* Adding additional non-applicable client fields to the default service-account client type configuration.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Creating TypedClientAttribute which maps clientmodel fields to standard client type configurations.
Adding overrides for fields in TypeAwareClientModelDelegate required for
service-account client type.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Splitting client type attribute enum into 3 separate enums, representing
the top level ClientModel fields, the extended attributes through the
client_attributes table, and the composable fields on
ClientRepresentation.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Removing reflection use for client types.
Validation will be done in the RepresentationToModel methods that are responsible for the ClientRepresentation -> ClientModel create and update static methods.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
More updates
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Update client utilzes type aware client property update method.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* If user inputted representation object does not contain non-null value, try to get property value from the client. Type aware client model will return non-applicable or default value to keep fields consistent.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Cleaning up RepresentationToModel
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Fixing issue when updating client secret.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Fixing issue where created clients would not have fullscope allowed, because getter is a boolean and so cannot be null.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Need to be able to clear out client attributes on update as was allowed before and causing failures in integration tests.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Fixing issues with redirectUri and weborigins defaults in type aware clients.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Need to allow client attributes the ability to clear out values during update.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Renaming interface based on PR feedback.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Shall be able to override URI sets with an empty set.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
* Comments around fields that are primitive and may cause problems determining whether to set sane default on create.
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
---------
Signed-off-by: Patrick Jennings <pajennin@redhat.com>
Before this fix console uris (including the client redirect uris) did not contain the url encoded realm name and therefore were invalid.
closes#25807
Signed-off-by: Philip Sanetra <code@psanetra.de>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Philip Sanetra <code@psanetra.de>
Co-authored-by: rmartinc <rmartinc@redhat.com>
All writes for the sessions are handled by a background thread which batches them.
Closes#28862
Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile
Closes#29141
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Closes#47
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Conflicts:
core/src/main/java/org/keycloak/util/TokenUtil.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Defer updates of last session refreshes and batch them
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: vibrown <vibrown@redhat.com>
More updates
Signed-off-by: vibrown <vibrown@redhat.com>
Added client type logic from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
updates
Signed-off-by: vibrown <vibrown@redhat.com>
Testing to see if skipRestart was cause of test failures in MR
Closes#21345Closes#21344
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Mark Franceschelli <mfrances@redhat.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@redhat.com>
Co-authored-by: Agnieszka Gancarczyk <agancarc@redhat.com>
* Support management port for health and metrics
Closes#19334
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Deprecate option
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Remove relativePath first-class citizen, rename ManagementSpec
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Fix KeycloakDistConfiguratorTest
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
When sync mode value is missing in the config of newly created identity
provider, the provider does not store any. When no value is
found, the identity provider behaves as if `LEGACY` was used (#6705).
This PR ensures the correct sync mode is returned from the REST endpoint,
regardless of whether it has been stored in the database or not.
Fixes: #26019
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this
Closes#16520
Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
- user model is updated by onImport with the enabled/disabled status of the LDAP user
- a config option always.read.enabled.value.from.ldap was introduced, in synch to what we have in UserAttributeLDAPStorageMapper
- isEnabled checks the flag to decide if it should always retrieve the value from LDAP, or return the local value.
- setEnabled first updates the LDAP tx, and then calls the delegate to avoid issue #24201Closes#26695Closed#24201
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
* fix: replace aesh with picocli
closes: #27388
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* splitting the error handling for password input
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding a change note about kcadm
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.
Closes#27976
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>