Commit graph

632 commits

Author SHA1 Message Date
Jan Lieskovsky
f3796d2eb8 [KEYCLOAK-8452] Return the definition of the 'keycloak' cache-container
into the infinispan subsystem

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2018-10-24 08:22:43 +02:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
stianst
11374a2707 KEYCLOAK-8556 Improvements to profile 2018-10-12 12:26:37 +02:00
mposolda
4483677cdd KEYCLOAK-8529 Fix most of adapter tests on EAP6 2018-10-12 12:01:33 +02:00
Takashi Mogi
c3f1bd5a25 KEYCLOAK-8342 Add core-management module to standalone and standaloen-ha 2018-10-08 22:21:07 +02:00
stianst
6ebc6c0354 KEYCLOAK-8437 Remove Keycloak demo dist 2018-10-04 20:54:23 +02:00
Pedro Igor
0a6e22ba54 [KEYCLOAK-8412] - Upgrade to Drools 7.11.0.Final 2018-10-04 09:41:41 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
Dmitry Telegin
bc8763ccf3 KEYCLOAK-7858 - OIDC servlet filter adapter OSGi support 2018-09-04 11:29:45 +02:00
mposolda
6fc99cd749 KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
stianst
90bafee5eb Fixes to examples-dist for removed Fuse example 2018-08-15 16:57:23 +02:00
mposolda
a63676ce93 KEYCLOAK-7989 Running server config migration fails due the Hostname SPI 2018-08-03 13:47:17 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
ssilvert@win.redhat.com
e7e15652cf KEYCLOAK-7479: Sanitize 2018-08-01 14:22:39 -04:00
stianst
f99299ee39 KEYCLOAK-7967 Introduce Hostname SPI 2018-08-01 11:57:45 +02:00
Pedro Igor
3fc6eed1ce [KEYCLOAK-7827] - Missing org.jboss.logging dependency to keycloak-authz-client module 2018-07-13 09:17:49 -03:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
Grzegorz Grzybek
3c9d3c2c04 [KEYCLOAK-7681] Review pax-web OSGi dependencies
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2018-06-22 13:47:20 +02:00
Martin Kanis
998227ac53 KEYCLOAK-5461 Upgrade to Liquibase 3.5.5 2018-06-22 13:20:10 +02:00
Hynek Mlnarik
d3a6b6f587 KEYCLOAK-7678 Remove osgi-thirdparty module 2018-06-21 15:35:03 +02:00
Grzegorz Grzybek
f90e0fc14c [KEYCLOAK-7425] Correctly import packages of httpclient and http core, fix Karaf feature 2018-06-21 14:28:47 +02:00
stianst
e98fcfe56e KEYCLOAK-7641 Add details on how to build server-only, including some fixes to poms 2018-06-18 10:38:15 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Hynek Mlnarik
6a2f73df9c KEYCLOAK-7433 Update licenses 2018-05-25 11:27:51 +02:00
Hynek Mlnarik
dd6735285d KEYCLOAK-7438 Don't create symlinks in download-license-files.sh 2018-05-25 09:50:41 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Hynek Mlnarik
1e438cdc45 KEYCLOAK-7277 KEYCLOAK-7282 Tomcat 8/Pax Web integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
d70859ef1b KEYCLOAK-7277 KEYCLOAK-7282 Jetty/Pax Web integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
3ab8ff2ea1 KEYCLOAK-5522 Features and distibution 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
cace03c3cc KEYCLOAK-7279 Camel/Undertow integration 2018-05-23 13:14:07 +02:00
Hynek Mlnarik
dd65c231f9 KEYCLOAK-7277 KEYCLOAK-7282 Undertow/Pax Web integration 2018-05-23 13:14:07 +02:00
Vlasta Ramik
8022a74565 KEYCLOAK-7274 Hardcoded config in offline adapter installation scripts (#5184) 2018-05-03 19:50:36 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
stianst
66186273ca Removed authz from examples-dist 2018-03-26 18:17:38 +02:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Alex Szczuczko
3ade41a76d KEYCLOAK-6299 Upstream keycloak-javadocs-pom into the product profile of keycloak-api-docs-dist
A product profile has been added to keycloak-api-docs-dist, to replace the
downstream product javadocs POM. I've merged in any misc. changes from that
pom, but I've kept the upstream zip layout:

```
index.html
rest-api/index.html
javadocs/index.html
javadocs/index-all.html
javadocs/*
```

instead of the current product deliverable layout of:

```
META-INF/*
index.html
index-all.html
*
```

The community layout includes the rest-api that's distributed as a separate
product deliverable in 7.2.0. I've kept this layout for better artifact
consistency, but it could easily be changed to keep the product artifacts
consistent for the next product minor version.
2018-03-20 04:41:31 +01:00
stianst
505cf5b251 KEYCLOAK-6519 Theme resource provider 2018-02-09 08:28:59 +01:00
David
2743e4a182 Update changes on sssd.conf file to make script idempotent 2018-02-06 09:04:37 -02:00
Hynek Mlnarik
972c3dd36b KEYCLOAK-6521 Update licenses 2018-02-06 11:58:11 +01:00
Martin Kanis
6b8ec0bb82 KEYCLOAK-6154 Exclude common-logging/codec from keycloak-osgi-thirdparty 2018-01-31 21:26:41 +01:00
Bruno Oliveira
179e371d0e [KEYCLOAK-6298] SAML adapter script should support offline installation of adapter 2018-01-31 17:10:31 -02:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
stianst
c7ce279aef KEYCLOAK-6076 Exclude transitive dependencies in Fuse ZIP 2017-12-21 09:03:21 +01:00
stianst
61fe554617 KEYCLOAK-6051 Fix licenses 2017-12-19 08:20:29 +01:00
Martin Kanis
47721957b7 KEYCLOAK-6018 Create BOM for Drools dependencies 2017-12-14 14:51:25 +01:00
stianst
35e60e0aa4 KEYCLOAK-5957 2017-12-06 08:59:40 +01:00
Hynek Mlnarik
b4532ec629 KEYCLOAK-5964 Fix keycloak-install-base.cli client session caches 2017-12-04 12:15:07 +01:00
pedroigor
b1127ffafe [KEYCLOAK-5953] - Making elytron dependencies optional 2017-12-04 10:13:55 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
Peter Nalyvayko
b8e5fd2b99 KC-4335: working on adding a reverse proxy support to allow X.509 client certificate authentication when running keycloak behind a reverse proxy
KC-4335: reverse proxy => a swtich to change a type of reverse proxy when running the X509 integration tests; changes to the names of the reverse proxy providers

KC-4335: updated the migration scripts to add x509 spi to standalone and domain configurations; removed the HAproxy and apache x509 spi configuration
2017-11-30 11:00:32 +01:00
Alex Szczuczko
c860ca61c3 KEYCLOAK-5843 Add custom license processing plugin to avoid directory symlinks (#4723)
Symlinks are frequently unavailable on Windows (must be on NTFS and user must
have SeCreateSymbolicLinkPrivilege). Removing the symlinks for licenses/common/
should enable the build to function mostly normally on Windows. The individual
license files will be incorrect, but that shouldn't matter for local builds.
Release builds are done on *nix.

The plugin rolls several different plugin executions into one. The common files
are distributed using a resource jar, used by and unpacked by the plugin.
2017-11-27 12:31:31 -05:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Stian Thorgersen
e28652489e KEYCLOAK-5565 Change theme files to writable to permit patching 2017-11-09 15:37:01 +01:00
Pedro Igor
476dd1cef5 [KEYCLOAK-4439] - Fixing saml adapter 2017-11-08 19:01:54 -02:00
Alex Szczuczko
eb46f403d6 Extract the license files with maven-dependency-plugin instead of wildfly-server-provisioning-maven-plugin
This works around WFBUILD-27 aka wildfly/wildfly-build-tools#39. Once that's merged and new version is released this commit can be reverted.
2017-11-08 12:58:38 +01:00
Alex Szczuczko
9c0ec8cb10 Enforce a standard sort order on deduplication in download-license-files.sh
This will avoid noise in the diffs (files switching between symlink and regular
status) when users on systems with a different default sort order run the
script. `LC_ALL=C sort` will sort by byte order.
2017-11-08 12:58:38 +01:00
Alex Szczuczko
d268412738 Initial run of download-license-files.sh on license XMLs
Command line used:

find -path '*/src/main/resources/licenses' | while read -r r; do pushd "$r"; common/download-license-files.sh rh-sso/licenses.xml; common/download-license-files.sh keycloak/licenses.xml; popd; done
2017-11-08 12:58:38 +01:00
Alex Szczuczko
e360aadcd4 Explicitly define the dependency for unpacking in js-adapter-zip.
This makes it visible to append-product-licenses.groovy and other plugins.
2017-11-08 12:58:38 +01:00
Alex Szczuczko
f88b3cddb6 Port forward license data from maintenance, with improvements.
org.keycloak dependencies will be automatically added to the xml during the
build, removing the need for runs of download-license-files.sh every time the
keycloak version changes.

Documentation on "why and how" for the license data has also been added.

To reduce code duplication issues, plugin definitions are stored in
keycloak-parent, but only active in the projects that need them (not bound to
any phase by default). Also, the common files have been moved into
licenses/common/, so that a single symlink will suffice to replicate the
current and future files needed by the plugin executions. While the
assembly.xml definitions remain duplicated, they are fairly minimal and
shouldn't need to change often.

License data is available for all adapters shipped in the product, plus
server-feature-pack.

The keycloak slot is populated with data, in addition to the rh-sso slot. A
number of the adapters don't depend on any third-party artifacts, so they have
(mostly) blank license.xml files.
2017-11-08 12:58:38 +01:00
Marek Posolda
9e2ab2750a Merge pull request #4616 from vramik/KEYCLOAK-5749
KEYCLOAK-5749 Update migration scripts for WildFly 11 Final
2017-10-26 13:24:29 +02:00
vramik
906538e6aa KEYCLOAK-5749 Update migration scripts for WildFly 11 Final 2017-10-26 11:21:48 +02:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
Hynek Mlnarik
d01be82b35 KEYCLOAK-5700 Add option to build jarless Wildfly distro
Use via the following maven command:

mvn clean install -Pdistribution -Dkeycloak.provisioning.xml=server-provisioning-devel.xml
2017-10-18 15:14:58 +02:00
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
vramik
a42e0d6a31 KEYCLOAK-5674 updated migration scripts 2017-10-16 22:36:40 +02:00
Stan Silvert
6082e49252 KEYCLOAK-4952: Header information disclosure 2017-10-06 16:04:39 -04:00
Stian Thorgersen
ee35673615 KEYCLOAK-1250 Profile and console loader for new account management console 2017-09-14 19:53:02 +02:00
Bill Burke
e907a9aa6d put back elytron and resteasy providers 2017-09-11 17:21:30 -04:00
Bill Burke
cf47d49fc6 add back multipart provider 2017-09-11 09:47:56 -04:00
Bill Burke
1ed5730769 add back multipart, remove elytron 2017-09-08 14:47:37 -04:00
Bill Burke
9f660b48c4 KEYCLOAK-5439 2017-09-08 11:28:12 -04:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Stian Thorgersen
8cc1d02d46 KEYCLOAK-5342 (#4431) 2017-08-28 14:35:58 +02:00
Hynek Mlnarik
794c508b10 KEYCLOAK-4995 Support for distributed SAML logout in cross DC 2017-08-28 13:15:11 +02:00
Stian Thorgersen
31be564fa3 KEYCLOAK-5339 Upgrade to WildFly 11 CR1 (#4429) 2017-08-28 12:06:37 +02:00
Pedro Igor
a6dfb4ccdd [KEYCLOAK-5015] - Support for Elytron capabilities in subsystem 2017-08-22 18:01:19 -03:00
Pedro Igor
d3e559453b [KEYCLOAK-5015] - Updating Elytron Adapters 2017-08-22 18:01:19 -03:00
Markus Heberling
ef32585f57 create JS source maps (#4365)
updated minify plugin to 1.7.6
switch minify plugin to use CLOSURE compiler
enable source map generation https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k
include source maps in distribution files
2017-08-22 08:10:09 +02:00
Stian Thorgersen
efd44d86c5 KEYCLOAK-5263 (#4393) 2017-08-17 14:40:29 +02:00
Stian Thorgersen
ae54dd848d KEYCLOAK-5185 (#4392) 2017-08-17 13:15:41 +02:00
Hynek Mlnarik
f5d7f9b09b KEYCLOAK-5216 ClassNotFoundException when using SAML ECP 2017-07-21 15:57:14 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Stian Thorgersen
073f1eda54 Fix dependency exclusions in server-dist to make sure dependency versions are inherited from WF 2017-06-27 14:24:22 +02:00
Stian Thorgersen
af63fcbc4d KEYCLOAK-4891 Add keycloak-api-docs-dist to mvn repo in prod profile 2017-06-26 19:54:33 +02:00
Hynek Mlnarik
955cbc76d7 KEYCLOAK-5030 Change action tokens cache type to distributed 2017-06-26 10:11:53 +02:00
Pedro Igor
1d5bd2567e [KEYCLOAK-4913] - Caching more query methods 2017-05-23 16:13:20 -03:00
Stian Thorgersen
43a625db28 KEYCLOAK-4477 Fix update to WF 11 2017-05-19 08:31:29 +02:00
Stian Thorgersen
cc42ea9332 KEYCLOAK-4773 Remove 'providers' directory 2017-05-19 06:24:58 +02:00
Stian Thorgersen
9ec3a8c3d9 KEYCLOAK-4933 Fixes 2017-05-19 06:24:58 +02:00
Stian Thorgersen
2e83eda172 KEYCLOAK-4477 Update to WildFly 11 2017-05-19 06:24:58 +02:00
Stian Thorgersen
6d8a3f7a8b KEYCLOAK-4933 Fixes 2017-05-19 06:24:58 +02:00
Bob McWhirter
56d68c17f5 KEYCLOAK-4933
Use a newer version of the server-provisioning-plugin.

By using a newer version of the plugin, we can reduce
the amount of build code that replicates the provisioning
logic when building overlays.

This applies to both:

* Server distribution overlay
* Adapter distribution overlay

Both overlays are created purely by using the provisioning
plugin and the feature-packs produced elsewhere in the build,
along with the admin-cli artifact when appropriate.
2017-05-19 06:24:58 +02:00
Stian Thorgersen
28acf489a1 KEYCLOAK-4921
add-user-keycloak broken
2017-05-18 09:33:33 +02:00
mposolda
c178a2392d KEYCLOAK-4907 Fix postgresql and mssql. Fix migration 2017-05-17 22:44:44 +02:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
mposolda
db8b733610 KEYCLOAK-4626 Fix TrustStoreEmailTest and PolicyEvaluationCompositeRoleTest. Distribution update 2017-05-11 22:16:26 +02:00
Pedro Igor
978619ead0 [KEYCLOAK-4867] - Missing cache config in server overlay 2017-05-09 14:21:06 -03:00
Stian Thorgersen
e6477ed261 KEYCLOAK-4856
[RHSSO] Adapter feature pack requires org.jboss.eap:wildfly-feature-pack in product
2017-05-05 12:08:22 +02:00