Commit graph

351 commits

Author SHA1 Message Date
Erik Jan de Wit
e8d8de8936
Use feature versions for admin3, account3, and login2 (#33458)
Closes #33405

Signed-off-by: stianst <stianst@gmail.com>
2024-10-03 12:09:36 +02:00
Stefan Guilhen
9b7cf9d584 Ensure componentsByParentAndType in CachedRealm is returned as a concurrent multi-valued map
Closes #30235

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-01 17:39:00 -03:00
Jon Koops
5e2f09f66d
Remove statically served Keycloak JS from the server (#33083)
Closes #32827

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-09-22 19:05:01 +02:00
rmartinc
c532751ff4 Downgrade Java for client libraries to 8
Closes #33051

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-20 17:01:01 +02:00
Vlasta Ramik
4ce40be1af
Make the ORGANIZATION a default feature (#32404)
Closes #32395

Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 12:19:28 +02:00
Jan-Henrik Bruhn
da5fd31a5f Fix KeycloakUriBuilder for Uris without a host name
Signed-off-by: Jan-Henrik Bruhn <github@jhbruhn.de>
2024-09-18 08:42:06 +02:00
Martin Bartoš
7625e3b4ea
Improve error message when wrong KC profile is set (#32898)
Closes #30454

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
2024-09-16 09:37:20 +02:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Pedro Ruivo
24fce87a8e
Deprecate old remote store (feedback)
Closes #32577

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-11 14:08:53 +00:00
Pedro Ruivo
3274591fe1
Deprecate old remote store
Closes #32577

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-04 10:25:51 +00:00
Martin Bartoš
afcbf79582 OTEL: Profile Feature
Closes #32231

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-30 13:19:09 +02:00
Steven Hawkins
29eb0171de
task: remove hostname v1 (#32352)
closes: #27731

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-28 17:48:06 +02:00
Michal Hajas
f5b2775939 Enable persistent sessions by default
Run CI with the feature disabled to test also the old settings
Closes #32265

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-21 17:37:54 +02:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-19 08:45:23 -03:00
Steven Hawkins
ea3937f37c
fix: always replacing placeholders (#31871)
closes: #31625

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 16:20:47 +00:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928)
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-08 17:29:35 +02:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Tero Saarni
62fd969fe1
Allow requests from local IPv6 addresses
If administrator selects EXTERNAL for Require SSL setting, allow clear-text
HTTP requests when client is coming from IPv6 link-local or unique local
address (ULA).

Previously only private IPv4 addresses were allowed and private IPv6 addresses
were rejected.

Closes #30678

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-08-05 16:38:55 +02:00
Hynek Mlnarik
a7374f92be Update login theme to login v2
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-07-18 14:33:22 +02:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user (#30054)
* fix: adding password and service account based bootstrap and recovery

closes: #29324, #30002, #30003

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Fix tests

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-07-03 15:23:40 +02:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-02 16:02:35 +00:00
rmartinc
c20dbc5c32 Add availability for features and make kerberos use it
Closes #30730

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-26 14:33:38 +02:00
Douglas Palmer
5af3001122 Check if OSGI metadata can be removed entirely
Closes #29104

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-25 14:12:33 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Jon Koops
c7361ccf6e
Run the Vite dev server through the Keycloak server (#27311)
Closes #19750
Closes #28643
Closes #30115

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-12 11:55:14 +02:00
Steven Hawkins
5059a02eb2
fix: minor refinements to collection utils (#29536)
closes: #29535

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-06 10:07:34 -04:00
vramik
2b97859bca Move Organization feature from EXPERIMENTAL to PREVIEW
Closes#30137

Signed-off-by: vramik <vramik@redhat.com>
2024-06-04 09:57:03 -03:00
Jon Koops
a3b2dd0735
Remove deprecated ServerCookie class (#29916)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-05-28 14:14:05 +00:00
Patrick Jennings
84acc953dd
Client type OIDC base read only defaults (#29706)
closes #29742
closes #29422

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-22 09:07:19 +02:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages (#29326)
Update resource file and tests accordingly

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2024-05-16 09:55:41 +02:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305)
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
2024-05-16 07:58:43 +02:00
Alexander Schwartz
6fbe207d64
Create documentation for persistent user sessions
Closes #29218

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-05-13 11:02:45 +02:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971)
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Pedro Ruivo
fe5bed6191
Retry fetching event from remote cache
Closes #28303

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-06 17:27:07 +02:00
Michal Hajas
128bba34d3 Remove PERSISTENT_USER_SESSIONS_No_CACHE feature
Closes #29264

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-05-06 08:53:39 +02:00
Steven Hawkins
4697cc956b
further refinement of context handling (#28182)
* fully removing providers and moving the keycloaksession creation / final
cleanup

also deprecated Resteasy utility methods

closes: #29223

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-02 11:21:01 -04:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872)
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
rmartinc
ddacfbdefd Remove deprecated LinkedIn social provider
Closes #23127

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 (#26345)
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database (#27977)
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.

Closes #27976

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-03-28 09:17:07 +01:00
Jon Koops
3382e16954
Remove Account Console version 2 (#27510)
Closes #19664

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-27 10:53:28 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession (#28150)
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
2024-03-26 13:43:41 -04:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options (#26833)
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:22:41 +01:00
Alexander Schwartz
62d24216e3 Remove offline session preloading
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
vramik
a81d6bb618 Organizations SPI
Closes #27829

Signed-off-by: vramik <vramik@redhat.com>
2024-03-13 10:57:02 -03:00
Martin Bartoš
e4aa1b5f95
Conditionally enable and disable CLI options (#25333)
* Conditionally enable and disable CLI options

Closes #13113

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Support for duplicates in config

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Fix rendering config options in docs

Fixes #26515

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Reorder OptionsDistTest

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-07 20:36:43 +00:00
Alexander Schwartz
d00ef12333
Simplify handling of profile handling in test cases (#27546)
Closes #27545

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:11:21 +01:00
Alexander Schwartz
25f2b52afd Remove the preview note from Keycloak's HA guide
Closes #27084

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 19:59:15 +01:00
Jon Koops
89af9e3ffd
Write announcement and documentation for Account Console v3 (#26318)
Closes #26122

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-02-21 13:42:33 -05:00