Commit graph

520 commits

Author SHA1 Message Date
Martin Bartoš
f0162db56f
Cache guide does not properly print cache-stack values (#31943)
* Cache guide does not properly print cache-stack values

Ability to choose expected values strict

Fixes #31941

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add Javadoc

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Reflect non-strict values in docs

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Use 'or any' in docs for non-strict expected values

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Edit approved files for HelpCommandDistTest

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-13 08:35:40 +00:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-12 20:35:50 +02:00
Steven Hawkins
ea3937f37c
fix: always replacing placeholders (#31871)
closes: #31625

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 16:20:47 +00:00
Steven Hawkins
b72ddbcc45
fix: add a warning log if a deprecated admin env variable is used (#32038)
closes: #31491

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 08:54:30 +02:00
Martin Bartoš
5b83a7993c
Support OpenTelemetry tracing
Closes #28581

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
2024-08-08 16:48:29 +02:00
Steven Hawkins
10fae5de7a
fix: adding weak validation of spi options (#31737)
closes: #27298

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:21:24 -04:00
Steven Hawkins
7ce6f12fe3
fix: adds a check for duplicate users/clients to simplify cmd errors (#31583)
also changes temp-admin-service to temp-admin

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-08 08:20:33 -04:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Pedro Ruivo
1e9f6bbb8c Non clustered Keycloak with External Infinispan feature
Disables JGroups (clustering) when remote-cache feature is enabled

Fixes #31876

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-05 17:04:36 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-01 16:16:19 +02:00
Ryan Emerson
349ff51116 Log a warning if remote-store configuration exists when the REMOTE_CACHE Feature is enabled
Closes #31775

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-31 16:59:05 +02:00
Martin Bartoš
4d60c91cb8
Improve Quarkus configuration tests execution (#31668)
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-07-26 14:47:51 +00:00
Stian Thorgersen
b4368b75e6
Testsuite PoC - Use service account for admin client (#31478)
Signed-off-by: stianst <stianst@gmail.com>
2024-07-24 13:14:50 +02:00
Steven Hawkins
6378dcbac2
fix: additional consolidation / refinement of argument parsing (#31448)
closes: #26339

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-24 10:23:23 +02:00
Steven Hawkins
d970521415
fix: fail to start if the admin user can't be added (#31207)
also allowing the bootstrap options to be used by the cli, which
requires hidden options to stay hidden

and a minor refactoring for clarity

closes: #31160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-18 10:27:48 -04:00
Pedro Ruivo
9b39498085
Add default stack in cache-ispn.xml
A bug in Infinispan prevents the metrics to be registered if the "stack"
is not specified.
Change the default configuration shipped with Keycloak to use the UDP
stack as default.
UDP is the default in previous Keycloak versions.

Fixes #31218

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-16 12:05:38 +02:00
Steve Hawkins
d5041816b6 fix: check for blank password / client secret
closes: #30540

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-11 14:43:01 +02:00
Pedro Igor
2da37542e8 Adding simple cache to cache-local.xml
Closes #31064

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-05 10:10:39 +02:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user (#30054)
* fix: adding password and service account based bootstrap and recovery

closes: #29324, #30002, #30003

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Fix tests

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-07-03 15:23:40 +02:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-02 16:02:35 +00:00
Alexander Schwartz
1edf444bc8
Re-augment at start after a previous dev mode (#30461)
Closes #30460

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-26 09:00:54 +00:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072)
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e External Infinispan as cache - Part 2
Includes a new implementation for the providers:

* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory

Closes #28648

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Alexander Schwartz
3bcb8787c8 Remove AUTO_SERVER H2 default JDBC property
This avoids problems if the hostname can't be resolved by InetAddress.getLocalHost()

Closes #26042

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-19 10:30:36 +02:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474)
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-13 18:02:46 +02:00
Jon Koops
c7361ccf6e
Run the Vite dev server through the Keycloak server (#27311)
Closes #19750
Closes #28643
Closes #30115

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-12 11:55:14 +02:00
Václav Muzikář
375ea9da03
Enhance masking around config-keystore (#30348)
Closes #30346

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-06-12 08:54:45 +02:00
Alexander Schwartz
1b821f3267 Ensure that Java's ForkJoinPool is initialized with Quarkus' ThreadPoolFactory
Closes #30120

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-05 08:08:01 +02:00
Pedro Ruivo
82beee607e
Workaround for cache initialization failure discovered in #30120
Create Infinispan configuration in the main thread to have access to the
default option values.

Fixes #30130

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-04 11:35:32 +00:00
Peter Zaoral
cd2451d58b
Remove Oracle JDBC driver out of the box (#29895)
Closes: #29491

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-05-31 17:21:19 +00:00
Stian Thorgersen
568a5cb678
JUnit 5 test framework PoC (#29517)
Closes #29516

Signed-off-by: stianst <stianst@gmail.com>
2024-05-27 10:05:35 -03:00
Ryan Emerson
0f17f0abc5
Require external Infinispan be of version 15 or greater
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 11:26:26 +00:00
Case Walker
f32cd91792 Upgrade owasp-java-html-sanitizer, address all fallout
Signed-off-by: Case Walker <case.b.walker@gmail.com>
2024-05-22 09:15:25 +02:00
Steven Hawkins
8151c93bc7
fix: removes the warning of ignored buildtime options, unless changed (#29425)
closes: #28654

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-16 17:02:13 +00:00
Alexander Schwartz
8deca303e2
Update instruction on how to enable persistent sessions (#29490)
Closes #29489

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-15 13:26:51 +02:00
Alexander Schwartz
6fbe207d64
Create documentation for persistent user sessions
Closes #29218

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-05-13 11:02:45 +02:00
Peter Zaoral
3ec51d1c4d
quarkus-next: Replace deprecated QUARKUS_PROFILE_PROP constant (#29439)
Closes: #29438

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-05-13 08:47:38 +02:00
Pedro Igor
a19c364428
Vault configuration category available to the export command (#29400)
Closes #29376

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-09 10:24:58 +02:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-08 17:18:39 +02:00
Michal Hajas
128bba34d3 Remove PERSISTENT_USER_SESSIONS_No_CACHE feature
Closes #29264

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-05-06 08:53:39 +02:00
Steven Hawkins
4697cc956b
further refinement of context handling (#28182)
* fully removing providers and moving the keycloaksession creation / final
cleanup

also deprecated Resteasy utility methods

closes: #29223

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-02 11:21:01 -04:00
Steven Hawkins
f3227c325a
fix: remove runtime related warnings from rebuild (#29110)
closes: #28948

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-02 16:34:08 +02:00
Pedro Ruivo
17a700b6b9 Use cache.compute() method to improve the replace retry loop
Closes #29073

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-29 12:24:33 +02:00
Alexander Schwartz
324da02732 Moving admin user creation to the Quarkus startup phase
Closes #29072

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-25 22:44:16 +02:00
Peter Zaoral
86b280349b
Make PropertyMapper to use Keycloak options' default values (#29030)
* improved a condition in PropertyMapper.java




Related to: #28856

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-25 10:57:28 +02:00
Alexander Schwartz
5ae1712f73
Fixing the condition for remote TLS and username/password (#28950)
Closes #28949

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-22 13:38:46 +02:00
Alexander Schwartz
071032a108 Fixing the condition for embedded cache MTLS encryption
Closes #28750

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00