mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-04 14:10:51 -05:00
Code Issues Packages Projects Releases Wiki Activity
24,827 Commits 33 Branches 304 Tags
b2f09feebf05cb1bac88f63310d29910d1f53bad
Commit Graph

365 Commits

Author SHA1 Message Date
Douglas Palmer b2f09feebf Remove servlet filter saml adapters 
Closes #28786

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-26 09:30:35 +02:00
Douglas Palmer 3e13b40648 Remove Spring adapters 
Closes #28780

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-26 09:30:35 +02:00
Douglas Palmer bf2c97065f Remove SpringBoot adapters 
Closes #28781

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-26 09:30:35 +02:00
Douglas Palmer 43aa10e091 Remove Tomcat OIDC adapter 
Closes #28778

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-26 09:30:35 +02:00
Douglas Palmer 98faf6e6a0 Remove Tomcat SAML adapter 
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>

Closes #28783
 2024-04-26 09:30:35 +02:00
Mark Banierink ad32896725 replaced and removed deprecated token methods (#27715) 
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-23 09:23:37 +02:00
Stefan Guilhen 8ca4bc77a1 Improve the performance of the queries used to find granted resources 
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time

Closes #28861

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-22 11:26:06 -03:00
Lex Cao 7e034dbbe0 Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393) 
Closes #26201.

Signed-off-by: Lex Cao <lexcao@foxmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-22 11:30:14 +02:00
Pedro Ruivo 3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
Ricardo Martin fc6b6f0d94 Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872) 
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2024-04-18 16:02:24 +02:00
Martin Bartoš 7f74286106 Emphasize the need for setting container limit 
Closes #28729

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-18 15:44:27 +02:00
rmartinc ddacfbdefd Remove deprecated LinkedIn social provider 
Closes #23127

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-18 10:10:58 +02:00
Martin Bartoš 1fb83bb165 Release notes and Migration guide for Hostname v2 (#28621) 
Closes #27730

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
 2024-04-17 09:29:59 +02:00
Alexander Schwartz 5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available 
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-15 15:05:09 +02:00
Steven Hawkins 58398d1f69 fix: replaces aesh with picocli (#28276) 
* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-04-15 13:04:58 +00:00
Christopher Miles 1646315939 Deny list lower cases all passwords when loading from file 
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
 2024-04-15 08:49:37 +02:00
Marek Posolda e6747bfd23 Adjust priority of SubMapper (#28663) 
closes #28661


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-12 14:13:03 +02:00
Martin Bartoš a3669a6562 Make general cache options runtime (#28542) 
Closes #27549

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-12 11:56:11 +02:00
rmartinc 6d74e6b289 Escape slashes in full group path representation but disabled by default 
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-12 10:53:39 +02:00
Marek Posolda 74faddec8e Release notes for lightweight access tokens and group together relate… (#28622) 
closes #28460

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-11 20:02:33 +02:00
Jon Koops 9b94b6f47e Add release notes for changes to Account and Admin consoles (#28545) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-04-11 08:42:08 +02:00
Marek Posolda 13daaa55ba Documentation for changes related to 'You are already logged in' scen… (#28595) 
closes #27879

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-11 08:18:41 +02:00
Giuseppe Graziano 33b747286e Changed userId value for refresh token events 
Closes #28567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-11 07:46:44 +02:00
Giuseppe Graziano c76cbc94d8 Add sub via protocol mapper to access token 
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-10 10:40:42 +02:00
Martin Bartoš b2c88e9876 docs: Support management port for health and metrics (#28213) 
Relates to #19334

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-04-09 14:33:30 +02:00
Alexander Schwartz 3ba9a905c9 Provide histograms for http server metrics 
Closes #28178

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 12:52:42 +02:00
Stian Thorgersen a499512f35 Set SameSite for all cookies (#28467) 
Closes #28465

Signed-off-by: stianst <stianst@gmail.com>
 2024-04-09 12:29:19 +02:00
Steve Hawkins 9afe3a2560 fix: changing max threads default 
closes: #17483

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-04-09 12:14:56 +02:00
Martin Bartoš 9c1790af68 Enable Syslog log handler (#28462) 
* Enable syslog log handler

Closes #27544

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Suggest an alternative to GELF

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-04-08 17:38:20 +02:00
Pedro Igor 52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
Giuseppe Graziano b4f791b632 Remove session_state from tokens 
Closes #27624

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-08 08:12:51 +02:00
Stian Thorgersen b9feaec38e Ignore all links to GitHub when checking external links in docs due to rate limiting issues (#28472) 
Closes #28330

Signed-off-by: stianst <stianst@gmail.com>
 2024-04-05 15:36:38 +02:00
Pedro Igor 8fb6d43e07 Do not export ids when exporting authorization settings 
Closes #25975

Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-04 19:26:03 +02:00
Clemens Zagler b44252fde9 authz/client: Fix getPermissions returning wrong type 
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this

Closes #16520

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
 2024-04-02 11:09:43 -03:00
Giuseppe Graziano fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper 
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-02 08:44:28 +02:00
Steven Hawkins e9ad9d0564 fix: replace aesh with picocli (#27458) 
* fix: replace aesh with picocli

closes: #27388

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

* splitting the error handling for password input

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a change note about kcadm

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-03-28 14:34:06 +01:00
Gilvan Filho 757c524cc5 Password policy for not having username in the password 
closes #27643

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
 2024-03-28 08:29:03 +01:00
Stian Thorgersen c3a98ae387 Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
rmartinc d4da0c816c Upgrading note to warn truststore changes affect webauthn registration 
Closes #28113

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-22 10:58:48 +01:00
Steven Hawkins 619775b8db fix: simplifies the parsing routine, which accounts for leading 0's (#28102) 
closes: #27839

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-22 09:19:52 +01:00
Stian Thorgersen cae92cbe8c Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
Steven Hawkins cbe185fbab doc: add a note about lack of other JAX-RS support (#28048) 
closes: #27057

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 16:59:22 +01:00
Steven Hawkins 7eab019748 task: deprecate WILDCARD and STRICT options (#26833) 
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 16:22:41 +01:00
Alexander Schwartz c4fdf1cee7 Enable HTTP metrics for Keycloak by default (#28088) 
Closes #27924

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-21 16:18:03 +01:00
Steve Hawkins 91c89c28e7 fix: changes xa transaction related defaults 
xa is not enabled by default
recovery is enabled by default

closes #27308

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 16:01:19 +01:00
Sebastian Schuster 0542554984 12671 querying by user attribute no longer forces case insensitivity for keys 
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
 2024-03-21 08:35:29 -03:00
Alexander Schwartz fbdb2ed9f7 Updated performance impact due to changed hashing 
Fixes #27900

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-19 09:30:49 +01:00
AndyMunro d61b1ddb09 Edit use of Keycloak in Server Admin Guide 
Closes #27955

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-03-18 09:51:55 +01:00
Alexander Schwartz 62d24216e3 Remove offline session preloading 
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-15 15:19:27 +01:00
Stian Thorgersen 2bddfe7380 Remove log4j from documentation tests (#27929) 
Signed-off-by: stianst <stianst@gmail.com>
 2024-03-15 15:06:24 +01:00