Commit graph

416 commits

Author SHA1 Message Date
Hynek Mlnarik
6014070431 Fix memory leak in LDAP
The caching in LDAP stores and reuses the session at the time of creating
`LDAPIdentityStore`. On top of that, there is not much cached, since apart
from the session which must not be part of long-lived cache, only config
is cached in the objects which is anyway always recomputed.

The cache for the LDAP still retains the LDAPConfig to keep
the `logLDAPConfig` call upon config change.

Closes: #19396
2023-04-06 11:09:00 +02:00
Hynek Mlnarik
0d5363d0d5 Throw an exception rather than returning response
Closes: #17644
2023-04-03 14:43:50 +02:00
rmartinc
89dfeeec38 The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties
Closes https://github.com/keycloak/keycloak/issues/10412
2023-03-30 21:45:07 +02:00
Hiroyuki Wada
46eb2e1b84 Fix attribute deleted from LDAP is not immediately reflected even if it is "Always Read Value From LDAP" 2023-03-21 10:28:41 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334)
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Alexander Schwartz
1e4401f521 Avoid returning the same entity multiple times from separate searches
Closes #15604
2023-03-02 08:21:38 +01:00
rmartinc
5cdf4d5791 Read-Only attributes should be modified if creation is delayed for LDAP
Closes https://github.com/keycloak/keycloak/issues/16848
2023-03-01 11:26:57 +01:00
Alexander Schwartz
d4604984d0
Compatibility with Maven4 and parallel builds (#16312)
Closes #16308
2023-02-14 11:44:53 +01:00
mposolda
a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS
closes #14966
2023-01-25 18:38:46 +01:00
Hynek Mlnařík
60ce949304 Ignore unknown clients in LDAP role mapper
Fixes: #10958
2022-12-01 09:51:05 +01:00
rmartinc
b7188c3891
Unknown bind DN using LDAP anonymous bind aka bind type none (#15546)
Closes #15497
2022-11-23 10:23:46 +01:00
Hynek Mlnařík
fe6853c691
Update JavaDoc generation to be JDK11 compatible (#15569)
Fixes: #15566
2022-11-21 08:44:17 +01:00
Pedro Igor
6f7c62fc73 Remove unnecessary endpoints from our JAX-RS entensions
Closes #15525
2022-11-16 16:25:33 +01:00
Tomohiro Nagai
a4f6134ba3 Support kerberos IllegalArgumentException
closes #10672
2022-11-16 08:19:32 +01:00
Tomohiro Nagai
ba369a2c2b Support for communication timeout with kerberos server
Closes #10668
2022-11-16 08:17:35 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299)
closes #14965
2022-11-03 16:35:57 +01:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models
Closes #14720
2022-10-25 09:01:33 +02:00
Mark Andreev
581def56d6
Fix null username in ldap (#8717)
Closes #14667
2022-09-30 09:34:02 +02:00
rmartinc
cc9326fcad
Delay LDAPObject creation until mandatory attributes are set (#14341)
Closes #14286
2022-09-16 20:35:50 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Clara Fang
4643fd09e3 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
This should reduce GC pressure.

Closes #12644
2022-06-29 08:53:09 +02:00
Alexander Schwartz
6376db0f9c code cleanup 2022-06-21 08:53:06 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Nick Farley
91e88f554e Replaces instances of himself with more inclusive language
Closes #12300
2022-06-03 12:25:14 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing (#7943)
Closes #11875
2022-05-09 18:52:22 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups
Closes: 11771

see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
R0Wi
cb4a513e24 Fail authenticate if credentialInput is not of type UserCredentialModel
Code fix inside LDAPStorageProvider.java:
return failed result if credential input object is not of expected type

Closes #11191
2022-04-12 14:38:17 +02:00
Alexander Schwartz
fb92b95c33 Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible.
This reverts commit bc27c7c464.

Closes #10840
2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Clara Fang
bc27c7c464 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
Closes #10333
2022-03-18 11:20:52 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
pravsjv
a6acc89bf3
Update LDAPOperationManager.java (#9561)
Update LDAPOperationManager.java
Closes #9560
2022-01-20 17:33:56 +01:00
keycloak-bot
9f3d4a7d42 Set version to 17.0.0-SNAPSHOT 2021-12-20 10:50:39 +01:00
Marcelo Sales
afeaa6f593 KEYCLOAK-19391: Fix ldap query search adding custom serach filter 2021-12-15 08:54:52 +01:00
Marcelo Sales
e69c3dcb1f KEYCLOAK-19391: Fix ldap query search adding custom serach filter 2021-12-15 08:54:52 +01:00
Daniel Fesenmeyer
339224578e KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Marek Posolda
11e5f66c60
KEYCLOAK-19056 EDIT MODE field should not be leave empty (#8380) 2021-09-14 20:27:09 +02:00
bohmber
0c64d32b9b KEYCLOAK-19183
LDAPDn should use a static Pattern instead calling String.split with a regex
2021-09-06 09:17:26 +02:00
bohmber
ba946b54f7 KEYCLOAK-19021
LDAPOperationManager.getFilterById is causing additional call to AD
2021-08-19 09:25:33 +02:00
Thomas Darimont
f9b4e47851 KEYCLOAK-19036 Avoid infinite loop during LDAP sync with OpenLDAP and olcSizeLimit
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 17:42:13 +02:00
mposolda
418d1e3471 KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper 2021-08-18 17:39:19 +02:00