Commit graph

25920 commits

Author SHA1 Message Date
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928)
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-08 17:29:35 +02:00
Martin Bartoš
5b83a7993c
Support OpenTelemetry tracing
Closes #28581

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
2024-08-08 16:48:29 +02:00
Steven Hawkins
10fae5de7a
fix: adding weak validation of spi options (#31737)
closes: #27298

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:21:24 -04:00
Steven Hawkins
a7c71dc0bc
task: removing 10 second poll for optional secrets / configmaps (#31729)
closes: #31680

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:21:04 -04:00
Steven Hawkins
7ce6f12fe3
fix: adds a check for duplicate users/clients to simplify cmd errors (#31583)
also changes temp-admin-service to temp-admin

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:20:33 -04:00
kaustubh-rh
e090b0d260
Fix for Network error attempting to view events without permissions (#31920)
* Fix for #31918

Signed-off-by: kaustubh B <kbawanka@redhat.com>

* Update js/apps/admin-ui/src/realm-settings/RealmSettingsTabs.tsx

Co-authored-by: Stan Silvert <ssilvert@redhat.com>
Signed-off-by: kaustubh-rh <88367583+kaustubh-rh@users.noreply.github.com>

---------

Signed-off-by: kaustubh B <kbawanka@redhat.com>
Signed-off-by: kaustubh-rh <88367583+kaustubh-rh@users.noreply.github.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
2024-08-07 14:18:04 -04:00
Ryan Emerson
c0a51b94ea Update HA cache configurations to latest blueprint
Closes #31029

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-08-07 19:06:14 +02:00
Pedro Igor
3ab2446074 Do not return identity providers when querying the realm representation
Closes #21072

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-07 10:06:51 -03:00
StephanSchrader
4d64092119
Fix persist config values for custom components (#31862)
Closes #31858

Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de>
Signed-off-by: Stephan Schrader <zstephanz@gmail.com>
Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>
2024-08-07 14:40:30 +02:00
rmartinc
acbbfde4ab Adding upgrading notes for brute force changes
Closes #31960

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-07 14:38:30 +02:00
Pascal Knüppel
f3341390f4
Issuer id must be a URL according to specification (#30961)
fixes #30960

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-08-07 14:35:58 +02:00
Martin Kanis
e750b44e9d Flaky test: org.keycloak.testsuite.model.DBLockTest#testTwoLocksCurrently
Closes #25794

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-07 09:00:37 -03:00
Ryan Emerson
31d610c2fc Upgrade to Infinispan 15.0.7.Final
Closes #31963

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-08-07 13:32:23 +02:00
Pascal Knüppel
bf951a5554
Fix certificate creation with cross-keys (#31866)
fixes #31864

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-08-07 12:41:12 +02:00
Giuseppe Graziano
35c8c09b8d OIDC dynamic client registration with response_type=none
Closes #19564

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-07 10:34:47 +02:00
Ryan Emerson
db14ab1365
Refactor HA guide to refer to generic multi-site deployments
Old Active/Passive guides replaced with Active/Active architecture, but
A/P vs A/A distinction hidden from users in favour of generic multi-site
docs.

Closes #31029

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-07 08:22:59 +00:00
rmartinc
8a09905e5c Remove the attempt in brute force when the off-thread finishes
Closes #31881

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-06 15:30:49 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Pedro Ruivo
3fbe26d2e1 Disable SessionTimeoutsTest for old cross-site code
The test is disabled for the embedded caches + remote store combination
(old cross-site code) due to the async event processing.

Events can be handled after the test changes the time offset, causing
the test to fail.

Fixes #31612

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-06 15:33:44 +02:00
Hasan Can Erol
f4f8688a14
Turkish translations added for login (#31052)
Signed-off-by: Hasan Can Erol <hsncan.erol@gmail.com>
Co-authored-by: Hasan Can Erol <hsncan.erol@gmail.com>
2024-08-06 13:07:08 +00:00
Jon Koops
38f185dff1
Update ESLint dependencies to latest version (#31831)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-08-06 08:02:18 -04:00
Michal Hajas
6847af0068 Remove InfinispanMultiSiteLoadBalancerCheckProviderFactory.java
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 07:58:12 -03:00
Alexander Schwartz
d08ff5a311 Cache node binary for Windows to avoid download failures
Closes #31835

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-06 07:27:00 -03:00
Erik Jan de Wit
368939f7de
reverted accidental change to logout url (#31907)
fixes: #31781

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-06 11:07:36 +01:00
Javapark
d85fa09823
Korean translation of the login theme (#31919)
Signed-off-by: Javapark <javapark@users.noreply.github.com>
2024-08-06 10:42:03 +02:00
kaustubh-rh
8e81626eee
Fix for #31893 (#31922)
Signed-off-by: kaustubh B <kbawanka@redhat.com>
2024-08-06 09:59:22 +02:00
himanshi1099
7cf9946040
Fix for Network error attempting to view default realm roles without permissions (#31902)
* fix for issue #29211

Signed-off-by: Himanshi Gupta <higupta@redhat.com>

* fix for issue #29211

Signed-off-by: Himanshi Gupta <higupta@redhat.com>

---------

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
2024-08-05 12:38:10 -04:00
Pedro Ruivo
1e9f6bbb8c Non clustered Keycloak with External Infinispan feature
Disables JGroups (clustering) when remote-cache feature is enabled

Fixes #31876

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-05 17:04:36 +02:00
Tero Saarni
62fd969fe1
Allow requests from local IPv6 addresses
If administrator selects EXTERNAL for Require SSL setting, allow clear-text
HTTP requests when client is coming from IPv6 link-local or unique local
address (ULA).

Previously only private IPv4 addresses were allowed and private IPv6 addresses
were rejected.

Closes #30678

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-08-05 16:38:55 +02:00
Jonas-Noah Krausch
7b316afc74
Change {0} to {{name}} to comply with other languages and display correct variable (#31898)
Signed-off-by: Jonas Krausch <jonas.krausch@check24.de>
Co-authored-by: Jonas Krausch <jonas.krausch@check24.de>
2024-08-05 13:47:13 +00:00
Erik Jan de Wit
3f6136c648
use stringify on use meta data descriptor (#31717)
fixes: #31687

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-05 15:37:51 +02:00
Ingrid Kamga
36a141007e
Implement advanced verification of SD-JWT in Keycloak (#30966)
closes #30907

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-05 11:50:03 +02:00
Nikos Epping
4080ee2e84 Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper
Fixes #31575

Signed-off-by: Nikos Epping <n.epping@evosec.de>
2024-08-05 10:22:22 +02:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC (#31763)
closes #31712 

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1 Add a media type to error responses on OID4VC endpoints
Closes #31585

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-02 12:09:09 +02:00
Pascal Knüppel
4a15e1c2b0
Support certificate creation for EC keys (#31817)
fixes #31816

Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-08-02 11:52:48 +02:00
Justin Tay
f537343545 Allow empty key use in JWKS from identity provider
Closes #31823

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-02 11:39:43 +02:00
rmartinc
773e309f75 Parse saml urls correctly if the bindings are different
Closes #31780

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-02 11:34:06 +02:00
rmartinc
942d5d0aa3 Convert chapter planning for securing applications and services to guides
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes #31328

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-01 16:45:56 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-01 16:16:19 +02:00
Ryan Emerson
176ac3404a EmbeddedInfinispanSplitBrainTest fails with "IllegalState Session not bound to a realm"
Closes #31828

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-08-01 13:58:41 +02:00
dependabot[bot]
9cf650b52b
Bump cypress from 13.13.1 to 13.13.2 (#31820)
Bumps [cypress](https://github.com/cypress-io/cypress) from 13.13.1 to 13.13.2.
- [Release notes](https://github.com/cypress-io/cypress/releases)
- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/cypress-io/cypress/compare/v13.13.1...v13.13.2)

---
updated-dependencies:
- dependency-name: cypress
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-01 12:00:07 +02:00
dependabot[bot]
51310fcb71
Bump @types/node from 22.0.0 to 22.0.2 (#31822)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.0.0 to 22.0.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-01 11:58:50 +02:00
Alexander Schwartz
00bfc2c34f
Adding an index for the revoked tokens table to speed up the cleanup (#31790)
Closes #31725

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-01 11:12:53 +02:00
Alexander Schwartz
aa91f60278
Caches the id-to-user mapping for the evaluation in the current session (#31794)
Closes #31519

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-01 10:38:46 +02:00
dependabot[bot]
5284641b9d
Bump typescript-eslint from 7.17.0 to 7.18.0 (#31741)
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 7.17.0 to 7.18.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.18.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 15:36:35 +00:00
dependabot[bot]
d5a2627bdb
Bump husky from 9.1.3 to 9.1.4 (#31740)
Bumps [husky](https://github.com/typicode/husky) from 9.1.3 to 9.1.4.
- [Release notes](https://github.com/typicode/husky/releases)
- [Commits](https://github.com/typicode/husky/compare/v9.1.3...v9.1.4)

---
updated-dependencies:
- dependency-name: husky
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 15:30:50 +00:00
dependabot[bot]
db2b4f452c
Bump eslint-plugin-mocha from 10.4.3 to 10.5.0 (#31742)
Bumps [eslint-plugin-mocha](https://github.com/lo1tuma/eslint-plugin-mocha) from 10.4.3 to 10.5.0.
- [Release notes](https://github.com/lo1tuma/eslint-plugin-mocha/releases)
- [Changelog](https://github.com/lo1tuma/eslint-plugin-mocha/blob/10.5.0/CHANGELOG.md)
- [Commits](https://github.com/lo1tuma/eslint-plugin-mocha/compare/10.4.3...10.5.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-mocha
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 17:24:02 +02:00
dependabot[bot]
05e9671043
Bump @types/node from 20.14.12 to 22.0.0 (#31690)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.14.12 to 22.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 17:08:26 +02:00
Ryan Emerson
349ff51116 Log a warning if remote-store configuration exists when the REMOTE_CACHE Feature is enabled
Closes #31775

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-31 16:59:05 +02:00