vramik
4fc7e3d607
Map Store Removal: Remove unnecessary check in Jpa Connection Provider
...
Closes #26406
Signed-off-by: vramik <vramik@redhat.com>
2024-03-04 14:00:54 +01:00
vramik
7adcc98c6c
Map Store Removal: Remove obsolete KeycloakModelUtils.isRealmProviderJpa method
...
Closes #27445
Signed-off-by: vramik <vramik@redhat.com>
2024-03-04 12:22:04 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core ( #27032 )
...
* fix: partial removal of resteasy-core
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: fully removing resteasy-core
closes : #26315
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-29 11:43:13 +00:00
Pedro Igor
326d63ce74
Make sure group searches are cached and entries invalidate accordingly
...
Closes #26983
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-29 05:06:36 +09:00
Vlasta Ramik
ade3b31a91
Introduce new CLI config options for Infinispan remote store
...
Closes #25676
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 15:49:19 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
...
Closes #25823
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
rmartinc
2bd9f09e29
Re-index CLIENT_ATTRIBUTES using name and value
...
Closes #26618
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-28 11:07:03 +01:00
Alexander Schwartz
ee3a4a6e4f
Set expiry and maxidle when loading entries from the remote store ( #26942 )
...
Closes #26941
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-27 17:56:17 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
Michal Hajas
f7f7f1bd10
Add caching for subGroupsCount
...
Closes #25731
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-15 19:46:04 +09:00
rmartinc
4ff4c3f897
Increase internal algorithm security using HS512 and 128 byte hmac keys
...
Closes #13080
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
Alexander Schwartz
c7b51fc7f0
Use the appropriate database dialect to add quotes to the schema name ( #26964 )
...
Closes #25961
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-13 13:09:55 +01:00
Stefan Guilhen
2161e72872
Add migration for the useTruststoreSpi config property in LDAP user storage provider
...
- legacy `ldapsOnly` value now migrated to `always`.
Closes #25912
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-12 11:53:19 +01:00
Thomas Darimont
93fc6a6c54
Shorter lifespan for offline session cache entries in memory
...
Closes #26810
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
Douglas Palmer
66f0d2ff1d
blah
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-07 15:55:06 -03:00
Douglas Palmer
d9d41b1a09
Brute Force Detection is disabled when updating frontenUrl via admin client
...
Closes #21409
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-07 15:55:06 -03:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long ( #26729 ) ( #26737 )
...
Resolves #26597 , resolves #26665
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:29:34 +01:00
Stefan Guilhen
fbeba83b87
Upgrade liquibase to version 4.25.1
...
Closes #26570
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-05 19:07:25 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces ( #26708 )
...
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
Thomas Darimont
277af021d7
Improve ScheduledTask task-name handling
...
This PR introduces a String getTaskName() default method to
the ScheduledTask interface and adjusts call sites to use the
implementation derived task name where possible.
Previously, ScheduledTask names were passed around separately, which
lead to unhelpful debug messages.
We now give ScheduledTask implementations control over their task-name
which allows for more flexible naming.
Enlist call StoreSyncEvent.fire(...) to after transaction to ensure realm is present in database.
Ensure that Realm is already committed before updating sync via UserStorageSyncManager
Align Sync task name generation for cancellation to support SyncFederationTest
Only log a message if sync task was actually canceled.
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-02-02 09:57:03 -03:00
mposolda
cdc5d8fff8
Migrating Realm JSON with declarative user profile fails when scope selectors present on any attributes
...
closes #26266
Signed-off-by: mposolda <mposolda@gmail.com>
2024-02-01 09:54:09 +01:00
Martin Kanis
a3fcacdab7
Map Store Removal: deprecate model legacy module
...
Closes #26598
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-31 17:40:45 +01:00
Václav Muzikář
4096a2657e
Supported option to specify site name for multi-site deployments
...
Closes #26460
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-31 11:52:19 +00:00
Lex Cao
cf3f05a259
Skip grant role if exists for federated storage ( #26508 )
...
Closes #26507
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-26 17:08:47 +00:00
Martin Kanis
7797f778d1
Map Store Removal: Rename legacy modules
...
Closes #24107
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes ( #26273 )
...
Closes #24105
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading ( #26160 )
...
Closes #25300
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Alexander Schwartz
a8eca6add0
Changing to the Infinispan BOM to avoid mis-aligned Infinispan dependencies ( #26137 )
...
Closes #22922
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
2024-01-15 09:20:47 +01:00
mposolda
692aeee17d
Enable user profile by default
...
closes #25151
Signed-off-by: mposolda <mposolda@gmail.com>
2024-01-11 12:48:44 -03:00
Réda Housni Alaoui
98230aa372
Add federated identity ProviderEvent(s)
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-10 11:56:38 -03:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. ( #25709 )
...
Closes #22082
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
atharva kshirsagar
d7542c9344
Fix for empty realm name issue
...
Throw ModelException if name is empty when creating/updating a realm
Closes #17449
Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-05 14:23:42 +01:00
Réda Housni Alaoui
5287500703
@NoCache is not considered anymore
...
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-02 09:06:55 -03:00
Pedro Igor
810ebf4efd
Migration steps for enabling user profile by default
...
Closes #25528
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-19 10:19:45 -03:00
Alexander Schwartz
9e4fc3f491
Keep workaround permanently for concurrent shutdowns of embedded Infinispan
...
Closes #9871
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-15 10:58:22 +01:00
Alexander Schwartz
e01827693a
Avoid shutdown of Infinispan when using cache
...
Closes #24508
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 15:46:37 +01:00
Alexander Schwartz
a8cff72ed0
Avoid logged warning about objects not present in the cache for tasks ( #25324 )
...
Closes #25322
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-08 13:10:14 +01:00
Alexander Schwartz
5b1b3ca11b
Allow concurrent remote cache operations ( #25390 )
...
Closes #25388
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-08 10:07:25 +01:00
Pedro Igor
ab1173182c
Make sure realm is available from session when migrating to 23
...
Closes #25183
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-06 07:42:54 -03:00
Alexander Schwartz
e4be3ed244
Prevent client cache stampede after invalidation of a client or on startup ( #25217 )
...
Closes #24202
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-05 16:01:37 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi ( #25206 )
...
Closes #24103
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-12-01 16:40:56 +00:00
vramik
587cef7de4
Delete Profile.Feature.MAP_STORAGE
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24102
2023-11-30 13:04:39 +01:00
rmartinc
16afecd6b4
Allow automatic download of SAML certificates in the identity provider
...
Closes https://github.com/keycloak/keycloak/issues/24424
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled
...
Closes #25077
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-29 11:06:41 +00:00
Pedro Igor
2c611cb8fc
User profile configuration scoped to user-federation provider
...
closes #23878
Co-Authored-By: mposolda <mposolda@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings
...
Closes #23404
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2023-11-22 14:10:11 +01:00
Alexander Schwartz
a45934a762
Disable cache store and load only if a remote store is used
...
Closes #10803
Closes #24766
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: daviddelannoy <16318239+daviddelannoy@users.noreply.github.com>
2023-11-20 18:50:02 +01:00
Douglas Palmer
f9665acc29
KeycloakErrorHandler NullPointerException String.toLowerCase() because message is null
...
Closes #22958
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2023-11-16 18:06:33 +01:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients ( #21058 )
...
closes #21010
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2023-11-13 19:13:01 +01:00