Commit graph

528 commits

Author SHA1 Message Date
Martin Bartoš
37b58bfbc7
Relocate Quarkus resteasy-reactive dependencies to REST (#32313)
Closes #32312

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-21 18:38:04 +02:00
Steven Hawkins
d9a92f5de3
fix: expose bootstrap-admin-* options (#32241)
* fix: expose bootstrap-admin-* options

closes: #32176

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-08-21 15:52:38 +02:00
Václav Muzikář
aee9390812
Resolve disabled options even at fast startup (#32245)
Closes #30380

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-08-20 12:15:32 +02:00
Martin Bartoš
bf5cf47351
Management Interface is turned on even though nothing is exposed on it (#31938)
* Management Interface is turned on even though nothing is exposed on it

Fixes #31818

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove conditional enablement, add relevancy description

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-19 15:52:59 +02:00
Václav Muzikář
799201f406 Fix duplicate options in show-config
Closes #32182

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-08-18 09:29:31 +02:00
Václav Muzikář
cb418b0bfc
Upgrade to Quarkus 3.13.2 (#31678)
* Upgrade to Quarkus 3.13.2

Closes #31676

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-08-16 11:41:34 +02:00
Martin Bartoš
94fb762f8e
Export users throws Disabled option: '--users' (#32126)
Fixes #31515

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-15 09:23:17 +02:00
Martin Bartoš
3ff825807f Tracing - Configurable service name and resource attributes
Closes #32056

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-13 15:43:07 +02:00
Martin Bartoš
f0162db56f
Cache guide does not properly print cache-stack values (#31943)
* Cache guide does not properly print cache-stack values

Ability to choose expected values strict

Fixes #31941

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add Javadoc

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Reflect non-strict values in docs

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Use 'or any' in docs for non-strict expected values

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Edit approved files for HelpCommandDistTest

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-13 08:35:40 +00:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-12 20:35:50 +02:00
Steven Hawkins
ea3937f37c
fix: always replacing placeholders (#31871)
closes: #31625

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 16:20:47 +00:00
Steven Hawkins
b72ddbcc45
fix: add a warning log if a deprecated admin env variable is used (#32038)
closes: #31491

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 08:54:30 +02:00
Martin Bartoš
5b83a7993c
Support OpenTelemetry tracing
Closes #28581

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
2024-08-08 16:48:29 +02:00
Steven Hawkins
10fae5de7a
fix: adding weak validation of spi options (#31737)
closes: #27298

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:21:24 -04:00
Steven Hawkins
7ce6f12fe3
fix: adds a check for duplicate users/clients to simplify cmd errors (#31583)
also changes temp-admin-service to temp-admin

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:20:33 -04:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Pedro Ruivo
1e9f6bbb8c Non clustered Keycloak with External Infinispan feature
Disables JGroups (clustering) when remote-cache feature is enabled

Fixes #31876

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-05 17:04:36 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-01 16:16:19 +02:00
Ryan Emerson
349ff51116 Log a warning if remote-store configuration exists when the REMOTE_CACHE Feature is enabled
Closes #31775

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-31 16:59:05 +02:00
Martin Bartoš
4d60c91cb8
Improve Quarkus configuration tests execution (#31668)
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-07-26 14:47:51 +00:00
Stian Thorgersen
b4368b75e6
Testsuite PoC - Use service account for admin client (#31478)
Signed-off-by: stianst <stianst@gmail.com>
2024-07-24 13:14:50 +02:00
Steven Hawkins
6378dcbac2
fix: additional consolidation / refinement of argument parsing (#31448)
closes: #26339

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-24 10:23:23 +02:00
Steven Hawkins
d970521415
fix: fail to start if the admin user can't be added (#31207)
also allowing the bootstrap options to be used by the cli, which
requires hidden options to stay hidden

and a minor refactoring for clarity

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-18 10:27:48 -04:00
Pedro Ruivo
9b39498085
Add default stack in cache-ispn.xml
A bug in Infinispan prevents the metrics to be registered if the "stack"
is not specified.
Change the default configuration shipped with Keycloak to use the UDP
stack as default.
UDP is the default in previous Keycloak versions.

Fixes #31218

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-16 12:05:38 +02:00
Steve Hawkins
d5041816b6 fix: check for blank password / client secret
closes: #30540

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-11 14:43:01 +02:00
Pedro Igor
2da37542e8 Adding simple cache to cache-local.xml
Closes #31064

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-05 10:10:39 +02:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user (#30054)
* fix: adding password and service account based bootstrap and recovery

closes: #29324, #30002, #30003

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Fix tests

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-07-03 15:23:40 +02:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-02 16:02:35 +00:00
Alexander Schwartz
1edf444bc8
Re-augment at start after a previous dev mode (#30461)
Closes #30460

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-26 09:00:54 +00:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072)
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e External Infinispan as cache - Part 2
Includes a new implementation for the providers:

* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory

Closes #28648

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Alexander Schwartz
3bcb8787c8 Remove AUTO_SERVER H2 default JDBC property
This avoids problems if the hostname can't be resolved by InetAddress.getLocalHost()

Closes #26042

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-19 10:30:36 +02:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474)
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-13 18:02:46 +02:00
Jon Koops
c7361ccf6e
Run the Vite dev server through the Keycloak server (#27311)
Closes #19750
Closes #28643
Closes #30115

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-12 11:55:14 +02:00
Václav Muzikář
375ea9da03
Enhance masking around config-keystore (#30348)
Closes #30346

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-06-12 08:54:45 +02:00
Alexander Schwartz
1b821f3267 Ensure that Java's ForkJoinPool is initialized with Quarkus' ThreadPoolFactory
Closes #30120

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-05 08:08:01 +02:00
Pedro Ruivo
82beee607e
Workaround for cache initialization failure discovered in #30120
Create Infinispan configuration in the main thread to have access to the
default option values.

Fixes #30130

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-04 11:35:32 +00:00
Peter Zaoral
cd2451d58b
Remove Oracle JDBC driver out of the box (#29895)
Closes: #29491

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-05-31 17:21:19 +00:00
Stian Thorgersen
568a5cb678
JUnit 5 test framework PoC (#29517)
Closes #29516

Signed-off-by: stianst <stianst@gmail.com>
2024-05-27 10:05:35 -03:00
Ryan Emerson
0f17f0abc5
Require external Infinispan be of version 15 or greater
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 11:26:26 +00:00
Case Walker
f32cd91792 Upgrade owasp-java-html-sanitizer, address all fallout
Signed-off-by: Case Walker <case.b.walker@gmail.com>
2024-05-22 09:15:25 +02:00
Steven Hawkins
8151c93bc7
fix: removes the warning of ignored buildtime options, unless changed (#29425)
closes: #28654

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-16 17:02:13 +00:00
Alexander Schwartz
8deca303e2
Update instruction on how to enable persistent sessions (#29490)
Closes #29489

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-15 13:26:51 +02:00
Alexander Schwartz
6fbe207d64
Create documentation for persistent user sessions
Closes #29218

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-05-13 11:02:45 +02:00
Peter Zaoral
3ec51d1c4d
quarkus-next: Replace deprecated QUARKUS_PROFILE_PROP constant (#29439)
Closes: #29438

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-05-13 08:47:38 +02:00
Pedro Igor
a19c364428
Vault configuration category available to the export command (#29400)
Closes #29376

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-09 10:24:58 +02:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-08 17:18:39 +02:00