keycloak-scim

Author	SHA1	Message	Date
Pedro Igor	2c611cb8fc	User profile configuration scoped to user-federation provider closes #23878 Co-Authored-By: mposolda <mposolda@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com>	2023-11-27 14:45:44 +01:00
Sebastian Schuster	030f42ec83	More efficient listing of assigned and available client role mappings Closes #23404 Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2023-11-22 14:10:11 +01:00
Alexander Schwartz	a45934a762	Disable cache store and load only if a remote store is used Closes #10803 Closes #24766 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: daviddelannoy <16318239+daviddelannoy@users.noreply.github.com>	2023-11-20 18:50:02 +01:00
Réda Housni Alaoui	3f014c7299	Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058 ) closes #21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>	2023-11-13 19:13:01 +01:00
Alexander Schwartz	26e2fde115	Avoid reseting cachemanger to null to avoid a re-initialization (#24086 ) Also follow best practices of using volatile variables for double-locking, and not using shutdown caches. Closes #24085	2023-11-08 11:33:44 -05:00
Alice	69497382d8	Group scalability upgrades (#22700 ) closes #22372 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-26 16:50:45 +02:00
Hynek Mlnarik	c036980c37	Add TRANSIENT_USERS feature flag	2023-10-25 12:02:35 +02:00
Hynek Mlnarik	26328a7c1e	Support for transient sessions via lightweight users Part-of: Add support for not importing brokered user into Keycloak database Closes: #11334	2023-10-25 12:02:35 +02:00
JesseEstum	71777df3d9	Prevent stampede after realm cache invalidation Closes #22988 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-10-21 18:47:13 +02:00
Marek Posolda	829b7090fa	Avoid breaking change in UserSessionModel (#24134 ) closes #24096 Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-20 18:06:07 +02:00
mposolda	04777299b0	After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly closes #23880	2023-10-19 19:23:50 +02:00
shigeyuki kabano	6112b25648	Enhancing Light Weight Token(#22148 ) Closes #21183	2023-10-17 13:12:36 +02:00
Lex Cao	eedc4ceb18	Fix unexpected expiration when import offline client session Closes #23397	2023-10-13 15:45:07 +02:00
Martin Kanis	0853d484ec	Remove transaction in InfinispanSingleUseObjectProvider#remove (#23708 ) Co-authored-by: mposolda <mposolda@gmail.com>	2023-10-06 10:00:04 +02:00
mkrueger92	498be3d928	Reuse already fixed code to fetch offline user (#22429 ) The problem is again the wrap(...) function. In case the user is not found, then null is returned. This can happen when a federated user is deleted on the federation side but Keycloak is not informed about it. In that case, the session is still present but no UserModel can be created. Without this patch the stream contains null values. Some downstream users can not cope well with that. The adjustment of the function getUserSessionsCount(...) is slightly more expensive in execution, but returns the correct number. Closes #22428 Co-authored-by: Martin Krüger <mkrueger@mkru.de>	2023-09-21 20:19:09 +00:00
Bernd Bohmann	bb2f59df87	Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430 ) Closes #14820 --------- Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-09-20 17:20:43 +02:00
Alexander Schwartz	798846df6f	Remove legacy code which isn't used anymore and was deprecated for some time (#23264 ) Closes #23263	2023-09-18 11:04:02 +02:00
Peter Skopek	ef272f7668	SAML Adapter fix for EAP8 and WF29 Signed-off-by: Peter Skopek <pskopek@redhat.com>	2023-09-07 13:32:25 +02:00
Alexander Schwartz	dfc8c80264	Upgrade to Infinispan 14.0.14 (#22386 ) Closes #21092	2023-08-16 14:43:03 +02:00
Todor Staykovski	dffa7a31cb	Add subgroups sorting (#22295 ) * Review comments to add a test, update the API description and adjust the map storage. Closes #19348 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2023-08-07 21:18:09 +02:00
Alexander Schwartz	cf911075af	Re-adding Infinispan workarounds to prevent deadlocks (#22058 ) Relates to #9871 Closes #22057	2023-07-31 10:37:28 +02:00
Alexander Schwartz	bd0f87fc4d	Remove Infinispan workarounds introduced to prevent deadlocks (#21862 ) This should no longer be necessary after the upgrade to Infinispan 14.0.13.Final and ISPN-13666 being resolved. Closes #9871	2023-07-24 09:50:32 +02:00
William Burns	de04684dd0	Do not cache a session that is already expired in listener (#21684 ) Fixes part of #20983	2023-07-18 12:04:04 +02:00
Alexander Schwartz	9b3effb4b8	Prevent cache stampede on realms Closes #21521	2023-07-15 09:03:53 +02:00
Patrick Jennings	399a23bd56	Find an appropriate key based on the given KID and JWA (#21160 ) * keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found. Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication. * Update js/apps/admin-ui/public/locales/en/clients.json Co-authored-by: Marek Posolda <mposolda@gmail.com> * Updating boolean variable name based on suggestions by Marek. * Adding integration test specifically for the JWT parameters for regression #20847. --------- Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-07-10 13:28:55 +02:00
Martin Kanis	db9b6c2152	Make awaitInitialTransfer for ISPN configurable Closes #16671	2023-06-27 14:04:03 +02:00
Alexander Schwartz	e410a76c42	Avoid caching the list of clientscopes in two places Closes #20426 Co-authored-by: Martin Kanis <mkanis@redhat.com>	2023-06-13 21:33:21 +02:00
Vlasta Ramik	ed473da22b	Clean-up of deprecated methods and interfaces Fixes #20877 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-06-09 17:11:20 +00:00
Hynek Mlnarik	12dd3edb10	Fix pagination issue with H6 With Hibernate ORM 6, pagination started to be unreliable: When setting the max results only if the first row was 0 has randomly affected other threads where first row was greater than 0. The latter thread sometimes produced query which did not account for the offset (cf. threads `-t1` and `-t2` below, while `-t2` missed the `offset ? rows` part whic `-t3` has). This has been fixed by setting the first row offset unconditionally. Closes: #20202 Closes: #16570 ``` 2023-06-02 10:19:03.855000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t1) Running computation for segment 0 with worker 0 2023-06-02 10:19:03.856000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t1) Loading sessions for segment=0 lastSessionId=00000000-0000-0000-0000-000000000000 first=0 2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@2fb60f8b 2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) After pagination: 0, 64 2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t2) Running computation for segment 1 with worker 1 2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t2) Loading sessions for segment=1 lastSessionId=00000000-0000-0000-0000-000000000000 first=64 2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t3) Running computation for segment 2 with worker 2 2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set first to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f 2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f 2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) After pagination: 64, 64 2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t3) Loading sessions for segment=2 lastSessionId=00000000-0000-0000-0000-000000000000 first=128 10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t1) select p1_0.OFFLINE_FLAG, p1_0.USER_SESSION_ID, p1_0.CREATED_ON, p1_0.DATA, p1_0.LAST_SESSION_REFRESH, p1_0.REALM_ID, p1_0.USER_ID from OFFLINE_USER_SESSION p1_0, REALM r1_0 where r1_0.ID=p1_0.REALM_ID and p1_0.OFFLINE_FLAG=? and p1_0.USER_SESSION_ID>? order by p1_0.USER_SESSION_ID fetch first ? rows only 10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t2) select p1_0.OFFLINE_FLAG, p1_0.USER_SESSION_ID, p1_0.CREATED_ON, p1_0.DATA, p1_0.LAST_SESSION_REFRESH, p1_0.REALM_ID, p1_0.USER_ID from OFFLINE_USER_SESSION p1_0, REALM r1_0 where r1_0.ID=p1_0.REALM_ID and p1_0.OFFLINE_FLAG=? and p1_0.USER_SESSION_ID>? order by p1_0.USER_SESSION_ID fetch first ? rows only 2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [1] as [VARCHAR] - [1] 2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [2] as [VARCHAR] - [00000000-0000-0000-0000-000000000000] 2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [3] as [INTEGER] - [64] 10:19:03,860 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t3) select p1_0.OFFLINE_FLAG, p1_0.USER_SESSION_ID, p1_0.CREATED_ON, p1_0.DATA, p1_0.LAST_SESSION_REFRESH, p1_0.REALM_ID, p1_0.USER_ID from OFFLINE_USER_SESSION p1_0, REALM r1_0 where r1_0.ID=p1_0.REALM_ID and p1_0.OFFLINE_FLAG=? and p1_0.USER_SESSION_ID>? order by p1_0.USER_SESSION_ID offset ? rows fetch first ? rows only 2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [3] as [INTEGER] - [128] 2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [4] as [INTEGER] - [64] ``` Co-authored-by: mkanis <mkanis@redhat.com>	2023-06-07 20:45:34 +02:00
rmartinc	81aa588ddc	Fix and correlate session timeout calculations in legacy and new map implementations Closes https://github.com/keycloak/keycloak/issues/14854 Closes https://github.com/keycloak/keycloak/issues/11990	2023-06-05 18:46:23 +02:00
Tomas Slusny	1b06c4cf6c	Use cached policy store in Infinispan PolicyAdapter (#20566 )	2023-05-29 10:39:24 -03:00
Alexander Schwartz	5cd0d51fa6	Don't remove an element from the cache that was queued to be created during the current request This avoids a remove Infinispan call in multi-node and cross-DC setups. Closes #20404	2023-05-25 10:33:23 +02:00
Pedro Ruivo	abd75a786f	Enable simple-cache for local-cache Closes #20486	2023-05-24 09:47:20 +02:00
Stefan Guilhen	2252b09949	Remove deprecated default roles methods Closes #15046	2023-05-23 22:32:52 +02:00
mkrueger92	256bb84cc4	Avoid NPE while fetching offline sessions (#17577 )	2023-05-18 13:32:02 +02:00
Alexander Schwartz	c2c5012cfb	Upgrade to latest Infinispan version 14.0.8 Closes #20067	2023-05-02 13:45:05 +02:00
Hynek Mlnarik	4189edc9f1	Fix dependency Fixes: #16538	2023-04-27 13:36:54 +02:00
Stefan Guilhen	e505021681	Model upgrade Hibernate/JPA --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/pom.xml - Modified --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified --- Quarkus3 branch sync no. 11 (24.3.2023) Resolved conflicts: keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified --- Quarkus3 branch sync no. 7 (27.2.2023) Resolved conflicts: keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/client/entity/JpaClientEntity.java - Modified keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/clientScope/entity/JpaClientScopeEntity.java - Modified keycloak/pom.xml - Modified --- Quarkus3 branch sync no. 6 (17.2.2023) Resolved conflicts: keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified --- Quarkus3 branch sync no. 1 (18.1.2023) Resolved conflicts: keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/hibernate/dialect/JsonbPostgreSQL95Dialect.java - Modified	2023-04-27 13:36:54 +02:00
Martin Bartoš	7cff857238	Migrate packages from javax.* to jakarta.* --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java - Modified --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified --- Quarkus3 branch sync no. 10 (17.3.2023) Resolved conflicts: keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java - Modified --- Quarkus3 branch sync no. 9 (10.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified --- Quarkus3 branch sync no. 8 (3.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java Modified - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified --- Quarkus3 branch sync no. 6 (17.2.2023) Resolved conflicts: keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified --- Quarkus3 branch sync no. 5 (10.2.2023) Resolved conflicts: /keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java Modified - Modified keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified --- Quarkus3 branch sync no. 4 (3.2.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified --- Quarkus3 branch sync no. 1 (18.1.2023) Resolved conflicts: keycloak/testsuite/client/ClientPoliciesTest.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified	2023-04-27 13:36:54 +02:00
Martin Kanis	5e7793b64d	Unexpected invalid_grant error on offline session refresh when client session is not in the cache Closes #9959 Co-authored-by: Martin Kanis <mkanis@redhat.com> Co-authored-by: Lex Cao <lexcao@foxmail.com>	2023-03-15 12:39:43 +01:00
Michal Hajas	465019bec4	Extract attachDevice outside of storage layer Closes #17336	2023-03-03 17:58:34 +01:00
Jon Koops	972ebb9650	Use a valid SemVer format for the SNAPSHOT version (#17334 ) * Use a valid SemVer format for the SNAPSHOT version * Update pom.xml * Update pom.xml --------- Co-authored-by: Stian Thorgersen <stianst@gmail.com> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2023-03-03 11:11:44 +01:00
Hynek Mlnarik	3119566407	Prevent endless loop in case of split-brain Fixes: #16427	2023-01-13 16:23:18 +01:00
Hynek Mlnarik	7708e2cc5c	Fix putAll issues Closes: #16287	2023-01-06 12:01:19 +01:00
Pedro Igor	fb554c09db	Incrementally cache consents on a per client basis Closes #16224	2023-01-03 14:28:41 -08:00
Martin Kanis	5aae3842c4	Upgrade to Infinispan 14.0.4.Final	2022-12-22 10:09:05 +01:00
Martin Kanis	08061afbd4	Replace operation set wrong lifespan in remote infinispan database and leads to session eviction (#15619 ) Closes #10755	2022-11-23 12:03:50 +01:00
Martin Kanis	5e891951f5	Update Infinispan version to 14.0.2.Final	2022-11-16 14:56:45 +01:00
Michal Hajas	d9dcb6c60a	Fix Infinispan adapter not checking updated value in getAttribute methods Closes #12819	2022-11-07 20:44:43 +01:00
Marek Posolda	2ba5ca3c5f	Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114 ) Closes #14794	2022-11-03 09:32:45 +01:00

1 2 3 4 5 ...

587 commits