Commit graph

24017 commits

Author SHA1 Message Date
Michal Hajas
28ca30efc6
Add documentation for SAML SP metadata changes in KC 21 (#1760) 2023-02-10 12:07:17 +01:00
laskasn
dc8b759c3d Use encryption keys rather than sig for crypto in SAML
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
2023-02-10 12:06:49 +01:00
rmartinc
5b626231d9 Doublecheck if real FIPS host available in GH actions
Closes https://github.com/keycloak/keycloak/issues/15069
2023-02-10 11:56:35 +01:00
Erik Jan de Wit
be95626cdd
Upgrade to Cypress 12 (#4356) 2023-02-10 11:10:35 +01:00
Jon Koops
ddc0b3ebaf
Fix 'Home URL' link in clients overview (#4363) 2023-02-10 07:31:00 +01:00
Pedro Igor
22e256149c Make it possible to run the embedded distribution in FIPS mode
Closes keycloak#16962
2023-02-09 16:14:01 -03:00
dependabot[bot]
c6e6bceb10
Bump reactflow from 11.5.1 to 11.5.5 (#4330)
Bumps [reactflow](https://github.com/wbkd/react-flow/tree/HEAD/packages/reactflow) from 11.5.1 to 11.5.5.
- [Release notes](https://github.com/wbkd/react-flow/releases)
- [Changelog](https://github.com/wbkd/react-flow/blob/main/packages/reactflow/CHANGELOG.md)
- [Commits](https://github.com/wbkd/react-flow/commits/reactflow@11.5.5/packages/reactflow)

---
updated-dependencies:
- dependency-name: reactflow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-09 17:11:56 +00:00
Erik Jan de Wit
6cc3967eff
Move more nested components outside (#4309) 2023-02-09 17:31:16 +01:00
Jon Koops
7dd902f195
Memoize possibly expensive operations in realm selector (#4360) 2023-02-09 17:30:24 +01:00
Jon Koops
06cd73286f
Immediately close realm selector when navigation starts (#4359) 2023-02-09 12:53:39 +00:00
Stan Silvert
782a145e14
Add admin/client as an area selection when creating a new bug. (#16919)
* Add admin/client as an area selection when creating a new bug.

* Add admin/client/node and admin/client/java
2023-02-09 13:46:32 +01:00
Jon Koops
283cbee2da
Fix realms fetching in RealmsContext (#4357) 2023-02-09 13:01:19 +01:00
Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite (#16970)
Closes #16969
2023-02-09 12:21:33 +01:00
Stefan Guilhen
1da6244ec0 Add retry logic to LoginActionsService#authenticate
In addition to that, avoid adding cookies on each retry.

Closes #15849

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-02-09 11:56:15 +01:00
Alex Szczuczko
610e3044ad Minimize the RPM content of the Quarkus container
Even though we use `ubi8-minimal` as the parent of our container, it
still has many RPMs installed that aren't necessary to run the Keycloak
server. Also, since the JDK RPM (that we install on top of
`ubi8-minimal`) is designed for general use, it pulls in more dependency
RPMs than it strictly needs to, like cups and avahi. Keycloak will never
need to access a printer itself!

Trimming down these excess RPMs will improve our CVE statistics with
automated scanners, and therefore let us perform fewer CVE rebuilds.

`ubi8-null.sh` uses the low-level `rpm` command to identify and forcibly
remove dependencies and operating system files that are not required to
boot our Quarkus-based server. This includes `microdnf` and `rpm`
itself! I have preserved bash however, so it's still possible to debug
the container from a shell.

I've created an initial set of allow/disallow lists, that seems to pass
a smoke test (server boots, admin console works). This leaves 37
packages installed, with 96 removed relative to `ubi8-minimal`. We could
go more minimal than this, or less minimal if required. Trial and error
is required.

Closes #16902
2023-02-09 11:20:09 +01:00
Stian Thorgersen
6e1a58adc6
Move getting started and migration guides to main repo (#16675)
* Move getting started and migration guides to main repo

Closes #16575

* Fix copy images

* Remove images for Vue getting started that remains on website for now
2023-02-09 10:29:41 +01:00
Jon Koops
97675177bc
Use a seperate context to keep track of recent realms (#4355) 2023-02-09 09:05:38 +01:00
Pedro Igor
017ddc670b Removing references to old admin console test artifacts 2023-02-08 17:22:45 -03:00
Michael Edgar
9896efd288 Operator: use TLS Edge termination when back-end protocol is HTTP
Fixes #16807

Signed-off-by: Michael Edgar <michael@xlate.io>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2023-02-08 16:07:43 +01:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest (#16914)
Closes #16896
2023-02-08 14:49:49 +00:00
Stian Thorgersen
eb2f9e9921
Remove RH-SSO documentation artifacts (#1768)
* Remove RH-SSO documentation artifacts

* Fixes

* Fix
2023-02-08 15:43:23 +01:00
Alexander Schwartz
9ecd589690
Update docs to enable downstream processing (#16595)
Relates to: #16475
2023-02-08 15:33:43 +01:00
Dmitry Telegin
5f39aeb590 Pre-authorization hook for client policies
Closes #9017
2023-02-08 15:06:32 +01:00
vramik
fc9e9e6fda Add support for file store configuration into Quarkus
Closes #16821
2023-02-08 14:49:53 +01:00
Erik Jan de Wit
0697c7dd5e
Added paging slice to filtered table (#4349) 2023-02-08 13:09:41 +01:00
Jon Koops
abc7306097
Introduce useStoredState() hook (#4351) 2023-02-08 13:08:46 +01:00
Stian Thorgersen
ce80c2b4f4
Remove common resources no longer needed after old admin console is removed (#16908)
Closes #16863
2023-02-08 11:56:55 +01:00
Stian Thorgersen
4a9ee5cb71
Add removal of old admin console to release notes (#1767)
Closes #1766
2023-02-08 11:56:40 +01:00
Stian Thorgersen
17083d1c0a
Remove translations for old admin console (#16905)
Closes #15247
2023-02-08 10:58:34 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction
Closes #13280
2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme (#16864)
Closes #16862
2023-02-08 09:22:39 +01:00
Pedro Igor
75824920aa Update proxy guide with information about session stickness
Closes #16892
2023-02-07 16:42:38 -03:00
Đặng Minh Dũng
d91eeac612 feat: support multi hd in GoogleIdentityProvider
Signed-off-by: Đặng Minh Dũng <dungdm93@live.com>
2023-02-07 11:32:35 -03:00
Jon Koops
6cb730c613
Clean up realm selector code (#4346) 2023-02-07 15:21:58 +01:00
Hynek Mlnařík
f71ab092de
File store basis
Fixes: #16676

---

* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite

---------

Co-authored-by: vramik <vramik@redhat.com>
2023-02-07 14:59:23 +01:00
Erik Jan de Wit
e77b53dacd
Made dialog more wide when searching (#4290) 2023-02-07 14:05:27 +01:00
Jon Koops
2374c6963d
Fix broken imports by importing from ui-shared (#4345) 2023-02-07 12:05:31 +00:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861)
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
2023-02-07 12:59:35 +01:00
Erik Jan de Wit
df03f6845c
Added help text on role mapping (#4340) 2023-02-07 12:31:20 +01:00
Erik Jan de Wit
df49a82033
Removed empty panel (#4339) 2023-02-07 12:31:04 +01:00
Stan Silvert
fb3d5e4561
Don't show Groups tab if user does not have query-groups role. (#4322) 2023-02-07 12:30:46 +01:00
Erik Jan de Wit
1a7d229fd0
Changed cert to text-area (#4338) 2023-02-07 12:30:31 +01:00
Erik Jan de Wit
038122ca12
Added the signing-in page (#4255) 2023-02-07 12:29:52 +01:00
Erik Jan de Wit
a83300e514
Moved common controls to ui shared (#4274) 2023-02-07 12:29:30 +01:00
Jon Koops
16c866524a
Add Cypress tests for CIBA policy (#4318) 2023-02-07 12:00:34 +01:00
Pedro Igor
7b58783255 Allow mapping claims to user attributes when exchanging tokens
Closes #8833
2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92 Revise blacklist password policy provider #8982
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-02-07 10:36:39 +01:00
Martin Kanis
5ba004b447 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage 2023-02-07 10:01:32 +01:00
Stian Thorgersen
fc075a3d35
Remove old admin console tests (#16859)
Closes #16858
2023-02-07 08:51:36 +01:00
Bruno Oliveira da Silva
963b7fbc9d CVE-2022-45047 - Deserialization of Untrusted Data vulnerability in org.apache.sshd:sshd-common
Resolves #16779
2023-02-06 16:07:37 -03:00