libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24631 commits 4 branches 5 tags 480 MiB
Commit graph

2280 commits

Author SHA1 Message Date
Martin Kanis
51fa054ba7 Manage organization attributes 
Closes #28253

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-04-10 09:10:49 -03:00
Michal Hajas
1bb5e14134 Use ReentrantLock instead of synchronized to avoid thread pinning 
+ since the runSerialized mechanism is currently on the best effort basis it is possible there are concurrent executions if T1 obtained a lock T2 removed the lock and T3 created a new lock before T1 called putIfAbsent therefore I added a debug log detecting this situation

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-04-09 14:55:21 +02:00
Alexander Schwartz
355901dfd8 Add a back-off period when replacing cache entries fails 
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 14:55:21 +02:00
Alexander Schwartz
63e7523a6d Avoid unnecessary updates to the sessions during refreshes of tokens 
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 14:55:21 +02:00
Alexander Schwartz
dc18bd4efb Avoid conflicts when writing to session stores by checking for concurrent requests within the JVM 
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 14:55:21 +02:00
Stijn Last
e9498079e0 LDAP: Show error message when groups synchronization fails 
closes: #28436
Signed-off-by: Stijn Last <stijn.last@barco.com>
 2024-04-09 09:10:19 -03:00
vibrown
3fffc5182e Added ClientType implementation from Marek's prototype 
Signed-off-by: vibrown <vibrown@redhat.com>

More updates

Signed-off-by: vibrown <vibrown@redhat.com>

Added client type logic from Marek's prototype

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

Testing to see if skipRestart was cause of test failures in MR
 2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
Garth
16770ffad8 updated organization table name to not conflict. fixes #28246 
Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
 2024-04-03 17:57:26 -03:00
Pedro Igor
fefeb83588 Changes the contract to make it simpler and rely on the realm available from the current session 
Closes #28403

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-03 14:45:31 +02:00
Giuseppe Graziano
fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper 
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-02 08:44:28 +02:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database (#27977) 
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.

Closes #27976

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-03-28 09:17:07 +01:00
vramik
fa1571f231 Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member 
Closes #27993

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-26 14:02:09 -03:00
rmartinc
220564c7ba ORA-01450 error for index IDX_CLIENT_ATT_BY_NAME_VALUE in oracle when MAX_STRING_SIZE is EXTENDED 
Closes #27967

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-22 08:48:01 -03:00
Steven Hawkins
35b9d8aa49
task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
synth3
99478887a4 Remove custom Hibernate dialect detection 
Closes #27954

Signed-off-by: synth3 <19573241+synth3@users.noreply.github.com>
 2024-03-21 14:27:19 +01:00
Pedro Igor
32541f19a3 Allow managing members for an organization 
Closes #27934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-21 10:26:30 -03:00
Sebastian Schuster
0542554984 12671 querying by user attribute no longer forces case insensitivity for keys 
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
 2024-03-21 08:35:29 -03:00
Konstantinos Georgilakis
4bca804d5a Correct unique constraints for UserConsent entity 
Closes #13045

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-03-19 22:16:42 +01:00
Alexander Schwartz
62d24216e3 Remove offline session preloading 
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5 The bare minimum implementation for organization 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: vramik <vramik@redhat.com>
 2024-03-15 11:06:43 -03:00
Stefan Guilhen
0e717f735e
Add realm to session context when exporting to prevent NPE when vault is enabled. (#27911) 
Closes #22617

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-03-15 12:24:22 +01:00
Stefan Guilhen
970a78fe7a Set correct version for the federated user terms and conditions migration 
Closes #27228

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-03-13 18:03:41 -03:00
PetkoNosal
3989cb5e90
Fix missing log argument in MigrateTo24_0_0 
Closes #27779

Signed-off-by: Nosal, Peter (pn1895) <pn1895@att.com>
Co-authored-by: Nosal, Peter (pn1895) <pn1895@att.com>
 2024-03-13 16:36:27 +00:00
Pedro Igor
9ad447390a Only remove attributes with empty values when updating user profile 
Closes #27797

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-13 15:03:08 +01:00
Alexander Schwartz
f168b8cce9 Avoid invalidating the cache if removing an entry doesn't exist 
Closes #27852

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-13 13:36:07 +01:00
Stefan Guilhen
1099f03fe6 Add migration for terms and conditions required action in FED_USER_REQUIRED_ACTION table 
Closes #27228

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-03-13 08:43:11 -03:00
Pedro Igor
1e48cce3ae Make sure empty configuration resolves to the system default configuration 
Closes #27611

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-11 09:01:38 -03:00
Alexander Schwartz
050acf0d94
Map Storage Removal: Remove deprecated model/legacy module (#27601) 
Closes #26657

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-08 15:17:24 +00:00
Steve Hawkins
4091baf4c2 fix: accounting for the possibility of null flows from existing realms 
closes: #23980

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-08 14:25:23 +01:00
rmartinc
ea4155bbcd Remove recursively when deleting an authentication executor 
Closes #24795

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-07 14:43:23 +01:00
vramik
4fc7e3d607 Map Store Removal: Remove unnecessary check in Jpa Connection Provider 
Closes #26406

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-04 14:00:54 +01:00
vramik
7adcc98c6c Map Store Removal: Remove obsolete KeycloakModelUtils.isRealmProviderJpa method 
Closes #27445

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-04 12:22:04 +01:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core (#27032) 
* fix: partial removal of resteasy-core

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: fully removing resteasy-core

closes: #26315

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-29 11:43:13 +00:00
Pedro Igor
326d63ce74 Make sure group searches are cached and entries invalidate accordingly 
Closes #26983

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-29 05:06:36 +09:00
Vlasta Ramik
ade3b31a91
Introduce new CLI config options for Infinispan remote store 
Closes #25676

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-28 15:49:19 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm 
Closes #25823

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-02-28 16:17:51 +01:00
rmartinc
2bd9f09e29 Re-index CLIENT_ATTRIBUTES using name and value 
Closes #26618

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-28 11:07:03 +01:00
Alexander Schwartz
ee3a4a6e4f
Set expiry and maxidle when loading entries from the remote store (#26942) 
Closes #26941

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-02-27 17:56:17 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack 
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-22 09:34:51 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension 
Closes #9758

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 08:09:34 +01:00
Michal Hajas
f7f7f1bd10 Add caching for subGroupsCount 
Closes #25731

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-15 19:46:04 +09:00
rmartinc
4ff4c3f897 Increase internal algorithm security using HS512 and 128 byte hmac keys 
Closes #13080

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-15 08:16:45 +01:00
Alexander Schwartz
c7b51fc7f0
Use the appropriate database dialect to add quotes to the schema name (#26964) 
Closes #25961

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-13 13:09:55 +01:00
Stefan Guilhen
2161e72872 Add migration for the useTruststoreSpi config property in LDAP user storage provider 
- legacy `ldapsOnly` value now migrated to `always`.

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-12 11:53:19 +01:00
Thomas Darimont
93fc6a6c54 Shorter lifespan for offline session cache entries in memory 
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-02-09 19:44:04 +01:00
Douglas Palmer
66f0d2ff1d blah 
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-07 15:55:06 -03:00
Douglas Palmer
d9d41b1a09 Brute Force Detection is disabled when updating frontenUrl via admin client 
Closes #21409

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-07 15:55:06 -03:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long (#26729) (#26737) 
Resolves #26597, resolves #26665

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-06 15:29:34 +01:00
Stefan Guilhen
fbeba83b87 Upgrade liquibase to version 4.25.1 
Closes #26570

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-05 19:07:25 +01:00