mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-30 11:29:57 -06:00
Code Issues Packages Projects Releases Wiki Activity
27,654 Commits 20 Branches 287 Tags
a0a314aecef200fdfe1f0f686fad992cd49836eb
Commit Graph

378 Commits

Author SHA1 Message Date
Sebastian Schuster
45fb21164b Improved uri template regex 
Closes #37834

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
 2025-03-05 12:15:31 +01:00
mposolda
73cfd9cc80 Polishing of token-exchange features. Remove TOKEN_EXCHANGE_FEDERATED_V2 and TOKEN_EXCHANGE_SUBJECT_IMPERSONATION_V2 
closes #37367

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-03-03 17:32:17 +01:00
Michal Hajas
8cd97ddb21 Make event metrics supported (#37391) 
* Make event metrics supported

Closes #37389

Signed-off-by: Michal Hajas <mhajas@redhat.com>

* Address comments from reviews

Signed-off-by: Michal Hajas <mhajas@redhat.com>

---------

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-02-19 12:20:15 +01:00
Giuseppe Graziano
f2d931ba44 Remove FGAP from standard token exchange v2 
Closes #37108

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-02-12 12:47:23 -03:00
Martin Bartoš
491b7861ed [PERF] Determine whether OS is Windows 
Closes #33953

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-02-10 17:31:26 +01:00
Pedro Ruivo
0f91e67b90 Feature flag: rolling-updates 
Closes #36840

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2025-02-06 17:03:50 +01:00
Marek Posolda
ec5a8d161a Token exchange - added experimental token exchange V2 divided into mulitple features (#36407) 
closes #35504

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-01-17 09:12:38 +01:00
Stian Thorgersen
c1c147cb17 Restrict access to environment variables when at the server runtime (#36472) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-15 09:36:19 +01:00
Pedro Igor
db986c496e Allow tracing packets sent to and from LDAP for troubleshooting purposes 
Closes #36087

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-07 12:42:23 +01:00
Thomas Darimont
7b62c0d266 Fix content-type for content.json (#35971) 
We now send the content-type `application/json` when JSON resources are requested via the resources endpoint.
Previously, those resources were using content-type `application/octet-stream`.
Also removed the duplicate entry for `text/javascript` content type mapping.

Fixes #35971

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-12-17 19:45:24 -03:00
Martin Bartoš
8f2c825835 Enable opentelemetry feature by default (#35756) 
Closes #35753

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-12-11 16:53:14 +00:00
Pedro Igor
5c901016e7 Removing unnecessary configuration from auth servers 
Closes #35604

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-12-06 13:36:50 +01:00
Erik Jan de Wit
566e41cc72 color theme tab (#35179) 
* added a way to customize theme colors

fixes: #33233
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added preview and grouped vars

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added dark mode

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed label

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added empty check

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* use json string in attributes

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* removed use of not exported type

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* output css based on JSON string

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added feature flag

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added a way to customize theme colors

fixes: #33233
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* renamed feature to quick theme

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed merge error

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Restore the Cache tab in Realm Settings (#34311)

closes keycloak#17727

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added a way to customize theme colors

fixes: #33233
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* create a zip file instead

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added themes.json to make jar usable

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* use property instead of attribute

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix the jar file

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed header for preview and some text

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Christian Janker <christian.janker@gmx.at>
Co-authored-by: Christian Ja <christian.janker@gmx.at>
 2024-12-04 19:36:42 +00:00
Stefan Guilhen
3c33a7180e Add initial IPA-Tuura federation (#35467) 
* Add initial federation ipatuura plugin

Closes #35325

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-12-02 14:59:21 -03:00
rmartinc
b0b247f1f1 Passivate imported keys if the associate certificate is expired 
Closes #34973

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-25 09:40:59 +01:00
Steven Hawkins
0eb0281bf2 fix: returning addresses instead of hosts on the ClientConnection (#35247) 
also consolidates checks of whether a host or address is local

closes: #35216
closes: #34671

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-11-22 20:57:20 +01:00
Steven Hawkins
799ee85b7f fix: refining the usage of distribution tests (#34272) 
* fix: refining distribution tests

allows for the capturing of dry run build values for subsequent commands

closes: #34058

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* converting a few more tests to dry run and several other cleanups

also splitting the stdout and stderr collection for docker

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-11-15 10:28:45 -05:00
Jan-Hendrik Dolling
80bbb0be10 fix: PEM files distributed as part of SAML adapter configs for mod_auth_mellon export 
Changing return type of ClientResource from String to Response to support different response types. Should not be breaking as this is just a class used internally by Keycloak integration tests.

Closes #34276

Co-authored-by: ccudennec-otto
Co-authored-by: radwa-otto
Co-authored-by: IngoStrauch2020

Signed-off-by: Jan-Hendrik Dolling <jan-hendrik.dolling@otto.de>
 2024-11-15 16:15:51 +01:00
vramik
a2ba3c8ace Feature in higher version takes precedence even if it has lower type order 
Closes #34635

Signed-off-by: vramik <vramik@redhat.com>
 2024-11-07 10:55:42 +01:00
vramik
b1ff9511d1 Fine grained admin permissions feature V2 
Closes #34563

Signed-off-by: vramik <vramik@redhat.com>
 2024-11-07 10:55:42 +01:00
Ricardo Martin
226daa41c7 Add service account mappers via client scope instead of dedicated scope (#34664) 
Closes #10417

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
 2024-11-07 08:45:11 +01:00
Bernd Bohmann
7681687e0a Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener 
inspired by
https://github.com/aerogear/keycloak-metrics-spi
https://github.com/please-openit/keycloak-native-metrics

Closes #33043

Signed-off-by: Bernd Bohmann <bommel@apache.org>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-11-04 08:56:24 +01:00
Steven Hawkins
b2ccde29bb fix: persist build time spi options (#34157) 
closes: #33902

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-10-23 16:51:11 +02:00
Steven Hawkins
af1a5ea2a8 fix: refining https file type detection (#33703) 
also making common trustore logic align

closes: #33649

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-10-22 13:05:56 -04:00
mposolda
b95d12a968 Add AuthzClientCryptoProvider to authz-client in keycloak main repository 
closes #33831

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-15 08:16:14 +02:00
Jon Koops
3930356c21 Treat unencrypted local origins as an insecure context in Safari (#33700) 
Closes #33557

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-09 23:38:03 +02:00
Jon Koops
aacdf80664 Add shim for Web Crypto API to admin and account console (#33480) 
Closes #33330

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-03 10:51:23 +00:00
Erik Jan de Wit
e8d8de8936 Use feature versions for admin3, account3, and login2 (#33458) 
Closes #33405

Signed-off-by: stianst <stianst@gmail.com>
 2024-10-03 12:09:36 +02:00
Stefan Guilhen
9b7cf9d584 Ensure componentsByParentAndType in CachedRealm is returned as a concurrent multi-valued map 
Closes #30235

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-10-01 17:39:00 -03:00
Jon Koops
5e2f09f66d Remove statically served Keycloak JS from the server (#33083) 
Closes #32827

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-09-22 19:05:01 +02:00
rmartinc
c532751ff4 Downgrade Java for client libraries to 8 
Closes #33051

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-20 17:01:01 +02:00
Vlasta Ramik
4ce40be1af Make the ORGANIZATION a default feature (#32404) 
Closes #32395

Signed-off-by: vramik <vramik@redhat.com>
 2024-09-18 12:19:28 +02:00
Jan-Henrik Bruhn
da5fd31a5f Fix KeycloakUriBuilder for Uris without a host name 
Signed-off-by: Jan-Henrik Bruhn <github@jhbruhn.de>
 2024-09-18 08:42:06 +02:00
Martin Bartoš
7625e3b4ea Improve error message when wrong KC profile is set (#32898) 
Closes #30454

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2024-09-16 09:37:20 +02:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature 
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-09-13 13:03:13 +02:00
Pedro Ruivo
24fce87a8e Deprecate old remote store (feedback) 
Closes #32577

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-11 14:08:53 +00:00
Pedro Ruivo
3274591fe1 Deprecate old remote store 
Closes #32577

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-04 10:25:51 +00:00
Martin Bartoš
afcbf79582 OTEL: Profile Feature 
Closes #32231

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-08-30 13:19:09 +02:00
Steven Hawkins
29eb0171de task: remove hostname v1 (#32352) 
closes: #27731

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-08-28 17:48:06 +02:00
Michal Hajas
f5b2775939 Enable persistent sessions by default 
Run CI with the feature disabled to test also the old settings
Closes #32265

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-21 17:37:54 +02:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values 
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-19 08:45:23 -03:00
Steven Hawkins
ea3937f37c fix: always replacing placeholders (#31871) 
closes: #31625

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-08-12 16:20:47 +00:00
Justin Tay
966a454548 Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Michal Hajas
50c07c6e7c Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Tero Saarni
62fd969fe1 Allow requests from local IPv6 addresses 
If administrator selects EXTERNAL for Require SSL setting, allow clear-text
HTTP requests when client is coming from IPv6 link-local or unique local
address (ULA).

Previously only private IPv4 addresses were allowed and private IPv6 addresses
were rejected.

Closes #30678

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2024-08-05 16:38:55 +02:00
Hynek Mlnarik
a7374f92be Update login theme to login v2 
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-07-18 14:33:22 +02:00
Steven Hawkins
96511e55c6 startup, welcome, and cli handling of bootstrap-admin user (#30054) 
* fix: adding password and service account based bootstrap and recovery

closes: #29324, #30002, #30003

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Fix tests

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-07-03 15:23:40 +02:00
Thomas Darimont
f34bb21af6 Fix deprecations in common module 
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-02 16:02:35 +00:00
rmartinc
c20dbc5c32 Add availability for features and make kerberos use it 
Closes #30730

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-26 14:33:38 +02:00
Douglas Palmer
5af3001122 Check if OSGI metadata can be removed entirely 
Closes #29104

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-25 14:12:33 +02:00