libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
23856 commits 4 branches 5 tags 480 MiB
Commit graph

17 commits

Author SHA1 Message Date
Thomas Darimont
e7363905fa Change password hashing defaults according to OWASP recommendations (#16629) 
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2):

- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
  to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly

Fixes #16629

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-01-24 18:35:51 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273) 
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-23 13:50:31 +00:00
rmartinc
2f0a0b6ad8 Remove deprecated mode for saml encryption 
Closes #26291

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-18 16:52:10 +01:00
Lex Cao
a960d0d8fa Add upgrading docs for changes to send-verify-email API 
Closes #26146.

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-01-18 09:48:01 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading (#26160) 
Closes #25300

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-16 09:29:01 +01:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. (#25709) 
Closes #22082

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
 2024-01-09 16:55:22 +01:00
Sebastian Schuster
92d6da437b
Fixed tiny doc typo (#26012) 
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
 2024-01-09 08:02:02 +01:00
Alexander Schwartz
badf3f461d Making metrics with labels for embedded Infinispan the default 
Closes #25935

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-08 21:29:03 +01:00
Jon Koops
ddcaa6dcbf
Add release announcement and migration for new welcome theme (#25895) 
Closes #25894

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-01-08 13:10:51 +00:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features (#24811) 
also adding a common PropertyMapper validation method

closes #24668

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-01-03 17:56:31 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email 
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-20 15:15:06 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration 
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-18 15:35:52 -03:00
Steven Hawkins
e148021a67
fix: adding filtering to ignore anything runtime during a build (#25434) 
fix: adding filtering to ignore anything runtime during a build

closes: #25166

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-12-18 12:50:47 +00:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers option (#25178) 
* Add new `--proxy-headers` option

Closes #23431

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>

* Address review comments vol. 03

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comments vol. 04

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-13 08:27:55 +01:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473) 
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-11-30 08:57:17 +01:00
Jon Koops
48fc29a5c6
Use exports field for Keycloak JS (#24974) 
Closes #24923

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2023-11-24 10:50:02 +01:00