Pedro Igor
1e3837421e
Organization member onboarding using the organization identity provider
...
Closes #28273
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-17 07:24:01 -03:00
Alexander Schwartz
13af4f44f5
Defer updates of last session updates and batch them ( #28502 )
...
Defer updates of last session refreshes and batch them
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-17 09:25:05 +02:00
Martin Kanis
f764a9cb4a
NPE when listing sessions in UI if associated user is gone
...
Closes #28801
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-16 11:53:36 -03:00
Pedro Ruivo
2494ad6950
Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory
...
Closes #28752
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-16 10:51:57 +02:00
Stefan Guilhen
2ab8bf852d
Add validation for the organization's internet domains.
...
Closes #28634
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-15 09:03:52 -03:00
Alexander Schwartz
004f419fd0
Leave a tombstone after the deletion of a cache entry
...
This captures the scenario of multiple deletion calls in the current session.
Closes #28672
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 17:00:19 +02:00
Pedro Igor
61b1eec504
Prevent members with an email other than the domain set to an organization
...
Closes #28644
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions ( #28319 )
...
Persistent sessions code also for offline sessions
Closes #28318
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289
Escape slashes in full group path representation but disabled by default
...
Closes #23900
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Douglas Palmer
69ba92808d
DefaultBruteForceProtector leverages a single thread to write success/failed events
...
Closes #14084
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-12 09:53:40 +02:00
Pedro Igor
8f8094408e
Encapsulate the logic to set attributes into the domain model
...
Closes #28646
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-11 15:32:21 -03:00
ali_dandach
eb77220cca
Fix string comparison for action
...
Closes #28628
Signed-off-by: ali dandach <alidandach1995@gmail.com>
2024-04-11 17:59:57 +02:00
tqe1999
6e0fc8a774
fix integer overflow with explicit cast
...
Closes #28564
Signed-off-by: tqe1999 <tqe1999@gmail.com>
2024-04-11 10:58:44 +02:00
Stefan Guilhen
9a466f90ab
Add ability to set one or more internet domain to an organization.
...
Closed #28274
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-10 13:18:12 -03:00
vramik
00ce3e34bd
Manage a single identity provider for an organization
...
Closes #28272
Signed-off-by: vramik <vramik@redhat.com>
2024-04-10 09:47:51 -03:00
Martin Kanis
51fa054ba7
Manage organization attributes
...
Closes #28253
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-10 09:10:49 -03:00
Michal Hajas
1bb5e14134
Use ReentrantLock instead of synchronized to avoid thread pinning
...
+ since the runSerialized mechanism is currently on the best effort basis it is possible there are concurrent executions if T1 obtained a lock T2 removed the lock and T3 created a new lock before T1 called putIfAbsent therefore I added a debug log detecting this situation
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-04-09 14:55:21 +02:00
Alexander Schwartz
355901dfd8
Add a back-off period when replacing cache entries fails
...
Closes #28388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Alexander Schwartz
63e7523a6d
Avoid unnecessary updates to the sessions during refreshes of tokens
...
Closes #28388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Alexander Schwartz
dc18bd4efb
Avoid conflicts when writing to session stores by checking for concurrent requests within the JVM
...
Closes #28388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Stijn Last
e9498079e0
LDAP: Show error message when groups synchronization fails
...
closes : #28436
Signed-off-by: Stijn Last <stijn.last@barco.com>
2024-04-09 09:10:19 -03:00
vibrown
3fffc5182e
Added ClientType implementation from Marek's prototype
...
Signed-off-by: vibrown <vibrown@redhat.com>
More updates
Signed-off-by: vibrown <vibrown@redhat.com>
Added client type logic from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Garth
16770ffad8
updated organization table name to not conflict. fixes #28246
...
Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
2024-04-03 17:57:26 -03:00
Pedro Igor
fefeb83588
Changes the contract to make it simpler and rely on the realm available from the current session
...
Closes #28403
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 14:45:31 +02:00
Giuseppe Graziano
fe06df67c2
New default client scope for 'basic' claims with 'auth_time' protocol mapper
...
Closes #27623
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database ( #27977 )
...
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.
Closes #27976
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-03-28 09:17:07 +01:00
vramik
fa1571f231
Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member
...
Closes #27993
Signed-off-by: vramik <vramik@redhat.com>
2024-03-26 14:02:09 -03:00
rmartinc
220564c7ba
ORA-01450 error for index IDX_CLIENT_ATT_BY_NAME_VALUE in oracle when MAX_STRING_SIZE is EXTENDED
...
Closes #27967
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-22 08:48:01 -03:00
Steven Hawkins
35b9d8aa49
task: remove usage of resteasy-core-spi ( #27387 )
...
closes : #27242
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 15:28:34 +01:00
synth3
99478887a4
Remove custom Hibernate dialect detection
...
Closes #27954
Signed-off-by: synth3 <19573241+synth3@users.noreply.github.com>
2024-03-21 14:27:19 +01:00
Pedro Igor
32541f19a3
Allow managing members for an organization
...
Closes #27934
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-21 10:26:30 -03:00
Sebastian Schuster
0542554984
12671 querying by user attribute no longer forces case insensitivity for keys
...
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-03-21 08:35:29 -03:00
Konstantinos Georgilakis
4bca804d5a
Correct unique constraints for UserConsent entity
...
Closes #13045
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-03-19 22:16:42 +01:00
Alexander Schwartz
62d24216e3
Remove offline session preloading
...
Closes #27602
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5
The bare minimum implementation for organization
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
2024-03-15 11:06:43 -03:00
Stefan Guilhen
0e717f735e
Add realm to session context when exporting to prevent NPE when vault is enabled. ( #27911 )
...
Closes #22617
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-03-15 12:24:22 +01:00
Stefan Guilhen
970a78fe7a
Set correct version for the federated user terms and conditions migration
...
Closes #27228
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-03-13 18:03:41 -03:00
PetkoNosal
3989cb5e90
Fix missing log argument in MigrateTo24_0_0
...
Closes #27779
Signed-off-by: Nosal, Peter (pn1895) <pn1895@att.com>
Co-authored-by: Nosal, Peter (pn1895) <pn1895@att.com>
2024-03-13 16:36:27 +00:00
Pedro Igor
9ad447390a
Only remove attributes with empty values when updating user profile
...
Closes #27797
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-13 15:03:08 +01:00
Alexander Schwartz
f168b8cce9
Avoid invalidating the cache if removing an entry doesn't exist
...
Closes #27852
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 13:36:07 +01:00
Stefan Guilhen
1099f03fe6
Add migration for terms and conditions required action in FED_USER_REQUIRED_ACTION table
...
Closes #27228
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-03-13 08:43:11 -03:00
Pedro Igor
1e48cce3ae
Make sure empty configuration resolves to the system default configuration
...
Closes #27611
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-11 09:01:38 -03:00
Alexander Schwartz
050acf0d94
Map Storage Removal: Remove deprecated model/legacy module ( #27601 )
...
Closes #26657
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-08 15:17:24 +00:00
Steve Hawkins
4091baf4c2
fix: accounting for the possibility of null flows from existing realms
...
closes : #23980
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-08 14:25:23 +01:00
rmartinc
ea4155bbcd
Remove recursively when deleting an authentication executor
...
Closes #24795
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 14:43:23 +01:00
vramik
4fc7e3d607
Map Store Removal: Remove unnecessary check in Jpa Connection Provider
...
Closes #26406
Signed-off-by: vramik <vramik@redhat.com>
2024-03-04 14:00:54 +01:00
vramik
7adcc98c6c
Map Store Removal: Remove obsolete KeycloakModelUtils.isRealmProviderJpa method
...
Closes #27445
Signed-off-by: vramik <vramik@redhat.com>
2024-03-04 12:22:04 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core ( #27032 )
...
* fix: partial removal of resteasy-core
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: fully removing resteasy-core
closes : #26315
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-29 11:43:13 +00:00
Pedro Igor
326d63ce74
Make sure group searches are cached and entries invalidate accordingly
...
Closes #26983
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-29 05:06:36 +09:00
Vlasta Ramik
ade3b31a91
Introduce new CLI config options for Infinispan remote store
...
Closes #25676
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 15:49:19 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
...
Closes #25823
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
rmartinc
2bd9f09e29
Re-index CLIENT_ATTRIBUTES using name and value
...
Closes #26618
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-28 11:07:03 +01:00
Alexander Schwartz
ee3a4a6e4f
Set expiry and maxidle when loading entries from the remote store ( #26942 )
...
Closes #26941
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-27 17:56:17 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
Michal Hajas
f7f7f1bd10
Add caching for subGroupsCount
...
Closes #25731
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-15 19:46:04 +09:00
rmartinc
4ff4c3f897
Increase internal algorithm security using HS512 and 128 byte hmac keys
...
Closes #13080
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
Alexander Schwartz
c7b51fc7f0
Use the appropriate database dialect to add quotes to the schema name ( #26964 )
...
Closes #25961
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-13 13:09:55 +01:00
Stefan Guilhen
2161e72872
Add migration for the useTruststoreSpi config property in LDAP user storage provider
...
- legacy `ldapsOnly` value now migrated to `always`.
Closes #25912
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-12 11:53:19 +01:00
Thomas Darimont
93fc6a6c54
Shorter lifespan for offline session cache entries in memory
...
Closes #26810
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
Douglas Palmer
66f0d2ff1d
blah
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-07 15:55:06 -03:00
Douglas Palmer
d9d41b1a09
Brute Force Detection is disabled when updating frontenUrl via admin client
...
Closes #21409
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-07 15:55:06 -03:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long ( #26729 ) ( #26737 )
...
Resolves #26597 , resolves #26665
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:29:34 +01:00
Stefan Guilhen
fbeba83b87
Upgrade liquibase to version 4.25.1
...
Closes #26570
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-05 19:07:25 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces ( #26708 )
...
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
Thomas Darimont
277af021d7
Improve ScheduledTask task-name handling
...
This PR introduces a String getTaskName() default method to
the ScheduledTask interface and adjusts call sites to use the
implementation derived task name where possible.
Previously, ScheduledTask names were passed around separately, which
lead to unhelpful debug messages.
We now give ScheduledTask implementations control over their task-name
which allows for more flexible naming.
Enlist call StoreSyncEvent.fire(...) to after transaction to ensure realm is present in database.
Ensure that Realm is already committed before updating sync via UserStorageSyncManager
Align Sync task name generation for cancellation to support SyncFederationTest
Only log a message if sync task was actually canceled.
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-02-02 09:57:03 -03:00
mposolda
cdc5d8fff8
Migrating Realm JSON with declarative user profile fails when scope selectors present on any attributes
...
closes #26266
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-01 09:54:09 +01:00
Martin Kanis
a3fcacdab7
Map Store Removal: deprecate model legacy module
...
Closes #26598
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-31 17:40:45 +01:00
Václav Muzikář
4096a2657e
Supported option to specify site name for multi-site deployments
...
Closes #26460
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-31 11:52:19 +00:00
Lex Cao
cf3f05a259
Skip grant role if exists for federated storage ( #26508 )
...
Closes #26507
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-26 17:08:47 +00:00
Martin Kanis
7797f778d1
Map Store Removal: Rename legacy modules
...
Closes #24107
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes ( #26273 )
...
Closes #24105
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading ( #26160 )
...
Closes #25300
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Alexander Schwartz
a8eca6add0
Changing to the Infinispan BOM to avoid mis-aligned Infinispan dependencies ( #26137 )
...
Closes #22922
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
2024-01-15 09:20:47 +01:00
mposolda
692aeee17d
Enable user profile by default
...
closes #25151
Signed-off-by: mposolda <mposolda@gmail.com>
2024-01-11 12:48:44 -03:00
Réda Housni Alaoui
98230aa372
Add federated identity ProviderEvent(s)
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-10 11:56:38 -03:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. ( #25709 )
...
Closes #22082
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
atharva kshirsagar
d7542c9344
Fix for empty realm name issue
...
Throw ModelException if name is empty when creating/updating a realm
Closes #17449
Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-05 14:23:42 +01:00
Réda Housni Alaoui
5287500703
@NoCache is not considered anymore
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-02 09:06:55 -03:00
Pedro Igor
810ebf4efd
Migration steps for enabling user profile by default
...
Closes #25528
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-19 10:19:45 -03:00
Alexander Schwartz
9e4fc3f491
Keep workaround permanently for concurrent shutdowns of embedded Infinispan
...
Closes #9871
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-15 10:58:22 +01:00
Alexander Schwartz
e01827693a
Avoid shutdown of Infinispan when using cache
...
Closes #24508
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 15:46:37 +01:00
Alexander Schwartz
a8cff72ed0
Avoid logged warning about objects not present in the cache for tasks ( #25324 )
...
Closes #25322
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-08 13:10:14 +01:00
Alexander Schwartz
5b1b3ca11b
Allow concurrent remote cache operations ( #25390 )
...
Closes #25388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-08 10:07:25 +01:00
Pedro Igor
ab1173182c
Make sure realm is available from session when migrating to 23
...
Closes #25183
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 07:42:54 -03:00
Alexander Schwartz
e4be3ed244
Prevent client cache stampede after invalidation of a client or on startup ( #25217 )
...
Closes #24202
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-05 16:01:37 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi ( #25206 )
...
Closes #24103
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-12-01 16:40:56 +00:00
vramik
587cef7de4
Delete Profile.Feature.MAP_STORAGE
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24102
2023-11-30 13:04:39 +01:00
rmartinc
16afecd6b4
Allow automatic download of SAML certificates in the identity provider
...
Closes https://github.com/keycloak/keycloak/issues/24424
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled
...
Closes #25077
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-29 11:06:41 +00:00
Pedro Igor
2c611cb8fc
User profile configuration scoped to user-federation provider
...
closes #23878
Co-Authored-By: mposolda <mposolda@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings
...
Closes #23404
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2023-11-22 14:10:11 +01:00
Alexander Schwartz
a45934a762
Disable cache store and load only if a remote store is used
...
Closes #10803
Closes #24766
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: daviddelannoy <16318239+daviddelannoy@users.noreply.github.com>
2023-11-20 18:50:02 +01:00
Douglas Palmer
f9665acc29
KeycloakErrorHandler NullPointerException String.toLowerCase() because message is null
...
Closes #22958
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-16 18:06:33 +01:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients ( #21058 )
...
closes #21010
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2023-11-13 19:13:01 +01:00
vramik
926be135e8
Remove map related modules
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24100
2023-11-13 12:34:52 +01:00
Alexander Schwartz
26e2fde115
Avoid reseting cachemanger to null to avoid a re-initialization ( #24086 )
...
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.
Closes #24085
2023-11-08 11:33:44 -05:00
vramik
6fa26d7ff4
Delete map dependencies from dependency management
...
Closes #24101
2023-11-08 13:53:17 +01:00
vramik
593c14cd26
Data too long for column 'DETAILS_JSON'
...
Closes #17258
2023-11-02 20:29:35 +01:00
rokkiter
e1735138cb
clean util * ( #24174 )
...
Signed-off-by: rokkiter <yongen.pan@daocloud.io>
2023-11-01 17:14:11 +01:00
ashwingroot
dee1cec290
fix to preload offline sessions faster
...
slow loading offline tokens during start up leads to connection timeout
closes #24295
2023-10-30 12:58:06 +01:00
Alice
69497382d8
Group scalability upgrades ( #22700 )
...
closes #22372
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Hynek Mlnarik
c036980c37
Add TRANSIENT_USERS feature flag
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
26328a7c1e
Support for transient sessions via lightweight users
...
Part-of: Add support for not importing brokered user into Keycloak database
Closes : #11334
2023-10-25 12:02:35 +02:00
Hynek Mlnarik
35a226f928
Expose InMemoryUserAdapter to services and model modules
...
Part-of: Add support for not importing brokered user into Keycloak database
Closes : #11334
2023-10-25 12:02:35 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration ( #24215 )
...
closes #24182
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-10-24 20:19:33 +02:00
Martin Kanis
10a2c96c72
Users in role Rest API returns empty when User federation used ( #23318 )
...
* Users in role Rest API returns empty when User federation used
Co-authored-by: Shankar Yadav <ET1024@neeyamoworks.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-24 11:10:20 -04:00
rmartinc
ad01ed1497
Do not reset the user profile configuration on disable
...
Closes https://github.com/keycloak/keycloak/issues/23527
2023-10-24 03:05:34 -07:00
Håvar Nøvik
bc55846809
Fixes a NullPointerException after import validation ( #20151 )
...
* Fixes a NullPointerException after import validation
If the import validation (when getting a user by email)
returns null, indicating that the user entity should be
removed from local storage, an email equality check results
in a NullPointerException.
This commit fixes this issue by explicitly checking for null.
Closes #20150
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-23 17:19:25 -04:00
vramik
a0f04fa2be
Declarative User Profile export
...
Closes #12062
Resolves #20885
2023-10-21 19:21:20 +02:00
JesseEstum
71777df3d9
Prevent stampede after realm cache invalidation
...
Closes #22988
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-10-21 18:47:13 +02:00
Marek Posolda
829b7090fa
Avoid breaking change in UserSessionModel ( #24134 )
...
closes #24096
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-20 18:06:07 +02:00
mposolda
04777299b0
After tab1 finish authentication, make sure that rootAuthenticationSession is expired shortly
...
closes #23880
2023-10-19 19:23:50 +02:00
Vlasta Ramik
f6d582c761
Import migration step for kc22
...
Closes #24031
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-10-19 09:00:49 +02:00
shigeyuki kabano
6112b25648
Enhancing Light Weight Token( #22148 )
...
Closes #21183
2023-10-17 13:12:36 +02:00
Alice Wood
5a76ddfc2e
Remove realm model storage from OAuth2DeviceConfig class to avoid persisting old session and entity manager in infinispan fixes keycloak/keycloak#23943
2023-10-16 16:18:31 +02:00
Lex Cao
eedc4ceb18
Fix unexpected expiration when import offline client session
...
Closes #23397
2023-10-13 15:45:07 +02:00
Charley Wu
31759f9c37
WebAuthn support for native applications. Support custom FIDO2 origin validation ( #23156 )
...
Closes #23155
2023-10-13 15:25:10 +02:00
Steve Hawkins
7c6f173d3a
adds the ability to set the default groups via kcadm
...
Closes #19125
2023-10-06 17:30:24 +02:00
Martin Kanis
0853d484ec
Remove transaction in InfinispanSingleUseObjectProvider#remove ( #23708 )
...
Co-authored-by: mposolda <mposolda@gmail.com>
2023-10-06 10:00:04 +02:00
vramik
7f2f4aae67
Upgrade liquibase version to avoid a bug where a changeset is executed twice
...
Closes #23220
2023-10-05 13:35:05 +02:00
Michal Hajas
496c5ad989
Use new findGroupByPath implementation and remove the old one
...
Closes #23344
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-09-25 10:44:24 +02:00
mkrueger92
498be3d928
Reuse already fixed code to fetch offline user ( #22429 )
...
The problem is again the wrap(...) function.
In case the user is not found, then null is
returned. This can happen when a federated user
is deleted on the federation side but Keycloak
is not informed about it. In that case, the
session is still present but no UserModel can
be created.
Without this patch the stream contains null
values. Some downstream users can not cope well
with that.
The adjustment of the function getUserSessionsCount(...)
is slightly more expensive in execution, but
returns the correct number.
Closes #22428
Co-authored-by: Martin Krüger <mkrueger@mkru.de>
2023-09-21 20:19:09 +00:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted ( #8430 )
...
Closes #14820
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-09-20 17:20:43 +02:00
Pedro Igor
217a09ce46
Switch to Resteasy Reactive
...
Closes #10713
2023-09-18 09:19:03 -03:00
Alexander Schwartz
798846df6f
Remove legacy code which isn't used anymore and was deprecated for some time ( #23264 )
...
Closes #23263
2023-09-18 11:04:02 +02:00
Jacek Kowalski
f5182deb30
Fix valid redirect URIs for built-in account-console client on realm rename ( #20894 )
...
Closes #9541
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-09-13 15:28:07 +02:00
vramik
dc9970f578
Introduce a workaround for liquibase bug to allow use database schema with a dash in its name
...
Closes #20870
2023-09-12 17:21:43 +02:00
Peter Skopek
ef272f7668
SAML Adapter fix for EAP8 and WF29
...
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-09-07 13:32:25 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal ( #22531 )
...
closes #22352 #9422
2023-08-29 11:21:01 +00:00
Alexander Schwartz
dfc8c80264
Upgrade to Infinispan 14.0.14 ( #22386 )
...
Closes #21092
2023-08-16 14:43:03 +02:00
Razvan Petrescu
6db0bc5428
KEYCLOAK-21868 ( #22373 )
...
Add the realm Id as a param to named query getGoupIdsByParent in order to use (or make better use of) the SIBLING_NAMES index on KEYCLOAK_GROUP table.
Closes #21868
2023-08-10 22:26:02 +00:00
Todor Staykovski
dffa7a31cb
Add subgroups sorting ( #22295 )
...
* Review comments to add a test, update the API description and adjust the map storage.
Closes #19348
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-07 21:18:09 +02:00
Alexander Schwartz
5f95929092
Prevent concurrent session cleanup on different instances in the cluster ( #22199 )
...
Closes #22198
2023-08-07 14:58:41 +02:00
Thomas Darimont
82269f789a
Avoid using deprecated junit APIs in tests
...
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat
Fixes : #22111
2023-08-01 11:44:25 +02:00
mposolda
6f6b5e8e84
Fix authenticatorConfig for javascript providers
...
Closes #20005
2023-07-31 19:28:25 +02:00
Alexander Schwartz
cf911075af
Re-adding Infinispan workarounds to prevent deadlocks ( #22058 )
...
Relates to #9871
Closes #22057
2023-07-31 10:37:28 +02:00
Vlasta Ramik
29b67fc8df
Inconsistent Wildcard handling for JPA ( #21671 )
...
* Inconsistent Wildcard handling for JPA
Closes #20610
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-07-27 17:03:22 +02:00
Alexander Schwartz
23f3a1a872
Prevent EntityNotFoundException when ID doesn't exist in the DB ( #21867 )
...
This makes the behavior consistent with the other store implementations.
Closes #21866
2023-07-25 13:43:38 +02:00
Alexander Schwartz
bd0f87fc4d
Remove Infinispan workarounds introduced to prevent deadlocks ( #21862 )
...
This should no longer be necessary after the upgrade to Infinispan 14.0.13.Final and ISPN-13666 being resolved.
Closes #9871
2023-07-24 09:50:32 +02:00
ali_dandach
ef19e08814
Fix String comparisona ( #21752 )
...
Closes #21773
2023-07-21 10:37:24 +02:00
todor
897965f604
KEYCLOAK-20343 Add message bundle to export/import
...
Closes #20343
2023-07-20 23:00:28 +02:00
vramik
2f5a96351d
Introduce re-try mechanism when deserializing during import for map store
...
Closes #21824
2023-07-20 18:01:50 +02:00
William Burns
de04684dd0
Do not cache a session that is already expired in listener ( #21684 )
...
Fixes part of #20983
2023-07-18 12:04:04 +02:00
Alexander Schwartz
9b3effb4b8
Prevent cache stampede on realms
...
Closes #21521
2023-07-15 09:03:53 +02:00
Patrick Jennings
399a23bd56
Find an appropriate key based on the given KID and JWA ( #21160 )
...
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.
Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.
* Update js/apps/admin-ui/public/locales/en/clients.json
Co-authored-by: Marek Posolda <mposolda@gmail.com>
* Updating boolean variable name based on suggestions by Marek.
* Adding integration test specifically for the JWT parameters for regression #20847 .
---------
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-07-10 13:28:55 +02:00
Pedro Igor
bde57ca839
Ignoring artifacts when running re-aug to isolate the current and new stores
...
Closes #20974
2023-07-05 07:56:49 -03:00
Stijn Last
91e543f415
Improve error messages when testing LDAP connection ( #21013 )
...
Closes #15434
2023-07-01 19:45:49 +02:00
Hynek Mlnarik
c092c76ae8
Remove ldapsOnly (Java)
...
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.
Closes : #9313
2023-06-28 08:30:09 +02:00