Thomas Darimont
3315ea718a
Add ability to enable OID4VCI Verifiable Credentials per realm ( #34524 )
...
- Added new realm property verifiableCredentialsEnabled
- Updated RealmRepresentation
- Guarded route to Oid4VCI page
- Add boolean switch to Realm settings page to control Verifiable Credentials enablement
- We now only show the Verifiable Credentials page in the nave if the "Verifiable Credentials" realm setting is enabled.
Fixes #34524
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-11-04 14:58:30 +01:00
Pedro Ruivo
84f4bd8af1
Client Scope updates are not replicated between Keycloak nodes
...
Fixes #33731
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-25 11:22:15 +02:00
Martin Kanis
4f3ced9560
ConcurrentModificationException when restarting user sessions
...
Closes #34093
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-24 21:26:50 +02:00
Pedro Ruivo
f507caae6c
Deleting a user leads to ISPN marshalling exception
...
Fixes #34224
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-23 11:53:25 +02:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol
...
Closes #29399
- Add ProviderFactory#dependsOn to allow dependencies between
ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-22 20:19:19 +00:00
Gilvan Filho
c4005d29f0
add linear strategy to brute force
...
closes #25917
Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
2024-10-22 10:33:22 -03:00
Pedro Hos
91026d6713
NPE when Default Role is not present on CachedRealm
...
closes : #33817
Signed-off-by: Pedro Hos <pedro-hos@outlook.com>
2024-10-15 09:23:18 +02:00
Pedro Igor
f4f3a7de4a
The event should also support user invalidation events
...
Closes #33777
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-10 11:41:50 -03:00
Pedro Ruivo
464fc90519
Fail to start if work cache is not replicated
...
Keycloak will now fail to start if the work cache is replicated.
Listeners require the data to be local.
Closes #33702
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-09 19:40:24 +00:00
Pedro Igor
13111daceb
Move organization membership cache entries to the user cache
...
Closes #33412
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-03 10:31:26 -03:00
vramik
c1653448f3
[Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link
...
Closes #33201
Signed-off-by: vramik <vramik@redhat.com>
2024-10-02 07:37:48 -03:00
Pedro Igor
ef48a3a360
Avoid running org related code if there are no orgs in a realm
...
Closes #33424
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-02 09:39:25 +02:00
Stefan Guilhen
9b7cf9d584
Ensure componentsByParentAndType in CachedRealm is returned as a concurrent multi-valued map
...
Closes #30235
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-01 17:39:00 -03:00
Pedro Igor
3887ee3006
Do not store RealmModel in cache entries
...
Closes #33439
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-01 17:37:46 +02:00
Alexander Schwartz
8769fed585
Fixing bug in condition
...
Closes #33353
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
Pedro Igor
4bd29e257b
Fixing tests
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-30 18:35:45 -03:00
Pedro Igor
c558bbe118
Fixing tests
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-30 18:35:45 -03:00
Alexander Schwartz
fd1f3c52d3
Further optimizations
...
Closes #33353
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
Alexander Schwartz
5c503a55e9
Optimize caching and use of DB connections when Organisations are enabled
...
Closes #33353
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
Michal Hajas
c682536dae
Avoid duplicates when storing organization ids
...
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-09-30 13:25:46 -03:00
Michal Hajas
0becdaa2a9
Do not store RealmModel in CachedOrganizationIds
...
Closes #33331
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-09-30 13:25:46 -03:00
Alexander Schwartz
5bb23eb0fc
Optimize update of user attributes ( #32907 )
...
Closes #32906
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-25 16:39:42 +02:00
Stefan Guilhen
6424708695
Ensure organization id is preserved on export/import
...
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.
Closes #33207
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-25 16:07:44 +02:00
Christian Janker
21f90145ac
Send UserRemovedEvent containing all user attributes
...
Invalidate CachedUserModel before UserRemovedEvent
closes #32194
Signed-off-by: Christian Janker <christian.janker@gmx.at>
2024-09-20 16:22:08 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin ( #32918 )
...
Closes #32573
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-18 09:05:57 +02:00
Pedro Ruivo
f67bec0417
Rename remote-cache Feature
...
Renamed to "clusterless"
Closes #32596
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Martin Kanis
ccb166d0e9
Add caching when querying brokers by organization
...
Closes #32574
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-09-09 09:24:43 -03:00
Alexander Schwartz
d9dfe74e8b
Set idle time the same as for the internal cache, but extend it for refreshes
...
Closes #32100
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-09-09 10:47:56 +02:00
Alexander Schwartz
9454c01d88
Fix parsing of broker user ID if it contains a dot ( #32699 )
...
Closes #32698
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-06 14:09:44 +02:00
Stefan Guilhen
557d7e87b2
Avoid iterating through all mappers when running the config event listeners
...
Closes #32233
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-04 07:40:58 -03:00
Pedro Ruivo
ba861fc5d7
Remove version() projection from Ickle Queries
...
Closes #32590
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-03 18:07:32 +02:00
Pedro Ruivo
29c8060bda
Trigger mass re-index of the sessions caches when the entity changes
...
Closes #32594
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-03 15:48:14 +02:00
Pedro Igor
4b5b1a4c25
Unignore backchannel logout tests
...
Closes #20643
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-02 08:34:21 +02:00
Pedro Ruivo
378db25016
Skip creating sessions cache when Persistent Sessions is enabled
...
Re-order the configuration steps to avoid redundant warnings
Closes #32416
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-27 16:21:08 +00:00
Stefan Guilhen
88cca10472
Rename IDPSpi to IdentityProviderStorageSpi
...
Closes #31639
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-26 15:10:09 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel ( #32251 )
...
* Decouple Identity provider mappers from RealmModel
Closes #31731
Signed-off-by: vramik <vramik@redhat.com>
2024-08-22 12:05:19 -03:00
Alexander Schwartz
a7964a588b
Avoid n+1 SQL selects to load sessions
...
Closes #32273
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-22 12:51:43 +02:00
vramik
14494fb148
Ensure organization aware IdentityProviderModel is used in the infinispan IDPProvider
...
Closes #32108
Signed-off-by: vramik <vramik@redhat.com>
2024-08-22 07:22:18 -03:00
yelhouti
e8840df0e0
Fix: admin GUI not working with 1000s of realms
...
Search by RealmName is done before loading all realms when filtering
Closes #31956
Signed-off-by: Youssef El Houti <youssef.elhouti@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-21 14:58:36 +02:00
Stefan Guilhen
585d179fe0
Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs.
...
Closes #32238
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-21 07:49:01 -03:00
Pedro Igor
eeae50fb43
Make sure federationLink always map to the storage provider associated with federated users
...
Closes #31670
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-20 11:27:22 +02:00
Stefan Guilhen
fa7c2b5da6
Address review comments
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65
Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code.
...
Closes #32090
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-19 09:06:35 -03:00
Michal Hajas
6a9245546e
Set clientId if it is not set in the entity
...
Closes #32195
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-16 14:27:18 +02:00
Alexander Schwartz
88904c0a01
Call JPA code in blocking thread ( #32154 )
...
Closes #32153
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-16 10:17:30 +02:00
Stefan Guilhen
aeb1951aba
Replace calls to deprecated RealmModel IDP methods
...
- use the new provider instead
Closes #31254
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-15 10:55:36 -03:00
Martin Kanis
708a6898db
Add a count method to the OrganizationMembersResource
...
Closes #31388
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-15 09:12:57 -03:00
Pedro Ruivo
e13c9bf462
Retry remote cache operations with back off
...
Implement a retry mechanism for remote cache writes.
Fixes #32030
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-13 15:55:59 +02:00
vramik
4d7f25535c
IDP storage provider Infinispan implementation
...
Closes #31251
Signed-off-by: vramik <vramik@redhat.com>
2024-08-13 08:36:15 -03:00
Pedro Ruivo
07c92c85cb
Drop AuthenticatedClientSessionStore from user sessions
...
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.
Closes #30934
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-12 20:35:50 +02:00