Commit graph

369 commits

Author SHA1 Message Date
Douglas Palmer
8d4d5c1c54 Remove redundant servers from the testsuite
Closes #29089

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-30 17:39:32 +02:00
Jon Koops
a6e2ab5523 Remove jaxrs-oauth-client and OIDC servlet-filter adapters
Closes #28784

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-26 15:56:57 +02:00
Douglas Palmer
cca660067a Remove JAAS login modules
Closes #28789

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
eae20c76bd Remove KeycloakInstalled
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>

Closes #28790
2024-04-26 09:30:35 +02:00
Douglas Palmer
b2f09feebf Remove servlet filter saml adapters
Closes #28786

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
3e13b40648 Remove Spring adapters
Closes #28780

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
bf2c97065f Remove SpringBoot adapters
Closes #28781

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
43aa10e091 Remove Tomcat OIDC adapter
Closes #28778

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
98faf6e6a0 Remove Tomcat SAML adapter
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>

Closes #28783
2024-04-26 09:30:35 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715)
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Stefan Guilhen
8ca4bc77a1 Improve the performance of the queries used to find granted resources
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time

Closes #28861

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:26:06 -03:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393)
Closes #26201.

Signed-off-by: Lex Cao <lexcao@foxmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872)
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Martin Bartoš
7f74286106 Emphasize the need for setting container limit
Closes #28729

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-18 15:44:27 +02:00
rmartinc
ddacfbdefd Remove deprecated LinkedIn social provider
Closes #23127

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Martin Bartoš
1fb83bb165
Release notes and Migration guide for Hostname v2 (#28621)
Closes #27730

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:29:59 +02:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-15 15:05:09 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli (#28276)
* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-15 13:04:58 +00:00
Christopher Miles
1646315939 Deny list lower cases all passwords when loading from file
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
2024-04-15 08:49:37 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper (#28663)
closes #28661


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-12 14:13:03 +02:00
Martin Bartoš
a3669a6562
Make general cache options runtime (#28542)
Closes #27549

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-12 11:56:11 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Marek Posolda
74faddec8e
Release notes for lightweight access tokens and group together relate… (#28622)
closes #28460

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 20:02:33 +02:00
Jon Koops
9b94b6f47e
Add release notes for changes to Account and Admin consoles (#28545)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-11 08:42:08 +02:00
Marek Posolda
13daaa55ba
Documentation for changes related to 'You are already logged in' scen… (#28595)
closes #27879

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 08:18:41 +02:00
Giuseppe Graziano
33b747286e Changed userId value for refresh token events
Closes #28567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-11 07:46:44 +02:00
Giuseppe Graziano
c76cbc94d8 Add sub via protocol mapper to access token
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-10 10:40:42 +02:00
Martin Bartoš
b2c88e9876
docs: Support management port for health and metrics (#28213)
Relates to #19334

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 14:33:30 +02:00
Alexander Schwartz
3ba9a905c9 Provide histograms for http server metrics
Closes #28178

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 12:52:42 +02:00
Stian Thorgersen
a499512f35
Set SameSite for all cookies (#28467)
Closes #28465

Signed-off-by: stianst <stianst@gmail.com>
2024-04-09 12:29:19 +02:00
Steve Hawkins
9afe3a2560 fix: changing max threads default
closes: #17483

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-09 12:14:56 +02:00
Martin Bartoš
9c1790af68
Enable Syslog log handler (#28462)
* Enable syslog log handler

Closes #27544

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Suggest an alternative to GELF

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-08 17:38:20 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Giuseppe Graziano
b4f791b632 Remove session_state from tokens
Closes #27624

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-08 08:12:51 +02:00
Stian Thorgersen
b9feaec38e
Ignore all links to GitHub when checking external links in docs due to rate limiting issues (#28472)
Closes #28330

Signed-off-by: stianst <stianst@gmail.com>
2024-04-05 15:36:38 +02:00
Pedro Igor
8fb6d43e07 Do not export ids when exporting authorization settings
Closes #25975

Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-04 19:26:03 +02:00
Clemens Zagler
b44252fde9 authz/client: Fix getPermissions returning wrong type
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this

Closes #16520

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Giuseppe Graziano
fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00
Steven Hawkins
e9ad9d0564
fix: replace aesh with picocli (#27458)
* fix: replace aesh with picocli

closes: #27388

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

* splitting the error handling for password input

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a change note about kcadm

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-03-28 14:34:06 +01:00
Gilvan Filho
757c524cc5 Password policy for not having username in the password
closes #27643

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-03-28 08:29:03 +01:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162)
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 13:04:14 +00:00
rmartinc
d4da0c816c Upgrading note to warn truststore changes affect webauthn registration
Closes #28113

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-22 10:58:48 +01:00
Steven Hawkins
619775b8db
fix: simplifies the parsing routine, which accounts for leading 0's (#28102)
closes: #27839

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-22 09:19:52 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031)
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
Steven Hawkins
cbe185fbab
doc: add a note about lack of other JAX-RS support (#28048)
closes: #27057

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:59:22 +01:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options (#26833)
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:22:41 +01:00
Alexander Schwartz
c4fdf1cee7
Enable HTTP metrics for Keycloak by default (#28088)
Closes #27924

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-21 16:18:03 +01:00
Steve Hawkins
91c89c28e7 fix: changes xa transaction related defaults
xa is not enabled by default
recovery is enabled by default

closes #27308

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:01:19 +01:00
Sebastian Schuster
0542554984 12671 querying by user attribute no longer forces case insensitivity for keys
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-03-21 08:35:29 -03:00