Marek Posolda
commit
c6b34f32a1
7 changed files with 24 additions and 15 deletions
|
|
@ -244,7 +244,7 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
|||
// Just guessing email from kerberos realm
|
||||
String email = username + "@" + kerberosConfig.getKerberosRealm().toLowerCase();
|
||||
|
||||
logger.info("Creating kerberos user: " + username + ", email: " + email + " to local Keycloak storage");
|
||||
logger.debugf("Creating kerberos user: %s, email: %s to local Keycloak storage", username, email);
|
||||
UserModel user = session.userStorage().addUser(realm, username);
|
||||
user.setEnabled(true);
|
||||
user.setEmail(email);
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
|
|||
String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
|
||||
|
||||
if (roleContainer.getRole(roleName) == null) {
|
||||
logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName);
|
||||
logger.debugf("Syncing role [%s] from LDAP to keycloak DB", roleName);
|
||||
roleContainer.addRole(roleName);
|
||||
}
|
||||
}
|
||||
|
|
@ -208,7 +208,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
|
|||
roleDn.addFirst(roleNameAttribute, roleName);
|
||||
ldapObject.setDn(roleDn);
|
||||
|
||||
logger.infof("Creating role [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
|
||||
logger.debugf("Creating role [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
|
||||
ldapProvider.getLdapIdentityStore().add(ldapObject);
|
||||
return ldapObject;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,9 +4,11 @@ import java.util.List;
|
|||
|
||||
import org.keycloak.migration.ModelVersion;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
|
||||
/**
|
||||
|
|
@ -19,17 +21,24 @@ public class MigrateTo1_6_0 {
|
|||
public void migrate(KeycloakSession session) {
|
||||
List<RealmModel> realms = session.realms().getRealms();
|
||||
for (RealmModel realm : realms) {
|
||||
if (realm.getRole(Constants.OFFLINE_ACCESS_ROLE) == null) {
|
||||
for (RoleModel realmRole : realm.getRoles()) {
|
||||
realmRole.setScopeParamRequired(false);
|
||||
}
|
||||
for (ClientModel client : realm.getClients()) {
|
||||
for (RoleModel clientRole : client.getRoles()) {
|
||||
clientRole.setScopeParamRequired(false);
|
||||
}
|
||||
}
|
||||
|
||||
for (RoleModel realmRole : realm.getRoles()) {
|
||||
realmRole.setScopeParamRequired(false);
|
||||
}
|
||||
for (ClientModel client : realm.getClients()) {
|
||||
for (RoleModel clientRole : client.getRoles()) {
|
||||
clientRole.setScopeParamRequired(false);
|
||||
KeycloakModelUtils.setupOfflineTokens(realm);
|
||||
RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);
|
||||
|
||||
// Check if possible to avoid iterating over users
|
||||
for (UserModel user : session.userStorage().getUsers(realm, true)) {
|
||||
user.grantRole(role);
|
||||
}
|
||||
}
|
||||
|
||||
KeycloakModelUtils.setupOfflineTokens(realm);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ public class UserFederationManager implements UserProvider {
|
|||
if (realmModel == null) return;
|
||||
UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel);
|
||||
tx.userStorage().removeUser(realmModel, deletedUser);
|
||||
logger.infof("Removed invalid user '%s'", user.getUsername());
|
||||
logger.debugf("Removed invalid user '%s'", user.getUsername());
|
||||
tx.getTransaction().commit();
|
||||
} finally {
|
||||
tx.close();
|
||||
|
|
|
|||
|
|
@ -399,7 +399,7 @@ public class TokenEndpoint {
|
|||
|
||||
if (clientUser == null || client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER) == null) {
|
||||
// May need to handle bootstrap here as well
|
||||
logger.infof("Service account user for client '%s' not found or default protocol mapper for service account not found. Creating now", client.getClientId());
|
||||
logger.debugf("Service account user for client '%s' not found or default protocol mapper for service account not found. Creating now", client.getClientId());
|
||||
new ClientManager(new RealmManager(session)).enableServiceAccount(client);
|
||||
clientUser = session.users().getUserByServiceAccountClient(client);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ public class ClientManager {
|
|||
// Add dedicated user for this service account
|
||||
if (realmManager.getSession().users().getUserByServiceAccountClient(client) == null) {
|
||||
String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId();
|
||||
logger.infof("Creating service account user '%s'", username);
|
||||
logger.debugf("Creating service account user '%s'", username);
|
||||
|
||||
// Don't use federation for service account user
|
||||
UserModel user = realmManager.getSession().userStorage().addUser(client.getRealm(), username);
|
||||
|
|
|
|||
|
|
@ -280,7 +280,7 @@ public class ResourceAdminManager {
|
|||
protected boolean sendPushRevocationPolicyRequest(RealmModel realm, ClientModel resource, int notBefore, String managementUrl) {
|
||||
PushNotBeforeAction adminAction = new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getClientId(), notBefore);
|
||||
String token = new TokenManager().encodeToken(realm, adminAction);
|
||||
logger.infov("pushRevocation resource: {0} url: {1}", resource.getClientId(), managementUrl);
|
||||
logger.debugv("pushRevocation resource: {0} url: {1}", resource.getClientId(), managementUrl);
|
||||
URI target = UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_PUSH_NOT_BEFORE).build();
|
||||
try {
|
||||
int status = session.getProvider(HttpClientProvider.class).postText(target.toString(), token);
|
||||
|
|
|
|||
Loading…
Reference in a new issue