Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies ( #26558 )
...
Closes #26557
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:14:04 +01:00
Alexander Schwartz
43c200a8ce
Update migration guide
...
Closes #26490
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-05 14:41:44 +01:00
Martin Kanis
a3fcacdab7
Map Store Removal: deprecate model legacy module
...
Closes #26598
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-31 17:40:45 +01:00
Steven Hawkins
f55e903092
Convert watching to polling and adding infinispan config file support ( #26510 )
...
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-31 12:57:34 +00:00
Stian Thorgersen
bc3c27909e
Cookie Provider ( #26499 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Martin Kanis
7797f778d1
Map Store Removal: Rename legacy modules
...
Closes #24107
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Thomas Darimont
e7363905fa
Change password hashing defaults according to OWASP recommendations ( #16629 )
...
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 ):
- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly
Fixes #16629
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
Stian Thorgersen
fea49765f0
Remove Jetty 9.4 adapters ( #26261 )
...
Only removing the distribution of the Jetty adapter for now, and leaving the rest for now. This is due to the complexity of removing all Jetty adapter code due to Spring, OSGI, Fuse, testsuite, etc. and it will be better to leave the rest of the clean-up to after 24 when we are removing most adapters
Closes #26255
Signed-off-by: stianst <stianst@gmail.com>
2024-01-24 11:17:29 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes ( #26273 )
...
Closes #24105
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
rmartinc
2f0a0b6ad8
Remove deprecated mode for saml encryption
...
Closes #26291
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-18 16:52:10 +01:00
Lex Cao
a960d0d8fa
Add upgrading docs for changes to send-verify-email API
...
Closes #26146 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-18 09:48:01 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading ( #26160 )
...
Closes #25300
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
rmartinc
179ca3fa3a
Sanitize logs in JBossLoggingEventListenerProvider
...
Closes #25078
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 16:50:27 +01:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. ( #25709 )
...
Closes #22082
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
Sebastian Schuster
92d6da437b
Fixed tiny doc typo ( #26012 )
...
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-01-09 08:02:02 +01:00
Alexander Schwartz
badf3f461d
Making metrics with labels for embedded Infinispan the default
...
Closes #25935
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-08 21:29:03 +01:00
Jon Koops
ddcaa6dcbf
Add release announcement and migration for new welcome theme ( #25895 )
...
Closes #25894
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-08 13:10:51 +00:00
Steven Hawkins
7bde7c30cc
fix: do not split on space for option errors ( #25876 )
...
closes #25783
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-05 13:01:17 +01:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features ( #24811 )
...
also adding a common PropertyMapper validation method
closes #24668
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-01-03 17:56:31 +01:00
Pedro Igor
ceb085e7b8
Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
...
Closes #25704
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
Pedro Igor
778847a3ce
Updating theme templates to render user attributes based on the user profile configuration
...
Closes #25149
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
Steven Hawkins
e148021a67
fix: adding filtering to ignore anything runtime during a build ( #25434 )
...
fix: adding filtering to ignore anything runtime during a build
closes : #25166
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-12-18 12:50:47 +00:00
Marek Posolda
be935c2763
Incorrect version of the fix in release notes ( #25661 )
...
closes #25660
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-18 11:56:58 +01:00
Erwin Rooijakkers
860978b15a
Change arg of getSubGroups to briefRepresentation
...
Parameter name briefRepresentation should mean briefRepresentation,
not full. This way callers will by default get the full
representation, unless true is passed as value for
briefRepresentation.
Fixes #25096
Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers
option ( #25178 )
...
* Add new `--proxy-headers` option
Closes #23431
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* Address review comments vol. 03
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comments vol. 04
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6
Refactoring user profile interfaces and consolidating user representation for both admin and account context
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
Steven Hawkins
ba3451ff2e
doc: adding a note about removing the ( #25436 )
...
closes : #25307
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-08 17:47:33 +01:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore ( #24473 )
...
closes #24148
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
rmartinc
3bc028fe2d
Remove lowercase for the hostname as recommended/advised by OAuth spec
...
Closes https://github.com/keycloak/keycloak/issues/25001
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Steven Hawkins
dacee3a36b
doc: adding a note that quoting all of the arguments no longer works ( #25083 )
...
closes #25018
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-11-28 14:31:47 +01:00
Jon Koops
48fc29a5c6
Use exports
field for Keycloak JS ( #24974 )
...
Closes #24923
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-24 10:50:02 +01:00
Erik Jan de Wit
44a95c72f1
added namespace migration documentation ( #24497 )
...
fixes : #23061
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-11-20 14:11:38 +01:00
Alexander Schwartz
1b12fe132b
Update documentation for removal of the map store
...
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Closes #24092
2023-11-13 15:38:05 +01:00
vramik
71b6757c2f
Remove quarkus options related to map store
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24098
2023-11-13 12:34:52 +01:00
andymunro
bf17fcc0be
Fix broken links ( #24476 )
2023-11-13 09:17:34 +01:00
mposolda
4ec85707f4
Upgrading notes for user profile
...
closes #24491
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-06 02:19:26 -08:00
vramik
593c14cd26
Data too long for column 'DETAILS_JSON'
...
Closes #17258
2023-11-02 20:29:35 +01:00
Ivan Atanasov
7b0683879d
Updated documentations to mention Resteasy reactive migration
...
Closes #23444
2023-10-31 20:59:12 +01:00
rmartinc
7deb4ca545
Group count and PartialExport permission fixes
...
Closes https://github.com/keycloak/keycloak/issues/12171
2023-10-31 01:40:21 -07:00
Alice
69497382d8
Group scalability upgrades ( #22700 )
...
closes #22372
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration ( #24215 )
...
closes #24182
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-10-24 20:19:33 +02:00
Steven Hawkins
478ceb0b34
modification of kc.sh to remove param eval ( #22585 )
...
* test
* modification of kc.sh to remove eval of env/args
Closes #22337
---------
Co-authored-by: rmartinc <rmartinc@redhat.com>
2023-10-12 17:10:53 +02:00
Martin Bartoš
c9d93019c2
Remove deprecated auto-build CLI option ( #23361 )
...
Closes #23360
2023-09-27 18:56:38 +02:00
Steven Hawkins
7d1e9a783f
adds a default domain on openshift if one is not specified ( #23324 )
...
Closes #21741
2023-09-21 14:43:29 +02:00
Martin Bartoš
3a3df50f74
Improve documentation about manual database migration ( #23247 )
...
Closes #23246
2023-09-15 10:41:33 +02:00
Andreas Blaettlinger
86c0e338d9
Toggle visibility of password input fields in login-ftl-based pages
...
Closes #22067
2023-09-14 08:04:35 -03:00
mposolda
b10da3d3b5
Move email validation change docs to migration guide of 22.0.4
...
closes #23177
2023-09-13 08:39:30 +02:00
mposolda
36dd9cb937
Move email validation change docs to migration guide of 22.0.3
...
closes #23124
2023-09-11 21:03:34 +02:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address ( #23109 )
...
Closes #22825
2023-09-11 08:56:13 +02:00
rmartinc
7da52a43bd
Add old LinkedIn provider to the deprecated profile
...
Closes https://github.com/keycloak/keycloak/issues/23067
2023-09-08 10:05:17 +02:00
Martin Bartoš
6ca78b7554
Return Oracle JDBC driver to the upstream
...
Closes #22999
2023-09-06 19:11:29 +02:00
rmartinc
8887be7887
Add a new identity provider for LinkedIn based on OIDC
...
Closes https://github.com/keycloak/keycloak/issues/22383
2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f
Role mappers must return a single value when they are not multivalued
...
Closes #20218
2023-08-31 19:16:12 +02:00
Martin Bartoš
fcf65389ea
Remove Oracle Database JDBC driver from the Keycloak distribution ( #22577 )
...
* Remove Oracle Database JDBC driver from the Keycloak distribution
Closes #22452
* Remove profile for proprietary Oracle JDBC driver
---------
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-21 15:13:49 +00:00
rmartinc
05bac4ff0e
Remove option Nerver Expires for tokens in Advanced OIDC client configuration
...
Closes https://github.com/keycloak/keycloak/issues/21927
2023-08-03 12:16:08 +02:00
Alexander Schwartz
748c53df7f
Use Java mechanisms to read language files and default to UTF-8 ( #21755 )
...
Closes #21753
2023-08-01 11:27:10 +02:00
Vlasta Ramik
29b67fc8df
Inconsistent Wildcard handling for JPA ( #21671 )
...
* Inconsistent Wildcard handling for JPA
Closes #20610
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-07-27 17:03:22 +02:00
Takashi Norimatsu
2efd79f982
FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
...
Closes #20584
2023-07-24 09:11:30 +02:00
stianst
a2100d18d4
Enable 22 migration docs
...
Closes #21629
2023-07-12 13:27:40 +02:00
Stian Thorgersen
1e7fbd1312
Fix links in docs ( #21585 )
2023-07-11 11:04:46 +00:00
Martin Bartoš
ee205c8fbc
Enable IPv6 dualstack support by default ( #21340 )
...
Closes #15003
2023-07-03 13:35:33 +00:00
Steven Hawkins
88992dae19
widens status to be any type. ( #21281 )
...
this is to avoid olm complaining about an incompatible schema during
upgrade
Relates to #13074
2023-06-29 08:57:22 +02:00
Steven Hawkins
e9c9f80e8d
adds an instance label to support multiple instances ( #20906 )
...
Closes #10562 #14220
2023-06-28 18:05:23 +02:00
vramik
535bba5792
Update UserQueryProvider methods
...
Closes #20438
2023-06-12 16:04:26 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces
...
Fixes #20877
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-09 17:11:20 +00:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators ( #20731 )
...
closes #20497
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-08 14:52:34 +02:00
Václav Muzikář
0c2ac4f776
Remove mentions of temporary support for Java EE Admin Client ( #20807 )
2023-06-06 15:39:56 -03:00
Pedro Igor
53dfb44a8f
Migration guide for JAX-RS changes ( #20659 )
...
Closes #keycloak/keycloak#15454
2023-05-31 13:50:34 +00:00
vramik
a175efcb72
Split UserQueryProvider
into UserQueryMethods
and UserCountMethods
and make LdapStorageProvider
implement only UserQueryMethods
...
Co-authored-by: mhajas <mhajas@redhat.com>
Closed #20156
2023-05-31 11:47:54 +02:00
stianst
0832992e59
Removing OpenShift integration and moving to separate extension
...
closes #20496
Co-authored-by: mposolda <mposolda@gmail.com>
2023-05-30 17:39:32 +02:00
Pedro Igor
b41904bf04
Update release notes on adapter deprecation
2023-05-29 09:47:33 -03:00
vramik
fd6a6ec3ad
Make LDAP searchForUsersStream
consistent with other storages
...
Co-authored-by: mhajas <mhajas@redhat.com>
Closes #17294
2023-05-19 08:40:41 +02:00
danielFesenmeyer
d543ba5b56
Consistent message resolving regarding language fallbacks for all themes
...
- the prio of messages is now as follows for all themes (RL = realm localization, T = Theme i18n files): RL <variant> > T <variant> > RL <region> > T <region> > RL <language> > T <language> > RL en > T en
- centralize the message resolving logic in helper methods in LocaleUtil and use it for all themes, add unit tests in LocaleUtilTest
- add basic integration tests to check whether realm localization can be used in all supported contexts:
- Account UI V2: org.keycloak.testsuite.ui.account2.InternationalizationTest
- Login theme: LoginPageTest
- Email theme: EmailTest
- deprecate the param useRealmDefaultLocaleFallback=true of endpoint /admin/realms/{realm}/localization/{locale}, because it does not resolve fallbacks as expected and is no longer used in admin-ui v2
- fix locale selection in DefaultLocaleSelectorProvider that a supported region (like "de-CH") will no longer selected instead of a supported language (like "de"), when just the language is requested, add corresponding unit tests
- improvements regarding message resolving in Admin UI V2:
- add cypress test i18n_test.spec.ts, which checks the fallback implementation
- log a warning instead of an error, when messages for some languages/namespaces cannot be loaded (the page will probably work with fallbacks in that case)
Closes #15845
2023-05-17 15:00:32 +02:00
Alexander Schwartz
8cfe8b1411
Update the docs on passthrough proxy ( #20072 )
...
Closes #20070
2023-05-15 15:44:47 +00:00
Martin Bartoš
b64260bce5
Jakarta EE and Quarkus 3 upgrade documentation ( #20131 )
...
Closes #16251
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-05-15 17:20:04 +02:00
Martin Bartoš
39d24bd04d
Migration guide for Keycloak admin client ( #20091 )
2023-05-10 09:22:33 +02:00
Alexander Schwartz
4f8d67c9fc
All commands now auto-reaugment except show-config
...
Closes #15782
Closes #15898
Closes #17498
2023-04-21 15:06:51 +02:00
Stian Thorgersen
feb20de2ef
Update release notes for 21.1 ( #19718 )
...
* Update release notes for 21.1
* Update docs/documentation/release_notes/topics/21_1_0.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
* Update docs/documentation/upgrading/topics/keycloak/changes-21_1_0.adoc
Co-authored-by: Jon Koops <jonkoops@gmail.com>
* Update docs/documentation/release_notes/topics/21_1_0.adoc
Co-authored-by: Jon Koops <jonkoops@gmail.com>
* Update docs/documentation/upgrading/topics/keycloak/changes-21_1_0.adoc
Co-authored-by: Jon Koops <jonkoops@gmail.com>
---------
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-04-14 16:04:44 +02:00
mposolda
c6f13363b9
Add nashorn javascript engine to Keycloak server
...
closes #17671
2023-04-04 14:56:46 +02:00
Jon Koops
bdc019b02c
Fully deprecate function-style constructor for Keycloak JS ( #19438 )
2023-04-03 14:45:55 +02:00
Jon Koops
8f627517cb
Remove legacy Promise APIs from Keycloak JS ( #19389 )
2023-03-29 16:29:27 +00:00
Michal Hajas
e49dfe534e
Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store
...
Closes #17277
2023-03-29 16:43:01 +02:00
Konstantinos Georgilakis
fd28cd2d4b
Service Accounts Client must create the Client ID mapper with Token Claim Name as client_id
...
closes #16329
2023-03-23 11:45:34 +01:00
Alexander Schwartz
4dcb819c06
Moving docs to new folder
...
CIAM-5056
2023-03-20 09:07:58 +01:00