mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
23,457 Commits 20 Branches 287 Tags
archive/release/23.0
Commit Graph

23457 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jon Koops
c56a2da3c6 Run Cypress tests in parallel using cypress-split (#20685) (#27199) 
Closes #27194

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-02-21 12:25:28 +00:00
Tomas Ondrusko
e44df38908 Fix Microsoft social login test case 
Resolves #27120

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
(cherry picked from commit 055a0e2231)
 2024-02-20 11:43:47 +01:00
Stefan Guilhen
c6bee418d7 Check if kerberos auth is enabled before creating the kerberos principal in LDAPStorageProvider 
- prevents misleading warn messages from being logged

Closes #25294

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit 143ccbfa15)
 2024-02-16 17:21:51 +01:00
Alexander Schwartz
907aadfbf4 Use the appropriate database dialect to add quotes to the schema name 
Closes #25961

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-16 17:11:36 +01:00
Stefan Guilhen
c7a20935e7 Avoid changing the config value for the useTruststoreSpi property 
- prevents cached LDAPConfig entry from changing when retrieving this value

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit eac43822c3)
 2024-02-16 16:55:14 +01:00
Stefan Guilhen
6c2433634b Fix MembershipType so that NPE is not thrown when an empty member is found within a group 
Closes #25883

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit d3ae075a33)
 2024-02-16 16:24:59 +01:00
Michal Hajas
b53600ac49 Add caching for subGroupsCount 
Closes #25731

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 14:32:41 +01:00
Michal Hajas
124d32f5b3 Make sure pagination is used even when first is null for getGroups endpoint 
Closes #25731

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 14:32:41 +01:00
Thomas Darimont
d73148089b Shorter lifespan for offline session cache entries in memory 
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 93fc6a6c54)
 2024-02-13 18:01:16 +01:00
Steven Hawkins
a26fd88208 Fipsdist test changes backport (#26928) 
* fix: switching the raw distribution to a weak readiness check (#26097)

also adding a thread dump if the server doesn't seem to stop properly

closes: #23786

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* addendum to #23786 - readiness check should end after the first dump (#26215)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Stabilizing the FipsDistTest

* increased the timeout to let Keycloak stop

Closes #26374

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>

* fix: increases another timeout to accomodate for the transaction timeout (#26566)

closes: #26529

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: completely removing problematic assertion (#26613)

closes: #26529

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
 2024-02-12 12:53:35 +00:00
Sebastian Schuster
bc6e222e98 use login realm (#25466) (#26926) 
fixes: #22431, fixes: #25152

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-02-09 17:11:52 +01:00
Dominik Topp
e42ca7ccdb Fix for freemarker template URL sanitization in template.ftl (#26838) 
closes #26826

Signed-off-by: Dominik Topp <19268966+dominiktopp@users.noreply.github.com>
(cherry picked from commit edd68d12fb)
 2024-02-08 14:18:03 +01:00
Stian Thorgersen
8056135e2a Ignore empty attribute values when retriveing boolean/int/long (#26729) 
Resolves #26597, resolves #26665

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-02 13:31:30 +01:00
Václav Muzikář
56a33436f0 Fix createdAt format in Operator CSV (#26428) (#26553) 
Closes #26427

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
(cherry picked from commit 7a57bfb504)
 2024-01-29 12:55:57 +01:00
Václav Muzikář
c1d60364c2 Upgrade to Quarkus 3.2.10.Final (#26534) 
Closes #26417

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-01-29 08:38:48 +01:00
Sebastian Schuster
7c6d5e42b6 Allow authorization changes with fine-grained client access and manage-authorization. (#25280) (#26394) 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
 2024-01-22 17:42:23 +00:00
Sebastian Schuster
6a1f19e8a3 Make role mapping tab visible with view user permissions (#26386) (#26391) 
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Salem Wafi <32916450+SalemWafi@users.noreply.github.com>
 2024-01-22 16:42:17 +00:00
Alexander Schwartz
081ddb0a7e Remove product specific content about Linux only (#26376) 
Closes #26220

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-22 16:31:53 +01:00
rmartinc
b639314632 Assume test testEncryptedElementIsReadableInDep in FIPS mode 
Closes #26303

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-18 19:14:58 +01:00
rmartinc
f9049565a9 Sanitize logs in JBossLoggingEventListenerProvider 
Closes #25078

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 179ca3fa3a)
 2024-01-15 10:11:10 +01:00
Alexander Schwartz
165c733e83 Remove conditionals about Linux vs. Windows (#26087) 
Closes #26028

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-15 09:24:19 +01:00
Stan Silvert
548c00d1e0 account.v3 allow adding scripts like in v2 (#26142) 
Fixes #25502

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2024-01-12 10:01:15 -05:00
Hynek Mlnařík
cdf60fcea0 Support OR condition for forms + authz (#24879) 
Closes: #24586

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit c03c2e953a)
 2024-01-11 19:54:09 +01:00
Hynek Mlnařík
d9b2b7f82e Use proper attribute name in UI 
Fixes: #25827

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit 0bf1fe3eb3)
 2024-01-11 13:16:04 +01:00
Alexander Schwartz
c1157a3966 Fix OfflineServletAdapterTest failures, and improve logging (#26044) 
Closes #25714
Closes #14448

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

(cherry picked from commit 03372d2f41)
 2024-01-11 12:58:27 +01:00
andymunro
2ac433d6d6 Clarify note about containers 
Closes #26006

(cherry picked from commit 964bdb4bc1)

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-01-11 08:06:54 +01:00
AndyMunro
09d86a1058 Change RHDG to Infinispan 
Closes #26083

Signed-off-by: AndyMunro <amunro@redhat.com>
(cherry picked from commit 520c849995)
 2024-01-10 18:06:09 +01:00
Tomas Ondrusko
2b4e49e87e Update web elements of the Instagram login page 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
(cherry picked from commit 26342d829c)
 2024-01-09 15:54:02 +01:00
Sebastian Schuster
4c82f231d8 enable dot in attribute when user profile enabled 
Closes #24918

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-01-09 14:50:48 +00:00
Daniel Fesenmeyer
3947958ab6 Bugfix for: Removing all group attributes no longer works with keycloak-admin-client (java) 
Closes #25677

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
(cherry picked from commit baafb670f7)
 2024-01-09 14:53:09 +01:00
Alexander Schwartz
397ee94d0a Add the build step to the overall status check (#26014) 
Closes #25981

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-09 13:34:18 +01:00
Hynek Mlnařík
04f2f90c04 added permission checking to ui-ext realm resource so realm names are not leaked to users without the appropriate permissions. #25679 (#25683) (#25845) 
Closes: #25392
Closes: #25679

Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
(cherry picked from commit 9be7f0e474)

Co-authored-by: Garth <244253+xgp@users.noreply.github.com>
 2024-01-09 10:25:46 +01:00
Steven Hawkins
1b65d4a0f4 fix: do not split on space for option errors (#25955) 
closes #25783

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-01-08 20:21:17 +00:00
Ryan Emerson
bcfcea65c6 Update Route53 HA guide to be compatible with ROSA and OpenShift 4.14.x (#25900) 
Closes #25733

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-08 16:34:50 +01:00
Pedro Ruivo
5ebcf584e2 High Availability Docs: use unbounded token for cross-site connection 
Expirable tokens are more secure but it requires manual intervention to
create and share them when they expire.

I have updated the documentation to use non-expirable tokens.

Closes #25909

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-08 16:34:24 +01:00
Ricardo Martin
4188bc33ae Escape action in the form_post.jwt and only decode path in RedirectUtils (#93) 
Closes #90

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-04 13:46:43 +01:00
Jordi Mallach
c46920bfdd Fix links in HTML email templates 
Closes #25878

Signed-off-by: Jordi Mallach <jordi@mallach.net>
 2024-01-03 17:58:51 +00:00
Réda Housni Alaoui
53731027be @NoCache is not considered anymore 
Closes #25120

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>

Conflicts:
	rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/UserResource.java
	services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
	services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
	services/src/main/java/org/keycloak/authorization/admin/ScopeService.java
	services/src/main/java/org/keycloak/services/resources/account/SessionResource.java
	testsuite/integration-arquillian/test-apps/servlets-jakarta/pom.xml
 2024-01-02 19:10:40 +01:00
Hynek Mlnařík
e3d24311c1 Do not show sign-out action for offline sessions (#25577) 
Closes: #24763

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit c6ce859493)
 2024-01-02 15:27:51 +01:00
Alexander Schwartz
de3634a1de Adding a test case to check that the expiration time is set on logout tokens 
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 9e890264df)
 2023-12-27 14:39:36 +01:00
Niko Köbler
9659182472 add the exp claim to the backchannel logout token 
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.

As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.

resolves #25753

Signed-off-by: Niko Köbler <niko@n-k.de>
(cherry picked from commit 5e623f42d4)
 2023-12-27 14:39:36 +01:00
Niko Köbler
ca7b8d610b make css classes for password visibility configurable through theme properties 
Closes #25016

Signed-off-by: Niko Köbler <niko@n-k.de>
(cherry picked from commit a5f276ce28)
 2023-12-22 11:37:23 +01:00
Alexander Schwartz
a28e8e0063 Adding parsing of "fixes"/"fixed" Keyword and the colon (#25755) 
Closes #25633

(cherry picked from commit a420b46913)

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-22 10:45:44 +01:00
rmartinc
2b785ac7e1 Workaround to allow percent chars in getGroupByPath via PathSegment 
Closes #25111

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 522e8d2887)
 2023-12-20 13:11:52 +01:00
mposolda
753485c1c5 User Profile: If required roles ('user') and reqired scopes are set, the required scopes have no effect 
closes #25475

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit cd154cf318)
 2023-12-18 14:47:00 -03:00
Alexander Schwartz
79f3ca5590 Showing the original exception plus any swallowed exceptions (#25616) 
Closes #25424

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit c4ada85233)
 2023-12-18 12:01:49 +01:00
Marek Posolda
48dcaf83eb Change arg of getSubGroups to briefRepresentation (#25587) 
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
(cherry picked from commit 860978b15a)

Co-authored-by: Erwin Rooijakkers <erwin@rooijakkers.software>
 2023-12-18 10:49:35 +00:00
Alexander Schwartz
ff2242cabb Avoid shutdown of Infinispan when using cache (#25615) 
Closes #24508

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit e01827693a)
 2023-12-18 10:22:43 +01:00
Martin Bartoš
e1d0b45f61 PubKeySignRegisterTest failures in WebAuthn tests 
Fixes #9693

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-12-15 17:37:37 +01:00
rmartinc
3d16564f0d Do not allow remove a credential in account endpoint if provider marks it as not removable 
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit d004e9295f)
 2023-12-15 13:42:49 +01:00