Alice Wood
1eb7e95b97
enhance existing group search functionality allow exact name search keycloak/keycloak#13973
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
2022-09-30 10:37:52 +02:00
Alexander Schwartz
be2deb0517
Modify RealmsAdminResource.importRealm to work with InputStream
...
Closes #13609
2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b
enhance group search to allow searching for groups via attribute keycloak/keycloak#12964
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-09-19 15:19:36 +02:00
vramik
4f4dbd622a
Ensure entity version is indexed
...
Closes #14161
2022-09-15 08:39:29 -03:00
danielFesenmeyer
3af1134975
Update IDP link username when sync mode is "force"
...
Closes #13049
2022-09-14 08:02:17 -03:00
Pedro Igor
aea6d7da27
Avoid updating offline session refresh time during creation
...
Closes #14384
2022-09-14 07:36:23 -03:00
Alexander Schwartz
621da7b803
Credential validation shouldn't invalidate the user in the cache
...
Instead create a new instance of LegacyUserCredentialManager to ensure all calls are routed via the CacheAdapter and its SubjectCredentialManagerCacheAdapter.
Closes #14309
2022-09-13 09:36:19 -03:00
vramik
3120848ef0
Unify package name format in jpa map store
...
Closes #14276
2022-09-12 13:03:17 +02:00
Sebastian Schuster
cc8567e9f4
14294 fixed admin event expiration sql error
2022-09-12 09:15:47 +02:00
Christoph Leistert
7e5b45f999
Issue #8749 : Add an option to control the order of the event query and admin event query
2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5
Move UserFederatedStorageProvider into legacy module
...
Closes #13627
2022-09-11 18:37:45 +02:00
Martin Bartoš
0fcf5d3936
Reuse of token in TOTP is possible
...
Fixes #13607
2022-09-09 08:56:02 -03:00
vramik
869ccc82b2
Enable MapUserProvider storing username with the letter case significance
...
Closes #10245
Closes #11602
2022-09-09 11:46:11 +02:00
vramik
fb33cbc2bd
Set correct entity version when adding a child entity with its own entity versioning
...
Closes #14273
2022-09-09 09:43:44 +02:00
cgeorgilakis
07b0df8f62
View groups from account console ( #7933 )
...
Closes #8748
2022-09-07 11:25:31 +02:00
Christoph Leistert
cc2bb96abc
Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.
2022-09-06 21:31:31 +02:00
Thomas Peter
19d69169b1
introduce expiration option for admin events
2022-09-06 16:05:53 +02:00
Michal Hajas
f69497eb28
KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants
...
Closes #14018
2022-09-06 10:38:28 +02:00
Martin Bartoš
e6a5f9c124
Default required action providers are still available after feature disabling
...
Closes #13189
2022-08-31 08:42:47 +02:00
Alexander Schwartz
27ecf7f00f
Use session level cache and avoid resolving by ID too often
...
Closes #12381
2022-08-30 16:42:49 +02:00
Alexander Schwartz
bb6b5abfa1
Remove Infinispan workarounds after upgrading to 13.x
...
Closes #13962
2022-08-30 07:32:19 -03:00
Tero Saarni
4f199c7245
Fix compilation errors with Eclipse Java compiler
2022-08-29 19:33:12 +02:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist ( #12797 )
...
Closes #12657
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-08-25 13:52:30 +02:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final ( #13910 )
...
Closes #12306
2022-08-25 13:09:34 +02:00
Arnaud Martin
af0d97e534
Delete broker links for federated users when an identity provider is deleted
...
Closes #13731
2022-08-25 08:24:09 +02:00
mposolda
254483bc5d
Use separate transactions for each bulk update of offline sessions in PersisterLastSessionRefreshStore to avoid deadlocks
...
closes #13684
2022-08-23 13:52:11 +02:00
David Anderson
ce1331f550
Remove bouncycastle dependency from keycloak-services ( #13489 )
...
Closes #12857
Co-authored-by: mposolda <mposolda@gmail.com>
2022-08-22 15:43:59 +02:00
Alexander Schwartz
bd926b8fd0
Remove warning from StoragePropertyMappers about the deployment state version seed
...
It duplicates the logic in the provider and is incomplete. A follow-up issue will investigate how a provider can defer a configuration option.
Closes #13807
2022-08-17 13:55:05 -03:00
Alexander Schwartz
801b20e037
Fix running clusteraware scheduled tasks in Wildfly after legacy migration
...
As the parent class is in another module, the protected field "task" is not accessible from the lambda.
Closes #13396
2022-08-17 13:54:34 -03:00
Sebastian Schuster
1445646e77
Fixed n+1 query retrieving user with brief user representation by allowing explicit eager caching of user attributese
2022-08-11 10:51:07 +02:00
Martin Kanis
57f2f4654a
Add limit for authSessions per rootAuthSession in map storage
2022-08-10 12:56:37 +02:00
Michal Hajas
ec808d28bb
Remove possibility to start embedded HotRod server in hotrod-map module
...
Closes #13247
2022-08-05 21:08:38 +02:00
Alexander Schwartz
8470a30446
Introduce CLI parameter to set the deployment state version seed
...
Closes #12710
2022-07-27 20:10:17 +02:00
Michal Hajas
8ed9ce29d1
Enable near-caching for HotRod store
...
Closes #13303
2022-07-27 14:09:48 +02:00
Michal Hajas
3589778a10
Add possibility to configure HotRod storage in Quarkus distribution
...
Closes #12617
2022-07-26 14:13:39 +02:00
Michal Hajas
eb1f31e9dd
Optimize user-client session relationship for HotRod storage
...
Closes #12818
2022-07-26 09:00:13 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration ( #12282 )
...
Closes #10135
2022-07-25 10:57:52 +02:00
Alexander Schwartz
a14501dd77
Remove concurrently removed elements from the result
...
Closes #13245
2022-07-22 08:25:15 +02:00
Alexander Schwartz
cb81a17611
Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory
...
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.
Closes #12972
2022-07-22 08:20:00 +02:00
Pedro Igor
98ac3829d6
Remove KeycloakIntegratorProvider
...
Closes #13233
2022-07-21 09:05:59 -03:00
Stefan Guilhen
e9c55f45e5
Enable action token JPA provider in map-storage-jpa profile
...
Closes #13139
2022-07-20 16:30:20 -03:00
Alexander Schwartz
4d19099c66
Workarounds to make Listeners and non-autocommit work on Quarkus
...
Closes #13200
2022-07-20 12:06:06 +02:00
Alexander Schwartz
d30646b1f6
Refactor object locking for UserSessions
...
Closes #12717
2022-07-19 17:47:33 -03:00
Martin Kanis
c8a6846ee0
Remove offline sessions when deleting a realm
2022-07-19 16:40:22 +02:00
Alexander Schwartz
f490638971
Fall back to standard Liquibase locking
...
As DBLockProvider is "none" for the Map storage providers, there is no locking provided by DB Lock
provider.
Liquibase's classic lock provider has issues that need to be tackled in a follow-up issue, see https://github.com/liquibase/liquibase/issues/1311
Closes #13130
2022-07-19 10:45:31 +02:00
Alexander Schwartz
247cf0d09a
Assure that a second thread waits for the first thread to process the database changes
...
Closes #13130
2022-07-19 10:45:31 +02:00
Alexander Schwartz
b959e5c32a
Prevent logging changeset on the console for Quarkus
...
Closes #13126
2022-07-15 17:12:22 +02:00
Alexander Schwartz
30b41d02b4
Move non-map-storage related classes to new package
...
Closes #13081
2022-07-15 09:46:29 -03:00
Pedro Igor
f6a2b334d1
Integrate the JPA map store ( #13097 )
...
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2022-07-14 17:47:51 -03:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store ( #12241 )
...
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Closes #9666
2022-07-14 12:07:02 -03:00
Alexander Schwartz
d4c97bd3a9
Choose alternatives for CockroachDB for referenced computed columns ( #12991 )
2022-07-13 15:31:21 -03:00
Pedro Igor
b80731decf
Remove any legacy provider from runtime when running the new store ( #12963 )
2022-07-13 07:30:14 -03:00
Michal Hajas
34d8629477
Convert ClientSessionIdleTimeout from seconds to milliseconds before … ( #13048 )
2022-07-13 07:29:52 -03:00
Pedro Igor
5b48d72730
Upgrade Resteasy v4
...
Closes #10916
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Michal Hajas
0f86427dd0
Make user->client sessions relationship consistent
...
Closes #12817
2022-07-11 08:42:28 -03:00
Michal Hajas
5f7f4ad850
Reflect SingleUseObject store objectKey changes to HotRod implementation
...
Closes #12480
2022-07-08 10:34:31 -03:00
Michal Hajas
cbb88ed75d
Store enums as Integers in HotRod store
...
Closes #12502
2022-07-08 10:34:17 -03:00
Alexander Schwartz
29a501552e
Disable the JpaUserFederatedStorageProvider when map storage is enabled
...
Closes #12895
2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f
Move methods from UserStorageUtil to LegacyRealmModel
...
It is better suited to take methods removed from RealmModel earlier.
Closes #12805
2022-07-07 09:57:17 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation ( #12871 )
2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider ( #12897 )
...
Split PublicKeyStorageProvider
- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates
Resolves #12763
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-07-05 09:57:51 -03:00
Alexander Schwartz
63614b1240
Fixing broken build after merging conflicting PRs.
...
This was introduced via #9852 when #11844 was merged.
Closes #12898
2022-07-04 15:57:25 -03:00
Stefan Guilhen
007fa1f374
Single Use Objects Map JPA implementation
...
Closes #9852
2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292
Move session persistence package to legacy-private module
...
Also, disabling the jpa session persister when map storage is enabled.
Closes #12712
2022-07-04 10:05:26 -03:00
Alexander Schwartz
9143d8bd0e
Store composite roles within its own table for JPA Map storage.
...
This keeps the JSON column small, enables searching by child, and allows modification of the role's children without loading all children.
Closes #11844
2022-07-01 14:13:24 -03:00
Jon Koops
06d1b4faab
Restore enum variant of ResourceType
...
This reverts commit 3b5a578934
.
2022-06-30 12:20:51 -03:00
Tero Saarni
3170efd3ad
Removed unused imports with double semicolons
2022-06-30 09:34:30 -03:00
Michal Hajas
9b889b44b4
Make HotRod schema no-downtime upgradable
...
- Split one schema into schema per area
- Check schema stored in the server and update it only when necessary
Closes #9113
2022-06-29 20:57:19 +02:00
Alexander Schwartz
a191d7eb3c
Moving CachedObject to the legacy modules
...
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
b581c203e3
Moving ClientScopeStorageProviderModel to the legacy modules
...
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
ddeab744d0
Moving RoleStorageProviderModel to the legacy modules
...
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
05f8f3038f
Moving GroupStorageProviderModel to the legacy modules
...
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
692ce0cd91
Moving ClientStorageProvider to the legacy modules
...
This prepares the move of CachedObject and CacheableStorageProviderModel
Closes #12531
fixup! Moving ClientStorageProvider to the legacy modules
2022-06-29 20:04:32 +02:00
Alexander Schwartz
05dcc188bb
Move over caching related interfaces to the legacy module
...
Closes #12531
2022-06-29 20:04:32 +02:00
vramik
3b5a578934
Change enum ResourceType to interface with String constants
...
Closes #12485
2022-06-29 13:35:11 +02:00
vramik
91335ebaad
Change returning type to Set in MapClientEntity when obtaining protocol mappers
...
Closes #11136
2022-06-28 21:47:56 +02:00
Alexander Schwartz
4b499c869c
Encapsulate MigrationModelManager in legacy module
...
Closes #12214
2022-06-28 10:53:04 +02:00
Michal Hajas
e0efdcae22
Make sure HotRod store does not return empty delegate
...
Closes #12304
2022-06-27 15:10:18 +02:00
Pedro Igor
c972ec4383
Allow to conditionally bootstrap the default persistence unit
...
Closes #12662
2022-06-27 08:26:37 -03:00
vramik
c058983655
Enable optimistic locking feature on auth sessions
...
Closes #12242
2022-06-27 09:29:27 +02:00
Patrick Jennings
d048bf22fb
Do not try to delete from related federated user tables when deleting a service account linked user.
2022-06-22 22:52:16 +02:00
Stefan Guilhen
cc65d5491d
Filter out expired entities in JpaMapKeycloakTransaction
...
Closes #12623
2022-06-22 11:35:50 +02:00
Stefan Guilhen
7d96f3ad5a
Events Map JPA implementation
...
Closes #9667
2022-06-21 13:53:48 +02:00
Alexander Schwartz
ae7c01b719
Moving the CacheRealmProvider interface to the legacy module
2022-06-21 08:53:06 +02:00
Alexander Schwartz
7855b93390
Moving the UserCache interface to the legacy module
...
Co-Authored-By: hmlnarik@redhat.com
2022-06-21 08:53:06 +02:00
Alexander Schwartz
896afc4644
rename SingleEntityCredentialManager to SubjectCredentialManager, part 2
2022-06-21 08:53:06 +02:00
Alexander Schwartz
cb0c881821
rename SingleEntityCredentialManager to SubjectCredentialManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230
for all added files in the PR, update the copyright header or add it if it was missing
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
f1ca325b6b
Add map datastore provider
2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b
Inline deprecated methods in legacy code
2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92
Move LDAP REST Endpoints to LDAP package
...
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e
redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos)
2022-06-21 08:53:06 +02:00
Alexander Schwartz
a109e28be7
moving some functionality around imports
2022-06-21 08:53:06 +02:00
Alexander Schwartz
f89b8c356d
Moving logic to create a user from a representation to the legacy module
2022-06-21 08:53:06 +02:00
Alexander Schwartz
a43321c720
Moving logic to create service accounts in local storage only to legacy module
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1
Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
...
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()
Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc
Added LegacySessionSupport SPI
...
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded
Avoid using methods on UserCredentialStoreManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6
SingleUserCredentialManager moving in
...
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e
Move User Storage SPI, introduce ExportImportManager
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51
Preparation for moving User Storage SPI
...
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad
Move realms, clients, groups, roles, clientscopes into legacy module
...
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
of direct creating of area providers by the session
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187
Introduce legacy datastore module and update dependencies
2022-06-21 08:53:06 +02:00
Michal Hajas
0719d3e49b
Remove EXPIRATION fields and add expired entities filtering to all queries automatically
...
Closes #12563
2022-06-20 21:45:32 +02:00
Michal Hajas
22f9b0fee3
Unify expiration handling for SingleUseObjects
...
Closes #12205
2022-06-20 21:45:32 +02:00
Michal Hajas
781183e551
Enable indexing for ResourceServerEntity
...
Closes #12533
2022-06-20 10:17:19 +02:00
vramik
1b3a76d0af
Do not persist client sessions of transient user sessions
...
Closes #12357
2022-06-15 10:54:23 +02:00
vramik
df41f233d5
Introduce unique index for enums stored by storages
...
Closes #12277
2022-06-15 09:12:10 +02:00
Alexander Schwartz
361a813d81
Keep a list of model instances in the JPA map session.
...
This allows removing them from the persistence context on bulk delete.
Closes #12384
2022-06-09 12:39:04 -03:00
Martin Kanis
df72cf72f2
Hot Rod map storage: Single-use (action token) no-downtime store
2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435
Issue #9194 : Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256
2022-06-06 12:07:09 +02:00
vramik
c31d37ddf1
Each JpaRootEntity should have its own current schema version
...
Closes #12272
2022-06-02 17:16:34 +02:00
Michal Hajas
09c0a69a8f
Add HotRod no downtime store for events
...
Closes #9676
2022-06-02 13:30:19 +02:00
Martin Kanis
75754eca6b
Extract timestamp from Expirable entity
2022-06-01 13:03:31 +02:00
vramik
be28e866b9
JPA map storage: Authorization services no-downtime store
...
Closes #9669
2022-05-30 21:05:34 +02:00
Michal Hajas
9b36ea0269
Add cascade removal of client session on user session removal for HotRod
...
Closes #12096
2022-05-30 09:58:54 +02:00
Michal Hajas
1a98765fb7
Fix cascade removal of client session on user session removal for CHM
...
Closes #12146
2022-05-30 09:58:54 +02:00
Alexander Schwartz
063960aaa3
Deferred indexes are not available on CockroachDB, therefore, only use them on PostgreSQL
...
Closes #12176
2022-05-27 08:51:20 -03:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 ( #11322 )
...
Closes #9945
2022-05-27 12:28:50 +02:00
Michal Hajas
bc59fad85b
Unify way how expirable entities are handled in the new store
...
Closes #11947
2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5
Map storage: Single-use objects (action token)
2022-05-25 16:47:10 +02:00
Pedro Igor
26c87af9f4
Avoiding unnecessary roundtrips to the database when evaluating permissions
...
Closes #12148
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2022-05-25 12:23:15 +02:00
vramik
ad3da7f5e4
JPA map storage: disable failing on unknown properties when deserializing the object
...
Closes #12173
2022-05-25 09:31:40 +02:00
vramik
24171d2e47
Rename providers from jpa-map-storage to jpa
...
Closes #12098
2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9
JPA map storage: test failures after cache was disabled
...
Closes #12118
2022-05-23 13:01:30 +02:00
Alexander Schwartz
d1a92680f5
Optimize querying sub-groups of groups
...
Closes #12080
2022-05-19 14:46:53 +02:00
Martin Kanis
0e9f2badff
Make all fields in HotRod store optional
2022-05-18 20:50:47 +02:00
Alexander Schwartz
1a95a58893
Graceful handling if composite roles have been removed concurrently.
...
Closes #12003
2022-05-17 13:29:15 +02:00
Michal Hajas
0bda7e6038
Introduce map event store with CHM implementation
...
Closes #11189
2022-05-17 12:57:35 +02:00
vramik
e1eb9d6d64
Replace equals with == when comparing SearchableFields in Jpa*ModelCriteriaBuilder and Ldap*ModelCriteriaBuilder
...
Closes #11843
2022-05-16 21:51:38 +02:00
Michal Hajas
b86f205cda
Make KeycloakServer runnable with external Infinispan server
...
Closes #12011
Closes #12014
2022-05-16 21:50:35 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one
...
Fixes first part of: #11173
* Merge single-use token providers into one
* Remove PushedAuthzRequestStoreProvider
* Remove OAuth2DeviceTokenStoreProvider
* Delete SamlArtifactSessionMappingStoreProvider
* SingleUseTokenStoreProvider cleanup
* Addressing Michal's comments
* Add contains method
* Add revoked suffix
* Rename to SingleUseObjectProvider
2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59
Make sure there is always Realm or ResourceServer when searching for authz entities
...
Closes #11817
2022-05-11 07:20:01 -03:00
Alexander Schwartz
bfab03b837
Throw an IllegalArgumentException once a ClassCastException occurs.
...
Closes #11775
2022-05-11 09:19:09 +02:00
Michal Hajas
6b5c417742
Add HotRod store for authorization services
...
Closes #9679
2022-05-06 15:31:38 +02:00
Martin Kanis
00ccc78360
Add index to entityVersion for all HotRod entities
2022-05-05 17:42:13 +02:00
Michal Hajas
fc974fc019
Update composite roles on child role removal
...
Closes #11769
2022-05-05 15:18:18 +02:00
Alexander Schwartz
e0d7ad1be5
Leverage the equal() method on the wrapped entity instead of creating a string.
...
Closes #11764
2022-05-03 13:29:12 +02:00
vramik
0d83b51b20
Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field
...
Co-authored-by Michal Hajas <mhajas@redhat.com>
Closes #10883
2022-05-03 12:56:27 +02:00
Sven-Torben Janus
0efa4afd49
Evaluate composite roles for hardcoded LDAP roles/groups
...
Closes: 11771
see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
Alexander Schwartz
cd20f45b8a
Ensure that values of attributes are unique in the database
...
While this is already ensured on the Java level when using a Set, database inconsistencies as occurred with Hibernate could lead to follow-up problems that are hard to analyze (as seen in #11666 ).
Closes #11671
2022-04-28 12:04:05 +02:00
vramik
2ecf250e37
Deletion of all objects when realm is being removed
...
Closes #11076
2022-04-28 11:09:17 +02:00
vramik
5248815091
Disable infinispan realm and user cache for map storage tests
...
Closes #11213
2022-04-25 09:38:49 +02:00
Stefan Guilhen
0f147ccdc0
Enlist JPA transaction in JpaMapStorageProvider.getStorage
...
Closes #11230
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-04-23 08:19:33 +02:00
Hynek Mlnarik
0ce5dfc09c
Remove dependency of map on services
...
Fixes: 8903
2022-04-22 17:27:21 +02:00
Alexander Schwartz
90155862f3
LdapMapStorageProvider to use a full inline class for MapStorage
...
Closes #11373
2022-04-22 17:25:33 +02:00
Stefan Guilhen
0c7a8c8684
Login Failures Map JPA implementation
...
Closes #9664
2022-04-22 10:47:04 +02:00
vramik
3d1118223b
New Storage: Testsuite fails when JPA Map storage is enabled for groups
...
Closes #11369
2022-04-21 11:14:35 +02:00
Stefan Guilhen
f48d468641
Increase column size for keys that refer to entities that can be stored in different storages (foreign keys)
...
Closes #11329
2022-04-21 08:50:37 +02:00
Stefan Guilhen
b29b27d731
Ensure code does not rely on a particular format for the realm id or component id
2022-04-20 14:40:38 +02:00
Stefan Guilhen
ae90b232ff
Realms Map JPA implementation
...
Closes #9661
2022-04-20 14:40:38 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance ( #11220 )
...
Closes #11148
2022-04-19 09:10:14 +02:00
Pedro Igor
52d205ca91
Allow exposing some initial provider config options via web site ( #10572 )
...
* Allow exposing some initial provider config options via web site
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Closes #10571
* Include type to provider options, and hide build-icon column as it's not relevant
Co-authored-by: stianst <stianst@gmail.com>
2022-04-19 08:01:42 +02:00
Bruno Oliveira da Silva
f9d4566723
Replace the cryptographic algorithm by SHA-2
...
The static code scanning analysis detected the usage of MD5 as part of [
MapDeploymentStateProviderFactory](a6dd9dc0f1/model/map/src/main/java/org/keycloak/models/map/deploymentState/MapDeploymentStateProviderFactory.java (L58-L58)
).
Even though we could not find any ways of exploiting the code, we should
avoid its usage considering that MD5 is not collision-resistant.
Resolves #11290
2022-04-18 07:10:04 -03:00
Martin Kanis
a2d7cd7a5c
Hot Rod map storage: User / client session no-downtime store
2022-04-14 15:34:22 +02:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint ( #9842 )
...
Resolves #10896
2022-04-13 13:57:22 -03:00
Alexander Schwartz
5c1a8d401d
Store time as seconds as a long in map store
...
This avoids overflowing the value in 2038.
Closes #10960
2022-04-12 14:22:44 +02:00
Alexander Schwartz
a6dd9dc0f1
Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests.
...
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.
Closes #11211
2022-04-12 09:12:21 +02:00
Michal Hajas
6e181a51d5
Add test-jar dependency only if maven.test.skip property is false
...
Closes #11192
2022-04-11 10:37:18 -03:00
Alexander Schwartz
5c810ad0e5
Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST"
...
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".
Also implementing a retry logic for all remaining errors regarding LDAP.
Closes #11171
2022-04-11 10:03:15 +02:00
Pedro Igor
834a276767
NPE when caching policies based on scopes without a resource
...
Closes #11180
2022-04-08 08:43:08 -03:00
Stefan Guilhen
d952669f69
Add clearUpdatedFlag so the flag in associated protocol mappers can be cleared as well
...
Closes #11118
2022-04-08 09:36:55 +02:00
Michal Hajas
1f2ebf4cba
Add HotRod no downtime store for Realms
...
Closes #9670
2022-04-08 09:36:01 +02:00
Martin Kanis
3bb4081bd1
Convert user / client session entities into interface
2022-04-08 09:34:01 +02:00
Michal Hajas
f4f5928727
Add type to filters in MapResourceStore
...
Closes #11154
2022-04-07 15:10:20 -03:00
Joerg Matysiak
235f0f3963
Add index to admin events table to improve performance of admin event view
...
Closes #10625
2022-04-06 09:12:35 +02:00
Martin Kanis
395bd447f2
Hot Rod map storage: Login failure no-downtime store
2022-04-01 20:43:18 +02:00
vramik
8ff768b33b
JPA map storage: Authentication session no-downtime store
...
Closes #9665
2022-03-30 13:43:35 +02:00
Martin Kanis
3356e8b098
Convert login failure entities into interface
2022-03-29 18:40:53 +02:00
Stefan Guilhen
d8bee26ec8
Implement AbstractClientEntity.isUpdated to account for changes in associated protocol mappers.
...
Closes #10927
2022-03-29 18:35:28 +02:00
Martin Kanis
e493b08fa7
Add expiration field to root authentication session
2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring
...
Closes : #10447
* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT ( #10784 )
2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6
Hot Rod map storage: Authentication session no-downtime store
2022-03-22 09:05:52 +01:00
Martin Kanis
2394855f48
Add merge tasks optimization to ConcurrentHashMapKeycloakTransaction.delete
2022-03-21 16:45:48 +01:00
Michal Hajas
c18a682f50
Do not store undefined values in store
...
Closes #10744
2022-03-17 16:44:33 +01:00
Bruno Oliveira da Silva
8aa394ca6b
Update to Liquibase 4.8.0
...
Closes #10678
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-03-16 13:46:31 -03:00
Alexander Schwartz
8d1a47f768
adding missing log4j configuration to prevent errors in the log
...
Closes #10613
2022-03-14 10:12:49 -03:00
Pedro Igor
ad865e75c1
Change the flush mode to auto and fixing how entities are checked if they are loaded in the EM
...
Closes #10411
2022-03-11 12:21:52 -03:00
Martin Kanis
1a4d7c297a
Change authentication sessions map to set ( #10596 )
2022-03-10 08:45:24 +01:00
Alexander Schwartz
18f391d8c4
Fix spelling error in field and classname
...
It's always a converter, unless electricity is involved.
Closes #10573
2022-03-09 08:28:52 -03:00
Alexander Schwartz
3c3f003a38
LDAP Map storage support to support read/write for roles
...
Closes #9929
2022-03-08 12:03:10 +01:00
Michal Hajas
f77ce315bb
Disable Authz caching for new storage tests
...
Closes #10500
2022-03-07 10:22:55 -03:00
Michael Parlee
722ce950bf
Improve user search performance
...
Removes bulder.lower() from user search queries on email and username.
Closes #8893
2022-03-04 14:15:14 +01:00
Martin Kanis
6c64d465ea
Convert authentication session entities into interface
2022-03-04 10:50:18 +01:00
Alexander Schwartz
ebfc24d6c1
Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure.
...
Adding additional information like a thread dump when it doesn't shutdown as expected.
Closes #10016
2022-03-04 10:47:01 +01:00
giacomo.altiero
91d37b5686
Single offlineSession imported in Infinispan with correctly calculated lifespan and maxIdle parameters
...
Close #8776
2022-03-01 14:51:29 +01:00
Stefan Guilhen
af7a040d54
Ensure Liquibase validation is performed once per area
...
Closes #10132
2022-02-25 08:48:34 +01:00
Martin Kanis
6249e34177
Hot Rod map storage: Client scope no-downtime store
2022-02-24 13:30:27 +01:00
Michal Hajas
b4281468d0
Convert Map Realm Entities into interfaces
...
Closes #9736
2022-02-24 13:23:19 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore
...
Closes #10442
2022-02-24 12:46:26 +01:00
Luca Graf
febb447919
KEYCLOAK-19297 Use real 'external' client object id to store AuthenticatedClientSession in UserSession object, so that the client session can be looked by the client object id in further requests.
2022-02-18 12:42:59 +01:00
vramik
589606b1c1
JPA map storage: Groups no-downtime store
...
Closes #9660
2022-02-15 08:54:41 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT ( #10165 )
2022-02-11 21:28:06 +01:00
Stefan Guilhen
442d9bae2e
Add CockroachDB support in the new JPA storage
...
Closes #10039
2022-02-11 18:04:02 +01:00
Martin Kanis
26ac142b99
Hot Rod map storage: Roles no-downtime store
2022-02-11 14:31:34 +01:00
Michal Hajas
b50b8f883b
Implement HotRod storage for Users
...
Closes #9671
2022-02-11 10:20:36 +01:00
vramik
8a8d59a124
Add prefix "kc_" to all existing tables
...
Closes #10101
2022-02-11 08:59:23 +01:00
Alexander Schwartz
de7be3d65d
Handling JPA Map storage case when parent has been deleted
...
Closes #10033
2022-02-09 14:43:50 +01:00
Stefan Guilhen
7c1d6eae43
Upgrade to Liquibase 4.6.2
...
* Upgrade to Liquibase 4.6.2
* Add valid checksums to changesets to allow migration to newest liquibase
* Update liquibase licenses
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-02-09 12:56:46 +01:00