Commit graph

14476 commits

Author SHA1 Message Date
Yoshikazu Nojima
e495a3d403
Add Apache Kerby to Quarkus runtime dependencies (#10994)
Apache Kerby is used by WebAuthn attestation verification
Without this library the assertion verification fails in Quarkus
distribution

Closes #10779
2022-04-19 14:04:22 +02:00
Dominik Guhr
6ef80239cf change approvals to reflect typofix
Closes #11344
2022-04-19 07:34:15 -03:00
Pedro Igor
9eca6b4e75
Add environment variable expansion to keycloak.conf (#11285)
Closes #11283

Co-authored-by: Dominik Guhr <dguhr@redhat.com>

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-04-19 09:11:29 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance (#11220)
Closes #11148
2022-04-19 09:10:14 +02:00
Pedro Igor
52d205ca91
Allow exposing some initial provider config options via web site (#10572)
* Allow exposing some initial provider config options via web site

Co-authored-by: Stian Thorgersen <stian@redhat.com>

Closes #10571

* Include type to provider options, and hide build-icon column as it's not relevant

Co-authored-by: stianst <stianst@gmail.com>
2022-04-19 08:01:42 +02:00
Bruno Oliveira da Silva
f9d4566723 Replace the cryptographic algorithm by SHA-2
The static code scanning analysis detected the usage of MD5 as part of [
MapDeploymentStateProviderFactory](a6dd9dc0f1/model/map/src/main/java/org/keycloak/models/map/deploymentState/MapDeploymentStateProviderFactory.java (L58-L58)).

Even though we could not find any ways of exploiting the code, we should
avoid its usage considering that MD5 is not collision-resistant.

Resolves #11290
2022-04-18 07:10:04 -03:00
McLaynV
91c191024e
Fix a typo in a description String (#11260)
Resolves #11344
2022-04-18 07:09:24 -03:00
Martin Kanis
a2d7cd7a5c Hot Rod map storage: User / client session no-downtime store 2022-04-14 15:34:22 +02:00
Makariy
3b4d87ddcd
Mistyping correction (#11242)
Resolves #11288

Co-authored-by: m.balashov <m.balashov@crpt.ru>
2022-04-14 09:58:54 -03:00
Pedro Igor
6bf9080d8d Remove deployment module dependency from server module
Closes #11257
2022-04-14 07:25:00 -03:00
dependabot[bot]
cb4cd279ab
Bump aquasecurity/trivy-action to 0.2.3 (#11274)
Resolves #11308

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-14 05:55:56 -03:00
dependabot[bot]
df1c3b1a8d
Bump actions/setup-java from 2 to 3 (#11275)
Resolves #11307

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-14 05:52:59 -03:00
dependabot[bot]
db229ee55e
Bump github/codeql-action from 2.1.7 to 2.1.8 (#11273)
Resolves #11306

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-14 05:49:32 -03:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint (#9842)
Resolves #10896
2022-04-13 13:57:22 -03:00
Bruno Oliveira da Silva
1661a4ecc7 Suppress Snyk warnings about WildFly Elytron
Resolves #11277
2022-04-13 11:18:03 -03:00
Stan Silvert
ed79c2a861
Revert "Include Admin UI as a regular dependency (#11156)" (#11280)
This reverts commit 31c272d73f.
2022-04-13 09:19:49 -04:00
Jon Koops
31c272d73f
Include Admin UI as a regular dependency (#11156) 2022-04-13 09:18:56 -04:00
Dominik Guhr
7811f3721a Add db-url-port option
to set the port when not using a full db-url

closes #11251
2022-04-13 08:31:25 -03:00
Pedro Igor
7058a123b1 Avoid initializing the OWASP HTML Sanitizer at startup
Closes #11261
2022-04-13 08:21:53 -03:00
Dominik Guhr
52150cacfc adjust rp docs to clarify exposing js path
Closes #11041
2022-04-13 08:08:48 -03:00
Jon Koops
034748ed0a Add Dependabot config to keep Github Actions up-to-date 2022-04-13 08:07:49 -03:00
bamanuel
7652bbfcd1 Fix unmatched braces in error log formatter
Closes #11252
2022-04-13 08:03:29 -03:00
Bruno Oliveira da Silva
fc1eb02ed5 Update WildFly Elytron on the legacy distribution (CVE-2021-3642)
This change is a follow up of #11196

Resolves #11249
2022-04-12 17:02:08 -03:00
Bruno Oliveira da Silva
82fbe6c0d5 Update jackson-databind dependency in the main POM file to fix CVE-2020-36518
Resolves #11188
2022-04-12 11:23:30 -03:00
Václav Muzikář
66b1c2b167 Change the CRD API group in the operator 2022-04-12 09:38:40 -03:00
R0Wi
cb4a513e24 Fail authenticate if credentialInput is not of type UserCredentialModel
Code fix inside LDAPStorageProvider.java:
return failed result if credential input object is not of expected type

Closes #11191
2022-04-12 14:38:17 +02:00
Alexander Schwartz
5c1a8d401d Store time as seconds as a long in map store
This avoids overflowing the value in 2038.

Closes #10960
2022-04-12 14:22:44 +02:00
Andrea Peruffo
4def2d83e0
Bump Jackson and Kubernetes-client (#11241)
Resolves: #11245
2022-04-12 09:15:42 -03:00
Giacomo Altiero
3b7243cd47
Support for UserInfo response encrypted (#10519)
Close #10517
2022-04-12 14:01:14 +02:00
Alexander Schwartz
a6dd9dc0f1 Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests.
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.

Closes #11211
2022-04-12 09:12:21 +02:00
Bruno Oliveira da Silva
bde2744650 Ignore license compliance warnings
Resolves #11225
2022-04-11 19:12:17 -03:00
Václav Muzikář
20d037a4ad Revert Operator CI 2022-04-11 12:33:22 -03:00
Michal Hajas
6e181a51d5 Add test-jar dependency only if maven.test.skip property is false
Closes #11192
2022-04-11 10:37:18 -03:00
Bruno Oliveira da Silva
bb025f1378 Update wildfly-elytron dependency in the main Quarkus distribution (CVE-2021-3642)
Resolves #11196
2022-04-11 09:47:39 -03:00
Alexander Schwartz
5c810ad0e5 Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST"
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".

Also implementing a retry logic for all remaining errors regarding LDAP.

Closes #11171
2022-04-11 10:03:15 +02:00
Bruno Oliveira da Silva
0ff92df01f Suppress Snyk false positives
Resolves #11203
2022-04-09 09:17:30 -03:00
Benjamin Macher
f84f5fd86e
Add README for Keycloak JS to the NPM package (#10085) 2022-04-08 12:43:37 -04:00
mposolda
fb81242658 Script Mapper Performance Issues
Closes #11005
2022-04-08 09:47:43 -03:00
Pedro Igor
834a276767 NPE when caching policies based on scopes without a resource
Closes #11180
2022-04-08 08:43:08 -03:00
Andrea Peruffo
a521bcfe92
Advanced Keycloak CR configuration (#11065)
* Advanced Keycloak CR configuration

* Update docs/guides/src/main/operator/advanced-configuration.adoc

Co-authored-by: Dominik Guhr <89905860+DGuhr@users.noreply.github.com>

Co-authored-by: Dominik Guhr <89905860+DGuhr@users.noreply.github.com>
2022-04-08 11:57:22 +02:00
Andrea Peruffo
854b75e132
Add how to install extensions to the container docs (#11025) 2022-04-08 11:56:47 +02:00
Andrea Peruffo
57f2b744a0
Add RealmImport CR docs (#11037) 2022-04-08 11:56:03 +02:00
Andrea Peruffo
3bfc6721b3
Add JsonPropertyDescription on all CR fields (#11052) 2022-04-08 11:55:43 +02:00
Andrea Peruffo
7816e69e38
Build the Olm bundle and test it in CI (#10949)
* Building the OLM bundle

* kustomize the main CRD for the OLM bundle

* minor fixes
2022-04-08 10:22:01 +02:00
Stefan Guilhen
d952669f69 Add clearUpdatedFlag so the flag in associated protocol mappers can be cleared as well
Closes #11118
2022-04-08 09:36:55 +02:00
Michal Hajas
1f2ebf4cba Add HotRod no downtime store for Realms
Closes #9670
2022-04-08 09:36:01 +02:00
Martin Kanis
3bb4081bd1 Convert user / client session entities into interface 2022-04-08 09:34:01 +02:00
Dominik Guhr
9cb38087b4 Add section about hostname syntax to hostname guide
Superseeds PR #11139, as validation needs more investigation to work for everyone

Closes #11134
2022-04-07 15:14:43 -03:00
Michal Hajas
f4f5928727 Add type to filters in MapResourceStore
Closes #11154
2022-04-07 15:10:20 -03:00
Pedro Igor
b4770c30fd Fixing NPE when querying resources by type
Closes #11137
2022-04-07 15:10:20 -03:00