Commit graph

15311 commits

Author SHA1 Message Date
Bruno Oliveira da Silva
f06ba05405
The CodeQL analysis is broken due to the large content of the SARIF file (#10606)
The issue was originally caused by high number of flows paths per alert
generated by the LDAP federation module. That was identified taking the
SARIF file generated and running:

```
jq '.runs[0].results | map({query_id: .rule.id, numPaths: .codeFlows |
length})' java.sarif

```

Together we reduced the number of flows paths, adding optimizations to
skip some paths and avoid false alerts.

Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>

Closes #10203

Co-authored-by: Joshua Mulliken <joshua@mulliken.net>
2022-03-11 13:55:17 +01:00
Stian Thorgersen
30d2dcb7b3
Updates readme to new Quarkus container images (#10706)
Closes #10564
2022-03-11 11:09:24 +01:00
Dominik Guhr
fb41c52675
Update to Quarkus 2.7.4 (#10687)
includes ispn 13.0.6

Closes #10685
2022-03-11 09:25:34 +01:00
Bruno Oliveira da Silva
68c7032f1e
Mismatch between RESTEasy dependency on Operator and Quarkus distribution Closes #10702 (#10703) 2022-03-11 09:24:54 +01:00
mposolda
9e12587181 Protocol mapper and client scope for 'acr' claim
Closes #10161
2022-03-11 09:23:25 +01:00
Martin Bartoš
8ee7ae24de Make WebAuthn feature default for the product version
Closes #10695
2022-03-10 19:00:54 +01:00
Dominik Guhr
5233f2a729 Remove wrong message from build command help
Closes #10664
2022-03-10 13:36:48 -03:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730)
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
2022-03-10 15:49:25 +01:00
Martin Bartoš
8a0f1ccb34 Properly execute AuthenticationFlowCallbackProviderTest with Map storage
Closes #10268, Closes #10225
2022-03-10 15:00:23 +01:00
rmartinc
a7c8aa1dd3
[#10616] Incorrect username logged for federated accounts (#10662)
Closes #10616
2022-03-10 13:21:39 +01:00
Marcelo Daniel Silva Sales
0c25da542c
Update secret rotation when the policy is disabled (#10674)
Closes #10667
2022-03-10 13:03:09 +01:00
Martin Kanis
1a4d7c297a
Change authentication sessions map to set (#10596) 2022-03-10 08:45:24 +01:00
andreaTP
6504c058dd Harden operator CI 2022-03-09 10:30:18 -03:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname
It's always a converter, unless electricity is involved.

Closes #10573
2022-03-09 08:28:52 -03:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation (#10603)
Closes #10602
2022-03-09 00:05:14 +01:00
andreaTP
fd2cd688b8 TLS config in the operator 2022-03-08 15:21:11 -03:00
Dominik Guhr
1710b38cf8 Update to quarkus 2.7.3
Full changelog on quarkus side: https://github.com/quarkusio/quarkus/releases/tag/2.7.3.Final | startup performance: no degradation | manual smoke tests: passed

Closes #10641
2022-03-08 13:45:25 -03:00
Pedro Igor
c11a6e3ef0 Allow using an additional persistence unit and datasource
Closes #10579
2022-03-08 12:09:49 -03:00
mposolda
d394e51674 Introduce profile 'feature' for step-up authentication enabled by default
Closes #10315
2022-03-08 14:42:46 +01:00
rmartinc
48565832d4 [#10608] Password blacklists folder 2022-03-08 08:22:34 -03:00
Dominik Guhr
8454dc5a5d Support for console-JSON and FILE logging
See logging.adoc for details on the usage

Closes #10523, #10607 and #10415
2022-03-08 08:19:03 -03:00
Alexander Schwartz
3c3f003a38 LDAP Map storage support to support read/write for roles
Closes #9929
2022-03-08 12:03:10 +01:00
mposolda
93bba8e338 Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that.
Closes #10205
2022-03-08 10:41:05 +01:00
Martin Bartoš
2bae2d2167 DeleteAccountTest failure in the test pipeline
Closes #10630
2022-03-08 08:33:31 +01:00
Martin Bartoš
02d0fe82bc Auth execution 'Condition - User Attribute' missing
Closes #9895
2022-03-08 08:24:48 +01:00
Michal Hajas
f77ce315bb Disable Authz caching for new storage tests
Closes #10500
2022-03-07 10:22:55 -03:00
Joaquim Fellmann
f569db2e42 Update kubernetes cache-stack documentation
Closes #10341
2022-03-07 07:32:18 -03:00
Alexander Schwartz
e1318d52d7 Add section on how to add the initial admin user
Closes #10531

Co-authored-by: Dominik Guhr <89905860+DGuhr@users.noreply.github.com>
2022-03-04 13:25:09 -03:00
Michael Parlee
722ce950bf Improve user search performance
Removes bulder.lower() from user search queries on email and username.

Closes #8893
2022-03-04 14:15:14 +01:00
Takashi Norimatsu
201277b897 Handle OIDC authz request with "response_type" missing and "response_mode=form_post"
Closes #10144
2022-03-04 13:31:40 +01:00
Martin Kanis
6c64d465ea Convert authentication session entities into interface 2022-03-04 10:50:18 +01:00
Alexander Schwartz
ebfc24d6c1 Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure.
Adding additional information like a thread dump when it doesn't shutdown as expected.

Closes #10016
2022-03-04 10:47:01 +01:00
Alexander Schwartz
74581b5c10 Workaround for deadlock when shutting down Infinispan in 12.1.7.Final.
This is tracked in upstream issue https://issues.redhat.com/browse/ISPN-13664

Closes #10016
2022-03-04 10:47:01 +01:00
Jonathan Vila
c4b978b6c8 Operator Clustering support
Co-authored-by: Jonathan Vila <jvilalop@redhat.com>
Co-authored-by: Andrea Peruffo <andrea.peruffo1982@gmail.com>
2022-03-03 16:22:01 -03:00
Takashi Norimatsu
92f6c75328 Nonce parameter should be required in authorizationEndpoint only when "id_token" is included in response_type
Closes #10143
2022-03-03 13:26:39 +01:00
Alfredo Boullosa
6801688dd4 Allow Edge tests in Admin Console
Closes #10539
2022-03-03 07:14:01 +01:00
wojnarfilip
700ceb77ec Removal of invalid(depricated) SpringBootTest
Closes #10218
2022-03-02 09:04:47 +01:00
Jon Koops
beaf8d0348
Remove Node modules from source control (#9963) 2022-03-02 08:49:17 +01:00
Andrea Peruffo
f20cdd6d2a
Add Pod-Template to the Keycloak Deployment Spec (#10098) 2022-03-02 08:13:57 +01:00
Jeff Tian
e2f8e9a4c8 docs: fix typo: if -> is 2022-03-02 07:24:00 +01:00
giacomo.altiero
91d37b5686 Single offlineSession imported in Infinispan with correctly calculated lifespan and maxIdle parameters
Close #8776
2022-03-01 14:51:29 +01:00
Daniel Gozalo
76101e3591 [fixes #9225] - Get scopeIds from the AuthorizationRequestContext instead of session if DYNAMIC_SCOPES are enabled
Add a test to make sure ProtocolMappers run with Dynamic Scopes

Change the way we create the DefaultClientSessionContext with respect to OAuth2 scopes, and standardize the way we obtain them from the parameter
2022-03-01 13:47:58 +01:00
andreaTP
8e6489459d Fix operator CI 2022-02-28 13:06:41 +01:00
Martin Bartoš
e2514ea2e6 Test WebAuthn with multiple browsers
Closes #10062
2022-02-28 09:10:39 +01:00
stianst
5ef8265b75 Remove Tomcat 7 adapter
Closes #9428
2022-02-28 07:50:36 +01:00
lars-christian stitz
74695c0242 Add @JsonProperty annotation to PathCacheConfig.lifespan.
Closes #9756.
2022-02-25 16:37:22 -03:00
Luc Berger
c93fee0c68
Update sha256 import to be default import (#10468)
This should fix the "Failed to compile. ./node_modules/keycloak-js/dist/keycloak.mjs
Can't import the named export 'sha256' from non EcmaScript module (only default export is available)" error.

Closes #10314
2022-02-25 12:51:34 -05:00
Jonas Fors Lellky
0353f9d7ae Adds Swedish translation key for loginAccountTitle 2022-02-25 11:20:15 +01:00
AndyMunro
ced716c07e Minor changes based on feedback from Dominik
Closes #10075
2022-02-25 09:30:01 +01:00
AndyMunro
7b1180856b Removing double spaces
Closes #10309
2022-02-25 08:54:20 +01:00