mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
24,504 Commits 20 Branches 287 Tags
archive/release/24.0
Commit Graph

24504 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Schwartz
5cf920fcdc Fix product name usage for downstream documentation 
Closes #29154

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-30 08:28:10 +02:00
Alexander Schwartz
8ae7c8ff3a Moving admin user creation to the Quarkus startup phase 
Closes #29072

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-26 00:23:10 +02:00
Steven Hawkins
5d222b706a fix: ensuring test state is clean between tests 
closes: #27080

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
(cherry picked from commit 26dc81a92f)
 2024-04-24 23:36:05 +02:00
Martin Bartoš
7d756704e0 NoClassDefFoundError for Apache XML and EAP8 (#28447) 
Fixes #24878

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-24 12:07:34 +02:00
agagancarczyk
389c12d307 added helpText for importFileHelp (#28562) 
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
 2024-04-19 15:55:05 +01:00
Hynek Mlnarik
84cb199557 Relax checking of messages 
Related to: #28873
Fixes: #28911

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit 4f30400e07)
 2024-04-19 16:20:19 +02:00
Martin Bartoš
747c435cd4 Emphasize the need for setting container limit 
Closes #28729

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-18 16:26:09 +02:00
rmartinc
047e80445f Better management of the CSP header 
Closes https://github.com/keycloak/keycloak/issues/24568

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 2b769e5129)
 2024-04-18 14:38:10 +02:00
agagancarczyk
f911967340 backport for fixing redirect on cancelling role edit (#28601) 
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
 2024-04-18 12:06:02 +02:00
Giuseppe Graziano
60ea525d1d Added new SessionStateMapper 
Closes #28591

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-18 10:12:12 +02:00
Hynek Mlnařík
b7c6bdd3e1 Fix navigation with realms with special chars (#28349) 
Fixes: #16345

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit 1fbdb62334)
 2024-04-18 08:31:13 +02:00
Stefan Guilhen
88b496a454 Add realm to session context when exporting to prevent NPE when vault is enabled. (#27911) 
Closes #22617

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit 0e717f735e)
 2024-04-18 08:29:59 +02:00
agagancarczyk
00d8afb6e1 backport for issue 28514 (#28558) 
Signed-off-by: Agnieszka Gancarczyk <agancarc@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
 2024-04-18 08:06:08 +02:00
Hynek Mlnarik
25b391d566 Ensure correct treatment of auth and transient users 
This commit establishes consistency in retrieval of users and responses
between `org.keycloak.admin.ui.rest.UsersResource.getUser(String)` and
`org.keycloak.services.resources.admin.UsersResource.user(String)`

Fixes: #28666

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit 146204c5cd)
 2024-04-18 08:02:39 +02:00
graziang
eda33155aa Encode role name parameter in the location header uri 
The role is encoded to avoid template resolution by the URIBuilder. This fix avoids the exception when creating roles with names containing {patterns}.

Closes #27514

Signed-off-by: graziang <g.graziano94@gmail.com>
(cherry picked from commit 39299eeb38)
 2024-04-18 08:01:34 +02:00
Pedro Ruivo
f6af0092a4 Use new remote-store options in HA guides 
Fixes #27508

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-16 20:45:33 +02:00
Alexander Schwartz
261b68927b Add error details to events to be able to track down root causes 
Closes #28429

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-16 20:36:28 +02:00
Alexander Schwartz
a5161f4004 Fix lists to be rendered as expected 
Closes #28377

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-16 20:36:14 +02:00
Šimon Vacek
2b78c83b00 Workflow failure: Fuse adapter tests 
Closes: #27021

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2024-04-16 20:35:09 +02:00
Steven Hawkins
e20efaaf9d fix: adds a test and permissions for cache configmap (#153) 
closes: #28638

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-04-15 11:02:14 +02:00
Jon Koops
3ea3b26730 Allow false to be set for pkceMethod option (#28347) (#152) 
Closes #28335

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-04-09 11:23:19 +02:00
Pedro Igor
eb0f792431 Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user (#150) 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Conflicts:
	docs/documentation/upgrading/topics/changes/changes-24_0_3.adoc
 2024-04-09 08:12:02 +02:00
Stian Thorgersen
8afc60ad33 Ignore all links to GitHub when checking external links in docs due to rate limiting issues (#151) 
Closes #28330

Signed-off-by: stianst <stianst@gmail.com>
 2024-04-09 08:09:54 +02:00
Stefan Guilhen
b64102e76f Align isEnabled in MSAD mappers to how other properties are processed in UserAttributeLDAPStorageMapper (#148) 
- user model is updated by onImport with the enabled/disabled status of the LDAP user
- a config option always.read.enabled.value.from.ldap was introduced, in synch to what we have in UserAttributeLDAPStorageMapper
- isEnabled checks the flag to decide if it should always retrieve the value from LDAP, or return the local value.
- setEnabled first updates the LDAP tx, and then calls the delegate to avoid issue #24201

Closes #26695
Closed #24201

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit 2ca59d4141)
 2024-04-03 11:53:13 +02:00
Pedro Igor
d7947bb336 Resolve the user federation link as null when decorating the user profile metadata in the LDAP provider (#147) 
Closes #28100

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-02 09:14:43 +02:00
Pedro Igor
e3edf76867 Restrict the token types that can be verified when not using the user info endpoint (#146) 
Closes #47

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Conflicts:
	core/src/main/java/org/keycloak/util/TokenUtil.java
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java
 2024-03-23 15:17:52 +01:00
Marek Posolda
77254a28e9 Secondary factor bypass in step-up authentication (#143) 
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-03-23 15:16:21 +01:00
Ricardo Martin
9d9b57879c Better management of domains in TrustedHostClientRegistrationPolicy (#139) 
Closes keycloak/keycloak-private#63

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-23 15:15:14 +01:00
Giuseppe Graziano
aebd051cf0 Avoid the same userSessionId after re-authentication (#136) 
Closes #69

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-03-23 15:14:16 +01:00
Ricardo Martin
df1cc0a4d9 Validate Saml URLs inside DefaultClientValidationProvider (#135) 
Closes keycloak/keycloak-private#62

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-23 15:12:07 +01:00
Ricardo Martin
4ffb69ecef Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) 
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2024-03-23 15:09:31 +01:00
Jon Koops
9d9817e15a Limit requests sent through session status iframe (#132) 
Closes #116

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-03-23 08:23:14 +01:00
Lukas Hanusovsky
c3c3b2cbe0 surefire reports new release 24 
Closes #28167

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
(cherry picked from commit 31293d36e8)
 2024-03-22 15:14:46 +01:00
rmartinc
d2a864ed29 ORA-01450 error for index IDX_CLIENT_ATT_BY_NAME_VALUE in oracle when MAX_STRING_SIZE is EXTENDED 
Closes #27967

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 220564c7ba)
 2024-03-22 10:32:29 -03:00
Steven Hawkins
e603366da7 doc: add keycloak cr truststores (#28015) (#28168) 
closes: #27892

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit 6cc66109d5)
 2024-03-22 11:36:10 +00:00
Erik Jan de Wit
343852b0ef added "on" label to checkbox (#28121) 
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-03-22 11:43:54 +01:00
rmartinc
749602c598 Upgrading note to warn truststore changes affect webauthn registration 
Closes #28113

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit d4da0c816c)
 2024-03-22 11:14:35 +01:00
andymunro
3e4e51577a Edits to Operator Guide (#28151) 
Closes #28009

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 8602b4f9cf)
 2024-03-22 08:18:58 +01:00
Steven Hawkins
895da882cf doc: add a note about lack of other JAX-RS support (#28048) (#28149) 
closes: #27057

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit cbe185fbab)
 2024-03-21 17:34:44 -04:00
Steven Hawkins
2454565083 fix: making the truststore name field optional (#28013) (#28148) 
closes: #28012

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit 05056330dc)
 2024-03-21 17:34:28 -04:00
synth3
6f686df099 Remove custom Hibernate dialect detection 
Closes #27954

Signed-off-by: synth3 <19573241+synth3@users.noreply.github.com>
(cherry picked from commit 99478887a4)
 2024-03-21 19:16:31 +01:00
Giuseppe Graziano
2d534c324b Avoid using wait() to wait for the redirect 
Closes #22644

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
(cherry picked from commit b24d446911)
 2024-03-21 18:17:32 +01:00
Giuseppe Graziano
ca1c1eb3cf Always include offline_access scope when refreshing with offline token 
Closes #27878

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
(cherry picked from commit 939420cea1)
 2024-03-21 17:09:02 +01:00
Martin Kanis
f7bcaaa687 Invalidating offline token is not working from client sessions tab 
Closes #27275

Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 4154d27941)
 2024-03-21 17:01:30 +01:00
Steven Hawkins
e1349f4246 task: ensuring that keycloaksessions are closed (#27682) (#28000) 
closes: #27681

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit a3be85b2cd)
 2024-03-21 16:46:00 +01:00
Steven Hawkins
80991e6814 fix: allow the formbodyhandler to run tasks in the calling thread (#27642) (#27999) 
closes: #25687

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
(cherry picked from commit ffd42bfdfc)
 2024-03-21 14:20:07 +01:00
Pedro Igor
c453cdd535 Do not grant scopes not granted for resources owned the resource server itself 
Closes #25057

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-21 09:20:12 +01:00
Alexander Schwartz
04d76b20ed Upgrading to Quarkus 3.8.3 (#28086) 
Closes #28084

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-20 17:16:16 +00:00
Martin Bartoš
641b2d4180 Multi datasource configuration does not work (#28051) 
Fixes #27894

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2024-03-20 14:45:54 +00:00
Jon Koops
3fdb396ac9 Attributes without a group should appear first (#28091) 
Fixes #27981

Signed-off-by: René Zeidler <rene.zeidler@gmx.de>
(cherry picked from commit 83a3500ccf)

Co-authored-by: René Zeidler <rene.zeidler@gmx.de>
 2024-03-20 13:01:45 +00:00