Douglas Palmer
cca660067a
Remove JAAS login modules
...
Closes #28789
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
eae20c76bd
Remove KeycloakInstalled
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Closes #28790
2024-04-26 09:30:35 +02:00
Douglas Palmer
b2f09feebf
Remove servlet filter saml adapters
...
Closes #28786
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
3e13b40648
Remove Spring adapters
...
Closes #28780
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
bf2c97065f
Remove SpringBoot adapters
...
Closes #28781
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
43aa10e091
Remove Tomcat OIDC adapter
...
Closes #28778
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
98faf6e6a0
Remove Tomcat SAML adapter
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Closes #28783
2024-04-26 09:30:35 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
rmartinc
eac4b53751
Incorrect proxyMappings example in the guides
...
Closes #25514
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-22 18:30:41 +02:00
Stefan Guilhen
8ca4bc77a1
Improve the performance of the queries used to find granted resources
...
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time
Closes #28861
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:26:06 -03:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity ( #26393 )
...
Closes #26201 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
Alexander Schwartz
9d0b1ecee4
Review CLI option change for caching
...
Closes #28750
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3de5357091
CLI options to disable encryption and authentication to external Infinispan
...
Closes #28750
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070
Remove deprecated EnvironmentDependentProviderFactory.isSupported method
...
Closes #26280
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Pascal Knüppel
ef45629df4
Add docs for transient-users how to prevent profile-review ( #28889 )
...
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
#relatesTo https://github.com/keycloak/keycloak/discussions/26637
2024-04-18 23:49:51 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access ( #131 ) ( #28872 )
...
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Martin Bartoš
7f74286106
Emphasize the need for setting container limit
...
Closes #28729
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-18 15:44:27 +02:00
Thomas Darimont
eb2936f655
Add note about using groups with transient-users
...
Document an additional approach for managing user-roles for transient-users via groups.
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-18 14:49:18 +02:00
rmartinc
ddacfbdefd
Remove deprecated LinkedIn social provider
...
Closes #23127
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Peter Zaoral
e7dd5c1991
Hostname:v2 docs ( #28123 )
...
* hostname.adoc now contains the new hostname guide
* the old hostname is now available under hostname-deprecated.adoc
Closes : #27729
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:31:14 +02:00
Martin Bartoš
1fb83bb165
Release notes and Migration guide for Hostname v2 ( #28621 )
...
Closes #27730
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:29:59 +02:00
Alexander Schwartz
5b4a69a6e9
Limit the concurrency of password hashing to the number of CPU cores available
...
Closes #28477
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-15 15:05:09 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli ( #28276 )
...
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-15 13:04:58 +00:00
Christopher Miles
1646315939
Deny list lower cases all passwords when loading from file
...
Closes #28381
We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.
Signed-off-by: Christopher Miles <twitch@nervestaple.com>
2024-04-15 08:49:37 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper ( #28663 )
...
closes #28661
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-12 14:13:03 +02:00
Martin Bartoš
a3669a6562
Make general cache options runtime ( #28542 )
...
Closes #27549
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-12 11:56:11 +02:00
rmartinc
6d74e6b289
Escape slashes in full group path representation but disabled by default
...
Closes #23900
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Niko Köbler
67e4015f67
improve doc for transient users
...
adding a note to pay attention especially to the default-roles
Signed-off-by: Niko Köbler <niko@n-k.de>
2024-04-12 10:50:30 +02:00
Marek Posolda
74faddec8e
Release notes for lightweight access tokens and group together relate… ( #28622 )
...
closes #28460
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 20:02:33 +02:00
Jon Koops
9b94b6f47e
Add release notes for changes to Account and Admin consoles ( #28545 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-11 08:42:08 +02:00
Marek Posolda
13daaa55ba
Documentation for changes related to 'You are already logged in' scen… ( #28595 )
...
closes #27879
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 08:18:41 +02:00
Giuseppe Graziano
33b747286e
Changed userId value for refresh token events
...
Closes #28567
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-11 07:46:44 +02:00
Václav Muzikář
33f580daa4
Hostname v2 for Operator ( #28599 )
...
Closes #27728
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-10 18:56:47 +02:00
Giuseppe Graziano
c76cbc94d8
Add sub via protocol mapper to access token
...
Closes #21185
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-10 10:40:42 +02:00
Martin Bartoš
b2c88e9876
docs: Support management port for health and metrics ( #28213 )
...
Relates to #19334
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 14:33:30 +02:00
Alexander Schwartz
3ba9a905c9
Provide histograms for http server metrics
...
Closes #28178
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 12:52:42 +02:00
Stian Thorgersen
a499512f35
Set SameSite for all cookies ( #28467 )
...
Closes #28465
Signed-off-by: stianst <stianst@gmail.com>
2024-04-09 12:29:19 +02:00
Steve Hawkins
9afe3a2560
fix: changing max threads default
...
closes : #17483
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-09 12:14:56 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 ( #26345 )
...
* Hostname SPI v2
Closes : #26084
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comment
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Partially revert the previous fix
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Do not polish values
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Remove filtering of denied categories
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
Martin Bartoš
9c1790af68
Enable Syslog log handler ( #28462 )
...
* Enable syslog log handler
Closes #27544
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Suggest an alternative to GELF
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-08 17:38:20 +02:00
Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Giuseppe Graziano
b4f791b632
Remove session_state from tokens
...
Closes #27624
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-08 08:12:51 +02:00
Stian Thorgersen
b9feaec38e
Ignore all links to GitHub when checking external links in docs due to rate limiting issues ( #28472 )
...
Closes #28330
Signed-off-by: stianst <stianst@gmail.com>
2024-04-05 15:36:38 +02:00
Pedro Igor
8fb6d43e07
Do not export ids when exporting authorization settings
...
Closes #25975
Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-04 19:26:03 +02:00
Ryan Emerson
71eacdc1c5
Update HA Guide now that non-XA mode is the default. Fixes #28142
...
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-04-04 13:15:42 +02:00
Ryan Emerson
9bf131b5fb
HA guide erroneously refers to AWS Global Accelerator. Fixes #28174
...
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-04-04 13:15:42 +02:00
Alexander Schwartz
c1a471755d
Fix lists to be rendered as expected
...
Closes #28377
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-04 11:16:57 +02:00
Alexander Schwartz
1d204e77a4
Fix source highlighting for log output ( #28375 )
...
Closes #28374
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-03 08:32:48 +02:00
Clemens Zagler
b44252fde9
authz/client: Fix getPermissions returning wrong type
...
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this
Closes #16520
Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Giuseppe Graziano
fe06df67c2
New default client scope for 'basic' claims with 'auth_time' protocol mapper
...
Closes #27623
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00