DBP-1196 adjust dev release piepline

.github/workflows/create-release.yml

@@ -19,6 +19,9 @@ jobs:
       contents: read
       security-events: write
 
+  # build_plugins: 
+
+
   release_image:
     name: "Publish image and scan with trivy"
     needs: codeql_analyze

.github/workflows/image-and-helm-publish-check-deploy-on-push-scheduled.yml

@@ -25,14 +25,32 @@ jobs:
       contents: read
       security-events: write
 
-  build_image_on_push:
-    name: "Publish image and scan with trivy"
+  build_dependencies_for_image_on_push:
     if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      security-events: write
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with: 
+          ref: ${{ github.ref_name }}
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+      - name: Build Jars with Maven
+        run: mvn -f providers/privacyidea/pom.xml clean package
+
+  build_image_on_push_2:
     permissions:
       packages: write
       security-events: write
       contents: read
-    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/image-publish-trivy.yaml@7
+    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/image-publish-trivy.yaml@DBP-1196-adjust-dev-release-piepline
     with:
       image_name: "dbildungs-iam-keycloak"
       run_trivy_scan: true
@@ -42,113 +60,114 @@ jobs:
       fail_on_vulnerabilites: false
       report_location: "Dockerfile"
       target: "deployment"
+      github_branch: ${{ github.ref_name }}
 
-  scan_helm:
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5
-    permissions:
-      contents: read
+  # scan_helm:
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5
+  #   permissions:
+  #     contents: read
 
-  select_helm_version_generation_and_image_tag_generation:
-    if: ${{ github.event_name == 'push'}}
-    runs-on: ubuntu-latest
-    outputs: 
-      SELECT_HELM_VERION_GENERATION: ${{ steps.select_generation.outputs.SELECT_HELM_VERION_GENERATION }}
-      SELECT_IMAGE_TAG_GENERATION: ${{ steps.select_generation.outputs.SELECT_IMAGE_TAG_GENERATION }}
-    steps:
-      - id: select_generation
-        shell: bash
-        run: |
-          if ${{ github.ref_name == 'main' }}; then
-            echo "SELECT_HELM_VERION_GENERATION=timestamp" >> "$GITHUB_OUTPUT"
-            echo "SELECT_IMAGE_TAG_GENERATION=commit_hash" >> "$GITHUB_OUTPUT"
-          else
-            echo "SELECT_HELM_VERION_GENERATION=ticket_from_branch_timestamp" >> "$GITHUB_OUTPUT"
-            echo "SELECT_IMAGE_TAG_GENERATION=ticket_from_branch" >> "$GITHUB_OUTPUT"
-          fi
-
-  release_helm:
-    needs:
-      - select_helm_version_generation_and_image_tag_generation
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/chart-release.yaml@7
-    secrets: inherit
-    with:
-      chart_name: dbildungs-iam-keycloak
-      image_tag_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_IMAGE_TAG_GENERATION  }}
-      helm_chart_version_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_HELM_VERION_GENERATION  }}
+  # select_helm_version_generation_and_image_tag_generation:
+  #   if: ${{ github.event_name == 'push'}}
+  #   runs-on: ubuntu-latest
+  #   outputs: 
+  #     SELECT_HELM_VERION_GENERATION: ${{ steps.select_generation.outputs.SELECT_HELM_VERION_GENERATION }}
+  #     SELECT_IMAGE_TAG_GENERATION: ${{ steps.select_generation.outputs.SELECT_IMAGE_TAG_GENERATION }}
+  #   steps:
+  #     - id: select_generation
+  #       shell: bash
+  #       run: |
+  #         if ${{ github.ref_name == 'main' }}; then
+  #           echo "SELECT_HELM_VERION_GENERATION=timestamp" >> "$GITHUB_OUTPUT"
+  #           echo "SELECT_IMAGE_TAG_GENERATION=commit_hash" >> "$GITHUB_OUTPUT"
+  #         else
+  #           echo "SELECT_HELM_VERION_GENERATION=ticket_from_branch_timestamp" >> "$GITHUB_OUTPUT"
+  #           echo "SELECT_IMAGE_TAG_GENERATION=ticket_from_branch" >> "$GITHUB_OUTPUT"
+  #         fi
 
-  wait_for_helm_chart_to_get_published:
-    needs:
-      - release_helm
-    runs-on: ubuntu-latest
-    steps:
-      - shell: bash
-        run: sleep 1m 
-
-  branch_meta:
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/get-branch-meta.yml@3
-
-  create_branch_identifier:
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    needs: 
-      - branch_meta
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3
-    with:
-      branch: ${{ needs.branch_meta.outputs.branch }}
-
-  deploy:
-    if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
-    needs:
-      - branch_meta
-      - create_branch_identifier
-      - wait_for_helm_chart_to_get_published
-      - build_image_on_push
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@5
-    with:
-      dbildungs_iam_server_branch: ${{ needs.branch_meta.outputs.ticket }}
-      schulportal_client_branch: ${{ needs.branch_meta.outputs.ticket }}
-      dbildungs_iam_keycloak_branch: ${{ needs.branch_meta.outputs.ticket }}
-      dbildungs_iam_ldap_branch: ${{ needs.branch_meta.outputs.ticket }}
-      namespace: ${{ needs.create_branch_identifier.outputs.namespace_from_branch }}
-    secrets: inherit
-
-  # On Delete
-  create_branch_identifier_for_deletion:
-    if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }}
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3
-    with:
-      branch: ${{ github.event.ref }}
+  # release_helm:
+  #   needs:
+  #     - select_helm_version_generation_and_image_tag_generation
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   uses: dBildungsplattform/dbp-github-workflows/.github/workflows/chart-release.yaml@7
+  #   secrets: inherit
+  #   with:
+  #     chart_name: dbildungs-iam-keycloak
+  #     image_tag_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_IMAGE_TAG_GENERATION  }}
+  #     helm_chart_version_generation: ${{ needs.select_helm_version_generation_and_image_tag_generation.outputs.SELECT_HELM_VERION_GENERATION  }}
 
-  delete_namespace:
-    if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch'}}
-    needs:
-      - create_branch_identifier_for_deletion
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/delete-namespace.yml@5
-    with:
-      namespace: ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }}
-    secrets:
-      SPSH_DEV_KUBECONFIG: ${{ secrets.SPSH_DEV_KUBECONFIG }}
-
-  delete_successful:
-    if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }}
-    needs:
-      - delete_namespace
-      - create_branch_identifier_for_deletion
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo "Deletion workflow of namespace" ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }} "done" 
+  # wait_for_helm_chart_to_get_published:
+  #   needs:
+  #     - release_helm
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - shell: bash
+  #       run: sleep 1m 
 
-  # Scheduled
-  scheduled_trivy_scan:
-    name: "Scheduled trivy scan of latest image"
-    if: ${{ github.event_name == 'schedule' }}
-    permissions:
-      packages: read
-      security-events: write
-    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-trivy.yaml@7
-    with:
-      image_ref: 'ghcr.io/${{ github.repository_owner }}/dbildungs-iam-keycloak:latest'
-      fail_on_vulnerabilites: false
-      report_location: "Dockerfile"
+  # branch_meta:
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/get-branch-meta.yml@3
+
+  # create_branch_identifier:
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   needs: 
+  #     - branch_meta
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3
+  #   with:
+  #     branch: ${{ needs.branch_meta.outputs.branch }}
+
+  # deploy:
+  #   if: ${{ github.event_name == 'push' && !startsWith(github.ref_name,'dependabot/') }}
+  #   needs:
+  #     - branch_meta
+  #     - create_branch_identifier
+  #     - wait_for_helm_chart_to_get_published
+  #     - build_image_on_push
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@5
+  #   with:
+  #     dbildungs_iam_server_branch: ${{ needs.branch_meta.outputs.ticket }}
+  #     schulportal_client_branch: ${{ needs.branch_meta.outputs.ticket }}
+  #     dbildungs_iam_keycloak_branch: ${{ needs.branch_meta.outputs.ticket }}
+  #     dbildungs_iam_ldap_branch: ${{ needs.branch_meta.outputs.ticket }}
+  #     namespace: ${{ needs.create_branch_identifier.outputs.namespace_from_branch }}
+  #   secrets: inherit
+
+  # # On Delete
+  # create_branch_identifier_for_deletion:
+  #   if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }}
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@3
+  #   with:
+  #     branch: ${{ github.event.ref }}
+
+  # delete_namespace:
+  #   if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch'}}
+  #   needs:
+  #     - create_branch_identifier_for_deletion
+  #   uses: dBildungsplattform/spsh-app-deploy/.github/workflows/delete-namespace.yml@5
+  #   with:
+  #     namespace: ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }}
+  #   secrets:
+  #     SPSH_DEV_KUBECONFIG: ${{ secrets.SPSH_DEV_KUBECONFIG }}
+
+  # delete_successful:
+  #   if: ${{ github.event_name == 'delete' && github.event.ref_type == 'branch' }}
+  #   needs:
+  #     - delete_namespace
+  #     - create_branch_identifier_for_deletion
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - run: echo "Deletion workflow of namespace" ${{ needs.create_branch_identifier_for_deletion.outputs.namespace_from_branch }} "done" 
+
+  # # Scheduled
+  # scheduled_trivy_scan:
+  #   name: "Scheduled trivy scan of latest image"
+  #   if: ${{ github.event_name == 'schedule' }}
+  #   permissions:
+  #     packages: read
+  #     security-events: write
+  #   uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-trivy.yaml@7
+  #   with:
+  #     image_ref: 'ghcr.io/${{ github.repository_owner }}/dbildungs-iam-keycloak:latest'
+  #     fail_on_vulnerabilites: false
+  #     report_location: "Dockerfile"

providers/privacyidea/.gitignore

@@ -0,0 +1,7 @@
+/target
+.idea/
+*.iml
+template.ftl
+dependency-reduced-pom.xml
+make.bat
+deploy.bat

providers/privacyidea/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "java-client"]
+	path = java-client
+	url = https://github.com/privacyidea/java-client

providers/privacyidea/.travis.yml

@@ -0,0 +1,2 @@
+language: java
+

providers/privacyidea/Changelog.md

@@ -0,0 +1,76 @@
+# Changelog
+
+### v1.4.1 - 2024-03-05
+
+* Fixed a bug that would cause empty error messages to appear in the log
+* The threadpool allows core threads to time out, which will reduce the memory footprint of the provider 
+
+### v1.4.0 - 2023-11-07
+
+* Added `sendStaticPass` feature to send a static (or empty) password to trigger challenges
+* Added automatic submit after X entered digits option
+
+### v1.3.0 - 2023-08-11
+
+* Added poll in browser setting. This moves the polling for successful push authentication to the browser of the user so that the site does not have to reload. (#133)
+* Default OTP text is now customizable. (#137)
+
+* Added compatibility for keycloak 22
+* Removed listing as theme from keycloak settings
+
+### v1.2.0 - 2023-01-25
+
+* Added implementation of the preferred client mode (#121)
+* Added implementation of a new feature: Token enrollment via challenge (#125)
+
+### v1.1.0 - 2022-07-01
+
+* Included groups setting to specify groups of keycloak users for which 2FA should be activated (#54). Check the [configuration documenation](https://github.com/privacyidea/keycloak-provider#configuration).
+* It is now possible to configure the names of header that should be forwarded to privacyIDEA (#94)
+* If a user has multiple WebAuthn token, all of them can be used to log in (#84)
+
+* Fixed a bug where the provider would crash if privacyIDEA sent a response with missing fields (#105)
+
+### v1.0.0 - 2021-11-06
+
+* Support for different configurations in different keycloak realms
+* U2F
+
+### v0.6 - 2021-04-03
+
+* WebAuthn support
+* PIN change via challenge-response
+
+### v0.5.1 - 2020-11-26
+
+* Use java sdk for communication with privacyIDEA
+* Added user-agent to http requests
+
+### v0.5 - 2020-06-10
+
+* Fixed a bug where overlapping logins could override the username in the login process
+
+### v0.4 - 2020-04-24
+
+* Changed configuration input type to match new version of keycloak
+* Use /validate/polltransaction to check if push was confirmed
+
+### v0.3 - 2019-10-22
+
+* Reset error message when switching between OTP and push
+* Catch parsing error for push intervals
+* Remove duplicates for token messages
+
+### v0.2 - 2019-05-22
+
+* Add trigger challenge
+* Add possibility to exclude keycloak's groups from 2FA
+* Add token enrollment, if user does not have a token
+* Add push tokens
+* Add logging behaviour
+* Add transaction id for validate/check
+
+### v0.1 - 2019-04-11
+
+* First version
+* Supports basic OTP token