Commit graph

794 commits

Author SHA1 Message Date
Pedro Ruivo
29c8060bda Trigger mass re-index of the sessions caches when the entity changes
Closes #32594

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-03 15:48:14 +02:00
nxadm
3c16e2ac77
Document Syslog app-name option (#32524)
Closes #32525

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Claudio Ramirez <pub.claudio@gmail.com>
2024-09-02 12:10:15 +02:00
Martin Bartoš
afcbf79582 OTEL: Profile Feature
Closes #32231

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-30 13:19:09 +02:00
Michal Hajas
af53af1506
Document persistent sessions are enabled by default
Closes #32387

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-30 09:20:58 +00:00
Steve Hawkins
c9779cfa24 fix: adding a first-class option for trusted proxies
closes: #32135

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-29 14:00:27 +02:00
Václav Muzikář
7d3dcae96e
Additional datasources now require XA (#32403)
* Additional datasources now require XA

Closes #32402

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Apply suggestions from code review

Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>

* Relax validation

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Added a note on recovery

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix `CustomJpaEntityProviderDistTest`

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
2024-08-29 11:16:38 +02:00
Václav Muzikář
9bbfec5cdd
Remove GELF (#32230)
Closes #27365

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-08-28 21:25:05 +02:00
Steven Hawkins
29eb0171de
task: remove hostname v1 (#32352)
closes: #27731

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-28 17:48:06 +02:00
Pedro Ruivo
378db25016
Skip creating sessions cache when Persistent Sessions is enabled
Re-order the configuration steps to avoid redundant warnings

Closes #32416

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-27 16:21:08 +00:00
Steven Hawkins
c18a79bfe7
fix: ensure the legacy admin username env can still be used (#32341)
closes: #32333

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-22 13:10:26 +00:00
Steven Hawkins
4fba6b391e
fix: generalizing when enabled like behavior as a validator (#32325)
closes: #32318

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-22 10:51:22 +02:00
Martin Bartoš
37b58bfbc7
Relocate Quarkus resteasy-reactive dependencies to REST (#32313)
Closes #32312

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-21 18:38:04 +02:00
Steven Hawkins
d9a92f5de3
fix: expose bootstrap-admin-* options (#32241)
* fix: expose bootstrap-admin-* options

closes: #32176

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-08-21 15:52:38 +02:00
Václav Muzikář
aee9390812
Resolve disabled options even at fast startup (#32245)
Closes #30380

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-08-20 12:15:32 +02:00
Martin Bartoš
bf5cf47351
Management Interface is turned on even though nothing is exposed on it (#31938)
* Management Interface is turned on even though nothing is exposed on it

Fixes #31818

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove conditional enablement, add relevancy description

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-19 15:52:59 +02:00
Václav Muzikář
799201f406 Fix duplicate options in show-config
Closes #32182

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-08-18 09:29:31 +02:00
Alexander Schwartz
b0dfef0c60
IDE Launcher should set JVM options like kc.sh (#32189)
Closes #32188

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-16 15:56:48 +02:00
Václav Muzikář
cb418b0bfc
Upgrade to Quarkus 3.13.2 (#31678)
* Upgrade to Quarkus 3.13.2

Closes #31676

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-08-16 11:41:34 +02:00
Martin Bartoš
94fb762f8e
Export users throws Disabled option: '--users' (#32126)
Fixes #31515

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-15 09:23:17 +02:00
Martin Bartoš
3ff825807f Tracing - Configurable service name and resource attributes
Closes #32056

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-13 15:43:07 +02:00
Martin Bartoš
f0162db56f
Cache guide does not properly print cache-stack values (#31943)
* Cache guide does not properly print cache-stack values

Ability to choose expected values strict

Fixes #31941

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add Javadoc

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Reflect non-strict values in docs

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Use 'or any' in docs for non-strict expected values

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Edit approved files for HelpCommandDistTest

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-13 08:35:40 +00:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-12 20:35:50 +02:00
Steven Hawkins
ea3937f37c
fix: always replacing placeholders (#31871)
closes: #31625

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 16:20:47 +00:00
Steven Hawkins
b72ddbcc45
fix: add a warning log if a deprecated admin env variable is used (#32038)
closes: #31491

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 08:54:30 +02:00
Alexander Schwartz
704383fc65 Stabilize Infinispan container startup and client connecting to server
Closes #31972

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-09 07:26:58 -03:00
Martin Bartoš
5b83a7993c
Support OpenTelemetry tracing
Closes #28581

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
2024-08-08 16:48:29 +02:00
Steven Hawkins
10fae5de7a
fix: adding weak validation of spi options (#31737)
closes: #27298

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:21:24 -04:00
Steven Hawkins
7ce6f12fe3
fix: adds a check for duplicate users/clients to simplify cmd errors (#31583)
also changes temp-admin-service to temp-admin

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:20:33 -04:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Pedro Ruivo
1e9f6bbb8c Non clustered Keycloak with External Infinispan feature
Disables JGroups (clustering) when remote-cache feature is enabled

Fixes #31876

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-05 17:04:36 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-01 16:16:19 +02:00
Ryan Emerson
349ff51116 Log a warning if remote-store configuration exists when the REMOTE_CACHE Feature is enabled
Closes #31775

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-31 16:59:05 +02:00
Martin Bartoš
4d60c91cb8
Improve Quarkus configuration tests execution (#31668)
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-07-26 14:47:51 +00:00
Alexander Schwartz
6c8aa65346
All CURL commands should check the HTTP response code (#31602)
Closes #31598

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-26 12:38:06 +02:00
Stian Thorgersen
b4368b75e6
Testsuite PoC - Use service account for admin client (#31478)
Signed-off-by: stianst <stianst@gmail.com>
2024-07-24 13:14:50 +02:00
Steven Hawkins
6378dcbac2
fix: additional consolidation / refinement of argument parsing (#31448)
closes: #26339

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-24 10:23:23 +02:00
Steven Hawkins
d970521415
fix: fail to start if the admin user can't be added (#31207)
also allowing the bootstrap options to be used by the cli, which
requires hidden options to stay hidden

and a minor refactoring for clarity

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-18 10:27:48 -04:00
Pedro Ruivo
9b39498085
Add default stack in cache-ispn.xml
A bug in Infinispan prevents the metrics to be registered if the "stack"
is not specified.
Change the default configuration shipped with Keycloak to use the UDP
stack as default.
UDP is the default in previous Keycloak versions.

Fixes #31218

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-16 12:05:38 +02:00
Steven Hawkins
4970a9b729
fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD
closes: #30658

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-07-11 18:07:57 +02:00
Steve Hawkins
d5041816b6 fix: check for blank password / client secret
closes: #30540

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-11 14:43:01 +02:00
Pedro Igor
2da37542e8 Adding simple cache to cache-local.xml
Closes #31064

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-05 10:10:39 +02:00
Steven Hawkins
2e6506cd3a
fix: add quotes to cygwin condition (#31025)
closes: #30967

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: shawkins <shawkins@shawkins-thinkpadp16vgen1.hsd1.pa.comcast.net>
2024-07-03 15:58:30 +02:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user (#30054)
* fix: adding password and service account based bootstrap and recovery

closes: #29324, #30002, #30003

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Fix tests

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-07-03 15:23:40 +02:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-02 16:02:35 +00:00
Alexander Schwartz
1edf444bc8
Re-augment at start after a previous dev mode (#30461)
Closes #30460

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-26 09:00:54 +00:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-25 11:07:27 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072)
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e External Infinispan as cache - Part 2
Includes a new implementation for the providers:

* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory

Closes #28648

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00