Pascal Knüppel
bf951a5554
Fix certificate creation with cross-keys ( #31866 )
...
fixes #31864
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-08-07 12:41:12 +02:00
Giuseppe Graziano
35c8c09b8d
OIDC dynamic client registration with response_type=none
...
Closes #19564
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-08-07 10:34:47 +02:00
Ryan Emerson
db14ab1365
Refactor HA guide to refer to generic multi-site deployments
...
Old Active/Passive guides replaced with Active/Active architecture, but
A/P vs A/A distinction hidden from users in favour of generic multi-site
docs.
Closes #31029
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-07 08:22:59 +00:00
rmartinc
8a09905e5c
Remove the attempt in brute force when the off-thread finishes
...
Closes #31881
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-06 15:30:49 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
...
Closes #31807
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Pedro Ruivo
3fbe26d2e1
Disable SessionTimeoutsTest for old cross-site code
...
The test is disabled for the embedded caches + remote store combination
(old cross-site code) due to the async event processing.
Events can be handled after the test changes the time offset, causing
the test to fail.
Fixes #31612
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-06 15:33:44 +02:00
Hasan Can Erol
f4f8688a14
Turkish translations added for login ( #31052 )
...
Signed-off-by: Hasan Can Erol <hsncan.erol@gmail.com>
Co-authored-by: Hasan Can Erol <hsncan.erol@gmail.com>
2024-08-06 13:07:08 +00:00
Jon Koops
38f185dff1
Update ESLint dependencies to latest version ( #31831 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-08-06 08:02:18 -04:00
Michal Hajas
6847af0068
Remove InfinispanMultiSiteLoadBalancerCheckProviderFactory.java
...
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 07:58:12 -03:00
Alexander Schwartz
d08ff5a311
Cache node binary for Windows to avoid download failures
...
Closes #31835
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-06 07:27:00 -03:00
Erik Jan de Wit
368939f7de
reverted accidental change to logout url ( #31907 )
...
fixes : #31781
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-06 11:07:36 +01:00
Javapark
d85fa09823
Korean translation of the login theme ( #31919 )
...
Signed-off-by: Javapark <javapark@users.noreply.github.com>
2024-08-06 10:42:03 +02:00
kaustubh-rh
8e81626eee
Fix for #31893 ( #31922 )
...
Signed-off-by: kaustubh B <kbawanka@redhat.com>
2024-08-06 09:59:22 +02:00
himanshi1099
7cf9946040
Fix for Network error attempting to view default realm roles without permissions ( #31902 )
...
* fix for issue #29211
Signed-off-by: Himanshi Gupta <higupta@redhat.com>
* fix for issue #29211
Signed-off-by: Himanshi Gupta <higupta@redhat.com>
---------
Signed-off-by: Himanshi Gupta <higupta@redhat.com>
2024-08-05 12:38:10 -04:00
Pedro Ruivo
1e9f6bbb8c
Non clustered Keycloak with External Infinispan feature
...
Disables JGroups (clustering) when remote-cache feature is enabled
Fixes #31876
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-05 17:04:36 +02:00
Tero Saarni
62fd969fe1
Allow requests from local IPv6 addresses
...
If administrator selects EXTERNAL for Require SSL setting, allow clear-text
HTTP requests when client is coming from IPv6 link-local or unique local
address (ULA).
Previously only private IPv4 addresses were allowed and private IPv6 addresses
were rejected.
Closes #30678
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-08-05 16:38:55 +02:00
Jonas-Noah Krausch
7b316afc74
Change {0} to {{name}} to comply with other languages and display correct variable ( #31898 )
...
Signed-off-by: Jonas Krausch <jonas.krausch@check24.de>
Co-authored-by: Jonas Krausch <jonas.krausch@check24.de>
2024-08-05 13:47:13 +00:00
Erik Jan de Wit
3f6136c648
use stringify on use meta data descriptor ( #31717 )
...
fixes : #31687
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-08-05 15:37:51 +02:00
Ingrid Kamga
36a141007e
Implement advanced verification of SD-JWT in Keycloak ( #30966 )
...
closes #30907
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-05 11:50:03 +02:00
Nikos Epping
4080ee2e84
Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper
...
Fixes #31575
Signed-off-by: Nikos Epping <n.epping@evosec.de>
2024-08-05 10:22:22 +02:00
Stefan Wiedemann
6258256c1b
Fix access token issue OID4VC ( #31763 )
...
closes #31712
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
2024-08-04 11:42:40 +02:00
Ingrid Kamga
7c69c857a1
Add a media type to error responses on OID4VC endpoints
...
Closes #31585
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
2024-08-02 12:09:09 +02:00
Pascal Knüppel
4a15e1c2b0
Support certificate creation for EC keys ( #31817 )
...
fixes #31816
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
2024-08-02 11:52:48 +02:00
Justin Tay
f537343545
Allow empty key use in JWKS from identity provider
...
Closes #31823
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-02 11:39:43 +02:00
rmartinc
773e309f75
Parse saml urls correctly if the bindings are different
...
Closes #31780
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-02 11:34:06 +02:00
rmartinc
942d5d0aa3
Convert chapter planning for securing applications and services to guides
...
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes #31328
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-01 16:45:56 +02:00
Pedro Ruivo
fed804160b
Enable ProtoStream encoding for External Infinispan feature
...
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.
Fixes #30931
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-01 16:16:19 +02:00
Ryan Emerson
176ac3404a
EmbeddedInfinispanSplitBrainTest fails with "IllegalState Session not bound to a realm"
...
Closes #31828
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-08-01 13:58:41 +02:00
dependabot[bot]
9cf650b52b
Bump cypress from 13.13.1 to 13.13.2 ( #31820 )
...
Bumps [cypress](https://github.com/cypress-io/cypress ) from 13.13.1 to 13.13.2.
- [Release notes](https://github.com/cypress-io/cypress/releases )
- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/cypress-io/cypress/compare/v13.13.1...v13.13.2 )
---
updated-dependencies:
- dependency-name: cypress
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-01 12:00:07 +02:00
dependabot[bot]
51310fcb71
Bump @types/node from 22.0.0 to 22.0.2 ( #31822 )
...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 22.0.0 to 22.0.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-01 11:58:50 +02:00
Alexander Schwartz
00bfc2c34f
Adding an index for the revoked tokens table to speed up the cleanup ( #31790 )
...
Closes #31725
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-01 11:12:53 +02:00
Alexander Schwartz
aa91f60278
Caches the id-to-user mapping for the evaluation in the current session ( #31794 )
...
Closes #31519
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-01 10:38:46 +02:00
dependabot[bot]
5284641b9d
Bump typescript-eslint from 7.17.0 to 7.18.0 ( #31741 )
...
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint ) from 7.17.0 to 7.18.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.18.0/packages/typescript-eslint )
---
updated-dependencies:
- dependency-name: typescript-eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 15:36:35 +00:00
dependabot[bot]
d5a2627bdb
Bump husky from 9.1.3 to 9.1.4 ( #31740 )
...
Bumps [husky](https://github.com/typicode/husky ) from 9.1.3 to 9.1.4.
- [Release notes](https://github.com/typicode/husky/releases )
- [Commits](https://github.com/typicode/husky/compare/v9.1.3...v9.1.4 )
---
updated-dependencies:
- dependency-name: husky
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 15:30:50 +00:00
dependabot[bot]
db2b4f452c
Bump eslint-plugin-mocha from 10.4.3 to 10.5.0 ( #31742 )
...
Bumps [eslint-plugin-mocha](https://github.com/lo1tuma/eslint-plugin-mocha ) from 10.4.3 to 10.5.0.
- [Release notes](https://github.com/lo1tuma/eslint-plugin-mocha/releases )
- [Changelog](https://github.com/lo1tuma/eslint-plugin-mocha/blob/10.5.0/CHANGELOG.md )
- [Commits](https://github.com/lo1tuma/eslint-plugin-mocha/compare/10.4.3...10.5.0 )
---
updated-dependencies:
- dependency-name: eslint-plugin-mocha
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 17:24:02 +02:00
dependabot[bot]
05e9671043
Bump @types/node from 20.14.12 to 22.0.0 ( #31690 )
...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 20.14.12 to 22.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 17:08:26 +02:00
Ryan Emerson
349ff51116
Log a warning if remote-store configuration exists when the REMOTE_CACHE Feature is enabled
...
Closes #31775
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-31 16:59:05 +02:00
Ryan Emerson
8d7e18ec29
Clear local caches on split-brain heal
...
Closes #25837
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-31 13:59:06 +02:00
Pedro Ruivo
17e30e9ec1
Persist revoke tokens with remote cache feature
...
Stores the revoked tokens into the database and preloads them during
startup.
Fixes #31760
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-07-31 11:02:38 +02:00
Giuseppe Graziano
adb2af442a
Move token exchange documentation to guides ( #31707 )
...
Closes #31334
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-07-30 21:04:05 +02:00
Giuseppe Graziano
a3c9944610
Move Keycloak JavaScript adapter to guides ( #31751 )
...
Closes #31695
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-07-30 18:39:33 +02:00
Thomas Darimont
282260dc95
Ensure issued_client_type is always added to successful token-exchange response ( #31548 )
...
- Compute issued_token_type response parameter based on requested_token_type and client configuration
- `issued_token_type` is a required response parameter as per [RFC8693 2.2.1](https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1 )
- Added test to ClientTokenExchangeTest that requests an access-token as requested-token-type
Fixes #31548
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-30 18:33:51 +02:00
rmartinc
a6c70d65ee
Do not generate secret when client rep do not specifiy public or bearer
...
Closes #31444
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-30 18:32:15 +02:00
rmartinc
b07b120f2a
Convert chapter client registration CLI from securing apps into guides
...
Closes #31333
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-30 18:30:46 +02:00
rmartinc
b2b27f8a4e
Convert chapter client registration service from securing apps into guides
...
Closes #31332
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-30 18:30:46 +02:00
Giuseppe Graziano
e1266c2678
Move mod-auth-openidc.adoc to guides
...
Closes #31697
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-30 18:23:40 +02:00
Alexander Schwartz
11b19bc272
For persistent sessions, don't remove user session if there is no session in the remote store ( #31756 )
...
Closes #31115
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-30 17:57:09 +02:00
Erik Jan de Wit
1fe5082edd
Fall back to page properties if no display fields are specified ( #31769 )
...
Closes keycloak/keycloak-quickstarts#587
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-07-30 14:12:13 +00:00
Peter Zaoral
07cfdac862
Document admin bootstrapping and recovery
...
Closes : #30011
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-07-30 15:45:56 +02:00
Pedro Ruivo
e62604b1ec
ConditionalRemover interface for External Infinispan feature
...
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries
On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.
Fixes #31046
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-07-30 15:16:17 +02:00