Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
4ba77a15a0
58 changed files with 1548 additions and 347 deletions
|
@ -125,7 +125,7 @@ public class JBossWebPrincipalFactory extends GenericPrincipalFactory {
|
|||
Iterator<Principal> iter = principals.iterator();
|
||||
while (iter.hasNext()) {
|
||||
Object next = iter.next();
|
||||
if ((next instanceof Group) == false)
|
||||
if (!(next instanceof Group))
|
||||
continue;
|
||||
Group grp = (Group) next;
|
||||
if (grp.getName().equals(name)) {
|
||||
|
|
|
@ -24,7 +24,7 @@ public class Jetty91RequestAuthenticator extends JettyRequestAuthenticator {
|
|||
if (session == null) {
|
||||
return request.getSession(true).getId();
|
||||
}
|
||||
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
|
||||
if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
|
||||
else return session.getId();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,7 +24,7 @@ public class Jetty92RequestAuthenticator extends JettyRequestAuthenticator {
|
|||
if (session == null) {
|
||||
return request.getSession(true).getId();
|
||||
}
|
||||
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
|
||||
if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
|
||||
else return session.getId();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,7 +22,7 @@ public class Tomcat8RequestAuthenticator extends CatalinaRequestAuthenticator {
|
|||
if (session == null) {
|
||||
return request.getSession(true).getId();
|
||||
}
|
||||
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
|
||||
if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
|
||||
else return session.getId();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -64,7 +64,7 @@ public class ServletRequestAuthenticator extends AbstractUndertowRequestAuthenti
|
|||
|
||||
@Override
|
||||
protected String changeHttpSessionId(boolean create) {
|
||||
if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return ChangeSessionId.changeSessionId(exchange, create);
|
||||
if (!deployment.isTurnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, create);
|
||||
else return getHttpSessionId(create);
|
||||
}
|
||||
|
||||
|
|
|
@ -89,7 +89,7 @@ public class SecurityInfoHelper {
|
|||
Iterator<Principal> iter = principals.iterator();
|
||||
while (iter.hasNext()) {
|
||||
Object next = iter.next();
|
||||
if ((next instanceof Group) == false)
|
||||
if (!(next instanceof Group))
|
||||
continue;
|
||||
Group grp = (Group) next;
|
||||
if (grp.getName().equals(name)) {
|
||||
|
|
|
@ -108,7 +108,7 @@ public class WildflyRequestAuthenticator extends ServletRequestAuthenticator {
|
|||
Iterator<Principal> iter = principals.iterator();
|
||||
while (iter.hasNext()) {
|
||||
Object next = iter.next();
|
||||
if ((next instanceof Group) == false)
|
||||
if (!(next instanceof Group))
|
||||
continue;
|
||||
Group grp = (Group) next;
|
||||
if (grp.getName().equals(name)) {
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.controller.AbstractAddStepHandler;
|
||||
import org.jboss.as.controller.AttributeDefinition;
|
||||
import org.jboss.as.controller.OperationContext;
|
||||
import org.jboss.as.controller.OperationFailedException;
|
||||
import org.jboss.as.controller.ServiceVerificationHandler;
|
||||
|
@ -31,11 +32,17 @@ import java.util.List;
|
|||
class IdentityProviderAddHandler extends AbstractAddStepHandler {
|
||||
|
||||
IdentityProviderAddHandler() {
|
||||
super(IdentityProviderDefinition.ALL_ATTRIBUTES);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
|
||||
Configuration.INSTANCE.updateModel(operation, model);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
|
||||
for (AttributeDefinition attr : IdentityProviderDefinition.ALL_ATTRIBUTES) {
|
||||
attr.validateAndSet(operation, model);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.controller.AbstractAddStepHandler;
|
||||
import org.jboss.as.controller.AttributeDefinition;
|
||||
import org.jboss.as.controller.OperationContext;
|
||||
import org.jboss.as.controller.OperationFailedException;
|
||||
import org.jboss.as.controller.ServiceVerificationHandler;
|
||||
|
@ -31,11 +32,17 @@ import java.util.List;
|
|||
class KeyAddHandler extends AbstractAddStepHandler {
|
||||
|
||||
KeyAddHandler() {
|
||||
super(KeyDefinition.ALL_ATTRIBUTES);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
|
||||
Configuration.INSTANCE.updateModel(operation, model);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
|
||||
for (AttributeDefinition attr : KeyDefinition.ALL_ATTRIBUTES) {
|
||||
attr.validateAndSet(operation, model);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -18,6 +18,7 @@ package org.keycloak.subsystem.saml.as7;
|
|||
|
||||
import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
|
||||
import org.jboss.as.controller.OperationContext;
|
||||
import org.jboss.as.controller.OperationFailedException;
|
||||
import org.jboss.as.controller.ServiceVerificationHandler;
|
||||
import org.jboss.as.server.AbstractDeploymentChainStep;
|
||||
import org.jboss.as.server.DeploymentProcessorTarget;
|
||||
|
@ -58,4 +59,8 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
|
|||
private DeploymentUnitProcessor chooseConfigDeploymentProcessor() {
|
||||
return new KeycloakAdapterConfigDeploymentProcessor();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
|
||||
}
|
||||
}
|
||||
|
|
|
@ -35,6 +35,7 @@ import javax.xml.stream.XMLStreamException;
|
|||
import java.util.Collections;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* The subsystem parser, which uses stax to read and write to and from xml
|
||||
|
@ -263,7 +264,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
|
|||
throw new XMLStreamException("KeyStore element must have 'file' or 'resource' attribute set", reader.getLocation());
|
||||
}
|
||||
if (!addKeyStore.hasDefined(Constants.Model.PASSWORD)) {
|
||||
throw ParseUtils.missingRequired(reader, Constants.XML.PASSWORD);
|
||||
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PASSWORD));
|
||||
}
|
||||
|
||||
while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
|
||||
|
@ -292,10 +293,10 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
|
|||
}
|
||||
|
||||
if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_ALIAS)) {
|
||||
throw ParseUtils.missingRequired(reader, Constants.XML.PRIVATE_KEY_ALIAS);
|
||||
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRIVATE_KEY_ALIAS));
|
||||
}
|
||||
if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_PASSWORD)) {
|
||||
throw ParseUtils.missingRequired(reader, Constants.XML.PRIVATE_KEY_PASSWORD);
|
||||
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRIVATE_KEY_PASSWORD));
|
||||
}
|
||||
|
||||
ParseUtils.requireNoContent(reader);
|
||||
|
@ -314,7 +315,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
|
|||
}
|
||||
|
||||
if (!addKeyStore.hasDefined(Constants.Model.CERTIFICATE_ALIAS)) {
|
||||
throw ParseUtils.missingRequired(reader, Constants.XML.CERTIFICATE_ALIAS);
|
||||
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.CERTIFICATE_ALIAS));
|
||||
}
|
||||
|
||||
ParseUtils.requireNoContent(reader);
|
||||
|
@ -356,7 +357,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
|
|||
}
|
||||
|
||||
if (!policySet) {
|
||||
throw ParseUtils.missingRequired(reader, Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY);
|
||||
throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY));
|
||||
}
|
||||
ParseUtils.requireNoContent(reader);
|
||||
}
|
||||
|
@ -568,4 +569,13 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
|
|||
}
|
||||
writer.writeEndElement();
|
||||
}
|
||||
|
||||
|
||||
private static Set<String> asSet(String ... values) {
|
||||
HashSet ret = new HashSet();
|
||||
for (String value: values) {
|
||||
ret.add(value);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -39,4 +39,8 @@ class SecureDeploymentAddHandler extends AbstractAddStepHandler {
|
|||
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
|
||||
Configuration.INSTANCE.updateModel(operation, model);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.controller.AbstractAddStepHandler;
|
||||
import org.jboss.as.controller.AttributeDefinition;
|
||||
import org.jboss.as.controller.OperationContext;
|
||||
import org.jboss.as.controller.OperationFailedException;
|
||||
import org.jboss.as.controller.ServiceVerificationHandler;
|
||||
|
@ -33,11 +34,17 @@ class ServiceProviderAddHandler extends AbstractAddStepHandler {
|
|||
static final ServiceProviderAddHandler INSTANCE = new ServiceProviderAddHandler();
|
||||
|
||||
ServiceProviderAddHandler() {
|
||||
super(ServiceProviderDefinition.ALL_ATTRIBUTES);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
|
||||
Configuration.INSTANCE.updateModel(operation, model);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
|
||||
for (AttributeDefinition attr : ServiceProviderDefinition.ALL_ATTRIBUTES) {
|
||||
attr.validateAndSet(operation, model);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -21,7 +21,7 @@ public class Jetty9SamlSessionStore extends JettySamlSessionStore {
|
|||
@Override
|
||||
protected String changeSessionId(HttpSession session) {
|
||||
Request request = this.request;
|
||||
if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
|
||||
if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
|
||||
else return session.getId();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -21,7 +21,7 @@ public class Jetty9SamlSessionStore extends JettySamlSessionStore {
|
|||
@Override
|
||||
protected String changeSessionId(HttpSession session) {
|
||||
Request request = this.request;
|
||||
if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
|
||||
if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
|
||||
else return session.getId();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,7 +22,7 @@ public class Tomcat8SamlSessionStore extends CatalinaSamlSessionStore {
|
|||
@Override
|
||||
protected String changeSessionId(Session session) {
|
||||
Request request = this.request;
|
||||
if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
|
||||
if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
|
||||
else return session.getId();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -165,7 +165,7 @@ public class ServletSamlSessionStore implements SamlSessionStore {
|
|||
}
|
||||
|
||||
protected String changeSessionId(HttpSession session) {
|
||||
if (deployment.turnOffChangeSessionIdOnLogin() == false) return ChangeSessionId.changeSessionId(exchange, false);
|
||||
if (!deployment.turnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, false);
|
||||
else return session.getId();
|
||||
}
|
||||
|
||||
|
|
|
@ -89,7 +89,7 @@ public class SecurityInfoHelper {
|
|||
Iterator<Principal> iter = principals.iterator();
|
||||
while (iter.hasNext()) {
|
||||
Object next = iter.next();
|
||||
if ((next instanceof Group) == false)
|
||||
if (!(next instanceof Group))
|
||||
continue;
|
||||
Group grp = (Group) next;
|
||||
if (grp.getName().equals(name)) {
|
||||
|
|
|
@ -30,7 +30,7 @@ public class KeycloakLoginModule extends AbstractServerLoginModule {
|
|||
@Override
|
||||
public boolean login() throws LoginException {
|
||||
log.debug("KeycloakLoginModule.login()");
|
||||
if (super.login() == true) {
|
||||
if (super.login()) {
|
||||
log.debug("super.login()==true");
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -81,7 +81,7 @@ public abstract class GenericPrincipalFactory {
|
|||
Iterator<Principal> iter = principals.iterator();
|
||||
while (iter.hasNext()) {
|
||||
Object next = iter.next();
|
||||
if ((next instanceof Group) == false)
|
||||
if (!(next instanceof Group))
|
||||
continue;
|
||||
Group grp = (Group) next;
|
||||
if (grp.getName().equals(name)) {
|
||||
|
|
|
@ -207,7 +207,7 @@ public final class StringPropertyReplacer
|
|||
}
|
||||
|
||||
// No properties
|
||||
if (properties == false)
|
||||
if (!properties)
|
||||
return string;
|
||||
|
||||
// Collect the trailing characters
|
||||
|
|
|
@ -7,28 +7,28 @@ package org.keycloak.federation.ldap.mappers.msad;
|
|||
*/
|
||||
public class UserAccountControl {
|
||||
|
||||
public static final long SCRIPT = 0x0001l;
|
||||
public static final long ACCOUNTDISABLE = 0x0002l;
|
||||
public static final long HOMEDIR_REQUIRED = 0x0008l;
|
||||
public static final long LOCKOUT = 0x0010l;
|
||||
public static final long PASSWD_NOTREQD = 0x0020l;
|
||||
public static final long PASSWD_CANT_CHANGE = 0x0040l;
|
||||
public static final long ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080l;
|
||||
public static final long TEMP_DUPLICATE_ACCOUNT = 0x0100l;
|
||||
public static final long NORMAL_ACCOUNT = 0x0200l;
|
||||
public static final long INTERDOMAIN_TRUST_ACCOUNT = 0x0800l;
|
||||
public static final long WORKSTATION_TRUST_ACCOUNT = 0x1000l;
|
||||
public static final long SERVER_TRUST_ACCOUNT = 0x2000l;
|
||||
public static final long DONT_EXPIRE_PASSWORD = 0x10000l;
|
||||
public static final long MNS_LOGON_ACCOUNT = 0x20000l;
|
||||
public static final long SMARTCARD_REQUIRED = 0x40000l;
|
||||
public static final long TRUSTED_FOR_DELEGATION = 0x80000l;
|
||||
public static final long NOT_DELEGATED = 0x100000l;
|
||||
public static final long USE_DES_KEY_ONLY = 0x200000l;
|
||||
public static final long DONT_REQ_PREAUTH = 0x400000l;
|
||||
public static final long PASSWORD_EXPIRED = 0x800000l;
|
||||
public static final long TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000l;
|
||||
public static final long PARTIAL_SECRETS_ACCOUNT = 0x04000000l;
|
||||
public static final long SCRIPT = 0x0001L;
|
||||
public static final long ACCOUNTDISABLE = 0x0002L;
|
||||
public static final long HOMEDIR_REQUIRED = 0x0008L;
|
||||
public static final long LOCKOUT = 0x0010L;
|
||||
public static final long PASSWD_NOTREQD = 0x0020L;
|
||||
public static final long PASSWD_CANT_CHANGE = 0x0040L;
|
||||
public static final long ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080L;
|
||||
public static final long TEMP_DUPLICATE_ACCOUNT = 0x0100L;
|
||||
public static final long NORMAL_ACCOUNT = 0x0200L;
|
||||
public static final long INTERDOMAIN_TRUST_ACCOUNT = 0x0800L;
|
||||
public static final long WORKSTATION_TRUST_ACCOUNT = 0x1000L;
|
||||
public static final long SERVER_TRUST_ACCOUNT = 0x2000L;
|
||||
public static final long DONT_EXPIRE_PASSWORD = 0x10000L;
|
||||
public static final long MNS_LOGON_ACCOUNT = 0x20000L;
|
||||
public static final long SMARTCARD_REQUIRED = 0x40000L;
|
||||
public static final long TRUSTED_FOR_DELEGATION = 0x80000L;
|
||||
public static final long NOT_DELEGATED = 0x100000L;
|
||||
public static final long USE_DES_KEY_ONLY = 0x200000L;
|
||||
public static final long DONT_REQ_PREAUTH = 0x400000L;
|
||||
public static final long PASSWORD_EXPIRED = 0x800000L;
|
||||
public static final long TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000L;
|
||||
public static final long PARTIAL_SECRETS_ACCOUNT = 0x04000000L;
|
||||
|
||||
private long value;
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ public interface JpaUpdaterProvider extends Provider {
|
|||
|
||||
public String FIRST_VERSION = "1.0.0.Final";
|
||||
|
||||
public String LAST_VERSION = "1.8.0";
|
||||
public String LAST_VERSION = "1.9.0";
|
||||
|
||||
public String getCurrentVersionSql(String defaultSchema);
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ import liquibase.changelog.DatabaseChangeLog;
|
|||
import liquibase.changelog.RanChangeSet;
|
||||
import liquibase.database.Database;
|
||||
import liquibase.database.DatabaseFactory;
|
||||
import liquibase.database.core.DB2Database;
|
||||
import liquibase.database.jvm.JdbcConnection;
|
||||
import liquibase.logging.LogFactory;
|
||||
import liquibase.logging.LogLevel;
|
||||
|
@ -29,6 +30,7 @@ public class LiquibaseJpaUpdaterProvider implements JpaUpdaterProvider {
|
|||
private static final Logger logger = Logger.getLogger(LiquibaseJpaUpdaterProvider.class);
|
||||
|
||||
private static final String CHANGELOG = "META-INF/jpa-changelog-master.xml";
|
||||
private static final String DB2_CHANGELOG = "META-INF/db2-jpa-changelog-master.xml";
|
||||
|
||||
@Override
|
||||
public String getCurrentVersionSql(String defaultSchema) {
|
||||
|
@ -117,7 +119,10 @@ public class LiquibaseJpaUpdaterProvider implements JpaUpdaterProvider {
|
|||
if (defaultSchema != null) {
|
||||
database.setDefaultSchemaName(defaultSchema);
|
||||
}
|
||||
return new Liquibase(CHANGELOG, new ClassLoaderResourceAccessor(getClass().getClassLoader()), database);
|
||||
|
||||
String changelog = (database instanceof DB2Database) ? DB2_CHANGELOG : CHANGELOG;
|
||||
logger.debugf("Using changelog file: %s", changelog);
|
||||
return new Liquibase(changelog, new ClassLoaderResourceAccessor(getClass().getClassLoader()), database);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -264,7 +264,7 @@ public class RealmAdapter implements RealmModel {
|
|||
|
||||
@Override
|
||||
public long getQuickLoginCheckMilliSeconds() {
|
||||
return getAttribute("quickLoginCheckMilliSeconds", 0l);
|
||||
return getAttribute("quickLoginCheckMilliSeconds", 0L);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -0,0 +1,442 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
|
||||
<changeSet author="sthorger@redhat.com" id="1.0.0.Final">
|
||||
<createTable tableName="APPLICATION_DEFAULT_ROLES">
|
||||
<column name="APPLICATION_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ROLE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="CLIENT">
|
||||
<column name="DTYPE" type="VARCHAR(31)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ALLOWED_CLAIMS_MASK" type="BIGINT"/>
|
||||
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="FULL_SCOPE_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="NOT_BEFORE" type="INT"/>
|
||||
<column name="PUBLIC_CLIENT" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="SECRET" type="VARCHAR(255)"/>
|
||||
<column name="BASE_URL" type="VARCHAR(255)"/>
|
||||
<column name="BEARER_ONLY" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="MANAGEMENT_URL" type="VARCHAR(255)"/>
|
||||
<column name="SURROGATE_AUTH_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="DIRECT_GRANTS_ONLY" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="CLIENT_SESSION">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ACTION" type="INT"/>
|
||||
<column name="CLIENT_ID" type="VARCHAR(36)"/>
|
||||
<column name="REDIRECT_URI" type="VARCHAR(255)"/>
|
||||
<column name="STATE" type="VARCHAR(255)"/>
|
||||
<column name="TIMESTAMP" type="INT"/>
|
||||
<column name="SESSION_ID" type="VARCHAR(36)"/>
|
||||
</createTable>
|
||||
<createTable tableName="CLIENT_SESSION_ROLE">
|
||||
<column name="ROLE_ID" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="CLIENT_SESSION" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="COMPOSITE_ROLE">
|
||||
<column name="COMPOSITE" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="CHILD_ROLE" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="CREDENTIAL">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="DEVICE" type="VARCHAR(255)"/>
|
||||
<column name="HASH_ITERATIONS" type="INT"/>
|
||||
<column name="SALT" type="BLOB(16)"/>
|
||||
<column name="TYPE" type="VARCHAR(255)"/>
|
||||
<column name="VALUE" type="VARCHAR(255)"/>
|
||||
<column name="USER_ID" type="VARCHAR(36)"/>
|
||||
</createTable>
|
||||
<createTable tableName="EVENT_ENTITY">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="CLIENT_ID" type="VARCHAR(255)"/>
|
||||
<column name="DETAILS_JSON" type="VARCHAR(2550)"/>
|
||||
<column name="ERROR" type="VARCHAR(255)"/>
|
||||
<column name="IP_ADDRESS" type="VARCHAR(255)"/>
|
||||
<column name="REALM_ID" type="VARCHAR(255)"/>
|
||||
<column name="SESSION_ID" type="VARCHAR(255)"/>
|
||||
<column name="TIME" type="BIGINT"/>
|
||||
<column name="TYPE" type="VARCHAR(255)"/>
|
||||
<column name="USER_ID" type="VARCHAR(255)"/>
|
||||
</createTable>
|
||||
<createTable tableName="FED_PROVIDERS">
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="USERFEDERATIONPROVIDERS_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="KEYCLOAK_ROLE">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="APP_REALM_CONSTRAINT" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="APPLICATION_ROLE" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="DESCRIPTION" type="VARCHAR(255)"/>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(255)"/>
|
||||
<column name="APPLICATION" type="VARCHAR(36)"/>
|
||||
<column name="REALM" type="VARCHAR(36)"/>
|
||||
</createTable>
|
||||
<createTable tableName="REALM">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ACCESS_CODE_LIFESPAN" type="INT"/>
|
||||
<column name="USER_ACTION_LIFESPAN" type="INT"/>
|
||||
<column name="ACCESS_TOKEN_LIFESPAN" type="INT"/>
|
||||
<column name="ACCOUNT_THEME" type="VARCHAR(255)"/>
|
||||
<column name="ADMIN_THEME" type="VARCHAR(255)"/>
|
||||
<column name="EMAIL_THEME" type="VARCHAR(255)"/>
|
||||
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="EVENTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="EVENTS_EXPIRATION" type="BIGINT"/>
|
||||
<column name="LOGIN_THEME" type="VARCHAR(255)"/>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="NOT_BEFORE" type="INT"/>
|
||||
<column name="PASSWORD_CRED_GRANT_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="PASSWORD_POLICY" type="VARCHAR(255)"/>
|
||||
<column name="PRIVATE_KEY" type="VARCHAR(2048)"/>
|
||||
<column name="PUBLIC_KEY" type="VARCHAR(2048)"/>
|
||||
<column name="REGISTRATION_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="REMEMBER_ME" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="RESET_PASSWORD_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="SOCIAL" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="SSL_REQUIRED" type="VARCHAR(255)"/>
|
||||
<column name="SSO_IDLE_TIMEOUT" type="INT"/>
|
||||
<column name="SSO_MAX_LIFESPAN" type="INT"/>
|
||||
<column name="UPDATE_PROFILE_ON_SOC_LOGIN" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VERIFY_EMAIL" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="MASTER_ADMIN_APP" type="VARCHAR(36)"/>
|
||||
</createTable>
|
||||
<createTable tableName="REALM_APPLICATION">
|
||||
<column name="APPLICATION_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="REALM_ATTRIBUTE">
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)"/>
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="REALM_DEFAULT_ROLES">
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ROLE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="REALM_EVENTS_LISTENERS">
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)"/>
|
||||
</createTable>
|
||||
<createTable tableName="REALM_REQUIRED_CREDENTIAL">
|
||||
<column name="TYPE" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="FORM_LABEL" type="VARCHAR(255)"/>
|
||||
<column name="INPUT" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="SECRET" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="REALM_SMTP_CONFIG">
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)"/>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="REALM_SOCIAL_CONFIG">
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)"/>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="REDIRECT_URIS">
|
||||
<column name="CLIENT_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)"/>
|
||||
</createTable>
|
||||
<createTable tableName="SCOPE_MAPPING">
|
||||
<column name="CLIENT_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ROLE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="USERNAME_LOGIN_FAILURE">
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="USERNAME" type="VARCHAR(200)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="FAILED_LOGIN_NOT_BEFORE" type="INT"/>
|
||||
<column name="LAST_FAILURE" type="BIGINT"/>
|
||||
<column name="LAST_IP_FAILURE" type="VARCHAR(255)"/>
|
||||
<column name="NUM_FAILURES" type="INT"/>
|
||||
</createTable>
|
||||
<createTable tableName="USER_ATTRIBUTE">
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)"/>
|
||||
<column name="USER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="USER_ENTITY">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="EMAIL" type="VARCHAR(255)"/>
|
||||
<column name="EMAIL_CONSTRAINT" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="EMAIL_VERIFIED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="FEDERATION_LINK" type="VARCHAR(255)"/>
|
||||
<column name="FIRST_NAME" type="VARCHAR(255)"/>
|
||||
<column name="LAST_NAME" type="VARCHAR(255)"/>
|
||||
<column name="REALM_ID" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="TOTP" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="USERNAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="USER_FEDERATION_CONFIG">
|
||||
<column name="USER_FEDERATION_PROVIDER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)"/>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="USER_FEDERATION_PROVIDER">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="CHANGED_SYNC_PERIOD" type="INT"/>
|
||||
<column name="DISPLAY_NAME" type="VARCHAR(255)"/>
|
||||
<column name="FULL_SYNC_PERIOD" type="INT"/>
|
||||
<column name="LAST_SYNC" type="INT"/>
|
||||
<column name="PRIORITY" type="INT"/>
|
||||
<column name="PROVIDER_NAME" type="VARCHAR(255)"/>
|
||||
<column name="REALM_ID" type="VARCHAR(36)"/>
|
||||
</createTable>
|
||||
<createTable tableName="USER_REQUIRED_ACTION">
|
||||
<column name="ACTION" type="INT">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="USER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="USER_ROLE_MAPPING">
|
||||
<column name="ROLE_ID" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="USER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="USER_SESSION">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="AUTH_METHOD" type="VARCHAR(255)"/>
|
||||
<column name="IP_ADDRESS" type="VARCHAR(255)"/>
|
||||
<column name="LAST_SESSION_REFRESH" type="INT"/>
|
||||
<column name="LOGIN_USERNAME" type="VARCHAR(255)"/>
|
||||
<column name="REALM_ID" type="VARCHAR(255)"/>
|
||||
<column name="REMEMBER_ME" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="STARTED" type="INT"/>
|
||||
<column name="USER_ID" type="VARCHAR(255)"/>
|
||||
</createTable>
|
||||
<createTable tableName="USER_SOCIAL_LINK">
|
||||
<column name="SOCIAL_PROVIDER" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(255)"/>
|
||||
<column name="SOCIAL_USER_ID" type="VARCHAR(255)"/>
|
||||
<column name="SOCIAL_USERNAME" type="VARCHAR(255)"/>
|
||||
<column name="USER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="WEB_ORIGINS">
|
||||
<column name="CLIENT_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)"/>
|
||||
</createTable>
|
||||
<addPrimaryKey columnNames="REALM_ID, NAME" constraintName="CONSTRAINT_1" tableName="REALM_SOCIAL_CONFIG"/>
|
||||
<addPrimaryKey columnNames="REALM_ID, USERNAME" constraintName="CONSTRAINT_17" tableName="USERNAME_LOGIN_FAILURE"/>
|
||||
<addPrimaryKey columnNames="ACTION, USER_ID" constraintName="CONSTRAINT_2" tableName="USER_REQUIRED_ACTION"/>
|
||||
<addPrimaryKey columnNames="SOCIAL_PROVIDER, USER_ID" constraintName="CONSTRAINT_3" tableName="USER_SOCIAL_LINK"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_4" tableName="EVENT_ENTITY"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_4A" tableName="REALM"/>
|
||||
<addPrimaryKey columnNames="CLIENT_SESSION, ROLE_ID" constraintName="CONSTRAINT_5" tableName="CLIENT_SESSION_ROLE"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_57" tableName="USER_SESSION"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_5C" tableName="USER_FEDERATION_PROVIDER"/>
|
||||
<addPrimaryKey columnNames="NAME, USER_ID" constraintName="CONSTRAINT_6" tableName="USER_ATTRIBUTE"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_7" tableName="CLIENT"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_8" tableName="CLIENT_SESSION"/>
|
||||
<addPrimaryKey columnNames="CLIENT_ID, ROLE_ID" constraintName="CONSTRAINT_81" tableName="SCOPE_MAPPING"/>
|
||||
<addPrimaryKey columnNames="NAME, REALM_ID" constraintName="CONSTRAINT_9" tableName="REALM_ATTRIBUTE"/>
|
||||
<addPrimaryKey columnNames="REALM_ID, TYPE" constraintName="CONSTRAINT_92" tableName="REALM_REQUIRED_CREDENTIAL"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_A" tableName="KEYCLOAK_ROLE"/>
|
||||
<addPrimaryKey columnNames="ROLE_ID, USER_ID" constraintName="CONSTRAINT_C" tableName="USER_ROLE_MAPPING"/>
|
||||
<addPrimaryKey columnNames="REALM_ID, NAME" constraintName="CONSTRAINT_E" tableName="REALM_SMTP_CONFIG"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_F" tableName="CREDENTIAL"/>
|
||||
<addPrimaryKey columnNames="USER_FEDERATION_PROVIDER_ID, NAME" constraintName="CONSTRAINT_F9" tableName="USER_FEDERATION_CONFIG"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_FB" tableName="USER_ENTITY"/>
|
||||
<!-- Added later in 1.2.0.CR1 -->
|
||||
<!--<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_8AELWNIBJI49AVXSRTUF6XJOW" tableName="APPLICATION_DEFAULT_ROLES"/>-->
|
||||
<!--<addUniqueConstraint columnNames="REALM_ID,NAME" constraintName="UK_B71CJLBENV945RB6GCON438AT" tableName="CLIENT"/>-->
|
||||
|
||||
<addUniqueConstraint columnNames="USERFEDERATIONPROVIDERS_ID" constraintName="UK_DCCIRJLIPU1478VQC89DID88C" tableName="FED_PROVIDERS"/>
|
||||
<addUniqueConstraint columnNames="REALM_ID,EMAIL_CONSTRAINT" constraintName="UK_DYKN684SL8UP1CRFEI6ECKHD7" tableName="USER_ENTITY"/>
|
||||
<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_H4WPD7W4HSOOLNI3H0SW7BTJE" tableName="REALM_DEFAULT_ROLES"/>
|
||||
|
||||
<!-- Added later in 1.2.0.CR1 -->
|
||||
<!--<addUniqueConstraint columnNames="NAME,APP_REALM_CONSTRAINT" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2" tableName="KEYCLOAK_ROLE"/>-->
|
||||
<addUniqueConstraint columnNames="REALM_ID" constraintName="UK_L5QGA3RFME47335JY8JXYXH3I" tableName="REALM_APPLICATION"/>
|
||||
<addUniqueConstraint columnNames="NAME" constraintName="UK_ORVSDMLA56612EAEFIQ6WL5OI" tableName="REALM"/>
|
||||
<addUniqueConstraint columnNames="REALM_ID,USERNAME" constraintName="UK_RU8TT6T700S9V50BU18WS5HA6" tableName="USER_ENTITY"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_ROLE" constraintName="FK_11B7SGQW18I532811V7O2DV76" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="REDIRECT_URIS" constraintName="FK_1BURS8PB4OUJ97H5WUPPAHV9F" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="USER_FEDERATION_PROVIDER" constraintName="FK_1FJ32F6PTOLW2QY60CD8N01E8" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="FED_PROVIDERS" constraintName="FK_213LYQ09FKXQ8K8NY8DY3737T" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_REQUIRED_CREDENTIAL" constraintName="FK_5HG65LYBEVAVKQFKI3KPONH9V" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_ATTRIBUTE" constraintName="FK_5HRM2VLF9QL5FU043KQEPOVBR" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_SOCIAL_LINK" constraintName="FK_68CJYS5UWM55UY823Y75XG4OM" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_REQUIRED_ACTION" constraintName="FK_6QJ3W1JW9CVAFHE19BWSIUVMD" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM" baseTableName="KEYCLOAK_ROLE" constraintName="FK_6VYQFE4CN4WLQ8R6KT5VDSJ5C" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SMTP_CONFIG" constraintName="FK_70EJ8XDXGXD0B9HH6180IRR0O" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="REALM_APPLICATION" constraintName="FK_71S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<!-- Added later in 1.2.0.CR1 -->
|
||||
<!--<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_8AELWNIBJI49AVXSRTUF6XJOW" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>-->
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_ATTRIBUTE" constraintName="FK_8SHXD6L3E9ATQUKACXGPFFPTW" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="COMPOSITE" baseTableName="COMPOSITE_ROLE" constraintName="FK_A63WVEKFTU8JO1PNJ81E7MCE2" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
|
||||
<addForeignKeyConstraint baseColumnNames="SESSION_ID" baseTableName="CLIENT_SESSION" constraintName="FK_B4AO2VCVAT6UKAU74WBWTFQO1" referencedColumnNames="ID" referencedTableName="USER_SESSION"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_ROLE_MAPPING" constraintName="FK_C4FQV34P1MBYLLOXANG7B1Q3L" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USERFEDERATIONPROVIDERS_ID" baseTableName="FED_PROVIDERS" constraintName="FK_DCCIRJLIPU1478VQC89DID88C" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_DEFAULT_ROLES" constraintName="FK_EVUDB1PPW84OXFAX2DRS03ICC" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CHILD_ROLE" baseTableName="COMPOSITE_ROLE" constraintName="FK_GR7THLLB9LU8Q4VQA4524JJY8" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
|
||||
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="REALM_DEFAULT_ROLES" constraintName="FK_H4WPD7W4HSOOLNI3H0SW7BTJE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_EVENTS_LISTENERS" constraintName="FK_H846O4H0W8EPX5NXEV9F5Y69J" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_APPLICATION" constraintName="FK_L5QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="WEB_ORIGINS" constraintName="FK_LOJPHO213XCX4WNKOG82SSRFY" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
<!-- Added later in 1.2.0.CR1 -->
|
||||
<!--<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_MAYLTS7KLWQW2H8M2B5JOYTKY" referencedColumnNames="ID" referencedTableName="CLIENT"/>-->
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="SCOPE_MAPPING" constraintName="FK_OUSE064PLMLR732LXJCN1Q5F1" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="SCOPE_MAPPING" constraintName="FK_P3RH9GRKU11KQFRS4FLTT7RNQ" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="CLIENT" constraintName="FK_P56CTINXXB9GSK57FO49F9TAC" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="CREDENTIAL" constraintName="FK_PFYR0GLASQYL0DEI3KL69R6V0" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
|
||||
<addForeignKeyConstraint baseColumnNames="APPLICATION" baseTableName="KEYCLOAK_ROLE" constraintName="FK_PIMO5LE2C0RAL09FL8CM9WFW9" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
<addForeignKeyConstraint baseColumnNames="MASTER_ADMIN_APP" baseTableName="REALM" constraintName="FK_RSAF444KK6QRKMS7N56AIWQ5Y" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SOCIAL_CONFIG" constraintName="FK_SV5I3C2TI7G0G922FGE683SOV" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USER_FEDERATION_PROVIDER_ID" baseTableName="USER_FEDERATION_CONFIG" constraintName="FK_T13HPU1J94R2EBPEKR39X5EU5" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
|
||||
</changeSet>
|
||||
</databaseChangeLog>
|
|
@ -0,0 +1,173 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
||||
<changeSet author="psilva@redhat.com" id="1.2.0.Beta1">
|
||||
<delete tableName="CLIENT_SESSION_ROLE" />
|
||||
<delete tableName="CLIENT_SESSION_NOTE" />
|
||||
<delete tableName="CLIENT_SESSION" />
|
||||
<delete tableName="USER_SESSION" />
|
||||
<createTable tableName="PROTOCOL_MAPPER">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="PROTOCOL" type="VARCHAR(255)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="PROTOCOL_MAPPER_NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="CONSENT_TEXT" type="VARCHAR(255)" />
|
||||
<column name="CLIENT_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="PROTOCOL_MAPPER_CONFIG">
|
||||
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="VALUE" type="CLOB" />
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="FEDERATED_IDENTITY">
|
||||
<column name="IDENTITY_PROVIDER" type="VARCHAR(255)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="FEDERATED_USER_ID" type="VARCHAR(255)" />
|
||||
<column name="FEDERATED_USERNAME" type="VARCHAR(255)" />
|
||||
<column name="TOKEN" type="TEXT" />
|
||||
<column name="USER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="IDENTITY_PROVIDER">
|
||||
<column name="INTERNAL_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="PROVIDER_ALIAS" type="VARCHAR(255)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="PROVIDER_ID" type="VARCHAR(255)" />
|
||||
<column name="UPDATE_PROFILE_FIRST_LOGIN" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="STORE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="AUTHENTICATE_BY_DEFAULT" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="IDENTITY_PROVIDER_CONFIG">
|
||||
<column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="VALUE" type="CLOB" />
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="CLIENT_IDENTITY_PROV_MAPPING">
|
||||
<column name="CLIENT_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="RETRIEVE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="REALM_SUPPORTED_LOCALES">
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)" />
|
||||
</createTable>
|
||||
<createTable tableName="USER_SESSION_NOTE">
|
||||
<column name="USER_SESSION" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(2048)" />
|
||||
</createTable>
|
||||
<addColumn tableName="CLIENT">
|
||||
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
</addColumn>
|
||||
<addColumn tableName="USER_SESSION">
|
||||
<column name="USER_SESSION_STATE" type="INT" />
|
||||
<column name="BROKER_SESSION_ID" type="VARCHAR(255)" />
|
||||
<column name="BROKER_USER_ID" type="VARCHAR(255)" />
|
||||
</addColumn>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_PCM" tableName="PROTOCOL_MAPPER" />
|
||||
<addPrimaryKey columnNames="INTERNAL_ID" constraintName="CONSTRAINT_2B" tableName="IDENTITY_PROVIDER" />
|
||||
<addPrimaryKey columnNames="IDENTITY_PROVIDER, USER_ID" constraintName="CONSTRAINT_40" tableName="FEDERATED_IDENTITY" />
|
||||
<addPrimaryKey columnNames="IDENTITY_PROVIDER_ID, NAME" constraintName="CONSTRAINT_D" tableName="IDENTITY_PROVIDER_CONFIG" />
|
||||
<addPrimaryKey columnNames="PROTOCOL_MAPPER_ID, NAME" constraintName="CONSTRAINT_PMConfig" tableName="PROTOCOL_MAPPER_CONFIG" />
|
||||
<addPrimaryKey columnNames="USER_SESSION, NAME" constraintName="CONSTRAINT_USN_PK" tableName="USER_SESSION_NOTE" />
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER" constraintName="FK2B4EBC52AE5C3B34" referencedColumnNames="ID" referencedTableName="REALM" />
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_PCM_REALM" referencedColumnNames="ID" referencedTableName="CLIENT" />
|
||||
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="FEDERATED_IDENTITY" constraintName="FK404288B92EF007A6" referencedColumnNames="ID" referencedTableName="USER_ENTITY" />
|
||||
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="IDENTITY_PROVIDER_CONFIG" constraintName="FKDC4897CF864C4E43" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER" />
|
||||
<addForeignKeyConstraint baseColumnNames="PROTOCOL_MAPPER_ID" baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMConfig" referencedColumnNames="ID" referencedTableName="PROTOCOL_MAPPER" />
|
||||
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_7CELWNIBJI49AVXSRTUF6XJ12" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER" />
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_56ELWNIBJI49AVXSRTUF6XJ23" referencedColumnNames="ID" referencedTableName="CLIENT" />
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SUPPORTED_LOCALES" constraintName="FK_SUPPORTED_LOCALES_REALM" referencedColumnNames="ID" referencedTableName="REALM" />
|
||||
<addForeignKeyConstraint baseColumnNames="USER_SESSION" baseTableName="USER_SESSION_NOTE" constraintName="FK5EDFB00FF51D3472" referencedColumnNames="ID" referencedTableName="USER_SESSION" />
|
||||
<addUniqueConstraint columnNames="PROVIDER_ALIAS, REALM_ID" constraintName="UK_2DAELWNIBJI49AVXSRTUF6XJ33" tableName="IDENTITY_PROVIDER" />
|
||||
<addUniqueConstraint columnNames="IDENTITY_PROVIDER_ID,CLIENT_ID" constraintName="UK_7CAELWNIBJI49AVXSRTUF6XJ12" tableName="CLIENT_IDENTITY_PROV_MAPPING" />
|
||||
<addColumn tableName="REALM">
|
||||
<column name="LOGIN_LIFESPAN" type="INT" />
|
||||
<column name="INTERNATIONALIZATION_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="DEFAULT_LOCALE" type="VARCHAR(255)" />
|
||||
<column name="REG_EMAIL_AS_USERNAME" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
</addColumn>
|
||||
<!-- KEYCLOAK-1106 APPLICATION_ID and REALM_ID switched in REALM_APPLICATION table -->
|
||||
<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_71S3P0DIUXAWWQQSA528UBY2Q" />
|
||||
<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_L5QGA3RFME47335JY8JXYXH3I" />
|
||||
<dropUniqueConstraint tableName="REALM_APPLICATION" constraintName="UK_L5QGA3RFME47335JY8JXYXH3I" />
|
||||
<renameColumn tableName="REALM_APPLICATION" oldColumnName="APPLICATION_ID" newColumnName="APPLICATION_ID_TMP" columnDataType="VARCHAR(36)" />
|
||||
<renameColumn tableName="REALM_APPLICATION" oldColumnName="REALM_ID" newColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)" />
|
||||
<renameColumn tableName="REALM_APPLICATION" oldColumnName="APPLICATION_ID_TMP" newColumnName="REALM_ID" columnDataType="VARCHAR(36)" />
|
||||
<!--<addUniqueConstraint columnNames="APPLICATION_ID" constraintName="UK_M6QGA3RFME47335JY8JXYXH3I" tableName="REALM_APPLICATION" />
|
||||
<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="REALM_APPLICATION" constraintName="FK_82S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="CLIENT" />
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_APPLICATION" constraintName="FK_M6QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="REALM" />-->
|
||||
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_2_0_Beta1" />
|
||||
<!-- Remove obsolete 'social' and 'claims' stuff -->
|
||||
<dropForeignKeyConstraint baseTableName="USER_SOCIAL_LINK" constraintName="FK_68CJYS5UWM55UY823Y75XG4OM" />
|
||||
<dropTable tableName="USER_SOCIAL_LINK" cascadeConstraints="true" />
|
||||
<dropForeignKeyConstraint baseTableName="REALM_SOCIAL_CONFIG" constraintName="FK_SV5I3C2TI7G0G922FGE683SOV" />
|
||||
<dropTable tableName="REALM_SOCIAL_CONFIG" cascadeConstraints="true" />
|
||||
<dropColumn tableName="CLIENT" columnName="ALLOWED_CLAIMS_MASK" />
|
||||
<createTable tableName="REALM_ENABLED_EVENT_TYPES">
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false" />
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(255)" />
|
||||
</createTable>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_ENABLED_EVENT_TYPES" constraintName="FK_H846O4H0W8EPX5NWEDRF5Y69J" referencedColumnNames="ID" referencedTableName="REALM" />
|
||||
</changeSet>
|
||||
</databaseChangeLog>
|
|
@ -0,0 +1,156 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
||||
<changeSet author="bburke@redhat.com" id="1.2.0.RC1">
|
||||
<delete tableName="CLIENT_SESSION_ROLE"/>
|
||||
<delete tableName="CLIENT_SESSION_NOTE"/>
|
||||
<delete tableName="CLIENT_SESSION"/>
|
||||
<delete tableName="USER_SESSION_NOTE"/>
|
||||
<delete tableName="USER_SESSION"/>
|
||||
|
||||
<createTable tableName="MIGRATION_MODEL">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VERSION" type="VARCHAR(36)">
|
||||
<constraints nullable="true"/>
|
||||
</column>
|
||||
</createTable>
|
||||
|
||||
<createTable tableName="IDENTITY_PROVIDER_MAPPER">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="IDP_ALIAS" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="IDP_MAPPER_NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="IDP_MAPPER_CONFIG">
|
||||
<column name="IDP_MAPPER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="CLOB"/>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<addColumn tableName="CREDENTIAL">
|
||||
<column name="CREATED_DATE" type="BIGINT"/>
|
||||
</addColumn>
|
||||
<createTable tableName="USER_CONSENT">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="CLIENT_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="USER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="USER_CONSENT_ROLE">
|
||||
<column name="USER_CONSENT_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ROLE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="USER_CONSENT_PROT_MAPPER">
|
||||
<column name="USER_CONSENT_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="CLIENT_SESSION_PROT_MAPPER">
|
||||
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="CLIENT_SESSION" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_MIGMOD" tableName="MIGRATION_MODEL"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_IDPM" tableName="IDENTITY_PROVIDER_MAPPER"/>
|
||||
<addPrimaryKey columnNames="IDP_MAPPER_ID, NAME" constraintName="CONSTRAINT_IDPMConfig" tableName="IDP_MAPPER_CONFIG"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_GRNTCSNT_PM" tableName="USER_CONSENT"/>
|
||||
<addPrimaryKey columnNames="USER_CONSENT_ID, ROLE_ID" constraintName="CONSTRAINT_GRNTCSNT_ROLE_PM" tableName="USER_CONSENT_ROLE"/>
|
||||
<addPrimaryKey columnNames="USER_CONSENT_ID, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_GRNTCSNT_PRM_PM" tableName="USER_CONSENT_PROT_MAPPER"/>
|
||||
<addPrimaryKey columnNames="CLIENT_SESSION, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_CS_PMP_PK" tableName="CLIENT_SESSION_PROT_MAPPER"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER_MAPPER" constraintName="FK_IDPM_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="IDP_MAPPER_ID" baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMConfig" referencedColumnNames="ID" referencedTableName="IDENTITY_PROVIDER_MAPPER"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_CONSENT" constraintName="FK_GRNTCSNT_USER" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_ROLE" constraintName="FK_GRNTCSNT_ROLE_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
|
||||
<addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_PROT_MAPPER" constraintName="FK_GRNTCSNT_PRM_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_PROT_MAPPER" constraintName="FK_33A8SGQW18I532811V7O2DK89" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
|
||||
|
||||
<renameColumn tableName="CLIENT" newColumnName="CLIENT_ID" oldColumnName="NAME" columnDataType="VARCHAR(255)"/>
|
||||
<!-- DB2 specific. Original changelog has this in 1.0.0.Final -->
|
||||
<addUniqueConstraint columnNames="REALM_ID,CLIENT_ID" constraintName="UK_B71CJLBENV945RB6GCON438AT" tableName="CLIENT"/>
|
||||
|
||||
<addColumn tableName="CLIENT">
|
||||
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="NAME" type="VARCHAR(255)" />
|
||||
</addColumn>
|
||||
<addColumn tableName="IDENTITY_PROVIDER">
|
||||
<column name="ADD_TOKEN_ROLE" type="BOOLEAN" defaultValueBoolean="true">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
<update tableName="CLIENT">
|
||||
<column name="CONSENT_REQUIRED" valueBoolean="true"/>
|
||||
<where>DTYPE = 'OAuthClientEntity'</where>
|
||||
</update>
|
||||
<dropColumn tableName="CLIENT" columnName="DTYPE"/>
|
||||
|
||||
<dropForeignKeyConstraint baseTableName="REALM" constraintName="FK_RSAF444KK6QRKMS7N56AIWQ5Y" />
|
||||
<renameColumn tableName="REALM" newColumnName="MASTER_ADMIN_CLIENT" oldColumnName="MASTER_ADMIN_APP" columnDataType="VARCHAR(36)"/>
|
||||
<addForeignKeyConstraint baseColumnNames="MASTER_ADMIN_CLIENT" baseTableName="REALM" constraintName="FK_TRAF444KK6QRKMS7N56AIWQ5Y" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
|
||||
<!--<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_82S3P0DIUXAWWQQSA528UBY2Q" />-->
|
||||
<renameTable oldTableName="REALM_APPLICATION" newTableName="REALM_CLIENT"/>
|
||||
<renameColumn tableName="REALM_CLIENT" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
|
||||
<addUniqueConstraint columnNames="CLIENT_ID" constraintName="UK_M6QGA3RFME47335JY8JXYXH3I" tableName="REALM_CLIENT" />
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="REALM_CLIENT" constraintName="FK_93S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_CLIENT" constraintName="FK_M6QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="REALM" />
|
||||
|
||||
<!--<dropForeignKeyConstraint baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_MAYLTS7KLWQW2H8M2B5JOYTKY" />-->
|
||||
<renameTable oldTableName="APPLICATION_DEFAULT_ROLES" newTableName="CLIENT_DEFAULT_ROLES"/>
|
||||
<renameColumn tableName="CLIENT_DEFAULT_ROLES" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
|
||||
<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_8AELWNIBJI49AVXSRTUF6XJOW" tableName="CLIENT_DEFAULT_ROLES"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_DEFAULT_ROLES" constraintName="FK_NUILTS7KLWQW2H8M2B5JOYTKY" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="CLIENT_DEFAULT_ROLES" constraintName="FK_8AELWNIBJI49AVXSRTUF6XJOW" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
|
||||
|
||||
<dropForeignKeyConstraint baseTableName="APP_NODE_REGISTRATIONS" constraintName="FK8454723BA992F594" />
|
||||
<dropPrimaryKey constraintName="CONSTRAINT_84" tableName="APP_NODE_REGISTRATIONS"/>
|
||||
<renameTable oldTableName="APP_NODE_REGISTRATIONS" newTableName="CLIENT_NODE_REGISTRATIONS"/>
|
||||
<renameColumn tableName="CLIENT_NODE_REGISTRATIONS" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
|
||||
<addPrimaryKey columnNames="CLIENT_ID, NAME" constraintName="CONSTRAINT_84_2" tableName="CLIENT_NODE_REGISTRATIONS"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_NODE_REGISTRATIONS" constraintName="FK4129723BA992F594" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
|
||||
<dropForeignKeyConstraint baseTableName="KEYCLOAK_ROLE" constraintName="FK_PIMO5LE2C0RAL09FL8CM9WFW9" />
|
||||
<renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT" oldColumnName="APPLICATION" columnDataType="VARCHAR(36)"/>
|
||||
<renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT_ROLE" oldColumnName="APPLICATION_ROLE" columnDataType="BOOLEAN"/>
|
||||
<renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT_REALM_CONSTRAINT" oldColumnName="APP_REALM_CONSTRAINT" columnDataType="VARCHAR(36)"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT" baseTableName="KEYCLOAK_ROLE" constraintName="FK_KJHO5LE2C0RAL09FL8CM9WFW9" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||
|
||||
<!--<dropUniqueConstraint tableName="KEYCLOAK_ROLE" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2"/>-->
|
||||
<addUniqueConstraint columnNames="NAME,CLIENT_REALM_CONSTRAINT" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2-2" tableName="KEYCLOAK_ROLE"/>
|
||||
<addUniqueConstraint columnNames="CLIENT_ID, USER_ID" constraintName="UK_JKUWUVD56ONTGSUHOGM8UEWRT" tableName="USER_CONSENT"/>
|
||||
|
||||
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_2_0_CR1"/>
|
||||
|
||||
</changeSet>
|
||||
</databaseChangeLog>
|
|
@ -0,0 +1,155 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
||||
<changeSet author="bburke@redhat.com" id="1.4.0">
|
||||
<delete tableName="CLIENT_SESSION_AUTH_STATUS"/>
|
||||
<delete tableName="CLIENT_SESSION_ROLE"/>
|
||||
<delete tableName="CLIENT_SESSION_PROT_MAPPER"/>
|
||||
<delete tableName="CLIENT_SESSION_NOTE"/>
|
||||
<delete tableName="CLIENT_SESSION"/>
|
||||
<delete tableName="USER_SESSION_NOTE"/>
|
||||
<delete tableName="USER_SESSION"/>
|
||||
|
||||
<addColumn tableName="CLIENT">
|
||||
<column name="SERVICE_ACCOUNTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
<addColumn tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" type="VARCHAR(36)">
|
||||
<constraints nullable="true"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
<addColumn tableName="AUTHENTICATION_FLOW">
|
||||
<column name="PROVIDER_ID" type="VARCHAR(36)" defaultValue="basic-flow">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="TOP_LEVEL" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="BUILT_IN" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
<addColumn tableName="AUTHENTICATION_EXECUTION">
|
||||
<column name="AUTH_FLOW_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="true"/>
|
||||
</column>
|
||||
<column name="AUTH_CONFIG" type="VARCHAR(36)">
|
||||
<constraints nullable="true"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
<addColumn tableName="USER_ATTRIBUTE">
|
||||
<column name="ID" type="VARCHAR(36)" defaultValue="sybase-needs-something-here">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
|
||||
<dropColumn tableName="AUTHENTICATOR" columnName="PROVIDER_ID"/>
|
||||
<renameTable oldTableName="AUTHENTICATOR_CONFIG" newTableName="AUTHENTICATOR_CONFIG_ENTRY"/>
|
||||
|
||||
<dropForeignKeyConstraint baseTableName="AUTHENTICATOR" constraintName="FK_AUTH_REALM" />
|
||||
<renameTable oldTableName="AUTHENTICATOR" newTableName="AUTHENTICATOR_CONFIG"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATOR_CONFIG" constraintName="FK_AUTH_REALM_2" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
|
||||
<!-- OAUTH_GRANT,
|
||||
CODE_TO_TOKEN,
|
||||
VERIFY_EMAIL,
|
||||
UPDATE_PROFILE,
|
||||
CONFIGURE_TOTP,
|
||||
UPDATE_PASSWORD,
|
||||
RECOVER_PASSWORD,
|
||||
AUTHENTICATE,
|
||||
SOCIAL_CALLBACK,
|
||||
LOGGED_OUT -->
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="OAUTH_GRANT"/>
|
||||
<where>ACTION = 0</where>
|
||||
</update>
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="CODE_TO_TOKEN"/>
|
||||
<where>ACTION = 1</where>
|
||||
</update>
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="VERIFY_EMAIL"/>
|
||||
<where>ACTION = 2</where>
|
||||
</update>
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="UPDATE_PROFILE"/>
|
||||
<where>ACTION = 3</where>
|
||||
</update>
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="CONFIGURE_TOTP"/>
|
||||
<where>ACTION = 4</where>
|
||||
</update>
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="UPDATE_PASSWORD"/>
|
||||
<where>ACTION = 5</where>
|
||||
</update>
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="RECOVER_PASSWORD"/>
|
||||
<where>ACTION = 6</where>
|
||||
</update>
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="AUTHENTICATE"/>
|
||||
<where>ACTION = 7</where>
|
||||
</update>
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="SOCIAL_CALLBACK"/>
|
||||
<where>ACTION = 8</where>
|
||||
</update>
|
||||
<update tableName="CLIENT_SESSION">
|
||||
<column name="CURRENT_ACTION" value="LOGGED_OUT"/>
|
||||
<where>ACTION = 9</where>
|
||||
</update>
|
||||
|
||||
<createTable tableName="CLIENT_USER_SESSION_NOTE">
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(2048)"/>
|
||||
<column name="CLIENT_SESSION" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="REQUIRED_ACTION_PROVIDER">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ALIAS" type="VARCHAR(255)"/>
|
||||
<column name="NAME" type="VARCHAR(255)"/>
|
||||
<column name="REALM_ID" type="VARCHAR(36)"/>
|
||||
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="DEFAULT_ACTION" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="PROVIDER_ID" type="VARCHAR(255)"/>
|
||||
</createTable>
|
||||
<createTable tableName="REQUIRED_ACTION_CONFIG">
|
||||
<column name="REQUIRED_ACTION_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="CLOB"/>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
|
||||
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_4_0_Final"/>
|
||||
|
||||
<dropPrimaryKey constraintName="CONSTRAINT_6" tableName="USER_ATTRIBUTE"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_USER_ATTRIBUTE_PK" tableName="USER_ATTRIBUTE"/>
|
||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_REQ_ACT_PRV_PK" tableName="REQUIRED_ACTION_PROVIDER"/>
|
||||
<addPrimaryKey columnNames="REQUIRED_ACTION_ID, NAME" constraintName="CONSTRAINT_REQ_ACT_CFG_PK" tableName="REQUIRED_ACTION_CONFIG"/>
|
||||
<addPrimaryKey columnNames="CLIENT_SESSION, NAME" constraintName="CONSTR_CL_USR_SES_NOTE" tableName="CLIENT_USER_SESSION_NOTE"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REQUIRED_ACTION_PROVIDER" constraintName="FK_REQ_ACT_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_USER_SESSION_NOTE" constraintName="FK_CL_USR_SES_NOTE" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
|
||||
<dropColumn tableName="CLIENT_SESSION" columnName="ACTION"/>
|
||||
<addColumn tableName="USER_ENTITY">
|
||||
<column name="CREATED_TIMESTAMP" type="BIGINT"/>
|
||||
<column name="SERVICE_ACCOUNT_CLIENT_LINK" type="VARCHAR(36)"/>
|
||||
</addColumn>
|
||||
|
||||
</changeSet>
|
||||
</databaseChangeLog>
|
|
@ -0,0 +1,129 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
||||
<changeSet author="mposolda@redhat.com" id="1.8.0">
|
||||
|
||||
<addColumn tableName="IDENTITY_PROVIDER">
|
||||
<column name="POST_BROKER_LOGIN_FLOW_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="true"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
<createTable tableName="CLIENT_TEMPLATE">
|
||||
<column name="ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="DESCRIPTION" type="VARCHAR(255)"/>
|
||||
<column name="PROTOCOL" type="VARCHAR(255)"/>
|
||||
<column name="FULL_SCOPE_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="STANDARD_FLOW_ENABLED" type="BOOLEAN" defaultValueBoolean="true">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="IMPLICIT_FLOW_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="DIRECT_ACCESS_GRANTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="SERVICE_ACCOUNTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="BEARER_ONLY" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="PUBLIC_CLIENT" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="CLIENT_TEMPLATE_ATTRIBUTES">
|
||||
<column name="TEMPLATE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="VALUE" type="VARCHAR(2048)"/>
|
||||
<column name="NAME" type="VARCHAR(255)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="TEMPLATE_SCOPE_MAPPING">
|
||||
<column name="TEMPLATE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="ROLE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
|
||||
|
||||
|
||||
<dropNotNullConstraint tableName="PROTOCOL_MAPPER" columnName="CLIENT_ID" columnDataType="VARCHAR(36)"/>
|
||||
<addColumn tableName="CLIENT">
|
||||
<column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="true"/>
|
||||
</column>
|
||||
<column name="USE_TEMPLATE_CONFIG" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="USE_TEMPLATE_SCOPE" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="USE_TEMPLATE_MAPPERS" type="BOOLEAN" defaultValueBoolean="false">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
<addColumn tableName="PROTOCOL_MAPPER">
|
||||
<column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="true"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
<createTable tableName="REALM_CLIENT_TEMPLATE">
|
||||
<column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
|
||||
<addPrimaryKey columnNames="ID" constraintName="PK_CLI_TEMPLATE" tableName="CLIENT_TEMPLATE"/>
|
||||
<addUniqueConstraint columnNames="REALM_ID,NAME" constraintName="UK_CLI_TEMPLATE" tableName="CLIENT_TEMPLATE"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="CLIENT_TEMPLATE" constraintName="FK_REALM_CLI_TMPLT" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_CLI_TMPLT_MAPPER" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="CLIENT" constraintName="FK_CLI_TMPLT_CLIENT" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_RLM" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_CLI" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
|
||||
<addPrimaryKey columnNames="TEMPLATE_ID, ROLE_ID" constraintName="PK_TEMPLATE_SCOPE" tableName="TEMPLATE_SCOPE_MAPPING"/>
|
||||
<addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
|
||||
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_ROLE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
|
||||
<addPrimaryKey columnNames="TEMPLATE_ID, NAME" constraintName="PK_CL_TMPL_ATTR" tableName="CLIENT_TEMPLATE_ATTRIBUTES"/>
|
||||
<addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="CLIENT_TEMPLATE_ATTRIBUTES" constraintName="FK_CL_TEMPL_ATTR_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
|
||||
|
||||
<update tableName="CREDENTIAL">
|
||||
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
|
||||
<where>TYPE in ('password-history', 'password') AND ALGORITHM is NULL</where>
|
||||
</update>
|
||||
|
||||
</changeSet>
|
||||
|
||||
<changeSet id="1.8.0-2" author="keycloak">
|
||||
<dropDefaultValue tableName="CREDENTIAL" columnName="ALGORITHM" columnDataType="VARCHAR(36)"/>
|
||||
|
||||
<update tableName="CREDENTIAL">
|
||||
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
|
||||
<where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
|
||||
</update>
|
||||
|
||||
</changeSet>
|
||||
|
||||
</databaseChangeLog>
|
|
@ -0,0 +1,16 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
|
||||
<include file="META-INF/db2-jpa-changelog-1.0.0.Final.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.1.0.Beta1.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.1.0.Final.xml"/>
|
||||
<include file="META-INF/db2-jpa-changelog-1.2.0.Beta1.xml"/>
|
||||
<include file="META-INF/db2-jpa-changelog-1.2.0.CR1.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.2.0.Final.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.3.0.xml"/>
|
||||
<include file="META-INF/db2-jpa-changelog-1.4.0.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.5.0.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.6.1.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.7.0.xml"/>
|
||||
<include file="META-INF/db2-jpa-changelog-1.8.0.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.9.0.xml"/>
|
||||
</databaseChangeLog>
|
|
@ -119,6 +119,12 @@
|
|||
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
|
||||
<where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
|
||||
</update>
|
||||
|
||||
<!-- Sybase specific hacks -->
|
||||
<modifySql dbms="sybase">
|
||||
<regExpReplace replace=".*(SET DEFAULT NULL)" with="SELECT 1" />
|
||||
</modifySql>
|
||||
|
||||
</changeSet>
|
||||
|
||||
</databaseChangeLog>
|
|
@ -0,0 +1,47 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
||||
<changeSet author="mposolda@redhat.com" id="1.9.0">
|
||||
|
||||
<!-- This is needed for MSSQL :( -->
|
||||
<!-- 1.5 -->
|
||||
<update tableName="REALM">
|
||||
<column name="OTP_POLICY_COUNTER" type="INT" valueNumeric="0" />
|
||||
<where>OTP_POLICY_COUNTER is NULL</where>
|
||||
</update>
|
||||
<update tableName="REALM">
|
||||
<column name="OTP_POLICY_WINDOW" type="INT" valueNumeric="1" />
|
||||
<where>OTP_POLICY_WINDOW is NULL</where>
|
||||
</update>
|
||||
<update tableName="REALM">
|
||||
<column name="OTP_POLICY_PERIOD" type="INT" valueNumeric="30" />
|
||||
<where>OTP_POLICY_PERIOD is NULL</where>
|
||||
</update>
|
||||
<update tableName="REALM">
|
||||
<column name="OTP_POLICY_DIGITS" type="INT" valueNumeric="6" />
|
||||
<where>OTP_POLICY_DIGITS is NULL</where>
|
||||
</update>
|
||||
<update tableName="CREDENTIAL">
|
||||
<column name="COUNTER" type="INT" valueNumeric="0" />
|
||||
<where>COUNTER is NULL</where>
|
||||
</update>
|
||||
<update tableName="CREDENTIAL">
|
||||
<column name="DIGITS" type="INT" valueNumeric="6" />
|
||||
<where>DIGITS is NULL</where>
|
||||
</update>
|
||||
<update tableName="CREDENTIAL">
|
||||
<column name="PERIOD" type="INT" valueNumeric="30" />
|
||||
<where>PERIOD is NULL</where>
|
||||
</update>
|
||||
<!-- 1.6 -->
|
||||
<update tableName="REALM">
|
||||
<column name="OFFLINE_SESSION_IDLE_TIMEOUT" type="INT" valueNumeric="2592000" />
|
||||
<where>OFFLINE_SESSION_IDLE_TIMEOUT is NULL</where>
|
||||
</update>
|
||||
<!-- 1.7 -->
|
||||
<update tableName="REALM">
|
||||
<column name="ACCESS_TOKEN_LIFE_IMPLICIT" type="INT" valueNumeric="900" />
|
||||
<where>ACCESS_TOKEN_LIFE_IMPLICIT is NULL</where>
|
||||
</update>
|
||||
|
||||
</changeSet>
|
||||
</databaseChangeLog>
|
|
@ -12,4 +12,5 @@
|
|||
<include file="META-INF/jpa-changelog-1.6.1.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.7.0.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.8.0.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.9.0.xml"/>
|
||||
</databaseChangeLog>
|
||||
|
|
37
pom.xml
37
pom.xml
|
@ -55,8 +55,7 @@
|
|||
|
||||
<eap.version>7.0.0.Beta</eap.version>
|
||||
|
||||
<!-- this is EAP 6.4 alpha, publicly available -->
|
||||
<jboss.version>7.5.0.Final-redhat-15</jboss.version>
|
||||
<jboss.version>7.2.0.Final</jboss.version>
|
||||
|
||||
<servlet.api.30.version>1.0.2.Final</servlet.api.30.version>
|
||||
<google.zxing.version>3.2.1</google.zxing.version>
|
||||
|
@ -1332,39 +1331,5 @@
|
|||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
|
||||
<!-- Configure the JBoss Early Access Maven repository -->
|
||||
<profile>
|
||||
<id>jboss-earlyaccess-repository</id>
|
||||
<activation>
|
||||
<property>
|
||||
<name>!no-jboss-ea-repo</name>
|
||||
</property>
|
||||
</activation>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>jboss-earlyaccess-repository</id>
|
||||
<url>http://maven.repository.redhat.com/earlyaccess/all/</url>
|
||||
<releases>
|
||||
<enabled>true</enabled>
|
||||
</releases>
|
||||
<snapshots>
|
||||
<enabled>false</enabled>
|
||||
</snapshots>
|
||||
</repository>
|
||||
</repositories>
|
||||
<pluginRepositories>
|
||||
<pluginRepository>
|
||||
<id>jboss-earlyaccess-plugin-repository</id>
|
||||
<url>http://maven.repository.redhat.com/earlyaccess/all/</url>
|
||||
<releases>
|
||||
<enabled>true</enabled>
|
||||
</releases>
|
||||
<snapshots>
|
||||
<enabled>false</enabled>
|
||||
</snapshots>
|
||||
</pluginRepository>
|
||||
</pluginRepositories>
|
||||
</profile>
|
||||
</profiles>
|
||||
</project>
|
||||
|
|
|
@ -130,7 +130,7 @@ public class StringUtil {
|
|||
* @param second
|
||||
*/
|
||||
public static void match(String first, String second) {
|
||||
if (first.equals(second) == false)
|
||||
if (!first.equals(second))
|
||||
throw logger.notEqualError(first, second);
|
||||
}
|
||||
|
||||
|
|
|
@ -191,7 +191,7 @@ public class TransformerUtil {
|
|||
public void transform(Source xmlSource, Result outputTarget) throws TransformerException {
|
||||
if (!(xmlSource instanceof StAXSource))
|
||||
throw logger.wrongTypeError("xmlSource should be a stax source");
|
||||
if (outputTarget instanceof DOMResult == false)
|
||||
if (!(outputTarget instanceof DOMResult))
|
||||
throw logger.wrongTypeError("outputTarget should be a dom result");
|
||||
|
||||
String rootTag = null;
|
||||
|
@ -208,7 +208,7 @@ public class TransformerUtil {
|
|||
|
||||
try {
|
||||
XMLEvent xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader);
|
||||
if (xmlEvent instanceof StartElement == false)
|
||||
if (!(xmlEvent instanceof StartElement))
|
||||
throw new TransformerException(ErrorCodes.WRITER_SHOULD_START_ELEMENT);
|
||||
|
||||
StartElement rootElement = (StartElement) xmlEvent;
|
||||
|
|
|
@ -167,7 +167,7 @@ public class StatementUtil {
|
|||
* @return
|
||||
*/
|
||||
public static AttributeStatementType createAttributeStatementForRoles(List<String> roles, boolean multivalued) {
|
||||
if (multivalued == false) {
|
||||
if (!multivalued) {
|
||||
return createAttributeStatement(roles);
|
||||
}
|
||||
AttributeStatementType attrStatement = new AttributeStatementType();
|
||||
|
|
|
@ -136,7 +136,7 @@ public class JAXPValidationUtil {
|
|||
|
||||
public void error(SAXParseException ex) throws SAXException {
|
||||
logException(ex);
|
||||
if (ex.getMessage().contains("null") == false) {
|
||||
if (!ex.getMessage().contains("null")) {
|
||||
throw ex;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,16 +5,16 @@ package org.keycloak.models;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ClaimMask {
|
||||
public static final long NAME = 0x01l;
|
||||
public static final long USERNAME = 0x02l;
|
||||
public static final long PROFILE = 0x04l;
|
||||
public static final long PICTURE = 0x08l;
|
||||
public static final long WEBSITE = 0x10l;
|
||||
public static final long EMAIL = 0x20l;
|
||||
public static final long GENDER = 0x40l;
|
||||
public static final long LOCALE = 0x80l;
|
||||
public static final long ADDRESS = 0x100l;
|
||||
public static final long PHONE = 0x200l;
|
||||
public static final long NAME = 0x01L;
|
||||
public static final long USERNAME = 0x02L;
|
||||
public static final long PROFILE = 0x04L;
|
||||
public static final long PICTURE = 0x08L;
|
||||
public static final long WEBSITE = 0x10L;
|
||||
public static final long EMAIL = 0x20L;
|
||||
public static final long GENDER = 0x40L;
|
||||
public static final long LOCALE = 0x80L;
|
||||
public static final long ADDRESS = 0x100L;
|
||||
public static final long PHONE = 0x200L;
|
||||
|
||||
public static final long ALL = NAME | USERNAME | PROFILE | PICTURE | WEBSITE | EMAIL | GENDER | LOCALE | ADDRESS | PHONE;
|
||||
|
||||
|
|
|
@ -96,25 +96,25 @@ public class OTPPolicy implements Serializable {
|
|||
}
|
||||
|
||||
public String getKeyURI(RealmModel realm, UserModel user, String secret) {
|
||||
try {
|
||||
String displayName = realm.getDisplayName() != null && !realm.getDisplayName().isEmpty() ? realm.getDisplayName() : realm.getName();
|
||||
String uri;
|
||||
|
||||
String displayName = realm.getDisplayName();
|
||||
String uri = null;
|
||||
uri = "otpauth://" + type + "/" + URLEncoder.encode(user.getUsername(), "UTF-8") + "?secret=" +
|
||||
Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
|
||||
|
||||
if (displayName == null || displayName.isEmpty()) { displayName = realm.getName(); }
|
||||
uri = "otpauth://" + type + "/" + displayName + ":" + user.getUsername() + "?secret=" +
|
||||
Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
|
||||
try {
|
||||
uri += "&issuer=" + URLEncoder.encode(realm.getName(), "UTF-8");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
logger.debug("Failed to add issuer parameter to OTP URI becasue UTF-8 is not supported.");
|
||||
}
|
||||
if (type.equals(UserCredentialModel.HOTP)) {
|
||||
uri += "&counter=" + initialCounter;
|
||||
uri += "&issuer=" + URLEncoder.encode(displayName, "UTF-8");
|
||||
|
||||
if (type.equals(UserCredentialModel.HOTP)) {
|
||||
uri += "&counter=" + initialCounter;
|
||||
}
|
||||
if (type.equals(UserCredentialModel.TOTP)) {
|
||||
uri += "&period=" + period;
|
||||
}
|
||||
|
||||
return uri;
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
if (type.equals(UserCredentialModel.TOTP)) {
|
||||
uri += "&period=" + period;
|
||||
}
|
||||
return uri;
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@ public class PasswordPolicy implements Serializable {
|
|||
this.policyString = policyString;
|
||||
this.policies = new LinkedList<>();
|
||||
|
||||
if (policyString != null && !policyString.isEmpty()) {
|
||||
if (policyString != null && !policyString.trim().isEmpty()) {
|
||||
for (String policy : policyString.split(" and ")) {
|
||||
policy = policy.trim();
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ import org.keycloak.common.ClientConnection;
|
|||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UsernameLoginFailureModel;
|
||||
import org.keycloak.services.ServicesLogger;
|
||||
|
||||
|
@ -91,44 +92,49 @@ public class DefaultBruteForceProtector implements Runnable, BruteForceProtector
|
|||
logger.debug("failure");
|
||||
RealmModel realm = getRealmModel(session, event);
|
||||
logFailure(event);
|
||||
UsernameLoginFailureModel user = getUserModel(session, event);
|
||||
if (user == null) {
|
||||
user = session.sessions().addUserLoginFailure(realm, event.username.toLowerCase());
|
||||
}
|
||||
user.setLastIPFailure(event.ip);
|
||||
long currentTime = System.currentTimeMillis();
|
||||
long last = user.getLastFailure();
|
||||
long deltaTime = 0;
|
||||
if (last > 0) {
|
||||
deltaTime = currentTime - last;
|
||||
}
|
||||
user.setLastFailure(currentTime);
|
||||
if (deltaTime > 0) {
|
||||
// if last failure was more than MAX_DELTA clear failures
|
||||
if (deltaTime > (long)realm.getMaxDeltaTimeSeconds() *1000L) {
|
||||
user.clearFailures();
|
||||
UserModel user = session.users().getUserByUsername(event.username.toString(), realm);
|
||||
UsernameLoginFailureModel userLoginFailure = getUserModel(session, event);
|
||||
if (user != null) {
|
||||
if (userLoginFailure == null) {
|
||||
userLoginFailure = session.sessions().addUserLoginFailure(realm, event.username.toLowerCase());
|
||||
}
|
||||
}
|
||||
user.incrementFailures();
|
||||
logger.debugv("new num failures: {0}" , user.getNumFailures());
|
||||
userLoginFailure.setLastIPFailure(event.ip);
|
||||
long currentTime = System.currentTimeMillis();
|
||||
long last = userLoginFailure.getLastFailure();
|
||||
long deltaTime = 0;
|
||||
if (last > 0) {
|
||||
deltaTime = currentTime - last;
|
||||
}
|
||||
userLoginFailure.setLastFailure(currentTime);
|
||||
if (deltaTime > 0) {
|
||||
// if last failure was more than MAX_DELTA clear failures
|
||||
if (deltaTime > (long) realm.getMaxDeltaTimeSeconds() * 1000L) {
|
||||
userLoginFailure.clearFailures();
|
||||
}
|
||||
}
|
||||
userLoginFailure.incrementFailures();
|
||||
logger.debugv("new num failures: {0}", userLoginFailure.getNumFailures());
|
||||
|
||||
int waitSeconds = realm.getWaitIncrementSeconds() * (user.getNumFailures() / realm.getFailureFactor());
|
||||
logger.debugv("waitSeconds: {0}", waitSeconds);
|
||||
logger.debugv("deltaTime: {0}", deltaTime);
|
||||
if (waitSeconds == 0) {
|
||||
if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
|
||||
logger.debugv("quick login, set min wait seconds");
|
||||
waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
|
||||
int waitSeconds = realm.getWaitIncrementSeconds() * (userLoginFailure.getNumFailures() / realm.getFailureFactor());
|
||||
logger.debugv("waitSeconds: {0}", waitSeconds);
|
||||
logger.debugv("deltaTime: {0}", deltaTime);
|
||||
|
||||
if (waitSeconds == 0) {
|
||||
if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
|
||||
logger.debugv("quick login, set min wait seconds");
|
||||
waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
|
||||
}
|
||||
}
|
||||
if (waitSeconds > 0) {
|
||||
waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds);
|
||||
int notBefore = (int) (currentTime / 1000) + waitSeconds;
|
||||
logger.debugv("set notBefore: {0}", notBefore);
|
||||
userLoginFailure.setFailedLoginNotBefore(notBefore);
|
||||
}
|
||||
}
|
||||
if (waitSeconds > 0) {
|
||||
waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds);
|
||||
int notBefore = (int) (currentTime / 1000) + waitSeconds;
|
||||
logger.debugv("set notBefore: {0}", notBefore);
|
||||
user.setFailedLoginNotBefore(notBefore);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
protected UsernameLoginFailureModel getUserModel(KeycloakSession session, LoginEvent event) {
|
||||
RealmModel realm = getRealmModel(session, event);
|
||||
if (realm == null) return null;
|
||||
|
|
|
@ -299,7 +299,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
|||
} else if (context.getUsername() == null) {
|
||||
username = context.getIdpConfig().getAlias() + "." + context.getId();
|
||||
} else {
|
||||
username = context.getIdpConfig().getAlias() + "." + context.getUsername();
|
||||
username = context.getUsername();
|
||||
}
|
||||
}
|
||||
username = username.trim();
|
||||
|
|
|
@ -11,7 +11,7 @@ public abstract class SAMLServletWithLogout extends AbstractPageWithInjectedUrl
|
|||
|
||||
public void logout() {
|
||||
driver.navigate().to(getUriBuilder().queryParam("GLO", "true").build().toASCIIString());
|
||||
getUriBuilder().replaceQueryParam("GLO", new Object());
|
||||
getUriBuilder().replaceQueryParam("GLO", null);
|
||||
pause(300);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -116,11 +116,10 @@
|
|||
}
|
||||
|
||||
],
|
||||
"applications": [
|
||||
"clients": [
|
||||
{
|
||||
"name": "customer-portal",
|
||||
"clientId": "customer-portal",
|
||||
"enabled": true,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"adminUrl": "/customer-portal",
|
||||
"baseUrl": "/customer-portal",
|
||||
"redirectUris": [
|
||||
|
@ -129,7 +128,7 @@
|
|||
"secret": "password"
|
||||
},
|
||||
{
|
||||
"name": "customer-cookie-portal",
|
||||
"clientId": "customer-cookie-portal",
|
||||
"enabled": true,
|
||||
"baseUrl": "/customer-cookie-portal",
|
||||
"redirectUris": [
|
||||
|
@ -138,7 +137,7 @@
|
|||
"secret": "password"
|
||||
},
|
||||
{
|
||||
"name": "customer-portal-js",
|
||||
"clientId": "customer-portal-js",
|
||||
"enabled": true,
|
||||
"publicClient": true,
|
||||
"adminUrl": "/customer-portal-js",
|
||||
|
@ -148,7 +147,7 @@
|
|||
]
|
||||
},
|
||||
{
|
||||
"name": "customer-portal-cli",
|
||||
"clientId": "customer-portal-cli",
|
||||
"enabled": true,
|
||||
"publicClient": true,
|
||||
"redirectUris": [
|
||||
|
@ -157,7 +156,7 @@
|
|||
]
|
||||
},
|
||||
{
|
||||
"name": "product-portal",
|
||||
"clientId": "product-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "/product-portal",
|
||||
"baseUrl": "/product-portal",
|
||||
|
@ -167,7 +166,7 @@
|
|||
"secret": "password"
|
||||
},
|
||||
{
|
||||
"name": "secure-portal",
|
||||
"clientId": "secure-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "/secure-portal",
|
||||
"baseUrl": "/secure-portal",
|
||||
|
@ -180,7 +179,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"name": "session-portal",
|
||||
"clientId": "session-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "/session-portal",
|
||||
"baseUrl": "/session-portal",
|
||||
|
@ -190,7 +189,7 @@
|
|||
"secret": "password"
|
||||
},
|
||||
{
|
||||
"name": "input-portal",
|
||||
"clientId": "input-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "/input-portal",
|
||||
"baseUrl": "/input-portal",
|
||||
|
@ -198,11 +197,9 @@
|
|||
"/input-portal/*"
|
||||
],
|
||||
"secret": "password"
|
||||
}
|
||||
],
|
||||
"oauthClients": [
|
||||
},
|
||||
{
|
||||
"name": "third-party",
|
||||
"clientId": "third-party",
|
||||
"enabled": true,
|
||||
"redirectUris": [
|
||||
"/oauth-client/*",
|
||||
|
|
|
@ -25,24 +25,6 @@ public class CreateClientForm extends Form {
|
|||
@FindBy(id = "clientId")
|
||||
private WebElement clientIdInput;
|
||||
|
||||
@FindBy(id = "name")
|
||||
private WebElement nameInput;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='enabled']]")
|
||||
private OnOffSwitch enabledSwitch;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='consentRequired']]")
|
||||
private OnOffSwitch consentRequiredSwitch;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='standardFlowEnabled']]")
|
||||
private OnOffSwitch standardFlowEnabledSwitch;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='implicitFlowEnabled']]")
|
||||
private OnOffSwitch implicitFlowEnabledSwitch;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='directAccessGrantsEnabled']]")
|
||||
private OnOffSwitch directAccessGrantsEnabledSwitch;
|
||||
|
||||
@FindBy(id = "protocol")
|
||||
private Select protocolSelect;
|
||||
|
||||
|
@ -53,43 +35,11 @@ public class CreateClientForm extends Form {
|
|||
return samlForm;
|
||||
}
|
||||
|
||||
@FindBy(id = "accessType")
|
||||
private Select accessTypeSelect;
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='serviceAccountsEnabled']]")
|
||||
private OnOffSwitch serviceAccountsEnabledSwitch;
|
||||
|
||||
@FindBy(id = "newRedirectUri")
|
||||
private WebElement newRedirectUriInput;
|
||||
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newRedirectUri')]")
|
||||
private WebElement newRedirectUriSubmit;
|
||||
@FindBy(xpath = ".//input[@ng-model='client.redirectUris[i]']")
|
||||
private List<WebElement> redirectUriInputs;
|
||||
@FindBy(xpath = ".//i[contains(@data-ng-click, 'deleteRedirectUri')]")
|
||||
private List<WebElement> deleteRedirectUriIcons;
|
||||
|
||||
public void setValues(ClientRepresentation client) {
|
||||
waitUntilElement(clientIdInput).is().present();
|
||||
|
||||
setClientId(client.getClientId());
|
||||
setName(client.getName());
|
||||
setEnabled(client.isEnabled());
|
||||
setConsentRequired(client.isConsentRequired());
|
||||
setProtocol(client.getProtocol());
|
||||
if (OIDC.equals(client.getProtocol())) {
|
||||
setAccessType(client);
|
||||
if (!client.isBearerOnly()) {
|
||||
setStandardFlowEnabled(client.isStandardFlowEnabled());
|
||||
setDirectAccessGrantsEnabled(client.isDirectAccessGrantsEnabled());
|
||||
if (client.isPublicClient()) {
|
||||
setImplicitFlowEnabled(client.isImplicitFlowEnabled());
|
||||
} else {//confidential
|
||||
setServiceAccountsEnabled(client.isServiceAccountsEnabled());
|
||||
}
|
||||
if (client.isStandardFlowEnabled() || client.isImplicitFlowEnabled()) {
|
||||
setRedirectUris(client.getRedirectUris());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public String getClientId() {
|
||||
|
@ -100,22 +50,6 @@ public class CreateClientForm extends Form {
|
|||
setInputValue(clientIdInput, clientId);
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return getInputValue(nameInput);
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
setInputValue(nameInput, name);
|
||||
}
|
||||
|
||||
public boolean isEnabled() {
|
||||
return enabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
enabledSwitch.setOn(enabled);
|
||||
}
|
||||
|
||||
public enum OidcAccessType {
|
||||
BEARER_ONLY("bearer-only"),
|
||||
PUBLIC("public"),
|
||||
|
@ -132,77 +66,6 @@ public class CreateClientForm extends Form {
|
|||
}
|
||||
}
|
||||
|
||||
public void setAccessType(ClientRepresentation client) {
|
||||
if (client.isBearerOnly()) {
|
||||
accessTypeSelect.selectByVisibleText(BEARER_ONLY.getName());
|
||||
} else if (client.isPublicClient()) {
|
||||
accessTypeSelect.selectByVisibleText(PUBLIC.getName());
|
||||
} else {
|
||||
accessTypeSelect.selectByVisibleText(CONFIDENTIAL.getName());
|
||||
}
|
||||
}
|
||||
|
||||
public void addRedirectUri(String redirectUri) {
|
||||
newRedirectUriInput.sendKeys(redirectUri);
|
||||
newRedirectUriSubmit.click();
|
||||
}
|
||||
|
||||
public List<String> getRedirectUris() {
|
||||
List<String> values = new ArrayList<>();
|
||||
for (WebElement input : redirectUriInputs) {
|
||||
values.add(getInputValue(input));
|
||||
}
|
||||
return values;
|
||||
}
|
||||
|
||||
public void setRedirectUris(List<String> redirectUris) {
|
||||
Timer.time();
|
||||
while (!deleteRedirectUriIcons.isEmpty()) {
|
||||
deleteRedirectUriIcons.get(0).click();
|
||||
pause(100);
|
||||
}
|
||||
Timer.time("deleteRedirectUris");
|
||||
if (redirectUris != null) {
|
||||
for (String redirectUri : redirectUris) {
|
||||
addRedirectUri(redirectUri);
|
||||
pause(100);
|
||||
}
|
||||
}
|
||||
Timer.time("addRedirectUris");
|
||||
}
|
||||
|
||||
public boolean isConsentRequired() {
|
||||
return consentRequiredSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setConsentRequired(boolean consentRequired) {
|
||||
consentRequiredSwitch.setOn(consentRequired);
|
||||
}
|
||||
|
||||
public boolean isStandardFlowEnabled() {
|
||||
return standardFlowEnabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setStandardFlowEnabled(boolean standardFlowEnabled) {
|
||||
standardFlowEnabledSwitch.setOn(standardFlowEnabled);
|
||||
}
|
||||
|
||||
public boolean isImplicitFlowEnabled() {
|
||||
return implicitFlowEnabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setImplicitFlowEnabled(boolean implicitFlowEnabled) {
|
||||
implicitFlowEnabledSwitch.setOn(implicitFlowEnabled);
|
||||
}
|
||||
|
||||
public boolean isDirectAccessGrantsEnabled() {
|
||||
return directAccessGrantsEnabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled) {
|
||||
directAccessGrantsEnabledSwitch.setOn(directAccessGrantsEnabled);
|
||||
}
|
||||
|
||||
public String getProtocol() {
|
||||
waitUntilElement(protocolSelect.getFirstSelectedOption()).is().present();
|
||||
return protocolSelect.getFirstSelectedOption().getText();
|
||||
|
@ -214,14 +77,6 @@ public class CreateClientForm extends Form {
|
|||
Timer.time("clientSettings.setProtocol()");
|
||||
}
|
||||
|
||||
public boolean isServiceAccountsEnabled() {
|
||||
return serviceAccountsEnabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setServiceAccountsEnabled(boolean serviceAccountsEnabled) {
|
||||
serviceAccountsEnabledSwitch.setOn(serviceAccountsEnabled);
|
||||
}
|
||||
|
||||
public class SAMLClientSettingsForm extends Form {
|
||||
|
||||
public static final String SAML_ASSERTION_SIGNATURE = "saml.assertion.signature";
|
||||
|
|
|
@ -2,14 +2,19 @@ package org.keycloak.testsuite.console.page.clients.settings;
|
|||
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
|
||||
import org.keycloak.testsuite.util.Timer;
|
||||
import org.openqa.selenium.WebElement;
|
||||
import org.openqa.selenium.support.FindBy;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import org.keycloak.testsuite.console.page.clients.CreateClientForm;
|
||||
import org.openqa.selenium.support.ui.Select;
|
||||
|
||||
import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
|
||||
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.BEARER_ONLY;
|
||||
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.CONFIDENTIAL;
|
||||
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.PUBLIC;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.pause;
|
||||
|
||||
/**
|
||||
|
@ -17,11 +22,43 @@ import static org.keycloak.testsuite.util.WaitUtils.pause;
|
|||
*/
|
||||
public class ClientSettingsForm extends CreateClientForm {
|
||||
|
||||
@FindBy(id = "name")
|
||||
private WebElement nameInput;
|
||||
|
||||
@FindBy(id = "baseUrl")
|
||||
private WebElement baseUrlInput;
|
||||
@FindBy(id = "adminUrl")
|
||||
private WebElement adminUrlInput;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='enabled']]")
|
||||
private OnOffSwitch enabledSwitch;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='consentRequired']]")
|
||||
private OnOffSwitch consentRequiredSwitch;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='standardFlowEnabled']]")
|
||||
private OnOffSwitch standardFlowEnabledSwitch;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='implicitFlowEnabled']]")
|
||||
private OnOffSwitch implicitFlowEnabledSwitch;
|
||||
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='directAccessGrantsEnabled']]")
|
||||
private OnOffSwitch directAccessGrantsEnabledSwitch;
|
||||
|
||||
@FindBy(id = "accessType")
|
||||
private Select accessTypeSelect;
|
||||
@FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='serviceAccountsEnabled']]")
|
||||
private OnOffSwitch serviceAccountsEnabledSwitch;
|
||||
|
||||
@FindBy(id = "newRedirectUri")
|
||||
private WebElement newRedirectUriInput;
|
||||
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newRedirectUri')]")
|
||||
private WebElement newRedirectUriSubmit;
|
||||
@FindBy(xpath = ".//input[@ng-model='client.redirectUris[i]']")
|
||||
private List<WebElement> redirectUriInputs;
|
||||
@FindBy(xpath = ".//i[contains(@data-ng-click, 'deleteRedirectUri')]")
|
||||
private List<WebElement> deleteRedirectUriIcons;
|
||||
|
||||
@FindBy(id = "newWebOrigin")
|
||||
private WebElement newWebOriginInput;
|
||||
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newWebOrigin')]")
|
||||
|
@ -79,16 +116,122 @@ public class ClientSettingsForm extends CreateClientForm {
|
|||
@Override
|
||||
public void setValues(ClientRepresentation client) {
|
||||
super.setValues(client);
|
||||
setName(client.getName());
|
||||
setEnabled(client.isEnabled());
|
||||
setConsentRequired(client.isConsentRequired());
|
||||
setBaseUrl(client.getBaseUrl());
|
||||
if (OIDC.equals(client.getProtocol())) {
|
||||
setAccessType(client);
|
||||
if (!client.isBearerOnly()) {
|
||||
setStandardFlowEnabled(client.isStandardFlowEnabled());
|
||||
setDirectAccessGrantsEnabled(client.isDirectAccessGrantsEnabled());
|
||||
if (client.isPublicClient()) {
|
||||
setImplicitFlowEnabled(client.isImplicitFlowEnabled());
|
||||
} else {//confidential
|
||||
setServiceAccountsEnabled(client.isServiceAccountsEnabled());
|
||||
}
|
||||
if (client.isStandardFlowEnabled() || client.isImplicitFlowEnabled()) {
|
||||
setRedirectUris(client.getRedirectUris());
|
||||
}
|
||||
}
|
||||
setAdminUrl(client.getAdminUrl());
|
||||
setWebOrigins(client.getWebOrigins());
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setConsentRequired(boolean value) {
|
||||
consentRequired.setOn(value);
|
||||
public String getName() {
|
||||
return getInputValue(nameInput);
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
setInputValue(nameInput, name);
|
||||
}
|
||||
|
||||
public boolean isEnabled() {
|
||||
return enabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
enabledSwitch.setOn(enabled);
|
||||
}
|
||||
|
||||
public boolean isConsentRequired() {
|
||||
return consentRequiredSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setConsentRequired(boolean consentRequired) {
|
||||
consentRequiredSwitch.setOn(consentRequired);
|
||||
}
|
||||
|
||||
public void setAccessType(ClientRepresentation client) {
|
||||
if (client.isBearerOnly()) {
|
||||
accessTypeSelect.selectByVisibleText(BEARER_ONLY.getName());
|
||||
} else if (client.isPublicClient()) {
|
||||
accessTypeSelect.selectByVisibleText(PUBLIC.getName());
|
||||
} else {
|
||||
accessTypeSelect.selectByVisibleText(CONFIDENTIAL.getName());
|
||||
}
|
||||
}
|
||||
|
||||
public void addRedirectUri(String redirectUri) {
|
||||
newRedirectUriInput.sendKeys(redirectUri);
|
||||
newRedirectUriSubmit.click();
|
||||
}
|
||||
|
||||
public List<String> getRedirectUris() {
|
||||
List<String> values = new ArrayList<>();
|
||||
for (WebElement input : redirectUriInputs) {
|
||||
values.add(getInputValue(input));
|
||||
}
|
||||
return values;
|
||||
}
|
||||
|
||||
public void setRedirectUris(List<String> redirectUris) {
|
||||
Timer.time();
|
||||
while (!deleteRedirectUriIcons.isEmpty()) {
|
||||
deleteRedirectUriIcons.get(0).click();
|
||||
pause(100);
|
||||
}
|
||||
Timer.time("deleteRedirectUris");
|
||||
if (redirectUris != null) {
|
||||
for (String redirectUri : redirectUris) {
|
||||
addRedirectUri(redirectUri);
|
||||
pause(100);
|
||||
}
|
||||
}
|
||||
Timer.time("addRedirectUris");
|
||||
}
|
||||
|
||||
public boolean isStandardFlowEnabled() {
|
||||
return standardFlowEnabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setStandardFlowEnabled(boolean standardFlowEnabled) {
|
||||
standardFlowEnabledSwitch.setOn(standardFlowEnabled);
|
||||
}
|
||||
|
||||
public boolean isImplicitFlowEnabled() {
|
||||
return implicitFlowEnabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setImplicitFlowEnabled(boolean implicitFlowEnabled) {
|
||||
implicitFlowEnabledSwitch.setOn(implicitFlowEnabled);
|
||||
}
|
||||
|
||||
public boolean isDirectAccessGrantsEnabled() {
|
||||
return directAccessGrantsEnabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled) {
|
||||
directAccessGrantsEnabledSwitch.setOn(directAccessGrantsEnabled);
|
||||
}
|
||||
|
||||
public boolean isServiceAccountsEnabled() {
|
||||
return serviceAccountsEnabledSwitch.isOn();
|
||||
}
|
||||
|
||||
public void setServiceAccountsEnabled(boolean serviceAccountsEnabled) {
|
||||
serviceAccountsEnabledSwitch.setOn(serviceAccountsEnabled);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -17,6 +17,10 @@ import org.keycloak.testsuite.console.page.clients.Client;
|
|||
import org.keycloak.testsuite.console.page.clients.Clients;
|
||||
import org.keycloak.testsuite.console.page.clients.CreateClient;
|
||||
import org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType;
|
||||
import org.keycloak.testsuite.console.page.clients.settings.ClientSettings;
|
||||
import org.keycloak.testsuite.util.WaitUtils;
|
||||
import org.openqa.selenium.By;
|
||||
|
||||
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.*;
|
||||
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_POST;
|
||||
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_REDIRECT;
|
||||
|
@ -53,6 +57,8 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
|
|||
protected Client clientPage; // note: cannot call navigateTo() unless client id is set
|
||||
@Page
|
||||
protected CreateClient createClientPage;
|
||||
@Page
|
||||
protected ClientSettings clientSettingsPage;
|
||||
|
||||
@Before
|
||||
public void beforeClientTest() {
|
||||
|
@ -61,13 +67,17 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
|
|||
}
|
||||
|
||||
public void createClient(ClientRepresentation client) {
|
||||
WaitUtils.waitUntilElement(By.tagName("body"));
|
||||
assertCurrentUrlEquals(clientsPage);
|
||||
clientsPage.table().createClient();
|
||||
createClientPage.form().setValues(client);
|
||||
createClientPage.form().save();
|
||||
|
||||
clientSettingsPage.form().setValues(client);
|
||||
if (SAML.equals(client.getProtocol())) {
|
||||
createClientPage.form().samlForm().setValues(client);
|
||||
}
|
||||
createClientPage.form().save();
|
||||
clientSettingsPage.form().save();
|
||||
}
|
||||
|
||||
private static ClientRepresentation createClientRep(String clientId) {
|
||||
|
@ -149,21 +159,25 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
|
|||
assertEqualsStringAttributes(c1.getClientId(), c2.getClientId());
|
||||
assertEqualsStringAttributes(c1.getName(), c2.getName());
|
||||
assertEqualsBooleanAttributes(c1.isEnabled(), c2.isEnabled());
|
||||
assertEqualsBooleanAttributes(c1.isConsentRequired(), c2.isConsentRequired());
|
||||
assertEqualsBooleanAttributes(c1.isDirectAccessGrantsEnabled(), c2.isDirectAccessGrantsEnabled());
|
||||
assertEqualsStringAttributes(c1.getProtocol(), c2.getProtocol());
|
||||
|
||||
assertEqualsBooleanAttributes(c1.isBearerOnly(), c2.isBearerOnly());
|
||||
assertEqualsBooleanAttributes(c1.isPublicClient(), c2.isPublicClient());
|
||||
assertEqualsBooleanAttributes(c1.isSurrogateAuthRequired(), c2.isSurrogateAuthRequired());
|
||||
|
||||
assertEqualsBooleanAttributes(c1.isFrontchannelLogout(), c2.isFrontchannelLogout());
|
||||
|
||||
assertEqualsBooleanAttributes(c1.isServiceAccountsEnabled(), c2.isServiceAccountsEnabled());
|
||||
assertEqualsListAttributes(c1.getRedirectUris(), c2.getRedirectUris());
|
||||
assertEqualsStringAttributes(c1.getBaseUrl(), c2.getBaseUrl());
|
||||
assertEqualsStringAttributes(c1.getAdminUrl(), c2.getAdminUrl());
|
||||
assertEqualsListAttributes(c1.getWebOrigins(), c2.getWebOrigins());
|
||||
assertEqualsBooleanAttributes(c1.isConsentRequired(), c2.isConsentRequired());
|
||||
assertEqualsStringAttributes(c1.getProtocol(), c2.getProtocol());
|
||||
assertEqualsListAttributes(c1.getRedirectUris(), c2.getRedirectUris());
|
||||
|
||||
if (c1.getProtocol().equals(OIDC)) {
|
||||
assertEqualsBooleanAttributes(c1.isBearerOnly(), c2.isBearerOnly());
|
||||
if (!c1.isBearerOnly()) {
|
||||
assertEqualsBooleanAttributes(c1.isDirectAccessGrantsEnabled(), c2.isDirectAccessGrantsEnabled());
|
||||
assertEqualsBooleanAttributes(c1.isPublicClient(), c2.isPublicClient());
|
||||
assertEqualsListAttributes(c1.getWebOrigins(), c2.getWebOrigins());
|
||||
assertEqualsStringAttributes(c1.getAdminUrl(), c2.getAdminUrl());
|
||||
}
|
||||
assertEqualsBooleanAttributes(c1.isSurrogateAuthRequired(), c2.isSurrogateAuthRequired());
|
||||
assertEqualsBooleanAttributes(c1.isServiceAccountsEnabled(), c2.isServiceAccountsEnabled());
|
||||
}
|
||||
else if (c1.getProtocol().equals(SAML)) {
|
||||
assertEqualsBooleanAttributes(c1.isFrontchannelLogout(), c2.isFrontchannelLogout());
|
||||
}
|
||||
}
|
||||
|
||||
public void assertClientSamlAttributes(Map<String, String> expected, Map<String, String> actual) {
|
||||
|
|
|
@ -35,6 +35,7 @@ import org.keycloak.testsuite.util.Timer;
|
|||
*
|
||||
* @author Filip Kiss
|
||||
* @author tkyjovsk
|
||||
* @author Vaclav Muzikar <vmuzikar@redhat.com>
|
||||
*/
|
||||
public class ClientSettingsTest extends AbstractClientTest {
|
||||
|
||||
|
@ -49,7 +50,7 @@ public class ClientSettingsTest extends AbstractClientTest {
|
|||
createClient(newClient);
|
||||
assertAlertSuccess();
|
||||
|
||||
setExpectedWebOrigins(newClient);
|
||||
//setExpectedWebOrigins(newClient);
|
||||
|
||||
// read & verify
|
||||
ClientRepresentation found = findClientByClientId(newClient.getClientId());
|
||||
|
@ -96,7 +97,7 @@ public class ClientSettingsTest extends AbstractClientTest {
|
|||
createClient(newClient);
|
||||
assertAlertSuccess();
|
||||
|
||||
setExpectedWebOrigins(newClient);
|
||||
//setExpectedWebOrigins(newClient);
|
||||
|
||||
ClientRepresentation found = findClientByClientId(newClient.getClientId());
|
||||
assertNotNull("Client " + newClient.getClientId() + " was not found.", found);
|
||||
|
@ -144,10 +145,6 @@ public class ClientSettingsTest extends AbstractClientTest {
|
|||
clientsPage.table().createClient();
|
||||
createClientPage.form().save();
|
||||
assertAlertDanger();
|
||||
|
||||
createClientPage.form().setClientId("test-client");
|
||||
createClientPage.form().save();
|
||||
assertAlertDanger();
|
||||
}
|
||||
|
||||
// @Test
|
||||
|
@ -182,4 +179,14 @@ public class ClientSettingsTest extends AbstractClientTest {
|
|||
clientsPage.navigateTo();
|
||||
pause(120000);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void disabledClient() {
|
||||
newClient = createOidcClientRep(CONFIDENTIAL, "disabled-client");
|
||||
newClient.setEnabled(false);
|
||||
createClient(newClient);
|
||||
|
||||
ClientRepresentation clientRepre = findClientByClientId("disabled-client");
|
||||
assertTrue("Client should be disabled", clientRepre.isEnabled());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -155,7 +155,7 @@ public abstract class AbstractIdentityProviderTest {
|
|||
FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
|
||||
|
||||
assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
|
||||
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName());
|
||||
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
|
||||
|
||||
driver.navigate().to("http://localhost:8081/test-app/logout");
|
||||
driver.navigate().to("http://localhost:8081/test-app");
|
||||
|
|
|
@ -138,7 +138,7 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent
|
|||
FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
|
||||
|
||||
assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
|
||||
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName());
|
||||
assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
|
||||
|
||||
driver.navigate().to("http://localhost:8081/test-app/logout");
|
||||
driver.navigate().to("http://localhost:8081/test-app");
|
||||
|
@ -485,7 +485,7 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent
|
|||
System.out.println("after logout currentUrl: " + currentUrl);
|
||||
assertTrue(currentUrl.startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||
|
||||
unconfigureUserRetrieveToken(getProviderId() + ".test-user");
|
||||
unconfigureUserRetrieveToken("test-user");
|
||||
loginIDP("test-user");
|
||||
//authenticateWithIdentityProvider(identityProviderModel, "test-user");
|
||||
assertEquals("http://localhost:8081/test-app", driver.getCurrentUrl());
|
||||
|
|
|
@ -122,7 +122,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
|
|||
String totpSecret = totpPage.getTotpSecret();
|
||||
totpPage.configure(totp.generateTOTP(totpSecret));
|
||||
|
||||
assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId());
|
||||
assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
|
||||
|
||||
driver.navigate().to("http://localhost:8081/test-app/logout");
|
||||
|
||||
|
@ -131,7 +131,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
|
|||
loginTotpPage.assertCurrent();
|
||||
loginTotpPage.login(totp.generateTOTP(totpSecret));
|
||||
|
||||
assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId());
|
||||
assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
|
||||
|
||||
driver.navigate().to("http://localhost:8081/test-app/logout");
|
||||
|
||||
|
@ -141,7 +141,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
|
|||
this.session = brokerServerRule.startSession();
|
||||
|
||||
loginIDP("test-user");
|
||||
assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId());
|
||||
assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
|
||||
driver.navigate().to("http://localhost:8081/test-app/logout");
|
||||
}
|
||||
|
||||
|
@ -248,7 +248,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
|
|||
|
||||
// assert reauthentication with login page. On login page is link to kc-saml-idp-basic as user has it linked already
|
||||
Assert.assertEquals("Log in to " + APP_REALM_ID, this.driver.getTitle());
|
||||
Assert.assertEquals("Authenticate as kc-saml-idp-basic.test-user to link your account with " + getProviderId(), this.loginPage.getSuccessMessage());
|
||||
Assert.assertEquals("Authenticate as test-user to link your account with " + getProviderId(), this.loginPage.getSuccessMessage());
|
||||
|
||||
// reauthenticate with SAML broker. OTP authentication is required as well
|
||||
this.loginPage.clickSocial("kc-saml-idp-basic");
|
||||
|
@ -267,7 +267,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
|
|||
}
|
||||
|
||||
// authenticated and redirected to app. User is linked with both identity providers
|
||||
assertFederatedUser("kc-saml-idp-basic.test-user", "test-user@localhost", "test-user", getProviderId(), "kc-saml-idp-basic");
|
||||
assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId(), "kc-saml-idp-basic");
|
||||
}
|
||||
|
||||
private void setPostBrokerFlowForProvider(IdentityProviderModel identityProvider, RealmModel realm, boolean enable) {
|
||||
|
|
|
@ -68,7 +68,7 @@ public class AdminEventStoreProviderTest {
|
|||
Assert.assertEquals(1, eventStore.createAdminQuery().authUser("userId").operation(OperationType.ACTION).getResultList().size());
|
||||
|
||||
Assert.assertEquals(2, eventStore.createAdminQuery().maxResults(2).getResultList().size());
|
||||
Assert.assertEquals(1, eventStore.createAdminQuery().firstResult(5).getResultList().size());
|
||||
Assert.assertEquals(1, eventStore.createAdminQuery().firstResult(5).maxResults(5).getResultList().size());
|
||||
|
||||
Assert.assertEquals(newest, eventStore.createAdminQuery().maxResults(1).getResultList().get(0).getTime());
|
||||
Assert.assertEquals(oldest, eventStore.createAdminQuery().firstResult(5).maxResults(1).getResultList().get(0).getTime());
|
||||
|
|
|
@ -41,6 +41,7 @@ import org.keycloak.testsuite.pages.AppPage;
|
|||
import org.keycloak.testsuite.pages.AppPage.RequestType;
|
||||
import org.keycloak.testsuite.pages.LoginPage;
|
||||
import org.keycloak.testsuite.pages.LoginTotpPage;
|
||||
import org.keycloak.testsuite.pages.RegisterPage;
|
||||
import org.keycloak.testsuite.rule.GreenMailRule;
|
||||
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||
import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
|
||||
|
@ -101,13 +102,15 @@ public class BruteForceTest {
|
|||
@WebResource
|
||||
protected LoginPage loginPage;
|
||||
|
||||
@WebResource
|
||||
private RegisterPage registerPage;
|
||||
|
||||
@WebResource
|
||||
protected LoginTotpPage loginTotpPage;
|
||||
|
||||
@WebResource
|
||||
protected OAuthClient oauth;
|
||||
|
||||
|
||||
private TimeBasedOTP totp = new TimeBasedOTP();
|
||||
|
||||
private int lifespan;
|
||||
|
@ -340,6 +343,17 @@ public class BruteForceTest {
|
|||
loginSuccess();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNonExistingAccounts() throws Exception {
|
||||
|
||||
loginInvalidPassword("non-existent-user");
|
||||
loginInvalidPassword("non-existent-user");
|
||||
loginInvalidPassword("non-existent-user");
|
||||
|
||||
registerUser("non-existent-user");
|
||||
|
||||
}
|
||||
|
||||
public void expectTemporarilyDisabled() throws Exception {
|
||||
expectTemporarilyDisabled("test-user@localhost");
|
||||
}
|
||||
|
@ -430,4 +444,16 @@ public class BruteForceTest {
|
|||
events.clear();
|
||||
}
|
||||
|
||||
public void registerUser(String username){
|
||||
loginPage.open();
|
||||
loginPage.clickRegister();
|
||||
registerPage.assertCurrent();
|
||||
|
||||
registerPage.register("user", "name", username + "@localhost", username, "password", "password");
|
||||
|
||||
Assert.assertNull(registerPage.getInstruction());
|
||||
|
||||
events.clear();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -57,6 +57,10 @@ public class RegisterPage extends AbstractPage {
|
|||
@FindBy(className = "alert-error")
|
||||
private WebElement loginErrorMessage;
|
||||
|
||||
@FindBy(className = "instruction")
|
||||
private WebElement loginInstructionMessage;
|
||||
|
||||
|
||||
public void register(String firstName, String lastName, String email, String username, String password, String passwordConfirm) {
|
||||
firstNameInput.clear();
|
||||
if (firstName != null) {
|
||||
|
@ -131,6 +135,15 @@ public class RegisterPage extends AbstractPage {
|
|||
return loginErrorMessage != null ? loginErrorMessage.getText() : null;
|
||||
}
|
||||
|
||||
public String getInstruction() {
|
||||
try {
|
||||
return loginInstructionMessage != null ? loginInstructionMessage.getText() : null;
|
||||
} catch (NoSuchElementException e){
|
||||
// OK
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public String getFirstName() {
|
||||
return firstNameInput.getAttribute("value");
|
||||
}
|
||||
|
|
2
themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
Executable file → Normal file
2
themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
Executable file → Normal file
|
@ -538,8 +538,10 @@ composite.associated-roles.tooltip=Realm level roles associated with this compos
|
|||
composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role.
|
||||
composite.associated-roles-client.tooltip=Client roles associated with this composite role.
|
||||
partial-import=Partial Import
|
||||
partial-import.tooltip=Partial import allows you to import users, clients, and other resources from a previously exported json file.
|
||||
|
||||
file=File
|
||||
exported-json-file=Exported json file
|
||||
import-from-realm=Import from realm
|
||||
import-users=Import users
|
||||
import-clients=Import clients
|
||||
|
|
|
@ -1,11 +1,14 @@
|
|||
<div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
|
||||
|
||||
<h1>{{:: 'partial-import' | translate}}</h1>
|
||||
<h1>
|
||||
<span>{{:: 'partial-import' | translate}}</span>
|
||||
<kc-tooltip>{{:: 'partial-import.tooltip' | translate}}</kc-tooltip>
|
||||
</h1>
|
||||
|
||||
<form class="form-horizontal" name="partialImportForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label for="name" class="col-sm-2 control-label">{{:: 'file' | translate}}</label>
|
||||
<label for="name" class="col-sm-2 control-label">{{:: 'exported-json-file' | translate}}</label>
|
||||
|
||||
<div class="col-md-6" data-ng-hide="importing">
|
||||
<label for="import-file" class="btn btn-default">{{:: 'select-file'| translate}} <i class="pficon pficon-import"></i></label>
|
||||
|
|
Loading…
Reference in a new issue