vramik
22bcdcb630
MapRoleProvider could return also client roles when searching for realm roles
...
Closes #9587
2022-01-19 16:39:59 +01:00
Konstantinos Georgilakis
db0b36460f
KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider
2022-01-15 20:15:27 +01:00
Stefan Guilhen
2fd1593abf
Set order of LiquibaseDBLockProviderFactory to 1
...
- makes it the default provider when no provider is explicitly configured
- avoid NPE at server startup when other providers are present and none is set as default
2022-01-13 08:30:25 +01:00
Dominik DS
93419a1797
KEYCLOAK-19289 check if values to set is not null ( #8426 )
...
Closes #9529
2022-01-12 09:22:01 +01:00
Michal Hajas
ab9413b48c
Store user nested entities in Set instead of Map
2022-01-10 15:57:45 +01:00
Michal Hajas
9849df3757
Convert MapUserEntity to interface
2022-01-10 15:57:45 +01:00
Alexander Schwartz
9b18688ce2
fixes #9427 regex pattern is now pre-compiled
2022-01-08 17:30:54 +01:00
Martin Kanis
9d5355b7ad
Upgrade Infinispan to 12.1.7.Final
2022-01-08 17:29:09 +01:00
Hynek Mlnařík
d39eb95705
Introduce per-field delegation of entities
2022-01-05 14:06:45 +01:00
vramik
dd3d7be2b4
Make JpaClientMapStorage generic
...
Closes #9244
2022-01-05 07:04:05 +01:00
andreaTP
4817e152e3
[ref: 8889] Annotation processor support for Java > 11
2022-01-04 21:26:07 +01:00
Stefan Guilhen
b12830ae4f
8947 - Add liquibase extension to handle JSON operations
2022-01-04 20:58:32 +01:00
Michal Hajas
96b2669a00
Refactoring of constructors for generated entities
2021-12-22 16:00:10 +01:00
vramik
009ca27a38
Make JsonbType generic
...
Closes #9165
2021-12-20 17:40:23 +01:00
keycloak-bot
9f3d4a7d42
Set version to 17.0.0-SNAPSHOT
2021-12-20 10:50:39 +01:00
vramik
44184ab0cb
MapRoleProvider uses ILIKE operator when EQ operator should be used
...
Closes #9130
2021-12-16 10:31:43 +01:00
vramik
b4d720d615
Fix DB Migration Script to 13.0.0
...
Closes #9138
2021-12-15 14:00:29 +01:00
vramik
c6312e3308
KEYCLOAK-18717 KEYCLOAK-18716 KEYCLOAK-18715 KEYCLOAK-18713 KEYCLOAK-18712 KEYCLOAK-18711 JPA clients no-downtime store
2021-12-15 13:32:49 +01:00
vramik
848b170a96
Use DeepCloner.Builder().constructorDC in cases when possible
...
Closes #9141
2021-12-15 10:28:08 +01:00
vramik
e61da278ba
When ternary conditional operator uses primitive type it could throw NPE in some cases
...
Closes #9137
2021-12-15 10:25:54 +01:00
Michal Hajas
5aa9a09b20
Closes #8969 - Add Groups HotRod storage
2021-12-13 18:12:19 +01:00
Hynek Mlnarik
8e03942e87
Enhance available tree operations
...
Fixes #9022
2021-12-13 18:05:45 +01:00
Hynek Mlnarik
3c7e5c8440
Create delegates and empty instances in DeepCloner
...
Fixes : #9030
2021-12-13 18:04:48 +01:00
Michal Hajas
fc237a8b63
Introduce ancestor interface for entities with attributes
2021-12-10 10:54:44 +01:00
Michal Hajas
7aaa33739b
KEYCLOAK-19570 Add annotation processing for HotRod clients
2021-12-08 10:00:00 +01:00
Hynek Mlnarik
3602873df2
Introduce model-entity util methods
...
Fixes : #9025
2021-12-07 16:51:56 +01:00
vramik
783eecf612
Closes #8808 - Convert MapRoleEntity to interface
2021-12-01 15:50:26 +01:00
Kashif Saadat
d9bf511406
KEYCLOAK-19052: Optimised (split) the clearExpiredEvents query to reduce execution time
2021-11-30 22:25:55 +01:00
Michal Hajas
a5c3b83443
Closes #8807 - Make MapGroupEntity generated
2021-11-30 21:44:18 +01:00
Michal Hajas
158640d1f3
Closes #8954 - move Hot Rod classes to hotRod package
2021-11-30 11:52:16 +01:00
vramik
1adce39e1d
8886 Add alwaysDisplayInConsole searchable client field
2021-11-24 13:15:17 +01:00
vramik
6b8890f5dd
KEYCLOAK-19525 Inconsistent creation of default-roles-<realm>
2021-11-23 21:30:12 +01:00
Martin Bartoš
1e1a6779be
Issue 8814: Replace deprecated hamcrest-all dependencies
2021-11-23 13:56:28 +01:00
Michal Hajas
4291caff3c
Fix Delegate bug
2021-11-16 19:47:59 +01:00
Michal Hajas
2f9a5aae0f
KEYCLOAK-19028 Add HotRod Map storage implementation
2021-11-11 14:10:00 +01:00
Alec Henninger
cec6a8a884
KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error
2021-11-08 11:37:51 +01:00
Hynek Mlnarik
58d403cf24
KEYCLOAK-19726 Fix return types of ModelCriteriaBuilder methods
2021-11-05 16:39:40 +01:00
vramik
439e2e4288
KEYCLOAK-19763 fix MapClientProvider.getClientByClientId
2021-11-04 11:48:07 +01:00
Martin Kanis
9c287aff1f
KEYCLOAK-19709 Remove MapStorage.createCriteriaBuilder
2021-11-03 20:05:29 +01:00
Hynek Mlnarik
6966e0cfe9
KEYCLOAK-19749 Optimize DefaultModelCriteria creation
2021-11-03 17:42:26 +01:00
Hynek Mlnarik
877ae96590
KEYCLOAK-18854 Introduce storage-independent ModelCriteriaBuilder
2021-10-29 19:21:45 +02:00
Martin Kanis
af97849feb
KEYCLOAK-19030 Implement HotRodConnectionProvider
2021-10-27 14:07:19 +02:00
Hynek Mlnarik
53f02a50f6
KEYCLOAK-19562 Introduce generic trees
2021-10-25 13:28:48 +02:00
Michal Hajas
cfbb7f5553
KEYCLOAK-19593 Remove CRUD operations from MapStorage interface
...
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2021-10-21 17:01:33 +02:00
Hynek Mlnarik
8ee992e638
KEYCLOAK-19482 Generate map entity cloners
2021-10-18 13:14:14 +02:00
Martin Kanis
d069ec7949
KEYCLOAK-18737 Show sessions functionality does not work consistently
...
Co-authored-by: Pavel Bezdienezhnykh
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2021-10-13 14:04:14 +02:00
vramik
dacf28af84
KEYCLOAK-19536 Removal of client creates new instance of provider for each client role
2021-10-13 13:05:18 +02:00
Hynek Mlnarik
675e1b0941
KEYCLOAK-19505 Generate map entity delegates
2021-10-12 14:04:21 +02:00
Bart Monhemius
5b0986e490
[KEYCLOAK-18891] Add support for searching users by custom user attributes
...
Users can now be searched by custom attributes using 'q' in the query parameters. The implementation is roughly the same as search clients by custom attributes.
2021-10-12 13:08:47 +02:00
Hynek Mlnarik
576292a662
KEYCLOAK-19480 Introduce MapProtocolMapperEntity
2021-10-11 14:05:32 +02:00
Michal Hajas
6e591305f9
KEYCLOAK-19481 Make Id and RealmId mutable fields
2021-10-08 20:18:58 +02:00
Hynek Mlnarik
3abf9283a8
KEYCLOAK-19374 Create implementation based on annotation processor
...
Use of boxed types as started in 009d4ca445
is finalized here
to enable storing data in a map. MapClientEntity methods are
reordered for the sake of grouping the collection-based
properties together and understanding the connections between those.
2021-10-07 10:54:25 +02:00
Martin Kanis
30b3caee9f
KEYCLOAK-18445 Add support for cross-site model tests
2021-10-06 14:37:06 +02:00
Michal Hajas
da0c945475
KEYCLOAK-18940 Add support for searching composite roles
2021-10-01 12:41:19 +02:00
Daniel Fesenmeyer
0a2f8f5b63
KEYCLOAK-17887 fix endpoint for creating or updating realm localization texts for a given locale (UnsupportedOperation was thrown because RealmAdapter tried to change unmodifiable map):
...
- fix RealmAdapter to create a new map instead of trying to change unmodifiable map
- only provide POST endpoints for creating or updating the texts (to have the endpoints consistent with other Admin API endpoints)
- add tests
2021-09-30 15:07:56 +02:00
stianst
f471a110cd
KEYCLOAK-19408 Better client secrets
2021-09-29 18:19:43 +02:00
Martin Kanis
d606da9065
KEYCLOAK-18981 Infinispan: prevent fetching all sessions from remotes
2021-09-29 14:53:07 +02:00
Sven-Torben Janus
7c0d10130e
KEYCLOAK-18981 Infinispan: prevent fetching all sessions from remotes
2021-09-24 17:34:01 +02:00
Pedro Igor
10e425315f
[KEYCLOAK-19274] - Avoid loading queries from properties at runtime for Dist.X
2021-09-24 09:26:43 +02:00
Daniel Fesenmeyer
339224578e
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
...
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Luca Graf
2c22ccbf97
KEYCLOAK-19286 Use client storage provider id to construct client StorageId, so that a valid 'external' client id will be generated.
2021-09-20 19:43:20 +02:00
Dominik
4090114398
KEYCLOAK-16246 Revert changes from workaround made in KEYCLOAK-16244 after upgrading to quarkus 2
...
Also fixed a small type in testclass.
This reverts commit 9b2f2015f7
.
2021-09-16 15:42:48 -03:00
rmartinc
47484c1aed
KEYCLOAK-18842: deleteExpiredClientSessions very slow on MariaDB
2021-09-10 08:25:33 +02:00
vramik
d216f8f748
KEYCLOAK-19104 Add custom ForeignKeySnapshotGenerator
2021-09-02 09:59:26 +02:00
Martin Kanis
6886bd6651
KEYCLOAK-18941 ExecutionException when computed future - InfinispanCacheInitializer
2021-08-05 18:28:27 +02:00
Hynek Mlnarik
2acb43a627
KEYCLOAK-18617 Fix index on client attributes
2021-08-05 15:35:55 +02:00
keycloak-bot
262ec3d031
Set version to 16.0.0-SNAPSHOT
2021-07-30 14:56:10 +02:00
Hynek Mlnarik
0cdce1340d
KEYCLOAK-18680 Always close result stream
2021-07-30 09:40:39 +02:00
Hynek Mlnarik
8889122dc1
KEYCLOAK-18845 Remove key type in map storage (simplify generics)
2021-07-23 17:04:20 +02:00
Hynek Mlnarik
07402d9aac
KEYCLOAK-18845 Remove key type in map storage (move StringKeyConvertor to CHM)
2021-07-23 17:04:20 +02:00
Hynek Mlnarik
44cd6cd5fb
KEYCLOAK-18824 Simplify MapStorageTransaction and move registerEntityForChanges to CHM transaction
2021-07-21 20:58:26 +02:00
Pedro Igor
d29d945cc4
[KEYCLOAK-18857] - Do not force default to RS256 when verifying tokens sent by clients and JWK does not hold an algorithm
2021-07-21 11:09:02 +02:00
Hynek Mlnarik
1f3650dcd9
KEYCLOAK-18815 Update MapKeycloakTransaction return types to match MapStorage
2021-07-20 21:48:27 +02:00
Hynek Mlnarik
009d4ca445
KEYCLOAK-18747 Turn MapClientEntity into interface + introduce delegates
...
Given that the Map*Entity is turned into an interface, it makes more sense
to use non-primitive types to allow for null values. This enables signalizing
that an entity does not define a particular value, and builds a base for definition
of instances with defaults: If a value is not present in the queried instance
(i.e. is `null`), the value would be obtained from a delegate containing
the defaults.
2021-07-17 15:45:46 +02:00
bal1imb
fbaeb18a5f
KEYCLOAK-18471 Added ID to admin event object.
2021-07-16 12:46:07 +02:00
mhajas
dc1c9b944f
KEYCLOAK-18370 Introduce QueryParameters
2021-07-15 13:25:31 +02:00
Daniel Fesenmeyer
a25c70784c
KEYCLOAK-18467 support unicode for realm localization texts
2021-07-15 10:30:42 +02:00
vramik
a8fdd79d1b
KEYCLOAK-17763 Inefficient call to ClientProvider.getClientsStream()
2021-07-12 11:51:15 +02:00
Hryhorii Hevorkian
2803685cd7
KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak
...
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-07-03 08:47:42 +02:00
Hynek Mlnarik
f15536a88c
KEYCLOAK-18635 Move classes specific to ConcurrentHashMap to chm package
2021-07-02 06:55:19 +02:00
vramik
4db2c3f570
KEYCLOAK-15572 make attributes multi-valued for map storage entities
2021-07-01 12:21:33 +02:00
vramik
2b9b50d50a
KEYCLOAK-18194 fix migration of default role when realm id contains apostrophe
2021-07-01 11:22:11 +02:00
Hynek Mlnarik
f0e777c592
KEYCLOAK-18414 Remove unnecessary id parameter from update operation
2021-07-01 11:18:53 +02:00
Hynek Mlnarik
0523dad4d5
KEYCLOAK-18414 Remove unnecessary id parameter from create operation
2021-07-01 11:18:53 +02:00
lbortoli
164f3df080
KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback.
2021-07-01 00:31:26 +02:00
Hynek Mlnarik
8a83ec83ac
KEYCLOAK-18589 map-storage profile for KeycloakServer
2021-06-30 20:47:17 +02:00
mhajas
b8565408ca
KEYCLOAK-17781 Make exists and notExists collection aware
2021-06-30 10:48:39 +02:00
Sebastian Rose
ca6b78b730
KEYCLOAK-18390 GroupProvider search implementation of JPA and Map delivers different results
2021-06-29 14:59:01 +02:00
Hynek Mlnarik
bfb134a6ce
KEYCLOAK-18091 Fail session loading when interrupted
2021-06-22 08:50:08 +02:00
keycloak-bot
13f7831a77
Set version to 15.0.0-SNAPSHOT
2021-06-18 10:42:27 +02:00
vramik
e3c76035b2
KEYCLOAK-18359 Default role migration is not performed correctly when empty realm id
2021-06-14 20:54:37 +02:00
Michal Hajas
d2a8a95d79
KEYCLOAK-18369 Create MapKeycloakTransaction interface
2021-06-14 08:31:59 +02:00
Václav Muzikář
9854f21ace
KEYCLOAK-18332 Client Scopes are reset to realm's default when Client is updated
2021-06-11 07:41:18 +02:00
mposolda
91865fa93e
KEYCLOAK-18368 Invalidate client session after refresh token re-use
2021-06-09 14:43:29 +02:00
vramik
95bf912dc9
KEYCLOAK-18035 Fix update client with default default scope assigned as optional
2021-06-07 16:22:55 +02:00
vramik
2bf727d408
KEYCLOAK-17753 remove KeycloakModelUtils.isClientScopeUsed method
2021-05-28 21:07:14 +02:00
Michal Hajas
4dcb69596b
KEYCLOAK-18146 Search for clients by client attribute when doing saml artifact resolution
2021-05-27 23:02:22 +02:00
Hynek Mlnarik
3d8f152787
KEYCLOAK-17747 KEYCLOAK-17754 Optimize getClients() calls
2021-05-27 22:12:56 +02:00
Martin Kanis
23aee6c210
KEYCLOAK-16616 Limit number of authSessios per rootAuthSession
2021-05-27 22:10:36 +02:00
Hynek Mlnarik
94f676cb95
KEYCLOAK-18286 Add index to client_attributes
2021-05-27 13:31:33 +02:00
Martin Kanis
1ab0d585a9
KEYCLOAK-11019 Initial support for lazy offline user-session loading
...
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Thomas Darimont <thomas.darimont@gmail.com>
2021-05-26 09:54:28 +02:00
Hynek Mlnarik
860fc4c06c
KEYCLOAK-17756 KEYCLOAK-17757 Optimize IdP-first lookup
2021-05-20 14:44:55 +02:00
Pedro Igor
a0f8d2bc0e
[KEYCLOAK-17399] - Review User Profile SPI
...
Co-Authored-By: Vlastimil Elias <vlastimil.elias@worldonline.cz>
2021-05-20 08:44:24 -03:00
vramik
1c283cdebc
KEYCLOAK-14301 OTP secrets migrated incorrectly
2021-05-20 13:19:27 +02:00
vramik
3913526934
KEYCLOAK-18031 Update to 13.0.0 fails due to liquibase error
2021-05-20 11:29:02 +02:00
mhajas
e609949264
KEYCLOAK-17267 Add index to user attribute name and value to support user sync from ldap
2021-05-19 13:38:11 +02:00
Hynek Mlnarik
c02a706a86
KEYCLOAK-17748 Optimize validation of redirect URIs in logout endpoint
...
Reimplementation of KEYCLOAK-17718
2021-05-18 20:31:21 +02:00
vramik
4d776cd780
KEYCLOAK-18137 Fix introduced SPI name
2021-05-18 20:30:21 +02:00
Václav Muzikář
62e6883524
KEYCLOAK-17084 KEYCLOAK-17434 Support querying clients by client attributes
2021-05-14 13:58:53 +02:00
Peter Flintholm
919899b994
KEYCLOAK-18039: Optimise offline session load on startup
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-05-13 16:26:26 +02:00
Hynek Mlnarik
8feefe94ac
KEYCLOAK-18074 Ignore server version for MySQL in ChangeLogHistoryService
2021-05-12 15:01:30 +02:00
Pedro Igor
6397671c88
[KEYCLOAK-17885] - Delete user-managed policies when removing groups
2021-05-10 16:33:23 -03:00
keycloak-bot
4b44f7d566
Set version to 14.0.0-SNAPSHOT
2021-05-06 14:55:01 +02:00
Hynek Mlnarik
98a88e3e8b
KEYCLOAK-17991 Introduce preview feature for map storage
2021-05-06 11:38:41 +02:00
Hynek Mlnarik
253dee077e
KEYCLOAK-17830 Fix realm Map*Entity to/fromModel
2021-05-06 11:38:41 +02:00
Hynek Mlnarik
93feae104b
KEYCLOAK-16127 Unify registerEntityForChanges
2021-05-06 11:38:41 +02:00
Hynek Mlnarik
6d97a573e6
KEYCLOAK-17696 Make MapStorageFactory amphibian
2021-05-06 11:38:41 +02:00
Hynek Mlnarik
e46a5484c5
KEYCLOAK-17695 Split MapStorage provider and provider factory
2021-05-06 11:38:41 +02:00
vramik
020dd530b9
KEYCLOAK-18009 Invalid role creation with oracle database
2021-05-06 09:01:42 +02:00
mposolda
20fc430be0
KEYCLOAK-17874 Server cannot be started with oracle19cRAC
2021-05-05 13:12:07 +02:00
vramik
0cecd0f33f
KEYCLOAK-17992 MSSQL not updatable
2021-05-05 13:12:07 +02:00
Hynek Mlnarik
96501760e0
KEYCLOAK-17501 Add support for map storage in WildFly
2021-05-03 16:00:30 +02:00
Joerg Matysiak
ee315ecab1
KEYCLOAK-17934 * fixed cache inconsistency when cache limit is exceeded
2021-05-03 15:50:23 +02:00
Hynek Mlnarik
32fb45eb5b
KEYCLOAK-17774 Implement equals method for work cache events
...
Co-Authored-By: stianst <stianst@gmail.com>
Co-Authored-By: Michal Hajas <mhajas@redhat.com>
2021-05-03 10:47:15 +02:00
Hynek Mlnarik
7d4255b2a1
KEYCLOAK-17871 Add support for running parallel model tests
2021-04-30 16:13:57 +02:00
Hynek Mlnarik
3e91e6f966
KEYCLOAK-17870 Fix ConcurrentModificationException upon liquibase initialization
2021-04-30 16:13:57 +02:00
Hynek Mlnarik
df4f88a0c8
KEYCLOAK-17869 Fix non-existent work cache configuration
2021-04-30 16:13:57 +02:00
Takashi Norimatsu
65c48a4183
KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA) ( #7679 )
...
* KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
Co-authored-by: Christophe Lannoy <c4r1570p4e@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-29 15:56:39 +02:00
Pedro Igor
60fac7c3c4
forcing cache encoding to avoid unnecessary byte[] conversions
2021-04-29 12:36:03 +02:00
vramik
162043beec
KEYCLOAK-17615 Move database initialization from KeycloakApplication to JpaConnectionProviderFactory
2021-04-28 13:43:48 +02:00
Martin Kanis
515bfb5064
KEYCLOAK-16378 User / client session map store
...
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-04-28 09:09:15 +02:00
Yoshiyuki Tabata
45202bd49a
KEYCLOAK-17637 Client Scope Policy for authorization service
2021-04-26 08:58:33 -03:00
Hynek Mlnarik
ff4c0e4412
KEYCLOAK-16935 Fix liquibase to work with MySQL 8.0.23+
2021-04-21 20:20:33 +02:00
Michal Hajas
1e2db74d86
KEYCLOAK-16932 Authorization map storage
2021-04-16 17:26:16 +02:00
AlistairDoswald
8b3e77bf81
KEYCLOAK-9992 Support for ARTIFACT binding in server to client communication
...
Co-authored-by: AlistairDoswald <alistair.doswald@elca.ch>
Co-authored-by: harture <harture414@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-16 12:15:59 +02:00
Takashi Norimatsu
42dec08f3c
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) ( #7780 )
...
* KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation)
* support tests using auth-server-quarkus
* Configuration changes for ClientPolicyExecutorProvider
* Change VALUE of table REALM_ATTRIBUTES to NCLOB
* add author tag
* incorporate all review comments
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-06 16:31:10 +02:00
vramik
185075d373
KEYCLOAK-14552 Realm Map Store
2021-03-31 15:49:03 +02:00
rmartinc
0a0caa07d6
KEYCLOAK-17215 Slowness issue while hitting /auth/admin/realms/$REALM/clients?viewableOnly=true after DELETE a role
2021-03-31 12:57:17 +02:00
vramik
c3b9c66941
KEYCLOAK-17460 invalidate client when assigning scope
2021-03-30 10:58:16 +02:00
Hynek Mlnarik
a36fafe04e
KEYCLOAK-17409 Support for amphibian (both component and standalone) provider
2021-03-25 13:28:20 +01:00
Michito Okai
298ab0bc3e
KEYCLOAK-7675 Support for Device Authorization Grant
2021-03-15 10:09:20 -03:00
Hiroyuki Wada
9d57b88dba
KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant.
...
Author: Hiroyuki Wada <h2-wada@nri.co.jp>
Date: Thu May 2 00:22:24 2019 +0900
Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
Hynek Mlnarik
4946484cb6
KEYCLOAK-17377 Fix invalidation cluster tests (do not hide failures)
2021-03-11 16:14:59 +01:00
vramik
6e501946b1
KEYCLOAK-17021 Client Scope map store
2021-03-08 21:59:28 +01:00
vramik
2c64a56072
KEYCLOAK-17325 Use KeycloakMarshallUtil for writing collection for LockEntryPredicate
2021-03-06 08:39:00 +01:00
Pedro Igor
0f30b3118a
[KEYCLOAK-16676] - Client attributes should not be stored if null or empty
2021-03-03 15:37:05 +01:00
stefvdwel
11b0c23937
Reduced code duplication
2021-02-17 09:40:19 -03:00
stefvdwel
b97f5eb128
Added PermissionTicket count test.
2021-02-17 09:40:19 -03:00
stefvdwel
5a500055f6
Added permission ticket /count endpoint. Todo: testing
2021-02-17 09:40:19 -03:00
mposolda
f4b5942c6c
KEYCLOAK-16755 ClearExpiredUserSessions optimization. Rely on infinispan expiration rather than Keycloak own background task.
2021-02-04 08:49:42 +01:00
Pedro Igor
cdf0ead957
[KEYCLOAK-16780] - Allow batching writes to storage when running migration ( #7717 )
...
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2021-01-29 09:35:19 -03:00
Martin Kanis
8432513daa
KEYCLOAK-16908 Refactor UserSessionPersisterProvider
2021-01-29 09:29:00 +01:00
mposolda
99a70267d9
KEYCLOAK-16801 Improve performance of ClearExpiredEvents background task
2021-01-27 09:57:46 +01:00
Michito Okai
7f421fb20a
KEYCLOAK-16844 Create an index to support offline sessions loading
2021-01-21 22:48:54 +01:00
Hynek Mlnarik
78c05d2da2
KEYCLOAK-16118 Replace MapStorage.entrySet() with search by criteria
...
* Add model class parameter to MapStorage
* Add shortcut read(id) method to MapKeycloakTransaction
2021-01-20 16:20:56 +01:00
Hynek Mlnarik
6c07679446
KEYCLOAK-16584 Rename map to CRUD operations
...
* rename putIfAbsent() to create(), get() to read(), put() to update(), remove() to delete()
* move ConcurrentHashMapStorage to org.keycloak.models.map.storage.chm package
* Add javadoc to MapStorage
2021-01-20 16:20:56 +01:00
Martin Kanis
9f580e3ed8
KEYCLOAK-15695 Streamification cleanup
2021-01-20 14:39:53 +01:00
Michal Hajas
ba8e2fef6b
KEYCLOAK-15524 Cleanup user related interfaces
2021-01-18 16:56:10 +01:00
Yoshiyuki Tabata
ab1dba5fa6
KEYCLOAK-11908 Support for conditional creating indices based on number
...
of records
2021-01-12 09:06:27 +01:00
vramik
1402d021de
KEYCLOAK-14846 Default roles processing
2021-01-08 13:55:48 +01:00
keycloak-bot
75be33ccad
Set version to 13.0.0-SNAPSHOT
2020-12-16 17:31:55 +01:00
Stefan Guilhen
d6422e415c
[KEYCLOAK-16508] Complement methods for accessing user sessions with Stream variants
2020-12-15 19:52:31 +01:00
Michal Hajas
8e376aef51
KEYCLOAK-15847 Add MapUserProvider
2020-12-10 08:57:53 +01:00
Martin Kanis
f6be378eca
KEYCLOAK-14556 Authentication session map store
2020-12-07 20:48:59 +01:00
Stefan Guilhen
edef93cd49
[KEYCLOAK-16232] Streamify the UserCredentialStore and UserCredentialManager interfaces
2020-12-07 19:48:35 +01:00
Stefan Guilhen
73d0bb34c4
[KEYCLOAK-16232] Replace usages of deprecated collection-based methods with the respective stream variants
2020-12-07 19:48:35 +01:00
Jan Lieskovsky
833bf98643
[KEYCLOAK-15692] Upgrade to Wildfly "21.0.1.Final"
...
Base fixes:
* [KEYCLOAK-15780] Upgrade Keycloak to Wildfly 21.0.0.Beta1 / Wildfly Core 13.0.0.Beta6
* [KEYCLOAK-16031] Upgrade Keycloak to Wildfly 21.0.0.Final / Wildfly Core 13.0.1.Final
* [KEYCLOAK-16442] Upgrade Keycloak to Wildfly 21.0.1.Final / Wildfly Core 13.0.3.Final
Other (dependent) fixes:
* [KEYCLOAK-15408] Deprecate former Wildfly and Wildfly Core versions in Arquillian's
testsuite pom.xml file as part of the upgrade script
* [KEYCLOAK-15442] Update the version of 'jboss-parent' as part of the Wildfly upgrade
script if necessary
* [KEYCLOAK-15474] Add --verbose and --force options to the Wildfly upgrade automated script
* [KEYCLOAK-15649] Update "urn:jboss:domain:infinispan:10.0" version as part of the Wildfly
upgrade automated script
* [KEYCLOAK-15652] Wildfly upgrade automated script - Align Python artifact version
comparsion algorithm with the Maven / Java one
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-11-26 09:25:29 +01:00
Hynek Mlnarik
363df6cab4
KEYCLOAK-16405 Tests for storage logical layer
2020-11-25 12:16:48 +01:00
Stefan Guilhen
84df008bc2
[KEYCLOAK-16341] Make the new stream-based methods in server-spi user interfaces default instead of the collection-based versions.
...
- this ensures that providing implementation for the collection-based methods is enough, which preserves
backwards compatibility with older custom implementations.
- alternative interfaces now allow new implementations to focus on the stream variants of the query methods.
2020-11-18 21:07:51 +01:00
mposolda
9b2f2015f7
KEYCLOAK-16244 RealmRealmLocalizationResourceTest fails on auth-server-quarkus
2020-11-11 14:56:31 +01:00
Pedro Igor
852c4a57ff
[KEYCLOAK-14468] - Scope permission sometimes not removed when removing scopes
2020-11-11 08:44:28 +01:00
Martin Kanis
d9029b06b9
KEYCLOAK-15889 Streamification of ProtocolMappers
2020-11-10 16:40:34 +01:00
Stefan Guilhen
aa46735173
[KEYCLOAK-15200] Complement methods for accessing users with Stream variants
2020-11-10 15:13:11 +01:00
Thomas Darimont
de20830412
KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens.
...
Co-authored-by: mposolda <mposolda@gmail.com>
2020-11-06 09:15:34 +01:00
Hynek Mlnarik
8060e3b3ac
KEYCLOAK-16115 Remove need for MapStorage.keySet() and values()
2020-11-03 08:46:42 +01:00
Hynek Mlnarik
f0bdcdd204
KEYCLOAK-16113 Add JPA event test
2020-10-30 21:08:27 +01:00
Christoph Leistert
e131de9574
KEYCLOAK-14855 Added realm-specific localization texts which affect texts in every part of the UI (admin console / login page / personal info page / email templates). Also new API endpoints and a new UI screen to manage the realm-specific localization texts were introduced.
...
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
2020-10-30 08:02:43 -03:00
vramik
785f2e78bc
KEYCLOAK-14977 create MapRoleProvider
2020-10-30 08:15:22 +01:00
Martin Kanis
b494b8bb44
KEYCLOAK-16034 Not scroll-able event queries for postgres and mssql
2020-10-30 08:10:00 +01:00
Hynek Mlnarik
925f089d62
KEYCLOAK-16077 Remove need for MapStorage.replace
2020-10-29 15:40:47 +01:00
mposolda
4f93dc8376
KEYCLOAK-11693 Clean startup log output in Keycloak.X
2020-10-23 09:33:54 -03:00
Martin Kanis
f5c52345fc
KEYCLOAK-16033 Revert Jpa*EventQuery to getResultList
2020-10-22 13:33:30 +02:00
Daniel Fesenmeyer
de8d2eafa3
KEYCLOAK-14781 Extend Admin REST API with search by federated identity
...
- Add parameters idpAlias and idpUserId to the resource /{realm}/users and allow it to be combined with the other search parameters like username, email and so on
- Add attribute "federatedIdentities" to UserEntity to allow joining on this field
- extend integration test "UserTest"
2020-10-22 08:51:26 +02:00
mhajas
4556e858ad
KEYCLOAK-15522 Use AbstractStorageManager in UserStorageManager
2020-10-15 20:41:13 +02:00
Martin Kanis
086f7b4696
KEYCLOAK-15450 Complement methods for accessing realms with Stream variants
2020-10-14 08:16:49 +02:00
testn
269a72d672
KEYCLOAK-15184: Use static inner class where possible
2020-10-09 23:37:08 +02:00
mposolda
ff05072c16
KEYCLOAK-15770 Skip creating session for docker protocol authentication
2020-10-09 07:53:26 +02:00
Markus Till
72f73f153a
UserProfile M1
2020-10-05 09:59:44 -03:00
Achim Hügen
66dfa32cd5
KEYCLOAK-14302 Fix the setting of the lifespan for cache entries. This bug caused that jobs were no longer executed after temporary network partition in multinode setup, because the cluster based locks used for the coordination were never released.
2020-10-02 11:34:44 +02:00
Thomas Darimont
12576e339d
KEYCLOAK-15146 Add support for searching users by emailVerified status
...
We now allow to search for users by their emailVerified status.
This enables users to easily find users and deal with incomplete user accounts.
2020-09-29 08:28:59 -03:00
mhajas
12bc84322a
KEYCLOAK-14974 Map group storage provider
2020-09-21 15:56:32 +02:00
Martin Kanis
f037dabdc1
KEYCLOAK-15199 Use stream variant method in jpa/RoleAdapter.getFirstAttribute
2020-09-17 13:18:21 +02:00
Martin Kanis
5d5e56dde3
KEYCLOAK-15199 Complement methods for accessing roles with Stream variants
2020-09-16 16:29:51 +02:00
testn
706299557e
KEYCLOAK-15174: ResourceServerAdapter.toEntity checks the wrong type
2020-09-10 12:19:25 -03:00
testn
c288175c03
KEYCLOAK-15208: PermissionTicketAdapter checks for the wrong type
2020-09-10 12:16:48 -03:00
mhajas
df52c12ebb
KEYCLOAK-15479 Replace enlistAfterCompletion with enlist in MapClientProvider
2020-09-09 08:27:38 +02:00
Benjamin Weimer
b2934e8dd0
KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found
2020-09-08 11:17:20 -03:00
Martin Kanis
4e9bdd44f3
KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak
2020-09-07 13:11:55 +02:00
mhajas
bdccfef513
KEYCLOAK-14973 Create GroupStorageManager
2020-09-01 10:21:39 +02:00
Martin Kanis
d59a74c364
KEYCLOAK-15102 Complement methods for accessing groups with Stream variants
2020-08-28 20:56:10 +02:00
Martin Kanis
4be99772d8
KEYCLOAK-14967 Closing streams obtained from JPA layer
2020-08-25 21:47:24 +02:00
Pedro Igor
cb57c58b4b
[KEYCLOAK-14730] - Consent not working when using federation storage and client is displayed on consent screen
2020-08-19 10:08:21 +02:00
mhajas
ae39760a62
KEYCLOAK-14972 Add independent GroupProvider interface
2020-08-13 21:13:12 +02:00
vramik
6b00633c47
KEYCLOAK-14812 Create RoleStorageManager
2020-07-31 15:11:25 -03:00
vramik
bfa21c912c
KEYCLOAK-14811 Create RoleProvider and make it independent of ClientProvider and RealmProvider
2020-07-31 15:11:25 -03:00
Martin Idel
97400827d2
KEYCLOAK-14870: Fix bug where user is incorrectly imported
...
Bug: SerializedBrokeredIdentityContext was changed to mirror
UserModel changes. However, when creating the user in LDAP,
the username must be provided first (everything else can
be handled via attributes).
2020-07-29 11:33:41 +02:00
Martin Idel
bf411d7567
KEYCLOAK-14869: Fix nullpointer exception in FullNameLDAPStorageMapper
...
Setting an attribute should be possible with a list
containing no elements or a null list
This can happen e.g. when creating users via idps
using a UserAttributeStatementMapper.
Fix this unprotected access in other classes too
2020-07-28 09:54:37 +02:00
Martin Kanis
feef5b4db2
KEYCLOAK-14220 Complement methods for accessing clients with Stream variants
2020-07-27 10:38:39 +02:00
keycloak-bot
afff0a5109
Set version to 12.0.0-SNAPSHOT
2020-07-22 14:36:15 +02:00
Hynek Mlnarik
8fae2997c9
KEYCLOAK-14553 Improve logging
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
c566b46e8f
KEYCLOAK-14549 Make ClientProvider independent of RealmProvider
...
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
ac0011ab6f
KEYCLOAK-14553 Client map store
...
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
2c29c58af1
KEYCLOAK-14551 Map transaction
2020-07-22 00:08:15 +02:00
Pedro Igor
3631618b24
[KEYCLOAK-14646] - Changing cacheQuery
2020-07-21 14:22:09 +02:00
Pedro Igor
7501e42969
[KEYCLOAK-14646] - Improving permission resolution and evaluation
2020-07-21 14:22:09 +02:00
Jan Lieskovsky
969b09f530
[KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final"
...
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-07-20 22:15:08 +02:00
Yao
ec61c45da5
KEYCLOAK-4593: Moved NamedQuery to entity attribute to improve performance
2020-07-16 08:32:51 +02:00
vramik
71dca9e1b9
KEYCLOAK-14474 ConsentsTest fails intermittently on auth-server-undertow
2020-07-07 14:25:00 +02:00
Plamen Kostov
914b226d11
[KEYCLOAK-14282] Create additional filtering for GET /users endpoint for enabled/disabled users
2020-07-03 09:07:42 -03:00
Martin Idel
05b6ef8327
KEYCLOAK-14536 Migrate UserModel fields to attributes
...
- In order to make lastName/firstName/email/username field
configurable in profile
we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)
Fix tests with logic changes
- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes
Potential impact on users:
- When subclassing UserModel, consistency issues may occur since one can
now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Hynek Mlnarik
8d8fae5def
KEYCLOAK-14533 Cleanup auth sessions immediately
2020-06-22 20:38:03 +02:00
Pedro Igor
d331091c5e
[KEYCLOAK-11330] - Quarkus tests
2020-06-17 17:20:55 +02:00
kurisumakise2011
bfde3ac080
When any liquibase exception is thrown and it catches in LiquibaseJpaUpdaterProvider update method inside try\catch block, an exception will be retrown like RuntimeException, but it will not be logged anywhere. It reaches platform.exit(t) and then only message of wrapped RuntimeException is propagated. But real caused can be noticed only via debug mode.
2020-06-15 14:01:07 +02:00
Pedro Igor
e16f30d31f
[KEYCLOAK-2343] - Allow exact user search by user attributes
...
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2020-06-10 12:02:50 -03:00
Yoshiyuki Tabata
f03ee2ec98
KEYCLOAK-14145 OIDC support for Client "offline" session lifespan
2020-06-04 14:24:52 +02:00
Pedro Igor
0870041b0b
[KEYCLOAK-14335] - Not initializing entity associations and removing bi-directional ones
...
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2020-06-02 11:31:10 -03:00
Pedro Igor
bae802bcfa
[KEYCLOAK-11784] - Using Hibernate Extension
2020-05-14 11:10:46 +02:00
stianst
b04932ede5
KEYCLOAK-12414 Remove the need to specify defaults in config file
2020-05-13 09:02:29 -03:00
Álvaro Gómez Giménez
666832d1be
KEYCLOAK-13066 Include resourceType in ScopePermissionRepresentation
2020-05-12 17:11:35 -03:00
Michael Cooney
3291161954
KEYCLOAK-13818: Addressing performance issues with adding client scopes during realm creation. Removing redundant lookups by passing all scopes that need to be created at once.
2020-05-12 15:59:42 +02:00
Pedro Igor
19ab9ba53d
[KEYCLOAK-13829] - DML for DELETE is executed even though attribute does not exist
2020-05-06 14:04:06 +02:00
keycloak-bot
ae20b7d3cd
Set version to 11.0.0-SNAPSHOT
2020-04-29 12:57:55 +02:00
Pedro Igor
601bf8d63e
[KEYCLOAK-12735] - Improving queries and cache for authz
2020-04-29 03:58:03 +02:00
Yoshiyuki Tabata
874642fe9e
KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC
2020-04-28 15:34:25 +02:00
stianst
5b017e930d
KEYCLOAK-13128 Security Headers SPI and response filter
2020-04-28 15:28:24 +02:00
keycloak-bot
33314ae3ca
Set version to 10.0.0-SNAPSHOT
2020-04-21 09:19:32 +02:00
mposolda
b29810c923
KEYCLOAK-13306 Model fixes for check realm when lookup by ID
...
(cherry picked from commit e40a62de31f6f5d326234314a9e285010665f707)
2020-04-21 08:19:50 +02:00
mposolda
6f62c0ed98
KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console
2020-03-27 13:29:55 +01:00
Pedro Igor
b812159193
[KEYCLOAK-10675] - Deleting an Identity Provider doesn't remove the associated IdP Mapper for that user
2020-03-26 11:41:17 +01:00
keycloak-bot
f6a592b15a
Set version to 9.0.4-SNAPSHOT
2020-03-24 08:31:18 +01:00
mposolda
5ddd605ee9
KEYCLOAK-13259
2020-03-24 05:32:41 +01:00
mposolda
3e82473a90
KEYCLOAK-13369 Not possible to move groups in admin console
2020-03-23 10:17:23 +01:00
vramik
86089d40b8
KEYCLOAK-13249 jpa-changelog-8.0.0.xml contains whitespace character
2020-03-18 09:36:23 +01:00
stianst
aece5d1b4c
KEYCLOAK-5162 Add index to even table
2020-03-17 17:05:21 +01:00
rmartinc
ad3b9fc389
KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups
2020-03-11 06:14:29 +01:00
Sebastian Schuster
99aba33980
KEYCLOAK-13163 Fixed searching for user with fine-grained permissions
2020-03-09 09:56:13 -03:00
vramik
701fb06de1
KEYCLOAK-12968 fix ClientTest.getAllClientsSearchAndPagination for postgresql
2020-03-05 06:40:03 +01:00
Dmitry Telegin
08319db242
KEYCLOAK-13167 - JDBC resource leak in custom migrations
2020-03-02 21:19:07 +01:00
Hynek Mlnarik
93f05f9291
KEYCLOAK-12450 Revert em.clear() call
2020-03-02 11:22:29 +01:00
Erik Jan de Wit
93a1374558
KEYCLOAK-11129 coalesce possible null values
2020-02-27 09:11:29 +01:00
keycloak-bot
d352d3fa8e
Set version to 9.0.1-SNAPSHOT
2020-02-17 20:38:54 +01:00
stianst
32fccfa99e
KEYCLOAK-10391 Fix lower-case column names in IdentityProviderMapperEntity, while they are upper-case in Liquibase scripts
2020-02-06 13:31:12 +01:00
Pedro Igor
199e5dfa3e
[KEYCLOAK-12909] - Keycloak uses embedded cache manager instead of container-managed one
2020-02-06 13:14:36 +01:00
Axel Messinese
b73553e305
Keycloak-11526 search and pagination for roles
2020-02-05 15:28:25 +01:00
Leon Graser
01a42f417f
Search and Filter for the count endpoint
2020-02-03 09:36:30 +01:00
Pedro Igor
658a083a0c
[KEYCLOAK-9600] - Find by name in authz client returning wrong resource
2020-02-03 08:57:20 +01:00
vramik
a83467047b
KEYCLOAK-9053 KEYCLOAK-9818 Increase column size for federated foreign keys
2020-01-31 21:24:55 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless ( #6649 )
2020-01-29 09:33:45 +01:00
Denis Richtárik
24c6e2ba08
KEYCLOAK-12742 Authentication -> WebAuthn Policy: Unable to delete the Acceptable AAGUIDS via the provided minus (-) button, once set ( #6695 )
2020-01-24 11:55:20 +01:00
vramik
47d6d65bbb
KEYCLOAK-12724 - workaround hibernate bug - set explicitly dialect for oracle version greater than 12
2020-01-22 18:34:11 +01:00
Denis Richtárik
8d312d748b
KEYCLOAK-12163 Old account console: UI not updated after removing of TOTP ( #6688 )
2020-01-22 12:26:28 +01:00
Tomas Kyjovsky
36eba64f07
KEYCLOAK-12674 Performance degradation after upgrade to Keycloak 8 ( #6685 )
2020-01-21 19:43:25 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector ( #6591 )
2020-01-14 21:54:45 +01:00
vramik
a2b3747d0e
KEYCLOAK-7014 - Correctly handle null-values in UserAttributes
2020-01-10 12:44:52 +01:00
Pedro Igor
dae212c035
[KEYCLOAK-12312] - Partial import of realm breaking access to client's service account roles
2020-01-09 10:06:32 +01:00
Douglas Palmer
106e6e15a9
[KEYCLOAK-11859] Added option to always display a client in the accounts console
2019-12-17 17:12:49 -03:00
vramik
c3d80651bf
KEYCLOAK-12473 Add possibility to specify length of event detail when storing to database
2019-12-17 17:15:50 +01:00
Cristian Schuszter
5c7ce775cf
KEYCLOAK-11472 Pagination support for clients
...
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
Pedro Igor
53f156ec83
[KEYCLOAK-11328] - Initial Server.x Clustering Configuration
2019-11-29 08:38:41 +01:00
Martin Kanis
685d49c693
KEYCLOAK-11967 Violation of UNIQUE KEY constraint SIBLING_NAMES ( #6485 )
2019-11-26 16:00:50 +01:00
Andrei Arlou
f0ac2ad3ce
KEYCLOAK-12088 Use diamond operator for collections in module "model/infinispan"
2019-11-22 11:08:42 +01:00
Andrei Arlou
3acee944ea
KEYCLOAK-12090 Simplify conditions in module "model/infinispan" ( #6497 )
2019-11-18 20:51:12 +01:00
Andrei Arlou
80f4bd3822
KEYCLOAK-12089 Remove unused imports from module "model/infinispan" ( #6496 )
2019-11-18 20:48:34 +01:00
keycloak-bot
76aa199fee
Set version to 9.0.0-SNAPSHOT
2019-11-15 20:43:21 +01:00
vramik
af5df1e535
KEYCLOAK-11808 Add support for MySQL8, update supported database versions
2019-11-15 08:43:48 +01:00
stianst
3a36569e20
KEYCLOAK-9129 Don't expose Keycloak version in resource paths
2019-11-15 08:21:28 +01:00
AlistairDoswald
4553234f64
KEYCLOAK-11745 Multi-factor authentication ( #6459 )
...
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Patrick Teubner
b3d87b52c2
KEYCLOAK-11888 Fix inconsistent pagination of groups by ordering the results of 'getTopLevelGroupIds' query
2019-11-11 09:22:51 +01:00
Wim Vandenhaute
b6ee342713
KEYCLOAK-4593 Flush and clear when fetching multiple realms for performance improvement with large number of realms
2019-11-04 21:11:26 +01:00
Hynek Mlnarik
f0685cc246
KEYCLOAK-11739 Ensure unique / PK constraint in JPA is on par with Liquibase
2019-10-23 14:53:17 +02:00
Martin Kanis
37304fdd7d
KEYCLOAK-10728 Upgrade to WildFly 18 Final
2019-10-21 14:06:44 +02:00
Pedro Igor
6acb87bd7a
[KEYCLOAK-10822] - Prevent access to users from another realm
2019-10-21 10:32:50 +02:00
Pedro Igor
17785dac08
[KEYCLOAK-10714] - Add filtering support in My Resources endpoint by name
2019-10-16 16:26:55 +02:00
Hynek Mlnarik
9d685a2c47
KEYCLOAK-11558 Fix unique constraint violation in PartialImportTest
...
(cherry picked from commit 672703cbc1320466d37761c4cb0d46c5dd0ce0f1)
2019-10-14 14:40:20 +02:00
Takashi Norimatsu
7c75546eac
KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
...
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
Kohei Tamura
c68afdab83
KEYCLOAK-7547 Change log level of a message when deleting user
...
When deleting a user (who has not failed to log in yet if Brute Force Detection is not enabled), the following message is always recorded:
{noformat}
10:34:15,101 WARN [org.keycloak.models.sessions.infinispan.changes.InfinispanChangelogBasedTransaction] (default task-7) Not present cache item for key LoginFailureKey [ realmId=568c76c7-9308-4d84-bfc1-ec3542deaf02. userId=4c011785-a39a-43bf-b0c1-43c63decf2f1 ]
{noformat}
This is noisy and should not be logged at warning level.
2019-09-20 11:37:30 +02:00
Jan Lieskovsky
cfb225b499
[KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization
...
(in the direction from LDAP provider to Keycloak) from exponential to
linear time in the case of syncing flat LDAP groups structure
Add a corresponding test (intentionally configured as to be ignored
by CI/CD due to higher demand on time, required fo the test completion)
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 09:54:13 +02:00
Hynek Mlnarik
9eb2e1d845
KEYCLOAK-11028 Use pessimistic locks to prevent DB deadlock when deleting objects
2019-09-09 10:57:49 +02:00
Pedro Igor
a1d8850373
[KEYCLOAK-7416] - Device Activity
2019-09-05 11:43:27 -03:00
Takashi Norimatsu
8225157a1c
KEYCLOAK-6768 Signed and Encrypted ID Token Support
2019-08-15 15:57:35 +02:00
Vlastimil Elias
4571f65d1e
KEYCLOAK-10209 - AuthenticationSessionModel made available through
...
KeycloakContext in KeycloakSession
2019-07-30 12:36:57 +02:00
Pedro Igor
967d21dbb5
[KEYCLOAK-10713] - Pagination to resources rest api
2019-07-29 16:19:22 -03:00
keycloak-bot
17e9832dc6
Set version to 8.0.0-SNAPSHOT
2019-07-19 19:05:03 +02:00
Hynek Mlnarik
04f266d381
KEYCLOAK-10744 Fix MariaDB cannot create database
2019-07-18 13:59:49 +02:00
Martin Kanis
efdf0f1bd8
KEYCLOAK-6839 You took too long to login after SSO idle
2019-07-10 10:15:26 +02:00
rmartinc
bd5dec1830
KEYCLOAK-10112: Issues in loading offline session in a cluster environment during startup
2019-07-03 13:17:45 +02:00
Pedro Igor
0cdd23763c
[KEYCLOAK-10443] - Define a global decision strategy for resource servers
2019-07-02 09:14:37 -03:00
Sebastian Loesch
c9fbed7eb8
KEYCLOAK-10545 Fix formatting error in log message
...
Fixes the formatting error
java.util.IllegalFormatConversionException: d != java.util.UUID
2019-06-26 10:22:15 +02:00
mposolda
c124aec586
KEYCLOAK-10262 DBLockTest.testLockConcurrently fails with MariaDB Galera 10.1
2019-06-24 11:23:18 +02:00
Pedro Igor
fdc0943a92
[KEYCLOAK-8060] - My Resources REST API
2019-06-11 14:23:26 -03:00
Pedro Igor
61eb94c674
[KEYCLOAK-8915] - Support resource type in authorization requests
2019-06-04 21:02:54 -03:00
skyfalke
0007bad6f3
KEYCLOAK-10393 Fix permission ticket pagination in Authz Client
...
KEYCLOAK-10393 Ensure idempotency of find method of permission ticket store
2019-05-29 09:43:54 -03:00
mduchrow
c80531dfa7
KEYCLOAK-9847 Checking user cache for being not null before using it
2019-05-15 15:47:03 +02:00
Hynek Mlnarik
835b2cf9c2
KEYCLOAK-9944 Add Primary Key Constraint into RESOURCE_URIS table
2019-05-13 12:43:23 +02:00
Sebastian Loesch
96250c9685
[KEYCLOAK-9573] Allow AdminEvents for custom resource types
2019-04-26 09:57:28 +01:00
mposolda
7a671052a3
KEYCLOAK-9988 Fix unstable UserSessionPersisterOfflineTest.testExpired. Adding ResetTimeOffsetEvent
2019-04-23 20:58:37 +02:00
keycloak-bot
49d4e935cb
Set version to 7.0.0-SNAPSHOT
2019-04-17 09:48:07 +01:00
mposolda
a8af51c7bb
KEYCLOAK-9988 Fix unstable UserSessionProviderOfflineTest.testExpired
2019-04-12 17:16:53 +02:00
Bekh-Ivanov George
ebcfeb20a3
[KEYCLOAK-10020] - Add ability to request user-managed (ticket) permissions by name
2019-04-12 08:44:57 -03:00
Axel Messinese
e18fb56389
KEYCLOAK-4978 Add endpoint to get groups by role
2019-03-15 06:00:17 +01:00
keycloak-bot
e843d84f6e
Set version to 6.0.0-SNAPSHOT
2019-03-06 15:54:08 +01:00
stianst
7ad02e7318
Fixes for releasing
2019-03-06 11:38:09 +01:00
Stefan Guilhen
9c34cc7365
[KEYCLOAK-9371] Fix premature termination of sessions when remember-me is in use
2019-02-27 15:08:50 +01:00
Hynek Mlnarik
37ef47d6ab
KEYCLOAK-9509 Upgrade to Wildfly 15
...
KEYCLOAK-9584 Update Wildfly Arquillian version
KEYCLOAK-9581: Fix CookiePathTests
KEYCLOAK-9607 CLI sripts and configuration files update
KEYCLOAK-9580 Fix component registration error
KEYCLOAK-9590 Update JDG to newest version
* Infinispan is using whatever version is set in root pom.xml.
KEYCLOAK-9509 Fix Undertow tests
Co-Authored-By: vramik <vramik@redhat.com>
Co-Authored-By: sebastienblanc <scm.blanc@gmail.com>
2019-02-25 08:56:46 +01:00
Gideon Caranzo
4cd617bc42
KEYCLOAK-8977 Added method to return KeycloakSession from RealmCreationEvent
2019-02-21 11:21:54 +01:00
stianst
e06c705ca8
Set version 5.0.0
2019-02-21 09:35:14 +01:00
Hynek Mlnarik
52840533c9
KEYCLOAK-9111 Fix for unhandled exception
2019-02-13 15:49:49 +01:00
Hynek Mlnarik
a74d6ab932
KEYCLOAK-9107 Fix NPE
2019-02-13 15:49:49 +01:00
Pedro Igor
885eec5ef2
[KEYCLOAK-8348] - Containerize database tests
2019-01-30 16:29:03 -02:00
vramik
c4a46a5591
KEYCLOAK-7677 KEYCLOAK-7723 fix version collision of httpclient
...
Co-authored-by: Pedro Igor <psilva@redhat.com>
2019-01-10 17:45:41 -02:00
stianst
7c9f15778a
Set version to 4.8.3.Final
2019-01-09 20:39:30 +01:00
stianst
7c4890152c
Set version to 4.8.2
2019-01-03 14:43:22 +01:00
mposolda
04445c8a23
KEYCLOAK-8904 Backpressure in RemoteCacheSessionsLoader
2018-12-10 22:49:43 +01:00
Stefan Guilhen
3462be857b
[KEYCLOAK-8835] Add missing not-null constraint to the new remember-me columns in the realm table
2018-12-07 11:32:30 +01:00
Pedro Igor
0c39eda8d2
[KECLOAK-8237] - Openshift Client Storage
2018-12-06 10:57:53 -02:00
stianst
b674c0d4d9
Prepare for 4.8.0.Final
2018-12-04 13:54:25 +01:00
Hynek Mlnarik
d395043fc7
KEYCLOAK-8707 Fix client template to scope migration
2018-11-22 15:07:47 +01:00
mposolda
6e93ca36af
KEYCLOAK-8519 OIDCScopeTest.testClientDisplayedOnConsentScreenWithEmptyConsentText failing on Oracle
2018-11-22 09:30:01 +01:00
mposolda
6db1f60e27
KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs
2018-11-21 21:51:32 +01:00
Takashi Norimatsu
0793234c19
KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 ( #5603 )
...
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
also support client signed signature verification by refactored token
verification mechanism
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
incorporate feedbacks and refactor client public key loading mechanism
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
unsigned request object not allowed
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
revert to re-support "none"
2018-11-19 14:28:32 +01:00
Stefan Guilhen
a3d4612edd
KEYCLOAK-8854 Updated UserSessionPredicate.ExternalizerImpl to include the remember-me properties
2018-11-19 12:17:03 +01:00
mposolda
0533782d90
KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB
2018-11-16 14:23:28 +01:00
Michael Gottlieb
3bdbbf41af
KEYCLOAK-8702:Fix Offline Sessions requires column
...
Prevent RemoveDuplicateOfflineSessions from running when migration to 3.2.0 has been run.
This prevents running when the database has already dropped CLIENT_SESSION_ID from OFFLINE_CLIENT_SESSION table.
This change unblocks migrating from 3.2.0 to 4.4.0 and later.
2018-11-16 12:03:57 +01:00
Leon Graser
85f11873c3
KEYCLOAK-8613 Group Membership Pagination
2018-11-15 17:54:07 +01:00
Thomas Darimont
cf57a1bc4b
KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
...
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.
SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.
Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
stianst
ecd476fb10
Prepare for 4.7.0.Final
2018-11-14 20:10:59 +01:00
mposolda
1b5a83c4f1
KEYCLOAK-6980 Check if client_assertion was already used during signed JWT client authentication
2018-11-14 20:09:22 +01:00
Graser Leon
9ef4c7fffd
KEYCLOAK-8377 Role Attributes
2018-10-24 22:04:28 +02:00
Gideon Caranzo
7d85ce93bb
KEYCLOAK-8555 queried only realms with user storage provider to speed up user storage sync bootstrap
2018-10-19 09:53:58 +02:00
vramik
7a96911a83
KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
...
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
Pedro Igor
79ca722b49
[KEYCLOAK-7605] - Make sure Evaluation API is read-only
2018-10-09 08:09:29 -03:00
Hynek Mlnarik
7f1c03a122
KEYCLOAK-8462 Close delegates properly
2018-10-08 14:45:48 +02:00
Pedro Igor
b4b3527df7
[KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups
2018-10-02 15:44:23 -03:00
stianst
c3fc9e9815
Set version to 4.6.0.Final-SNAPSHOT
2018-09-26 20:58:41 +02:00
Pedro Igor
609c521c17
[KEYCLOAK-8281] - Deletion of client with token exchange policy leads to breaking errors
2018-09-18 18:58:45 -03:00
stianst
24e60747b6
KEYCLOAK-7560 Refactor token signature SPI PR
...
Also incorporates:
KEYCLOAK-6770 ES256/384/512 providers
KEYCLOAK-4622 Use HS256 for refresh tokens
KEYCLOAK-4623 Use HS256 for client reg tokens
2018-09-11 08:14:10 +02:00
Leon Graser
df22c4d613
changed user and resource entity to fetch mode select with batch size 20
2018-09-10 20:31:04 +02:00
stianst
1fb4ca4525
Set version to 4.5.0.Final
2018-09-06 20:08:02 +02:00
Hynek Mlnarik
5fe1905e4b
KEYCLOAK-6803 Prevent duplicating required actions in JPA user storage
2018-09-03 19:42:18 +02:00
Hynek Mlnarik
54b5ec206e
KEYCLOAK-8183 Improve authz caching for negative cases
2018-08-31 18:31:55 +02:00
Hynek Mlnarik
8a7a545628
KEYCLOAK-7944 Remove duplicate offline client sessions
2018-08-29 10:55:38 +02:00
Hynek Mlnarik
2077975b1c
KEYCLOAK-6411 Fix list of keywords on MySQL/MariaDB
2018-08-28 09:51:58 +02:00
mposolda
6fc99cd749
KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
...
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
Stefan Guilhen
f36e45cb10
[KEYCLOAK-4902] - Using streams to process scopes and cache improvements
2018-08-14 06:29:10 -03:00
Stefan Guilhen
060b3b8d0f
[KEYCLOAK-4902] - Using streams when fetching resources
2018-08-09 16:28:31 -03:00
Pedro Igor
905fd3ae00
[KEYCLOAK-8003] - Migration to 4.2.1 extracting RESOURCE_URIs fails with fine-grained admin permissions
2018-08-08 11:00:25 +02:00
Pedro Igor
80e5227bcd
[KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests
2018-08-07 10:53:40 -03:00
Hiroyuki Wada
263792a4ab
KEYCLOAK-7984 Fix migration issue
2018-08-02 14:58:20 +02:00
alva.huang
3380fdc119
[KEYCLOAK-7985] fix the table name error, from RESOURCE_URI to RESOURCE_URIS
...
Signed-off-by: alva.huang <alva@izhiju.cn>
2018-08-02 08:31:44 -03:00
mposolda
959cd035ba
Set version to 4.3.0.Final-SNAPSHOT
2018-08-01 22:40:05 +02:00
Hiroyuki Wada
7c0ca9aad2
KEYCLOAK-6313 Add required action's priority for customizing the execution order
2018-07-23 22:21:04 +02:00
mhajas
1308a3231d
KEYCLOAK-7931 Correct wrong JPA changelog filenames
2018-07-23 11:49:54 +02:00
mhajas
5aebc74f8c
KEYCLOAK-7269 Setting more uris for Authorization Resource
2018-07-11 17:48:34 -03:00
mposolda
d0a824dde4
Updating version to 4.2.0.Final-SNAPSHOT
2018-07-05 07:42:48 -04:00
mposolda
40d129cf54
KEYCLOAK-7489 Replace failed for entity repeats infinitely
2018-07-04 10:22:49 +02:00
mposolda
8c66f520af
KEYCLOAK-7745 JTA error if offline sessions can't be preloaded at startup within 5 minutes
2018-07-04 10:22:13 +02:00
Martin Kanis
0e2e867e4a
KEYCLOAK-5023 database migration fails if mysql schema name has hyphen
2018-06-27 10:11:09 +02:00
Takashi Norimatsu
2fb022e501
KEYCLOAK-7688 Offline Session Max for Offline Token
2018-06-26 08:25:06 +02:00
Martin Kanis
998227ac53
KEYCLOAK-5461 Upgrade to Liquibase 3.5.5
2018-06-22 13:20:10 +02:00
stianst
e1a0e581b9
Update to 4.1.0.Final-SNAPSHOT
2018-06-14 14:22:28 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support ( #5076 )
...
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes
Co-authored-by: vramik <vramik@redhat.com>
* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Federico M. Facca
5a9bfea419
[KEYCLOAK-7353] Support Policy Management in Protection API
...
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Pedro Igor
f8919f8baa
Merge pull request #5211 from pedroigor/KEYCLOAK-7367
...
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-06-04 09:35:13 -03:00
Martin Kanis
f429469fc8
KEYCLOAK-5270 Realm cookie path for IE<=11 users ( #5106 )
2018-05-31 08:44:34 +02:00
Johannes Knutsen
c64ecb1ab8
Remove expired objects from cache cluster instead of local only
2018-05-29 10:27:43 +02:00
Pedro Igor
2b6597e9f1
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-05-25 16:18:15 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final ( #5224 )
2018-05-24 19:02:30 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT ( #5185 )
2018-05-02 14:32:20 +02:00
Pedro Igor
5cae1bb134
Merge pull request #5093 from pedroigor/KEYCLOAK-4102
...
[KEYCLOAK-4102] - Support lazy load paths
2018-03-29 09:16:34 -03:00
pedroigor
4a425c2674
[KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config
2018-03-28 09:23:59 -03:00
dongay
707b80f436
KEYCLOAK-3210 Apply @Nationalized attribute to entity fields that should support unicode character sets
2018-03-27 20:55:59 +02:00
Pedro Igor
ffeb0420bf
Merge pull request #5079 from pedroigor/KEYCLOAK-6529
...
[KEYCLOAK-6529] - Resource Attributes
2018-03-27 09:30:38 -03:00
stianst
07fea02146
Bump versions to 4.0.0.Beta2-SNAPSHOT
2018-03-26 18:17:38 +02:00
pedroigor
758ae41999
[KEYCLOAK-6529] - Constraint name too long
2018-03-22 07:05:03 -03:00
Hynek Mlnarik
bb3c76a9d9
KEYCLOAK-6929 Externalizers for AuthenticationSessionEntity
2018-03-21 12:46:50 +01:00
pedroigor
08896ee9c9
[KEYCLOAK-6529] - Resource Attributes
2018-03-19 13:21:39 -03:00
Johannes Knutsen
9de8e79577
KEYCLOAK-6824: Remove negation of isEmpty list check
2018-03-15 18:43:22 +01:00
Pedro Igor
2aa71d1737
Merge pull request #5051 from pedroigor/KEYCLOAK-6787
...
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-12 11:41:49 -03:00
Hynek Mlnarik
05dcc6e3af
KEYCLOAK-6783 JDG-auth optimizations
2018-03-09 15:08:55 +01:00
mposolda
6f7200868b
Secured RemoteCache availability
2018-03-09 15:08:55 +01:00
Bill Burke
4b6b45cf43
KEYCLOAK-6026
2018-03-05 11:57:05 -05:00
vramik
9bd2e70376
KEYCLOAK-6790 Identifier for RESOURCE_SERVER_PERMISSION_TICKET table is too long for Oracle databases
2018-03-02 12:46:19 +01:00
Bill Burke
7f21cdd1f4
KEYCLOAK-6551
2018-03-02 10:41:05 +01:00
pedroigor
1e1de85685
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-01 16:50:05 -03:00
pedroigor
cb531056a6
[KEYCLOAK-6621] - Fixing cache and queries of policies with type scope
2018-02-28 16:33:45 -03:00
Pedro Igor
91bdc4bde2
[KEYCLOAK-3169] - UMA 2.0 ( #4368 )
...
* [KEYCLOAK-3169] - UMA 2.0 Support
* [KEYCLOAK-3169] - Changes to account service and more tests
* [KEYCLOAK-3169] - Code cleanup and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - More tests
* [KEYCLOAK-3169] - Changes to adapter configuration
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring
* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests
* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers
* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console
* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console
* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests
* [KEYCLOAK-3169] - Removing more UMA 1.0 related code
* [KEYCLOAK-3169] - Only submit requests if ticket exists
* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - 403 response in case ticket is not created
* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent
* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
gonzalad
898347366d
KEYCLOAK-6589: Optimize jpql in User search API
...
This commit removes the 6 n+1 select
that are issued when calling GET /users api.
We now have 4 select queries.
2018-02-22 14:21:42 +01:00
pedroigor
d590600c12
[KEYCLOAK-6321] - NPE when deleting a resource with admin events enabled
2018-02-21 19:41:44 +01:00
Bruno Oliveira
b91998a0d8
[KEYCLOAK-6111] 'Override User-Initiated Action Lifespan' admin GUI can break realm configuration
2018-02-09 06:36:23 -02:00
pedroigor
76657d5239
[KEYCLOAK-6528] - Fixing mysql error. Probably a consequence of KEYCLOAK-6228 changes.
2018-02-08 21:17:33 +01:00
Bill Burke
6054b69eec
fix serializable exceptions
2018-01-31 20:26:50 -05:00
Bill Burke
a0d275c850
whoops, fix db script
2018-01-31 14:28:40 -05:00
Bill Burke
26411a123e
migrate fix
2018-01-31 13:11:46 -05:00
Bill Burke
126dd70efc
client stat improvement
2018-01-31 13:05:13 -05:00
Bill Burke
bd3eb9d662
more hynek db changes
2018-01-30 19:46:42 -05:00
Bill Burke
a571781240
hynek db changes
2018-01-30 17:00:55 -05:00
Bill Burke
0fc7fa557d
fix caching
2018-01-29 16:26:51 -05:00
Bill Burke
4bf23cc83a
caching
2018-01-29 12:28:17 -05:00
Bill Burke
1d8e38f0c6
admin console
2018-01-27 13:05:02 -05:00
Bill Burke
dd4c0d448c
Merge remote-tracking branch 'upstream/master' into client-storage-spi
2018-01-27 09:47:41 -05:00
Bill Burke
6b84b9b4b6
done 1st iteration
2018-01-27 09:47:16 -05:00
vramik
b0fbe5c8ba
KEYCLOAK-6300 List of group members is not sorted alphabetically
2018-01-25 20:21:03 +01:00
Bill Burke
ddad1cb8af
Merge remote-tracking branch 'upstream/master' into client-storage-spi
2018-01-25 10:08:37 -05:00
Bill Burke
8a17b61f4e
initial work
2018-01-25 10:08:26 -05:00
Bill Burke
4bfb62d7f4
marek suggested fixes
2018-01-24 09:32:38 -05:00
Bill Burke
a9297df89c
KEYCLOAK-6335
2018-01-23 12:09:49 -05:00
Douglas Palmer
fc3c07f6de
[KEYCLOAK-6236] Use MessageDigest.isEquals in place of String.equals
2018-01-18 13:04:54 +01:00
Hynek Mlnarik
e4c875eb41
KEYCLOAK-6108 Remove DROP INDEX in postgres (handled automatically)
2018-01-04 09:03:52 +01:00
Hynek Mlnarik
f0c1e65b2d
KEYCLOAK-6095 Include schema in custom SQL
2018-01-04 09:03:52 +01:00
stianst
0bedbb4dd3
Bump version to 4.0.0.CR1-SNAPSHOT
2017-12-21 15:06:00 +01:00
Martin Kanis
351dbffaf2
KEYCLOAK-5172 Set oidc as default protocol to clients
2017-12-20 13:38:12 +01:00
Marko Strukelj
ae573f4814
KEYCLOAK-5617 KEYCLOAK-5993 Race condition putting new user in user cache
2017-12-20 13:35:35 +01:00
mposolda
6696c0f0b2
KEYCLOAK-5245 Restart failures when deleting a client with existing sessions/offline_tokens
2017-12-13 15:53:10 +01:00
mposolda
63efee6e15
KEYCLOAK-5938 Authentication sessions: Support for logins of multiple tabs of same client
2017-12-12 08:01:02 +01:00
Bill Burke
5d5a200413
Merge pull request #4818 from patriot1burke/master
...
KEYCLOAK-5926
2017-12-08 09:59:32 -05:00
Bill Burke
0dee393071
KEYCLOAK-5926
2017-12-07 19:49:10 -05:00
Bill Burke
efa5949f69
Merge pull request #4814 from patriot1burke/master
...
KEYCLOAK-5350
2017-12-07 10:07:35 -05:00
stianst
c055ffb083
KEYCLOAK-4215 Consider session expiration when setting token timeouts
2017-12-07 10:45:02 +01:00
stianst
5fd3c9161d
KEYCLOAK-5868
2017-12-07 10:42:21 +01:00
Bill Burke
64f8d7ce25
KEYCLOAK-5350
2017-12-06 16:00:23 -05:00
mposolda
8a0fa521c4
KEYCLOAK-5915 Support for sticky sessions managed by loadbalancer. Support for KeyAffinityService
2017-12-06 13:06:54 +01:00
stianst
6d1c33ccdc
KEYCLOAK-5667
2017-12-06 06:45:23 +01:00
mposolda
6c34b4c418
KEYCLOAK-5914 Periodic clean of detached client sessions
2017-12-05 08:25:30 +01:00
stianst
37de8e9f69
Bump version to 3.4.2.Final-SNAPSHOT
2017-12-01 09:34:48 +01:00
mposolda
7b03eed9c8
KEYCLOAK-5797 Refactoring authenticationSessions to support login in multiple browser tabs with different clients
2017-11-30 12:56:45 +01:00
Hynek Mlnarik
b466f4d0b6
KEYCLOAK-5910 Retry sending notification when remote cache is unavailable
2017-11-30 11:48:26 +01:00
pedroigor
17748d5ba8
[KEYCLOAK-5660] - Adding UserQueryProvider.getUsersCount(realm, includeServiceAccount) method
2017-11-30 10:45:54 +01:00
pedroigor
674fb31a2c
[KEYCLOAK-5660] - Rest API User count returns wrong value
2017-11-30 10:45:54 +01:00
stianst
2be78a0239
KEYCLOAK-5924 Add error handler for uncaught errors
2017-11-30 10:33:13 +01:00
pedroigor
9ffc11d04f
[KEYCLOAK-4231] - Unable to import PEM certificate > 2048
2017-11-29 20:26:22 +01:00
mposolda
6d91ab674b
KEYCLOAK-5895 CrossDC: NotSerializableException when opening sessions tab in admin console
2017-11-23 20:03:12 +01:00
Bill Burke
2117db5e6d
Merge pull request #4730 from patriot1burke/master
...
KEYCLOAK-4715
2017-11-22 12:45:23 -05:00
mposolda
bd1072d2eb
KEYCLOAK-5747 Ensure refreshToken doesn't need to send request to the other DC. Other fixes and polishing
2017-11-22 11:55:12 +01:00
mposolda
61c5a332b4
KEYCLOAK-5832 Fix the issue with RemoveExpiredCommand exception on JDG side
2017-11-22 11:55:12 +01:00
Bill Burke
8993ca08ad
KEYCLOAK-4715
2017-11-21 17:46:48 -05:00
Bill Burke
08ca03051c
Merge pull request #4549 from pkadej/KEYCLOAK-5662
...
KEYCLOAK-5662
2017-11-20 14:37:07 -05:00
Bill Burke
83ff0eab10
remove irrelevant comments
2017-11-17 11:36:49 -05:00
Bill Burke
c66ff60c58
KEYCLOAK-5715
2017-11-17 11:34:32 -05:00
Hynek Mlnarik
a787cfa33a
KEYCLOAK-5425 Have preconditions evaluated in manual mode
2017-11-15 13:37:32 +01:00
Bruno Oliveira
03d0488335
[KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-13 19:57:04 -02:00
Przemysław Kadej
e28f402b6b
KEYCLOAK-5662 - CachePolicy.MAX_LIFESPAN - Cached LDAP users aren't being refreshed at all
2017-11-13 11:36:31 +01:00
mposolda
c530a061cc
KEYCLOAK-5828 Ensure sessions preloading works for remote distributed caches as well
2017-11-10 11:27:24 +01:00
mposolda
a98f085be6
KEYCLOAK-5618 Fix SessionsPreloadCrossDCTest. Update HOW-TO-RUN docs. Ensure it's executed in travis.
2017-11-09 17:39:04 +01:00
Stian Thorgersen
128ff12f8f
Bump versions
2017-11-09 15:37:21 +01:00
mposolda
701b7acd80
KEYCLOAK-5371 More stable cross-dc tests
2017-11-08 10:03:04 +01:00
mposolda
62a1c187a2
KEYCLOAK-5716 KEYCLOAK-5738 Avoid infinispan deadlock. Ensure code-to-token works correctly in cross-dc
2017-11-07 09:01:59 +01:00
Hynek Mlnařík
4d0d28c222
Merge pull request #4621 from hmlnarik/KEYCLOAK-5230-Indexes-on-USER-ID-missing-from-the-federated-user-tables
...
KEYCLOAK-5230 Add indices to FED_* tables
2017-10-31 08:48:34 +01:00
Hynek Mlnarik
c9aa5e638e
KEYCLOAK-5230 Add indices to FED_* tables
2017-10-27 12:43:22 +02:00
Hynek Mlnarik
92027e4c57
KEYCLOAK-5745 Fix ActionTokenCrossDCTest and improve logging
2017-10-27 08:45:05 +02:00
Hynek Mlnarik
75c354fd94
KEYCLOAK-5745 Separate user and client sessions in infinispan
2017-10-26 10:39:41 +02:00
Hynek Mlnařík
7190820fc4
Merge pull request #4566 from vramik/KEYCLOAK-4928
...
KEYCLOAK-4928 Add primary key constraints
2017-10-24 15:40:37 +02:00
Marek Posolda
a7bc294a08
Merge pull request #4594 from hmlnarik/KEYCLOAK-5688-Externalizer-for-entities-shared-across-DC-2
...
KEYCLOAK-5688 Externalizers for cluster messages and predicates
2017-10-24 14:41:16 +02:00
mposolda
9a19e95b60
KEYCLOAK-5710 Change cache-server to use backups based caches
2017-10-24 11:52:08 +02:00
vramik
223713bc53
KEYCLOAK-4928 Add primary key constraints
2017-10-24 10:46:46 +02:00
Hynek Mlnarik
faf830dc77
KEYCLOAK-5688 Externalizers for cluster messages and predicates
2017-10-23 12:18:56 +02:00
Bill Burke
92245e3fc8
fixes
2017-10-20 09:55:37 -04:00
Bill Burke
54ebc21880
KEYCLOAK-5698
2017-10-19 19:38:56 -04:00
Bill Burke
0371a562d9
Merge pull request #4574 from patriot1burke/master
...
KEYCLOAK-5701
2017-10-19 10:33:10 -04:00
Bill Burke
8faa6f1f4d
KEYCLOAK-5701
2017-10-18 18:20:50 -04:00
Hynek Mlnarik
6d18ba4b32
KEYCLOAK-5688 Add externalizers for session entities
...
and remove unused events
2017-10-18 16:04:57 +02:00
Hynek Mlnarik
056ba75a72
KEYCLOAK-5656 Use standard infinispan remote-store
2017-10-16 21:49:42 +02:00
Bruno Oliveira da Silva
b6ab2852c2
Remove unused imports ( #4558 )
2017-10-16 14:23:42 +02:00
mposolda
26f11078dc
KEYCLOAK-5371 Use managed executors on Wildfly
2017-10-11 11:09:53 +02:00
mposolda
f5ff24ccdb
KEYCLOAK-5371 Fix SessionExpirationCrossDCTest, Added ExecutorsProvider. Debug support for cache-servers in tests
2017-10-10 22:30:44 +02:00
Hynek Mlnarik
fe972ce12b
KEYCLOAK-5656 Remove remoteServers configuration option
2017-10-09 11:58:28 +02:00
Hynek Mlnarik
6cbfbeca0b
KEYCLOAK-5656 Remove KeycloakTcpTransportFactory
2017-10-06 13:20:17 +02:00
mposolda
bca4c35708
KEYCLOAK-5371 Fix ActionTokenCrossDCTest and BruteForceCrossDCTest
2017-10-04 13:25:45 +02:00
Marek Posolda
13fe9e7cf8
Merge pull request #4510 from glavoie/KEYCLOAK-3303
...
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93
KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT
2017-09-29 13:20:22 +02:00
mposolda
63673c4328
KEYCLOAK-5569 Added JWE
2017-09-29 13:01:42 +02:00
Gabriel Lavoie
134daeac7f
KEYCLOAK-3303: Allow reuse of refresh tokens.
...
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b
Merge pull request #4209 from guitaro/feature/group-search-and-pagination
...
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
howcroft
e78bf5f876
Keycloak 2035
...
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
mposolda
ca92bcbf7f
KEYCLOAK-5480 Cross-DC setup: Remote cache stores are connecting to Infinispan servers in both datacenters
2017-09-18 18:04:04 +02:00
Oguz Kilcan
6ec5264f20
KEYCLOAK-5416 Migration from 3.2.1 to 3.3.0 doesn't work on MSSQL due to constraint violation ( #4461 )
2017-09-15 09:56:22 +02:00
Levente NAGY
d18aa44fb4
Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination
2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7
KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache
2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f
Merge branch 'master' into feature/group-search-and-pagination
2017-09-13 10:27:38 +02:00
Pedro Igor
90db6654d3
Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
...
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00
Levente NAGY
c8c88dd58c
KEYCLOAK 2538 - UI group pagination - TU + some code improvement + add mockito dependency
2017-09-12 15:09:08 +02:00
Levente NAGY
db56d82dbd
KEYCLOAK 2538 - UI group pagination - fix duplicate result for search + sort result
2017-09-12 11:45:37 +02:00
Marek Posolda
2a1f40d487
Merge pull request #4408 from MarkSchmitt/master
...
KEYCLOAK-5322: Rewrote delete statement to scale better
2017-09-12 11:14:08 +02:00
Marek Posolda
d636bc2616
Merge pull request #4468 from hmlnarik/KEYCLOAK-4899-Optimize-client-session-writes
...
KEYCLOAK-4899 Replace updates to user session with temporary auth ses…
2017-09-12 10:42:38 +02:00
Bill Burke
1a74288413
Merge pull request #4458 from vramik/KEYCLOAK-5405
...
KEYCLOAK-5405 add synchronization of the persistence context when cre…
2017-09-11 18:49:33 -04:00
Hynek Mlnarik
24e9cbb292
KEYCLOAK-4899 Replace updates to user session with temporary auth session
2017-09-11 21:43:49 +02:00
Gabriel Lavoie
bf184e8599
KEYCLOAK-4858: ResourceServer PK change to CLIENT_ID.
...
- MSSQL needs the index to be dropped before the column.
- Different UPDATE statement format to support MSSQL.
2017-09-11 13:50:58 -04:00
Levente NAGY
2c24b39268
KEYCLOAK 2538 - UI group pagination
2017-09-07 19:39:06 +02:00
fmugrau
998262177f
KEYCLOAK-5422: Rewrote statement to scale better
2017-09-07 10:17:22 +02:00
Pedro Igor
f10891b662
[KEYCLOAK-4858] - Migration configuration for resource server pk changes
2017-09-06 11:28:58 -03:00
Gabriel Lavoie
c1664478d9
KEYCLOAK-4858: Slow query performance for client with large data volume
...
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00