libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
25823 commits 4 branches 5 tags 480 MiB
Commit graph

2428 commits

Author SHA1 Message Date
Stefan Guilhen
fa7c2b5da6 Address review comments 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
6e7b36e82f Add migration tests for the IDP changes 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Alexander Schwartz
74fec50ac5
Load client sessions in chunks from the database (#32185) 
Closes #32180

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-16 15:00:57 +00:00
Michal Hajas
6a9245546e Set clientId if it is not set in the entity 
Closes #32195

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-16 14:27:18 +02:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18 
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-16 12:17:43 +02:00
Alexander Schwartz
88904c0a01
Call JPA code in blocking thread (#32154) 
Closes #32153

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-16 10:17:30 +02:00
Alexander Schwartz
49d2efbfb2
Specify version column name in a case-sensitive manner (#32169) 
Closes #32127

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-16 10:12:33 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource 
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-15 09:12:57 -03:00
Pedro Ruivo
e13c9bf462 Retry remote cache operations with back off 
Implement a retry mechanism for remote cache writes.

Fixes #32030

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-13 15:55:59 +02:00
vramik
4d7f25535c IDP storage provider Infinispan implementation 
Closes #31251

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-13 08:36:15 -03:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions 
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-12 20:35:50 +02:00
Alexander Schwartz
07a168cb14 Deleted authentication sessions should not be re-surrected with an update 
Closes #31829

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-09 07:26:05 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Michal Hajas
6847af0068 Remove InfinispanMultiSiteLoadBalancerCheckProviderFactory.java 
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 07:58:12 -03:00
Pedro Ruivo
1e9f6bbb8c Non clustered Keycloak with External Infinispan feature 
Disables JGroups (clustering) when remote-cache feature is enabled

Fixes #31876

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-05 17:04:36 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature 
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-01 16:16:19 +02:00
Alexander Schwartz
00bfc2c34f
Adding an index for the revoked tokens table to speed up the cleanup (#31790) 
Closes #31725

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-01 11:12:53 +02:00
Ryan Emerson
8d7e18ec29 Clear local caches on split-brain heal 
Closes #25837

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-07-31 13:59:06 +02:00
Pedro Ruivo
17e30e9ec1 Persist revoke tokens with remote cache feature 
Stores the revoked tokens into the database and preloads them during
startup.

Fixes #31760

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-31 11:02:38 +02:00
Alexander Schwartz
11b19bc272
For persistent sessions, don't remove user session if there is no session in the remote store (#31756) 
Closes #31115

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-30 17:57:09 +02:00
Pedro Ruivo
e62604b1ec ConditionalRemover interface for External Infinispan feature 
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries

On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.

Fixes #31046

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-30 15:16:17 +02:00
Martin Kanis
d91d6d18d5 Can not update organization group error when trying to create organisation from REST API 
Closes #31144

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-07-29 17:39:56 +02:00
Alexander Schwartz
00d8e06f79
Optimize CPU cycles for persistent sessions (#31702) 
Closes #31701

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-29 16:34:13 +02:00
Stefan Guilhen
f45529de8c Deprecate IDP related methods in RealmModel 
- delegate to the new provider

Closes #31253

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Stefan Guilhen
c16e88bcee Make the IDPProvider via session.identityProviders() 
Closes #31252

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Stefan Guilhen
4c5f54ce0b Add JPA implementation for the IDPProvider 
Closes #31250

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Alexander Schwartz
557cf1e60e Add a tombstone operation to optimize multiple deletes 
Closes #31699

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-29 13:23:06 +02:00
Alexander Schwartz
6d404b86c9 Trigger clearing the user cache when the duplicate email allowed flag changes 
Closes #31045

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-29 10:37:42 +02:00
Pedro Igor
04bd6653ec Invalidating domain cache and introducing cache for more query methods 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations 
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Ryan Emerson
69a8509f6c Remove outdated test code from model/infinispan module 
Closes #31661

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-07-26 17:14:49 +02:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens 
Closes #31296

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-26 11:46:14 +02:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Pedro Igor
6ce89670b5 Flaky test: org.keycloak.testsuite.model.user.UserModelTest#testAddRemoveUserConcurrent 
Closes #30236

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-24 22:40:32 +02:00
Alexander Schwartz
65d4b74758 Filter out null values when looking up entries by ID 
This should prevent null elements in the stream when doing concurrent operations.

Closes #28865

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-23 09:22:41 +02:00
Pedro Igor
de1de06354 Avoid adding organization flows if they are already exist 
Closes #31182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-17 08:28:00 +02:00
Giuseppe Graziano
1df60461a9 Avoid race condition when using initial-access-token 
Closes #27294

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-12 16:33:02 +02:00
rmartinc
ce195b81f8 Improve consent deletion when a realm is removed 
Closes #30992

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-10 09:44:42 +02:00
Alexander Schwartz
d70f78072e
Make persistent sessions co-exist with remote cache feature (#30859) 
Closes #30855

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-09 09:03:36 +02:00
Alexander Schwartz
9c1cbec987 Removing ths resource as it hasn't been referenced since at least Keycloak 18 
Closes #31049

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-08 12:03:28 -03:00
Ryan Emerson
bf26d3364c Allow null Protostream fields 
Closes #30761

Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-07-04 14:53:54 +02:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module 
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-02 16:02:35 +00:00
Pedro Igor
cc2ccc87b0 Filtering organization groups when managing or processing groups 
Closes #30589

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-28 10:27:18 -03:00
Pedro Ruivo
829e12b857 Incorrect order when instantiate ClientRemovedEvent 
* Fix incorrect order in ClientRemovedEvent constructor
* Do not send an event if the events list is empty

Closes #30840

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-28 09:51:02 +02:00
Pascal Knüppel
c4ebd0cd0c
Add event for ClientScope created (#30715) 
closes #30795 

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-06-27 19:05:29 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
rmartinc
592c2250fc Add briefRepresentation query parameter to getUsersInRole endpoint 
Closes #29480

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-21 11:21:02 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates 
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-06-20 14:36:14 -03:00