Commit graph

2500 commits

Author SHA1 Message Date
Ricardo Martin
226daa41c7
Add service account mappers via client scope instead of dedicated scope (#34664)
Closes #10417

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
2024-11-07 08:45:11 +01:00
Thomas Darimont
3315ea718a Add ability to enable OID4VCI Verifiable Credentials per realm (#34524)
- Added new realm property verifiableCredentialsEnabled
- Updated RealmRepresentation
- Guarded route to Oid4VCI page
- Add boolean switch to Realm settings page to control Verifiable Credentials enablement
- We now only show the Verifiable Credentials page in the nave if the "Verifiable Credentials" realm setting is enabled.

Fixes #34524

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-11-04 14:58:30 +01:00
Stefan Guilhen
9c50813bf4 Add validChecksum to jpa-changelog-26.0.0.xml
Closes #34450

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-31 07:54:27 -03:00
Stefan Guilhen
ac25844731 Ensure hide_on_login has the default value set to 0 on MSSQL
Closes #34450

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-30 12:46:17 -03:00
Marek Posolda
3784fd1f67
Attempt to run snapshot Keycloak server against production DB should fail during migration
closes #30364

Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-28 15:02:26 +00:00
Pedro Ruivo
84f4bd8af1 Client Scope updates are not replicated between Keycloak nodes
Fixes #33731

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-25 11:22:15 +02:00
Martin Kanis
4f3ced9560 ConcurrentModificationException when restarting user sessions
Closes #34093

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-24 21:26:50 +02:00
Erik Jan de Wit
cc5b8dfd38
reset first when selecting subgroup (#34200)
fixes: #34149

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-10-23 14:34:09 -04:00
Pedro Ruivo
f507caae6c Deleting a user leads to ISPN marshalling exception
Fixes #34224

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-23 11:53:25 +02:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-22 20:19:19 +00:00
Gilvan Filho
c4005d29f0 add linear strategy to brute force
closes #25917

Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
2024-10-22 10:33:22 -03:00
Pedro Hos
91026d6713
NPE when Default Role is not present on CachedRealm
closes: #33817

Signed-off-by: Pedro Hos <pedro-hos@outlook.com>
2024-10-15 09:23:18 +02:00
Kevin Köllmann
23a6822715
Don't fail on drop index IDX_US_SESS_ID_ON_CL_SESS
Closes #33780

Signed-off-by: Kevin Köllmann <kevin@kllmnn.de>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-10-10 15:37:40 +00:00
Pedro Igor
f4f3a7de4a The event should also support user invalidation events
Closes #33777

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-10 11:41:50 -03:00
Pedro Ruivo
464fc90519
Fail to start if work cache is not replicated
Keycloak will now fail to start if the work cache is replicated.
Listeners require the data to be local.

Closes #33702

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-09 19:40:24 +00:00
Ryan Emerson
42484bd884
Allow proto-schema-compatibility-maven-plugin to be skipped with property (#33693)
Closes #33692

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-10-08 14:22:41 +00:00
mposolda
07cf71e818 Better logging when error happens during transaction commit
closes #33275

Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-08 11:14:10 +02:00
Ryan Emerson
e7ad9ff2d6 Add proto-schema-compatibility-maven-plugin check against release/26.0 branch to main
Closes #33565

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-10-04 15:55:12 +02:00
Pedro Igor
13111daceb Move organization membership cache entries to the user cache
Closes #33412

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-03 10:31:26 -03:00
vramik
b7eaa9b0cb Wildcard search not working for custom user attributes
Closes #32451

Signed-off-by: vramik <vramik@redhat.com>
2024-10-03 08:48:36 -03:00
vramik
c1653448f3 [Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link
Closes #33201

Signed-off-by: vramik <vramik@redhat.com>
2024-10-02 07:37:48 -03:00
Pedro Igor
ef48a3a360 Avoid running org related code if there are no orgs in a realm
Closes #33424

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-02 09:39:25 +02:00
Stefan Guilhen
9b7cf9d584 Ensure componentsByParentAndType in CachedRealm is returned as a concurrent multi-valued map
Closes #30235

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-01 17:39:00 -03:00
Pedro Igor
3887ee3006 Do not store RealmModel in cache entries
Closes #33439

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-01 17:37:46 +02:00
Alexander Schwartz
8769fed585 Fixing bug in condition
Closes #33353

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
Pedro Igor
4bd29e257b Fixing tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-30 18:35:45 -03:00
Pedro Igor
c558bbe118 Fixing tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-09-30 18:35:45 -03:00
Alexander Schwartz
fd1f3c52d3 Further optimizations
Closes #33353

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
Alexander Schwartz
5c503a55e9 Optimize caching and use of DB connections when Organisations are enabled
Closes #33353

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-30 18:35:45 -03:00
Michal Hajas
c682536dae Avoid duplicates when storing organization ids
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-09-30 13:25:46 -03:00
Michal Hajas
0becdaa2a9 Do not store RealmModel in CachedOrganizationIds
Closes #33331
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-09-30 13:25:46 -03:00
Kyale
a35edeb488 Resolved errors during component import referencing groups
Whenever a component being imported contained a reference to a group also being imported, the group was not found because groups were being imported after components by DefaultImportExportManager

Closes #10730

Signed-off-by: Kyale <github@chalkyweb.com>
2024-09-30 11:46:19 -03:00
Steven Hawkins
5d99d91818
fix: allows for the detection of a master realm with --import-realms (#32914)
also moving initial bootstrapping after import

closes: #32689

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-09-30 14:40:16 +02:00
Alexander Schwartz
5bb23eb0fc
Optimize update of user attributes (#32907)
Closes #32906
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-25 16:39:42 +02:00
Stefan Guilhen
6424708695 Ensure organization id is preserved on export/import
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.

Closes #33207

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-25 16:07:44 +02:00
Christian Janker
4cd64c822c Log model migration on INFO level
closes #33163

Signed-off-by: Christian Janker <christian.janker@gmx.at>
2024-09-24 22:00:52 +02:00
Benoît
bf19ec11cf
Fix UserStorageManager.getGroupMembersStream potentially fetching all user (#33145)
Closes #32761
Signed-off-by: Benoit Messager <benoit.messager@liksi.fr>
Co-authored-by: Benoit Messager <benoit.messager@liksi.fr>
2024-09-24 09:51:35 +02:00
Christian Janker
21f90145ac Send UserRemovedEvent containing all user attributes
Invalidate CachedUserModel before UserRemovedEvent

closes #32194

Signed-off-by: Christian Janker <christian.janker@gmx.at>
2024-09-20 16:22:08 +02:00
Stefan Guilhen
900c496ffe
Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead
Closes #32209

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-09-20 16:08:55 +02:00
Michal Hajas
d065be362a
Fix flaky UserSessionPersisterProviderTest
Closes #32892

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-20 13:24:34 +02:00
vramik
fcb31a5aa6 Implement invitation-only self-registration for realm users
Closes #31643

Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 13:50:23 +02:00
Alexander Schwartz
2a95d0abfa
Sort order of updates for user properties (#32853)
This should reduce deadlocks on the user property table if the users are updated concurrently.

Closes #32852

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-18 12:37:42 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin (#32918)
Closes #32573

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-09-18 09:05:57 +02:00
Václav Muzikář
83c00731c3
Upgrade to Quarkus 3.14.2 (#32519)
Closes #32517

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-09-13 20:18:48 +02:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Michal Hajas
0f97e4cb39 Drop old tables for user and client sessions that are no longer used
Closes #32582

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-09-12 11:47:37 +02:00
Stian Thorgersen
40049f31fa
Remove ProxyClassLoader and PlatformProvider returning script classloader (#32806)
Closes #32804

Signed-off-by: stianst <stianst@gmail.com>
2024-09-11 17:11:26 +02:00
Thomas Darimont
445a7da902 Ensure realm attributes import happens before client import
Fixes #32799

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-11 15:14:33 +02:00
cgeorgilakis-grnet
f8b1b3ee03 Search Identity Providers by alias or display name
Closes #32588

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2024-09-10 21:52:59 +02:00
Martin Kanis
ccb166d0e9 Add caching when querying brokers by organization
Closes #32574

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-09-09 09:24:43 -03:00