UNIX.dog
/
keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
21,676 Commits 1 Branch 0 Tags 434 MiB
Commit Graph

791 Commits

Author SHA1 Message Date
Citlali del Rey 5d9b49b47d
Add UNIX.dog theme, no-JS account console 2023-04-11 12:50:55 -07:00
mposolda 4d8d6f8cd8 Preserve authentication flow IDs after import 
closes #9564
 2023-04-03 16:01:52 +02:00
Hynek Mlnarik 0d5363d0d5 Throw an exception rather than returning response 
Closes: #17644
 2023-04-03 14:43:50 +02:00
rmartinc c6a1820a47 Use SimpleHttp for SOAP calls 
Closes https://github.com/keycloak/keycloak/issues/17139
 2023-03-31 10:57:47 -03:00
Alexander Schwartz 251f6151e8 Rework the Import SPI to be configurable via the Config API 
Also rework the export/import CLI for Quarkus, so that runtime options are available.

Closes #17663
 2023-03-24 15:28:55 -03:00
Alexander Schwartz 513bb809f3 Add a map storage global locking implementation for JPA 
Closes #14734
 2023-03-21 08:21:11 +01:00
Pedro Igor a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library 
Closes keycloak#17353
 2023-03-17 11:40:51 +01:00
Alexander Schwartz f6f179eaca Rework the export to use CLI options and property mappers 
Also, adding the wiring to support Model tests for the export.

Closes #13613
 2023-03-07 08:22:12 +01:00
mposolda a0192d61cc Redirect loop with authentication success but access denied at default identity provider 
closes #17441
 2023-03-06 10:45:01 +01:00
Jon Koops 972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Vilmos Nagy 4b0562da38 #16161 implement an EventBuilder constructor which can be called from scheduled tasks 2023-02-27 15:52:37 -03:00
Douglas Palmer 1d75000a0e Create an SPI for DeviceActivityManager 
closes #17134
 2023-02-20 09:29:11 +01:00
Hynek Mlnarik e30e1eca68 Ensure that concatenated Stream is closed once read 
Fixes: #15781
 2023-02-17 13:00:32 +01:00
Christian Hörtnagl ff71cbc4f3 * fix typos in javadoc 2023-02-13 08:53:47 +01:00
laskasn dc8b759c3d Use encryption keys rather than sig for crypto in SAML 
Closes #13606

Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: hmlnarik <hmlnarik@redhat.com>
 2023-02-10 12:06:49 +01:00
Stefan Guilhen 1da6244ec0 Add retry logic to LoginActionsService#authenticate 
In addition to that, avoid adding cookies on each retry.

Closes #15849

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-02-09 11:56:15 +01:00
Michal Hajas 6fa62e47db Leverage HotRod client provided transaction 
Closes #13280
 2023-02-08 10:26:30 +01:00
Pedro Igor 7b58783255 Allow mapping claims to user attributes when exchanging tokens 
Closes #8833
 2023-02-07 10:57:35 +01:00
Thomas Darimont e38b7adf92 Revise blacklist password policy provider #8982 
- Reduce false positive probability from 1% to 0.01% to avoid
rejecting to many actually good passwords.
- Make false positive rate configurable via spi config
- Revised log messages

Supported syntax variant:
`passwordBlacklist(wordlistFilename)`

Fixes #8982

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-02-07 10:36:39 +01:00
Pedro Igor d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798) 
Closes #16797
 2023-02-03 15:31:25 +01:00
Alexander Schwartz c6aba2e3de Make LockAcquiringTimeoutException a RuntimeException 
Closes #16690
 2023-01-31 08:21:32 +01:00
Marek Posolda 33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode (#16699) 
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
 2023-01-30 16:01:57 +01:00
mposolda ac490a666c Fix KcSamlSignedBrokerTest in FIPS. Support for choosing realm encryption key for decrypt SAML assertions instead of realm signature key 
Closes #16324
 2023-01-10 20:39:59 +01:00
Pedro Igor d797d07d8f Ignore user profile attributes for service accounts 
Closes #13236
 2023-01-10 16:26:53 +01:00
Réda Housni Alaoui dbe0c27bcf Allowing client registration access token rotation deactivation 2023-01-05 20:53:57 +01:00
Michal Hajas 6566b58be1 Introduce Infinispan GlobalLock implementation 
Closes #14721
 2023-01-05 16:58:44 +01:00
Hynek Mlnarik 071fc03f41 Move transaction processing into session close 
Fixes: #15223
 2023-01-05 16:12:32 +01:00
Alexander Schwartz 0fee33bb95 Normalize JVM heap usage in tests and handle OOM situations 
Closes #16089
 2022-12-20 13:26:07 +01:00
Pedro Igor 857b02be63 Allow managing the required settigs for the email attribute 
Closes #15026
 2022-12-15 13:11:06 -08:00
Alexander Schwartz e4804de9e3 Changing Quarkus transaction handling for JPA map storage to JTA 
This has been recommended as the supported way of transaction handling by the Quarkus team.
Adding handling of exceptions thrown when committing JTA.
Re-adding handling of exceptions when interacting with the entity manager, plus wrapping access to queries to map exceptions during auto-flushing.

Closes #13222
 2022-12-09 10:07:05 -03:00
douph1 4acd1afa3b Use org.keycloak.common.util.Base64Url to encode/decode clientID 
fix #15734
    related #10227 #10231
 2022-12-08 08:49:55 +01:00
Michal Hajas de7dd77aeb Change id of TermsAndConditions required actions to uppercase 
Closes #9991
 2022-12-07 10:51:37 -03:00
Stefan Guilhen 3a9e051301 Add debug log messages to KeycloakModelUtils.runJobInRetriableTransaction 
Closes #15749
 2022-12-01 15:19:37 -03:00
Pedro Igor 168734b817 Removing references to request and response from Resteasy 
Closes #15374
 2022-12-01 08:38:24 -03:00
Alexander Schwartz fd152e8a3e Modify RealmAdminResource.partialImport to work with InputStream 
Rework existing PartialImportManager to not interfere with transaction handling, and bundle everything related to AdminEventBuild and JAX-RS Repsonses inside the Resource.

Closes #13611
 2022-11-24 11:45:11 +01:00
danielFesenmeyer 18381ecd2e Fix update of group mappers on certain changes of the group path 
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed

Closes #15614
 2022-11-23 10:12:34 +01:00
Michal Hajas 6d683824a4 Deprecate DBLockProvider and replace it with new GlobalLockProvider 
Closes #9388
 2022-11-16 16:13:25 +01:00
Pedro Igor 10b7475b04 Removing unnecessary injection points from JAX-RS (sub)resources 
Closes #15450
 2022-11-16 08:55:55 -03:00
Alexander Schwartz b6b6d01a8a Importing a representation by first creating the defaults, importing a representation and then copying it over to the real store. 
This is the foundation for a setup that's needed when importing the new file store for which importing the representation serves as a placeholder.

Closes #14583
 2022-11-16 09:56:13 +01:00
Marek Posolda c0c0d3a6ba
Short passwords with PBKDF2 mode working (#14437) 
* Short passwords with PBKDF2 mode working
Closes #14314

* Add config option to Pbkdf2 provider to control max padding

* Update according to PR review - more testing for padding and for non-fips mode
 2022-11-06 14:49:50 +01:00
Marek Posolda f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299) 
closes #14965
 2022-11-03 16:35:57 +01:00
Marek Posolda 2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114) 
Closes #14794
 2022-11-03 09:32:45 +01:00
Michal Hajas 883e83e625 Remove deprecated methods from data providers and models 
Closes #14720
 2022-10-25 09:01:33 +02:00
Stian Thorgersen 29b8294dd6
Filter list of supported OTP applications by current policy (#15113) 
Closes #15112
 2022-10-24 16:47:16 +02:00
Alexander Schwartz 440077de42 Reduce number of calls to the storage for clients and realms 
Closes #15038
 2022-10-21 15:08:39 +02:00
Stefan Guilhen acaf1724dd Fix ComponentsTest failures with CockroachDB 
- Component addition/edition/removal is now executed in a retriable transaction.

Closes #13209
 2022-10-21 10:48:08 +02:00
Stian Thorgersen 31aefd1489
OTP Application SPI (#14800) 
Closes #14800
 2022-10-18 14:42:35 +02:00
vramik f49582cf63 MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable 
Closes #14678
 2022-10-14 09:32:38 +02:00
danielFesenmeyer f80a8fbed0 Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving 
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
   - moving a group
   - renaming a group
   - renaming a role
   - renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior

Closes #11236
 2022-10-13 13:23:29 +02:00
Martin Kanis 761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677) 
Closes #13334
 2022-10-13 09:26:44 +02:00