is coming from IPv6 link-local or unique local address (ULA). Previously only private IPv4 addresses were allowed and private IPv6 addresses were rejected. Closes #30678 Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2024-08-05 16:38:55 +02:00
Hynek Mlnarik	a7374f92be	Update login theme to login v2 ... Fixes: #29009 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-07-18 14:33:22 +02:00
Steven Hawkins	96511e55c6	startup, welcome, and cli handling of bootstrap-admin user (#30054) ... * fix: adding password and service account based bootstrap and recovery closes: #29324, #30002, #30003 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Fix tests Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>	2024-07-03 15:23:40 +02:00
Thomas Darimont	f34bb21af6	Fix deprecations in common module ... - Use charset in `Encode` class - Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase` - Remove usage of deprecated AccessController class in Reflections - Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction Fixes #22209 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-02 16:02:35 +00:00
rmartinc	c20dbc5c32	Add availability for features and make kerberos use it ... Closes #30730 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-26 14:33:38 +02:00
Douglas Palmer	5af3001122	Check if OSGI metadata can be removed entirely ... Closes #29104 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-25 14:12:33 +02:00
Jon Koops	df18629ffe	Use a default Java version from root POM (#29927) ... Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-21 14:19:31 +02:00
Pedro Ruivo	d2ae27a1e2	External Infinispan as cache - Part 1 ... Part 1 includes * New experimental feature to enable the new code * New providers using RemoteCache only * New test profile to run the tests with the experimental feature New providers' implementation for: * InfinispanConnectionProvider * AuthenticationSessionProvider * ClusterProvider Closes #28140 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-19 14:47:57 +02:00
Jon Koops	c7361ccf6e	Run the Vite dev server through the Keycloak server (#27311) ... Closes #19750 Closes #28643 Closes #30115 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-12 11:55:14 +02:00
Steven Hawkins	5059a02eb2	fix: minor refinements to collection utils (#29536) ... closes: #29535 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-06 10:07:34 -04:00
vramik	2b97859bca	Move Organization feature from EXPERIMENTAL to PREVIEW ... Closes#30137 Signed-off-by: vramik <vramik@redhat.com>	2024-06-04 09:57:03 -03:00
Jon Koops	a3b2dd0735	Remove deprecated ServerCookie class (#29916) ... Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-05-28 14:14:05 +00:00
Patrick Jennings	84acc953dd	Client type OIDC base read only defaults (#29706) ... closes #29742 closes #29422 Signed-off-by: Patrick Jennings <pajennin@redhat.com>	2024-05-22 09:07:19 +02:00
Dimitri Papadopoulos Orfanos	64a145e960	Fix user-facing typos in error messages (#29326) ... Update resource file and tests accordingly Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>	2024-05-16 09:55:41 +02:00
Takashi Norimatsu	b4e7d9b1aa	Passkeys: Supporting WebAuthn Conditional UI (#24305) ... closes #24264 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2024-05-16 07:58:43 +02:00
Alexander Schwartz	6fbe207d64	Create documentation for persistent user sessions ... Closes #29218 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-05-13 11:02:45 +02:00
Dimitri Papadopoulos Orfanos	cd8e0fd333	Fix user-facing typos in Javadoc (#28971) ... Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-05-06 18:57:55 +00:00
Pedro Ruivo	fe5bed6191	Retry fetching event from remote cache ... Closes #28303 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-06 17:27:07 +02:00
Michal Hajas	128bba34d3	Remove PERSISTENT_USER_SESSIONS_No_CACHE feature ... Closes #29264 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-05-06 08:53:39 +02:00
Steven Hawkins	4697cc956b	further refinement of context handling (#28182) ... * fully removing providers and moving the keycloaksession creation / final cleanup also deprecated Resteasy utility methods closes: #29223 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-02 11:21:01 -04:00
Ricardo Martin	fc6b6f0d94	Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872) ... Closes keycloak/keycloak-private#113 Closes keycloak/keycloak-private#134 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2024-04-18 16:02:24 +02:00
rmartinc	ddacfbdefd	Remove deprecated LinkedIn social provider ... Closes #23127 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-18 10:10:58 +02:00
Václav Muzikář	e4987f10f5	Hostname SPI v2 (#26345) ... * Hostname SPI v2 Closes: #26084 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Address review comment Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Partially revert the previous fix Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Do not polish values Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Remove filtering of denied categories Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-04-09 11:25:19 +02:00