Commit graph

311 commits

Author SHA1 Message Date
Martin Kanis
1fbee8134b KEYCLOAK-12697 Remove mvel2 from parent pom and licenses 2020-01-23 13:04:31 -06:00
Martin Kanis
e1f8e5d08c KEYCLOAK-12462 Align to EAP 7.3.0.GA 2020-01-13 14:58:59 +01:00
Stefan Guilhen
9f69386a53 [KEYCLOAK-11707] Add support for Elytron credential store vault
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
 - Introduces an abstract provider and factory that unifies code that is common to the existing implementations
 - Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
   and key names when constructing the vault entry id
 - Introduces a keyResolvers property to the existing implementation via superclass that allows for the
   configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
   are tried in the order they were declared when retrieving a secret from the vault
 - Adds more tests for the files-plaintext provider using the new key resolvers
 - Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
   needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
Cas Eliëns
66f5d1259f Fix typo 2019-12-11 16:18:59 +01:00
Dmitry Telegin
e2144d6aec KEYCLOAK-12175 - Platform SPI 2019-12-09 09:55:04 +01:00
Martin Kanis
13b5463153 KEYCLOAK-11863 ConfigMigrationTest wrong assertion for Standalone configuration 2019-11-29 22:52:30 +01:00
Martin Kanis
27b410e772 KEYCLOAK-12059 Upgrade to WildFly 18.0.1 2019-11-27 15:15:11 +01:00
Pedro Igor
cee884e4a7 [KEYCLOAK-8406] - Remove Drools/Rules Policy 2019-11-22 15:38:51 +01:00
Dmitry Telegin
79074aa380 KEYCLOAK-12162 Modularize config backends (#6499)
* KEYCLOAK-12162 - Modularize configuration backends

* - Use JsonSerialization
- simplify backend selection (no fallbacks)

* Remove unused org.wildfly.core:wildfly-controller dependency
2019-11-22 15:23:04 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459)
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
stianst
1663f804f6 KEYCLOAK-12012 Change to LICENSE.txt from License.html for Keycloak 2019-11-13 07:46:39 +01:00
stianst
b8881b8ea0 KEYCLOAK-11728 New default hostname provider
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2019-11-11 12:25:44 +01:00
Takashi Norimatsu
ecae2c5772 KEYCLOAK-11743 Update to webauthn4j 0.9.14.RELEASE and add apache-kerby-asn1:2.0.0 dependency (#6401) 2019-11-05 09:23:09 +01:00
Martin Kanis
4c8cb05b7a KEYCLOAK-9940 Remove org.jboss.metadata module 2019-10-29 23:17:57 +01:00
Martin Kanis
25689d2a07 KEYCLOAK-9985 Removal of org.apache.commons in WildFly affects distribution 2019-10-29 23:13:44 +01:00
Martin Kanis
dda0f68b46 KEYCLOAK-11380 CD 8 Align versions for productization 2019-10-29 21:02:43 +01:00
Denis Richtárik
6bf1e8a9a7 KEYCLOAK-9979 Remove keycloak-servlet-oauth-client (#6423) 2019-10-24 17:28:41 +02:00
Pedro Igor
bb4ff55229 [KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server
Conflicts:
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java

(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
2019-10-22 10:34:24 +02:00
Martin Kanis
37304fdd7d KEYCLOAK-10728 Upgrade to WildFly 18 Final 2019-10-21 14:06:44 +02:00
Sebastian Laskawiec
ea1b22daa7 KEYCLOAK-11227 Removed enabled/disabled flag from FileTruststoreProvider 2019-10-15 05:24:28 +02:00
stianst
52085da520 KEYCLOAK-11702 Remove RestEasy 4 dependencies from core codebase 2019-10-11 15:03:34 +02:00
Takashi Norimatsu
7c75546eac KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
Pedro Igor
a1d8850373 [KEYCLOAK-7416] - Device Activity 2019-09-05 11:43:27 -03:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Martin Kanis
af1e8144ff KEYCLOAK-10891 Align versions and update licenses for CD7 2019-07-19 15:18:00 +02:00
Hynek Mlnarik
3d4283fac9 KEYCLOAK-9987 Upgrade to Wildfly17
Co-Authored-By: hmlnarik <hmlnarik@redhat.com>
2019-07-16 08:05:46 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
vramik
7638226741 KEYCLOAK-10002 remove microprofile-metrics and microprofile-health extensions in domain mode 2019-04-10 11:04:09 +02:00
slominskir
8dd96d6962 KEYCLOAK - 9923 - add-user-keycloak detect if Java uses modules (JDK 9+) 2019-04-09 17:34:16 -03:00
vramik
5808ad2de0 KEYCLOAK-9708 Enable SmallRye Health and Metrics extensions 2019-03-18 10:57:28 +01:00
vramik
3cc405b1c5 KEYCLOAK-8542 Remove resteasy workaround - KeycloakStringEntityFilter 2019-03-16 13:53:54 +01:00
vramik
d7313d91e5 KEYCLOAK-9709 Upgrade to Wildfly 16 2019-03-15 22:18:09 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
Hynek Mlnarik
37ef47d6ab KEYCLOAK-9509 Upgrade to Wildfly 15
KEYCLOAK-9584 Update Wildfly Arquillian version

KEYCLOAK-9581: Fix CookiePathTests

KEYCLOAK-9607 CLI sripts and configuration files update

KEYCLOAK-9580 Fix component registration error

KEYCLOAK-9590 Update JDG to newest version

* Infinispan is using whatever version is set in root pom.xml.

KEYCLOAK-9509 Fix Undertow tests

Co-Authored-By: vramik <vramik@redhat.com>
Co-Authored-By: sebastienblanc <scm.blanc@gmail.com>
2019-02-25 08:56:46 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
pskopek
132d0a44be KEYCLOAK-9029: generated licence files using distribution/licenses-common/update-licenses.sh 2018-12-17 08:11:08 +01:00
pskopek
808a743671 KEYCLOAK-9029: fixed licenses files issue per PR review
+ some wrong license file URLs fixed
2018-12-17 08:11:08 +01:00
pskopek
d56fdabb5e KEYCLOAK-9029: generated licence files using distribution/licenses-common/update-licenses.sh 2018-12-17 08:11:08 +01:00
pskopek
4d8b3424d1 KEYCLOAK-9029: update licenses.xml files 2018-12-17 08:11:08 +01:00
Pedro Igor
0c39eda8d2 [KECLOAK-8237] - Openshift Client Storage 2018-12-06 10:57:53 -02:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
stianst
00cee1d8cf KEYCLOAK-8654 Update licenses 2018-11-01 08:52:39 +01:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
stianst
11374a2707 KEYCLOAK-8556 Improvements to profile 2018-10-12 12:26:37 +02:00
Takashi Mogi
c3f1bd5a25 KEYCLOAK-8342 Add core-management module to standalone and standaloen-ha 2018-10-08 22:21:07 +02:00
Pedro Igor
0a6e22ba54 [KEYCLOAK-8412] - Upgrade to Drools 7.11.0.Final 2018-10-04 09:41:41 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
mposolda
6fc99cd749 KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
mposolda
a63676ce93 KEYCLOAK-7989 Running server config migration fails due the Hostname SPI 2018-08-03 13:47:17 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
ssilvert@win.redhat.com
e7e15652cf KEYCLOAK-7479: Sanitize 2018-08-01 14:22:39 -04:00
stianst
f99299ee39 KEYCLOAK-7967 Introduce Hostname SPI 2018-08-01 11:57:45 +02:00
Pedro Igor
3fc6eed1ce [KEYCLOAK-7827] - Missing org.jboss.logging dependency to keycloak-authz-client module 2018-07-13 09:17:49 -03:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
Martin Kanis
998227ac53 KEYCLOAK-5461 Upgrade to Liquibase 3.5.5 2018-06-22 13:20:10 +02:00
stianst
e98fcfe56e KEYCLOAK-7641 Add details on how to build server-only, including some fixes to poms 2018-06-18 10:38:15 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
stianst
505cf5b251 KEYCLOAK-6519 Theme resource provider 2018-02-09 08:28:59 +01:00
David
2743e4a182 Update changes on sssd.conf file to make script idempotent 2018-02-06 09:04:37 -02:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
stianst
61fe554617 KEYCLOAK-6051 Fix licenses 2017-12-19 08:20:29 +01:00
Martin Kanis
47721957b7 KEYCLOAK-6018 Create BOM for Drools dependencies 2017-12-14 14:51:25 +01:00
stianst
35e60e0aa4 KEYCLOAK-5957 2017-12-06 08:59:40 +01:00
pedroigor
b1127ffafe [KEYCLOAK-5953] - Making elytron dependencies optional 2017-12-04 10:13:55 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
Peter Nalyvayko
b8e5fd2b99 KC-4335: working on adding a reverse proxy support to allow X.509 client certificate authentication when running keycloak behind a reverse proxy
KC-4335: reverse proxy => a swtich to change a type of reverse proxy when running the X509 integration tests; changes to the names of the reverse proxy providers

KC-4335: updated the migration scripts to add x509 spi to standalone and domain configurations; removed the HAproxy and apache x509 spi configuration
2017-11-30 11:00:32 +01:00
Alex Szczuczko
c860ca61c3 KEYCLOAK-5843 Add custom license processing plugin to avoid directory symlinks (#4723)
Symlinks are frequently unavailable on Windows (must be on NTFS and user must
have SeCreateSymbolicLinkPrivilege). Removing the symlinks for licenses/common/
should enable the build to function mostly normally on Windows. The individual
license files will be incorrect, but that shouldn't matter for local builds.
Release builds are done on *nix.

The plugin rolls several different plugin executions into one. The common files
are distributed using a resource jar, used by and unpacked by the plugin.
2017-11-27 12:31:31 -05:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Alex Szczuczko
9c0ec8cb10 Enforce a standard sort order on deduplication in download-license-files.sh
This will avoid noise in the diffs (files switching between symlink and regular
status) when users on systems with a different default sort order run the
script. `LC_ALL=C sort` will sort by byte order.
2017-11-08 12:58:38 +01:00
Alex Szczuczko
d268412738 Initial run of download-license-files.sh on license XMLs
Command line used:

find -path '*/src/main/resources/licenses' | while read -r r; do pushd "$r"; common/download-license-files.sh rh-sso/licenses.xml; common/download-license-files.sh keycloak/licenses.xml; popd; done
2017-11-08 12:58:38 +01:00
Alex Szczuczko
f88b3cddb6 Port forward license data from maintenance, with improvements.
org.keycloak dependencies will be automatically added to the xml during the
build, removing the need for runs of download-license-files.sh every time the
keycloak version changes.

Documentation on "why and how" for the license data has also been added.

To reduce code duplication issues, plugin definitions are stored in
keycloak-parent, but only active in the projects that need them (not bound to
any phase by default). Also, the common files have been moved into
licenses/common/, so that a single symlink will suffice to replicate the
current and future files needed by the plugin executions. While the
assembly.xml definitions remain duplicated, they are fairly minimal and
shouldn't need to change often.

License data is available for all adapters shipped in the product, plus
server-feature-pack.

The keycloak slot is populated with data, in addition to the rh-sso slot. A
number of the adapters don't depend on any third-party artifacts, so they have
(mostly) blank license.xml files.
2017-11-08 12:58:38 +01:00
Marek Posolda
9e2ab2750a Merge pull request #4616 from vramik/KEYCLOAK-5749
KEYCLOAK-5749 Update migration scripts for WildFly 11 Final
2017-10-26 13:24:29 +02:00
vramik
906538e6aa KEYCLOAK-5749 Update migration scripts for WildFly 11 Final 2017-10-26 11:21:48 +02:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
vramik
a42e0d6a31 KEYCLOAK-5674 updated migration scripts 2017-10-16 22:36:40 +02:00
Stan Silvert
6082e49252 KEYCLOAK-4952: Header information disclosure 2017-10-06 16:04:39 -04:00
Stian Thorgersen
ee35673615 KEYCLOAK-1250 Profile and console loader for new account management console 2017-09-14 19:53:02 +02:00
Bill Burke
e907a9aa6d put back elytron and resteasy providers 2017-09-11 17:21:30 -04:00
Bill Burke
cf47d49fc6 add back multipart provider 2017-09-11 09:47:56 -04:00
Bill Burke
1ed5730769 add back multipart, remove elytron 2017-09-08 14:47:37 -04:00
Bill Burke
9f660b48c4 KEYCLOAK-5439 2017-09-08 11:28:12 -04:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Stian Thorgersen
8cc1d02d46 KEYCLOAK-5342 (#4431) 2017-08-28 14:35:58 +02:00
Stian Thorgersen
31be564fa3 KEYCLOAK-5339 Upgrade to WildFly 11 CR1 (#4429) 2017-08-28 12:06:37 +02:00
Pedro Igor
a6dfb4ccdd [KEYCLOAK-5015] - Support for Elytron capabilities in subsystem 2017-08-22 18:01:19 -03:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Hynek Mlnarik
955cbc76d7 KEYCLOAK-5030 Change action tokens cache type to distributed 2017-06-26 10:11:53 +02:00
Stian Thorgersen
43a625db28 KEYCLOAK-4477 Fix update to WF 11 2017-05-19 08:31:29 +02:00
Stian Thorgersen
cc42ea9332 KEYCLOAK-4773 Remove 'providers' directory 2017-05-19 06:24:58 +02:00
Stian Thorgersen
9ec3a8c3d9 KEYCLOAK-4933 Fixes 2017-05-19 06:24:58 +02:00
Stian Thorgersen
2e83eda172 KEYCLOAK-4477 Update to WildFly 11 2017-05-19 06:24:58 +02:00