Merge pull request #1078 from mposolda/master
Fix databases, mongo, infinispan and active directory
This commit is contained in:
commit
8d69ef95f5
13 changed files with 121 additions and 32 deletions
|
@ -87,10 +87,13 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
|
||||||
|
|
||||||
boolean clustered = config.getBoolean("clustered", false);
|
boolean clustered = config.getBoolean("clustered", false);
|
||||||
boolean async = config.getBoolean("async", true);
|
boolean async = config.getBoolean("async", true);
|
||||||
|
boolean allowDuplicateJMXDomains = config.getBoolean("allowDuplicateJMXDomains", true);
|
||||||
|
|
||||||
if (clustered) {
|
if (clustered) {
|
||||||
gcb.transport().defaultTransport();
|
gcb.transport().defaultTransport();
|
||||||
}
|
}
|
||||||
|
gcb.globalJmxStatistics().allowDuplicateDomains(allowDuplicateJMXDomains);
|
||||||
|
|
||||||
cacheManager = new DefaultCacheManager(gcb.build());
|
cacheManager = new DefaultCacheManager(gcb.build());
|
||||||
containerManaged = false;
|
containerManaged = false;
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,11 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
||||||
<changeSet author="psilva@redhat.com" id="1.2.0.Beta1">
|
<changeSet author="psilva@redhat.com" id="1.2.0.Beta1">
|
||||||
|
<delete tableName="CLIENT_SESSION_ROLE"/>
|
||||||
|
<delete tableName="CLIENT_SESSION_NOTE"/>
|
||||||
|
<delete tableName="CLIENT_SESSION"/>
|
||||||
|
<delete tableName="USER_SESSION"/>
|
||||||
|
|
||||||
<createTable tableName="PROTOCOL_MAPPER">
|
<createTable tableName="PROTOCOL_MAPPER">
|
||||||
<column name="ID" type="VARCHAR(36)">
|
<column name="ID" type="VARCHAR(36)">
|
||||||
<constraints nullable="false"/>
|
<constraints nullable="false"/>
|
||||||
|
@ -14,8 +19,12 @@
|
||||||
<column name="PROTOCOL_MAPPER_NAME" type="VARCHAR(255)">
|
<column name="PROTOCOL_MAPPER_NAME" type="VARCHAR(255)">
|
||||||
<constraints nullable="false"/>
|
<constraints nullable="false"/>
|
||||||
</column>
|
</column>
|
||||||
<column name="APPLIED_BY_DEFAULT" type="BOOLEAN" defaultValueBoolean="false"/>
|
<column name="APPLIED_BY_DEFAULT" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false"/>
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
|
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
<column name="CONSENT_TEXT" type="VARCHAR(255)"/>
|
<column name="CONSENT_TEXT" type="VARCHAR(255)"/>
|
||||||
<column name="CLIENT_ID" type="VARCHAR(36)">
|
<column name="CLIENT_ID" type="VARCHAR(36)">
|
||||||
<constraints nullable="false"/>
|
<constraints nullable="false"/>
|
||||||
|
@ -46,12 +55,20 @@
|
||||||
<column name="INTERNAL_ID" type="VARCHAR(36)">
|
<column name="INTERNAL_ID" type="VARCHAR(36)">
|
||||||
<constraints nullable="false"/>
|
<constraints nullable="false"/>
|
||||||
</column>
|
</column>
|
||||||
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false"/>
|
<column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
<column name="PROVIDER_ALIAS" type="VARCHAR(255)"/>
|
<column name="PROVIDER_ALIAS" type="VARCHAR(255)"/>
|
||||||
<column name="PROVIDER_ID" type="VARCHAR(255)"/>
|
<column name="PROVIDER_ID" type="VARCHAR(255)"/>
|
||||||
<column name="UPDATE_PROFILE_FIRST_LOGIN" type="BOOLEAN" defaultValueBoolean="false"/>
|
<column name="UPDATE_PROFILE_FIRST_LOGIN" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
<column name="STORE_TOKEN" type="BOOLEAN" defaultValueBoolean="false"/>
|
<constraints nullable="false"/>
|
||||||
<column name="AUTHENTICATE_BY_DEFAULT" type="BOOLEAN" defaultValueBoolean="false"/>
|
</column>
|
||||||
|
<column name="STORE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
|
<column name="AUTHENTICATE_BY_DEFAULT" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
<column name="REALM_ID" type="VARCHAR(36)"/>
|
<column name="REALM_ID" type="VARCHAR(36)"/>
|
||||||
</createTable>
|
</createTable>
|
||||||
<createTable tableName="IDENTITY_PROVIDER_CONFIG">
|
<createTable tableName="IDENTITY_PROVIDER_CONFIG">
|
||||||
|
@ -63,14 +80,16 @@
|
||||||
<constraints nullable="false"/>
|
<constraints nullable="false"/>
|
||||||
</column>
|
</column>
|
||||||
</createTable>
|
</createTable>
|
||||||
<createTable tableName="CLIENT_IDENTITY_PROVIDER_MAPPING">
|
<createTable tableName="CLIENT_IDENTITY_PROV_MAPPING">
|
||||||
<column name="CLIENT_ID" type="VARCHAR(36)">
|
<column name="CLIENT_ID" type="VARCHAR(36)">
|
||||||
<constraints nullable="false"/>
|
<constraints nullable="false"/>
|
||||||
</column>
|
</column>
|
||||||
<column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
|
<column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
|
||||||
<constraints nullable="false"/>
|
<constraints nullable="false"/>
|
||||||
</column>
|
</column>
|
||||||
<column name="RETRIEVE_TOKEN" type="BOOLEAN" defaultValueBoolean="false"/>
|
<column name="RETRIEVE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
</createTable>
|
</createTable>
|
||||||
<createTable tableName="REALM_SUPPORTED_LOCALES">
|
<createTable tableName="REALM_SUPPORTED_LOCALES">
|
||||||
<column name="REALM_ID" type="VARCHAR(36)">
|
<column name="REALM_ID" type="VARCHAR(36)">
|
||||||
|
@ -78,30 +97,49 @@
|
||||||
</column>
|
</column>
|
||||||
<column name="VALUE" type="VARCHAR(255)"/>
|
<column name="VALUE" type="VARCHAR(255)"/>
|
||||||
</createTable>
|
</createTable>
|
||||||
|
<createTable tableName="USER_SESSION_NOTE">
|
||||||
|
<column name="USER_SESSION" type="VARCHAR(36)">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
|
<column name="NAME" type="VARCHAR(255)">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
|
<column name="VALUE" type="VARCHAR(2048)"/>
|
||||||
|
</createTable>
|
||||||
<addColumn tableName="CLIENT">
|
<addColumn tableName="CLIENT">
|
||||||
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false"/>
|
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
|
</addColumn>
|
||||||
|
<addColumn tableName="USER_SESSION">
|
||||||
|
<column name="USER_SESSION_STATE" type="INT" />
|
||||||
</addColumn>
|
</addColumn>
|
||||||
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_PCM" tableName="PROTOCOL_MAPPER"/>
|
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_PCM" tableName="PROTOCOL_MAPPER"/>
|
||||||
<addPrimaryKey columnNames="INTERNAL_ID" constraintName="CONSTRAINT_2B" tableName="IDENTITY_PROVIDER"/>
|
<addPrimaryKey columnNames="INTERNAL_ID" constraintName="CONSTRAINT_2B" tableName="IDENTITY_PROVIDER"/>
|
||||||
<addPrimaryKey columnNames="IDENTITY_PROVIDER, USER_ID" constraintName="CONSTRAINT_40" tableName="FEDERATED_IDENTITY"/>
|
<addPrimaryKey columnNames="IDENTITY_PROVIDER, USER_ID" constraintName="CONSTRAINT_40" tableName="FEDERATED_IDENTITY"/>
|
||||||
<addPrimaryKey columnNames="IDENTITY_PROVIDER_ID, NAME" constraintName="CONSTRAINT_D" tableName="IDENTITY_PROVIDER_CONFIG"/>
|
<addPrimaryKey columnNames="IDENTITY_PROVIDER_ID, NAME" constraintName="CONSTRAINT_D" tableName="IDENTITY_PROVIDER_CONFIG"/>
|
||||||
<addPrimaryKey columnNames="PROTOCOL_MAPPER_ID, NAME" constraintName="CONSTRAINT_PMConfig" tableName="PROTOCOL_MAPPER_CONFIG"/>
|
<addPrimaryKey columnNames="PROTOCOL_MAPPER_ID, NAME" constraintName="CONSTRAINT_PMConfig" tableName="PROTOCOL_MAPPER_CONFIG"/>
|
||||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER" constraintName="FK2B4EBC52AE5C3B34" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ID" referencedTableName="REALM"/>
|
<addPrimaryKey columnNames="USER_SESSION, NAME" constraintName="CONSTRAINT_USN_PK" tableName="USER_SESSION_NOTE"/>
|
||||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_PCM_REALM" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER" constraintName="FK2B4EBC52AE5C3B34" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||||
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="FEDERATED_IDENTITY" constraintName="FK404288B92EF007A6" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
|
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_PCM_REALM" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||||
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="IDENTITY_PROVIDER_CONFIG" constraintName="FKDC4897CF864C4E43" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
|
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="FEDERATED_IDENTITY" constraintName="FK404288B92EF007A6" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
|
||||||
<addForeignKeyConstraint baseColumnNames="PROTOCOL_MAPPER_ID" baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMConfig" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ID" referencedTableName="PROTOCOL_MAPPER"/>
|
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="IDENTITY_PROVIDER_CONFIG" constraintName="FKDC4897CF864C4E43" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
|
||||||
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="CLIENT_IDENTITY_PROVIDER_MAPPING" constraintName="FK_7CELWNIBJI49AVXSRTUF6XJ12" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
|
<addForeignKeyConstraint baseColumnNames="PROTOCOL_MAPPER_ID" baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMConfig" referencedColumnNames="ID" referencedTableName="PROTOCOL_MAPPER"/>
|
||||||
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_IDENTITY_PROVIDER_MAPPING" constraintName="FK_56ELWNIBJI49AVXSRTUF6XJ23" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_7CELWNIBJI49AVXSRTUF6XJ12" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
|
||||||
|
<addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_56ELWNIBJI49AVXSRTUF6XJ23" referencedColumnNames="ID" referencedTableName="CLIENT"/>
|
||||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SUPPORTED_LOCALES" constraintName="FK_SUPPORTED_LOCALES_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
|
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SUPPORTED_LOCALES" constraintName="FK_SUPPORTED_LOCALES_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||||
|
<addForeignKeyConstraint baseColumnNames="USER_SESSION" baseTableName="USER_SESSION_NOTE" constraintName="FK5EDFB00FF51D3472" referencedColumnNames="ID" referencedTableName="USER_SESSION"/>
|
||||||
<addUniqueConstraint columnNames="PROVIDER_ALIAS, REALM_ID" constraintName="UK_2DAELWNIBJI49AVXSRTUF6XJ33" tableName="IDENTITY_PROVIDER"/>
|
<addUniqueConstraint columnNames="PROVIDER_ALIAS, REALM_ID" constraintName="UK_2DAELWNIBJI49AVXSRTUF6XJ33" tableName="IDENTITY_PROVIDER"/>
|
||||||
<addUniqueConstraint columnNames="IDENTITY_PROVIDER_ID,CLIENT_ID" constraintName="UK_7CAELWNIBJI49AVXSRTUF6XJ12" tableName="CLIENT_IDENTITY_PROVIDER_MAPPING"/>
|
<addUniqueConstraint columnNames="IDENTITY_PROVIDER_ID,CLIENT_ID" constraintName="UK_7CAELWNIBJI49AVXSRTUF6XJ12" tableName="CLIENT_IDENTITY_PROV_MAPPING"/>
|
||||||
|
|
||||||
<addColumn tableName="REALM">
|
<addColumn tableName="REALM">
|
||||||
<column name="LOGIN_LIFESPAN" type="INT"/>
|
<column name="LOGIN_LIFESPAN" type="INT"/>
|
||||||
<column name="INTERNATIONALIZATION_ENABLED" type="BOOLEAN" defaultValueBoolean="false"/>
|
<column name="INTERNATIONALIZATION_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
<column name="DEFAULT_LOCALE" type="VARCHAR(255)" />
|
<column name="DEFAULT_LOCALE" type="VARCHAR(255)" />
|
||||||
<column name="REGISTRATION_EMAIL_AS_USERNAME" type="BOOLEAN" defaultValueBoolean="false"/>
|
<column name="REG_EMAIL_AS_USERNAME" type="BOOLEAN" defaultValueBoolean="false">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
</addColumn>
|
</addColumn>
|
||||||
</changeSet>
|
</changeSet>
|
||||||
</databaseChangeLog>
|
</databaseChangeLog>
|
||||||
|
|
|
@ -33,6 +33,9 @@ public class Update1_2_0_Beta1 extends Update {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void update(KeycloakSession session) {
|
public void update(KeycloakSession session) {
|
||||||
|
deleteEntries("clientSessions");
|
||||||
|
deleteEntries("sessions");
|
||||||
|
|
||||||
convertSocialToIdFedRealms();
|
convertSocialToIdFedRealms();
|
||||||
convertSocialToIdFedUsers();
|
convertSocialToIdFedUsers();
|
||||||
addAccessCodeLoginTimeout();
|
addAccessCodeLoginTimeout();
|
||||||
|
|
|
@ -13,7 +13,7 @@ import java.io.Serializable;
|
||||||
/**
|
/**
|
||||||
* @author pedroigor
|
* @author pedroigor
|
||||||
*/
|
*/
|
||||||
@Table(name="CLIENT_IDENTITY_PROVIDER_MAPPING")
|
@Table(name="CLIENT_IDENTITY_PROV_MAPPING")
|
||||||
@Entity
|
@Entity
|
||||||
@IdClass(ClientIdentityProviderMappingEntity.Key.class)
|
@IdClass(ClientIdentityProviderMappingEntity.Key.class)
|
||||||
public class ClientIdentityProviderMappingEntity {
|
public class ClientIdentityProviderMappingEntity {
|
||||||
|
|
|
@ -51,8 +51,8 @@ public class IdentityProviderEntity {
|
||||||
private boolean authenticateByDefault;
|
private boolean authenticateByDefault;
|
||||||
|
|
||||||
@ElementCollection
|
@ElementCollection
|
||||||
@MapKeyColumn(name="name")
|
@MapKeyColumn(name="NAME")
|
||||||
@Column(name="value", columnDefinition = "TEXT")
|
@Column(name="VALUE", columnDefinition = "TEXT")
|
||||||
@CollectionTable(name="IDENTITY_PROVIDER_CONFIG", joinColumns={ @JoinColumn(name="IDENTITY_PROVIDER_ID") })
|
@CollectionTable(name="IDENTITY_PROVIDER_CONFIG", joinColumns={ @JoinColumn(name="IDENTITY_PROVIDER_ID") })
|
||||||
private Map<String, String> config;
|
private Map<String, String> config;
|
||||||
|
|
||||||
|
|
|
@ -47,7 +47,7 @@ public class RealmEntity {
|
||||||
protected String sslRequired;
|
protected String sslRequired;
|
||||||
@Column(name="REGISTRATION_ALLOWED")
|
@Column(name="REGISTRATION_ALLOWED")
|
||||||
protected boolean registrationAllowed;
|
protected boolean registrationAllowed;
|
||||||
@Column(name = "REGISTRATION_EMAIL_AS_USERNAME")
|
@Column(name = "REG_EMAIL_AS_USERNAME")
|
||||||
protected boolean registrationEmailAsUsername;
|
protected boolean registrationEmailAsUsername;
|
||||||
@Column(name="PASSWORD_CRED_GRANT_ALLOWED")
|
@Column(name="PASSWORD_CRED_GRANT_ALLOWED")
|
||||||
protected boolean passwordCredentialGrantAllowed;
|
protected boolean passwordCredentialGrantAllowed;
|
||||||
|
|
|
@ -69,7 +69,7 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
|
||||||
|
|
||||||
// Realm might be already removed at this point
|
// Realm might be already removed at this point
|
||||||
if (realmEntity != null) {
|
if (realmEntity != null) {
|
||||||
mongoStore.pullItemFromList(realmEntity, "defaultRoles", getId(), invContext);
|
mongoStore.pullItemFromList(realmEntity, "defaultRoles", getName(), invContext);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
|
||||||
|
|
||||||
// Application might be already removed at this point
|
// Application might be already removed at this point
|
||||||
if (appEntity != null) {
|
if (appEntity != null) {
|
||||||
mongoStore.pullItemFromList(appEntity, "defaultRoles", getId(), invContext);
|
mongoStore.pullItemFromList(appEntity, "defaultRoles", getName(), invContext);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
package org.keycloak.picketlink.idm;
|
package org.keycloak.picketlink.idm;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
|
import org.picketlink.idm.IdentityManager;
|
||||||
import org.picketlink.idm.PartitionManager;
|
import org.picketlink.idm.PartitionManager;
|
||||||
import org.picketlink.idm.event.CredentialUpdatedEvent;
|
import org.picketlink.idm.event.CredentialUpdatedEvent;
|
||||||
import org.picketlink.idm.event.EventBridge;
|
import org.picketlink.idm.event.EventBridge;
|
||||||
|
import org.picketlink.idm.internal.ContextualIdentityManager;
|
||||||
import org.picketlink.idm.ldap.internal.LDAPIdentityStore;
|
import org.picketlink.idm.ldap.internal.LDAPIdentityStore;
|
||||||
import org.picketlink.idm.ldap.internal.LDAPOperationManager;
|
import org.picketlink.idm.ldap.internal.LDAPOperationManager;
|
||||||
import org.picketlink.idm.model.basic.User;
|
import org.picketlink.idm.model.basic.User;
|
||||||
|
@ -37,9 +39,10 @@ public class KeycloakEventBridge implements EventBridge {
|
||||||
if (updateUserAccountAfterPasswordUpdate && event instanceof CredentialUpdatedEvent) {
|
if (updateUserAccountAfterPasswordUpdate && event instanceof CredentialUpdatedEvent) {
|
||||||
CredentialUpdatedEvent credEvent = ((CredentialUpdatedEvent) event);
|
CredentialUpdatedEvent credEvent = ((CredentialUpdatedEvent) event);
|
||||||
PartitionManager partitionManager = credEvent.getPartitionMananger();
|
PartitionManager partitionManager = credEvent.getPartitionMananger();
|
||||||
IdentityContext identityCtx = (IdentityContext)partitionManager.createIdentityManager();
|
ContextualIdentityManager identityManager = (ContextualIdentityManager) partitionManager.createIdentityManager();
|
||||||
|
IdentityContext identityCtx = identityManager.getIdentityContext();
|
||||||
|
|
||||||
CredentialStore store = ((StoreSelector)partitionManager).getStoreForCredentialOperation(identityCtx, credEvent.getCredential().getClass());
|
CredentialStore store = identityManager.getStoreSelector().getStoreForCredentialOperation(identityCtx, credEvent.getCredential().getClass());
|
||||||
if (store instanceof LDAPIdentityStore) {
|
if (store instanceof LDAPIdentityStore) {
|
||||||
LDAPIdentityStore ldapStore = (LDAPIdentityStore)store;
|
LDAPIdentityStore ldapStore = (LDAPIdentityStore)store;
|
||||||
LDAPOperationManager operationManager = ldapStore.getOperationManager();
|
LDAPOperationManager operationManager = ldapStore.getOperationManager();
|
||||||
|
|
|
@ -176,6 +176,9 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
// authenticated and redirected to app
|
// authenticated and redirected to app
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
|
||||||
|
|
||||||
|
brokerServerRule.stopSession(session, true);
|
||||||
|
session = brokerServerRule.startSession();
|
||||||
|
|
||||||
// check correct user is created with email as username and bound to correct federated identity
|
// check correct user is created with email as username and bound to correct federated identity
|
||||||
RealmModel realm = getRealm();
|
RealmModel realm = getRealm();
|
||||||
|
|
||||||
|
@ -218,6 +221,9 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
|
|
||||||
authenticateWithIdentityProvider(identityProviderModel, "test-user-noemail");
|
authenticateWithIdentityProvider(identityProviderModel, "test-user-noemail");
|
||||||
|
|
||||||
|
brokerServerRule.stopSession(session, true);
|
||||||
|
session = brokerServerRule.startSession();
|
||||||
|
|
||||||
// check correct user is created with username from provider as email is not available
|
// check correct user is created with username from provider as email is not available
|
||||||
RealmModel realm = getRealm();
|
RealmModel realm = getRealm();
|
||||||
UserModel federatedUser = getFederatedUser();
|
UserModel federatedUser = getFederatedUser();
|
||||||
|
@ -562,6 +568,9 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
|
|
||||||
doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail);
|
doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail);
|
||||||
|
|
||||||
|
brokerServerRule.stopSession(session, true);
|
||||||
|
session = brokerServerRule.startSession();
|
||||||
|
|
||||||
RealmModel realm = getRealm();
|
RealmModel realm = getRealm();
|
||||||
|
|
||||||
Set<FederatedIdentityModel> federatedIdentities = this.session.users().getFederatedIdentities(federatedUser, realm);
|
Set<FederatedIdentityModel> federatedIdentities = this.session.users().getFederatedIdentities(federatedUser, realm);
|
||||||
|
@ -610,9 +619,12 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
UserSessionStatus userSessionStatus = retrieveSessionStatus();
|
UserSessionStatus userSessionStatus = retrieveSessionStatus();
|
||||||
IDToken idToken = userSessionStatus.getIdToken();
|
IDToken idToken = userSessionStatus.getIdToken();
|
||||||
KeycloakSession samlServerSession = brokerServerRule.startSession();
|
KeycloakSession samlServerSession = brokerServerRule.startSession();
|
||||||
|
try {
|
||||||
RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker");
|
RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker");
|
||||||
|
|
||||||
return samlServerSession.users().getUserById(idToken.getSubject(), brokerRealm);
|
return samlServerSession.users().getUserById(idToken.getSubject(), brokerRealm);
|
||||||
|
} finally {
|
||||||
|
brokerServerRule.stopSession(samlServerSession, false);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void doAfterProviderAuthentication() {
|
protected void doAfterProviderAuthentication() {
|
||||||
|
@ -677,7 +689,7 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
this.session.users().removeFederatedIdentity(realm, user, fedIdentity.getIdentityProvider());
|
this.session.users().removeFederatedIdentity(realm, user, fedIdentity.getIdentityProvider());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!user.getUsername().equals("pedroigor")) {
|
if (!"pedroigor".equals(user.getUsername())) {
|
||||||
this.session.users().removeUser(realm, user);
|
this.session.users().removeUser(realm, user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,6 +33,11 @@ public class OIDCKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-kc-oidc.json"));
|
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-kc-oidc.json"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected String[] getTestRealms() {
|
||||||
|
return new String[] { "realm-with-oidc-identity-provider" };
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
@WebResource
|
@WebResource
|
||||||
|
|
|
@ -38,6 +38,11 @@ public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml.json"));
|
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml.json"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected String[] getTestRealms() {
|
||||||
|
return new String[] { "realm-with-saml-idp-basic" };
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -37,6 +37,11 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml-with-signature.json"));
|
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml-with-signature.json"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected String[] getTestRealms() {
|
||||||
|
return new String[] { "realm-with-saml-signed-idp" };
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -302,13 +302,18 @@ public class UserSessionProviderTest {
|
||||||
|
|
||||||
// Login lifespan is largest
|
// Login lifespan is largest
|
||||||
String clientSessionId = session.sessions().createClientSession(realm, realm.findClient("test-app")).getId();
|
String clientSessionId = session.sessions().createClientSession(realm, realm.findClient("test-app")).getId();
|
||||||
|
resetSession();
|
||||||
|
|
||||||
Time.setOffset(25);
|
Time.setOffset(25);
|
||||||
session.sessions().removeExpiredUserSessions(realm);
|
session.sessions().removeExpiredUserSessions(realm);
|
||||||
|
resetSession();
|
||||||
|
|
||||||
assertNotNull(session.sessions().getClientSession(clientSessionId));
|
assertNotNull(session.sessions().getClientSession(clientSessionId));
|
||||||
|
|
||||||
Time.setOffset(35);
|
Time.setOffset(35);
|
||||||
session.sessions().removeExpiredUserSessions(realm);
|
session.sessions().removeExpiredUserSessions(realm);
|
||||||
|
resetSession();
|
||||||
|
|
||||||
assertNull(session.sessions().getClientSession(clientSessionId));
|
assertNull(session.sessions().getClientSession(clientSessionId));
|
||||||
|
|
||||||
// User action is largest
|
// User action is largest
|
||||||
|
@ -316,13 +321,18 @@ public class UserSessionProviderTest {
|
||||||
|
|
||||||
Time.setOffset(0);
|
Time.setOffset(0);
|
||||||
clientSessionId = session.sessions().createClientSession(realm, realm.findClient("test-app")).getId();
|
clientSessionId = session.sessions().createClientSession(realm, realm.findClient("test-app")).getId();
|
||||||
|
resetSession();
|
||||||
|
|
||||||
Time.setOffset(35);
|
Time.setOffset(35);
|
||||||
session.sessions().removeExpiredUserSessions(realm);
|
session.sessions().removeExpiredUserSessions(realm);
|
||||||
|
resetSession();
|
||||||
|
|
||||||
assertNotNull(session.sessions().getClientSession(clientSessionId));
|
assertNotNull(session.sessions().getClientSession(clientSessionId));
|
||||||
|
|
||||||
Time.setOffset(45);
|
Time.setOffset(45);
|
||||||
session.sessions().removeExpiredUserSessions(realm);
|
session.sessions().removeExpiredUserSessions(realm);
|
||||||
|
resetSession();
|
||||||
|
|
||||||
assertNull(session.sessions().getClientSession(clientSessionId));
|
assertNull(session.sessions().getClientSession(clientSessionId));
|
||||||
|
|
||||||
// Access code is largest
|
// Access code is largest
|
||||||
|
@ -330,13 +340,18 @@ public class UserSessionProviderTest {
|
||||||
|
|
||||||
Time.setOffset(0);
|
Time.setOffset(0);
|
||||||
clientSessionId = session.sessions().createClientSession(realm, realm.findClient("test-app")).getId();
|
clientSessionId = session.sessions().createClientSession(realm, realm.findClient("test-app")).getId();
|
||||||
|
resetSession();
|
||||||
|
|
||||||
Time.setOffset(45);
|
Time.setOffset(45);
|
||||||
session.sessions().removeExpiredUserSessions(realm);
|
session.sessions().removeExpiredUserSessions(realm);
|
||||||
|
resetSession();
|
||||||
|
|
||||||
assertNotNull(session.sessions().getClientSession(clientSessionId));
|
assertNotNull(session.sessions().getClientSession(clientSessionId));
|
||||||
|
|
||||||
Time.setOffset(55);
|
Time.setOffset(55);
|
||||||
session.sessions().removeExpiredUserSessions(realm);
|
session.sessions().removeExpiredUserSessions(realm);
|
||||||
|
resetSession();
|
||||||
|
|
||||||
assertNull(session.sessions().getClientSession(clientSessionId));
|
assertNull(session.sessions().getClientSession(clientSessionId));
|
||||||
} finally {
|
} finally {
|
||||||
Time.setOffset(0);
|
Time.setOffset(0);
|
||||||
|
|
Loading…
Reference in a new issue