New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.
Closes#30934
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Old Active/Passive guides replaced with Active/Active architecture, but
A/P vs A/A distinction hidden from users in favour of generic multi-site
docs.
Closes#31029
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
If administrator selects EXTERNAL for Require SSL setting, allow clear-text
HTTP requests when client is coming from IPv6 link-local or unique local
address (ULA).
Previously only private IPv4 addresses were allowed and private IPv6 addresses
were rejected.
Closes#30678
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes#31328
Signed-off-by: rmartinc <rmartinc@redhat.com>
Closes#31334
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Closes#31695
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Closes: #30011
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
* Added field to the RealmImport spec to replace environment variables within the realm import
Closes#26470
Signed-off-by: stustison <scott.tustison@gmail.com>
* Added field to the RealmImport spec to replace environment variables within the realm import
Closes#26470
Signed-off-by: stustison <scott.tustison@gmail.com>
* testing refinement for placeholder handling
closes: #26470
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* changing from placeholdersecret to placeholder
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update docs/guides/operator/realm-import.adoc
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* Update docs/documentation/release_notes/topics/26_0_0.adoc
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
---------
Signed-off-by: stustison <scott.tustison@gmail.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: stustison <scott.tustison@gmail.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* enhance: add bootstrap admin handling to the operator
closes: #30004
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update docs/guides/operator/advanced-configuration.adoc
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* enhance: add bootstrap admin handling to the operator
closes: #30004
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
A bug in Infinispan prevents the metrics to be registered if the "stack"
is not specified.
Change the default configuration shipped with Keycloak to use the UDP
stack as default.
UDP is the default in previous Keycloak versions.
Fixes#31218
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Fixes#27677
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
closes: #30658
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
* Disable username prohibited chars validator when email as the username is set
Closes#25339
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
In the latest Keycloak version (v25.0.1) the cache options are not build options anymore. They now have to be provided during runtime.
Closes#31050
Signed-off-by: Diego Garcia Lozano <diegogarcialozano95@gmail.com>
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction
Fixes#22209
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* use provided scope for maven dependencies
As the maven-plugin-plugin suggests, dependencies to the maven runtime
should be in provided scope.
This gets rid of the according warning which was written during build.
Before Maven 3.9, plexus-utils was injected in the classpath at runtime.
As of Maven 3.9 this is not the case anymore which broke the plugin due
to a usage of said dependency. The only usage is replaced by a visitor
to copy files.
Closes#30542
Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
* Guides need to see maven's Log class
Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
---------
Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
* bump BCFIPS to 1.0.2.5
* fix bc-fips related test error
* remove unused imports
Closes: #26568
Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP
Signed-off-by: tmorin <git@morin.io>
* Adding broker test and minor improvements
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing IdentityProviderTest
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Renaming methods related to idp initiated flows
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
* Fixing partial_import_test.spec.ts
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---------
Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
* Add missing space
Fix the website on https://www.keycloak.org/server/db showing some asciidoc related `ifeval` text
Closes#30417
Signed-off-by: Wim Deblauwe <wim.deblauwe@gmail.com>
* Review and rework for grammar and syntax
Closes#30417
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
---------
Signed-off-by: Wim Deblauwe <wim.deblauwe@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* change to make authServerUrl the same as authUrl
fixes: #29641
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Remove `authUrl` entirely
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Remove file that is unrelated
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Split out and align environment variables between consoles
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Restore removed variables to preserve backwards compatibility
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Also deprecate the `authUrl` for the Admin Console
Signed-off-by: Jon Koops <jonkoops@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
* OpenJDK 21 support
Closes#28517
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* x509 SAN UPN other name is not handled in JDK 21 (#904)
closes#29968
Signed-off-by: mposolda <mposolda@gmail.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Closes: #29491
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Closes#29787
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Closes#29561
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Closes#29548
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Closes#29218
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker.
Closes#11757
Signed-off-by: Thore <thore@kruess.xyz>
Run `chmod -x` on files that need not be executable.
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* fully removing providers and moving the keycloaksession creation / final
cleanup
also deprecated Resteasy utility methods
closes: #29223
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time
Closes#28861
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>