Commit graph

14045 commits

Author SHA1 Message Date
Michal Hajas
99c06d1102
Authorization services refactoring
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
Václav Muzikář
c0255cbeea
Secret references in Keycloak CRD (#10716) 2022-03-22 11:16:54 +01:00
Alexander Schwartz
fb92b95c33 Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible.
This reverts commit bc27c7c464.

Closes #10840
2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6 Hot Rod map storage: Authentication session no-downtime store 2022-03-22 09:05:52 +01:00
jcz1
1604fb59e6
Update db.adoc (#10753)
redundant text
2022-03-22 08:46:47 +01:00
Pedro Igor
ffa6df5547
Fixes to hostname (#10820)
Closes #10627
Closes #10331
2022-03-22 08:11:50 +01:00
Martin Kanis
2394855f48 Add merge tasks optimization to ConcurrentHashMapKeycloakTransaction.delete 2022-03-21 16:45:48 +01:00
Joaquim Fellmann
92c4e6d585
KEYCLOAK-16134 Allow webauthn idless login flow (#7860)
Closes #10832
2022-03-21 11:37:33 +01:00
Pedro Igor
183ad30755 Capacity to change hibernate dialect
Closes #10749
2022-03-21 07:18:01 -03:00
Dominik Guhr
441ba8d2c8 Update Quarkus to 2.7.5
No dependencies changed for us. No startup degradation (instead it got a bit better afaict)

Closes #10819
2022-03-18 16:21:46 -03:00
JPA2015
a5a384b4d5 #10443 start-dev: parsing command lines parameters
kc.bat called "shift" twice after parsing "start-dev". But "start-dev" is only one parameter so that "shift" should be called only once or else further command line parameters won't be parsed correctly.

Closes #10443
2022-03-18 16:19:10 -03:00
Clara Fang
bc27c7c464 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
Closes #10333
2022-03-18 11:20:52 +01:00
Andrea Peruffo
b66115c1df
Create missing data folder in docker image (#10783)
Resolves #10806
2022-03-17 14:50:38 -03:00
Michal Hajas
c18a682f50 Do not store undefined values in store
Closes #10744
2022-03-17 16:44:33 +01:00
Sebastian Rose
99f27497f4 KEYCLOAK-19329 Fix message for access token response claim in admin ui
Added missing properties.

Closes #9364
2022-03-17 09:48:29 -03:00
Stian Thorgersen
494948cb92
Fix GPG sign (#10782) 2022-03-17 08:55:40 +01:00
Bruno Oliveira da Silva
8aa394ca6b Update to Liquibase 4.8.0
Closes #10678

Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-03-16 13:46:31 -03:00
Stian Thorgersen
842218a7ed
Prevent GPG from using pinentry programs (#10771) 2022-03-16 16:28:13 +01:00
Dominik Guhr
db6621cd21 Fix regressions in operator testsuite 2022-03-16 12:03:19 -03:00
Dominik Guhr
b82b0000bc fixes port not recognized when setting hostname and port without proxy
Closes #10627

Closes #10331
2022-03-16 12:03:19 -03:00
Pedro Igor
53bbf307b3 Support for running the client using different JAX-RS Client implementations
Closes #9539

Co-authored-by: geoand <geoand@gmail.com>
2022-03-16 11:58:03 -03:00
andreaTP
59450948f4 Initial bootstrap admin 2022-03-16 10:44:25 -03:00
andreaTP
6621fb3988 Publish operator image to Quay 2022-03-16 10:17:45 -03:00
andreaTP
0e398b947b Increase Hang Detection Timeout in Operator Tests 2022-03-16 10:17:13 -03:00
andreaTP
c3348c8931 Deploy a default ingress along with the Deployment 2022-03-16 09:54:48 -03:00
Stian Thorgersen
0de7bae121
Sign artefacts uploaded to Maven Central (#10766)
Closes #10765
2022-03-16 13:20:27 +01:00
Yoann Guion
3d470126de include AuthnContextDecl if present during SAML Assertion Serialization
Closes #10743
2022-03-16 12:12:35 +01:00
Bruno Oliveira da Silva
6ebad26904
Failure to upload the SARIF file on pull requests (#10725)
The changes proposed here will resolve the issues we have with
pull-request after the merge of #10606. It creates 3 different
workflows to conditionally execute the job based on changes submitted.

A detailed explanation about the issue can be found on #10717.

Resolves #10717
2022-03-15 08:59:59 +01:00
Stian Thorgersen
1b214aaed6
Publish directly to Sonatype OSSRH (#10712)
Closes #10711
2022-03-15 08:59:11 +01:00
Stian Thorgersen
4eb1720259
GitHub Action to release Keycloak container (#10683)
Closes #10682
2022-03-15 08:58:44 +01:00
andreaTP
533a332ca9 Append the legacy CRD using a Json patch 2022-03-14 18:09:33 -03:00
Alexander Schwartz
8d1a47f768 adding missing log4j configuration to prevent errors in the log
Closes #10613
2022-03-14 10:12:49 -03:00
Pedro Igor
ad865e75c1 Change the flush mode to auto and fixing how entities are checked if they are loaded in the EM
Closes #10411
2022-03-11 12:21:52 -03:00
Bruno Oliveira da Silva
f06ba05405
The CodeQL analysis is broken due to the large content of the SARIF file (#10606)
The issue was originally caused by high number of flows paths per alert
generated by the LDAP federation module. That was identified taking the
SARIF file generated and running:

```
jq '.runs[0].results | map({query_id: .rule.id, numPaths: .codeFlows |
length})' java.sarif

```

Together we reduced the number of flows paths, adding optimizations to
skip some paths and avoid false alerts.

Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>

Closes #10203

Co-authored-by: Joshua Mulliken <joshua@mulliken.net>
2022-03-11 13:55:17 +01:00
Stian Thorgersen
30d2dcb7b3
Updates readme to new Quarkus container images (#10706)
Closes #10564
2022-03-11 11:09:24 +01:00
Dominik Guhr
fb41c52675
Update to Quarkus 2.7.4 (#10687)
includes ispn 13.0.6

Closes #10685
2022-03-11 09:25:34 +01:00
Bruno Oliveira da Silva
68c7032f1e
Mismatch between RESTEasy dependency on Operator and Quarkus distribution Closes #10702 (#10703) 2022-03-11 09:24:54 +01:00
mposolda
9e12587181 Protocol mapper and client scope for 'acr' claim
Closes #10161
2022-03-11 09:23:25 +01:00
Martin Bartoš
8ee7ae24de Make WebAuthn feature default for the product version
Closes #10695
2022-03-10 19:00:54 +01:00
Dominik Guhr
5233f2a729 Remove wrong message from build command help
Closes #10664
2022-03-10 13:36:48 -03:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730)
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
2022-03-10 15:49:25 +01:00
Martin Bartoš
8a0f1ccb34 Properly execute AuthenticationFlowCallbackProviderTest with Map storage
Closes #10268, Closes #10225
2022-03-10 15:00:23 +01:00
rmartinc
a7c8aa1dd3
[#10616] Incorrect username logged for federated accounts (#10662)
Closes #10616
2022-03-10 13:21:39 +01:00
Marcelo Daniel Silva Sales
0c25da542c
Update secret rotation when the policy is disabled (#10674)
Closes #10667
2022-03-10 13:03:09 +01:00
Martin Kanis
1a4d7c297a
Change authentication sessions map to set (#10596) 2022-03-10 08:45:24 +01:00
andreaTP
6504c058dd Harden operator CI 2022-03-09 10:30:18 -03:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname
It's always a converter, unless electricity is involved.

Closes #10573
2022-03-09 08:28:52 -03:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation (#10603)
Closes #10602
2022-03-09 00:05:14 +01:00
andreaTP
fd2cd688b8 TLS config in the operator 2022-03-08 15:21:11 -03:00