libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
Bill Burke 2016-02-01 10:36:45 -05:00
commit 4ba77a15a0
58 changed files with 1548 additions and 347 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
adapters/oidc/as7-eap6/as7-adapter-spi/src/main/java/org/keycloak/adapters/jbossweb/JBossWebPrincipalFactory.java
View file

@ -125,7 +125,7 @@ public class JBossWebPrincipalFactory extends GenericPrincipalFactory {
Iterator<Principal> iter = principals.iterator(); Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) { while (iter.hasNext()) {
Object next = iter.next(); Object next = iter.next();
if ((next instanceof Group) == false) if (!(next instanceof Group))
continue; continue;
Group grp = (Group) next; Group grp = (Group) next;
if (grp.getName().equals(name)) { if (grp.getName().equals(name)) {

2
adapters/oidc/jetty/jetty9.1/src/main/java/org/keycloak/adapters/jetty/Jetty91RequestAuthenticator.java
View file

@ -24,7 +24,7 @@ public class Jetty91RequestAuthenticator extends JettyRequestAuthenticator {
if (session == null) { if (session == null) {
return request.getSession(true).getId(); return request.getSession(true).getId();
} }
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId(); if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId(); else return session.getId();
} }
} }

2
adapters/oidc/jetty/jetty9.2/src/main/java/org/keycloak/adapters/jetty/Jetty92RequestAuthenticator.java
View file

@ -24,7 +24,7 @@ public class Jetty92RequestAuthenticator extends JettyRequestAuthenticator {
if (session == null) { if (session == null) {
return request.getSession(true).getId(); return request.getSession(true).getId();
} }
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId(); if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId(); else return session.getId();
} }
} }

2
adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/Tomcat8RequestAuthenticator.java
View file

@ -22,7 +22,7 @@ public class Tomcat8RequestAuthenticator extends CatalinaRequestAuthenticator {
if (session == null) { if (session == null) {
return request.getSession(true).getId(); return request.getSession(true).getId();
} }
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId(); if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId(); else return session.getId();
} }
} }

2
adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java
View file

@ -64,7 +64,7 @@ public class ServletRequestAuthenticator extends AbstractUndertowRequestAuthenti
@Override @Override
protected String changeHttpSessionId(boolean create) { protected String changeHttpSessionId(boolean create) {
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return ChangeSessionId.changeSessionId(exchange, create); if (!deployment.isTurnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, create);
else return getHttpSessionId(create); else return getHttpSessionId(create);
} }

2
adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/SecurityInfoHelper.java
View file

@ -89,7 +89,7 @@ public class SecurityInfoHelper {
Iterator<Principal> iter = principals.iterator(); Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) { while (iter.hasNext()) {
Object next = iter.next(); Object next = iter.next();
if ((next instanceof Group) == false) if (!(next instanceof Group))
continue; continue;
Group grp = (Group) next; Group grp = (Group) next;
if (grp.getName().equals(name)) { if (grp.getName().equals(name)) {

2
adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java
View file

@ -108,7 +108,7 @@ public class WildflyRequestAuthenticator extends ServletRequestAuthenticator {
Iterator<Principal> iter = principals.iterator(); Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) { while (iter.hasNext()) {
Object next = iter.next(); Object next = iter.next();
if ((next instanceof Group) == false) if (!(next instanceof Group))
continue; continue;
Group grp = (Group) next; Group grp = (Group) next;
if (grp.getName().equals(name)) { if (grp.getName().equals(name)) {

9
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/IdentityProviderAddHandler.java
View file

@ -17,6 +17,7 @@
package org.keycloak.subsystem.saml.as7; package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractAddStepHandler; import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext; import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException; import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler; import org.jboss.as.controller.ServiceVerificationHandler;
@ -31,11 +32,17 @@ import java.util.List;
class IdentityProviderAddHandler extends AbstractAddStepHandler { class IdentityProviderAddHandler extends AbstractAddStepHandler {
IdentityProviderAddHandler() { IdentityProviderAddHandler() {
super(IdentityProviderDefinition.ALL_ATTRIBUTES);
} }
@Override @Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException { protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model); Configuration.INSTANCE.updateModel(operation, model);
} }
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
for (AttributeDefinition attr : IdentityProviderDefinition.ALL_ATTRIBUTES) {
attr.validateAndSet(operation, model);
}
}
} }

9
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeyAddHandler.java
View file

@ -17,6 +17,7 @@
package org.keycloak.subsystem.saml.as7; package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractAddStepHandler; import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext; import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException; import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler; import org.jboss.as.controller.ServiceVerificationHandler;
@ -31,11 +32,17 @@ import java.util.List;
class KeyAddHandler extends AbstractAddStepHandler { class KeyAddHandler extends AbstractAddStepHandler {
KeyAddHandler() { KeyAddHandler() {
super(KeyDefinition.ALL_ATTRIBUTES);
} }
@Override @Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException { protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model); Configuration.INSTANCE.updateModel(operation, model);
} }
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
for (AttributeDefinition attr : KeyDefinition.ALL_ATTRIBUTES) {
attr.validateAndSet(operation, model);
}
}
} }

5
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java
View file

@ -18,6 +18,7 @@ package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractBoottimeAddStepHandler; import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
import org.jboss.as.controller.OperationContext; import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler; import org.jboss.as.controller.ServiceVerificationHandler;
import org.jboss.as.server.AbstractDeploymentChainStep; import org.jboss.as.server.AbstractDeploymentChainStep;
import org.jboss.as.server.DeploymentProcessorTarget; import org.jboss.as.server.DeploymentProcessorTarget;
@ -58,4 +59,8 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
private DeploymentUnitProcessor chooseConfigDeploymentProcessor() { private DeploymentUnitProcessor chooseConfigDeploymentProcessor() {
return new KeycloakAdapterConfigDeploymentProcessor(); return new KeycloakAdapterConfigDeploymentProcessor();
} }
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
}
} }

20
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java
View file

@ -35,6 +35,7 @@ import javax.xml.stream.XMLStreamException;
import java.util.Collections; import java.util.Collections;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Set;
/** /**
* The subsystem parser, which uses stax to read and write to and from xml * The subsystem parser, which uses stax to read and write to and from xml
@ -263,7 +264,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
throw new XMLStreamException("KeyStore element must have 'file' or 'resource' attribute set", reader.getLocation()); throw new XMLStreamException("KeyStore element must have 'file' or 'resource' attribute set", reader.getLocation());
} }
if (!addKeyStore.hasDefined(Constants.Model.PASSWORD)) { if (!addKeyStore.hasDefined(Constants.Model.PASSWORD)) {
throw ParseUtils.missingRequired(reader, Constants.XML.PASSWORD); throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PASSWORD));
} }
while (reader.hasNext() && nextTag(reader) != END_ELEMENT) { while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
@ -292,10 +293,10 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
} }
if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_ALIAS)) { if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_ALIAS)) {
throw ParseUtils.missingRequired(reader, Constants.XML.PRIVATE_KEY_ALIAS); throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRIVATE_KEY_ALIAS));
} }
if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_PASSWORD)) { if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_PASSWORD)) {
throw ParseUtils.missingRequired(reader, Constants.XML.PRIVATE_KEY_PASSWORD); throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRIVATE_KEY_PASSWORD));
} }
ParseUtils.requireNoContent(reader); ParseUtils.requireNoContent(reader);
@ -314,7 +315,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
} }
if (!addKeyStore.hasDefined(Constants.Model.CERTIFICATE_ALIAS)) { if (!addKeyStore.hasDefined(Constants.Model.CERTIFICATE_ALIAS)) {
throw ParseUtils.missingRequired(reader, Constants.XML.CERTIFICATE_ALIAS); throw ParseUtils.missingRequired(reader, asSet(Constants.XML.CERTIFICATE_ALIAS));
} }
ParseUtils.requireNoContent(reader); ParseUtils.requireNoContent(reader);
@ -356,7 +357,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
} }
if (!policySet) { if (!policySet) {
throw ParseUtils.missingRequired(reader, Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY); throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY));
} }
ParseUtils.requireNoContent(reader); ParseUtils.requireNoContent(reader);
} }
@ -568,4 +569,13 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
} }
writer.writeEndElement(); writer.writeEndElement();
} }
private static Set<String> asSet(String ... values) {
HashSet ret = new HashSet();
for (String value: values) {
ret.add(value);
}
return ret;
}
} }

4
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/SecureDeploymentAddHandler.java
View file

@ -39,4 +39,8 @@ class SecureDeploymentAddHandler extends AbstractAddStepHandler {
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException { protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model); Configuration.INSTANCE.updateModel(operation, model);
} }
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
}
} }

9
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderAddHandler.java
View file

@ -17,6 +17,7 @@
package org.keycloak.subsystem.saml.as7; package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractAddStepHandler; import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext; import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException; import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler; import org.jboss.as.controller.ServiceVerificationHandler;
@ -33,11 +34,17 @@ class ServiceProviderAddHandler extends AbstractAddStepHandler {
static final ServiceProviderAddHandler INSTANCE = new ServiceProviderAddHandler(); static final ServiceProviderAddHandler INSTANCE = new ServiceProviderAddHandler();
ServiceProviderAddHandler() { ServiceProviderAddHandler() {
super(ServiceProviderDefinition.ALL_ATTRIBUTES);
} }
@Override @Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException { protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model); Configuration.INSTANCE.updateModel(operation, model);
} }
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
for (AttributeDefinition attr : ServiceProviderDefinition.ALL_ATTRIBUTES) {
attr.validateAndSet(operation, model);
}
}
} }

2
adapters/saml/jetty/jetty9.1/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java
View file

@ -21,7 +21,7 @@ public class Jetty9SamlSessionStore extends JettySamlSessionStore {
@Override @Override
protected String changeSessionId(HttpSession session) { protected String changeSessionId(HttpSession session) {
Request request = this.request; Request request = this.request;
if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId(); if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId(); else return session.getId();
} }
} }

2
adapters/saml/jetty/jetty9.2/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java
View file

@ -21,7 +21,7 @@ public class Jetty9SamlSessionStore extends JettySamlSessionStore {
@Override @Override
protected String changeSessionId(HttpSession session) { protected String changeSessionId(HttpSession session) {
Request request = this.request; Request request = this.request;
if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId(); if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId(); else return session.getId();
} }
} }

2
adapters/saml/tomcat/tomcat8/src/main/java/org/keycloak/adapters/saml/tomcat/Tomcat8SamlSessionStore.java
View file

@ -22,7 +22,7 @@ public class Tomcat8SamlSessionStore extends CatalinaSamlSessionStore {
@Override @Override
protected String changeSessionId(Session session) { protected String changeSessionId(Session session) {
Request request = this.request; Request request = this.request;
if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId(); if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId(); else return session.getId();
} }
} }

2
adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java
View file

@ -165,7 +165,7 @@ public class ServletSamlSessionStore implements SamlSessionStore {
} }
protected String changeSessionId(HttpSession session) { protected String changeSessionId(HttpSession session) {
if (deployment.turnOffChangeSessionIdOnLogin() == false) return ChangeSessionId.changeSessionId(exchange, false); if (!deployment.turnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, false);
else return session.getId(); else return session.getId();
} }

2
adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/SecurityInfoHelper.java
View file

@ -89,7 +89,7 @@ public class SecurityInfoHelper {
Iterator<Principal> iter = principals.iterator(); Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) { while (iter.hasNext()) {
Object next = iter.next(); Object next = iter.next();
if ((next instanceof Group) == false) if (!(next instanceof Group))
continue; continue;
Group grp = (Group) next; Group grp = (Group) next;
if (grp.getName().equals(name)) { if (grp.getName().equals(name)) {

2
adapters/spi/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java
View file

@ -30,7 +30,7 @@ public class KeycloakLoginModule extends AbstractServerLoginModule {
@Override @Override
public boolean login() throws LoginException { public boolean login() throws LoginException {
log.debug("KeycloakLoginModule.login()"); log.debug("KeycloakLoginModule.login()");
if (super.login() == true) { if (super.login()) {
log.debug("super.login()==true"); log.debug("super.login()==true");
return true; return true;
} }

2
adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java
View file

@ -81,7 +81,7 @@ public abstract class GenericPrincipalFactory {
Iterator<Principal> iter = principals.iterator(); Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) { while (iter.hasNext()) {
Object next = iter.next(); Object next = iter.next();
if ((next instanceof Group) == false) if (!(next instanceof Group))
continue; continue;
Group grp = (Group) next; Group grp = (Group) next;
if (grp.getName().equals(name)) { if (grp.getName().equals(name)) {

2
common/src/main/java/org/keycloak/common/util/StringPropertyReplacer.java
View file

@ -207,7 +207,7 @@ public final class StringPropertyReplacer
} }
// No properties // No properties
if (properties == false) if (!properties)
return string; return string;
// Collect the trailing characters // Collect the trailing characters

44
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/msad/UserAccountControl.java
View file

@ -7,28 +7,28 @@ package org.keycloak.federation.ldap.mappers.msad;
*/ */
public class UserAccountControl { public class UserAccountControl {
public static final long SCRIPT = 0x0001l; public static final long SCRIPT = 0x0001L;
public static final long ACCOUNTDISABLE = 0x0002l; public static final long ACCOUNTDISABLE = 0x0002L;
public static final long HOMEDIR_REQUIRED = 0x0008l; public static final long HOMEDIR_REQUIRED = 0x0008L;
public static final long LOCKOUT = 0x0010l; public static final long LOCKOUT = 0x0010L;
public static final long PASSWD_NOTREQD = 0x0020l; public static final long PASSWD_NOTREQD = 0x0020L;
public static final long PASSWD_CANT_CHANGE = 0x0040l; public static final long PASSWD_CANT_CHANGE = 0x0040L;
public static final long ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080l; public static final long ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080L;
public static final long TEMP_DUPLICATE_ACCOUNT = 0x0100l; public static final long TEMP_DUPLICATE_ACCOUNT = 0x0100L;
public static final long NORMAL_ACCOUNT = 0x0200l; public static final long NORMAL_ACCOUNT = 0x0200L;
public static final long INTERDOMAIN_TRUST_ACCOUNT = 0x0800l; public static final long INTERDOMAIN_TRUST_ACCOUNT = 0x0800L;
public static final long WORKSTATION_TRUST_ACCOUNT = 0x1000l; public static final long WORKSTATION_TRUST_ACCOUNT = 0x1000L;
public static final long SERVER_TRUST_ACCOUNT = 0x2000l; public static final long SERVER_TRUST_ACCOUNT = 0x2000L;
public static final long DONT_EXPIRE_PASSWORD = 0x10000l; public static final long DONT_EXPIRE_PASSWORD = 0x10000L;
public static final long MNS_LOGON_ACCOUNT = 0x20000l; public static final long MNS_LOGON_ACCOUNT = 0x20000L;
public static final long SMARTCARD_REQUIRED = 0x40000l; public static final long SMARTCARD_REQUIRED = 0x40000L;
public static final long TRUSTED_FOR_DELEGATION = 0x80000l; public static final long TRUSTED_FOR_DELEGATION = 0x80000L;
public static final long NOT_DELEGATED = 0x100000l; public static final long NOT_DELEGATED = 0x100000L;
public static final long USE_DES_KEY_ONLY = 0x200000l; public static final long USE_DES_KEY_ONLY = 0x200000L;
public static final long DONT_REQ_PREAUTH = 0x400000l; public static final long DONT_REQ_PREAUTH = 0x400000L;
public static final long PASSWORD_EXPIRED = 0x800000l; public static final long PASSWORD_EXPIRED = 0x800000L;
public static final long TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000l; public static final long TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000L;
public static final long PARTIAL_SECRETS_ACCOUNT = 0x04000000l; public static final long PARTIAL_SECRETS_ACCOUNT = 0x04000000L;
private long value; private long value;

2
model/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java
View file

@ -12,7 +12,7 @@ public interface JpaUpdaterProvider extends Provider {
public String FIRST_VERSION = "1.0.0.Final"; public String FIRST_VERSION = "1.0.0.Final";
public String LAST_VERSION = "1.8.0"; public String LAST_VERSION = "1.9.0";
public String getCurrentVersionSql(String defaultSchema); public String getCurrentVersionSql(String defaultSchema);

7
model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/LiquibaseJpaUpdaterProvider.java
View file

@ -7,6 +7,7 @@ import liquibase.changelog.DatabaseChangeLog;
import liquibase.changelog.RanChangeSet; import liquibase.changelog.RanChangeSet;
import liquibase.database.Database; import liquibase.database.Database;
import liquibase.database.DatabaseFactory; import liquibase.database.DatabaseFactory;
import liquibase.database.core.DB2Database;
import liquibase.database.jvm.JdbcConnection; import liquibase.database.jvm.JdbcConnection;
import liquibase.logging.LogFactory; import liquibase.logging.LogFactory;
import liquibase.logging.LogLevel; import liquibase.logging.LogLevel;
@ -29,6 +30,7 @@ public class LiquibaseJpaUpdaterProvider implements JpaUpdaterProvider {
private static final Logger logger = Logger.getLogger(LiquibaseJpaUpdaterProvider.class); private static final Logger logger = Logger.getLogger(LiquibaseJpaUpdaterProvider.class);
private static final String CHANGELOG = "META-INF/jpa-changelog-master.xml"; private static final String CHANGELOG = "META-INF/jpa-changelog-master.xml";
private static final String DB2_CHANGELOG = "META-INF/db2-jpa-changelog-master.xml";
@Override @Override
public String getCurrentVersionSql(String defaultSchema) { public String getCurrentVersionSql(String defaultSchema) {
@ -117,7 +119,10 @@ public class LiquibaseJpaUpdaterProvider implements JpaUpdaterProvider {
if (defaultSchema != null) { if (defaultSchema != null) {
database.setDefaultSchemaName(defaultSchema); database.setDefaultSchemaName(defaultSchema);
} }
return new Liquibase(CHANGELOG, new ClassLoaderResourceAccessor(getClass().getClassLoader()), database);
String changelog = (database instanceof DB2Database) ? DB2_CHANGELOG : CHANGELOG;
logger.debugf("Using changelog file: %s", changelog);
return new Liquibase(changelog, new ClassLoaderResourceAccessor(getClass().getClassLoader()), database);
} }
@Override @Override

2
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -264,7 +264,7 @@ public class RealmAdapter implements RealmModel {
@Override @Override
public long getQuickLoginCheckMilliSeconds() { public long getQuickLoginCheckMilliSeconds() {
return getAttribute("quickLoginCheckMilliSeconds", 0l); return getAttribute("quickLoginCheckMilliSeconds", 0L);
} }
@Override @Override

442
model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.0.0.Final.xml Normal file
View file

@ -0,0 +1,442 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
<changeSet author="sthorger@redhat.com" id="1.0.0.Final">
<createTable tableName="APPLICATION_DEFAULT_ROLES">
<column name="APPLICATION_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT">
<column name="DTYPE" type="VARCHAR(31)">
<constraints nullable="false"/>
</column>
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ALLOWED_CLAIMS_MASK" type="BIGINT"/>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="FULL_SCOPE_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="NOT_BEFORE" type="INT"/>
<column name="PUBLIC_CLIENT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SECRET" type="VARCHAR(255)"/>
<column name="BASE_URL" type="VARCHAR(255)"/>
<column name="BEARER_ONLY" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="MANAGEMENT_URL" type="VARCHAR(255)"/>
<column name="SURROGATE_AUTH_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="DIRECT_GRANTS_ONLY" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT_SESSION">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ACTION" type="INT"/>
<column name="CLIENT_ID" type="VARCHAR(36)"/>
<column name="REDIRECT_URI" type="VARCHAR(255)"/>
<column name="STATE" type="VARCHAR(255)"/>
<column name="TIMESTAMP" type="INT"/>
<column name="SESSION_ID" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="CLIENT_SESSION_ROLE">
<column name="ROLE_ID" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="CLIENT_SESSION" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="COMPOSITE_ROLE">
<column name="COMPOSITE" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CHILD_ROLE" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CREDENTIAL">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="DEVICE" type="VARCHAR(255)"/>
<column name="HASH_ITERATIONS" type="INT"/>
<column name="SALT" type="BLOB(16)"/>
<column name="TYPE" type="VARCHAR(255)"/>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="USER_ID" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="EVENT_ENTITY">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CLIENT_ID" type="VARCHAR(255)"/>
<column name="DETAILS_JSON" type="VARCHAR(2550)"/>
<column name="ERROR" type="VARCHAR(255)"/>
<column name="IP_ADDRESS" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(255)"/>
<column name="SESSION_ID" type="VARCHAR(255)"/>
<column name="TIME" type="BIGINT"/>
<column name="TYPE" type="VARCHAR(255)"/>
<column name="USER_ID" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="FED_PROVIDERS">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="USERFEDERATIONPROVIDERS_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="KEYCLOAK_ROLE">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="APP_REALM_CONSTRAINT" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="APPLICATION_ROLE" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="DESCRIPTION" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(255)"/>
<column name="APPLICATION" type="VARCHAR(36)"/>
<column name="REALM" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="REALM">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ACCESS_CODE_LIFESPAN" type="INT"/>
<column name="USER_ACTION_LIFESPAN" type="INT"/>
<column name="ACCESS_TOKEN_LIFESPAN" type="INT"/>
<column name="ACCOUNT_THEME" type="VARCHAR(255)"/>
<column name="ADMIN_THEME" type="VARCHAR(255)"/>
<column name="EMAIL_THEME" type="VARCHAR(255)"/>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="EVENTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="EVENTS_EXPIRATION" type="BIGINT"/>
<column name="LOGIN_THEME" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="NOT_BEFORE" type="INT"/>
<column name="PASSWORD_CRED_GRANT_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="PASSWORD_POLICY" type="VARCHAR(255)"/>
<column name="PRIVATE_KEY" type="VARCHAR(2048)"/>
<column name="PUBLIC_KEY" type="VARCHAR(2048)"/>
<column name="REGISTRATION_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="REMEMBER_ME" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="RESET_PASSWORD_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SOCIAL" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SSL_REQUIRED" type="VARCHAR(255)"/>
<column name="SSO_IDLE_TIMEOUT" type="INT"/>
<column name="SSO_MAX_LIFESPAN" type="INT"/>
<column name="UPDATE_PROFILE_ON_SOC_LOGIN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="VERIFY_EMAIL" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="MASTER_ADMIN_APP" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="REALM_APPLICATION">
<column name="APPLICATION_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_ATTRIBUTE">
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_DEFAULT_ROLES">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_EVENTS_LISTENERS">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="REALM_REQUIRED_CREDENTIAL">
<column name="TYPE" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="FORM_LABEL" type="VARCHAR(255)"/>
<column name="INPUT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SECRET" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_SMTP_CONFIG">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_SOCIAL_CONFIG">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REDIRECT_URIS">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="SCOPE_MAPPING">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USERNAME_LOGIN_FAILURE">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="USERNAME" type="VARCHAR(200)">
<constraints nullable="false"/>
</column>
<column name="FAILED_LOGIN_NOT_BEFORE" type="INT"/>
<column name="LAST_FAILURE" type="BIGINT"/>
<column name="LAST_IP_FAILURE" type="VARCHAR(255)"/>
<column name="NUM_FAILURES" type="INT"/>
</createTable>
<createTable tableName="USER_ATTRIBUTE">
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_ENTITY">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="EMAIL" type="VARCHAR(255)"/>
<column name="EMAIL_CONSTRAINT" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="EMAIL_VERIFIED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="FEDERATION_LINK" type="VARCHAR(255)"/>
<column name="FIRST_NAME" type="VARCHAR(255)"/>
<column name="LAST_NAME" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="TOTP" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="USERNAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_FEDERATION_CONFIG">
<column name="USER_FEDERATION_PROVIDER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_FEDERATION_PROVIDER">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CHANGED_SYNC_PERIOD" type="INT"/>
<column name="DISPLAY_NAME" type="VARCHAR(255)"/>
<column name="FULL_SYNC_PERIOD" type="INT"/>
<column name="LAST_SYNC" type="INT"/>
<column name="PRIORITY" type="INT"/>
<column name="PROVIDER_NAME" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="USER_REQUIRED_ACTION">
<column name="ACTION" type="INT">
<constraints nullable="false"/>
</column>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_ROLE_MAPPING">
<column name="ROLE_ID" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_SESSION">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="AUTH_METHOD" type="VARCHAR(255)"/>
<column name="IP_ADDRESS" type="VARCHAR(255)"/>
<column name="LAST_SESSION_REFRESH" type="INT"/>
<column name="LOGIN_USERNAME" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(255)"/>
<column name="REMEMBER_ME" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="STARTED" type="INT"/>
<column name="USER_ID" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="USER_SOCIAL_LINK">
<column name="SOCIAL_PROVIDER" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(255)"/>
<column name="SOCIAL_USER_ID" type="VARCHAR(255)"/>
<column name="SOCIAL_USERNAME" type="VARCHAR(255)"/>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="WEB_ORIGINS">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
</createTable>
<addPrimaryKey columnNames="REALM_ID, NAME" constraintName="CONSTRAINT_1" tableName="REALM_SOCIAL_CONFIG"/>
<addPrimaryKey columnNames="REALM_ID, USERNAME" constraintName="CONSTRAINT_17" tableName="USERNAME_LOGIN_FAILURE"/>
<addPrimaryKey columnNames="ACTION, USER_ID" constraintName="CONSTRAINT_2" tableName="USER_REQUIRED_ACTION"/>
<addPrimaryKey columnNames="SOCIAL_PROVIDER, USER_ID" constraintName="CONSTRAINT_3" tableName="USER_SOCIAL_LINK"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_4" tableName="EVENT_ENTITY"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_4A" tableName="REALM"/>
<addPrimaryKey columnNames="CLIENT_SESSION, ROLE_ID" constraintName="CONSTRAINT_5" tableName="CLIENT_SESSION_ROLE"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_57" tableName="USER_SESSION"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_5C" tableName="USER_FEDERATION_PROVIDER"/>
<addPrimaryKey columnNames="NAME, USER_ID" constraintName="CONSTRAINT_6" tableName="USER_ATTRIBUTE"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_7" tableName="CLIENT"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_8" tableName="CLIENT_SESSION"/>
<addPrimaryKey columnNames="CLIENT_ID, ROLE_ID" constraintName="CONSTRAINT_81" tableName="SCOPE_MAPPING"/>
<addPrimaryKey columnNames="NAME, REALM_ID" constraintName="CONSTRAINT_9" tableName="REALM_ATTRIBUTE"/>
<addPrimaryKey columnNames="REALM_ID, TYPE" constraintName="CONSTRAINT_92" tableName="REALM_REQUIRED_CREDENTIAL"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_A" tableName="KEYCLOAK_ROLE"/>
<addPrimaryKey columnNames="ROLE_ID, USER_ID" constraintName="CONSTRAINT_C" tableName="USER_ROLE_MAPPING"/>
<addPrimaryKey columnNames="REALM_ID, NAME" constraintName="CONSTRAINT_E" tableName="REALM_SMTP_CONFIG"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_F" tableName="CREDENTIAL"/>
<addPrimaryKey columnNames="USER_FEDERATION_PROVIDER_ID, NAME" constraintName="CONSTRAINT_F9" tableName="USER_FEDERATION_CONFIG"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_FB" tableName="USER_ENTITY"/>
<!-- Added later in 1.2.0.CR1 -->
<!--<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_8AELWNIBJI49AVXSRTUF6XJOW" tableName="APPLICATION_DEFAULT_ROLES"/>-->
<!--<addUniqueConstraint columnNames="REALM_ID,NAME" constraintName="UK_B71CJLBENV945RB6GCON438AT" tableName="CLIENT"/>-->
<addUniqueConstraint columnNames="USERFEDERATIONPROVIDERS_ID" constraintName="UK_DCCIRJLIPU1478VQC89DID88C" tableName="FED_PROVIDERS"/>
<addUniqueConstraint columnNames="REALM_ID,EMAIL_CONSTRAINT" constraintName="UK_DYKN684SL8UP1CRFEI6ECKHD7" tableName="USER_ENTITY"/>
<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_H4WPD7W4HSOOLNI3H0SW7BTJE" tableName="REALM_DEFAULT_ROLES"/>
<!-- Added later in 1.2.0.CR1 -->
<!--<addUniqueConstraint columnNames="NAME,APP_REALM_CONSTRAINT" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2" tableName="KEYCLOAK_ROLE"/>-->
<addUniqueConstraint columnNames="REALM_ID" constraintName="UK_L5QGA3RFME47335JY8JXYXH3I" tableName="REALM_APPLICATION"/>
<addUniqueConstraint columnNames="NAME" constraintName="UK_ORVSDMLA56612EAEFIQ6WL5OI" tableName="REALM"/>
<addUniqueConstraint columnNames="REALM_ID,USERNAME" constraintName="UK_RU8TT6T700S9V50BU18WS5HA6" tableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_ROLE" constraintName="FK_11B7SGQW18I532811V7O2DV76" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="REDIRECT_URIS" constraintName="FK_1BURS8PB4OUJ97H5WUPPAHV9F" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="USER_FEDERATION_PROVIDER" constraintName="FK_1FJ32F6PTOLW2QY60CD8N01E8" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="FED_PROVIDERS" constraintName="FK_213LYQ09FKXQ8K8NY8DY3737T" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_REQUIRED_CREDENTIAL" constraintName="FK_5HG65LYBEVAVKQFKI3KPONH9V" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_ATTRIBUTE" constraintName="FK_5HRM2VLF9QL5FU043KQEPOVBR" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_SOCIAL_LINK" constraintName="FK_68CJYS5UWM55UY823Y75XG4OM" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_REQUIRED_ACTION" constraintName="FK_6QJ3W1JW9CVAFHE19BWSIUVMD" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="REALM" baseTableName="KEYCLOAK_ROLE" constraintName="FK_6VYQFE4CN4WLQ8R6KT5VDSJ5C" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SMTP_CONFIG" constraintName="FK_70EJ8XDXGXD0B9HH6180IRR0O" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="REALM_APPLICATION" constraintName="FK_71S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="REALM"/>
<!-- Added later in 1.2.0.CR1 -->
<!--<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_8AELWNIBJI49AVXSRTUF6XJOW" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>-->
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_ATTRIBUTE" constraintName="FK_8SHXD6L3E9ATQUKACXGPFFPTW" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="COMPOSITE" baseTableName="COMPOSITE_ROLE" constraintName="FK_A63WVEKFTU8JO1PNJ81E7MCE2" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addForeignKeyConstraint baseColumnNames="SESSION_ID" baseTableName="CLIENT_SESSION" constraintName="FK_B4AO2VCVAT6UKAU74WBWTFQO1" referencedColumnNames="ID" referencedTableName="USER_SESSION"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_ROLE_MAPPING" constraintName="FK_C4FQV34P1MBYLLOXANG7B1Q3L" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="USERFEDERATIONPROVIDERS_ID" baseTableName="FED_PROVIDERS" constraintName="FK_DCCIRJLIPU1478VQC89DID88C" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_DEFAULT_ROLES" constraintName="FK_EVUDB1PPW84OXFAX2DRS03ICC" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="CHILD_ROLE" baseTableName="COMPOSITE_ROLE" constraintName="FK_GR7THLLB9LU8Q4VQA4524JJY8" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="REALM_DEFAULT_ROLES" constraintName="FK_H4WPD7W4HSOOLNI3H0SW7BTJE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_EVENTS_LISTENERS" constraintName="FK_H846O4H0W8EPX5NXEV9F5Y69J" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_APPLICATION" constraintName="FK_L5QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="WEB_ORIGINS" constraintName="FK_LOJPHO213XCX4WNKOG82SSRFY" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<!-- Added later in 1.2.0.CR1 -->
<!--<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_MAYLTS7KLWQW2H8M2B5JOYTKY" referencedColumnNames="ID" referencedTableName="CLIENT"/>-->
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="SCOPE_MAPPING" constraintName="FK_OUSE064PLMLR732LXJCN1Q5F1" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="SCOPE_MAPPING" constraintName="FK_P3RH9GRKU11KQFRS4FLTT7RNQ" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="CLIENT" constraintName="FK_P56CTINXXB9GSK57FO49F9TAC" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="CREDENTIAL" constraintName="FK_PFYR0GLASQYL0DEI3KL69R6V0" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="APPLICATION" baseTableName="KEYCLOAK_ROLE" constraintName="FK_PIMO5LE2C0RAL09FL8CM9WFW9" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="MASTER_ADMIN_APP" baseTableName="REALM" constraintName="FK_RSAF444KK6QRKMS7N56AIWQ5Y" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SOCIAL_CONFIG" constraintName="FK_SV5I3C2TI7G0G922FGE683SOV" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="USER_FEDERATION_PROVIDER_ID" baseTableName="USER_FEDERATION_CONFIG" constraintName="FK_T13HPU1J94R2EBPEKR39X5EU5" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
</changeSet>
</databaseChangeLog>

173
model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.2.0.Beta1.xml Normal file
View file

@ -0,0 +1,173 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="psilva@redhat.com" id="1.2.0.Beta1">
<delete tableName="CLIENT_SESSION_ROLE" />
<delete tableName="CLIENT_SESSION_NOTE" />
<delete tableName="CLIENT_SESSION" />
<delete tableName="USER_SESSION" />
<createTable tableName="PROTOCOL_MAPPER">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="PROTOCOL" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="PROTOCOL_MAPPER_NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="CONSENT_TEXT" type="VARCHAR(255)" />
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="PROTOCOL_MAPPER_CONFIG">
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="CLOB" />
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="FEDERATED_IDENTITY">
<column name="IDENTITY_PROVIDER" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="FEDERATED_USER_ID" type="VARCHAR(255)" />
<column name="FEDERATED_USERNAME" type="VARCHAR(255)" />
<column name="TOKEN" type="TEXT" />
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="IDENTITY_PROVIDER">
<column name="INTERNAL_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="PROVIDER_ALIAS" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="PROVIDER_ID" type="VARCHAR(255)" />
<column name="UPDATE_PROFILE_FIRST_LOGIN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="STORE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="AUTHENTICATE_BY_DEFAULT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="IDENTITY_PROVIDER_CONFIG">
<column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="CLOB" />
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="CLIENT_IDENTITY_PROV_MAPPING">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="RETRIEVE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="REALM_SUPPORTED_LOCALES">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="VARCHAR(255)" />
</createTable>
<createTable tableName="USER_SESSION_NOTE">
<column name="USER_SESSION" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="VARCHAR(2048)" />
</createTable>
<addColumn tableName="CLIENT">
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
</addColumn>
<addColumn tableName="USER_SESSION">
<column name="USER_SESSION_STATE" type="INT" />
<column name="BROKER_SESSION_ID" type="VARCHAR(255)" />
<column name="BROKER_USER_ID" type="VARCHAR(255)" />
</addColumn>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_PCM" tableName="PROTOCOL_MAPPER" />
<addPrimaryKey columnNames="INTERNAL_ID" constraintName="CONSTRAINT_2B" tableName="IDENTITY_PROVIDER" />
<addPrimaryKey columnNames="IDENTITY_PROVIDER, USER_ID" constraintName="CONSTRAINT_40" tableName="FEDERATED_IDENTITY" />
<addPrimaryKey columnNames="IDENTITY_PROVIDER_ID, NAME" constraintName="CONSTRAINT_D" tableName="IDENTITY_PROVIDER_CONFIG" />
<addPrimaryKey columnNames="PROTOCOL_MAPPER_ID, NAME" constraintName="CONSTRAINT_PMConfig" tableName="PROTOCOL_MAPPER_CONFIG" />
<addPrimaryKey columnNames="USER_SESSION, NAME" constraintName="CONSTRAINT_USN_PK" tableName="USER_SESSION_NOTE" />
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER" constraintName="FK2B4EBC52AE5C3B34" referencedColumnNames="ID" referencedTableName="REALM" />
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_PCM_REALM" referencedColumnNames="ID" referencedTableName="CLIENT" />
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="FEDERATED_IDENTITY" constraintName="FK404288B92EF007A6" referencedColumnNames="ID" referencedTableName="USER_ENTITY" />
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="IDENTITY_PROVIDER_CONFIG" constraintName="FKDC4897CF864C4E43" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER" />
<addForeignKeyConstraint baseColumnNames="PROTOCOL_MAPPER_ID" baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMConfig" referencedColumnNames="ID" referencedTableName="PROTOCOL_MAPPER" />
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_7CELWNIBJI49AVXSRTUF6XJ12" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER" />
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_56ELWNIBJI49AVXSRTUF6XJ23" referencedColumnNames="ID" referencedTableName="CLIENT" />
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SUPPORTED_LOCALES" constraintName="FK_SUPPORTED_LOCALES_REALM" referencedColumnNames="ID" referencedTableName="REALM" />
<addForeignKeyConstraint baseColumnNames="USER_SESSION" baseTableName="USER_SESSION_NOTE" constraintName="FK5EDFB00FF51D3472" referencedColumnNames="ID" referencedTableName="USER_SESSION" />
<addUniqueConstraint columnNames="PROVIDER_ALIAS, REALM_ID" constraintName="UK_2DAELWNIBJI49AVXSRTUF6XJ33" tableName="IDENTITY_PROVIDER" />
<addUniqueConstraint columnNames="IDENTITY_PROVIDER_ID,CLIENT_ID" constraintName="UK_7CAELWNIBJI49AVXSRTUF6XJ12" tableName="CLIENT_IDENTITY_PROV_MAPPING" />
<addColumn tableName="REALM">
<column name="LOGIN_LIFESPAN" type="INT" />
<column name="INTERNATIONALIZATION_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="DEFAULT_LOCALE" type="VARCHAR(255)" />
<column name="REG_EMAIL_AS_USERNAME" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
</addColumn>
<!-- KEYCLOAK-1106 APPLICATION_ID and REALM_ID switched in REALM_APPLICATION table -->
<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_71S3P0DIUXAWWQQSA528UBY2Q" />
<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_L5QGA3RFME47335JY8JXYXH3I" />
<dropUniqueConstraint tableName="REALM_APPLICATION" constraintName="UK_L5QGA3RFME47335JY8JXYXH3I" />
<renameColumn tableName="REALM_APPLICATION" oldColumnName="APPLICATION_ID" newColumnName="APPLICATION_ID_TMP" columnDataType="VARCHAR(36)" />
<renameColumn tableName="REALM_APPLICATION" oldColumnName="REALM_ID" newColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)" />
<renameColumn tableName="REALM_APPLICATION" oldColumnName="APPLICATION_ID_TMP" newColumnName="REALM_ID" columnDataType="VARCHAR(36)" />
<!--<addUniqueConstraint columnNames="APPLICATION_ID" constraintName="UK_M6QGA3RFME47335JY8JXYXH3I" tableName="REALM_APPLICATION" />
<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="REALM_APPLICATION" constraintName="FK_82S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="CLIENT" />
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_APPLICATION" constraintName="FK_M6QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="REALM" />-->
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_2_0_Beta1" />
<!-- Remove obsolete 'social' and 'claims' stuff -->
<dropForeignKeyConstraint baseTableName="USER_SOCIAL_LINK" constraintName="FK_68CJYS5UWM55UY823Y75XG4OM" />
<dropTable tableName="USER_SOCIAL_LINK" cascadeConstraints="true" />
<dropForeignKeyConstraint baseTableName="REALM_SOCIAL_CONFIG" constraintName="FK_SV5I3C2TI7G0G922FGE683SOV" />
<dropTable tableName="REALM_SOCIAL_CONFIG" cascadeConstraints="true" />
<dropColumn tableName="CLIENT" columnName="ALLOWED_CLAIMS_MASK" />
<createTable tableName="REALM_ENABLED_EVENT_TYPES">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="VARCHAR(255)" />
</createTable>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_ENABLED_EVENT_TYPES" constraintName="FK_H846O4H0W8EPX5NWEDRF5Y69J" referencedColumnNames="ID" referencedTableName="REALM" />
</changeSet>
</databaseChangeLog>

156
model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.2.0.CR1.xml Normal file
View file

@ -0,0 +1,156 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="bburke@redhat.com" id="1.2.0.RC1">
<delete tableName="CLIENT_SESSION_ROLE"/>
<delete tableName="CLIENT_SESSION_NOTE"/>
<delete tableName="CLIENT_SESSION"/>
<delete tableName="USER_SESSION_NOTE"/>
<delete tableName="USER_SESSION"/>
<createTable tableName="MIGRATION_MODEL">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VERSION" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</createTable>
<createTable tableName="IDENTITY_PROVIDER_MAPPER">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="IDP_ALIAS" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="IDP_MAPPER_NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="IDP_MAPPER_CONFIG">
<column name="IDP_MAPPER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="CLOB"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<addColumn tableName="CREDENTIAL">
<column name="CREATED_DATE" type="BIGINT"/>
</addColumn>
<createTable tableName="USER_CONSENT">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_CONSENT_ROLE">
<column name="USER_CONSENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_CONSENT_PROT_MAPPER">
<column name="USER_CONSENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT_SESSION_PROT_MAPPER">
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CLIENT_SESSION" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_MIGMOD" tableName="MIGRATION_MODEL"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_IDPM" tableName="IDENTITY_PROVIDER_MAPPER"/>
<addPrimaryKey columnNames="IDP_MAPPER_ID, NAME" constraintName="CONSTRAINT_IDPMConfig" tableName="IDP_MAPPER_CONFIG"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_GRNTCSNT_PM" tableName="USER_CONSENT"/>
<addPrimaryKey columnNames="USER_CONSENT_ID, ROLE_ID" constraintName="CONSTRAINT_GRNTCSNT_ROLE_PM" tableName="USER_CONSENT_ROLE"/>
<addPrimaryKey columnNames="USER_CONSENT_ID, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_GRNTCSNT_PRM_PM" tableName="USER_CONSENT_PROT_MAPPER"/>
<addPrimaryKey columnNames="CLIENT_SESSION, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_CS_PMP_PK" tableName="CLIENT_SESSION_PROT_MAPPER"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER_MAPPER" constraintName="FK_IDPM_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="IDP_MAPPER_ID" baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMConfig" referencedColumnNames="ID" referencedTableName="IDENTITY_PROVIDER_MAPPER"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_CONSENT" constraintName="FK_GRNTCSNT_USER" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_ROLE" constraintName="FK_GRNTCSNT_ROLE_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
<addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_PROT_MAPPER" constraintName="FK_GRNTCSNT_PRM_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_PROT_MAPPER" constraintName="FK_33A8SGQW18I532811V7O2DK89" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
<renameColumn tableName="CLIENT" newColumnName="CLIENT_ID" oldColumnName="NAME" columnDataType="VARCHAR(255)"/>
<!-- DB2 specific. Original changelog has this in 1.0.0.Final -->
<addUniqueConstraint columnNames="REALM_ID,CLIENT_ID" constraintName="UK_B71CJLBENV945RB6GCON438AT" tableName="CLIENT"/>
<addColumn tableName="CLIENT">
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="NAME" type="VARCHAR(255)" />
</addColumn>
<addColumn tableName="IDENTITY_PROVIDER">
<column name="ADD_TOKEN_ROLE" type="BOOLEAN" defaultValueBoolean="true">
<constraints nullable="false"/>
</column>
</addColumn>
<update tableName="CLIENT">
<column name="CONSENT_REQUIRED" valueBoolean="true"/>
<where>DTYPE = 'OAuthClientEntity'</where>
</update>
<dropColumn tableName="CLIENT" columnName="DTYPE"/>
<dropForeignKeyConstraint baseTableName="REALM" constraintName="FK_RSAF444KK6QRKMS7N56AIWQ5Y" />
<renameColumn tableName="REALM" newColumnName="MASTER_ADMIN_CLIENT" oldColumnName="MASTER_ADMIN_APP" columnDataType="VARCHAR(36)"/>
<addForeignKeyConstraint baseColumnNames="MASTER_ADMIN_CLIENT" baseTableName="REALM" constraintName="FK_TRAF444KK6QRKMS7N56AIWQ5Y" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<!--<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_82S3P0DIUXAWWQQSA528UBY2Q" />-->
<renameTable oldTableName="REALM_APPLICATION" newTableName="REALM_CLIENT"/>
<renameColumn tableName="REALM_CLIENT" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
<addUniqueConstraint columnNames="CLIENT_ID" constraintName="UK_M6QGA3RFME47335JY8JXYXH3I" tableName="REALM_CLIENT" />
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="REALM_CLIENT" constraintName="FK_93S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_CLIENT" constraintName="FK_M6QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="REALM" />
<!--<dropForeignKeyConstraint baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_MAYLTS7KLWQW2H8M2B5JOYTKY" />-->
<renameTable oldTableName="APPLICATION_DEFAULT_ROLES" newTableName="CLIENT_DEFAULT_ROLES"/>
<renameColumn tableName="CLIENT_DEFAULT_ROLES" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_8AELWNIBJI49AVXSRTUF6XJOW" tableName="CLIENT_DEFAULT_ROLES"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_DEFAULT_ROLES" constraintName="FK_NUILTS7KLWQW2H8M2B5JOYTKY" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="CLIENT_DEFAULT_ROLES" constraintName="FK_8AELWNIBJI49AVXSRTUF6XJOW" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<dropForeignKeyConstraint baseTableName="APP_NODE_REGISTRATIONS" constraintName="FK8454723BA992F594" />
<dropPrimaryKey constraintName="CONSTRAINT_84" tableName="APP_NODE_REGISTRATIONS"/>
<renameTable oldTableName="APP_NODE_REGISTRATIONS" newTableName="CLIENT_NODE_REGISTRATIONS"/>
<renameColumn tableName="CLIENT_NODE_REGISTRATIONS" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
<addPrimaryKey columnNames="CLIENT_ID, NAME" constraintName="CONSTRAINT_84_2" tableName="CLIENT_NODE_REGISTRATIONS"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_NODE_REGISTRATIONS" constraintName="FK4129723BA992F594" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<dropForeignKeyConstraint baseTableName="KEYCLOAK_ROLE" constraintName="FK_PIMO5LE2C0RAL09FL8CM9WFW9" />
<renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT" oldColumnName="APPLICATION" columnDataType="VARCHAR(36)"/>
<renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT_ROLE" oldColumnName="APPLICATION_ROLE" columnDataType="BOOLEAN"/>
<renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT_REALM_CONSTRAINT" oldColumnName="APP_REALM_CONSTRAINT" columnDataType="VARCHAR(36)"/>
<addForeignKeyConstraint baseColumnNames="CLIENT" baseTableName="KEYCLOAK_ROLE" constraintName="FK_KJHO5LE2C0RAL09FL8CM9WFW9" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<!--<dropUniqueConstraint tableName="KEYCLOAK_ROLE" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2"/>-->
<addUniqueConstraint columnNames="NAME,CLIENT_REALM_CONSTRAINT" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2-2" tableName="KEYCLOAK_ROLE"/>
<addUniqueConstraint columnNames="CLIENT_ID, USER_ID" constraintName="UK_JKUWUVD56ONTGSUHOGM8UEWRT" tableName="USER_CONSENT"/>
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_2_0_CR1"/>
</changeSet>
</databaseChangeLog>

155
model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.4.0.xml Normal file
View file

@ -0,0 +1,155 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="bburke@redhat.com" id="1.4.0">
<delete tableName="CLIENT_SESSION_AUTH_STATUS"/>
<delete tableName="CLIENT_SESSION_ROLE"/>
<delete tableName="CLIENT_SESSION_PROT_MAPPER"/>
<delete tableName="CLIENT_SESSION_NOTE"/>
<delete tableName="CLIENT_SESSION"/>
<delete tableName="USER_SESSION_NOTE"/>
<delete tableName="USER_SESSION"/>
<addColumn tableName="CLIENT">
<column name="SERVICE_ACCOUNTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
</addColumn>
<addColumn tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</addColumn>
<addColumn tableName="AUTHENTICATION_FLOW">
<column name="PROVIDER_ID" type="VARCHAR(36)" defaultValue="basic-flow">
<constraints nullable="false"/>
</column>
<column name="TOP_LEVEL" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="BUILT_IN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
</addColumn>
<addColumn tableName="AUTHENTICATION_EXECUTION">
<column name="AUTH_FLOW_ID" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
<column name="AUTH_CONFIG" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</addColumn>
<addColumn tableName="USER_ATTRIBUTE">
<column name="ID" type="VARCHAR(36)" defaultValue="sybase-needs-something-here">
<constraints nullable="false"/>
</column>
</addColumn>
<dropColumn tableName="AUTHENTICATOR" columnName="PROVIDER_ID"/>
<renameTable oldTableName="AUTHENTICATOR_CONFIG" newTableName="AUTHENTICATOR_CONFIG_ENTRY"/>
<dropForeignKeyConstraint baseTableName="AUTHENTICATOR" constraintName="FK_AUTH_REALM" />
<renameTable oldTableName="AUTHENTICATOR" newTableName="AUTHENTICATOR_CONFIG"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATOR_CONFIG" constraintName="FK_AUTH_REALM_2" referencedColumnNames="ID" referencedTableName="REALM"/>
<!-- OAUTH_GRANT,
CODE_TO_TOKEN,
VERIFY_EMAIL,
UPDATE_PROFILE,
CONFIGURE_TOTP,
UPDATE_PASSWORD,
RECOVER_PASSWORD,
AUTHENTICATE,
SOCIAL_CALLBACK,
LOGGED_OUT -->
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="OAUTH_GRANT"/>
<where>ACTION = 0</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="CODE_TO_TOKEN"/>
<where>ACTION = 1</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="VERIFY_EMAIL"/>
<where>ACTION = 2</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="UPDATE_PROFILE"/>
<where>ACTION = 3</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="CONFIGURE_TOTP"/>
<where>ACTION = 4</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="UPDATE_PASSWORD"/>
<where>ACTION = 5</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="RECOVER_PASSWORD"/>
<where>ACTION = 6</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="AUTHENTICATE"/>
<where>ACTION = 7</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="SOCIAL_CALLBACK"/>
<where>ACTION = 8</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="LOGGED_OUT"/>
<where>ACTION = 9</where>
</update>
<createTable tableName="CLIENT_USER_SESSION_NOTE">
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(2048)"/>
<column name="CLIENT_SESSION" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REQUIRED_ACTION_PROVIDER">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ALIAS" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(36)"/>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="DEFAULT_ACTION" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="PROVIDER_ID" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="REQUIRED_ACTION_CONFIG">
<column name="REQUIRED_ACTION_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="CLOB"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_4_0_Final"/>
<dropPrimaryKey constraintName="CONSTRAINT_6" tableName="USER_ATTRIBUTE"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_USER_ATTRIBUTE_PK" tableName="USER_ATTRIBUTE"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_REQ_ACT_PRV_PK" tableName="REQUIRED_ACTION_PROVIDER"/>
<addPrimaryKey columnNames="REQUIRED_ACTION_ID, NAME" constraintName="CONSTRAINT_REQ_ACT_CFG_PK" tableName="REQUIRED_ACTION_CONFIG"/>
<addPrimaryKey columnNames="CLIENT_SESSION, NAME" constraintName="CONSTR_CL_USR_SES_NOTE" tableName="CLIENT_USER_SESSION_NOTE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REQUIRED_ACTION_PROVIDER" constraintName="FK_REQ_ACT_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_USER_SESSION_NOTE" constraintName="FK_CL_USR_SES_NOTE" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
<dropColumn tableName="CLIENT_SESSION" columnName="ACTION"/>
<addColumn tableName="USER_ENTITY">
<column name="CREATED_TIMESTAMP" type="BIGINT"/>
<column name="SERVICE_ACCOUNT_CLIENT_LINK" type="VARCHAR(36)"/>
</addColumn>
</changeSet>
</databaseChangeLog>

129
model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.8.0.xml Normal file
View file

@ -0,0 +1,129 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="mposolda@redhat.com" id="1.8.0">
<addColumn tableName="IDENTITY_PROVIDER">
<column name="POST_BROKER_LOGIN_FLOW_ID" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</addColumn>
<createTable tableName="CLIENT_TEMPLATE">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="DESCRIPTION" type="VARCHAR(255)"/>
<column name="PROTOCOL" type="VARCHAR(255)"/>
<column name="FULL_SCOPE_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="STANDARD_FLOW_ENABLED" type="BOOLEAN" defaultValueBoolean="true">
<constraints nullable="false"/>
</column>
<column name="IMPLICIT_FLOW_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="DIRECT_ACCESS_GRANTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SERVICE_ACCOUNTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="BEARER_ONLY" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="PUBLIC_CLIENT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT_TEMPLATE_ATTRIBUTES">
<column name="TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(2048)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="TEMPLATE_SCOPE_MAPPING">
<column name="TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<dropNotNullConstraint tableName="PROTOCOL_MAPPER" columnName="CLIENT_ID" columnDataType="VARCHAR(36)"/>
<addColumn tableName="CLIENT">
<column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
<column name="USE_TEMPLATE_CONFIG" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="USE_TEMPLATE_SCOPE" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="USE_TEMPLATE_MAPPERS" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
</addColumn>
<addColumn tableName="PROTOCOL_MAPPER">
<column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</addColumn>
<createTable tableName="REALM_CLIENT_TEMPLATE">
<column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<addPrimaryKey columnNames="ID" constraintName="PK_CLI_TEMPLATE" tableName="CLIENT_TEMPLATE"/>
<addUniqueConstraint columnNames="REALM_ID,NAME" constraintName="UK_CLI_TEMPLATE" tableName="CLIENT_TEMPLATE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="CLIENT_TEMPLATE" constraintName="FK_REALM_CLI_TMPLT" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_CLI_TMPLT_MAPPER" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="CLIENT" constraintName="FK_CLI_TMPLT_CLIENT" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_RLM" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_CLI" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<addPrimaryKey columnNames="TEMPLATE_ID, ROLE_ID" constraintName="PK_TEMPLATE_SCOPE" tableName="TEMPLATE_SCOPE_MAPPING"/>
<addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_ROLE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addPrimaryKey columnNames="TEMPLATE_ID, NAME" constraintName="PK_CL_TMPL_ATTR" tableName="CLIENT_TEMPLATE_ATTRIBUTES"/>
<addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="CLIENT_TEMPLATE_ATTRIBUTES" constraintName="FK_CL_TEMPL_ATTR_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<update tableName="CREDENTIAL">
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
<where>TYPE in ('password-history', 'password') AND ALGORITHM is NULL</where>
</update>
</changeSet>
<changeSet id="1.8.0-2" author="keycloak">
<dropDefaultValue tableName="CREDENTIAL" columnName="ALGORITHM" columnDataType="VARCHAR(36)"/>
<update tableName="CREDENTIAL">
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
<where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
</update>
</changeSet>
</databaseChangeLog>

16
model/jpa/src/main/resources/META-INF/db2-jpa-changelog-master.xml Normal file
View file

@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
<include file="META-INF/db2-jpa-changelog-1.0.0.Final.xml"/>
<include file="META-INF/jpa-changelog-1.1.0.Beta1.xml"/>
<include file="META-INF/jpa-changelog-1.1.0.Final.xml"/>
<include file="META-INF/db2-jpa-changelog-1.2.0.Beta1.xml"/>
<include file="META-INF/db2-jpa-changelog-1.2.0.CR1.xml"/>
<include file="META-INF/jpa-changelog-1.2.0.Final.xml"/>
<include file="META-INF/jpa-changelog-1.3.0.xml"/>
<include file="META-INF/db2-jpa-changelog-1.4.0.xml"/>
<include file="META-INF/jpa-changelog-1.5.0.xml"/>
<include file="META-INF/jpa-changelog-1.6.1.xml"/>
<include file="META-INF/jpa-changelog-1.7.0.xml"/>
<include file="META-INF/db2-jpa-changelog-1.8.0.xml"/>
<include file="META-INF/jpa-changelog-1.9.0.xml"/>
</databaseChangeLog>

6
model/jpa/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
View file

@ -119,6 +119,12 @@
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" /> <column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
<where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where> <where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
</update> </update>
<!-- Sybase specific hacks -->
<modifySql dbms="sybase">
<regExpReplace replace=".*(SET DEFAULT NULL)" with="SELECT 1" />
</modifySql>
</changeSet> </changeSet>
</databaseChangeLog> </databaseChangeLog>

47
model/jpa/src/main/resources/META-INF/jpa-changelog-1.9.0.xml Normal file
View file

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="mposolda@redhat.com" id="1.9.0">
<!-- This is needed for MSSQL :( -->
<!-- 1.5 -->
<update tableName="REALM">
<column name="OTP_POLICY_COUNTER" type="INT" valueNumeric="0" />
<where>OTP_POLICY_COUNTER is NULL</where>
</update>
<update tableName="REALM">
<column name="OTP_POLICY_WINDOW" type="INT" valueNumeric="1" />
<where>OTP_POLICY_WINDOW is NULL</where>
</update>
<update tableName="REALM">
<column name="OTP_POLICY_PERIOD" type="INT" valueNumeric="30" />
<where>OTP_POLICY_PERIOD is NULL</where>
</update>
<update tableName="REALM">
<column name="OTP_POLICY_DIGITS" type="INT" valueNumeric="6" />
<where>OTP_POLICY_DIGITS is NULL</where>
</update>
<update tableName="CREDENTIAL">
<column name="COUNTER" type="INT" valueNumeric="0" />
<where>COUNTER is NULL</where>
</update>
<update tableName="CREDENTIAL">
<column name="DIGITS" type="INT" valueNumeric="6" />
<where>DIGITS is NULL</where>
</update>
<update tableName="CREDENTIAL">
<column name="PERIOD" type="INT" valueNumeric="30" />
<where>PERIOD is NULL</where>
</update>
<!-- 1.6 -->
<update tableName="REALM">
<column name="OFFLINE_SESSION_IDLE_TIMEOUT" type="INT" valueNumeric="2592000" />
<where>OFFLINE_SESSION_IDLE_TIMEOUT is NULL</where>
</update>
<!-- 1.7 -->
<update tableName="REALM">
<column name="ACCESS_TOKEN_LIFE_IMPLICIT" type="INT" valueNumeric="900" />
<where>ACCESS_TOKEN_LIFE_IMPLICIT is NULL</where>
</update>
</changeSet>
</databaseChangeLog>

1
model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml
View file

@ -12,4 +12,5 @@
<include file="META-INF/jpa-changelog-1.6.1.xml"/> <include file="META-INF/jpa-changelog-1.6.1.xml"/>
<include file="META-INF/jpa-changelog-1.7.0.xml"/> <include file="META-INF/jpa-changelog-1.7.0.xml"/>
<include file="META-INF/jpa-changelog-1.8.0.xml"/> <include file="META-INF/jpa-changelog-1.8.0.xml"/>
<include file="META-INF/jpa-changelog-1.9.0.xml"/>
</databaseChangeLog> </databaseChangeLog>

37
pom.xml
View file

@ -55,8 +55,7 @@
<eap.version>7.0.0.Beta</eap.version> <eap.version>7.0.0.Beta</eap.version>
<!-- this is EAP 6.4 alpha, publicly available --> <jboss.version>7.2.0.Final</jboss.version>
<jboss.version>7.5.0.Final-redhat-15</jboss.version>
<servlet.api.30.version>1.0.2.Final</servlet.api.30.version> <servlet.api.30.version>1.0.2.Final</servlet.api.30.version>
<google.zxing.version>3.2.1</google.zxing.version> <google.zxing.version>3.2.1</google.zxing.version>
@ -1332,39 +1331,5 @@
</plugins> </plugins>
</build> </build>
</profile> </profile>
<!-- Configure the JBoss Early Access Maven repository -->
<profile>
<id>jboss-earlyaccess-repository</id>
<activation>
<property>
<name>!no-jboss-ea-repo</name>
</property>
</activation>
<repositories>
<repository>
<id>jboss-earlyaccess-repository</id>
<url>http://maven.repository.redhat.com/earlyaccess/all/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>jboss-earlyaccess-plugin-repository</id>
<url>http://maven.repository.redhat.com/earlyaccess/all/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles> </profiles>
</project> </project>

2
saml-core/src/main/java/org/keycloak/saml/common/util/StringUtil.java
View file

@ -130,7 +130,7 @@ public class StringUtil {
* @param second * @param second
*/ */
public static void match(String first, String second) { public static void match(String first, String second) {
if (first.equals(second) == false) if (!first.equals(second))
throw logger.notEqualError(first, second); throw logger.notEqualError(first, second);
} }

4
saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
View file

@ -191,7 +191,7 @@ public class TransformerUtil {
public void transform(Source xmlSource, Result outputTarget) throws TransformerException { public void transform(Source xmlSource, Result outputTarget) throws TransformerException {
if (!(xmlSource instanceof StAXSource)) if (!(xmlSource instanceof StAXSource))
throw logger.wrongTypeError("xmlSource should be a stax source"); throw logger.wrongTypeError("xmlSource should be a stax source");
if (outputTarget instanceof DOMResult == false) if (!(outputTarget instanceof DOMResult))
throw logger.wrongTypeError("outputTarget should be a dom result"); throw logger.wrongTypeError("outputTarget should be a dom result");
String rootTag = null; String rootTag = null;
@ -208,7 +208,7 @@ public class TransformerUtil {
try { try {
XMLEvent xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader); XMLEvent xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader);
if (xmlEvent instanceof StartElement == false) if (!(xmlEvent instanceof StartElement))
throw new TransformerException(ErrorCodes.WRITER_SHOULD_START_ELEMENT); throw new TransformerException(ErrorCodes.WRITER_SHOULD_START_ELEMENT);
StartElement rootElement = (StartElement) xmlEvent; StartElement rootElement = (StartElement) xmlEvent;

2
saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/StatementUtil.java
View file

@ -167,7 +167,7 @@ public class StatementUtil {
* @return * @return
*/ */
public static AttributeStatementType createAttributeStatementForRoles(List<String> roles, boolean multivalued) { public static AttributeStatementType createAttributeStatementForRoles(List<String> roles, boolean multivalued) {
if (multivalued == false) { if (!multivalued) {
return createAttributeStatement(roles); return createAttributeStatement(roles);
} }
AttributeStatementType attrStatement = new AttributeStatementType(); AttributeStatementType attrStatement = new AttributeStatementType();

2
saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
View file

@ -136,7 +136,7 @@ public class JAXPValidationUtil {
public void error(SAXParseException ex) throws SAXException { public void error(SAXParseException ex) throws SAXException {
logException(ex); logException(ex);
if (ex.getMessage().contains("null") == false) { if (!ex.getMessage().contains("null")) {
throw ex; throw ex;
} }
} }

20
server-spi/src/main/java/org/keycloak/models/ClaimMask.java
View file

@ -5,16 +5,16 @@ package org.keycloak.models;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class ClaimMask { public class ClaimMask {
public static final long NAME = 0x01l; public static final long NAME = 0x01L;
public static final long USERNAME = 0x02l; public static final long USERNAME = 0x02L;
public static final long PROFILE = 0x04l; public static final long PROFILE = 0x04L;
public static final long PICTURE = 0x08l; public static final long PICTURE = 0x08L;
public static final long WEBSITE = 0x10l; public static final long WEBSITE = 0x10L;
public static final long EMAIL = 0x20l; public static final long EMAIL = 0x20L;
public static final long GENDER = 0x40l; public static final long GENDER = 0x40L;
public static final long LOCALE = 0x80l; public static final long LOCALE = 0x80L;
public static final long ADDRESS = 0x100l; public static final long ADDRESS = 0x100L;
public static final long PHONE = 0x200l; public static final long PHONE = 0x200L;
public static final long ALL = NAME | USERNAME | PROFILE | PICTURE | WEBSITE | EMAIL | GENDER | LOCALE | ADDRESS | PHONE; public static final long ALL = NAME | USERNAME | PROFILE | PICTURE | WEBSITE | EMAIL | GENDER | LOCALE | ADDRESS | PHONE;

24
server-spi/src/main/java/org/keycloak/models/OTPPolicy.java
View file

@ -96,25 +96,25 @@ public class OTPPolicy implements Serializable {
} }
public String getKeyURI(RealmModel realm, UserModel user, String secret) { public String getKeyURI(RealmModel realm, UserModel user, String secret) {
String displayName = realm.getDisplayName();
String uri = null;
if (displayName == null || displayName.isEmpty()) { displayName = realm.getName(); }
uri = "otpauth://" + type + "/" + displayName + ":" + user.getUsername() + "?secret=" +
Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
try { try {
uri += "&issuer=" + URLEncoder.encode(realm.getName(), "UTF-8"); String displayName = realm.getDisplayName() != null && !realm.getDisplayName().isEmpty() ? realm.getDisplayName() : realm.getName();
} catch (UnsupportedEncodingException e) { String uri;
logger.debug("Failed to add issuer parameter to OTP URI becasue UTF-8 is not supported.");
} uri = "otpauth://" + type + "/" + URLEncoder.encode(user.getUsername(), "UTF-8") + "?secret=" +
Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
uri += "&issuer=" + URLEncoder.encode(displayName, "UTF-8");
if (type.equals(UserCredentialModel.HOTP)) { if (type.equals(UserCredentialModel.HOTP)) {
uri += "&counter=" + initialCounter; uri += "&counter=" + initialCounter;
} }
if (type.equals(UserCredentialModel.TOTP)) { if (type.equals(UserCredentialModel.TOTP)) {
uri += "&period=" + period; uri += "&period=" + period;
} }
return uri;
return uri;
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
} }
} }

2
server-spi/src/main/java/org/keycloak/models/PasswordPolicy.java
View file

@ -32,7 +32,7 @@ public class PasswordPolicy implements Serializable {
this.policyString = policyString; this.policyString = policyString;
this.policies = new LinkedList<>(); this.policies = new LinkedList<>();
if (policyString != null && !policyString.isEmpty()) { if (policyString != null && !policyString.trim().isEmpty()) {
for (String policy : policyString.split(" and ")) { for (String policy : policyString.split(" and ")) {
policy = policy.trim(); policy = policy.trim();

30
services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtector.java
View file

@ -21,6 +21,7 @@ import org.keycloak.common.ClientConnection;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UsernameLoginFailureModel; import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.services.ServicesLogger; import org.keycloak.services.ServicesLogger;
@ -91,30 +92,33 @@ public class DefaultBruteForceProtector implements Runnable, BruteForceProtector
logger.debug("failure"); logger.debug("failure");
RealmModel realm = getRealmModel(session, event); RealmModel realm = getRealmModel(session, event);
logFailure(event); logFailure(event);
UsernameLoginFailureModel user = getUserModel(session, event); UserModel user = session.users().getUserByUsername(event.username.toString(), realm);
if (user == null) { UsernameLoginFailureModel userLoginFailure = getUserModel(session, event);
user = session.sessions().addUserLoginFailure(realm, event.username.toLowerCase()); if (user != null) {
if (userLoginFailure == null) {
userLoginFailure = session.sessions().addUserLoginFailure(realm, event.username.toLowerCase());
} }
user.setLastIPFailure(event.ip); userLoginFailure.setLastIPFailure(event.ip);
long currentTime = System.currentTimeMillis(); long currentTime = System.currentTimeMillis();
long last = user.getLastFailure(); long last = userLoginFailure.getLastFailure();
long deltaTime = 0; long deltaTime = 0;
if (last > 0) { if (last > 0) {
deltaTime = currentTime - last; deltaTime = currentTime - last;
} }
user.setLastFailure(currentTime); userLoginFailure.setLastFailure(currentTime);
if (deltaTime > 0) { if (deltaTime > 0) {
// if last failure was more than MAX_DELTA clear failures // if last failure was more than MAX_DELTA clear failures
if (deltaTime > (long)realm.getMaxDeltaTimeSeconds() *1000L) { if (deltaTime > (long) realm.getMaxDeltaTimeSeconds() * 1000L) {
user.clearFailures(); userLoginFailure.clearFailures();
} }
} }
user.incrementFailures(); userLoginFailure.incrementFailures();
logger.debugv("new num failures: {0}" , user.getNumFailures()); logger.debugv("new num failures: {0}", userLoginFailure.getNumFailures());
int waitSeconds = realm.getWaitIncrementSeconds() * (user.getNumFailures() / realm.getFailureFactor()); int waitSeconds = realm.getWaitIncrementSeconds() * (userLoginFailure.getNumFailures() / realm.getFailureFactor());
logger.debugv("waitSeconds: {0}", waitSeconds); logger.debugv("waitSeconds: {0}", waitSeconds);
logger.debugv("deltaTime: {0}", deltaTime); logger.debugv("deltaTime: {0}", deltaTime);
if (waitSeconds == 0) { if (waitSeconds == 0) {
if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) { if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
logger.debugv("quick login, set min wait seconds"); logger.debugv("quick login, set min wait seconds");
@ -125,9 +129,11 @@ public class DefaultBruteForceProtector implements Runnable, BruteForceProtector
waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds); waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds);
int notBefore = (int) (currentTime / 1000) + waitSeconds; int notBefore = (int) (currentTime / 1000) + waitSeconds;
logger.debugv("set notBefore: {0}", notBefore); logger.debugv("set notBefore: {0}", notBefore);
user.setFailedLoginNotBefore(notBefore); userLoginFailure.setFailedLoginNotBefore(notBefore);
} }
} }
}
protected UsernameLoginFailureModel getUserModel(KeycloakSession session, LoginEvent event) { protected UsernameLoginFailureModel getUserModel(KeycloakSession session, LoginEvent event) {
RealmModel realm = getRealmModel(session, event); RealmModel realm = getRealmModel(session, event);

2
services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
View file

@ -299,7 +299,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
} else if (context.getUsername() == null) { } else if (context.getUsername() == null) {
username = context.getIdpConfig().getAlias() + "." + context.getId(); username = context.getIdpConfig().getAlias() + "." + context.getId();
} else { } else {
username = context.getIdpConfig().getAlias() + "." + context.getUsername(); username = context.getUsername();
} }
} }
username = username.trim(); username = username.trim();

2
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java
View file

@ -11,7 +11,7 @@ public abstract class SAMLServletWithLogout extends AbstractPageWithInjectedUrl
public void logout() { public void logout() {
driver.navigate().to(getUriBuilder().queryParam("GLO", "true").build().toASCIIString()); driver.navigate().to(getUriBuilder().queryParam("GLO", "true").build().toASCIIString());
getUriBuilder().replaceQueryParam("GLO", new Object()); getUriBuilder().replaceQueryParam("GLO", null);
pause(300); pause(300);
} }
} }

25
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json
View file

@ -116,11 +116,10 @@
} }
], ],
"applications": [ "clients": [
{ {
"name": "customer-portal", "clientId": "customer-portal",
"enabled": true, "enabled": true,
"directAccessGrantsEnabled": true,
"adminUrl": "/customer-portal", "adminUrl": "/customer-portal",
"baseUrl": "/customer-portal", "baseUrl": "/customer-portal",
"redirectUris": [ "redirectUris": [
@ -129,7 +128,7 @@
"secret": "password" "secret": "password"
}, },
{ {
"name": "customer-cookie-portal", "clientId": "customer-cookie-portal",
"enabled": true, "enabled": true,
"baseUrl": "/customer-cookie-portal", "baseUrl": "/customer-cookie-portal",
"redirectUris": [ "redirectUris": [
@ -138,7 +137,7 @@
"secret": "password" "secret": "password"
}, },
{ {
"name": "customer-portal-js", "clientId": "customer-portal-js",
"enabled": true, "enabled": true,
"publicClient": true, "publicClient": true,
"adminUrl": "/customer-portal-js", "adminUrl": "/customer-portal-js",
@ -148,7 +147,7 @@
] ]
}, },
{ {
"name": "customer-portal-cli", "clientId": "customer-portal-cli",
"enabled": true, "enabled": true,
"publicClient": true, "publicClient": true,
"redirectUris": [ "redirectUris": [
@ -157,7 +156,7 @@
] ]
}, },
{ {
"name": "product-portal", "clientId": "product-portal",
"enabled": true, "enabled": true,
"adminUrl": "/product-portal", "adminUrl": "/product-portal",
"baseUrl": "/product-portal", "baseUrl": "/product-portal",
@ -167,7 +166,7 @@
"secret": "password" "secret": "password"
}, },
{ {
"name": "secure-portal", "clientId": "secure-portal",
"enabled": true, "enabled": true,
"adminUrl": "/secure-portal", "adminUrl": "/secure-portal",
"baseUrl": "/secure-portal", "baseUrl": "/secure-portal",
@ -180,7 +179,7 @@
} }
}, },
{ {
"name": "session-portal", "clientId": "session-portal",
"enabled": true, "enabled": true,
"adminUrl": "/session-portal", "adminUrl": "/session-portal",
"baseUrl": "/session-portal", "baseUrl": "/session-portal",
@ -190,7 +189,7 @@
"secret": "password" "secret": "password"
}, },
{ {
"name": "input-portal", "clientId": "input-portal",
"enabled": true, "enabled": true,
"adminUrl": "/input-portal", "adminUrl": "/input-portal",
"baseUrl": "/input-portal", "baseUrl": "/input-portal",
@ -198,11 +197,9 @@
"/input-portal/*" "/input-portal/*"
], ],
"secret": "password" "secret": "password"
} },
],
"oauthClients": [
{ {
"name": "third-party", "clientId": "third-party",
"enabled": true, "enabled": true,
"redirectUris": [ "redirectUris": [
"/oauth-client/*", "/oauth-client/*",

145
testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/CreateClientForm.java
View file

@ -25,24 +25,6 @@ public class CreateClientForm extends Form {
@FindBy(id = "clientId") @FindBy(id = "clientId")
private WebElement clientIdInput; private WebElement clientIdInput;
@FindBy(id = "name")
private WebElement nameInput;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='enabled']]")
private OnOffSwitch enabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='consentRequired']]")
private OnOffSwitch consentRequiredSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='standardFlowEnabled']]")
private OnOffSwitch standardFlowEnabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='implicitFlowEnabled']]")
private OnOffSwitch implicitFlowEnabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='directAccessGrantsEnabled']]")
private OnOffSwitch directAccessGrantsEnabledSwitch;
@FindBy(id = "protocol") @FindBy(id = "protocol")
private Select protocolSelect; private Select protocolSelect;
@ -53,43 +35,11 @@ public class CreateClientForm extends Form {
return samlForm; return samlForm;
} }
@FindBy(id = "accessType")
private Select accessTypeSelect;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='serviceAccountsEnabled']]")
private OnOffSwitch serviceAccountsEnabledSwitch;
@FindBy(id = "newRedirectUri")
private WebElement newRedirectUriInput;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newRedirectUri')]")
private WebElement newRedirectUriSubmit;
@FindBy(xpath = ".//input[@ng-model='client.redirectUris[i]']")
private List<WebElement> redirectUriInputs;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'deleteRedirectUri')]")
private List<WebElement> deleteRedirectUriIcons;
public void setValues(ClientRepresentation client) { public void setValues(ClientRepresentation client) {
waitUntilElement(clientIdInput).is().present(); waitUntilElement(clientIdInput).is().present();
setClientId(client.getClientId()); setClientId(client.getClientId());
setName(client.getName());
setEnabled(client.isEnabled());
setConsentRequired(client.isConsentRequired());
setProtocol(client.getProtocol()); setProtocol(client.getProtocol());
if (OIDC.equals(client.getProtocol())) {
setAccessType(client);
if (!client.isBearerOnly()) {
setStandardFlowEnabled(client.isStandardFlowEnabled());
setDirectAccessGrantsEnabled(client.isDirectAccessGrantsEnabled());
if (client.isPublicClient()) {
setImplicitFlowEnabled(client.isImplicitFlowEnabled());
} else {//confidential
setServiceAccountsEnabled(client.isServiceAccountsEnabled());
}
if (client.isStandardFlowEnabled() || client.isImplicitFlowEnabled()) {
setRedirectUris(client.getRedirectUris());
}
}
}
} }
public String getClientId() { public String getClientId() {
@ -100,22 +50,6 @@ public class CreateClientForm extends Form {
setInputValue(clientIdInput, clientId); setInputValue(clientIdInput, clientId);
} }
public String getName() {
return getInputValue(nameInput);
}
public void setName(String name) {
setInputValue(nameInput, name);
}
public boolean isEnabled() {
return enabledSwitch.isOn();
}
public void setEnabled(boolean enabled) {
enabledSwitch.setOn(enabled);
}
public enum OidcAccessType { public enum OidcAccessType {
BEARER_ONLY("bearer-only"), BEARER_ONLY("bearer-only"),
PUBLIC("public"), PUBLIC("public"),
@ -132,77 +66,6 @@ public class CreateClientForm extends Form {
} }
} }
public void setAccessType(ClientRepresentation client) {
if (client.isBearerOnly()) {
accessTypeSelect.selectByVisibleText(BEARER_ONLY.getName());
} else if (client.isPublicClient()) {
accessTypeSelect.selectByVisibleText(PUBLIC.getName());
} else {
accessTypeSelect.selectByVisibleText(CONFIDENTIAL.getName());
}
}
public void addRedirectUri(String redirectUri) {
newRedirectUriInput.sendKeys(redirectUri);
newRedirectUriSubmit.click();
}
public List<String> getRedirectUris() {
List<String> values = new ArrayList<>();
for (WebElement input : redirectUriInputs) {
values.add(getInputValue(input));
}
return values;
}
public void setRedirectUris(List<String> redirectUris) {
Timer.time();
while (!deleteRedirectUriIcons.isEmpty()) {
deleteRedirectUriIcons.get(0).click();
pause(100);
}
Timer.time("deleteRedirectUris");
if (redirectUris != null) {
for (String redirectUri : redirectUris) {
addRedirectUri(redirectUri);
pause(100);
}
}
Timer.time("addRedirectUris");
}
public boolean isConsentRequired() {
return consentRequiredSwitch.isOn();
}
public void setConsentRequired(boolean consentRequired) {
consentRequiredSwitch.setOn(consentRequired);
}
public boolean isStandardFlowEnabled() {
return standardFlowEnabledSwitch.isOn();
}
public void setStandardFlowEnabled(boolean standardFlowEnabled) {
standardFlowEnabledSwitch.setOn(standardFlowEnabled);
}
public boolean isImplicitFlowEnabled() {
return implicitFlowEnabledSwitch.isOn();
}
public void setImplicitFlowEnabled(boolean implicitFlowEnabled) {
implicitFlowEnabledSwitch.setOn(implicitFlowEnabled);
}
public boolean isDirectAccessGrantsEnabled() {
return directAccessGrantsEnabledSwitch.isOn();
}
public void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled) {
directAccessGrantsEnabledSwitch.setOn(directAccessGrantsEnabled);
}
public String getProtocol() { public String getProtocol() {
waitUntilElement(protocolSelect.getFirstSelectedOption()).is().present(); waitUntilElement(protocolSelect.getFirstSelectedOption()).is().present();
return protocolSelect.getFirstSelectedOption().getText(); return protocolSelect.getFirstSelectedOption().getText();
@ -214,14 +77,6 @@ public class CreateClientForm extends Form {
Timer.time("clientSettings.setProtocol()"); Timer.time("clientSettings.setProtocol()");
} }
public boolean isServiceAccountsEnabled() {
return serviceAccountsEnabledSwitch.isOn();
}
public void setServiceAccountsEnabled(boolean serviceAccountsEnabled) {
serviceAccountsEnabledSwitch.setOn(serviceAccountsEnabled);
}
public class SAMLClientSettingsForm extends Form { public class SAMLClientSettingsForm extends Form {
public static final String SAML_ASSERTION_SIGNATURE = "saml.assertion.signature"; public static final String SAML_ASSERTION_SIGNATURE = "saml.assertion.signature";

149
testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/settings/ClientSettingsForm.java
View file

@ -2,14 +2,19 @@ package org.keycloak.testsuite.console.page.clients.settings;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.console.page.fragment.OnOffSwitch; import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
import org.keycloak.testsuite.util.Timer;
import org.openqa.selenium.WebElement; import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy; import org.openqa.selenium.support.FindBy;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.keycloak.testsuite.console.page.clients.CreateClientForm; import org.keycloak.testsuite.console.page.clients.CreateClientForm;
import org.openqa.selenium.support.ui.Select;
import static org.keycloak.testsuite.auth.page.login.Login.OIDC; import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.BEARER_ONLY;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.CONFIDENTIAL;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.PUBLIC;
import static org.keycloak.testsuite.util.WaitUtils.pause; import static org.keycloak.testsuite.util.WaitUtils.pause;
/** /**
@ -17,11 +22,43 @@ import static org.keycloak.testsuite.util.WaitUtils.pause;
*/ */
public class ClientSettingsForm extends CreateClientForm { public class ClientSettingsForm extends CreateClientForm {
@FindBy(id = "name")
private WebElement nameInput;
@FindBy(id = "baseUrl") @FindBy(id = "baseUrl")
private WebElement baseUrlInput; private WebElement baseUrlInput;
@FindBy(id = "adminUrl") @FindBy(id = "adminUrl")
private WebElement adminUrlInput; private WebElement adminUrlInput;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='enabled']]")
private OnOffSwitch enabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='consentRequired']]")
private OnOffSwitch consentRequiredSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='standardFlowEnabled']]")
private OnOffSwitch standardFlowEnabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='implicitFlowEnabled']]")
private OnOffSwitch implicitFlowEnabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='directAccessGrantsEnabled']]")
private OnOffSwitch directAccessGrantsEnabledSwitch;
@FindBy(id = "accessType")
private Select accessTypeSelect;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='serviceAccountsEnabled']]")
private OnOffSwitch serviceAccountsEnabledSwitch;
@FindBy(id = "newRedirectUri")
private WebElement newRedirectUriInput;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newRedirectUri')]")
private WebElement newRedirectUriSubmit;
@FindBy(xpath = ".//input[@ng-model='client.redirectUris[i]']")
private List<WebElement> redirectUriInputs;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'deleteRedirectUri')]")
private List<WebElement> deleteRedirectUriIcons;
@FindBy(id = "newWebOrigin") @FindBy(id = "newWebOrigin")
private WebElement newWebOriginInput; private WebElement newWebOriginInput;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newWebOrigin')]") @FindBy(xpath = ".//i[contains(@data-ng-click, 'newWebOrigin')]")
@ -79,16 +116,122 @@ public class ClientSettingsForm extends CreateClientForm {
@Override @Override
public void setValues(ClientRepresentation client) { public void setValues(ClientRepresentation client) {
super.setValues(client); super.setValues(client);
setName(client.getName());
setEnabled(client.isEnabled());
setConsentRequired(client.isConsentRequired());
setBaseUrl(client.getBaseUrl()); setBaseUrl(client.getBaseUrl());
if (OIDC.equals(client.getProtocol())) { if (OIDC.equals(client.getProtocol())) {
setAccessType(client);
if (!client.isBearerOnly()) {
setStandardFlowEnabled(client.isStandardFlowEnabled());
setDirectAccessGrantsEnabled(client.isDirectAccessGrantsEnabled());
if (client.isPublicClient()) {
setImplicitFlowEnabled(client.isImplicitFlowEnabled());
} else {//confidential
setServiceAccountsEnabled(client.isServiceAccountsEnabled());
}
if (client.isStandardFlowEnabled() || client.isImplicitFlowEnabled()) {
setRedirectUris(client.getRedirectUris());
}
}
setAdminUrl(client.getAdminUrl()); setAdminUrl(client.getAdminUrl());
setWebOrigins(client.getWebOrigins()); setWebOrigins(client.getWebOrigins());
} }
} }
@Override public String getName() {
public void setConsentRequired(boolean value) { return getInputValue(nameInput);
consentRequired.setOn(value); }
public void setName(String name) {
setInputValue(nameInput, name);
}
public boolean isEnabled() {
return enabledSwitch.isOn();
}
public void setEnabled(boolean enabled) {
enabledSwitch.setOn(enabled);
}
public boolean isConsentRequired() {
return consentRequiredSwitch.isOn();
}
public void setConsentRequired(boolean consentRequired) {
consentRequiredSwitch.setOn(consentRequired);
}
public void setAccessType(ClientRepresentation client) {
if (client.isBearerOnly()) {
accessTypeSelect.selectByVisibleText(BEARER_ONLY.getName());
} else if (client.isPublicClient()) {
accessTypeSelect.selectByVisibleText(PUBLIC.getName());
} else {
accessTypeSelect.selectByVisibleText(CONFIDENTIAL.getName());
}
}
public void addRedirectUri(String redirectUri) {
newRedirectUriInput.sendKeys(redirectUri);
newRedirectUriSubmit.click();
}
public List<String> getRedirectUris() {
List<String> values = new ArrayList<>();
for (WebElement input : redirectUriInputs) {
values.add(getInputValue(input));
}
return values;
}
public void setRedirectUris(List<String> redirectUris) {
Timer.time();
while (!deleteRedirectUriIcons.isEmpty()) {
deleteRedirectUriIcons.get(0).click();
pause(100);
}
Timer.time("deleteRedirectUris");
if (redirectUris != null) {
for (String redirectUri : redirectUris) {
addRedirectUri(redirectUri);
pause(100);
}
}
Timer.time("addRedirectUris");
}
public boolean isStandardFlowEnabled() {
return standardFlowEnabledSwitch.isOn();
}
public void setStandardFlowEnabled(boolean standardFlowEnabled) {
standardFlowEnabledSwitch.setOn(standardFlowEnabled);
}
public boolean isImplicitFlowEnabled() {
return implicitFlowEnabledSwitch.isOn();
}
public void setImplicitFlowEnabled(boolean implicitFlowEnabled) {
implicitFlowEnabledSwitch.setOn(implicitFlowEnabled);
}
public boolean isDirectAccessGrantsEnabled() {
return directAccessGrantsEnabledSwitch.isOn();
}
public void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled) {
directAccessGrantsEnabledSwitch.setOn(directAccessGrantsEnabled);
}
public boolean isServiceAccountsEnabled() {
return serviceAccountsEnabledSwitch.isOn();
}
public void setServiceAccountsEnabled(boolean serviceAccountsEnabled) {
serviceAccountsEnabledSwitch.setOn(serviceAccountsEnabled);
} }
} }

42
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/AbstractClientTest.java
View file

@ -17,6 +17,10 @@ import org.keycloak.testsuite.console.page.clients.Client;
import org.keycloak.testsuite.console.page.clients.Clients; import org.keycloak.testsuite.console.page.clients.Clients;
import org.keycloak.testsuite.console.page.clients.CreateClient; import org.keycloak.testsuite.console.page.clients.CreateClient;
import org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType; import org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType;
import org.keycloak.testsuite.console.page.clients.settings.ClientSettings;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.*; import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.*;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_POST; import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_POST;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_REDIRECT; import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_REDIRECT;
@ -53,6 +57,8 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
protected Client clientPage; // note: cannot call navigateTo() unless client id is set protected Client clientPage; // note: cannot call navigateTo() unless client id is set
@Page @Page
protected CreateClient createClientPage; protected CreateClient createClientPage;
@Page
protected ClientSettings clientSettingsPage;
@Before @Before
public void beforeClientTest() { public void beforeClientTest() {
@ -61,13 +67,17 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
} }
public void createClient(ClientRepresentation client) { public void createClient(ClientRepresentation client) {
WaitUtils.waitUntilElement(By.tagName("body"));
assertCurrentUrlEquals(clientsPage); assertCurrentUrlEquals(clientsPage);
clientsPage.table().createClient(); clientsPage.table().createClient();
createClientPage.form().setValues(client); createClientPage.form().setValues(client);
createClientPage.form().save();
clientSettingsPage.form().setValues(client);
if (SAML.equals(client.getProtocol())) { if (SAML.equals(client.getProtocol())) {
createClientPage.form().samlForm().setValues(client); createClientPage.form().samlForm().setValues(client);
} }
createClientPage.form().save(); clientSettingsPage.form().save();
} }
private static ClientRepresentation createClientRep(String clientId) { private static ClientRepresentation createClientRep(String clientId) {
@ -149,21 +159,25 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
assertEqualsStringAttributes(c1.getClientId(), c2.getClientId()); assertEqualsStringAttributes(c1.getClientId(), c2.getClientId());
assertEqualsStringAttributes(c1.getName(), c2.getName()); assertEqualsStringAttributes(c1.getName(), c2.getName());
assertEqualsBooleanAttributes(c1.isEnabled(), c2.isEnabled()); assertEqualsBooleanAttributes(c1.isEnabled(), c2.isEnabled());
assertEqualsBooleanAttributes(c1.isConsentRequired(), c2.isConsentRequired());
assertEqualsBooleanAttributes(c1.isDirectAccessGrantsEnabled(), c2.isDirectAccessGrantsEnabled());
assertEqualsStringAttributes(c1.getProtocol(), c2.getProtocol());
assertEqualsBooleanAttributes(c1.isBearerOnly(), c2.isBearerOnly());
assertEqualsBooleanAttributes(c1.isPublicClient(), c2.isPublicClient());
assertEqualsBooleanAttributes(c1.isSurrogateAuthRequired(), c2.isSurrogateAuthRequired());
assertEqualsBooleanAttributes(c1.isFrontchannelLogout(), c2.isFrontchannelLogout());
assertEqualsBooleanAttributes(c1.isServiceAccountsEnabled(), c2.isServiceAccountsEnabled());
assertEqualsListAttributes(c1.getRedirectUris(), c2.getRedirectUris());
assertEqualsStringAttributes(c1.getBaseUrl(), c2.getBaseUrl()); assertEqualsStringAttributes(c1.getBaseUrl(), c2.getBaseUrl());
assertEqualsStringAttributes(c1.getAdminUrl(), c2.getAdminUrl()); assertEqualsBooleanAttributes(c1.isConsentRequired(), c2.isConsentRequired());
assertEqualsStringAttributes(c1.getProtocol(), c2.getProtocol());
assertEqualsListAttributes(c1.getRedirectUris(), c2.getRedirectUris());
if (c1.getProtocol().equals(OIDC)) {
assertEqualsBooleanAttributes(c1.isBearerOnly(), c2.isBearerOnly());
if (!c1.isBearerOnly()) {
assertEqualsBooleanAttributes(c1.isDirectAccessGrantsEnabled(), c2.isDirectAccessGrantsEnabled());
assertEqualsBooleanAttributes(c1.isPublicClient(), c2.isPublicClient());
assertEqualsListAttributes(c1.getWebOrigins(), c2.getWebOrigins()); assertEqualsListAttributes(c1.getWebOrigins(), c2.getWebOrigins());
assertEqualsStringAttributes(c1.getAdminUrl(), c2.getAdminUrl());
}
assertEqualsBooleanAttributes(c1.isSurrogateAuthRequired(), c2.isSurrogateAuthRequired());
assertEqualsBooleanAttributes(c1.isServiceAccountsEnabled(), c2.isServiceAccountsEnabled());
}
else if (c1.getProtocol().equals(SAML)) {
assertEqualsBooleanAttributes(c1.isFrontchannelLogout(), c2.isFrontchannelLogout());
}
} }
public void assertClientSamlAttributes(Map<String, String> expected, Map<String, String> actual) { public void assertClientSamlAttributes(Map<String, String> expected, Map<String, String> actual) {

19
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/ClientSettingsTest.java
View file

@ -35,6 +35,7 @@ import org.keycloak.testsuite.util.Timer;
* *
* @author Filip Kiss * @author Filip Kiss
* @author tkyjovsk * @author tkyjovsk
* @author Vaclav Muzikar <vmuzikar@redhat.com>
*/ */
public class ClientSettingsTest extends AbstractClientTest { public class ClientSettingsTest extends AbstractClientTest {
@ -49,7 +50,7 @@ public class ClientSettingsTest extends AbstractClientTest {
createClient(newClient); createClient(newClient);
assertAlertSuccess(); assertAlertSuccess();
setExpectedWebOrigins(newClient); //setExpectedWebOrigins(newClient);
// read & verify // read & verify
ClientRepresentation found = findClientByClientId(newClient.getClientId()); ClientRepresentation found = findClientByClientId(newClient.getClientId());
@ -96,7 +97,7 @@ public class ClientSettingsTest extends AbstractClientTest {
createClient(newClient); createClient(newClient);
assertAlertSuccess(); assertAlertSuccess();
setExpectedWebOrigins(newClient); //setExpectedWebOrigins(newClient);
ClientRepresentation found = findClientByClientId(newClient.getClientId()); ClientRepresentation found = findClientByClientId(newClient.getClientId());
assertNotNull("Client " + newClient.getClientId() + " was not found.", found); assertNotNull("Client " + newClient.getClientId() + " was not found.", found);
@ -144,10 +145,6 @@ public class ClientSettingsTest extends AbstractClientTest {
clientsPage.table().createClient(); clientsPage.table().createClient();
createClientPage.form().save(); createClientPage.form().save();
assertAlertDanger(); assertAlertDanger();
createClientPage.form().setClientId("test-client");
createClientPage.form().save();
assertAlertDanger();
} }
// @Test // @Test
@ -182,4 +179,14 @@ public class ClientSettingsTest extends AbstractClientTest {
clientsPage.navigateTo(); clientsPage.navigateTo();
pause(120000); pause(120000);
} }
@Test
public void disabledClient() {
newClient = createOidcClientRep(CONFIDENTIAL, "disabled-client");
newClient.setEnabled(false);
createClient(newClient);
ClientRepresentation clientRepre = findClientByClientId("disabled-client");
assertTrue("Client should be disabled", clientRepre.isEnabled());
}
} }

2
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
View file

@ -155,7 +155,7 @@ public abstract class AbstractIdentityProviderTest {
FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next(); FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider()); assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName()); assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
driver.navigate().to("http://localhost:8081/test-app/logout"); driver.navigate().to("http://localhost:8081/test-app/logout");
driver.navigate().to("http://localhost:8081/test-app"); driver.navigate().to("http://localhost:8081/test-app");

4
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java
View file

@ -138,7 +138,7 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent
FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next(); FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider()); assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName()); assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
driver.navigate().to("http://localhost:8081/test-app/logout"); driver.navigate().to("http://localhost:8081/test-app/logout");
driver.navigate().to("http://localhost:8081/test-app"); driver.navigate().to("http://localhost:8081/test-app");
@ -485,7 +485,7 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent
System.out.println("after logout currentUrl: " + currentUrl); System.out.println("after logout currentUrl: " + currentUrl);
assertTrue(currentUrl.startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth")); assertTrue(currentUrl.startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
unconfigureUserRetrieveToken(getProviderId() + ".test-user"); unconfigureUserRetrieveToken("test-user");
loginIDP("test-user"); loginIDP("test-user");
//authenticateWithIdentityProvider(identityProviderModel, "test-user"); //authenticateWithIdentityProvider(identityProviderModel, "test-user");
assertEquals("http://localhost:8081/test-app", driver.getCurrentUrl()); assertEquals("http://localhost:8081/test-app", driver.getCurrentUrl());

10
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/PostBrokerFlowTest.java
View file

@ -122,7 +122,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
String totpSecret = totpPage.getTotpSecret(); String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret)); totpPage.configure(totp.generateTOTP(totpSecret));
assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId()); assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
driver.navigate().to("http://localhost:8081/test-app/logout"); driver.navigate().to("http://localhost:8081/test-app/logout");
@ -131,7 +131,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
loginTotpPage.assertCurrent(); loginTotpPage.assertCurrent();
loginTotpPage.login(totp.generateTOTP(totpSecret)); loginTotpPage.login(totp.generateTOTP(totpSecret));
assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId()); assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
driver.navigate().to("http://localhost:8081/test-app/logout"); driver.navigate().to("http://localhost:8081/test-app/logout");
@ -141,7 +141,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
this.session = brokerServerRule.startSession(); this.session = brokerServerRule.startSession();
loginIDP("test-user"); loginIDP("test-user");
assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId()); assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
driver.navigate().to("http://localhost:8081/test-app/logout"); driver.navigate().to("http://localhost:8081/test-app/logout");
} }
@ -248,7 +248,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
// assert reauthentication with login page. On login page is link to kc-saml-idp-basic as user has it linked already // assert reauthentication with login page. On login page is link to kc-saml-idp-basic as user has it linked already
Assert.assertEquals("Log in to " + APP_REALM_ID, this.driver.getTitle()); Assert.assertEquals("Log in to " + APP_REALM_ID, this.driver.getTitle());
Assert.assertEquals("Authenticate as kc-saml-idp-basic.test-user to link your account with " + getProviderId(), this.loginPage.getSuccessMessage()); Assert.assertEquals("Authenticate as test-user to link your account with " + getProviderId(), this.loginPage.getSuccessMessage());
// reauthenticate with SAML broker. OTP authentication is required as well // reauthenticate with SAML broker. OTP authentication is required as well
this.loginPage.clickSocial("kc-saml-idp-basic"); this.loginPage.clickSocial("kc-saml-idp-basic");
@ -267,7 +267,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
} }
// authenticated and redirected to app. User is linked with both identity providers // authenticated and redirected to app. User is linked with both identity providers
assertFederatedUser("kc-saml-idp-basic.test-user", "test-user@localhost", "test-user", getProviderId(), "kc-saml-idp-basic"); assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId(), "kc-saml-idp-basic");
} }
private void setPostBrokerFlowForProvider(IdentityProviderModel identityProvider, RealmModel realm, boolean enable) { private void setPostBrokerFlowForProvider(IdentityProviderModel identityProvider, RealmModel realm, boolean enable) {

2
testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java
View file

@ -68,7 +68,7 @@ public class AdminEventStoreProviderTest {
Assert.assertEquals(1, eventStore.createAdminQuery().authUser("userId").operation(OperationType.ACTION).getResultList().size()); Assert.assertEquals(1, eventStore.createAdminQuery().authUser("userId").operation(OperationType.ACTION).getResultList().size());
Assert.assertEquals(2, eventStore.createAdminQuery().maxResults(2).getResultList().size()); Assert.assertEquals(2, eventStore.createAdminQuery().maxResults(2).getResultList().size());
Assert.assertEquals(1, eventStore.createAdminQuery().firstResult(5).getResultList().size()); Assert.assertEquals(1, eventStore.createAdminQuery().firstResult(5).maxResults(5).getResultList().size());
Assert.assertEquals(newest, eventStore.createAdminQuery().maxResults(1).getResultList().get(0).getTime()); Assert.assertEquals(newest, eventStore.createAdminQuery().maxResults(1).getResultList().get(0).getTime());
Assert.assertEquals(oldest, eventStore.createAdminQuery().firstResult(5).maxResults(1).getResultList().get(0).getTime()); Assert.assertEquals(oldest, eventStore.createAdminQuery().firstResult(5).maxResults(1).getResultList().get(0).getTime());

28
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
View file

@ -41,6 +41,7 @@ import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType; import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage; import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.rule.GreenMailRule; import org.keycloak.testsuite.rule.GreenMailRule;
import org.keycloak.testsuite.rule.KeycloakRule; import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup; import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
@ -101,13 +102,15 @@ public class BruteForceTest {
@WebResource @WebResource
protected LoginPage loginPage; protected LoginPage loginPage;
@WebResource
private RegisterPage registerPage;
@WebResource @WebResource
protected LoginTotpPage loginTotpPage; protected LoginTotpPage loginTotpPage;
@WebResource @WebResource
protected OAuthClient oauth; protected OAuthClient oauth;
private TimeBasedOTP totp = new TimeBasedOTP(); private TimeBasedOTP totp = new TimeBasedOTP();
private int lifespan; private int lifespan;
@ -340,6 +343,17 @@ public class BruteForceTest {
loginSuccess(); loginSuccess();
} }
@Test
public void testNonExistingAccounts() throws Exception {
loginInvalidPassword("non-existent-user");
loginInvalidPassword("non-existent-user");
loginInvalidPassword("non-existent-user");
registerUser("non-existent-user");
}
public void expectTemporarilyDisabled() throws Exception { public void expectTemporarilyDisabled() throws Exception {
expectTemporarilyDisabled("test-user@localhost"); expectTemporarilyDisabled("test-user@localhost");
} }
@ -430,4 +444,16 @@ public class BruteForceTest {
events.clear(); events.clear();
} }
public void registerUser(String username){
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register("user", "name", username + "@localhost", username, "password", "password");
Assert.assertNull(registerPage.getInstruction());
events.clear();
}
} }

13
testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java
View file

@ -57,6 +57,10 @@ public class RegisterPage extends AbstractPage {
@FindBy(className = "alert-error") @FindBy(className = "alert-error")
private WebElement loginErrorMessage; private WebElement loginErrorMessage;
@FindBy(className = "instruction")
private WebElement loginInstructionMessage;
public void register(String firstName, String lastName, String email, String username, String password, String passwordConfirm) { public void register(String firstName, String lastName, String email, String username, String password, String passwordConfirm) {
firstNameInput.clear(); firstNameInput.clear();
if (firstName != null) { if (firstName != null) {
@ -131,6 +135,15 @@ public class RegisterPage extends AbstractPage {
return loginErrorMessage != null ? loginErrorMessage.getText() : null; return loginErrorMessage != null ? loginErrorMessage.getText() : null;
} }
public String getInstruction() {
try {
return loginInstructionMessage != null ? loginInstructionMessage.getText() : null;
} catch (NoSuchElementException e){
// OK
}
return null;
}
public String getFirstName() { public String getFirstName() {
return firstNameInput.getAttribute("value"); return firstNameInput.getAttribute("value");
} }

2
themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties Executable file → Normal file
View file

@ -538,8 +538,10 @@ composite.associated-roles.tooltip=Realm level roles associated with this compos
composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role. composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role.
composite.associated-roles-client.tooltip=Client roles associated with this composite role. composite.associated-roles-client.tooltip=Client roles associated with this composite role.
partial-import=Partial Import partial-import=Partial Import
partial-import.tooltip=Partial import allows you to import users, clients, and other resources from a previously exported json file.
file=File file=File
exported-json-file=Exported json file
import-from-realm=Import from realm import-from-realm=Import from realm
import-users=Import users import-users=Import users
import-clients=Import clients import-clients=Import clients

7
themes/src/main/resources/theme/base/admin/resources/partials/partial-import.html
View file

@ -1,11 +1,14 @@
<div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2"> <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
<h1>{{:: 'partial-import' | translate}}</h1> <h1>
<span>{{:: 'partial-import' | translate}}</span>
<kc-tooltip>{{:: 'partial-import.tooltip' | translate}}</kc-tooltip>
</h1>
<form class="form-horizontal" name="partialImportForm" novalidate> <form class="form-horizontal" name="partialImportForm" novalidate>
<fieldset class="border-top"> <fieldset class="border-top">
<div class="form-group"> <div class="form-group">
<label for="name" class="col-sm-2 control-label">{{:: 'file' | translate}}</label> <label for="name" class="col-sm-2 control-label">{{:: 'exported-json-file' | translate}}</label>
<div class="col-md-6" data-ng-hide="importing"> <div class="col-md-6" data-ng-hide="importing">
<label for="import-file" class="btn btn-default">{{:: 'select-file'| translate}} <i class="pficon pficon-import"></i></label> <label for="import-file" class="btn btn-default">{{:: 'select-file'| translate}} <i class="pficon pficon-import"></i></label>