Stefan Guilhen
aeb1951aba
Replace calls to deprecated RealmModel IDP methods
...
- use the new provider instead
Closes #31254
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-08-15 10:55:36 -03:00
Martin Kanis
708a6898db
Add a count method to the OrganizationMembersResource
...
Closes #31388
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-08-15 09:12:57 -03:00
Pedro Ruivo
e13c9bf462
Retry remote cache operations with back off
...
Implement a retry mechanism for remote cache writes.
Fixes #32030
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-13 15:55:59 +02:00
vramik
4d7f25535c
IDP storage provider Infinispan implementation
...
Closes #31251
Signed-off-by: vramik <vramik@redhat.com>
2024-08-13 08:36:15 -03:00
Pedro Ruivo
07c92c85cb
Drop AuthenticatedClientSessionStore from user sessions
...
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.
Closes #30934
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-12 20:35:50 +02:00
Alexander Schwartz
07a168cb14
Deleted authentication sessions should not be re-surrected with an update
...
Closes #31829
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-09 07:26:05 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
...
Closes #31807
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Michal Hajas
6847af0068
Remove InfinispanMultiSiteLoadBalancerCheckProviderFactory.java
...
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 07:58:12 -03:00
Pedro Ruivo
1e9f6bbb8c
Non clustered Keycloak with External Infinispan feature
...
Disables JGroups (clustering) when remote-cache feature is enabled
Fixes #31876
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-05 17:04:36 +02:00
Pedro Ruivo
fed804160b
Enable ProtoStream encoding for External Infinispan feature
...
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.
Fixes #30931
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-01 16:16:19 +02:00
Alexander Schwartz
00bfc2c34f
Adding an index for the revoked tokens table to speed up the cleanup ( #31790 )
...
Closes #31725
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-01 11:12:53 +02:00
Ryan Emerson
8d7e18ec29
Clear local caches on split-brain heal
...
Closes #25837
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-31 13:59:06 +02:00
Pedro Ruivo
17e30e9ec1
Persist revoke tokens with remote cache feature
...
Stores the revoked tokens into the database and preloads them during
startup.
Fixes #31760
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-07-31 11:02:38 +02:00
Alexander Schwartz
11b19bc272
For persistent sessions, don't remove user session if there is no session in the remote store ( #31756 )
...
Closes #31115
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-30 17:57:09 +02:00
Pedro Ruivo
e62604b1ec
ConditionalRemover interface for External Infinispan feature
...
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries
On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.
Fixes #31046
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-07-30 15:16:17 +02:00
Martin Kanis
d91d6d18d5
Can not update organization group error when trying to create organisation from REST API
...
Closes #31144
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-29 17:39:56 +02:00
Alexander Schwartz
00d8e06f79
Optimize CPU cycles for persistent sessions ( #31702 )
...
Closes #31701
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 16:34:13 +02:00
Stefan Guilhen
f45529de8c
Deprecate IDP related methods in RealmModel
...
- delegate to the new provider
Closes #31253
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Stefan Guilhen
c16e88bcee
Make the IDPProvider via session.identityProviders()
...
Closes #31252
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Stefan Guilhen
4c5f54ce0b
Add JPA implementation for the IDPProvider
...
Closes #31250
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Alexander Schwartz
557cf1e60e
Add a tombstone operation to optimize multiple deletes
...
Closes #31699
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 13:23:06 +02:00
Alexander Schwartz
6d404b86c9
Trigger clearing the user cache when the duplicate email allowed flag changes
...
Closes #31045
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 10:37:42 +02:00
Pedro Igor
04bd6653ec
Invalidating domain cache and introducing cache for more query methods
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a
Allow members joining multiple organizations
...
Closes #30747
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Ryan Emerson
69a8509f6c
Remove outdated test code from model/infinispan module
...
Closes #31661
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-26 17:14:49 +02:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens
...
Closes #31296
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-26 11:46:14 +02:00
vramik
649b35929e
Make sure users created through a registration link are managed members
...
Closes #30743
Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
Pedro Igor
6ce89670b5
Flaky test: org.keycloak.testsuite.model.user.UserModelTest#testAddRemoveUserConcurrent
...
Closes #30236
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-24 22:40:32 +02:00
Alexander Schwartz
65d4b74758
Filter out null values when looking up entries by ID
...
This should prevent null elements in the stream when doing concurrent operations.
Closes #28865
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-23 09:22:41 +02:00
Pedro Igor
de1de06354
Avoid adding organization flows if they are already exist
...
Closes #31182
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-17 08:28:00 +02:00
Giuseppe Graziano
1df60461a9
Avoid race condition when using initial-access-token
...
Closes #27294
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-12 16:33:02 +02:00
rmartinc
ce195b81f8
Improve consent deletion when a realm is removed
...
Closes #30992
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-10 09:44:42 +02:00
Alexander Schwartz
d70f78072e
Make persistent sessions co-exist with remote cache feature ( #30859 )
...
Closes #30855
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-09 09:03:36 +02:00
Alexander Schwartz
9c1cbec987
Removing ths resource as it hasn't been referenced since at least Keycloak 18
...
Closes #31049
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-08 12:03:28 -03:00
Ryan Emerson
bf26d3364c
Allow null Protostream fields
...
Closes #30761
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-04 14:53:54 +02:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module
...
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction
Fixes #22209
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-02 16:02:35 +00:00
Pedro Igor
cc2ccc87b0
Filtering organization groups when managing or processing groups
...
Closes #30589
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-28 10:27:18 -03:00
Pedro Ruivo
829e12b857
Incorrect order when instantiate ClientRemovedEvent
...
* Fix incorrect order in ClientRemovedEvent constructor
* Do not send an event if the events list is empty
Closes #30840
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-28 09:51:02 +02:00
Pascal Knüppel
c4ebd0cd0c
Add event for ClientScope created ( #30715 )
...
closes #30795
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
2024-06-27 19:05:29 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM ( #29927 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
rmartinc
592c2250fc
Add briefRepresentation query parameter to getUsersInRole endpoint
...
Closes #29480
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-21 11:21:02 +02:00
Pedro Igor
a0ad680346
Adding an alias to organization and exposing them to templates
...
Closes #30312
Closes #30313
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
Pedro Ruivo
5fc12480fd
External Infinispan as cache - Part 4 ( #30072 )
...
UserSessionProvider implementation to make use of Infinispan remote
cache.
Closes #28755
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559
External Infinispan as cache - Part 3
...
Implementation of UserLoginFailureProvider using remote caches only.
Closes #28754
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e
External Infinispan as cache - Part 2
...
Includes a new implementation for the providers:
* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory
Closes #28648
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2
External Infinispan as cache - Part 1
...
Part 1 includes
* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature
New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider
Closes #28140
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Martin Kanis
89f83e9788
Importing organizations failing if there is no broker and members in the representation
...
Closes #30305
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-06-19 08:46:04 -03:00
Stefan Guilhen
db846a792d
Set a time of 23:59:59:999 in JpaEventQuery.toDate so that events from that date are properly returned in searches
...
Closes #30414
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-06-18 13:14:28 -03:00
Nicola Beghin
5192275780
issue keycloak/keycloak#30300
...
Signed-off-by: Nicola Beghin <nicolabeghin@gmail.com>
2024-06-18 10:13:39 -03:00
Pedro Ruivo
67098f0469
Fix AuthenticatedClientSessionEntity protostream encoding
...
For String fields that may be null, convert an empty string to null when
reading from Protostream
Fixes #30511
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-17 22:51:22 +02:00