mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
24,504 Commits 20 Branches 287 Tags
archive/release/24.0
Commit Graph

24504 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Guilhen
d82cf44561 Ensure LDAPStorageMapper.getGroupMembers is taking the fetch strategy in consideration when retrieving the members 
- fixes issue when MEMBER-OF strategy is selected but ignored when listing members

Closes #33477

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit b2e8942dd1)
 2025-02-20 17:11:02 -03:00
Bruno Oliveira da Silva
4acbdaa792 Update snyk and trivy policies based on our maintanance policy 
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>

Closes #37480
 2025-02-19 13:27:17 -03:00
Marek Posolda
5dcc64b1ec Password policies like NoUsername should compare in case-insensitive way 
closes #37431

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 2bcd2dbe74)
 2025-02-18 14:17:58 +00:00
Bruno Oliveira da Silva
3634607bac CVE-2024-47072 - XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream 
Closes #37360

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
 2025-02-14 16:22:33 +00:00
Bruno Oliveira da Silva
5b565cb9a4 Trivy workflow is not reporting issues on other branches [24.0] (#37335) 
Trivy workflow is not reporting issues on other branches

Closes #37331

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
 2025-02-14 10:27:48 -03:00
Bruno Oliveira da Silva
3905f7fe2f Revert "[Backport] Snyk report to identify branches impacted by a CVE" 
This reverts commit 859a926597.

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
 2025-02-13 22:31:19 -03:00
Ricardo Martin
cae58cb0dc Manage exceptions in waitForPageToLoad for chrome error in version 132 
Closes #36781
Closes #36782
Closes #36902

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit efbeb8caa6)
 2025-02-04 09:06:00 +00:00
Václav Muzikář
153cc24e57 Upgrade to Quarkus 3.8.6 (#36795) 
Closes #32981

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-01-28 18:05:56 +01:00
Alexander Schwartz
2dd99d1fef Avoid using docker hub for pulling images (#36714) 
Closes #36331

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-28 11:33:39 +01:00
andymunro
645f75470b Add Dependency section for creating an SPI 
Closes #36798

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 1912602a5a)
 2025-01-28 09:36:43 +01:00
Ricardo Martin
332c12bcea Add some common headers for the links check in docs 
Closes #36675

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 17d2dd58ca)
 2025-01-27 12:47:31 +01:00
andymunro
6da34dc836 Openshift conflict 
Closes #36745

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
(cherry picked from commit 9ab28e7ffe)
 2025-01-27 08:56:08 +01:00
Vlasta Ramik
e443802f18 Update index-creation-threshold in migrate_db.adoc 
Closes #36669

(cherry picked from commit a01c8da2bd)

Signed-off-by: vramik <vramik@redhat.com>
 2025-01-24 13:36:23 +00:00
Jon Koops
3333dc1a42 Upgrade artifact actions to latest version (#28483) 
Cherry-picked 88d5970944

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-01-24 10:12:32 -03:00
Joerg Matysiak
63c4585c27 Allow view users attached to one specific client role (#30834) (#36352) 
Closes #24522

Signed-off-by: Joerg Matysiak <Joerg.Matysiak@bosch.com>
 2025-01-14 11:44:19 +01:00
Alexander Schwartz
4993788997 Avoid being rate-limited by LinkedIn in tests 
Closes #36375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-14 10:52:15 +01:00
Daniel Fesenmeyer
1ef50f584f Fix user attributes search: Fix the JS error when switching from "default search" to "attributes search" 
Closes #35950

Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
 2025-01-13 17:39:28 +01:00
mposolda
c5bed0a940 Token revocation may not correctly revoke related access tokens 
closes #35813

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit efdc42c2a4)
 2025-01-13 17:38:41 +01:00
mposolda
9f5b60cdc3 When using the token revocation endpoint with refresh-token, only particular clientSession related to given refresh token should be terminated 
closes #35486

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 3fca2f3b7f)
 2025-01-13 17:38:41 +01:00
Marek Posolda
60bf57cd13 Failed to authenticate client with method client_secret_jwt when client has keys generated 
closes #34547

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 9b01e958dc)
 2025-01-13 17:36:44 +01:00
Thomas Darimont
772b1fdaad Fix content-type for content.json 
We now send the content-type `application/json` when JSON resources are requested via the resources endpoint.
Previously, those resources were using content-type `application/octet-stream`.
Also removed the duplicate entry for `text/javascript` content type mapping.

Fixes #35971

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
(cherry picked from commit 7b62c0d266)
 2025-01-13 17:35:49 +01:00
Steven Hawkins
9e147664ef fix: remove the use of regex for determining local addresses 
closes: #36227

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit 696bc07103)
 2025-01-13 17:30:34 +01:00
Pedro Igor
125f66e7d0 Exact searches should be the default when querying user by attributes (#35869) 
Closes #35822

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-12-13 08:45:38 +01:00
Steven Hawkins
5061ca4a99 fix: using regex to expand local ipv6 matching (#35736) (#35738) 
closes: #35675

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit 80890737d4)
 2024-12-09 19:41:22 +01:00
Peter Skopek
091e732e63 SAML Adapter Galleon Pack for EAP8 cannot use new metadata options for layers 
Closes #35410

Signed-off-by: Peter Skopek <pskopek@redhat.com>
(cherry picked from commit aceb8bce92)
 2024-12-03 12:21:16 +01:00
Rishabh Singh
e39457d979 setting the user in ExecuteActionsActionTokenHandler.handleToken to manage user null case in FreeMarkerLoginFormsProvider.createResponse 
Closes #17233

Signed-off-by: Rishabh Singh <rishabhsvats@gmail.com>
(cherry picked from commit 8cad78b1df)
 2024-11-29 16:39:06 +01:00
Alexander Schwartz
ca7b0299c6 Moving the docs to the correct patch release 
Closes #12671

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-28 10:13:52 +01:00
Jon Koops
b756844919 Use a hidden form to do POST based logout (#34694) (#34953) 
Closes #32648

Signed-off-by: Jon Koops <jonkoops@gmail.com>
(cherry picked from commit b2930a4799)
 2024-11-22 13:16:08 +01:00
Steven Hawkins
0537659e91 fix: ensures that properties are runtime properties are filtered (#218) 
closes: #CVE-2024-10451

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-11-18 11:33:15 +01:00
Peter Zaoral
22f0f81507 fix: prevent inclusion of characters that could lead to FileVault path traversal (#219) 
Closes: #211

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-11-18 09:28:05 +01:00
Steven Hawkins
d0eaed4d82 fix: returning addresses instead of hosts on the ClientConnection (#217) 
also consolidates checks of whether a host or address is local

closes: #CVE-2024-9666

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-11-18 09:25:36 +01:00
Douglas Palmer
c4160df1e8 EMBARGOED CVE-2024-10270 org.keycloak/keycloak-services: Keycloak Denial of Service (#216) 
Closes #CVE-2024-10270

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-11-14 09:47:34 +01:00
Václav Muzikář
3da16eed1f Update docs with security warning around client certificate lookup (#215) 
Closes #203

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-11-13 16:18:26 +01:00
Stan Silvert
b01a55710d Let create/edit client role w/ fine-grained auth. (#34672) 
Fixes #31537


(cherry picked from commit 85a0fa389c)

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2024-11-07 16:39:03 +01:00
Erik Jan de Wit
b82d67e4cd added exact search option to attributes (#34135) 
(cherry picked from commit a339e79d3e)

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-10-23 14:32:47 -04:00
vramik
3f095fe9b5 Wildcard search not working for custom user attributes 
Closes #32451

Signed-off-by: vramik <vramik@redhat.com>

(cherry picked from commit b7eaa9b0cb)
 2024-10-22 15:57:35 -03:00
vramik
ce695ac8e3 12671 querying by user attribute no longer forces case insensitivity for keys 
Closes #12671

Signed-off-by: vramik <vramik@redhat.com>

(cherry picked from commit 0542554984)
 2024-10-18 06:54:05 -03:00
Alexander Schwartz
3d91f8c73d Fixing link to external docs 
Closes #33991

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-17 18:22:49 -03:00
Ryan Emerson
280b68af78 AuroraDB IT - Error creating EC2 runner instance 
Closes #33874

- Use venv to install python dependencies
- Utilise latest ansible version
- Utilise RHEL 9 image to update python versions

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-10-17 12:24:45 +02:00
Ricardo Martin
99eafb1a5e Fix CRL verification failing due to client cert not being in chain (#29582) 
closes #19853

Signed-off-by: Micah Algard <micahalgard@gmail.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>

Co-authored-by: Micah Algard <micahalgard@gmail.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 74a80997c7)
 2024-10-17 10:38:59 +02:00
rmartinc
dc96ac56d7 Change certificates for SAML testing 
Closes #34004

In upstream this was solved by e9c9efc3f4
but the backport needs to strip the commit and just maintain the
certificate changes.

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-17 09:15:05 +02:00
rmartinc
7719933d44 Run all maven commands inside the ubi docker container 
Closes #33881

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-17 09:15:05 +02:00
mposolda
b4b43efa69 Temporarily comment FIPS CI until it is figured what causes the issue 
closes #33875

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-17 09:15:05 +02:00
Ricardo Martin
99dc668d55 Bump @playwright/test from 1.47.2 to 1.48.0 (#33993) 
Bumps [@playwright/test](https://github.com/microsoft/playwright) from 1.47.2 to 1.48.0.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.47.2...v1.48.0)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...


(cherry picked from commit d334eeaebc)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-16 14:41:52 +02:00
Ricardo Martin
e2904a31af Bump manusa/actions-setup-minikube from 2.11.0 to 2.13.0 (#33801) (#33934) 
Bumps [manusa/actions-setup-minikube](https://github.com/manusa/actions-setup-minikube) from 2.11.0 to 2.13.0.
- [Release notes](https://github.com/manusa/actions-setup-minikube/releases)
- [Commits](https://github.com/manusa/actions-setup-minikube/compare/v2.11.0...v2.13.0)

---
updated-dependencies:
- dependency-name: manusa/actions-setup-minikube
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 268229dbe8)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-15 12:50:24 +02:00
Alexander Schwartz
28638dc97e Fixing broken links after KC26 docs changes 
Closes #33576

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-14 10:50:40 +02:00
mposolda
d38f0ec19f Better logging when error happens during transaction commit 
closes #33275

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 07cf71e818)
 2024-10-08 13:15:49 +02:00
Ricardo Martin
47b91ac68b Fixes a race condition in the test suite causing sporadic failures (#33561) 
Closes #33064

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-10-04 14:38:01 +00:00
Giuseppe Graziano
5344aada5e Remove root auth session after backchannel logout 
Closes #32197

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
(cherry picked from commit b46fab2308)
 2024-10-03 08:49:56 +02:00
mposolda
1e4bb18638 Add link to EAP 8 documentation to the SAML documentation 
closes #33426

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-02 19:11:55 +02:00