Commit graph

2403 commits

Author SHA1 Message Date
Stefan Guilhen
f45529de8c Deprecate IDP related methods in RealmModel
- delegate to the new provider

Closes #31253

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Stefan Guilhen
c16e88bcee Make the IDPProvider via session.identityProviders()
Closes #31252

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Stefan Guilhen
4c5f54ce0b Add JPA implementation for the IDPProvider
Closes #31250

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Alexander Schwartz
557cf1e60e Add a tombstone operation to optimize multiple deletes
Closes #31699

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 13:23:06 +02:00
Alexander Schwartz
6d404b86c9 Trigger clearing the user cache when the duplicate email allowed flag changes
Closes #31045

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 10:37:42 +02:00
Pedro Igor
04bd6653ec Invalidating domain cache and introducing cache for more query methods
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Ryan Emerson
69a8509f6c Remove outdated test code from model/infinispan module
Closes #31661

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-26 17:14:49 +02:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens
Closes #31296

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-26 11:46:14 +02:00
vramik
649b35929e Make sure users created through a registration link are managed members
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
Pedro Igor
6ce89670b5 Flaky test: org.keycloak.testsuite.model.user.UserModelTest#testAddRemoveUserConcurrent
Closes #30236

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-24 22:40:32 +02:00
Alexander Schwartz
65d4b74758 Filter out null values when looking up entries by ID
This should prevent null elements in the stream when doing concurrent operations.

Closes #28865

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-23 09:22:41 +02:00
Pedro Igor
de1de06354 Avoid adding organization flows if they are already exist
Closes #31182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-17 08:28:00 +02:00
Giuseppe Graziano
1df60461a9 Avoid race condition when using initial-access-token
Closes #27294

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-12 16:33:02 +02:00
rmartinc
ce195b81f8 Improve consent deletion when a realm is removed
Closes #30992

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-10 09:44:42 +02:00
Alexander Schwartz
d70f78072e
Make persistent sessions co-exist with remote cache feature (#30859)
Closes #30855

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-09 09:03:36 +02:00
Alexander Schwartz
9c1cbec987 Removing ths resource as it hasn't been referenced since at least Keycloak 18
Closes #31049

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-08 12:03:28 -03:00
Ryan Emerson
bf26d3364c Allow null Protostream fields
Closes #30761

Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-04 14:53:54 +02:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-02 16:02:35 +00:00
Pedro Igor
cc2ccc87b0 Filtering organization groups when managing or processing groups
Closes #30589

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-28 10:27:18 -03:00
Pedro Ruivo
829e12b857 Incorrect order when instantiate ClientRemovedEvent
* Fix incorrect order in ClientRemovedEvent constructor
* Do not send an event if the events list is empty

Closes #30840

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-28 09:51:02 +02:00
Pascal Knüppel
c4ebd0cd0c
Add event for ClientScope created (#30715)
closes #30795 

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-06-27 19:05:29 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
rmartinc
592c2250fc Add briefRepresentation query parameter to getUsersInRole endpoint
Closes #29480

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-21 11:21:02 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072)
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e External Infinispan as cache - Part 2
Includes a new implementation for the providers:

* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory

Closes #28648

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Martin Kanis
89f83e9788 Importing organizations failing if there is no broker and members in the representation
Closes #30305

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-19 08:46:04 -03:00
Stefan Guilhen
db846a792d Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches
Closes #30414

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-06-18 13:14:28 -03:00
Nicola Beghin
5192275780 issue keycloak/keycloak#30300
Signed-off-by: Nicola Beghin <nicolabeghin@gmail.com>
2024-06-18 10:13:39 -03:00
Pedro Ruivo
67098f0469 Fix AuthenticatedClientSessionEntity protostream encoding
For String fields that may be null, convert an empty string to null when
reading from Protostream

Fixes #30511

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-17 22:51:22 +02:00
Pedro Ruivo
66dd9e65b9 Fix LoginFailureEntity protostream encoding
The field lastIPFailure can be null and needs a proto factory to set it
to null when missing.

Closes #30485

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-17 12:30:13 +02:00
Pedro Ruivo
5c0dddd837 Batch cluster events
Sending multiple events in a single network request should minimize
latency and traffic.

Closes #30445

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-14 21:14:22 +02:00
Ryan Emerson
edde31a1ca Protobuf schema compatibility check (maven plugin)
Closes #30243

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-06-14 17:46:58 +02:00
Pedro Ruivo
1b342e4c07 Fix compilation error
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-13 16:44:56 -03:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474)
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-13 18:02:46 +02:00
vramik
8f72a77582 getByMember
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
vramik
de2fdbe98f cache count
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
vramik
78eee0b145 rename jpaOrgDelegate to orgDelegate
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
vramik
d355e38424 Provide a cache layer for the organization model
Closes #30087

Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
Alexander Schwartz
a161827766 Migration of sessions in KC25 should run only on migration, not on imports
Closes #30351

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-12 23:16:54 +02:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966)
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
Pedro Igor
f8d55ca7cd Export import realm with organizations
Closes #30006

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-05 09:50:03 +02:00
Martin Kanis
33331788a4 Introduce count method to avoid fetching all organization upon checking for existence
Closes #29697

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-04 10:45:28 -03:00
Alexander Schwartz
1f6c939efd
Ignore unknown realms when migrating sessions (#30041) 2024-06-03 10:43:16 +02:00
vramik
a8ceada973 Fix creation of domains when creating the organization
Closes #29005

Signed-off-by: vramik <vramik@redhat.com>
2024-06-03 10:22:20 +02:00
Andrejs Mivreniks
1cf87407fe Allow setting authentication flow execution priority value via Admin API
Closes #20747

Signed-off-by: Andrejs Mivreniks <andrejs@fastmail.com>
2024-05-30 19:17:45 +02:00
Erik Jan de Wit
f088b0009c
initial ui for organizations (#29643)
* initial screen

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* more screens

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added members tab

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added the backend

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added member add / invite models

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* initial version of the identity provider section

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* add link and unlink providers

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* small fix

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* PR comments

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Do not validate broker domain when the domain is an empty string

Closes #29759

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added filter and value

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added first name last name

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* refresh menu when realm organization is changed

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to record

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* changed to form data

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed lint error

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Changing name of invitation parameters

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Chancing name of parameters on the client

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Enable organization at the realm before running tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Domain help message

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Handling model validation errors when creating organizations

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Message key for organizationDetails

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Do not change kc.org attribute on group

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* add realm into the context

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* tests

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Changing button in invitation model to use Send instead of Save

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Better message when validating the organization domain

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Fixing compilation error after rebase

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* removed wait as it no longer required and skip flacky test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* skip tests that are flaky

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* stabilize user create test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 14:34:02 +02:00