Commit graph

700 commits

Author SHA1 Message Date
vramik
4d7f25535c IDP storage provider Infinispan implementation
Closes #31251

Signed-off-by: vramik <vramik@redhat.com>
2024-08-13 08:36:15 -03:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-12 20:35:50 +02:00
Alexander Schwartz
07a168cb14 Deleted authentication sessions should not be re-surrected with an update
Closes #31829

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-09 07:26:05 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Michal Hajas
6847af0068 Remove InfinispanMultiSiteLoadBalancerCheckProviderFactory.java
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 07:58:12 -03:00
Pedro Ruivo
1e9f6bbb8c Non clustered Keycloak with External Infinispan feature
Disables JGroups (clustering) when remote-cache feature is enabled

Fixes #31876

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-05 17:04:36 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-08-01 16:16:19 +02:00
Alexander Schwartz
00bfc2c34f
Adding an index for the revoked tokens table to speed up the cleanup (#31790)
Closes #31725

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-01 11:12:53 +02:00
Ryan Emerson
8d7e18ec29 Clear local caches on split-brain heal
Closes #25837

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-31 13:59:06 +02:00
Pedro Ruivo
17e30e9ec1 Persist revoke tokens with remote cache feature
Stores the revoked tokens into the database and preloads them during
startup.

Fixes #31760

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-07-31 11:02:38 +02:00
Alexander Schwartz
11b19bc272
For persistent sessions, don't remove user session if there is no session in the remote store (#31756)
Closes #31115

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-30 17:57:09 +02:00
Pedro Ruivo
e62604b1ec ConditionalRemover interface for External Infinispan feature
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries

On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.

Fixes #31046

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-07-30 15:16:17 +02:00
Alexander Schwartz
00d8e06f79
Optimize CPU cycles for persistent sessions (#31702)
Closes #31701

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 16:34:13 +02:00
Stefan Guilhen
f45529de8c Deprecate IDP related methods in RealmModel
- delegate to the new provider

Closes #31253

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-07-29 16:02:26 +02:00
Alexander Schwartz
557cf1e60e Add a tombstone operation to optimize multiple deletes
Closes #31699

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 13:23:06 +02:00
Alexander Schwartz
6d404b86c9 Trigger clearing the user cache when the duplicate email allowed flag changes
Closes #31045

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-29 10:37:42 +02:00
Pedro Igor
04bd6653ec Invalidating domain cache and introducing cache for more query methods
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-29 09:02:36 +02:00
Ryan Emerson
69a8509f6c Remove outdated test code from model/infinispan module
Closes #31661

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-26 17:14:49 +02:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens
Closes #31296

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-26 11:46:14 +02:00
vramik
649b35929e Make sure users created through a registration link are managed members
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
2024-07-25 04:30:13 -03:00
Pedro Igor
6ce89670b5 Flaky test: org.keycloak.testsuite.model.user.UserModelTest#testAddRemoveUserConcurrent
Closes #30236

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-24 22:40:32 +02:00
Alexander Schwartz
d70f78072e
Make persistent sessions co-exist with remote cache feature (#30859)
Closes #30855

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-09 09:03:36 +02:00
Ryan Emerson
bf26d3364c Allow null Protostream fields
Closes #30761

Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-07-04 14:53:54 +02:00
Pedro Igor
cc2ccc87b0 Filtering organization groups when managing or processing groups
Closes #30589

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-28 10:27:18 -03:00
Pedro Ruivo
829e12b857 Incorrect order when instantiate ClientRemovedEvent
* Fix incorrect order in ClientRemovedEvent constructor
* Do not send an event if the events list is empty

Closes #30840

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-28 09:51:02 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072)
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e External Infinispan as cache - Part 2
Includes a new implementation for the providers:

* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory

Closes #28648

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Pedro Ruivo
67098f0469 Fix AuthenticatedClientSessionEntity protostream encoding
For String fields that may be null, convert an empty string to null when
reading from Protostream

Fixes #30511

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-17 22:51:22 +02:00
Pedro Ruivo
66dd9e65b9 Fix LoginFailureEntity protostream encoding
The field lastIPFailure can be null and needs a proto factory to set it
to null when missing.

Closes #30485

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-17 12:30:13 +02:00
Pedro Ruivo
5c0dddd837 Batch cluster events
Sending multiple events in a single network request should minimize
latency and traffic.

Closes #30445

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-14 21:14:22 +02:00
Ryan Emerson
edde31a1ca Protobuf schema compatibility check (maven plugin)
Closes #30243

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-06-14 17:46:58 +02:00
Pedro Ruivo
1b342e4c07 Fix compilation error
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-13 16:44:56 -03:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474)
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-13 18:02:46 +02:00
vramik
8f72a77582 getByMember
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
vramik
de2fdbe98f cache count
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
vramik
78eee0b145 rename jpaOrgDelegate to orgDelegate
Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
vramik
d355e38424 Provide a cache layer for the organization model
Closes #30087

Signed-off-by: vramik <vramik@redhat.com>
2024-06-13 08:13:36 -03:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966)
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
Alexander Schwartz
1f6c939efd
Ignore unknown realms when migrating sessions (#30041) 2024-06-03 10:43:16 +02:00
mposolda
ea1cdc10bd MigrateTo25_0_0 does not complete within default transaction timeout
closes #29756

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-27 10:31:39 +02:00
Alexander Schwartz
c6e071cf07
Clear entries in remote caches and force events on the remote site (#29597)
Closes #29592

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-23 14:47:32 +02:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400)
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
vramik
55bf4feebc Disable identity provider at the realm level when an organization is disabled
Closes #29483

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
vramik
278341aff9 Add organizations enabled/disabled capability
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 10:30:46 +02:00