libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
15227 commits 4 branches 5 tags 480 MiB
Commit graph

15227 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alex Szczuczko
610e3044ad Minimize the RPM content of the Quarkus container 
Even though we use `ubi8-minimal` as the parent of our container, it
still has many RPMs installed that aren't necessary to run the Keycloak
server. Also, since the JDK RPM (that we install on top of
`ubi8-minimal`) is designed for general use, it pulls in more dependency
RPMs than it strictly needs to, like cups and avahi. Keycloak will never
need to access a printer itself!

Trimming down these excess RPMs will improve our CVE statistics with
automated scanners, and therefore let us perform fewer CVE rebuilds.

`ubi8-null.sh` uses the low-level `rpm` command to identify and forcibly
remove dependencies and operating system files that are not required to
boot our Quarkus-based server. This includes `microdnf` and `rpm`
itself! I have preserved bash however, so it's still possible to debug
the container from a shell.

I've created an initial set of allow/disallow lists, that seems to pass
a smoke test (server boots, admin console works). This leaves 37
packages installed, with 96 removed relative to `ubi8-minimal`. We could
go more minimal than this, or less minimal if required. Trial and error
is required.

Closes #16902
 2023-02-09 11:20:09 +01:00
Stian Thorgersen
6e1a58adc6
Move getting started and migration guides to main repo (#16675) 
* Move getting started and migration guides to main repo

Closes #16575

* Fix copy images

* Remove images for Vue getting started that remains on website for now
 2023-02-09 10:29:41 +01:00
Pedro Igor
017ddc670b Removing references to old admin console test artifacts 2023-02-08 17:22:45 -03:00
Michael Edgar
9896efd288 Operator: use TLS Edge termination when back-end protocol is HTTP 
Fixes #16807

Signed-off-by: Michael Edgar <michael@xlate.io>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2023-02-08 16:07:43 +01:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest (#16914) 
Closes #16896
 2023-02-08 14:49:49 +00:00
Alexander Schwartz
9ecd589690
Update docs to enable downstream processing (#16595) 
Relates to: #16475
 2023-02-08 15:33:43 +01:00
Dmitry Telegin
5f39aeb590 Pre-authorization hook for client policies 
Closes #9017
 2023-02-08 15:06:32 +01:00
vramik
fc9e9e6fda Add support for file store configuration into Quarkus 
Closes #16821
 2023-02-08 14:49:53 +01:00
Stian Thorgersen
ce80c2b4f4
Remove common resources no longer needed after old admin console is removed (#16908) 
Closes #16863
 2023-02-08 11:56:55 +01:00
Stian Thorgersen
17083d1c0a
Remove translations for old admin console (#16905) 
Closes #15247
 2023-02-08 10:58:34 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction 
Closes #13280
 2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme (#16864) 
Closes #16862
 2023-02-08 09:22:39 +01:00
Pedro Igor
75824920aa Update proxy guide with information about session stickness 
Closes #16892
 2023-02-07 16:42:38 -03:00
Đặng Minh Dũng
d91eeac612 feat: support multi hd in GoogleIdentityProvider 
Signed-off-by: Đặng Minh Dũng <dungdm93@live.com>
 2023-02-07 11:32:35 -03:00
Hynek Mlnařík
f71ab092de
File store basis 
Fixes: #16676

---

* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite

---------

Co-authored-by: vramik <vramik@redhat.com>
 2023-02-07 14:59:23 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861) 
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
 2023-02-07 12:59:35 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens 
Closes #8833
 2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92 Revise blacklist password policy provider #8982 
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-02-07 10:36:39 +01:00
Martin Kanis
5ba004b447 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage 2023-02-07 10:01:32 +01:00
Stian Thorgersen
fc075a3d35
Remove old admin console tests (#16859) 
Closes #16858
 2023-02-07 08:51:36 +01:00
Bruno Oliveira da Silva
963b7fbc9d CVE-2022-45047 - Deserialization of Untrusted Data vulnerability in org.apache.sshd:sshd-common 
Resolves #16779
 2023-02-06 16:07:37 -03:00
dependabot[bot]
d32cc7c3f9 Bump github/codeql-action from 2.1.39 to 2.2.1 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2.1.39...v2.2.1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 16:04:13 -03:00
Alexander Schwartz
48aae83891 Close prepared statement used to set the lock timeout 
Closes #16801
 2023-02-06 17:30:58 +01:00
dependabot[bot]
71d292ff70
Bump @types/node from 18.11.18 to 18.11.19 in /js (#16867) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 18.11.18 to 18.11.19.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-06 15:44:10 +00:00
Denis Bernard
5db64133b8 Add Attribute to Group Mapper for SAML IDP 
Cleansing code as PR Comment

Add test for Advanced Attribute to Group Mapper

Closes #12950
 2023-02-06 10:58:48 -03:00
Pedro Igor
1a1ee78dbd Removing tests from base group broker mapper test classes 2023-02-06 10:58:48 -03:00
dependabot[bot]
9b01bf382d Bump aquasecurity/trivy-action from 0.8.0 to 0.9.0 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](9ab158e859...cff3e9a7f6)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-03 16:32:16 -03:00
Bruno Oliveira da Silva
12cefb9950 Update to Quarkus 2.13.7.Final 
Resolves #16755

Co-authored-by: Robert Nemeti <r.nemeti@syseleven.de>
 2023-02-03 15:03:11 -03:00
mposolda
d495f29a4d Support to run BCFIPS approved mode tests on GH actions 
Closes #16440
 2023-02-03 16:30:58 +01:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798) 
Closes #16797
 2023-02-03 15:31:25 +01:00
rmartinc
f8f112d8d2
Upgrade twitter4j (#16828) 
Closes https://github.com/keycloak/keycloak/issues/16731
 2023-02-03 15:28:37 +01:00
mposolda
0e374c7a45 Any tests using PhantomJS failing in some linux environments 
closes #16818
 2023-02-03 15:19:57 +01:00
Stian Thorgersen
5407228375
Update js-ci.yml (#16830) 2023-02-03 12:47:04 +01:00
dependabot[bot]
175624103b
Bump @typescript-eslint/eslint-plugin from 5.49.0 to 5.50.0 in /js (#16824) 
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.49.0 to 5.50.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.50.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-03 12:05:16 +01:00
dependabot[bot]
49bd873dc7
Bump wireit from 0.9.3 to 0.9.4 in /js (#16823) 
Bumps [wireit](https://github.com/google/wireit) from 0.9.3 to 0.9.4.
- [Release notes](https://github.com/google/wireit/releases)
- [Changelog](https://github.com/google/wireit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/wireit/compare/v0.9.3...v0.9.4)

---
updated-dependencies:
- dependency-name: wireit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-03 12:04:49 +01:00
dependabot[bot]
6de4ebeaa9
Bump @typescript-eslint/parser from 5.49.0 to 5.50.0 in /js (#16825) 
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.49.0 to 5.50.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.50.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-03 11:50:07 +01:00
dependabot[bot]
7819a289bd
Bump typescript from 4.9.4 to 4.9.5 in /js (#16826) 
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.4 to 4.9.5.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.4...v4.9.5)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-03 11:49:41 +01:00
Jon Koops
8cb202eb29
Add JavaScript admin client to repository (#16697) 
* Add JavaScript admin client to repository

* Apply review feedback

Co-authored-by: Stian Thorgersen <stian@redhat.com>

---------

Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-02-03 10:45:11 +00:00
Stian Thorgersen
0fa209c29a
WelcomeScreenTest#resourcesTest (#16761) 
* Fix WelcomeScreenTest#resourcesTest

Closes #16669

* Add one more retry
 2023-02-03 09:41:48 +01:00
Pedro Igor
263e86e434 Support paths without a beginning slash when setting the root path 
Closes #16002
 2023-02-02 17:41:22 +01:00
Marek Posolda
51bed81814
Fixes for OOB endpoint and KeycloakSanitizer (#16773) 
(cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)
 2023-02-02 08:34:50 +01:00
Bruno Oliveira da Silva
c585051164 Remove duplicate references on the main pom.xml for SnakeYAML 
Resolves #16784
 2023-02-02 08:20:33 +01:00
Pedro Igor
e3c41ec3a0 Ignoring test methods from parent classes 
Closes #15687
 2023-02-01 14:58:03 -08:00
Bruno Oliveira da Silva
52f9b0df59 Snyk Workflow failing due to the usage of the same category on multiple sections 
Resolves #16705
 2023-02-01 19:11:08 -03:00
Pedro Igor
b5fb528508 Do not enable caching metrics by default and provide a guide 
Closes #16751
 2023-02-01 18:55:43 +01:00
Stian Thorgersen
d9025231f9
HTML Injection in Keycloak Admin REST API (#16765) 
Resolves #GHSA-m4fv-gm5m-4725

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-02-01 14:34:15 +01:00
Bruno Oliveira da Silva
e3ccba3903 CVE-2022-41854/CVE-2022-38752 Snakeyaml vulnerable to Stack overflow leading to denial of service 
Resolves #16062
 2023-02-01 13:45:50 +01:00
Stian Thorgersen
ae189c5a34
Fix pom.xml conditions for workflows (#16758) 2023-02-01 08:57:41 +01:00
Stian Thorgersen
d81794123b
Add pom.xml files to conditional workflows (#120) (#16757) 2023-02-01 07:59:47 +01:00
Martin Kanis
a912558d29 Add MapKeycloakTransaction.exists methods 2023-01-31 17:21:40 +01:00