Commit graph

684 commits

Author SHA1 Message Date
Thomas Darimont
3315ea718a Add ability to enable OID4VCI Verifiable Credentials per realm (#34524)
- Added new realm property verifiableCredentialsEnabled
- Updated RealmRepresentation
- Guarded route to Oid4VCI page
- Add boolean switch to Realm settings page to control Verifiable Credentials enablement
- We now only show the Verifiable Credentials page in the nave if the "Verifiable Credentials" realm setting is enabled.

Fixes #34524

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-11-04 14:58:30 +01:00
Pedro Ruivo
84f4bd8af1 Client Scope updates are not replicated between Keycloak nodes
Fixes #33731

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-25 11:22:15 +02:00
Martin Kanis
4f3ced9560 ConcurrentModificationException when restarting user sessions
Closes #34093

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-24 21:26:50 +02:00
Pedro Ruivo
f507caae6c Deleting a user leads to ISPN marshalling exception
Fixes #34224

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-23 11:53:25 +02:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-22 20:19:19 +00:00
Gilvan Filho
c4005d29f0 add linear strategy to brute force
closes #25917

Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
2024-10-22 10:33:22 -03:00
Pedro Hos
91026d6713
NPE when Default Role is not present on CachedRealm
closes: #33817

Signed-off-by: Pedro Hos <pedro-hos@outlook.com>
2024-10-15 09:23:18 +02:00
Pedro Igor
f4f3a7de4a The event should also support user invalidation events
Closes #33777

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-10 11:41:50 -03:00
Pedro Ruivo
464fc90519
Fail to start if work cache is not replicated
Keycloak will now fail to start if the work cache is replicated.
Listeners require the data to be local.

Closes #33702

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-09 19:40:24 +00:00
Pedro Igor
13111daceb Move organization membership cache entries to the user cache
Closes #33412

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-03 10:31:26 -03:00
vramik
c1653448f3 [Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link
Closes #33201

Signed-off-by: vramik <vramik@redhat.com>
2024-10-02 07:37:48 -03:00
Pedro Igor
ef48a3a360 Avoid running org related code if there are no orgs in a realm
Closes #33424

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-02 09:39:25 +02:00
Stefan Guilhen
9b7cf9d584 Ensure componentsByParentAndType in CachedRealm is returned as a concurrent multi-valued map
Closes #30235

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-01 17:39:00 -03:00
Pedro Igor
3887ee3006 Do not store RealmModel in cache entries
Closes #33439

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-01 17:37:46 +02:00
Alexander Schwartz
8769fed585 Fixing bug in condition
Closes #33353

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
Pedro Igor
4bd29e257b Fixing tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-30 18:35:45 -03:00
Pedro Igor
c558bbe118 Fixing tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-30 18:35:45 -03:00
Alexander Schwartz
fd1f3c52d3 Further optimizations
Closes #33353

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
Alexander Schwartz
5c503a55e9 Optimize caching and use of DB connections when Organisations are enabled
Closes #33353

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
Michal Hajas
c682536dae Avoid duplicates when storing organization ids
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-09-30 13:25:46 -03:00
Michal Hajas
0becdaa2a9 Do not store RealmModel in CachedOrganizationIds
Closes #33331
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-09-30 13:25:46 -03:00
Alexander Schwartz
5bb23eb0fc
Optimize update of user attributes (#32907)
Closes #32906
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-25 16:39:42 +02:00
Stefan Guilhen
6424708695 Ensure organization id is preserved on export/import
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.

Closes #33207

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-25 16:07:44 +02:00
Christian Janker
21f90145ac Send UserRemovedEvent containing all user attributes
Invalidate CachedUserModel before UserRemovedEvent

closes #32194

Signed-off-by: Christian Janker <christian.janker@gmx.at>
2024-09-20 16:22:08 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin (#32918)
Closes #32573

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-18 09:05:57 +02:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Martin Kanis
ccb166d0e9 Add caching when querying brokers by organization
Closes #32574

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-09-09 09:24:43 -03:00
Alexander Schwartz
d9dfe74e8b
Set idle time the same as for the internal cache, but extend it for refreshes
Closes #32100

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-09-09 10:47:56 +02:00
Alexander Schwartz
9454c01d88
Fix parsing of broker user ID if it contains a dot (#32699)
Closes #32698

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-06 14:09:44 +02:00
Stefan Guilhen
557d7e87b2 Avoid iterating through all mappers when running the config event listeners
Closes #32233

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 07:40:58 -03:00
Pedro Ruivo
ba861fc5d7 Remove version() projection from Ickle Queries
Closes #32590

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-03 18:07:32 +02:00
Pedro Ruivo
29c8060bda Trigger mass re-index of the sessions caches when the entity changes
Closes #32594

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-03 15:48:14 +02:00
Pedro Igor
4b5b1a4c25 Unignore backchannel logout tests
Closes #20643

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-02 08:34:21 +02:00
Pedro Ruivo
378db25016
Skip creating sessions cache when Persistent Sessions is enabled
Re-order the configuration steps to avoid redundant warnings

Closes #32416

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-27 16:21:08 +00:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-26 15:10:09 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel (#32251)
* Decouple Identity provider mappers from RealmModel

Closes #31731

Signed-off-by: vramik <vramik@redhat.com>
2024-08-22 12:05:19 -03:00
Alexander Schwartz
a7964a588b Avoid n+1 SQL selects to load sessions
Closes #32273

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-22 12:51:43 +02:00
vramik
14494fb148 Ensure organization aware IdentityProviderModel is used in the infinispan IDPProvider
Closes #32108

Signed-off-by: vramik <vramik@redhat.com>
2024-08-22 07:22:18 -03:00
yelhouti
e8840df0e0
Fix: admin GUI not working with 1000s of realms
Search by RealmName is done before loading all realms when filtering

Closes #31956

Signed-off-by: Youssef El Houti <youssef.elhouti@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-21 14:58:36 +02:00
Stefan Guilhen
585d179fe0 Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs.
Closes #32238

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-21 07:49:01 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:27:22 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code.
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Michal Hajas
6a9245546e Set clientId if it is not set in the entity
Closes #32195

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-16 14:27:18 +02:00
Alexander Schwartz
88904c0a01
Call JPA code in blocking thread (#32154)
Closes #32153

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-16 10:17:30 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-15 10:55:36 -03:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-15 09:12:57 -03:00
Pedro Ruivo
e13c9bf462 Retry remote cache operations with back off
Implement a retry mechanism for remote cache writes.

Fixes #32030

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-13 15:55:59 +02:00
vramik
4d7f25535c IDP storage provider Infinispan implementation
Closes #31251

Signed-off-by: vramik <vramik@redhat.com>
2024-08-13 08:36:15 -03:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-12 20:35:50 +02:00