keycloak-bot
9f3d4a7d42
Set version to 17.0.0-SNAPSHOT
2021-12-20 10:50:39 +01:00
Marcelo Sales
afeaa6f593
KEYCLOAK-19391: Fix ldap query search adding custom serach filter
2021-12-15 08:54:52 +01:00
Marcelo Sales
e69c3dcb1f
KEYCLOAK-19391: Fix ldap query search adding custom serach filter
2021-12-15 08:54:52 +01:00
Daniel Fesenmeyer
339224578e
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
...
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Marek Posolda
11e5f66c60
KEYCLOAK-19056 EDIT MODE field should not be leave empty ( #8380 )
2021-09-14 20:27:09 +02:00
bohmber
0c64d32b9b
KEYCLOAK-19183
...
LDAPDn should use a static Pattern instead calling String.split with a regex
2021-09-06 09:17:26 +02:00
bohmber
ba946b54f7
KEYCLOAK-19021
...
LDAPOperationManager.getFilterById is causing additional call to AD
2021-08-19 09:25:33 +02:00
Thomas Darimont
f9b4e47851
KEYCLOAK-19036 Avoid infinite loop during LDAP sync with OpenLDAP and olcSizeLimit
...
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 17:42:13 +02:00
mposolda
418d1e3471
KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper
2021-08-18 17:39:19 +02:00
cturkalj
b4536a394a
Missing null check for session.userCache() added
...
NPE when existing user from LDAP is found (same LDAP_ID, but with changed username) and session.userCache() is null.
2021-08-03 13:40:02 +02:00
keycloak-bot
262ec3d031
Set version to 16.0.0-SNAPSHOT
2021-07-30 14:56:10 +02:00
mposolda
e58eeca800
KEYCLOAK-18706 Add UPDATE_PASSWORD required action only to authenticationSession when MSAD requires user to change password
2021-07-28 08:47:01 +02:00
Sven-Torben Janus
c6e7c06f6c
KEYCLOAK-18695 Support user lookup by ID with Novell eDirectory
...
The LDAPOperationManager does not encode GUID correctly when looking up
federated users from Novell eDirectory.
The correct encoding can be found here:
https://support.novell.com/docs/Tids/Solutions/10096551.html
2021-07-27 08:46:04 +02:00
keycloak-bot
13f7831a77
Set version to 15.0.0-SNAPSHOT
2021-06-18 10:42:27 +02:00
rmartinc
b97f177f26
[KEYCLOAK-14696] Unable to fetch list of members from a group through keycloak admin console.
2021-05-20 11:32:23 +02:00
keycloak-bot
4b44f7d566
Set version to 14.0.0-SNAPSHOT
2021-05-06 14:55:01 +02:00
Pascal Euhus
82fc401298
[KEYCLOAK-9841] use LDAPUser UUID as an identifier instead of username
2021-03-16 17:55:24 +01:00
Andrew Elwell
c76ca4ad13
Correct "doesn't exists" typos - fixes KEYCLOAK-14986 ( #7316 )
...
* Correct "doesn't exists" typos
* Revert changes to imported package
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2021-03-16 11:52:36 +01:00
Mathieu CLAUDEL
197b34889c
KEYCLOAK-17146 : Fix reset password MS AD LDS mapper
2021-03-03 09:17:39 +01:00
Thomas Darimont
2faf809536
KEYCLOAK-16464 Allow to map enabled user model attribute to LDAP attribute
2021-01-20 09:24:06 +01:00
Thomas Darimont
f76e9cc833
KEYCLOAK-16464 Allow to map emailVerified user model attribute to LDAP attribute
2021-01-20 09:24:06 +01:00
Michal Hajas
ba8e2fef6b
KEYCLOAK-15524 Cleanup user related interfaces
2021-01-18 16:56:10 +01:00
Jiri Lunacek
91a51c2dbe
KEYCLOAK-16606 add default value to mandatory LDAP attributes
2021-01-15 21:58:04 +01:00
vramik
1402d021de
KEYCLOAK-14846 Default roles processing
2021-01-08 13:55:48 +01:00
keycloak-bot
75be33ccad
Set version to 13.0.0-SNAPSHOT
2020-12-16 17:31:55 +01:00
Cédric Couralet
f4abc86a66
KEYCLOAK-16112 don't remove username attribute
2020-12-14 15:46:25 +01:00
Michal Hajas
8e376aef51
KEYCLOAK-15847 Add MapUserProvider
2020-12-10 08:57:53 +01:00
Thomas Riccardi
f45e187c35
Finish renaming 'application role' to 'client role' in help texts
2020-12-08 12:18:13 +01:00
Stefan Guilhen
edef93cd49
[KEYCLOAK-16232] Streamify the UserCredentialStore and UserCredentialManager interfaces
2020-12-07 19:48:35 +01:00
Stefan Guilhen
73d0bb34c4
[KEYCLOAK-16232] Replace usages of deprecated collection-based methods with the respective stream variants
2020-12-07 19:48:35 +01:00
Stefan Guilhen
84df008bc2
[KEYCLOAK-16341] Make the new stream-based methods in server-spi user interfaces default instead of the collection-based versions.
...
- this ensures that providing implementation for the collection-based methods is enough, which preserves
backwards compatibility with older custom implementations.
- alternative interfaces now allow new implementations to focus on the stream variants of the query methods.
2020-11-18 21:07:51 +01:00
Stefan Guilhen
aa46735173
[KEYCLOAK-15200] Complement methods for accessing users with Stream variants
2020-11-10 15:13:11 +01:00
Sven-Torben Janus
79f0703d62
KEYCLOAK-3365 Configure required actions for LDAP in READ_ONLY mode
2020-10-15 08:43:31 +02:00
Martin Kanis
086f7b4696
KEYCLOAK-15450 Complement methods for accessing realms with Stream variants
2020-10-14 08:16:49 +02:00
testn
269a72d672
KEYCLOAK-15184: Use static inner class where possible
2020-10-09 23:37:08 +02:00
testn
2cd03569d6
KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader
2020-09-21 13:05:03 +02:00
Martin Kanis
5d5e56dde3
KEYCLOAK-15199 Complement methods for accessing roles with Stream variants
2020-09-16 16:29:51 +02:00
Martin Kanis
4e9bdd44f3
KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak
2020-09-07 13:11:55 +02:00
Martin Kanis
d59a74c364
KEYCLOAK-15102 Complement methods for accessing groups with Stream variants
2020-08-28 20:56:10 +02:00
mposolda
bd48d7914d
KEYCLOAK-15139 Backwards compatibility for LDAP Read-only mode with IMPORT_USERS enabled
2020-08-20 14:05:21 +02:00
mposolda
a427784350
KEYCLOAK-14996 Fix performance bottleneck in GroupLDAPStorageMapper.getAllKcGroups
2020-08-18 18:04:32 +02:00
mhajas
ae39760a62
KEYCLOAK-14972 Add independent GroupProvider interface
2020-08-13 21:13:12 +02:00
rmartinc
32bf50e037
KEYCLOAK-14336: LDAP group membership is not visible under "Users in Role" tab for users imported from LDAP
2020-07-30 16:19:22 +02:00
Martin Idel
97400827d2
KEYCLOAK-14870: Fix bug where user is incorrectly imported
...
Bug: SerializedBrokeredIdentityContext was changed to mirror
UserModel changes. However, when creating the user in LDAP,
the username must be provided first (everything else can
be handled via attributes).
2020-07-29 11:33:41 +02:00
Réda Housni Alaoui
47f5b56a9a
KEYCLOAK-14747 LDAP pooling should include SSL protocol by default
2020-07-28 18:59:42 +02:00
mposolda
c4fca5895f
KEYCLOAK-14892 NullPointerException when group mappings for LDAP users are accessed
2020-07-28 14:45:06 +02:00
Martin Idel
bf411d7567
KEYCLOAK-14869: Fix nullpointer exception in FullNameLDAPStorageMapper
...
Setting an attribute should be possible with a list
containing no elements or a null list
This can happen e.g. when creating users via idps
using a UserAttributeStatementMapper.
Fix this unprotected access in other classes too
2020-07-28 09:54:37 +02:00
keycloak-bot
afff0a5109
Set version to 12.0.0-SNAPSHOT
2020-07-22 14:36:15 +02:00
Martin Idel
05b6ef8327
KEYCLOAK-14536 Migrate UserModel fields to attributes
...
- In order to make lastName/firstName/email/username field
configurable in profile
we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)
Fix tests with logic changes
- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes
Potential impact on users:
- When subclassing UserModel, consistency issues may occur since one can
now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Tero Saarni
3c82f523ff
[KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00