Marek Posolda
9cfc1fdfa9
Reduce the redundant tests in fips-suite ( #16970 )
...
Closes #16969
2023-02-09 12:21:33 +01:00
Stefan Guilhen
1da6244ec0
Add retry logic to LoginActionsService#authenticate
...
In addition to that, avoid adding cookies on each retry.
Closes #15849
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-02-09 11:56:15 +01:00
Alex Szczuczko
610e3044ad
Minimize the RPM content of the Quarkus container
...
Even though we use `ubi8-minimal` as the parent of our container, it
still has many RPMs installed that aren't necessary to run the Keycloak
server. Also, since the JDK RPM (that we install on top of
`ubi8-minimal`) is designed for general use, it pulls in more dependency
RPMs than it strictly needs to, like cups and avahi. Keycloak will never
need to access a printer itself!
Trimming down these excess RPMs will improve our CVE statistics with
automated scanners, and therefore let us perform fewer CVE rebuilds.
`ubi8-null.sh` uses the low-level `rpm` command to identify and forcibly
remove dependencies and operating system files that are not required to
boot our Quarkus-based server. This includes `microdnf` and `rpm`
itself! I have preserved bash however, so it's still possible to debug
the container from a shell.
I've created an initial set of allow/disallow lists, that seems to pass
a smoke test (server boots, admin console works). This leaves 37
packages installed, with 96 removed relative to `ubi8-minimal`. We could
go more minimal than this, or less minimal if required. Trial and error
is required.
Closes #16902
2023-02-09 11:20:09 +01:00
Stian Thorgersen
6e1a58adc6
Move getting started and migration guides to main repo ( #16675 )
...
* Move getting started and migration guides to main repo
Closes #16575
* Fix copy images
* Remove images for Vue getting started that remains on website for now
2023-02-09 10:29:41 +01:00
Pedro Igor
017ddc670b
Removing references to old admin console test artifacts
2023-02-08 17:22:45 -03:00
Michael Edgar
9896efd288
Operator: use TLS Edge termination when back-end protocol is HTTP
...
Fixes #16807
Signed-off-by: Michael Edgar <michael@xlate.io>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2023-02-08 16:07:43 +01:00
Pedro Igor
423fc6daba
Flaky test KcOidcBrokerTokenExchangeTest ( #16914 )
...
Closes #16896
2023-02-08 14:49:49 +00:00
Alexander Schwartz
9ecd589690
Update docs to enable downstream processing ( #16595 )
...
Relates to: #16475
2023-02-08 15:33:43 +01:00
Dmitry Telegin
5f39aeb590
Pre-authorization hook for client policies
...
Closes #9017
2023-02-08 15:06:32 +01:00
vramik
fc9e9e6fda
Add support for file store configuration into Quarkus
...
Closes #16821
2023-02-08 14:49:53 +01:00
Stian Thorgersen
ce80c2b4f4
Remove common resources no longer needed after old admin console is removed ( #16908 )
...
Closes #16863
2023-02-08 11:56:55 +01:00
Stian Thorgersen
17083d1c0a
Remove translations for old admin console ( #16905 )
...
Closes #15247
2023-02-08 10:58:34 +01:00
Michal Hajas
6fa62e47db
Leverage HotRod client provided transaction
...
Closes #13280
2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme ( #16864 )
...
Closes #16862
2023-02-08 09:22:39 +01:00
Pedro Igor
75824920aa
Update proxy guide with information about session stickness
...
Closes #16892
2023-02-07 16:42:38 -03:00
Đặng Minh Dũng
d91eeac612
feat: support multi hd in GoogleIdentityProvider
...
Signed-off-by: Đặng Minh Dũng <dungdm93@live.com>
2023-02-07 11:32:35 -03:00
Hynek Mlnařík
f71ab092de
File store basis
...
Fixes : #16676
---
* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite
---------
Co-authored-by: vramik <vramik@redhat.com>
2023-02-07 14:59:23 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature ( #16861 )
...
* Remove old admin console feature
Closes #16860
* Update help txt files for Quarkus tests
2023-02-07 12:59:35 +01:00
Pedro Igor
7b58783255
Allow mapping claims to user attributes when exchanging tokens
...
Closes #8833
2023-02-07 10:57:35 +01:00
Thomas Darimont
e38b7adf92
Revise blacklist password policy provider #8982
...
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages
Supported syntax variant:
`passwordBlacklist(wordlistFilename)`
Fixes #8982
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-02-07 10:36:39 +01:00
Martin Kanis
5ba004b447
Leverage Infinispan lifespan for ExpirableEntities in HotRod storage
2023-02-07 10:01:32 +01:00
Stian Thorgersen
fc075a3d35
Remove old admin console tests ( #16859 )
...
Closes #16858
2023-02-07 08:51:36 +01:00
Bruno Oliveira da Silva
963b7fbc9d
CVE-2022-45047 - Deserialization of Untrusted Data vulnerability in org.apache.sshd:sshd-common
...
Resolves #16779
2023-02-06 16:07:37 -03:00
dependabot[bot]
d32cc7c3f9
Bump github/codeql-action from 2.1.39 to 2.2.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2.1.39...v2.2.1 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 16:04:13 -03:00
Alexander Schwartz
48aae83891
Close prepared statement used to set the lock timeout
...
Closes #16801
2023-02-06 17:30:58 +01:00
dependabot[bot]
71d292ff70
Bump @types/node from 18.11.18 to 18.11.19 in /js ( #16867 )
...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 18.11.18 to 18.11.19.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-06 15:44:10 +00:00
Denis Bernard
5db64133b8
Add Attribute to Group Mapper for SAML IDP
...
Cleansing code as PR Comment
Add test for Advanced Attribute to Group Mapper
Closes #12950
2023-02-06 10:58:48 -03:00
Pedro Igor
1a1ee78dbd
Removing tests from base group broker mapper test classes
2023-02-06 10:58:48 -03:00
dependabot[bot]
9b01bf382d
Bump aquasecurity/trivy-action from 0.8.0 to 0.9.0
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](9ab158e859...cff3e9a7f6
)
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-03 16:32:16 -03:00
Bruno Oliveira da Silva
12cefb9950
Update to Quarkus 2.13.7.Final
...
Resolves #16755
Co-authored-by: Robert Nemeti <r.nemeti@syseleven.de>
2023-02-03 15:03:11 -03:00
mposolda
d495f29a4d
Support to run BCFIPS approved mode tests on GH actions
...
Closes #16440
2023-02-03 16:30:58 +01:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys ( #16798 )
...
Closes #16797
2023-02-03 15:31:25 +01:00
rmartinc
f8f112d8d2
Upgrade twitter4j ( #16828 )
...
Closes https://github.com/keycloak/keycloak/issues/16731
2023-02-03 15:28:37 +01:00
mposolda
0e374c7a45
Any tests using PhantomJS failing in some linux environments
...
closes #16818
2023-02-03 15:19:57 +01:00
Stian Thorgersen
5407228375
Update js-ci.yml ( #16830 )
2023-02-03 12:47:04 +01:00
dependabot[bot]
175624103b
Bump @typescript-eslint/eslint-plugin from 5.49.0 to 5.50.0 in /js ( #16824 )
...
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin ) from 5.49.0 to 5.50.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.50.0/packages/eslint-plugin )
---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-03 12:05:16 +01:00
dependabot[bot]
49bd873dc7
Bump wireit from 0.9.3 to 0.9.4 in /js ( #16823 )
...
Bumps [wireit](https://github.com/google/wireit ) from 0.9.3 to 0.9.4.
- [Release notes](https://github.com/google/wireit/releases )
- [Changelog](https://github.com/google/wireit/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/wireit/compare/v0.9.3...v0.9.4 )
---
updated-dependencies:
- dependency-name: wireit
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-03 12:04:49 +01:00
dependabot[bot]
6de4ebeaa9
Bump @typescript-eslint/parser from 5.49.0 to 5.50.0 in /js ( #16825 )
...
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser ) from 5.49.0 to 5.50.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.50.0/packages/parser )
---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-03 11:50:07 +01:00
dependabot[bot]
7819a289bd
Bump typescript from 4.9.4 to 4.9.5 in /js ( #16826 )
...
Bumps [typescript](https://github.com/Microsoft/TypeScript ) from 4.9.4 to 4.9.5.
- [Release notes](https://github.com/Microsoft/TypeScript/releases )
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.4...v4.9.5 )
---
updated-dependencies:
- dependency-name: typescript
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-03 11:49:41 +01:00
Jon Koops
8cb202eb29
Add JavaScript admin client to repository ( #16697 )
...
* Add JavaScript admin client to repository
* Apply review feedback
Co-authored-by: Stian Thorgersen <stian@redhat.com>
---------
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-02-03 10:45:11 +00:00
Stian Thorgersen
0fa209c29a
WelcomeScreenTest#resourcesTest ( #16761 )
...
* Fix WelcomeScreenTest#resourcesTest
Closes #16669
* Add one more retry
2023-02-03 09:41:48 +01:00
Pedro Igor
263e86e434
Support paths without a beginning slash when setting the root path
...
Closes #16002
2023-02-02 17:41:22 +01:00
Marek Posolda
51bed81814
Fixes for OOB endpoint and KeycloakSanitizer ( #16773 )
...
(cherry picked from commit 91ac2fb9dd50808ff5c76d639594ba14a8d0d016)
2023-02-02 08:34:50 +01:00
Bruno Oliveira da Silva
c585051164
Remove duplicate references on the main pom.xml for SnakeYAML
...
Resolves #16784
2023-02-02 08:20:33 +01:00
Pedro Igor
e3c41ec3a0
Ignoring test methods from parent classes
...
Closes #15687
2023-02-01 14:58:03 -08:00
Bruno Oliveira da Silva
52f9b0df59
Snyk Workflow failing due to the usage of the same category on multiple sections
...
Resolves #16705
2023-02-01 19:11:08 -03:00
Pedro Igor
b5fb528508
Do not enable caching metrics by default and provide a guide
...
Closes #16751
2023-02-01 18:55:43 +01:00
Stian Thorgersen
d9025231f9
HTML Injection in Keycloak Admin REST API ( #16765 )
...
Resolves #GHSA-m4fv-gm5m-4725
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-02-01 14:34:15 +01:00
Bruno Oliveira da Silva
e3ccba3903
CVE-2022-41854/CVE-2022-38752 Snakeyaml vulnerable to Stack overflow leading to denial of service
...
Resolves #16062
2023-02-01 13:45:50 +01:00
Stian Thorgersen
ae189c5a34
Fix pom.xml conditions for workflows ( #16758 )
2023-02-01 08:57:41 +01:00