mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-04 13:59:54 -06:00
Code Issues Packages Projects Releases Wiki Activity
22,720 Commits 20 Branches 287 Tags
d07fe2f7fdfeef1112ca40d4dd4902cf030cd09e
Commit Graph

22720 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Schwartz
d07fe2f7fd URL change as liquibase.org now redirects 
Closes #27540

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-05 14:48:36 +01:00
rmartinc
e85ab0b208 Change fake_fips for linux 6.4 changes 
Closes #27345

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit a3f91ef95b)
 2024-03-05 13:07:24 +01:00
Alexander Schwartz
2fb6906c69 Adding missing explicit IDs for cross-references 
Closes #27316

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-29 08:55:31 +01:00
AndyMunro
122683612e notes about access and refresh tokens 
Closes #26919

Signed-off-by: AndyMunro <amunro@redhat.com>
(cherry picked from commit 7d504ed1c9)
 2024-02-28 16:07:50 +01:00
AndyMunro
86e0861b33 Change docker image to container image 
Closes #27315

(cherry picked from commit c6896da155)
 2024-02-28 15:48:48 +01:00
Réda Housni Alaoui
e2ed9791ef Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
(cherry picked from commit 3f014c7299)
 2024-02-22 07:16:03 +01:00
Jon Koops
cdda26d797 Run Cypress tests in parallel using cypress-split (#20685) (#27200) 
Closes #27194

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-02-21 12:42:17 +01:00
Tomas Ondrusko
83bc1ac353 Fix Microsoft social login test case 
Resolves #27120

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
(cherry picked from commit 055a0e2231)
 2024-02-20 11:39:11 +01:00
Stefan Guilhen
842fd6cee9 Avoid changing the config value for the useTruststoreSpi property 
- prevents cached LDAPConfig entry from changing when retrieving this value

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit eac43822c3)
 2024-02-16 16:47:09 +01:00
Thomas Darimont
3a35cf28f8 Shorter lifespan for offline session cache entries in memory 
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 93fc6a6c54)
 2024-02-13 18:07:26 +01:00
mposolda
b4148b190c Documentation for AIA 
closes #25569

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
(cherry picked from commit 7af753e166)
 2024-02-12 09:58:01 +01:00
Stian Thorgersen
0d6005d4af Ignore empty attribute values when retriveing boolean/int/long (#26729) (#26738) 
Resolves #26597, resolves #26665

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-06 16:17:42 +00:00
mposolda
f14bb94567 Documentation for SuppressRefreshTokenRotationExecutor 
closes #26587

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
(cherry picked from commit 56a605fae7)
 2024-02-01 17:55:43 +01:00
Václav Muzikář
500967ecfc Fix createdAt format in Operator CSV (#26428) (#26467) 
Closes #26427

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
(cherry picked from commit 7a57bfb504)
 2024-01-29 08:45:03 +01:00
Václav Muzikář
b6c767ec70 Upgrade to Quarkus 3.2.10.Final (#26533) 
Closes #26417

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2024-01-29 08:37:58 +01:00
Ricardo Martin
ab940a0807 Fix issue with access tokens claims not being imported using OIDC IDP Attribute Mappers (#21627) 
Closes #9004

Co-authored-by: Armel Soro <armel@rm3l.org>
Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-23 15:58:36 +01:00
Alexander Schwartz
5f8f0d5d80 Add the build step to the overall status check 
Closes #25981

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-23 12:00:26 +01:00
Alexander Schwartz
8e2154be85 Remove product specific content about Linux only (#26377) 
Closes #26220

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-22 16:32:18 +01:00
rmartinc
4adb320460 Assume test testEncryptedElementIsReadableInDep in FIPS mode 
Closes #26303

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-18 19:16:18 +01:00
Hynek Mlnařík
30438f3cf1 Use proper attribute name in UI 
Fixes: #25827

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
(cherry picked from commit 0bf1fe3eb3)
 2024-01-16 13:54:31 +01:00
Jon Koops
1152b18d00 Fix broken assertion in Cypress tests (#25389) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
(cherry picked from commit 9afa5f86ec)
 2024-01-16 13:12:41 +01:00
Alexander Schwartz
5ae466434a Update dependencies to enable Maven also-make working for Quarkus (#26123) 
Closes #23019

(cherry picked from commit f086e008dc)
 2024-01-15 09:24:02 +01:00
Alexander Schwartz
aed9679bd4 Remove conditionals about Linux vs. Windows (#26086) 
Closes #26028

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-15 09:21:56 +01:00
rmartinc
110f64a814 Sanitize logs in JBossLoggingEventListenerProvider 
Closes #25078

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 179ca3fa3a)
 2024-01-12 20:09:44 +01:00
AndyMunro
38b48c8459 Change RHDG to Infinispan 
Closes #26083

Signed-off-by: AndyMunro <amunro@redhat.com>
(cherry picked from commit 520c849995)
 2024-01-10 17:49:46 +01:00
Alexander Schwartz
0a22304bf0 Fix OfflineServletAdapterTest failures, and improve logging (#26045) 
Closes #25714
Closes #14448

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

(cherry picked from commit 03372d2f41)
 2024-01-10 16:04:42 +01:00
Tomas Ondrusko
f074f8efbd Update web element of the LinkedIn login page (#25905) 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
(cherry picked from commit e4fa5c034a)
 2024-01-09 16:11:09 +00:00
andymunro
4a575d52e9 Clarify note about containers 
Closes #26006

Signed-off-by: AndyMunro <amunro@redhat.com>
(cherry picked from commit 70e15bdaa4)
 2024-01-09 16:40:58 +01:00
Tomas Ondrusko
52d433a894 Update web elements of the Instagram login page 
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
(cherry picked from commit 26342d829c)
 2024-01-09 15:51:10 +01:00
Ryan Emerson
1627251e08 Update Route53 HA guide to be compatible with ROSA and OpenShift 4.14.x (#25900) 
Closes #25733

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-08 16:34:45 +01:00
Pedro Ruivo
d2e9dfa684 High Availability Docs: use unbounded token for cross-site connection 
Expirable tokens are more secure but it requires manual intervention to
create and share them when they expire.

I have updated the documentation to use non-expirable tokens.

Closes #25909

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-08 16:34:18 +01:00
Ricardo Martin
4525849e72 Escape action in the form_post.jwt and only decode path in RedirectUtils (#94) 
Closes #90

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-01-04 13:46:34 +01:00
Alexander Schwartz
efd53f1d5d Adding a test case to check that the expiration time is set on logout tokens 
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 9e890264df)
 2023-12-26 14:41:41 +01:00
Niko Köbler
0c660af047 add the exp claim to the backchannel logout token 
This is now, as of Dec 15th 2023, part of the OIDC Backchannel Logout spec, chapter 2.4.

As of chapter 4, the logout token should have a short expiration time, preferably at most two minutes in the future. So we set the expiration to this time.

resolves #25753

Signed-off-by: Niko Köbler <niko@n-k.de>
(cherry picked from commit 5e623f42d4)
 2023-12-26 14:41:41 +01:00
Alexander Schwartz
0d7699d310 Adding parsing of "fixes"/"fixed" Keyword and the colon (#25756) 
Closes #25633

(cherry picked from commit a420b46913)

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-22 10:45:14 +01:00
Alexander Schwartz
d912ee6d92 Avoid shutdown of Infinispan when using cache (#25614) 
Closes #24508

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit e01827693a)
 2023-12-18 11:54:27 +01:00
AndyMunro
9c6a8f9a66 Remove topic on user attributes in Account Console 
Closes #22555

Signed-off-by: AndyMunro <amunro@redhat.com>
(cherry picked from commit 2853136bbb)
 2023-12-15 18:50:06 +01:00
Martin Bartoš
9eb0aa48c0 PubKeySignRegisterTest failures in WebAuthn tests 
Fixes #9693

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2023-12-15 18:36:04 +01:00
rmartinc
98ceed7242 Do not allow remove a credential in account endpoint if provider marks it as not removable 
Closes #25220

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit d004e9295f)
 2023-12-15 13:34:01 +01:00
Lukas Hanusovsky
7b6e4d4bb8 25208 MSSQL startup message - fix 
Closes #25208

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2023-12-15 12:41:56 +01:00
Alexander Schwartz
dc03477f1a Avoid logged warning about objects not present in the cache for tasks 
Closes #25322

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit a8cff72ed0)
 2023-12-15 10:58:47 +01:00
Alexander Schwartz
2202971f3d Allow concurrent remote cache operations 
Closes #25388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 5b1b3ca11b)
 2023-12-15 10:56:17 +01:00
Alexander Schwartz
30b79c91d6 Avoid reseting cachemanger to null to avoid a re-initialization 
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.

Closes #24085

(cherry picked from commit 26e2fde115)
 2023-12-15 10:56:17 +01:00
Ricardo Martin
67f905ecc5 Escape action in the form_post response mode (#30) 
Closes https://issues.redhat.com/browse/RHBK-652

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-06 16:14:44 +01:00
Ricardo Martin
15a21bf8e4 CVE-2023-6291 keycloak: redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (#57) 
* Remove lowercase for the hostname as recommended/advised by OAuth spec
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>

* Strip off user-info from redirect URI when validating using wildcard
Closes https://issues.redhat.com/browse/RHBK-679

Signed-off-by: rmartinc <rmartinc@redhat.com>

---------

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-12-06 13:51:02 +01:00
Michal Hajas
d12e63a919 Upgrade Infinispan to 14.0.21.Final 
Closes #25287

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-12-05 14:26:04 +01:00
Alex Szczuczko
dc409df590 Try to fix osx missing error post-alignment (#24642) 
Signed-off-by: Alex Szczuczko <aszczucz@redhat.com>
 2023-12-05 11:52:19 +01:00
Jon Koops
e16161d344 Fix 'Cancel' button in the user form (#25161) (#25286) 
Closes #25051

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2023-12-05 09:03:16 +00:00
Alexander Schwartz
a095a96839 Pass MAVEN_ARGS manually to mvnw as they are only supported in Maven 3.9 (#25106) 
Closes #25105

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-05 08:18:33 +01:00
Michal Hajas
aecf36cd8c Add tests for lb-check endpoint 
Added documentation why the check retries and updated outdated docs

Closes #25113

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit d387f13525)
Signed-off-by: Michal Hajas <mhajas@redhat.com>

Conflicts:
	quarkus/tests/junit5/src/main/java/org/keycloak/it/junit5/extension/DatabaseContainer.java
 2023-12-04 16:44:52 +01:00