rmartinc
f7044ba5c2
Use SessionExpirationUtils for validate user and client sessions
...
Check client session is valid in TokenManager
Closes #24936
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Stefan Guilhen
1aab371912
Fix errors when importing realms with the organization feature enabled
...
Closes #29630
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-17 07:25:31 -03:00
Stefan Guilhen
553b1ce695
Ensure org domain removal from the IDP is properly propagated to the DB
...
Closes #29599
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-16 10:43:50 -03:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages ( #29326 )
...
Update resource file and tests accordingly
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2024-05-16 09:55:41 +02:00
Stefan Guilhen
c4760b8188
Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org.
...
Closes #29481
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-14 15:39:18 -03:00
Martin Kanis
3985157f9f
Make sure operations on a organization are based on realm they belong to
...
Closes #28841
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-14 10:47:39 -03:00
Pedro Igor
b4d231fd40
Fixing realm removal when removing groups and brokers associated with an organization
...
Closes #29495
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 14:29:27 +02:00
Alexander Schwartz
673e122443
Avoid sorting items returned from the database which are already stable
...
Closes #29319
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-13 16:15:38 +02:00
Alexander Schwartz
6cc8d653f3
Make SessionWrapper related fields immutable that are part of the equals method
...
The cache replace logic depends on it, as values returned by reference from a local cache must never be modified on those critical fields directly.
Closes #28906
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-13 09:59:50 +02:00
Pedro Igor
b50d481b10
Make sure organization groups can not be managed but when managing an organization
...
Closes #29431
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-10 21:28:11 -03:00
Stefan Guilhen
3186b6db8e
Fix realm removal when orgs are enabled
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 17:23:08 -03:00
Stefan Guilhen
ceed7bc120
Add ability to search organizations by attribute
...
Closes #29411
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:45:41 -03:00
Alexander Schwartz
eaeffe95ac
Avoid conflicts when writing to session stores by checking for concurrent requests within the JVM ( #29393 )
...
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-05-09 08:24:43 +00:00
Pedro Ruivo
cbce548e71
Infinispan 15.0.3.Final
...
Closes #29068
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-08 17:18:39 +02:00
Martin Kanis
d4b7e1a7d9
Prevent to manage groups associated with organizations from different APIs
...
Closes #28734
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-07 11:16:40 -03:00
Stefan Guilhen
aa945d5636
Add description field to OrganizationEntity
...
Closes #29356
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 10:35:51 -03:00
Pedro Igor
c0325c9fdb
Do not manage brokers through the Organization API
...
Closes #29268
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 09:15:25 -03:00
Alice W
584e92aaba
Add support for organizational invites to new and existing users based on tokens
...
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc ( #28971 )
...
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d
Add enabled field to OrganizationEntity
...
Closes #28891
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-06 14:46:56 -03:00
Pedro Ruivo
4c6f3ce35d
Remove unused code from model/infinispan module
...
Closes #29137
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-06 18:53:23 +02:00
Pedro Ruivo
fe5bed6191
Retry fetching event from remote cache
...
Closes #28303
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-06 17:27:07 +02:00
Michal Hajas
128bba34d3
Remove PERSISTENT_USER_SESSIONS_No_CACHE feature
...
Closes #29264
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-05-06 08:53:39 +02:00
Michal Hajas
8b715d3a31
Do not use LastSessionRefreshPersister with persistent user sessions enabled
...
Closes #29144
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-05-06 08:49:48 +02:00
Pedro Igor
32d25f43d0
Support for mutiple identity providers
...
Closes #28840
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-04 16:19:27 +02:00
Pedro Ruivo
82a959fa78
Remove WildFly Clustering Marshaller
...
Closes #29135
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-03 12:31:47 +02:00
Alexander Schwartz
05b6f897ce
Execute persistent sessions tests in CI and fix deadlock ( #29236 )
...
* Execute persistent sessions tests in CI and fix deadlock in UserSessionConcurrencyTest
The deadlock was caused by a switch to reactive handling of embedded Infinispan updates introduced here #28862
Closes #29235
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-03 10:42:34 +02:00
Michal Hajas
e93b7d4f3a
Use computeIfPresent also for Persistent sessions
...
Follow-up-on #29073
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-05-02 16:43:54 +00:00
Stefan Guilhen
45e5e6cbbf
Introduce filtered (and paginated) search for organization members
...
Closes #28844
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-02 11:25:43 -03:00
Michal Hajas
4c17c6107e
Merge offline and online sessions transactions
...
Closes #29139
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 18:03:17 +02:00
Michal Hajas
7c427e8d38
Remove offline sessions timeouts adjusters as with persistent session we have bounded caches and it is no longer necessary to adjust time in caches
...
Closes #29140
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 18:03:17 +02:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions
...
All writes for the sessions are handled by a background thread which batches them.
Closes #28862
Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile
Closes #29141
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 14:07:35 +02:00
Pedro Igor
51352622aa
Allow adding realm users as an organization member
...
Closes #29023
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-29 08:37:47 -03:00
Pedro Ruivo
17a700b6b9
Use cache.compute() method to improve the replace retry loop
...
Closes #29073
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-29 12:24:33 +02:00
Stefan Guilhen
bfabc291cc
28843 - Introduce filtered (and paginated) searches for organizations
...
Closes #28843
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-25 12:38:20 -03:00
vramik
c56f062416
Typo in Organization table
...
Closes #29054
Signed-off-by: vramik <vramik@redhat.com>
2024-04-24 11:23:44 -03:00
vramik
d65649d5c0
Make sure organization are only manageable by the admin users with the manage-realm role
...
Closes #28733
Signed-off-by: vramik <vramik@redhat.com>
2024-04-23 12:16:57 -03:00
Tero Saarni
64862d568e
Convert database errors to 500 instead of 400.
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-04-22 11:42:18 -03:00
Stefan Guilhen
f1532565b6
Don't use no-arg version of GroupModel.getSubGroupsStream() when fetching the subgroups from the GroupResource endpoint.
...
- prevents pre-loading all groups; instead use the stream from the JPA adapter to load subgroups one by one and then filter based on the user permissions.
Closes #28935
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:27:29 -03:00
Stefan Guilhen
8ca4bc77a1
Improve the performance of the queries used to find granted resources
...
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time
Closes #28861
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:26:06 -03:00
Pedro Ruivo
3de5357091
CLI options to disable encryption and authentication to external Infinispan
...
Closes #28750
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070
Remove deprecated EnvironmentDependentProviderFactory.isSupported method
...
Closes #26280
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
mposolda
c427e65354
Secondary factor bypass in step-up authentication
...
closes #34
Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
2024-04-19 14:43:53 +02:00
Joerg Matysiak
76a5a27082
Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it
...
Don't mask secrets at realm export
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130
Make sure admin events are not referencing sensitive data from their representation
...
Closes #21562
Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
2024-04-18 18:26:47 -03:00
Pedro Igor
1e3837421e
Organization member onboarding using the organization identity provider
...
Closes #28273
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Alexander Schwartz
13af4f44f5
Defer updates of last session updates and batch them ( #28502 )
...
Defer updates of last session refreshes and batch them
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-17 09:25:05 +02:00
Martin Kanis
f764a9cb4a
NPE when listing sessions in UI if associated user is gone
...
Closes #28801
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-16 11:53:36 -03:00
Pedro Ruivo
2494ad6950
Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory
...
Closes #28752
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-16 10:51:57 +02:00
Stefan Guilhen
2ab8bf852d
Add validation for the organization's internet domains.
...
Closes #28634
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Alexander Schwartz
004f419fd0
Leave a tombstone after the deletion of a cache entry
...
This captures the scenario of multiple deletion calls in the current session.
Closes #28672
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 17:00:19 +02:00
Pedro Igor
61b1eec504
Prevent members with an email other than the domain set to an organization
...
Closes #28644
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions ( #28319 )
...
Persistent sessions code also for offline sessions
Closes #28318
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289
Escape slashes in full group path representation but disabled by default
...
Closes #23900
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Douglas Palmer
69ba92808d
DefaultBruteForceProtector leverages a single thread to write success/failed events
...
Closes #14084
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-12 09:53:40 +02:00
Pedro Igor
8f8094408e
Encapsulate the logic to set attributes into the domain model
...
Closes #28646
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-11 15:32:21 -03:00
ali_dandach
eb77220cca
Fix string comparison for action
...
Closes #28628
Signed-off-by: ali dandach <alidandach1995@gmail.com>
2024-04-11 17:59:57 +02:00
tqe1999
6e0fc8a774
fix integer overflow with explicit cast
...
Closes #28564
Signed-off-by: tqe1999 <tqe1999@gmail.com>
2024-04-11 10:58:44 +02:00
Stefan Guilhen
9a466f90ab
Add ability to set one or more internet domain to an organization.
...
Closed #28274
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00
vramik
00ce3e34bd
Manage a single identity provider for an organization
...
Closes #28272
Signed-off-by: vramik <vramik@redhat.com>
2024-04-10 09:47:51 -03:00
Martin Kanis
51fa054ba7
Manage organization attributes
...
Closes #28253
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-10 09:10:49 -03:00
Michal Hajas
1bb5e14134
Use ReentrantLock instead of synchronized to avoid thread pinning
...
+ since the runSerialized mechanism is currently on the best effort basis it is possible there are concurrent executions if T1 obtained a lock T2 removed the lock and T3 created a new lock before T1 called putIfAbsent therefore I added a debug log detecting this situation
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-04-09 14:55:21 +02:00
Alexander Schwartz
355901dfd8
Add a back-off period when replacing cache entries fails
...
Closes #28388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Alexander Schwartz
63e7523a6d
Avoid unnecessary updates to the sessions during refreshes of tokens
...
Closes #28388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Alexander Schwartz
dc18bd4efb
Avoid conflicts when writing to session stores by checking for concurrent requests within the JVM
...
Closes #28388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Stijn Last
e9498079e0
LDAP: Show error message when groups synchronization fails
...
closes : #28436
Signed-off-by: Stijn Last <stijn.last@barco.com>
2024-04-09 09:10:19 -03:00
vibrown
3fffc5182e
Added ClientType implementation from Marek's prototype
...
Signed-off-by: vibrown <vibrown@redhat.com>
More updates
Signed-off-by: vibrown <vibrown@redhat.com>
Added client type logic from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Garth
16770ffad8
updated organization table name to not conflict. fixes #28246
...
Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
2024-04-03 17:57:26 -03:00
Pedro Igor
fefeb83588
Changes the contract to make it simpler and rely on the realm available from the current session
...
Closes #28403
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 14:45:31 +02:00
Giuseppe Graziano
fe06df67c2
New default client scope for 'basic' claims with 'auth_time' protocol mapper
...
Closes #27623
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database ( #27977 )
...
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.
Closes #27976
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-03-28 09:17:07 +01:00
vramik
fa1571f231
Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member
...
Closes #27993
Signed-off-by: vramik <vramik@redhat.com>
2024-03-26 14:02:09 -03:00
rmartinc
220564c7ba
ORA-01450 error for index IDX_CLIENT_ATT_BY_NAME_VALUE in oracle when MAX_STRING_SIZE is EXTENDED
...
Closes #27967
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-22 08:48:01 -03:00
Steven Hawkins
35b9d8aa49
task: remove usage of resteasy-core-spi ( #27387 )
...
closes : #27242
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 15:28:34 +01:00
synth3
99478887a4
Remove custom Hibernate dialect detection
...
Closes #27954
Signed-off-by: synth3 <19573241+synth3@users.noreply.github.com>
2024-03-21 14:27:19 +01:00
Pedro Igor
32541f19a3
Allow managing members for an organization
...
Closes #27934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-21 10:26:30 -03:00
Sebastian Schuster
0542554984
12671 querying by user attribute no longer forces case insensitivity for keys
...
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-03-21 08:35:29 -03:00
Konstantinos Georgilakis
4bca804d5a
Correct unique constraints for UserConsent entity
...
Closes #13045
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-03-19 22:16:42 +01:00
Alexander Schwartz
62d24216e3
Remove offline session preloading
...
Closes #27602
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5
The bare minimum implementation for organization
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
2024-03-15 11:06:43 -03:00
Stefan Guilhen
0e717f735e
Add realm to session context when exporting to prevent NPE when vault is enabled. ( #27911 )
...
Closes #22617
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-03-15 12:24:22 +01:00
Stefan Guilhen
970a78fe7a
Set correct version for the federated user terms and conditions migration
...
Closes #27228
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-03-13 18:03:41 -03:00
PetkoNosal
3989cb5e90
Fix missing log argument in MigrateTo24_0_0
...
Closes #27779
Signed-off-by: Nosal, Peter (pn1895) <pn1895@att.com>
Co-authored-by: Nosal, Peter (pn1895) <pn1895@att.com>
2024-03-13 16:36:27 +00:00
Pedro Igor
9ad447390a
Only remove attributes with empty values when updating user profile
...
Closes #27797
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-13 15:03:08 +01:00
Alexander Schwartz
f168b8cce9
Avoid invalidating the cache if removing an entry doesn't exist
...
Closes #27852
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 13:36:07 +01:00
Stefan Guilhen
1099f03fe6
Add migration for terms and conditions required action in FED_USER_REQUIRED_ACTION table
...
Closes #27228
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-03-13 08:43:11 -03:00
Pedro Igor
1e48cce3ae
Make sure empty configuration resolves to the system default configuration
...
Closes #27611
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-11 09:01:38 -03:00
Alexander Schwartz
050acf0d94
Map Storage Removal: Remove deprecated model/legacy module ( #27601 )
...
Closes #26657
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-08 15:17:24 +00:00
Steve Hawkins
4091baf4c2
fix: accounting for the possibility of null flows from existing realms
...
closes : #23980
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-08 14:25:23 +01:00
rmartinc
ea4155bbcd
Remove recursively when deleting an authentication executor
...
Closes #24795
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 14:43:23 +01:00
vramik
4fc7e3d607
Map Store Removal: Remove unnecessary check in Jpa Connection Provider
...
Closes #26406
Signed-off-by: vramik <vramik@redhat.com>
2024-03-04 14:00:54 +01:00
vramik
7adcc98c6c
Map Store Removal: Remove obsolete KeycloakModelUtils.isRealmProviderJpa method
...
Closes #27445
Signed-off-by: vramik <vramik@redhat.com>
2024-03-04 12:22:04 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core ( #27032 )
...
* fix: partial removal of resteasy-core
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: fully removing resteasy-core
closes : #26315
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-29 11:43:13 +00:00
Pedro Igor
326d63ce74
Make sure group searches are cached and entries invalidate accordingly
...
Closes #26983
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-29 05:06:36 +09:00
Vlasta Ramik
ade3b31a91
Introduce new CLI config options for Infinispan remote store
...
Closes #25676
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 15:49:19 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
...
Closes #25823
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
rmartinc
2bd9f09e29
Re-index CLIENT_ATTRIBUTES using name and value
...
Closes #26618
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-28 11:07:03 +01:00
Alexander Schwartz
ee3a4a6e4f
Set expiry and maxidle when loading entries from the remote store ( #26942 )
...
Closes #26941
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-27 17:56:17 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
Michal Hajas
f7f7f1bd10
Add caching for subGroupsCount
...
Closes #25731
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-15 19:46:04 +09:00
rmartinc
4ff4c3f897
Increase internal algorithm security using HS512 and 128 byte hmac keys
...
Closes #13080
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
Alexander Schwartz
c7b51fc7f0
Use the appropriate database dialect to add quotes to the schema name ( #26964 )
...
Closes #25961
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-13 13:09:55 +01:00
Stefan Guilhen
2161e72872
Add migration for the useTruststoreSpi config property in LDAP user storage provider
...
- legacy `ldapsOnly` value now migrated to `always`.
Closes #25912
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-12 11:53:19 +01:00
Thomas Darimont
93fc6a6c54
Shorter lifespan for offline session cache entries in memory
...
Closes #26810
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
Douglas Palmer
66f0d2ff1d
blah
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-07 15:55:06 -03:00
Douglas Palmer
d9d41b1a09
Brute Force Detection is disabled when updating frontenUrl via admin client
...
Closes #21409
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-07 15:55:06 -03:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long ( #26729 ) ( #26737 )
...
Resolves #26597 , resolves #26665
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:29:34 +01:00
Stefan Guilhen
fbeba83b87
Upgrade liquibase to version 4.25.1
...
Closes #26570
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-05 19:07:25 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces ( #26708 )
...
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
Thomas Darimont
277af021d7
Improve ScheduledTask task-name handling
...
This PR introduces a String getTaskName() default method to
the ScheduledTask interface and adjusts call sites to use the
implementation derived task name where possible.
Previously, ScheduledTask names were passed around separately, which
lead to unhelpful debug messages.
We now give ScheduledTask implementations control over their task-name
which allows for more flexible naming.
Enlist call StoreSyncEvent.fire(...) to after transaction to ensure realm is present in database.
Ensure that Realm is already committed before updating sync via UserStorageSyncManager
Align Sync task name generation for cancellation to support SyncFederationTest
Only log a message if sync task was actually canceled.
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-02-02 09:57:03 -03:00
mposolda
cdc5d8fff8
Migrating Realm JSON with declarative user profile fails when scope selectors present on any attributes
...
closes #26266
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-01 09:54:09 +01:00
Martin Kanis
a3fcacdab7
Map Store Removal: deprecate model legacy module
...
Closes #26598
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-31 17:40:45 +01:00
Václav Muzikář
4096a2657e
Supported option to specify site name for multi-site deployments
...
Closes #26460
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-31 11:52:19 +00:00
Lex Cao
cf3f05a259
Skip grant role if exists for federated storage ( #26508 )
...
Closes #26507
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-26 17:08:47 +00:00
Martin Kanis
7797f778d1
Map Store Removal: Rename legacy modules
...
Closes #24107
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes ( #26273 )
...
Closes #24105
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading ( #26160 )
...
Closes #25300
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Alexander Schwartz
a8eca6add0
Changing to the Infinispan BOM to avoid mis-aligned Infinispan dependencies ( #26137 )
...
Closes #22922
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
2024-01-15 09:20:47 +01:00
mposolda
692aeee17d
Enable user profile by default
...
closes #25151
Signed-off-by: mposolda <mposolda@gmail.com>
2024-01-11 12:48:44 -03:00
Réda Housni Alaoui
98230aa372
Add federated identity ProviderEvent(s)
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-10 11:56:38 -03:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. ( #25709 )
...
Closes #22082
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
atharva kshirsagar
d7542c9344
Fix for empty realm name issue
...
Throw ModelException if name is empty when creating/updating a realm
Closes #17449
Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-05 14:23:42 +01:00
Réda Housni Alaoui
5287500703
@NoCache is not considered anymore
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-02 09:06:55 -03:00
Pedro Igor
810ebf4efd
Migration steps for enabling user profile by default
...
Closes #25528
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-19 10:19:45 -03:00
Alexander Schwartz
9e4fc3f491
Keep workaround permanently for concurrent shutdowns of embedded Infinispan
...
Closes #9871
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-15 10:58:22 +01:00
Alexander Schwartz
e01827693a
Avoid shutdown of Infinispan when using cache
...
Closes #24508
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 15:46:37 +01:00
Alexander Schwartz
a8cff72ed0
Avoid logged warning about objects not present in the cache for tasks ( #25324 )
...
Closes #25322
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-08 13:10:14 +01:00
Alexander Schwartz
5b1b3ca11b
Allow concurrent remote cache operations ( #25390 )
...
Closes #25388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-08 10:07:25 +01:00
Pedro Igor
ab1173182c
Make sure realm is available from session when migrating to 23
...
Closes #25183
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 07:42:54 -03:00
Alexander Schwartz
e4be3ed244
Prevent client cache stampede after invalidation of a client or on startup ( #25217 )
...
Closes #24202
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-05 16:01:37 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi ( #25206 )
...
Closes #24103
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-12-01 16:40:56 +00:00
vramik
587cef7de4
Delete Profile.Feature.MAP_STORAGE
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24102
2023-11-30 13:04:39 +01:00
rmartinc
16afecd6b4
Allow automatic download of SAML certificates in the identity provider
...
Closes https://github.com/keycloak/keycloak/issues/24424
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled
...
Closes #25077
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-29 11:06:41 +00:00
Pedro Igor
2c611cb8fc
User profile configuration scoped to user-federation provider
...
closes #23878
Co-Authored-By: mposolda <mposolda@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings
...
Closes #23404
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2023-11-22 14:10:11 +01:00
Alexander Schwartz
a45934a762
Disable cache store and load only if a remote store is used
...
Closes #10803
Closes #24766
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: daviddelannoy <16318239+daviddelannoy@users.noreply.github.com>
2023-11-20 18:50:02 +01:00
Douglas Palmer
f9665acc29
KeycloakErrorHandler NullPointerException String.toLowerCase() because message is null
...
Closes #22958
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-16 18:06:33 +01:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients ( #21058 )
...
closes #21010
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2023-11-13 19:13:01 +01:00
vramik
926be135e8
Remove map related modules
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24100
2023-11-13 12:34:52 +01:00
Alexander Schwartz
26e2fde115
Avoid reseting cachemanger to null to avoid a re-initialization ( #24086 )
...
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.
Closes #24085
2023-11-08 11:33:44 -05:00
vramik
6fa26d7ff4
Delete map dependencies from dependency management
...
Closes #24101
2023-11-08 13:53:17 +01:00
vramik
593c14cd26
Data too long for column 'DETAILS_JSON'
...
Closes #17258
2023-11-02 20:29:35 +01:00
rokkiter
e1735138cb
clean util * ( #24174 )
...
Signed-off-by: rokkiter <yongen.pan@daocloud.io>
2023-11-01 17:14:11 +01:00
ashwingroot
dee1cec290
fix to preload offline sessions faster
...
slow loading offline tokens during start up leads to connection timeout
closes #24295
2023-10-30 12:58:06 +01:00
Alice
69497382d8
Group scalability upgrades ( #22700 )
...
closes #22372
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Hynek Mlnarik
c036980c37
Add TRANSIENT_USERS feature flag
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
26328a7c1e
Support for transient sessions via lightweight users
...
Part-of: Add support for not importing brokered user into Keycloak database
Closes : #11334
2023-10-25 12:02:35 +02:00