Merge remote-tracking branch 'upstream/master'

This commit is contained in:
Bill Burke 2016-02-01 10:36:45 -05:00
commit 4ba77a15a0
58 changed files with 1548 additions and 347 deletions

View file

@ -125,7 +125,7 @@ public class JBossWebPrincipalFactory extends GenericPrincipalFactory {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
if ((next instanceof Group) == false)
if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {

View file

@ -24,7 +24,7 @@ public class Jetty91RequestAuthenticator extends JettyRequestAuthenticator {
if (session == null) {
return request.getSession(true).getId();
}
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}

View file

@ -24,7 +24,7 @@ public class Jetty92RequestAuthenticator extends JettyRequestAuthenticator {
if (session == null) {
return request.getSession(true).getId();
}
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}

View file

@ -22,7 +22,7 @@ public class Tomcat8RequestAuthenticator extends CatalinaRequestAuthenticator {
if (session == null) {
return request.getSession(true).getId();
}
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}

View file

@ -64,7 +64,7 @@ public class ServletRequestAuthenticator extends AbstractUndertowRequestAuthenti
@Override
protected String changeHttpSessionId(boolean create) {
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return ChangeSessionId.changeSessionId(exchange, create);
if (!deployment.isTurnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, create);
else return getHttpSessionId(create);
}

View file

@ -89,7 +89,7 @@ public class SecurityInfoHelper {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
if ((next instanceof Group) == false)
if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {

View file

@ -108,7 +108,7 @@ public class WildflyRequestAuthenticator extends ServletRequestAuthenticator {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
if ((next instanceof Group) == false)
if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {

View file

@ -17,6 +17,7 @@
package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler;
@ -31,11 +32,17 @@ import java.util.List;
class IdentityProviderAddHandler extends AbstractAddStepHandler {
IdentityProviderAddHandler() {
super(IdentityProviderDefinition.ALL_ATTRIBUTES);
}
@Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model);
}
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
for (AttributeDefinition attr : IdentityProviderDefinition.ALL_ATTRIBUTES) {
attr.validateAndSet(operation, model);
}
}
}

View file

@ -17,6 +17,7 @@
package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler;
@ -31,11 +32,17 @@ import java.util.List;
class KeyAddHandler extends AbstractAddStepHandler {
KeyAddHandler() {
super(KeyDefinition.ALL_ATTRIBUTES);
}
@Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model);
}
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
for (AttributeDefinition attr : KeyDefinition.ALL_ATTRIBUTES) {
attr.validateAndSet(operation, model);
}
}
}

View file

@ -18,6 +18,7 @@ package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler;
import org.jboss.as.server.AbstractDeploymentChainStep;
import org.jboss.as.server.DeploymentProcessorTarget;
@ -58,4 +59,8 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
private DeploymentUnitProcessor chooseConfigDeploymentProcessor() {
return new KeycloakAdapterConfigDeploymentProcessor();
}
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
}
}

View file

@ -35,6 +35,7 @@ import javax.xml.stream.XMLStreamException;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
/**
* The subsystem parser, which uses stax to read and write to and from xml
@ -263,7 +264,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
throw new XMLStreamException("KeyStore element must have 'file' or 'resource' attribute set", reader.getLocation());
}
if (!addKeyStore.hasDefined(Constants.Model.PASSWORD)) {
throw ParseUtils.missingRequired(reader, Constants.XML.PASSWORD);
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PASSWORD));
}
while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
@ -292,10 +293,10 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_ALIAS)) {
throw ParseUtils.missingRequired(reader, Constants.XML.PRIVATE_KEY_ALIAS);
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRIVATE_KEY_ALIAS));
}
if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_PASSWORD)) {
throw ParseUtils.missingRequired(reader, Constants.XML.PRIVATE_KEY_PASSWORD);
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRIVATE_KEY_PASSWORD));
}
ParseUtils.requireNoContent(reader);
@ -314,7 +315,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
if (!addKeyStore.hasDefined(Constants.Model.CERTIFICATE_ALIAS)) {
throw ParseUtils.missingRequired(reader, Constants.XML.CERTIFICATE_ALIAS);
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.CERTIFICATE_ALIAS));
}
ParseUtils.requireNoContent(reader);
@ -356,7 +357,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
if (!policySet) {
throw ParseUtils.missingRequired(reader, Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY);
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY));
}
ParseUtils.requireNoContent(reader);
}
@ -568,4 +569,13 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
writer.writeEndElement();
}
private static Set<String> asSet(String ... values) {
HashSet ret = new HashSet();
for (String value: values) {
ret.add(value);
}
return ret;
}
}

View file

@ -39,4 +39,8 @@ class SecureDeploymentAddHandler extends AbstractAddStepHandler {
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model);
}
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
}
}

View file

@ -17,6 +17,7 @@
package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler;
@ -33,11 +34,17 @@ class ServiceProviderAddHandler extends AbstractAddStepHandler {
static final ServiceProviderAddHandler INSTANCE = new ServiceProviderAddHandler();
ServiceProviderAddHandler() {
super(ServiceProviderDefinition.ALL_ATTRIBUTES);
}
@Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model);
}
@Override
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
for (AttributeDefinition attr : ServiceProviderDefinition.ALL_ATTRIBUTES) {
attr.validateAndSet(operation, model);
}
}
}

View file

@ -21,7 +21,7 @@ public class Jetty9SamlSessionStore extends JettySamlSessionStore {
@Override
protected String changeSessionId(HttpSession session) {
Request request = this.request;
if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}

View file

@ -21,7 +21,7 @@ public class Jetty9SamlSessionStore extends JettySamlSessionStore {
@Override
protected String changeSessionId(HttpSession session) {
Request request = this.request;
if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}

View file

@ -22,7 +22,7 @@ public class Tomcat8SamlSessionStore extends CatalinaSamlSessionStore {
@Override
protected String changeSessionId(Session session) {
Request request = this.request;
if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}

View file

@ -165,7 +165,7 @@ public class ServletSamlSessionStore implements SamlSessionStore {
}
protected String changeSessionId(HttpSession session) {
if (deployment.turnOffChangeSessionIdOnLogin() == false) return ChangeSessionId.changeSessionId(exchange, false);
if (!deployment.turnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, false);
else return session.getId();
}

View file

@ -89,7 +89,7 @@ public class SecurityInfoHelper {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
if ((next instanceof Group) == false)
if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {

View file

@ -30,7 +30,7 @@ public class KeycloakLoginModule extends AbstractServerLoginModule {
@Override
public boolean login() throws LoginException {
log.debug("KeycloakLoginModule.login()");
if (super.login() == true) {
if (super.login()) {
log.debug("super.login()==true");
return true;
}

View file

@ -81,7 +81,7 @@ public abstract class GenericPrincipalFactory {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
if ((next instanceof Group) == false)
if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {

View file

@ -207,7 +207,7 @@ public final class StringPropertyReplacer
}
// No properties
if (properties == false)
if (!properties)
return string;
// Collect the trailing characters

View file

@ -7,28 +7,28 @@ package org.keycloak.federation.ldap.mappers.msad;
*/
public class UserAccountControl {
public static final long SCRIPT = 0x0001l;
public static final long ACCOUNTDISABLE = 0x0002l;
public static final long HOMEDIR_REQUIRED = 0x0008l;
public static final long LOCKOUT = 0x0010l;
public static final long PASSWD_NOTREQD = 0x0020l;
public static final long PASSWD_CANT_CHANGE = 0x0040l;
public static final long ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080l;
public static final long TEMP_DUPLICATE_ACCOUNT = 0x0100l;
public static final long NORMAL_ACCOUNT = 0x0200l;
public static final long INTERDOMAIN_TRUST_ACCOUNT = 0x0800l;
public static final long WORKSTATION_TRUST_ACCOUNT = 0x1000l;
public static final long SERVER_TRUST_ACCOUNT = 0x2000l;
public static final long DONT_EXPIRE_PASSWORD = 0x10000l;
public static final long MNS_LOGON_ACCOUNT = 0x20000l;
public static final long SMARTCARD_REQUIRED = 0x40000l;
public static final long TRUSTED_FOR_DELEGATION = 0x80000l;
public static final long NOT_DELEGATED = 0x100000l;
public static final long USE_DES_KEY_ONLY = 0x200000l;
public static final long DONT_REQ_PREAUTH = 0x400000l;
public static final long PASSWORD_EXPIRED = 0x800000l;
public static final long TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000l;
public static final long PARTIAL_SECRETS_ACCOUNT = 0x04000000l;
public static final long SCRIPT = 0x0001L;
public static final long ACCOUNTDISABLE = 0x0002L;
public static final long HOMEDIR_REQUIRED = 0x0008L;
public static final long LOCKOUT = 0x0010L;
public static final long PASSWD_NOTREQD = 0x0020L;
public static final long PASSWD_CANT_CHANGE = 0x0040L;
public static final long ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080L;
public static final long TEMP_DUPLICATE_ACCOUNT = 0x0100L;
public static final long NORMAL_ACCOUNT = 0x0200L;
public static final long INTERDOMAIN_TRUST_ACCOUNT = 0x0800L;
public static final long WORKSTATION_TRUST_ACCOUNT = 0x1000L;
public static final long SERVER_TRUST_ACCOUNT = 0x2000L;
public static final long DONT_EXPIRE_PASSWORD = 0x10000L;
public static final long MNS_LOGON_ACCOUNT = 0x20000L;
public static final long SMARTCARD_REQUIRED = 0x40000L;
public static final long TRUSTED_FOR_DELEGATION = 0x80000L;
public static final long NOT_DELEGATED = 0x100000L;
public static final long USE_DES_KEY_ONLY = 0x200000L;
public static final long DONT_REQ_PREAUTH = 0x400000L;
public static final long PASSWORD_EXPIRED = 0x800000L;
public static final long TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000L;
public static final long PARTIAL_SECRETS_ACCOUNT = 0x04000000L;
private long value;

View file

@ -12,7 +12,7 @@ public interface JpaUpdaterProvider extends Provider {
public String FIRST_VERSION = "1.0.0.Final";
public String LAST_VERSION = "1.8.0";
public String LAST_VERSION = "1.9.0";
public String getCurrentVersionSql(String defaultSchema);

View file

@ -7,6 +7,7 @@ import liquibase.changelog.DatabaseChangeLog;
import liquibase.changelog.RanChangeSet;
import liquibase.database.Database;
import liquibase.database.DatabaseFactory;
import liquibase.database.core.DB2Database;
import liquibase.database.jvm.JdbcConnection;
import liquibase.logging.LogFactory;
import liquibase.logging.LogLevel;
@ -29,6 +30,7 @@ public class LiquibaseJpaUpdaterProvider implements JpaUpdaterProvider {
private static final Logger logger = Logger.getLogger(LiquibaseJpaUpdaterProvider.class);
private static final String CHANGELOG = "META-INF/jpa-changelog-master.xml";
private static final String DB2_CHANGELOG = "META-INF/db2-jpa-changelog-master.xml";
@Override
public String getCurrentVersionSql(String defaultSchema) {
@ -117,7 +119,10 @@ public class LiquibaseJpaUpdaterProvider implements JpaUpdaterProvider {
if (defaultSchema != null) {
database.setDefaultSchemaName(defaultSchema);
}
return new Liquibase(CHANGELOG, new ClassLoaderResourceAccessor(getClass().getClassLoader()), database);
String changelog = (database instanceof DB2Database) ? DB2_CHANGELOG : CHANGELOG;
logger.debugf("Using changelog file: %s", changelog);
return new Liquibase(changelog, new ClassLoaderResourceAccessor(getClass().getClassLoader()), database);
}
@Override

View file

@ -264,7 +264,7 @@ public class RealmAdapter implements RealmModel {
@Override
public long getQuickLoginCheckMilliSeconds() {
return getAttribute("quickLoginCheckMilliSeconds", 0l);
return getAttribute("quickLoginCheckMilliSeconds", 0L);
}
@Override

View file

@ -0,0 +1,442 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
<changeSet author="sthorger@redhat.com" id="1.0.0.Final">
<createTable tableName="APPLICATION_DEFAULT_ROLES">
<column name="APPLICATION_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT">
<column name="DTYPE" type="VARCHAR(31)">
<constraints nullable="false"/>
</column>
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ALLOWED_CLAIMS_MASK" type="BIGINT"/>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="FULL_SCOPE_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="NOT_BEFORE" type="INT"/>
<column name="PUBLIC_CLIENT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SECRET" type="VARCHAR(255)"/>
<column name="BASE_URL" type="VARCHAR(255)"/>
<column name="BEARER_ONLY" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="MANAGEMENT_URL" type="VARCHAR(255)"/>
<column name="SURROGATE_AUTH_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="DIRECT_GRANTS_ONLY" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT_SESSION">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ACTION" type="INT"/>
<column name="CLIENT_ID" type="VARCHAR(36)"/>
<column name="REDIRECT_URI" type="VARCHAR(255)"/>
<column name="STATE" type="VARCHAR(255)"/>
<column name="TIMESTAMP" type="INT"/>
<column name="SESSION_ID" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="CLIENT_SESSION_ROLE">
<column name="ROLE_ID" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="CLIENT_SESSION" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="COMPOSITE_ROLE">
<column name="COMPOSITE" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CHILD_ROLE" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CREDENTIAL">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="DEVICE" type="VARCHAR(255)"/>
<column name="HASH_ITERATIONS" type="INT"/>
<column name="SALT" type="BLOB(16)"/>
<column name="TYPE" type="VARCHAR(255)"/>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="USER_ID" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="EVENT_ENTITY">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CLIENT_ID" type="VARCHAR(255)"/>
<column name="DETAILS_JSON" type="VARCHAR(2550)"/>
<column name="ERROR" type="VARCHAR(255)"/>
<column name="IP_ADDRESS" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(255)"/>
<column name="SESSION_ID" type="VARCHAR(255)"/>
<column name="TIME" type="BIGINT"/>
<column name="TYPE" type="VARCHAR(255)"/>
<column name="USER_ID" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="FED_PROVIDERS">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="USERFEDERATIONPROVIDERS_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="KEYCLOAK_ROLE">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="APP_REALM_CONSTRAINT" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="APPLICATION_ROLE" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="DESCRIPTION" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(255)"/>
<column name="APPLICATION" type="VARCHAR(36)"/>
<column name="REALM" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="REALM">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ACCESS_CODE_LIFESPAN" type="INT"/>
<column name="USER_ACTION_LIFESPAN" type="INT"/>
<column name="ACCESS_TOKEN_LIFESPAN" type="INT"/>
<column name="ACCOUNT_THEME" type="VARCHAR(255)"/>
<column name="ADMIN_THEME" type="VARCHAR(255)"/>
<column name="EMAIL_THEME" type="VARCHAR(255)"/>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="EVENTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="EVENTS_EXPIRATION" type="BIGINT"/>
<column name="LOGIN_THEME" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="NOT_BEFORE" type="INT"/>
<column name="PASSWORD_CRED_GRANT_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="PASSWORD_POLICY" type="VARCHAR(255)"/>
<column name="PRIVATE_KEY" type="VARCHAR(2048)"/>
<column name="PUBLIC_KEY" type="VARCHAR(2048)"/>
<column name="REGISTRATION_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="REMEMBER_ME" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="RESET_PASSWORD_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SOCIAL" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SSL_REQUIRED" type="VARCHAR(255)"/>
<column name="SSO_IDLE_TIMEOUT" type="INT"/>
<column name="SSO_MAX_LIFESPAN" type="INT"/>
<column name="UPDATE_PROFILE_ON_SOC_LOGIN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="VERIFY_EMAIL" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="MASTER_ADMIN_APP" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="REALM_APPLICATION">
<column name="APPLICATION_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_ATTRIBUTE">
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_DEFAULT_ROLES">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_EVENTS_LISTENERS">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="REALM_REQUIRED_CREDENTIAL">
<column name="TYPE" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="FORM_LABEL" type="VARCHAR(255)"/>
<column name="INPUT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SECRET" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_SMTP_CONFIG">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REALM_SOCIAL_CONFIG">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REDIRECT_URIS">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="SCOPE_MAPPING">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USERNAME_LOGIN_FAILURE">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="USERNAME" type="VARCHAR(200)">
<constraints nullable="false"/>
</column>
<column name="FAILED_LOGIN_NOT_BEFORE" type="INT"/>
<column name="LAST_FAILURE" type="BIGINT"/>
<column name="LAST_IP_FAILURE" type="VARCHAR(255)"/>
<column name="NUM_FAILURES" type="INT"/>
</createTable>
<createTable tableName="USER_ATTRIBUTE">
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_ENTITY">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="EMAIL" type="VARCHAR(255)"/>
<column name="EMAIL_CONSTRAINT" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="EMAIL_VERIFIED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="FEDERATION_LINK" type="VARCHAR(255)"/>
<column name="FIRST_NAME" type="VARCHAR(255)"/>
<column name="LAST_NAME" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="TOTP" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="USERNAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_FEDERATION_CONFIG">
<column name="USER_FEDERATION_PROVIDER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_FEDERATION_PROVIDER">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CHANGED_SYNC_PERIOD" type="INT"/>
<column name="DISPLAY_NAME" type="VARCHAR(255)"/>
<column name="FULL_SYNC_PERIOD" type="INT"/>
<column name="LAST_SYNC" type="INT"/>
<column name="PRIORITY" type="INT"/>
<column name="PROVIDER_NAME" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="USER_REQUIRED_ACTION">
<column name="ACTION" type="INT">
<constraints nullable="false"/>
</column>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_ROLE_MAPPING">
<column name="ROLE_ID" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_SESSION">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="AUTH_METHOD" type="VARCHAR(255)"/>
<column name="IP_ADDRESS" type="VARCHAR(255)"/>
<column name="LAST_SESSION_REFRESH" type="INT"/>
<column name="LOGIN_USERNAME" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(255)"/>
<column name="REMEMBER_ME" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="STARTED" type="INT"/>
<column name="USER_ID" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="USER_SOCIAL_LINK">
<column name="SOCIAL_PROVIDER" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(255)"/>
<column name="SOCIAL_USER_ID" type="VARCHAR(255)"/>
<column name="SOCIAL_USERNAME" type="VARCHAR(255)"/>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="WEB_ORIGINS">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(255)"/>
</createTable>
<addPrimaryKey columnNames="REALM_ID, NAME" constraintName="CONSTRAINT_1" tableName="REALM_SOCIAL_CONFIG"/>
<addPrimaryKey columnNames="REALM_ID, USERNAME" constraintName="CONSTRAINT_17" tableName="USERNAME_LOGIN_FAILURE"/>
<addPrimaryKey columnNames="ACTION, USER_ID" constraintName="CONSTRAINT_2" tableName="USER_REQUIRED_ACTION"/>
<addPrimaryKey columnNames="SOCIAL_PROVIDER, USER_ID" constraintName="CONSTRAINT_3" tableName="USER_SOCIAL_LINK"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_4" tableName="EVENT_ENTITY"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_4A" tableName="REALM"/>
<addPrimaryKey columnNames="CLIENT_SESSION, ROLE_ID" constraintName="CONSTRAINT_5" tableName="CLIENT_SESSION_ROLE"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_57" tableName="USER_SESSION"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_5C" tableName="USER_FEDERATION_PROVIDER"/>
<addPrimaryKey columnNames="NAME, USER_ID" constraintName="CONSTRAINT_6" tableName="USER_ATTRIBUTE"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_7" tableName="CLIENT"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_8" tableName="CLIENT_SESSION"/>
<addPrimaryKey columnNames="CLIENT_ID, ROLE_ID" constraintName="CONSTRAINT_81" tableName="SCOPE_MAPPING"/>
<addPrimaryKey columnNames="NAME, REALM_ID" constraintName="CONSTRAINT_9" tableName="REALM_ATTRIBUTE"/>
<addPrimaryKey columnNames="REALM_ID, TYPE" constraintName="CONSTRAINT_92" tableName="REALM_REQUIRED_CREDENTIAL"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_A" tableName="KEYCLOAK_ROLE"/>
<addPrimaryKey columnNames="ROLE_ID, USER_ID" constraintName="CONSTRAINT_C" tableName="USER_ROLE_MAPPING"/>
<addPrimaryKey columnNames="REALM_ID, NAME" constraintName="CONSTRAINT_E" tableName="REALM_SMTP_CONFIG"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_F" tableName="CREDENTIAL"/>
<addPrimaryKey columnNames="USER_FEDERATION_PROVIDER_ID, NAME" constraintName="CONSTRAINT_F9" tableName="USER_FEDERATION_CONFIG"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_FB" tableName="USER_ENTITY"/>
<!-- Added later in 1.2.0.CR1 -->
<!--<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_8AELWNIBJI49AVXSRTUF6XJOW" tableName="APPLICATION_DEFAULT_ROLES"/>-->
<!--<addUniqueConstraint columnNames="REALM_ID,NAME" constraintName="UK_B71CJLBENV945RB6GCON438AT" tableName="CLIENT"/>-->
<addUniqueConstraint columnNames="USERFEDERATIONPROVIDERS_ID" constraintName="UK_DCCIRJLIPU1478VQC89DID88C" tableName="FED_PROVIDERS"/>
<addUniqueConstraint columnNames="REALM_ID,EMAIL_CONSTRAINT" constraintName="UK_DYKN684SL8UP1CRFEI6ECKHD7" tableName="USER_ENTITY"/>
<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_H4WPD7W4HSOOLNI3H0SW7BTJE" tableName="REALM_DEFAULT_ROLES"/>
<!-- Added later in 1.2.0.CR1 -->
<!--<addUniqueConstraint columnNames="NAME,APP_REALM_CONSTRAINT" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2" tableName="KEYCLOAK_ROLE"/>-->
<addUniqueConstraint columnNames="REALM_ID" constraintName="UK_L5QGA3RFME47335JY8JXYXH3I" tableName="REALM_APPLICATION"/>
<addUniqueConstraint columnNames="NAME" constraintName="UK_ORVSDMLA56612EAEFIQ6WL5OI" tableName="REALM"/>
<addUniqueConstraint columnNames="REALM_ID,USERNAME" constraintName="UK_RU8TT6T700S9V50BU18WS5HA6" tableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_ROLE" constraintName="FK_11B7SGQW18I532811V7O2DV76" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="REDIRECT_URIS" constraintName="FK_1BURS8PB4OUJ97H5WUPPAHV9F" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="USER_FEDERATION_PROVIDER" constraintName="FK_1FJ32F6PTOLW2QY60CD8N01E8" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="FED_PROVIDERS" constraintName="FK_213LYQ09FKXQ8K8NY8DY3737T" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_REQUIRED_CREDENTIAL" constraintName="FK_5HG65LYBEVAVKQFKI3KPONH9V" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_ATTRIBUTE" constraintName="FK_5HRM2VLF9QL5FU043KQEPOVBR" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_SOCIAL_LINK" constraintName="FK_68CJYS5UWM55UY823Y75XG4OM" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_REQUIRED_ACTION" constraintName="FK_6QJ3W1JW9CVAFHE19BWSIUVMD" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="REALM" baseTableName="KEYCLOAK_ROLE" constraintName="FK_6VYQFE4CN4WLQ8R6KT5VDSJ5C" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SMTP_CONFIG" constraintName="FK_70EJ8XDXGXD0B9HH6180IRR0O" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="REALM_APPLICATION" constraintName="FK_71S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="REALM"/>
<!-- Added later in 1.2.0.CR1 -->
<!--<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_8AELWNIBJI49AVXSRTUF6XJOW" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>-->
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_ATTRIBUTE" constraintName="FK_8SHXD6L3E9ATQUKACXGPFFPTW" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="COMPOSITE" baseTableName="COMPOSITE_ROLE" constraintName="FK_A63WVEKFTU8JO1PNJ81E7MCE2" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addForeignKeyConstraint baseColumnNames="SESSION_ID" baseTableName="CLIENT_SESSION" constraintName="FK_B4AO2VCVAT6UKAU74WBWTFQO1" referencedColumnNames="ID" referencedTableName="USER_SESSION"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_ROLE_MAPPING" constraintName="FK_C4FQV34P1MBYLLOXANG7B1Q3L" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="USERFEDERATIONPROVIDERS_ID" baseTableName="FED_PROVIDERS" constraintName="FK_DCCIRJLIPU1478VQC89DID88C" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_DEFAULT_ROLES" constraintName="FK_EVUDB1PPW84OXFAX2DRS03ICC" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="CHILD_ROLE" baseTableName="COMPOSITE_ROLE" constraintName="FK_GR7THLLB9LU8Q4VQA4524JJY8" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="REALM_DEFAULT_ROLES" constraintName="FK_H4WPD7W4HSOOLNI3H0SW7BTJE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_EVENTS_LISTENERS" constraintName="FK_H846O4H0W8EPX5NXEV9F5Y69J" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_APPLICATION" constraintName="FK_L5QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="WEB_ORIGINS" constraintName="FK_LOJPHO213XCX4WNKOG82SSRFY" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<!-- Added later in 1.2.0.CR1 -->
<!--<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_MAYLTS7KLWQW2H8M2B5JOYTKY" referencedColumnNames="ID" referencedTableName="CLIENT"/>-->
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="SCOPE_MAPPING" constraintName="FK_OUSE064PLMLR732LXJCN1Q5F1" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="SCOPE_MAPPING" constraintName="FK_P3RH9GRKU11KQFRS4FLTT7RNQ" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="CLIENT" constraintName="FK_P56CTINXXB9GSK57FO49F9TAC" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="CREDENTIAL" constraintName="FK_PFYR0GLASQYL0DEI3KL69R6V0" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="APPLICATION" baseTableName="KEYCLOAK_ROLE" constraintName="FK_PIMO5LE2C0RAL09FL8CM9WFW9" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="MASTER_ADMIN_APP" baseTableName="REALM" constraintName="FK_RSAF444KK6QRKMS7N56AIWQ5Y" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SOCIAL_CONFIG" constraintName="FK_SV5I3C2TI7G0G922FGE683SOV" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="USER_FEDERATION_PROVIDER_ID" baseTableName="USER_FEDERATION_CONFIG" constraintName="FK_T13HPU1J94R2EBPEKR39X5EU5" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
</changeSet>
</databaseChangeLog>

View file

@ -0,0 +1,173 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="psilva@redhat.com" id="1.2.0.Beta1">
<delete tableName="CLIENT_SESSION_ROLE" />
<delete tableName="CLIENT_SESSION_NOTE" />
<delete tableName="CLIENT_SESSION" />
<delete tableName="USER_SESSION" />
<createTable tableName="PROTOCOL_MAPPER">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="PROTOCOL" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="PROTOCOL_MAPPER_NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="CONSENT_TEXT" type="VARCHAR(255)" />
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="PROTOCOL_MAPPER_CONFIG">
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="CLOB" />
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="FEDERATED_IDENTITY">
<column name="IDENTITY_PROVIDER" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="FEDERATED_USER_ID" type="VARCHAR(255)" />
<column name="FEDERATED_USERNAME" type="VARCHAR(255)" />
<column name="TOKEN" type="TEXT" />
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="IDENTITY_PROVIDER">
<column name="INTERNAL_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="PROVIDER_ALIAS" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="PROVIDER_ID" type="VARCHAR(255)" />
<column name="UPDATE_PROFILE_FIRST_LOGIN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="STORE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="AUTHENTICATE_BY_DEFAULT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="IDENTITY_PROVIDER_CONFIG">
<column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="CLOB" />
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="CLIENT_IDENTITY_PROV_MAPPING">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="RETRIEVE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
</createTable>
<createTable tableName="REALM_SUPPORTED_LOCALES">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="VARCHAR(255)" />
</createTable>
<createTable tableName="USER_SESSION_NOTE">
<column name="USER_SESSION" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="VARCHAR(2048)" />
</createTable>
<addColumn tableName="CLIENT">
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
</addColumn>
<addColumn tableName="USER_SESSION">
<column name="USER_SESSION_STATE" type="INT" />
<column name="BROKER_SESSION_ID" type="VARCHAR(255)" />
<column name="BROKER_USER_ID" type="VARCHAR(255)" />
</addColumn>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_PCM" tableName="PROTOCOL_MAPPER" />
<addPrimaryKey columnNames="INTERNAL_ID" constraintName="CONSTRAINT_2B" tableName="IDENTITY_PROVIDER" />
<addPrimaryKey columnNames="IDENTITY_PROVIDER, USER_ID" constraintName="CONSTRAINT_40" tableName="FEDERATED_IDENTITY" />
<addPrimaryKey columnNames="IDENTITY_PROVIDER_ID, NAME" constraintName="CONSTRAINT_D" tableName="IDENTITY_PROVIDER_CONFIG" />
<addPrimaryKey columnNames="PROTOCOL_MAPPER_ID, NAME" constraintName="CONSTRAINT_PMConfig" tableName="PROTOCOL_MAPPER_CONFIG" />
<addPrimaryKey columnNames="USER_SESSION, NAME" constraintName="CONSTRAINT_USN_PK" tableName="USER_SESSION_NOTE" />
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER" constraintName="FK2B4EBC52AE5C3B34" referencedColumnNames="ID" referencedTableName="REALM" />
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_PCM_REALM" referencedColumnNames="ID" referencedTableName="CLIENT" />
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="FEDERATED_IDENTITY" constraintName="FK404288B92EF007A6" referencedColumnNames="ID" referencedTableName="USER_ENTITY" />
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="IDENTITY_PROVIDER_CONFIG" constraintName="FKDC4897CF864C4E43" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER" />
<addForeignKeyConstraint baseColumnNames="PROTOCOL_MAPPER_ID" baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMConfig" referencedColumnNames="ID" referencedTableName="PROTOCOL_MAPPER" />
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_7CELWNIBJI49AVXSRTUF6XJ12" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER" />
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_56ELWNIBJI49AVXSRTUF6XJ23" referencedColumnNames="ID" referencedTableName="CLIENT" />
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SUPPORTED_LOCALES" constraintName="FK_SUPPORTED_LOCALES_REALM" referencedColumnNames="ID" referencedTableName="REALM" />
<addForeignKeyConstraint baseColumnNames="USER_SESSION" baseTableName="USER_SESSION_NOTE" constraintName="FK5EDFB00FF51D3472" referencedColumnNames="ID" referencedTableName="USER_SESSION" />
<addUniqueConstraint columnNames="PROVIDER_ALIAS, REALM_ID" constraintName="UK_2DAELWNIBJI49AVXSRTUF6XJ33" tableName="IDENTITY_PROVIDER" />
<addUniqueConstraint columnNames="IDENTITY_PROVIDER_ID,CLIENT_ID" constraintName="UK_7CAELWNIBJI49AVXSRTUF6XJ12" tableName="CLIENT_IDENTITY_PROV_MAPPING" />
<addColumn tableName="REALM">
<column name="LOGIN_LIFESPAN" type="INT" />
<column name="INTERNATIONALIZATION_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
<column name="DEFAULT_LOCALE" type="VARCHAR(255)" />
<column name="REG_EMAIL_AS_USERNAME" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false" />
</column>
</addColumn>
<!-- KEYCLOAK-1106 APPLICATION_ID and REALM_ID switched in REALM_APPLICATION table -->
<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_71S3P0DIUXAWWQQSA528UBY2Q" />
<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_L5QGA3RFME47335JY8JXYXH3I" />
<dropUniqueConstraint tableName="REALM_APPLICATION" constraintName="UK_L5QGA3RFME47335JY8JXYXH3I" />
<renameColumn tableName="REALM_APPLICATION" oldColumnName="APPLICATION_ID" newColumnName="APPLICATION_ID_TMP" columnDataType="VARCHAR(36)" />
<renameColumn tableName="REALM_APPLICATION" oldColumnName="REALM_ID" newColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)" />
<renameColumn tableName="REALM_APPLICATION" oldColumnName="APPLICATION_ID_TMP" newColumnName="REALM_ID" columnDataType="VARCHAR(36)" />
<!--<addUniqueConstraint columnNames="APPLICATION_ID" constraintName="UK_M6QGA3RFME47335JY8JXYXH3I" tableName="REALM_APPLICATION" />
<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="REALM_APPLICATION" constraintName="FK_82S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="CLIENT" />
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_APPLICATION" constraintName="FK_M6QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="REALM" />-->
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_2_0_Beta1" />
<!-- Remove obsolete 'social' and 'claims' stuff -->
<dropForeignKeyConstraint baseTableName="USER_SOCIAL_LINK" constraintName="FK_68CJYS5UWM55UY823Y75XG4OM" />
<dropTable tableName="USER_SOCIAL_LINK" cascadeConstraints="true" />
<dropForeignKeyConstraint baseTableName="REALM_SOCIAL_CONFIG" constraintName="FK_SV5I3C2TI7G0G922FGE683SOV" />
<dropTable tableName="REALM_SOCIAL_CONFIG" cascadeConstraints="true" />
<dropColumn tableName="CLIENT" columnName="ALLOWED_CLAIMS_MASK" />
<createTable tableName="REALM_ENABLED_EVENT_TYPES">
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false" />
</column>
<column name="VALUE" type="VARCHAR(255)" />
</createTable>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_ENABLED_EVENT_TYPES" constraintName="FK_H846O4H0W8EPX5NWEDRF5Y69J" referencedColumnNames="ID" referencedTableName="REALM" />
</changeSet>
</databaseChangeLog>

View file

@ -0,0 +1,156 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="bburke@redhat.com" id="1.2.0.RC1">
<delete tableName="CLIENT_SESSION_ROLE"/>
<delete tableName="CLIENT_SESSION_NOTE"/>
<delete tableName="CLIENT_SESSION"/>
<delete tableName="USER_SESSION_NOTE"/>
<delete tableName="USER_SESSION"/>
<createTable tableName="MIGRATION_MODEL">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VERSION" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</createTable>
<createTable tableName="IDENTITY_PROVIDER_MAPPER">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="IDP_ALIAS" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="IDP_MAPPER_NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="IDP_MAPPER_CONFIG">
<column name="IDP_MAPPER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="CLOB"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<addColumn tableName="CREDENTIAL">
<column name="CREATED_DATE" type="BIGINT"/>
</addColumn>
<createTable tableName="USER_CONSENT">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="USER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_CONSENT_ROLE">
<column name="USER_CONSENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="USER_CONSENT_PROT_MAPPER">
<column name="USER_CONSENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT_SESSION_PROT_MAPPER">
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="CLIENT_SESSION" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_MIGMOD" tableName="MIGRATION_MODEL"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_IDPM" tableName="IDENTITY_PROVIDER_MAPPER"/>
<addPrimaryKey columnNames="IDP_MAPPER_ID, NAME" constraintName="CONSTRAINT_IDPMConfig" tableName="IDP_MAPPER_CONFIG"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_GRNTCSNT_PM" tableName="USER_CONSENT"/>
<addPrimaryKey columnNames="USER_CONSENT_ID, ROLE_ID" constraintName="CONSTRAINT_GRNTCSNT_ROLE_PM" tableName="USER_CONSENT_ROLE"/>
<addPrimaryKey columnNames="USER_CONSENT_ID, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_GRNTCSNT_PRM_PM" tableName="USER_CONSENT_PROT_MAPPER"/>
<addPrimaryKey columnNames="CLIENT_SESSION, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_CS_PMP_PK" tableName="CLIENT_SESSION_PROT_MAPPER"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER_MAPPER" constraintName="FK_IDPM_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="IDP_MAPPER_ID" baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMConfig" referencedColumnNames="ID" referencedTableName="IDENTITY_PROVIDER_MAPPER"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_CONSENT" constraintName="FK_GRNTCSNT_USER" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_ROLE" constraintName="FK_GRNTCSNT_ROLE_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
<addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_PROT_MAPPER" constraintName="FK_GRNTCSNT_PRM_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_PROT_MAPPER" constraintName="FK_33A8SGQW18I532811V7O2DK89" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
<renameColumn tableName="CLIENT" newColumnName="CLIENT_ID" oldColumnName="NAME" columnDataType="VARCHAR(255)"/>
<!-- DB2 specific. Original changelog has this in 1.0.0.Final -->
<addUniqueConstraint columnNames="REALM_ID,CLIENT_ID" constraintName="UK_B71CJLBENV945RB6GCON438AT" tableName="CLIENT"/>
<addColumn tableName="CLIENT">
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="NAME" type="VARCHAR(255)" />
</addColumn>
<addColumn tableName="IDENTITY_PROVIDER">
<column name="ADD_TOKEN_ROLE" type="BOOLEAN" defaultValueBoolean="true">
<constraints nullable="false"/>
</column>
</addColumn>
<update tableName="CLIENT">
<column name="CONSENT_REQUIRED" valueBoolean="true"/>
<where>DTYPE = 'OAuthClientEntity'</where>
</update>
<dropColumn tableName="CLIENT" columnName="DTYPE"/>
<dropForeignKeyConstraint baseTableName="REALM" constraintName="FK_RSAF444KK6QRKMS7N56AIWQ5Y" />
<renameColumn tableName="REALM" newColumnName="MASTER_ADMIN_CLIENT" oldColumnName="MASTER_ADMIN_APP" columnDataType="VARCHAR(36)"/>
<addForeignKeyConstraint baseColumnNames="MASTER_ADMIN_CLIENT" baseTableName="REALM" constraintName="FK_TRAF444KK6QRKMS7N56AIWQ5Y" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<!--<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_82S3P0DIUXAWWQQSA528UBY2Q" />-->
<renameTable oldTableName="REALM_APPLICATION" newTableName="REALM_CLIENT"/>
<renameColumn tableName="REALM_CLIENT" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
<addUniqueConstraint columnNames="CLIENT_ID" constraintName="UK_M6QGA3RFME47335JY8JXYXH3I" tableName="REALM_CLIENT" />
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="REALM_CLIENT" constraintName="FK_93S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_CLIENT" constraintName="FK_M6QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="REALM" />
<!--<dropForeignKeyConstraint baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_MAYLTS7KLWQW2H8M2B5JOYTKY" />-->
<renameTable oldTableName="APPLICATION_DEFAULT_ROLES" newTableName="CLIENT_DEFAULT_ROLES"/>
<renameColumn tableName="CLIENT_DEFAULT_ROLES" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_8AELWNIBJI49AVXSRTUF6XJOW" tableName="CLIENT_DEFAULT_ROLES"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_DEFAULT_ROLES" constraintName="FK_NUILTS7KLWQW2H8M2B5JOYTKY" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="CLIENT_DEFAULT_ROLES" constraintName="FK_8AELWNIBJI49AVXSRTUF6XJOW" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<dropForeignKeyConstraint baseTableName="APP_NODE_REGISTRATIONS" constraintName="FK8454723BA992F594" />
<dropPrimaryKey constraintName="CONSTRAINT_84" tableName="APP_NODE_REGISTRATIONS"/>
<renameTable oldTableName="APP_NODE_REGISTRATIONS" newTableName="CLIENT_NODE_REGISTRATIONS"/>
<renameColumn tableName="CLIENT_NODE_REGISTRATIONS" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
<addPrimaryKey columnNames="CLIENT_ID, NAME" constraintName="CONSTRAINT_84_2" tableName="CLIENT_NODE_REGISTRATIONS"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_NODE_REGISTRATIONS" constraintName="FK4129723BA992F594" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<dropForeignKeyConstraint baseTableName="KEYCLOAK_ROLE" constraintName="FK_PIMO5LE2C0RAL09FL8CM9WFW9" />
<renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT" oldColumnName="APPLICATION" columnDataType="VARCHAR(36)"/>
<renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT_ROLE" oldColumnName="APPLICATION_ROLE" columnDataType="BOOLEAN"/>
<renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT_REALM_CONSTRAINT" oldColumnName="APP_REALM_CONSTRAINT" columnDataType="VARCHAR(36)"/>
<addForeignKeyConstraint baseColumnNames="CLIENT" baseTableName="KEYCLOAK_ROLE" constraintName="FK_KJHO5LE2C0RAL09FL8CM9WFW9" referencedColumnNames="ID" referencedTableName="CLIENT"/>
<!--<dropUniqueConstraint tableName="KEYCLOAK_ROLE" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2"/>-->
<addUniqueConstraint columnNames="NAME,CLIENT_REALM_CONSTRAINT" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2-2" tableName="KEYCLOAK_ROLE"/>
<addUniqueConstraint columnNames="CLIENT_ID, USER_ID" constraintName="UK_JKUWUVD56ONTGSUHOGM8UEWRT" tableName="USER_CONSENT"/>
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_2_0_CR1"/>
</changeSet>
</databaseChangeLog>

View file

@ -0,0 +1,155 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="bburke@redhat.com" id="1.4.0">
<delete tableName="CLIENT_SESSION_AUTH_STATUS"/>
<delete tableName="CLIENT_SESSION_ROLE"/>
<delete tableName="CLIENT_SESSION_PROT_MAPPER"/>
<delete tableName="CLIENT_SESSION_NOTE"/>
<delete tableName="CLIENT_SESSION"/>
<delete tableName="USER_SESSION_NOTE"/>
<delete tableName="USER_SESSION"/>
<addColumn tableName="CLIENT">
<column name="SERVICE_ACCOUNTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
</addColumn>
<addColumn tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</addColumn>
<addColumn tableName="AUTHENTICATION_FLOW">
<column name="PROVIDER_ID" type="VARCHAR(36)" defaultValue="basic-flow">
<constraints nullable="false"/>
</column>
<column name="TOP_LEVEL" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="BUILT_IN" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
</addColumn>
<addColumn tableName="AUTHENTICATION_EXECUTION">
<column name="AUTH_FLOW_ID" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
<column name="AUTH_CONFIG" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</addColumn>
<addColumn tableName="USER_ATTRIBUTE">
<column name="ID" type="VARCHAR(36)" defaultValue="sybase-needs-something-here">
<constraints nullable="false"/>
</column>
</addColumn>
<dropColumn tableName="AUTHENTICATOR" columnName="PROVIDER_ID"/>
<renameTable oldTableName="AUTHENTICATOR_CONFIG" newTableName="AUTHENTICATOR_CONFIG_ENTRY"/>
<dropForeignKeyConstraint baseTableName="AUTHENTICATOR" constraintName="FK_AUTH_REALM" />
<renameTable oldTableName="AUTHENTICATOR" newTableName="AUTHENTICATOR_CONFIG"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATOR_CONFIG" constraintName="FK_AUTH_REALM_2" referencedColumnNames="ID" referencedTableName="REALM"/>
<!-- OAUTH_GRANT,
CODE_TO_TOKEN,
VERIFY_EMAIL,
UPDATE_PROFILE,
CONFIGURE_TOTP,
UPDATE_PASSWORD,
RECOVER_PASSWORD,
AUTHENTICATE,
SOCIAL_CALLBACK,
LOGGED_OUT -->
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="OAUTH_GRANT"/>
<where>ACTION = 0</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="CODE_TO_TOKEN"/>
<where>ACTION = 1</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="VERIFY_EMAIL"/>
<where>ACTION = 2</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="UPDATE_PROFILE"/>
<where>ACTION = 3</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="CONFIGURE_TOTP"/>
<where>ACTION = 4</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="UPDATE_PASSWORD"/>
<where>ACTION = 5</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="RECOVER_PASSWORD"/>
<where>ACTION = 6</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="AUTHENTICATE"/>
<where>ACTION = 7</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="SOCIAL_CALLBACK"/>
<where>ACTION = 8</where>
</update>
<update tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" value="LOGGED_OUT"/>
<where>ACTION = 9</where>
</update>
<createTable tableName="CLIENT_USER_SESSION_NOTE">
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(2048)"/>
<column name="CLIENT_SESSION" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="REQUIRED_ACTION_PROVIDER">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ALIAS" type="VARCHAR(255)"/>
<column name="NAME" type="VARCHAR(255)"/>
<column name="REALM_ID" type="VARCHAR(36)"/>
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="DEFAULT_ACTION" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="PROVIDER_ID" type="VARCHAR(255)"/>
</createTable>
<createTable tableName="REQUIRED_ACTION_CONFIG">
<column name="REQUIRED_ACTION_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="CLOB"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_4_0_Final"/>
<dropPrimaryKey constraintName="CONSTRAINT_6" tableName="USER_ATTRIBUTE"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_USER_ATTRIBUTE_PK" tableName="USER_ATTRIBUTE"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_REQ_ACT_PRV_PK" tableName="REQUIRED_ACTION_PROVIDER"/>
<addPrimaryKey columnNames="REQUIRED_ACTION_ID, NAME" constraintName="CONSTRAINT_REQ_ACT_CFG_PK" tableName="REQUIRED_ACTION_CONFIG"/>
<addPrimaryKey columnNames="CLIENT_SESSION, NAME" constraintName="CONSTR_CL_USR_SES_NOTE" tableName="CLIENT_USER_SESSION_NOTE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REQUIRED_ACTION_PROVIDER" constraintName="FK_REQ_ACT_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_USER_SESSION_NOTE" constraintName="FK_CL_USR_SES_NOTE" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
<dropColumn tableName="CLIENT_SESSION" columnName="ACTION"/>
<addColumn tableName="USER_ENTITY">
<column name="CREATED_TIMESTAMP" type="BIGINT"/>
<column name="SERVICE_ACCOUNT_CLIENT_LINK" type="VARCHAR(36)"/>
</addColumn>
</changeSet>
</databaseChangeLog>

View file

@ -0,0 +1,129 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="mposolda@redhat.com" id="1.8.0">
<addColumn tableName="IDENTITY_PROVIDER">
<column name="POST_BROKER_LOGIN_FLOW_ID" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</addColumn>
<createTable tableName="CLIENT_TEMPLATE">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="DESCRIPTION" type="VARCHAR(255)"/>
<column name="PROTOCOL" type="VARCHAR(255)"/>
<column name="FULL_SCOPE_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="STANDARD_FLOW_ENABLED" type="BOOLEAN" defaultValueBoolean="true">
<constraints nullable="false"/>
</column>
<column name="IMPLICIT_FLOW_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="DIRECT_ACCESS_GRANTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="SERVICE_ACCOUNTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="BEARER_ONLY" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="PUBLIC_CLIENT" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT_TEMPLATE_ATTRIBUTES">
<column name="TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="VALUE" type="VARCHAR(2048)"/>
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="TEMPLATE_SCOPE_MAPPING">
<column name="TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<dropNotNullConstraint tableName="PROTOCOL_MAPPER" columnName="CLIENT_ID" columnDataType="VARCHAR(36)"/>
<addColumn tableName="CLIENT">
<column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
<column name="USE_TEMPLATE_CONFIG" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="USE_TEMPLATE_SCOPE" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="USE_TEMPLATE_MAPPERS" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
</addColumn>
<addColumn tableName="PROTOCOL_MAPPER">
<column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="true"/>
</column>
</addColumn>
<createTable tableName="REALM_CLIENT_TEMPLATE">
<column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="REALM_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<addPrimaryKey columnNames="ID" constraintName="PK_CLI_TEMPLATE" tableName="CLIENT_TEMPLATE"/>
<addUniqueConstraint columnNames="REALM_ID,NAME" constraintName="UK_CLI_TEMPLATE" tableName="CLIENT_TEMPLATE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="CLIENT_TEMPLATE" constraintName="FK_REALM_CLI_TMPLT" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_CLI_TMPLT_MAPPER" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="CLIENT" constraintName="FK_CLI_TMPLT_CLIENT" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_RLM" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_CLI" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<addPrimaryKey columnNames="TEMPLATE_ID, ROLE_ID" constraintName="PK_TEMPLATE_SCOPE" tableName="TEMPLATE_SCOPE_MAPPING"/>
<addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_ROLE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
<addPrimaryKey columnNames="TEMPLATE_ID, NAME" constraintName="PK_CL_TMPL_ATTR" tableName="CLIENT_TEMPLATE_ATTRIBUTES"/>
<addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="CLIENT_TEMPLATE_ATTRIBUTES" constraintName="FK_CL_TEMPL_ATTR_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
<update tableName="CREDENTIAL">
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
<where>TYPE in ('password-history', 'password') AND ALGORITHM is NULL</where>
</update>
</changeSet>
<changeSet id="1.8.0-2" author="keycloak">
<dropDefaultValue tableName="CREDENTIAL" columnName="ALGORITHM" columnDataType="VARCHAR(36)"/>
<update tableName="CREDENTIAL">
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
<where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
</update>
</changeSet>
</databaseChangeLog>

View file

@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
<include file="META-INF/db2-jpa-changelog-1.0.0.Final.xml"/>
<include file="META-INF/jpa-changelog-1.1.0.Beta1.xml"/>
<include file="META-INF/jpa-changelog-1.1.0.Final.xml"/>
<include file="META-INF/db2-jpa-changelog-1.2.0.Beta1.xml"/>
<include file="META-INF/db2-jpa-changelog-1.2.0.CR1.xml"/>
<include file="META-INF/jpa-changelog-1.2.0.Final.xml"/>
<include file="META-INF/jpa-changelog-1.3.0.xml"/>
<include file="META-INF/db2-jpa-changelog-1.4.0.xml"/>
<include file="META-INF/jpa-changelog-1.5.0.xml"/>
<include file="META-INF/jpa-changelog-1.6.1.xml"/>
<include file="META-INF/jpa-changelog-1.7.0.xml"/>
<include file="META-INF/db2-jpa-changelog-1.8.0.xml"/>
<include file="META-INF/jpa-changelog-1.9.0.xml"/>
</databaseChangeLog>

View file

@ -119,6 +119,12 @@
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
<where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
</update>
<!-- Sybase specific hacks -->
<modifySql dbms="sybase">
<regExpReplace replace=".*(SET DEFAULT NULL)" with="SELECT 1" />
</modifySql>
</changeSet>
</databaseChangeLog>

View file

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="mposolda@redhat.com" id="1.9.0">
<!-- This is needed for MSSQL :( -->
<!-- 1.5 -->
<update tableName="REALM">
<column name="OTP_POLICY_COUNTER" type="INT" valueNumeric="0" />
<where>OTP_POLICY_COUNTER is NULL</where>
</update>
<update tableName="REALM">
<column name="OTP_POLICY_WINDOW" type="INT" valueNumeric="1" />
<where>OTP_POLICY_WINDOW is NULL</where>
</update>
<update tableName="REALM">
<column name="OTP_POLICY_PERIOD" type="INT" valueNumeric="30" />
<where>OTP_POLICY_PERIOD is NULL</where>
</update>
<update tableName="REALM">
<column name="OTP_POLICY_DIGITS" type="INT" valueNumeric="6" />
<where>OTP_POLICY_DIGITS is NULL</where>
</update>
<update tableName="CREDENTIAL">
<column name="COUNTER" type="INT" valueNumeric="0" />
<where>COUNTER is NULL</where>
</update>
<update tableName="CREDENTIAL">
<column name="DIGITS" type="INT" valueNumeric="6" />
<where>DIGITS is NULL</where>
</update>
<update tableName="CREDENTIAL">
<column name="PERIOD" type="INT" valueNumeric="30" />
<where>PERIOD is NULL</where>
</update>
<!-- 1.6 -->
<update tableName="REALM">
<column name="OFFLINE_SESSION_IDLE_TIMEOUT" type="INT" valueNumeric="2592000" />
<where>OFFLINE_SESSION_IDLE_TIMEOUT is NULL</where>
</update>
<!-- 1.7 -->
<update tableName="REALM">
<column name="ACCESS_TOKEN_LIFE_IMPLICIT" type="INT" valueNumeric="900" />
<where>ACCESS_TOKEN_LIFE_IMPLICIT is NULL</where>
</update>
</changeSet>
</databaseChangeLog>

View file

@ -12,4 +12,5 @@
<include file="META-INF/jpa-changelog-1.6.1.xml"/>
<include file="META-INF/jpa-changelog-1.7.0.xml"/>
<include file="META-INF/jpa-changelog-1.8.0.xml"/>
<include file="META-INF/jpa-changelog-1.9.0.xml"/>
</databaseChangeLog>

37
pom.xml
View file

@ -55,8 +55,7 @@
<eap.version>7.0.0.Beta</eap.version>
<!-- this is EAP 6.4 alpha, publicly available -->
<jboss.version>7.5.0.Final-redhat-15</jboss.version>
<jboss.version>7.2.0.Final</jboss.version>
<servlet.api.30.version>1.0.2.Final</servlet.api.30.version>
<google.zxing.version>3.2.1</google.zxing.version>
@ -1332,39 +1331,5 @@
</plugins>
</build>
</profile>
<!-- Configure the JBoss Early Access Maven repository -->
<profile>
<id>jboss-earlyaccess-repository</id>
<activation>
<property>
<name>!no-jboss-ea-repo</name>
</property>
</activation>
<repositories>
<repository>
<id>jboss-earlyaccess-repository</id>
<url>http://maven.repository.redhat.com/earlyaccess/all/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>jboss-earlyaccess-plugin-repository</id>
<url>http://maven.repository.redhat.com/earlyaccess/all/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
</project>

View file

@ -130,7 +130,7 @@ public class StringUtil {
* @param second
*/
public static void match(String first, String second) {
if (first.equals(second) == false)
if (!first.equals(second))
throw logger.notEqualError(first, second);
}

View file

@ -191,7 +191,7 @@ public class TransformerUtil {
public void transform(Source xmlSource, Result outputTarget) throws TransformerException {
if (!(xmlSource instanceof StAXSource))
throw logger.wrongTypeError("xmlSource should be a stax source");
if (outputTarget instanceof DOMResult == false)
if (!(outputTarget instanceof DOMResult))
throw logger.wrongTypeError("outputTarget should be a dom result");
String rootTag = null;
@ -208,7 +208,7 @@ public class TransformerUtil {
try {
XMLEvent xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader);
if (xmlEvent instanceof StartElement == false)
if (!(xmlEvent instanceof StartElement))
throw new TransformerException(ErrorCodes.WRITER_SHOULD_START_ELEMENT);
StartElement rootElement = (StartElement) xmlEvent;

View file

@ -167,7 +167,7 @@ public class StatementUtil {
* @return
*/
public static AttributeStatementType createAttributeStatementForRoles(List<String> roles, boolean multivalued) {
if (multivalued == false) {
if (!multivalued) {
return createAttributeStatement(roles);
}
AttributeStatementType attrStatement = new AttributeStatementType();

View file

@ -136,7 +136,7 @@ public class JAXPValidationUtil {
public void error(SAXParseException ex) throws SAXException {
logException(ex);
if (ex.getMessage().contains("null") == false) {
if (!ex.getMessage().contains("null")) {
throw ex;
}
}

View file

@ -5,16 +5,16 @@ package org.keycloak.models;
* @version $Revision: 1 $
*/
public class ClaimMask {
public static final long NAME = 0x01l;
public static final long USERNAME = 0x02l;
public static final long PROFILE = 0x04l;
public static final long PICTURE = 0x08l;
public static final long WEBSITE = 0x10l;
public static final long EMAIL = 0x20l;
public static final long GENDER = 0x40l;
public static final long LOCALE = 0x80l;
public static final long ADDRESS = 0x100l;
public static final long PHONE = 0x200l;
public static final long NAME = 0x01L;
public static final long USERNAME = 0x02L;
public static final long PROFILE = 0x04L;
public static final long PICTURE = 0x08L;
public static final long WEBSITE = 0x10L;
public static final long EMAIL = 0x20L;
public static final long GENDER = 0x40L;
public static final long LOCALE = 0x80L;
public static final long ADDRESS = 0x100L;
public static final long PHONE = 0x200L;
public static final long ALL = NAME | USERNAME | PROFILE | PICTURE | WEBSITE | EMAIL | GENDER | LOCALE | ADDRESS | PHONE;

View file

@ -96,25 +96,25 @@ public class OTPPolicy implements Serializable {
}
public String getKeyURI(RealmModel realm, UserModel user, String secret) {
try {
String displayName = realm.getDisplayName() != null && !realm.getDisplayName().isEmpty() ? realm.getDisplayName() : realm.getName();
String uri;
String displayName = realm.getDisplayName();
String uri = null;
uri = "otpauth://" + type + "/" + URLEncoder.encode(user.getUsername(), "UTF-8") + "?secret=" +
Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
if (displayName == null || displayName.isEmpty()) { displayName = realm.getName(); }
uri = "otpauth://" + type + "/" + displayName + ":" + user.getUsername() + "?secret=" +
Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
try {
uri += "&issuer=" + URLEncoder.encode(realm.getName(), "UTF-8");
} catch (UnsupportedEncodingException e) {
logger.debug("Failed to add issuer parameter to OTP URI becasue UTF-8 is not supported.");
}
if (type.equals(UserCredentialModel.HOTP)) {
uri += "&counter=" + initialCounter;
uri += "&issuer=" + URLEncoder.encode(displayName, "UTF-8");
if (type.equals(UserCredentialModel.HOTP)) {
uri += "&counter=" + initialCounter;
}
if (type.equals(UserCredentialModel.TOTP)) {
uri += "&period=" + period;
}
return uri;
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
if (type.equals(UserCredentialModel.TOTP)) {
uri += "&period=" + period;
}
return uri;
}
}

View file

@ -32,7 +32,7 @@ public class PasswordPolicy implements Serializable {
this.policyString = policyString;
this.policies = new LinkedList<>();
if (policyString != null && !policyString.isEmpty()) {
if (policyString != null && !policyString.trim().isEmpty()) {
for (String policy : policyString.split(" and ")) {
policy = policy.trim();

View file

@ -21,6 +21,7 @@ import org.keycloak.common.ClientConnection;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.services.ServicesLogger;
@ -91,44 +92,49 @@ public class DefaultBruteForceProtector implements Runnable, BruteForceProtector
logger.debug("failure");
RealmModel realm = getRealmModel(session, event);
logFailure(event);
UsernameLoginFailureModel user = getUserModel(session, event);
if (user == null) {
user = session.sessions().addUserLoginFailure(realm, event.username.toLowerCase());
}
user.setLastIPFailure(event.ip);
long currentTime = System.currentTimeMillis();
long last = user.getLastFailure();
long deltaTime = 0;
if (last > 0) {
deltaTime = currentTime - last;
}
user.setLastFailure(currentTime);
if (deltaTime > 0) {
// if last failure was more than MAX_DELTA clear failures
if (deltaTime > (long)realm.getMaxDeltaTimeSeconds() *1000L) {
user.clearFailures();
UserModel user = session.users().getUserByUsername(event.username.toString(), realm);
UsernameLoginFailureModel userLoginFailure = getUserModel(session, event);
if (user != null) {
if (userLoginFailure == null) {
userLoginFailure = session.sessions().addUserLoginFailure(realm, event.username.toLowerCase());
}
}
user.incrementFailures();
logger.debugv("new num failures: {0}" , user.getNumFailures());
userLoginFailure.setLastIPFailure(event.ip);
long currentTime = System.currentTimeMillis();
long last = userLoginFailure.getLastFailure();
long deltaTime = 0;
if (last > 0) {
deltaTime = currentTime - last;
}
userLoginFailure.setLastFailure(currentTime);
if (deltaTime > 0) {
// if last failure was more than MAX_DELTA clear failures
if (deltaTime > (long) realm.getMaxDeltaTimeSeconds() * 1000L) {
userLoginFailure.clearFailures();
}
}
userLoginFailure.incrementFailures();
logger.debugv("new num failures: {0}", userLoginFailure.getNumFailures());
int waitSeconds = realm.getWaitIncrementSeconds() * (user.getNumFailures() / realm.getFailureFactor());
logger.debugv("waitSeconds: {0}", waitSeconds);
logger.debugv("deltaTime: {0}", deltaTime);
if (waitSeconds == 0) {
if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
logger.debugv("quick login, set min wait seconds");
waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
int waitSeconds = realm.getWaitIncrementSeconds() * (userLoginFailure.getNumFailures() / realm.getFailureFactor());
logger.debugv("waitSeconds: {0}", waitSeconds);
logger.debugv("deltaTime: {0}", deltaTime);
if (waitSeconds == 0) {
if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
logger.debugv("quick login, set min wait seconds");
waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
}
}
if (waitSeconds > 0) {
waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds);
int notBefore = (int) (currentTime / 1000) + waitSeconds;
logger.debugv("set notBefore: {0}", notBefore);
userLoginFailure.setFailedLoginNotBefore(notBefore);
}
}
if (waitSeconds > 0) {
waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds);
int notBefore = (int) (currentTime / 1000) + waitSeconds;
logger.debugv("set notBefore: {0}", notBefore);
user.setFailedLoginNotBefore(notBefore);
}
}
protected UsernameLoginFailureModel getUserModel(KeycloakSession session, LoginEvent event) {
RealmModel realm = getRealmModel(session, event);
if (realm == null) return null;

View file

@ -299,7 +299,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
} else if (context.getUsername() == null) {
username = context.getIdpConfig().getAlias() + "." + context.getId();
} else {
username = context.getIdpConfig().getAlias() + "." + context.getUsername();
username = context.getUsername();
}
}
username = username.trim();

View file

@ -11,7 +11,7 @@ public abstract class SAMLServletWithLogout extends AbstractPageWithInjectedUrl
public void logout() {
driver.navigate().to(getUriBuilder().queryParam("GLO", "true").build().toASCIIString());
getUriBuilder().replaceQueryParam("GLO", new Object());
getUriBuilder().replaceQueryParam("GLO", null);
pause(300);
}
}

View file

@ -116,11 +116,10 @@
}
],
"applications": [
"clients": [
{
"name": "customer-portal",
"clientId": "customer-portal",
"enabled": true,
"directAccessGrantsEnabled": true,
"adminUrl": "/customer-portal",
"baseUrl": "/customer-portal",
"redirectUris": [
@ -129,7 +128,7 @@
"secret": "password"
},
{
"name": "customer-cookie-portal",
"clientId": "customer-cookie-portal",
"enabled": true,
"baseUrl": "/customer-cookie-portal",
"redirectUris": [
@ -138,7 +137,7 @@
"secret": "password"
},
{
"name": "customer-portal-js",
"clientId": "customer-portal-js",
"enabled": true,
"publicClient": true,
"adminUrl": "/customer-portal-js",
@ -148,7 +147,7 @@
]
},
{
"name": "customer-portal-cli",
"clientId": "customer-portal-cli",
"enabled": true,
"publicClient": true,
"redirectUris": [
@ -157,7 +156,7 @@
]
},
{
"name": "product-portal",
"clientId": "product-portal",
"enabled": true,
"adminUrl": "/product-portal",
"baseUrl": "/product-portal",
@ -167,7 +166,7 @@
"secret": "password"
},
{
"name": "secure-portal",
"clientId": "secure-portal",
"enabled": true,
"adminUrl": "/secure-portal",
"baseUrl": "/secure-portal",
@ -180,7 +179,7 @@
}
},
{
"name": "session-portal",
"clientId": "session-portal",
"enabled": true,
"adminUrl": "/session-portal",
"baseUrl": "/session-portal",
@ -190,7 +189,7 @@
"secret": "password"
},
{
"name": "input-portal",
"clientId": "input-portal",
"enabled": true,
"adminUrl": "/input-portal",
"baseUrl": "/input-portal",
@ -198,11 +197,9 @@
"/input-portal/*"
],
"secret": "password"
}
],
"oauthClients": [
},
{
"name": "third-party",
"clientId": "third-party",
"enabled": true,
"redirectUris": [
"/oauth-client/*",

View file

@ -25,24 +25,6 @@ public class CreateClientForm extends Form {
@FindBy(id = "clientId")
private WebElement clientIdInput;
@FindBy(id = "name")
private WebElement nameInput;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='enabled']]")
private OnOffSwitch enabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='consentRequired']]")
private OnOffSwitch consentRequiredSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='standardFlowEnabled']]")
private OnOffSwitch standardFlowEnabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='implicitFlowEnabled']]")
private OnOffSwitch implicitFlowEnabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='directAccessGrantsEnabled']]")
private OnOffSwitch directAccessGrantsEnabledSwitch;
@FindBy(id = "protocol")
private Select protocolSelect;
@ -53,43 +35,11 @@ public class CreateClientForm extends Form {
return samlForm;
}
@FindBy(id = "accessType")
private Select accessTypeSelect;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='serviceAccountsEnabled']]")
private OnOffSwitch serviceAccountsEnabledSwitch;
@FindBy(id = "newRedirectUri")
private WebElement newRedirectUriInput;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newRedirectUri')]")
private WebElement newRedirectUriSubmit;
@FindBy(xpath = ".//input[@ng-model='client.redirectUris[i]']")
private List<WebElement> redirectUriInputs;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'deleteRedirectUri')]")
private List<WebElement> deleteRedirectUriIcons;
public void setValues(ClientRepresentation client) {
waitUntilElement(clientIdInput).is().present();
setClientId(client.getClientId());
setName(client.getName());
setEnabled(client.isEnabled());
setConsentRequired(client.isConsentRequired());
setProtocol(client.getProtocol());
if (OIDC.equals(client.getProtocol())) {
setAccessType(client);
if (!client.isBearerOnly()) {
setStandardFlowEnabled(client.isStandardFlowEnabled());
setDirectAccessGrantsEnabled(client.isDirectAccessGrantsEnabled());
if (client.isPublicClient()) {
setImplicitFlowEnabled(client.isImplicitFlowEnabled());
} else {//confidential
setServiceAccountsEnabled(client.isServiceAccountsEnabled());
}
if (client.isStandardFlowEnabled() || client.isImplicitFlowEnabled()) {
setRedirectUris(client.getRedirectUris());
}
}
}
}
public String getClientId() {
@ -100,22 +50,6 @@ public class CreateClientForm extends Form {
setInputValue(clientIdInput, clientId);
}
public String getName() {
return getInputValue(nameInput);
}
public void setName(String name) {
setInputValue(nameInput, name);
}
public boolean isEnabled() {
return enabledSwitch.isOn();
}
public void setEnabled(boolean enabled) {
enabledSwitch.setOn(enabled);
}
public enum OidcAccessType {
BEARER_ONLY("bearer-only"),
PUBLIC("public"),
@ -132,77 +66,6 @@ public class CreateClientForm extends Form {
}
}
public void setAccessType(ClientRepresentation client) {
if (client.isBearerOnly()) {
accessTypeSelect.selectByVisibleText(BEARER_ONLY.getName());
} else if (client.isPublicClient()) {
accessTypeSelect.selectByVisibleText(PUBLIC.getName());
} else {
accessTypeSelect.selectByVisibleText(CONFIDENTIAL.getName());
}
}
public void addRedirectUri(String redirectUri) {
newRedirectUriInput.sendKeys(redirectUri);
newRedirectUriSubmit.click();
}
public List<String> getRedirectUris() {
List<String> values = new ArrayList<>();
for (WebElement input : redirectUriInputs) {
values.add(getInputValue(input));
}
return values;
}
public void setRedirectUris(List<String> redirectUris) {
Timer.time();
while (!deleteRedirectUriIcons.isEmpty()) {
deleteRedirectUriIcons.get(0).click();
pause(100);
}
Timer.time("deleteRedirectUris");
if (redirectUris != null) {
for (String redirectUri : redirectUris) {
addRedirectUri(redirectUri);
pause(100);
}
}
Timer.time("addRedirectUris");
}
public boolean isConsentRequired() {
return consentRequiredSwitch.isOn();
}
public void setConsentRequired(boolean consentRequired) {
consentRequiredSwitch.setOn(consentRequired);
}
public boolean isStandardFlowEnabled() {
return standardFlowEnabledSwitch.isOn();
}
public void setStandardFlowEnabled(boolean standardFlowEnabled) {
standardFlowEnabledSwitch.setOn(standardFlowEnabled);
}
public boolean isImplicitFlowEnabled() {
return implicitFlowEnabledSwitch.isOn();
}
public void setImplicitFlowEnabled(boolean implicitFlowEnabled) {
implicitFlowEnabledSwitch.setOn(implicitFlowEnabled);
}
public boolean isDirectAccessGrantsEnabled() {
return directAccessGrantsEnabledSwitch.isOn();
}
public void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled) {
directAccessGrantsEnabledSwitch.setOn(directAccessGrantsEnabled);
}
public String getProtocol() {
waitUntilElement(protocolSelect.getFirstSelectedOption()).is().present();
return protocolSelect.getFirstSelectedOption().getText();
@ -214,14 +77,6 @@ public class CreateClientForm extends Form {
Timer.time("clientSettings.setProtocol()");
}
public boolean isServiceAccountsEnabled() {
return serviceAccountsEnabledSwitch.isOn();
}
public void setServiceAccountsEnabled(boolean serviceAccountsEnabled) {
serviceAccountsEnabledSwitch.setOn(serviceAccountsEnabled);
}
public class SAMLClientSettingsForm extends Form {
public static final String SAML_ASSERTION_SIGNATURE = "saml.assertion.signature";

View file

@ -2,14 +2,19 @@ package org.keycloak.testsuite.console.page.clients.settings;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
import org.keycloak.testsuite.util.Timer;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import java.util.ArrayList;
import java.util.List;
import org.keycloak.testsuite.console.page.clients.CreateClientForm;
import org.openqa.selenium.support.ui.Select;
import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.BEARER_ONLY;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.CONFIDENTIAL;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.PUBLIC;
import static org.keycloak.testsuite.util.WaitUtils.pause;
/**
@ -17,11 +22,43 @@ import static org.keycloak.testsuite.util.WaitUtils.pause;
*/
public class ClientSettingsForm extends CreateClientForm {
@FindBy(id = "name")
private WebElement nameInput;
@FindBy(id = "baseUrl")
private WebElement baseUrlInput;
@FindBy(id = "adminUrl")
private WebElement adminUrlInput;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='enabled']]")
private OnOffSwitch enabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='consentRequired']]")
private OnOffSwitch consentRequiredSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='standardFlowEnabled']]")
private OnOffSwitch standardFlowEnabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='implicitFlowEnabled']]")
private OnOffSwitch implicitFlowEnabledSwitch;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='directAccessGrantsEnabled']]")
private OnOffSwitch directAccessGrantsEnabledSwitch;
@FindBy(id = "accessType")
private Select accessTypeSelect;
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='serviceAccountsEnabled']]")
private OnOffSwitch serviceAccountsEnabledSwitch;
@FindBy(id = "newRedirectUri")
private WebElement newRedirectUriInput;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newRedirectUri')]")
private WebElement newRedirectUriSubmit;
@FindBy(xpath = ".//input[@ng-model='client.redirectUris[i]']")
private List<WebElement> redirectUriInputs;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'deleteRedirectUri')]")
private List<WebElement> deleteRedirectUriIcons;
@FindBy(id = "newWebOrigin")
private WebElement newWebOriginInput;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newWebOrigin')]")
@ -79,16 +116,122 @@ public class ClientSettingsForm extends CreateClientForm {
@Override
public void setValues(ClientRepresentation client) {
super.setValues(client);
setName(client.getName());
setEnabled(client.isEnabled());
setConsentRequired(client.isConsentRequired());
setBaseUrl(client.getBaseUrl());
if (OIDC.equals(client.getProtocol())) {
setAccessType(client);
if (!client.isBearerOnly()) {
setStandardFlowEnabled(client.isStandardFlowEnabled());
setDirectAccessGrantsEnabled(client.isDirectAccessGrantsEnabled());
if (client.isPublicClient()) {
setImplicitFlowEnabled(client.isImplicitFlowEnabled());
} else {//confidential
setServiceAccountsEnabled(client.isServiceAccountsEnabled());
}
if (client.isStandardFlowEnabled() || client.isImplicitFlowEnabled()) {
setRedirectUris(client.getRedirectUris());
}
}
setAdminUrl(client.getAdminUrl());
setWebOrigins(client.getWebOrigins());
}
}
@Override
public void setConsentRequired(boolean value) {
consentRequired.setOn(value);
public String getName() {
return getInputValue(nameInput);
}
public void setName(String name) {
setInputValue(nameInput, name);
}
public boolean isEnabled() {
return enabledSwitch.isOn();
}
public void setEnabled(boolean enabled) {
enabledSwitch.setOn(enabled);
}
public boolean isConsentRequired() {
return consentRequiredSwitch.isOn();
}
public void setConsentRequired(boolean consentRequired) {
consentRequiredSwitch.setOn(consentRequired);
}
public void setAccessType(ClientRepresentation client) {
if (client.isBearerOnly()) {
accessTypeSelect.selectByVisibleText(BEARER_ONLY.getName());
} else if (client.isPublicClient()) {
accessTypeSelect.selectByVisibleText(PUBLIC.getName());
} else {
accessTypeSelect.selectByVisibleText(CONFIDENTIAL.getName());
}
}
public void addRedirectUri(String redirectUri) {
newRedirectUriInput.sendKeys(redirectUri);
newRedirectUriSubmit.click();
}
public List<String> getRedirectUris() {
List<String> values = new ArrayList<>();
for (WebElement input : redirectUriInputs) {
values.add(getInputValue(input));
}
return values;
}
public void setRedirectUris(List<String> redirectUris) {
Timer.time();
while (!deleteRedirectUriIcons.isEmpty()) {
deleteRedirectUriIcons.get(0).click();
pause(100);
}
Timer.time("deleteRedirectUris");
if (redirectUris != null) {
for (String redirectUri : redirectUris) {
addRedirectUri(redirectUri);
pause(100);
}
}
Timer.time("addRedirectUris");
}
public boolean isStandardFlowEnabled() {
return standardFlowEnabledSwitch.isOn();
}
public void setStandardFlowEnabled(boolean standardFlowEnabled) {
standardFlowEnabledSwitch.setOn(standardFlowEnabled);
}
public boolean isImplicitFlowEnabled() {
return implicitFlowEnabledSwitch.isOn();
}
public void setImplicitFlowEnabled(boolean implicitFlowEnabled) {
implicitFlowEnabledSwitch.setOn(implicitFlowEnabled);
}
public boolean isDirectAccessGrantsEnabled() {
return directAccessGrantsEnabledSwitch.isOn();
}
public void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled) {
directAccessGrantsEnabledSwitch.setOn(directAccessGrantsEnabled);
}
public boolean isServiceAccountsEnabled() {
return serviceAccountsEnabledSwitch.isOn();
}
public void setServiceAccountsEnabled(boolean serviceAccountsEnabled) {
serviceAccountsEnabledSwitch.setOn(serviceAccountsEnabled);
}
}

View file

@ -17,6 +17,10 @@ import org.keycloak.testsuite.console.page.clients.Client;
import org.keycloak.testsuite.console.page.clients.Clients;
import org.keycloak.testsuite.console.page.clients.CreateClient;
import org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType;
import org.keycloak.testsuite.console.page.clients.settings.ClientSettings;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.*;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_POST;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_REDIRECT;
@ -53,6 +57,8 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
protected Client clientPage; // note: cannot call navigateTo() unless client id is set
@Page
protected CreateClient createClientPage;
@Page
protected ClientSettings clientSettingsPage;
@Before
public void beforeClientTest() {
@ -61,13 +67,17 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
}
public void createClient(ClientRepresentation client) {
WaitUtils.waitUntilElement(By.tagName("body"));
assertCurrentUrlEquals(clientsPage);
clientsPage.table().createClient();
createClientPage.form().setValues(client);
createClientPage.form().save();
clientSettingsPage.form().setValues(client);
if (SAML.equals(client.getProtocol())) {
createClientPage.form().samlForm().setValues(client);
}
createClientPage.form().save();
clientSettingsPage.form().save();
}
private static ClientRepresentation createClientRep(String clientId) {
@ -149,21 +159,25 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
assertEqualsStringAttributes(c1.getClientId(), c2.getClientId());
assertEqualsStringAttributes(c1.getName(), c2.getName());
assertEqualsBooleanAttributes(c1.isEnabled(), c2.isEnabled());
assertEqualsBooleanAttributes(c1.isConsentRequired(), c2.isConsentRequired());
assertEqualsBooleanAttributes(c1.isDirectAccessGrantsEnabled(), c2.isDirectAccessGrantsEnabled());
assertEqualsStringAttributes(c1.getProtocol(), c2.getProtocol());
assertEqualsBooleanAttributes(c1.isBearerOnly(), c2.isBearerOnly());
assertEqualsBooleanAttributes(c1.isPublicClient(), c2.isPublicClient());
assertEqualsBooleanAttributes(c1.isSurrogateAuthRequired(), c2.isSurrogateAuthRequired());
assertEqualsBooleanAttributes(c1.isFrontchannelLogout(), c2.isFrontchannelLogout());
assertEqualsBooleanAttributes(c1.isServiceAccountsEnabled(), c2.isServiceAccountsEnabled());
assertEqualsListAttributes(c1.getRedirectUris(), c2.getRedirectUris());
assertEqualsStringAttributes(c1.getBaseUrl(), c2.getBaseUrl());
assertEqualsStringAttributes(c1.getAdminUrl(), c2.getAdminUrl());
assertEqualsListAttributes(c1.getWebOrigins(), c2.getWebOrigins());
assertEqualsBooleanAttributes(c1.isConsentRequired(), c2.isConsentRequired());
assertEqualsStringAttributes(c1.getProtocol(), c2.getProtocol());
assertEqualsListAttributes(c1.getRedirectUris(), c2.getRedirectUris());
if (c1.getProtocol().equals(OIDC)) {
assertEqualsBooleanAttributes(c1.isBearerOnly(), c2.isBearerOnly());
if (!c1.isBearerOnly()) {
assertEqualsBooleanAttributes(c1.isDirectAccessGrantsEnabled(), c2.isDirectAccessGrantsEnabled());
assertEqualsBooleanAttributes(c1.isPublicClient(), c2.isPublicClient());
assertEqualsListAttributes(c1.getWebOrigins(), c2.getWebOrigins());
assertEqualsStringAttributes(c1.getAdminUrl(), c2.getAdminUrl());
}
assertEqualsBooleanAttributes(c1.isSurrogateAuthRequired(), c2.isSurrogateAuthRequired());
assertEqualsBooleanAttributes(c1.isServiceAccountsEnabled(), c2.isServiceAccountsEnabled());
}
else if (c1.getProtocol().equals(SAML)) {
assertEqualsBooleanAttributes(c1.isFrontchannelLogout(), c2.isFrontchannelLogout());
}
}
public void assertClientSamlAttributes(Map<String, String> expected, Map<String, String> actual) {

View file

@ -35,6 +35,7 @@ import org.keycloak.testsuite.util.Timer;
*
* @author Filip Kiss
* @author tkyjovsk
* @author Vaclav Muzikar <vmuzikar@redhat.com>
*/
public class ClientSettingsTest extends AbstractClientTest {
@ -49,7 +50,7 @@ public class ClientSettingsTest extends AbstractClientTest {
createClient(newClient);
assertAlertSuccess();
setExpectedWebOrigins(newClient);
//setExpectedWebOrigins(newClient);
// read & verify
ClientRepresentation found = findClientByClientId(newClient.getClientId());
@ -96,7 +97,7 @@ public class ClientSettingsTest extends AbstractClientTest {
createClient(newClient);
assertAlertSuccess();
setExpectedWebOrigins(newClient);
//setExpectedWebOrigins(newClient);
ClientRepresentation found = findClientByClientId(newClient.getClientId());
assertNotNull("Client " + newClient.getClientId() + " was not found.", found);
@ -144,10 +145,6 @@ public class ClientSettingsTest extends AbstractClientTest {
clientsPage.table().createClient();
createClientPage.form().save();
assertAlertDanger();
createClientPage.form().setClientId("test-client");
createClientPage.form().save();
assertAlertDanger();
}
// @Test
@ -182,4 +179,14 @@ public class ClientSettingsTest extends AbstractClientTest {
clientsPage.navigateTo();
pause(120000);
}
@Test
public void disabledClient() {
newClient = createOidcClientRep(CONFIDENTIAL, "disabled-client");
newClient.setEnabled(false);
createClient(newClient);
ClientRepresentation clientRepre = findClientByClientId("disabled-client");
assertTrue("Client should be disabled", clientRepre.isEnabled());
}
}

View file

@ -155,7 +155,7 @@ public abstract class AbstractIdentityProviderTest {
FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName());
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
driver.navigate().to("http://localhost:8081/test-app/logout");
driver.navigate().to("http://localhost:8081/test-app");

View file

@ -138,7 +138,7 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent
FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName());
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
driver.navigate().to("http://localhost:8081/test-app/logout");
driver.navigate().to("http://localhost:8081/test-app");
@ -485,7 +485,7 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent
System.out.println("after logout currentUrl: " + currentUrl);
assertTrue(currentUrl.startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
unconfigureUserRetrieveToken(getProviderId() + ".test-user");
unconfigureUserRetrieveToken("test-user");
loginIDP("test-user");
//authenticateWithIdentityProvider(identityProviderModel, "test-user");
assertEquals("http://localhost:8081/test-app", driver.getCurrentUrl());

View file

@ -122,7 +122,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId());
assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
driver.navigate().to("http://localhost:8081/test-app/logout");
@ -131,7 +131,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
loginTotpPage.assertCurrent();
loginTotpPage.login(totp.generateTOTP(totpSecret));
assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId());
assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
driver.navigate().to("http://localhost:8081/test-app/logout");
@ -141,7 +141,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
this.session = brokerServerRule.startSession();
loginIDP("test-user");
assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId());
assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
driver.navigate().to("http://localhost:8081/test-app/logout");
}
@ -248,7 +248,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
// assert reauthentication with login page. On login page is link to kc-saml-idp-basic as user has it linked already
Assert.assertEquals("Log in to " + APP_REALM_ID, this.driver.getTitle());
Assert.assertEquals("Authenticate as kc-saml-idp-basic.test-user to link your account with " + getProviderId(), this.loginPage.getSuccessMessage());
Assert.assertEquals("Authenticate as test-user to link your account with " + getProviderId(), this.loginPage.getSuccessMessage());
// reauthenticate with SAML broker. OTP authentication is required as well
this.loginPage.clickSocial("kc-saml-idp-basic");
@ -267,7 +267,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
}
// authenticated and redirected to app. User is linked with both identity providers
assertFederatedUser("kc-saml-idp-basic.test-user", "test-user@localhost", "test-user", getProviderId(), "kc-saml-idp-basic");
assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId(), "kc-saml-idp-basic");
}
private void setPostBrokerFlowForProvider(IdentityProviderModel identityProvider, RealmModel realm, boolean enable) {

View file

@ -68,7 +68,7 @@ public class AdminEventStoreProviderTest {
Assert.assertEquals(1, eventStore.createAdminQuery().authUser("userId").operation(OperationType.ACTION).getResultList().size());
Assert.assertEquals(2, eventStore.createAdminQuery().maxResults(2).getResultList().size());
Assert.assertEquals(1, eventStore.createAdminQuery().firstResult(5).getResultList().size());
Assert.assertEquals(1, eventStore.createAdminQuery().firstResult(5).maxResults(5).getResultList().size());
Assert.assertEquals(newest, eventStore.createAdminQuery().maxResults(1).getResultList().get(0).getTime());
Assert.assertEquals(oldest, eventStore.createAdminQuery().firstResult(5).maxResults(1).getResultList().get(0).getTime());

View file

@ -41,6 +41,7 @@ import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.rule.GreenMailRule;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
@ -101,13 +102,15 @@ public class BruteForceTest {
@WebResource
protected LoginPage loginPage;
@WebResource
private RegisterPage registerPage;
@WebResource
protected LoginTotpPage loginTotpPage;
@WebResource
protected OAuthClient oauth;
private TimeBasedOTP totp = new TimeBasedOTP();
private int lifespan;
@ -340,6 +343,17 @@ public class BruteForceTest {
loginSuccess();
}
@Test
public void testNonExistingAccounts() throws Exception {
loginInvalidPassword("non-existent-user");
loginInvalidPassword("non-existent-user");
loginInvalidPassword("non-existent-user");
registerUser("non-existent-user");
}
public void expectTemporarilyDisabled() throws Exception {
expectTemporarilyDisabled("test-user@localhost");
}
@ -430,4 +444,16 @@ public class BruteForceTest {
events.clear();
}
public void registerUser(String username){
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register("user", "name", username + "@localhost", username, "password", "password");
Assert.assertNull(registerPage.getInstruction());
events.clear();
}
}

View file

@ -57,6 +57,10 @@ public class RegisterPage extends AbstractPage {
@FindBy(className = "alert-error")
private WebElement loginErrorMessage;
@FindBy(className = "instruction")
private WebElement loginInstructionMessage;
public void register(String firstName, String lastName, String email, String username, String password, String passwordConfirm) {
firstNameInput.clear();
if (firstName != null) {
@ -131,6 +135,15 @@ public class RegisterPage extends AbstractPage {
return loginErrorMessage != null ? loginErrorMessage.getText() : null;
}
public String getInstruction() {
try {
return loginInstructionMessage != null ? loginInstructionMessage.getText() : null;
} catch (NoSuchElementException e){
// OK
}
return null;
}
public String getFirstName() {
return firstNameInput.getAttribute("value");
}

View file

@ -538,8 +538,10 @@ composite.associated-roles.tooltip=Realm level roles associated with this compos
composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role.
composite.associated-roles-client.tooltip=Client roles associated with this composite role.
partial-import=Partial Import
partial-import.tooltip=Partial import allows you to import users, clients, and other resources from a previously exported json file.
file=File
exported-json-file=Exported json file
import-from-realm=Import from realm
import-users=Import users
import-clients=Import clients

View file

@ -1,11 +1,14 @@
<div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
<h1>{{:: 'partial-import' | translate}}</h1>
<h1>
<span>{{:: 'partial-import' | translate}}</span>
<kc-tooltip>{{:: 'partial-import.tooltip' | translate}}</kc-tooltip>
</h1>
<form class="form-horizontal" name="partialImportForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label for="name" class="col-sm-2 control-label">{{:: 'file' | translate}}</label>
<label for="name" class="col-sm-2 control-label">{{:: 'exported-json-file' | translate}}</label>
<div class="col-md-6" data-ng-hide="importing">
<label for="import-file" class="btn btn-default">{{:: 'select-file'| translate}} <i class="pficon pficon-import"></i></label>