mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-07 23:50:03 -05:00
Code Issues Packages Projects Releases Wiki Activity
28,330 Commits 34 Branches 304 Tags
814e66ef7bfe79488bb5739dfedcd4f8d92b23bc
Commit Graph

156 Commits

Author SHA1 Message Date
Alexander Schwartz ad10cde87e Add options to configure JPQL comments and slow SQL threshold (#39589) 
Closes #39587

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-02 14:55:43 +02:00
Martin Bartoš 7f82639998 Add supported config options for additional datasources 
Closes #29116

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-05-16 14:42:29 +00:00
Alexander Schwartz 9b324b9228 The transport stack defined in the cache XML should take precedence over internal jdbc-ping default 
Closes #39614

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-13 13:11:41 +02:00
Steven Hawkins faa1c194f3 fix: remove ANY mode modification of truststores (#39366) 
also note that ANY should not be used in production

closes: CVE-2025-3501 #39350 #38392



Add a test for the error (#1)



Update docs/guides/server/keycloak-truststore.adoc

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-04-30 15:00:12 +00:00
Pedro Ruivo eafe08a73a Create CacheEmbeddedConfigProvider 
Closes #38497

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-04-28 13:00:53 +02:00
Martin Bartoš 54a39bcfab Oracle driver problems in Keycloak 26.2.1 (#39189) 
Closes #39182

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-04-24 15:37:14 +00:00
Martin Bartoš 60fb7a5fa7 Support asynchronous logging (#38094) 
Closes #38578

Closes #28851

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-04-16 15:08:15 +00:00
Falko Modler 770a575f95 Allow zero tracing-sampler-ratio 
Closes #38764

Signed-off-by: Falko Modler <famod@users.noreply.github.com>
 2025-04-09 11:57:03 +00:00
Steven Hawkins cfe4ed1cf3 fix: refinements to minimize the config logic (#38237) 
* fix: small refinements to minimize the config logic

closes: #38236

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/KeycloakPropertiesConfigSource.java
# Conflicts:
#	quarkus/runtime/src/main/resources/META-INF/keycloak.conf

* fully removing profiled property considerations

also removing classpath based config sources

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* switching run-time property check to INFO, instead of WARNING

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-03-26 15:19:25 +01:00
Steven Hawkins 6bb33f20d0 allowing wildcards only at the end of keys to allow for other characters (#38231) 
* shows wildcard handling only at the end of keys

closes: #37772

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: allow for additional wildcard key characters

also refine the wildcard logic to be based upon just prefix and suffix
matching

closes: #37772

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/WildcardPropertyMapper.java

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* review refinements, mainly to use Optional

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-03-19 10:24:57 -04:00
Steven Hawkins 2dd783c9c6 refinement of propertymapperinterceptor names (#37504) 
* fix: generalizing the reporting of names by property mapping

closes: #37503 #37781 #37780

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/NestedPropertyMappingInterceptor.java

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* adding more explanation of going from a parent to wildcard values

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* refining the nested logic and comments

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* preventing nested expressions from always resolving the mapped value

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-03-17 12:48:51 +01:00
Steven Hawkins d9c3511fa5 fix: adding a check if the proxy is trusted prior to using a cert header (#37465) 
closes: #35861

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-03-12 11:21:33 +01:00
Alexander Schwartz bc7ec1208e Enable the TLS based JGroups encryption by default and update the docs 
Closes #37696

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-03-03 10:50:51 -03:00
Pedro Ruivo f7e21af82e JGroups certificate rotation 
Closes #37316

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-02-27 12:56:18 +01:00
Martin Bartoš 6f0ed46404 Upgrade to Quarkus 3.19.0.CR1 (#37492) 
Closes #37436

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-02-24 19:52:01 +01:00
Steven Hawkins a819a213f9 fix: hardening to prevent usage of proxy-protocol with proxy-headers (#37463) 
* fix: hardening to prevent usage of proxy-protocol with proxy-headers

closes: #37458

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/server/reverseproxy.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-02-24 14:48:06 +01:00
Michal Hajas 8cd97ddb21 Make event metrics supported (#37391) 
* Make event metrics supported

Closes #37389

Signed-off-by: Michal Hajas <mhajas@redhat.com>

* Address comments from reviews

Signed-off-by: Michal Hajas <mhajas@redhat.com>

---------

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-02-19 12:20:15 +01:00
Martin Bartoš 98f74026c6 Certificate reloading does not work for the management interface (#37052) 
Fixes #37039

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-02-05 14:39:21 +01:00
Martin Bartoš 20203746fb Support ECS for logs 
Closes #36854

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-02-04 17:59:30 +01:00
rmartinc 6cf92d9dc7 Add crl cache to certificate validation 
Closes #26473

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-01-22 14:58:35 +01:00
Martin Bartoš d7d2a76676 Unable to set '--log-syslog-max-length' property (#36252) 
Fixes #35386

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-01-08 15:41:46 +01:00
Michal Hajas 3839f8e3b5 Add metric for password validations (#36049) 
Closes #36048
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-07 10:05:47 +01:00
Alexander Schwartz 4a924f6c94 Tune the caching guide for the upcoming release 
Closes #36039

Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-12-19 16:43:02 +01:00
Steven Hawkins cb1d28d043 fix: deprecating the default db value in production mode (#35674) 
closes: #23805



Fix typo in docs, some improvements



adding a negative assertion



Update docs/documentation/upgrading/topics/changes/changes-26_1_0.adoc

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2024-12-13 11:59:55 +01:00
Martin Bartoš 8f2c825835 Enable opentelemetry feature by default (#35756) 
Closes #35753

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-12-11 16:53:14 +00:00
Václav Muzikář 9993e17346 Ability to specify log category levels through separate options (#35138) 
Closes #34957

Co-authored-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-12-11 17:27:44 +01:00
Alexander Schwartz a429f94863 Adding the available event types to the CLI and the docs (#35593) 
Closes #35573

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-12-11 13:25:44 +01:00
Steven Hawkins 245498c0cb fix: using stable ordering for deprecated metadata (#34999) 
closes: #34858

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-11-21 12:47:13 +01:00
kaustubh-rh c8f43ec216 Fix for Log handler specific log levels support only lower-case levels (#34865) 
* fix for #34817

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>

* Fixes #34817

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>

* Added validator to LOG_CONSOLE_LEVEL and LOG_FILE_LEVEL

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>

* Added validateLogParameters

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>

* Added tests

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>

* Added tests

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>

* Fixed logging messaging

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>

* switching to a declarative case-insensitivity

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* refining suggested message changes

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Kaustubh Bawankar <kbawanka@redhat.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-11-19 09:39:03 +01:00
Pedro Ruivo d7e5319f70 Document network ports for Keycloak clustering 
Also switch the default to jdbc-ping as this  should be a drop-in replacement looking at the networking behavior of udp.

Closes #34658

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-11 13:28:15 +01:00
Pedro Ruivo 8fb87bc19f Revisit cache-remote option description (#34513) 
Closes #34509

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-11-11 12:53:41 +01:00
Bernd Bohmann 7681687e0a Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener 
inspired by
https://github.com/aerogear/keycloak-metrics-spi
https://github.com/please-openit/keycloak-native-metrics

Closes #33043

Signed-off-by: Bernd Bohmann <bommel@apache.org>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-11-04 08:56:24 +01:00
Ryan Emerson a79b67cac8 Deprecate other transport stacks (ec2, azure, google) 
Closes #34253

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-10-31 11:47:13 +01:00
Ryan Emerson 6eb870fcfc Add JDBC_PING2 stacks for both TCP and UDP 
Closes #34265

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-25 00:17:44 +02:00
Steven Hawkins f06d76a5aa fix: adding more information about http-enabled (#33795) 
closes: #33605

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-10-23 17:34:34 +02:00
Ryan Emerson 902abfdae4 JDBC_PING as default discovery protocol 
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-22 20:19:19 +00:00
Steven Hawkins af1a5ea2a8 fix: refining https file type detection (#33703) 
also making common trustore logic align

closes: #33649

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-10-22 13:05:56 -04:00
Steven Hawkins cf2ecf87f6 fix: add the proxy-protocol option (#33276) 
* fix: add the proxy-protocol-enabled option

closes: #10492

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/server/reverseproxy.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-09-27 23:44:59 +02:00
Václav Muzikář fc76bad1fd Undeprecate https-trust-store-* options and enhance mTLS docs 
Closes #33172

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-09-27 18:07:57 +02:00
Ryan Emerson adb8d989f5 Allow Embedded Cache sizes to be configured via the CLI 
Closes #31514

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-09-24 14:35:24 +02:00
Martin Bartoš 45ef84a397 Possibility to separately specify log levels for log handlers - basic (#32779) 
* Possibility to separately specify log levels for log handlers

Closes #32619

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>

* Edit properties description

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2024-09-13 12:05:03 +02:00
Steven Hawkins f0bf290c28 fix: add a reload period property (#32715) 
closes: #23771

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-09-13 09:47:21 +02:00
Martin Bartoš f6d880ea3f Syslog: add necessary options to cover the major usability (#32316) 
Closes #32314

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-09-06 16:20:52 +02:00
nxadm 3c16e2ac77 Document Syslog app-name option (#32524) 
Closes #32525

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Claudio Ramirez <pub.claudio@gmail.com>
 2024-09-02 12:10:15 +02:00
Steve Hawkins c9779cfa24 fix: adding a first-class option for trusted proxies 
closes: #32135

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-08-29 14:00:27 +02:00
Václav Muzikář 9bbfec5cdd Remove GELF (#32230) 
Closes #27365

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-08-28 21:25:05 +02:00
Steven Hawkins 29eb0171de task: remove hostname v1 (#32352) 
closes: #27731

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-08-28 17:48:06 +02:00
Steven Hawkins d9a92f5de3 fix: expose bootstrap-admin-* options (#32241) 
* fix: expose bootstrap-admin-* options

closes: #32176

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-21 15:52:38 +02:00
Martin Bartoš bf5cf47351 Management Interface is turned on even though nothing is exposed on it (#31938) 
* Management Interface is turned on even though nothing is exposed on it

Fixes #31818

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove conditional enablement, add relevancy description

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-19 15:52:59 +02:00
Václav Muzikář cb418b0bfc Upgrade to Quarkus 3.13.2 (#31678) 
* Upgrade to Quarkus 3.13.2

Closes #31676

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-16 11:41:34 +02:00