From c036980c3759b833d98030cf1299297a7ec97436 Mon Sep 17 00:00:00 2001 From: Hynek Mlnarik Date: Fri, 20 Oct 2023 14:02:07 +0200 Subject: [PATCH] Add TRANSIENT_USERS feature flag --- .../java/org/keycloak/common/Profile.java | 2 + .../java/org/keycloak/common/ProfileTest.java | 3 +- .../add/AdvancedSettings.tsx | 53 ++++++++++--------- .../admin-ui/src/utils/useIsFeatureEnabled.ts | 1 + .../AuthenticationSessionAdapter.java | 4 +- .../InfinispanUserSessionProvider.java | 4 +- .../it/cli/dist/FeaturesDistTest.java | 2 +- ...ndDistTest.testBuildHelp.unix.approved.txt | 4 +- ...istTest.testBuildHelp.windows.approved.txt | 4 +- ...dDistTest.testExportHelp.unix.approved.txt | 4 +- ...stTest.testExportHelpAll.unix.approved.txt | 4 +- ...dDistTest.testImportHelp.unix.approved.txt | 4 +- ...stTest.testImportHelpAll.unix.approved.txt | 4 +- ...istTest.testStartDevHelp.unix.approved.txt | 4 +- ...Test.testStartDevHelp.windows.approved.txt | 4 +- ...Test.testStartDevHelpAll.unix.approved.txt | 4 +- ...t.testStartDevHelpAll.windows.approved.txt | 4 +- ...ndDistTest.testStartHelp.unix.approved.txt | 4 +- ...istTest.testStartHelp.windows.approved.txt | 4 +- ...istTest.testStartHelpAll.unix.approved.txt | 4 +- ...Test.testStartHelpAll.windows.approved.txt | 4 +- .../models/light/LightweightUserAdapter.java | 6 ++- .../models/IdentityProviderModel.java | 4 +- .../KcOidcBrokerTransientSessionsTest.java | 3 ++ 24 files changed, 79 insertions(+), 59 deletions(-) diff --git a/common/src/main/java/org/keycloak/common/Profile.java b/common/src/main/java/org/keycloak/common/Profile.java index d117bb3c89..7704c171be 100755 --- a/common/src/main/java/org/keycloak/common/Profile.java +++ b/common/src/main/java/org/keycloak/common/Profile.java @@ -95,6 +95,8 @@ public class Profile { LINKEDIN_OAUTH("LinkedIn Social Identity Provider based on OAuth", Type.DEPRECATED), DEVICE_FLOW("OAuth 2.0 Device Authorization Grant", Type.DEFAULT), + + TRANSIENT_USERS("Transient users for brokering", Type.PREVIEW), ; private final Type type; diff --git a/common/src/test/java/org/keycloak/common/ProfileTest.java b/common/src/test/java/org/keycloak/common/ProfileTest.java index cbf9c80fdb..62a750330b 100644 --- a/common/src/test/java/org/keycloak/common/ProfileTest.java +++ b/common/src/test/java/org/keycloak/common/ProfileTest.java @@ -71,6 +71,7 @@ public class ProfileTest { Assert.assertEquals(Profile.ProfileName.DEFAULT, profile.getName()); Set disabledFeatures = new HashSet<>(Arrays.asList( + Profile.Feature.TRANSIENT_USERS, Profile.Feature.DPOP, Profile.Feature.FIPS, Profile.Feature.ACCOUNT3, @@ -92,7 +93,7 @@ public class ProfileTest { disabledFeatures.add(Profile.Feature.KERBEROS); } assertEquals(profile.getDisabledFeatures(), disabledFeatures); - assertEquals(profile.getPreviewFeatures(), Profile.Feature.ACCOUNT3, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, Profile.Feature.UPDATE_EMAIL, Profile.Feature.DPOP); + assertEquals(profile.getPreviewFeatures(), Profile.Feature.ACCOUNT3, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, Profile.Feature.UPDATE_EMAIL, Profile.Feature.DPOP, Profile.Feature.TRANSIENT_USERS); } @Test diff --git a/js/apps/admin-ui/src/identity-providers/add/AdvancedSettings.tsx b/js/apps/admin-ui/src/identity-providers/add/AdvancedSettings.tsx index 01427c3dad..9f3100d192 100644 --- a/js/apps/admin-ui/src/identity-providers/add/AdvancedSettings.tsx +++ b/js/apps/admin-ui/src/identity-providers/add/AdvancedSettings.tsx @@ -15,6 +15,7 @@ import { HelpItem } from "ui-shared"; import { adminClient } from "../../admin-client"; import { useFetch } from "../../utils/useFetch"; +import useIsFeatureEnabled, { Feature } from "../../utils/useIsFeatureEnabled"; import type { FieldProps } from "../component/FormGroupField"; import { FormGroupField } from "../component/FormGroupField"; import { SwitchField } from "../component/SwitchField"; @@ -106,12 +107,14 @@ export const AdvancedSettings = ({ isOIDC, isSAML }: AdvancedSettingsProps) => { defaultValue: "false", }); const claimFilterRequired = filteredByClaim === "true"; - const transientSessions = useWatch({ + const isFeatureEnabled = useIsFeatureEnabled(); + const isTransientUsersEnabled = isFeatureEnabled(Feature.TransientUsers); + const transientUsers = useWatch({ control, name: "config.doNotStoreUsers", defaultValue: "false", }); - const syncModeAvailable = transientSessions === "false"; + const syncModeAvailable = transientUsers === "false"; return ( <> {!isOIDC && !isSAML && ( @@ -238,28 +241,30 @@ export const AdvancedSettings = ({ isOIDC, isSAML }: AdvancedSettingsProps) => { defaultValue="" /> - - ( - { - field.onChange(value.toString()); - // if field is checked, set sync mode to import - if (value) { - setValue("config.syncMode", "IMPORT"); - } - }} - /> - )} - /> - + {isTransientUsersEnabled && ( + + ( + { + field.onChange(value.toString()); + // if field is checked, set sync mode to import + if (value) { + setValue("config.syncMode", "IMPORT"); + } + }} + /> + )} + /> + + )} {syncModeAvailable && ( { diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java index 5ab946220a..f3108366fc 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java @@ -28,7 +28,7 @@ import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.OPTI @LegacyStore public class FeaturesDistTest { - private static final String PREVIEW_FEATURES_EXPECTED_LOG = "Preview features enabled: account3, admin-fine-grained-authz, client-secret-rotation, declarative-user-profile, dpop, recovery-codes, scripts, token-exchange, update-email"; + private static final String PREVIEW_FEATURES_EXPECTED_LOG = "Preview features enabled: account3, admin-fine-grained-authz, client-secret-rotation, declarative-user-profile, dpop, recovery-codes, scripts, token-exchange, transient-users, update-email"; @Test public void testEnableOnBuild(KeycloakDistribution dist) { diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt index 8b1ddade26..a8b32b286b 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt @@ -50,7 +50,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -58,7 +58,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. HTTP/TLS: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt index 9f4fbf1530..7e8015f1cb 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt @@ -50,7 +50,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -58,7 +58,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. HTTP/TLS: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt index c2d57adfb4..bc82b0c0c1 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt @@ -61,7 +61,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -69,7 +69,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt index a1e80f5721..b0a791f8da 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt @@ -124,7 +124,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -132,7 +132,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt index 3b62ae6420..487ea4d9cb 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt @@ -61,7 +61,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -69,7 +69,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt index 5140fcb9dc..8785b44da8 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt @@ -124,7 +124,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -132,7 +132,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Config: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt index c47b41a2de..209ff5d24a 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt @@ -77,7 +77,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -85,7 +85,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Hostname: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt index a73923a126..668d9bfeb5 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt @@ -75,7 +75,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -83,7 +83,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Hostname: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt index e4bcdc09b5..a68acc4e29 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt @@ -140,7 +140,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -148,7 +148,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Hostname: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt index a3e4530e79..dfa5cd407d 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt @@ -138,7 +138,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -146,7 +146,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Hostname: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt index bd0feb7e0f..9612b55ee1 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt @@ -78,7 +78,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -86,7 +86,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Hostname: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt index 1080c0f779..ecb034d124 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt @@ -76,7 +76,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -84,7 +84,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Hostname: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt index 7d9681d0eb..c7580f9d98 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt @@ -141,7 +141,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -149,7 +149,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Hostname: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt index 7b08eb2952..33f353f20e 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt @@ -139,7 +139,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, @@ -147,7 +147,7 @@ Feature: declarative-user-profile, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. + transient-users, update-email, web-authn. Hostname: diff --git a/server-spi-private/src/main/java/org/keycloak/models/light/LightweightUserAdapter.java b/server-spi-private/src/main/java/org/keycloak/models/light/LightweightUserAdapter.java index c7644d0a28..c241e74a30 100644 --- a/server-spi-private/src/main/java/org/keycloak/models/light/LightweightUserAdapter.java +++ b/server-spi-private/src/main/java/org/keycloak/models/light/LightweightUserAdapter.java @@ -16,6 +16,8 @@ */ package org.keycloak.models.light; +import org.keycloak.common.Profile; +import org.keycloak.common.Profile.Feature; import org.keycloak.common.util.Base64; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSession; @@ -61,11 +63,11 @@ public class LightweightUserAdapter extends AbstractInMemoryUserAdapter { public static final String ID_PREFIX = "lightweight-"; public static boolean isLightweightUser(UserModel user) { - return user instanceof LightweightUserAdapter; + return Profile.isFeatureEnabled(Feature.TRANSIENT_USERS) && user instanceof LightweightUserAdapter; } public static boolean isLightweightUser(String id) { - return id != null && id.startsWith(ID_PREFIX); + return Profile.isFeatureEnabled(Feature.TRANSIENT_USERS) && id != null && id.startsWith(ID_PREFIX); } public static String getLightweightUserId(String id) { diff --git a/server-spi/src/main/java/org/keycloak/models/IdentityProviderModel.java b/server-spi/src/main/java/org/keycloak/models/IdentityProviderModel.java index 648652321d..589dd189d5 100755 --- a/server-spi/src/main/java/org/keycloak/models/IdentityProviderModel.java +++ b/server-spi/src/main/java/org/keycloak/models/IdentityProviderModel.java @@ -16,6 +16,8 @@ */ package org.keycloak.models; +import org.keycloak.common.Profile; +import org.keycloak.common.Profile.Feature; import java.io.Serializable; import java.util.HashMap; import java.util.Map; @@ -266,7 +268,7 @@ public class IdentityProviderModel implements Serializable { * @return */ public boolean isTransientUsers() { - return Boolean.valueOf(getConfig().get(DO_NOT_STORE_USERS)); + return Profile.isFeatureEnabled(Feature.TRANSIENT_USERS) && Boolean.valueOf(getConfig().get(DO_NOT_STORE_USERS)); } /** diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTransientSessionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTransientSessionsTest.java index 43f6497c69..f17eec1f26 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTransientSessionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTransientSessionsTest.java @@ -20,6 +20,7 @@ import org.keycloak.broker.oidc.mappers.UserAttributeMapper; import org.keycloak.broker.provider.ConfigConstants; import org.keycloak.broker.provider.HardcodedRoleMapper; import org.keycloak.broker.provider.util.SimpleHttp; +import org.keycloak.common.Profile; import org.keycloak.crypto.Algorithm; import org.keycloak.events.Details; import org.keycloak.events.Errors; @@ -50,6 +51,7 @@ import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.AssertEvents; +import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.updaters.Creator; import org.keycloak.testsuite.util.AccountHelper; import org.keycloak.testsuite.util.OAuthClient; @@ -92,6 +94,7 @@ import static org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.CONSUMER_B /** * Final class as it's not intended to be overriden. Feel free to remove "final" if you really know what you are doing. */ +@EnableFeature(value = Profile.Feature.TRANSIENT_USERS, skipRestart = true) public final class KcOidcBrokerTransientSessionsTest extends AbstractAdvancedBrokerTest { private final static String USER_ATTRIBUTE_NAME = "user-attribute"; private final static String USER_ATTRIBUTE_VALUE = "attribute-value";