* fix: addresses slow import/export performance with more batching
closes: #37991
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing flush/detach manipulation
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* refining the doc note about using multiple files for larger user counts
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding doc note about useExistingSession method removal
and expanding javadocs
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: relaxes the admin root redirect check
also deprecates the usage of local_admin
closes: #39085
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* moving deprecation to 26.3
also changing the adminroot test to seem like it's coming from a proxy
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Closes#38497
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
closes#37126
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Closes#36036
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
* Upgrade to Quarkus 3.18.2
Closes#37056
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Update docs/documentation/upgrading/topics/changes/changes-26_2_0.adoc
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
closes: #23805
Fix typo in docs, some improvements
adding a negative assertion
Update docs/documentation/upgrading/topics/changes/changes-26_1_0.adoc
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Closes#35256
This PR fixes a bunch of typos in docs files.
I ran codespell on `*.adoc` and `*.md` files in the repo in interactive mode
carefully checking each identified typo and proposed fix for false positives.
The most widely read file with typos identified is likely the changelog/migration guide.
Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>
Also switch the default to jdbc-ping as this should be a drop-in replacement looking at the networking behavior of udp.
Closes#34658
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Clustering is disabled with multi-site deployment and there is no
JGroups thread pool to configure.
Closes#34715
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* remove robots.txt entirely, as blocking page-
crawling prevents the `X-Robots-Tag` headers
(and similar meta tags) from working as intended.
Closes#17433
Signed-off-by: Andy <andy@slice.is>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Closes#29399
- Add ProviderFactory#dependsOn to allow dependencies between
ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Closes#33939
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Keycloak will now fail to start if the work cache is replicated.
Listeners require the data to be local.
Closes#33702
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Fixed#31492
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* PropertyException is now thrown instead of a warning
* Operator guides clarification around health and metrics options
Closes: #32717
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
also moving initial bootstrapping after import
closes: #32689
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Closes#32577
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Closes#28418
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Closes#32577
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Closes#10983
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Closes#32387
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* Additional datasources now require XA
Closes#32402
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Apply suggestions from code review
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
* Relax validation
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Added a note on recovery
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Fix `CustomJpaEntityProviderDistTest`
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Search by RealmName is done before loading all realms when filtering
Closes#31956
Signed-off-by: Youssef El Houti <youssef.elhouti@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* Upgrade to Quarkus 3.13.2
Closes#31676
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Old Active/Passive guides replaced with Active/Active architecture, but
A/P vs A/A distinction hidden from users in favour of generic multi-site
docs.
Closes#31029
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes#31328
Signed-off-by: rmartinc <rmartinc@redhat.com>
Closes: #30011
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
closes: #30658
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction
Fixes#22209
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* change to make authServerUrl the same as authUrl
fixes: #29641
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Remove `authUrl` entirely
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Remove file that is unrelated
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Split out and align environment variables between consoles
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Restore removed variables to preserve backwards compatibility
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Also deprecate the `authUrl` for the Admin Console
Signed-off-by: Jon Koops <jonkoops@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Closes: #29491
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Closes#29561
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Closes#29218
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Run `chmod -x` on files that need not be executable.
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* fully removing providers and moving the keycloaksession creation / final
cleanup
also deprecated Resteasy utility methods
closes: #29223
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time
Closes#28861
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Closes#27730
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Relates to #19334
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Closes#28178
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
* fix: replace aesh with picocli
closes: #27388
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* splitting the error handling for password input
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding a change note about kcadm
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Closes#9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
This change adds event for brute force protector when user account is
temporarily disabled.
It also lowers the priority of free-text log for failed login attempts.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Add a mention about beans.xml and @Provider in the extending server documentation
Add beans.xml in the rest provider example
Add a mention about @Provider in the upgrading guides
Closes#25882
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
Address suggested change for docs/documentation/server_development/topics/extensions.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Address suggested change for docs/documentation/server_development/topics/extensions.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
Address suggested change for docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2):
- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly
Fixes#16629
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Only removing the distribution of the Jetty adapter for now, and leaving the rest for now. This is due to the complexity of removing all Jetty adapter code due to Spring, OSGI, Fuse, testsuite, etc. and it will be better to leave the rest of the clean-up to after 24 when we are removing most adapters
Closes#26255
Signed-off-by: stianst <stianst@gmail.com>
