Commit graph

353 commits

Author SHA1 Message Date
mposolda
701b7acd80 KEYCLOAK-5371 More stable cross-dc tests 2017-11-08 10:03:04 +01:00
mposolda
62a1c187a2 KEYCLOAK-5716 KEYCLOAK-5738 Avoid infinispan deadlock. Ensure code-to-token works correctly in cross-dc 2017-11-07 09:01:59 +01:00
Hynek Mlnarik
92027e4c57 KEYCLOAK-5745 Fix ActionTokenCrossDCTest and improve logging 2017-10-27 08:45:05 +02:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
Marek Posolda
a7bc294a08 Merge pull request #4594 from hmlnarik/KEYCLOAK-5688-Externalizer-for-entities-shared-across-DC-2
KEYCLOAK-5688 Externalizers for cluster messages and predicates
2017-10-24 14:41:16 +02:00
mposolda
9a19e95b60 KEYCLOAK-5710 Change cache-server to use backups based caches 2017-10-24 11:52:08 +02:00
Hynek Mlnarik
faf830dc77 KEYCLOAK-5688 Externalizers for cluster messages and predicates 2017-10-23 12:18:56 +02:00
Bill Burke
92245e3fc8 fixes 2017-10-20 09:55:37 -04:00
Bill Burke
54ebc21880 KEYCLOAK-5698 2017-10-19 19:38:56 -04:00
Bill Burke
0371a562d9 Merge pull request #4574 from patriot1burke/master
KEYCLOAK-5701
2017-10-19 10:33:10 -04:00
Bill Burke
8faa6f1f4d KEYCLOAK-5701 2017-10-18 18:20:50 -04:00
Hynek Mlnarik
6d18ba4b32 KEYCLOAK-5688 Add externalizers for session entities
and remove unused events
2017-10-18 16:04:57 +02:00
Hynek Mlnarik
056ba75a72 KEYCLOAK-5656 Use standard infinispan remote-store 2017-10-16 21:49:42 +02:00
Bruno Oliveira da Silva
b6ab2852c2 Remove unused imports (#4558) 2017-10-16 14:23:42 +02:00
mposolda
26f11078dc KEYCLOAK-5371 Use managed executors on Wildfly 2017-10-11 11:09:53 +02:00
mposolda
f5ff24ccdb KEYCLOAK-5371 Fix SessionExpirationCrossDCTest, Added ExecutorsProvider. Debug support for cache-servers in tests 2017-10-10 22:30:44 +02:00
Hynek Mlnarik
fe972ce12b KEYCLOAK-5656 Remove remoteServers configuration option 2017-10-09 11:58:28 +02:00
Hynek Mlnarik
6cbfbeca0b KEYCLOAK-5656 Remove KeycloakTcpTransportFactory 2017-10-06 13:20:17 +02:00
mposolda
bca4c35708 KEYCLOAK-5371 Fix ActionTokenCrossDCTest and BruteForceCrossDCTest 2017-10-04 13:25:45 +02:00
Marek Posolda
13fe9e7cf8 Merge pull request #4510 from glavoie/KEYCLOAK-3303
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
mposolda
63673c4328 KEYCLOAK-5569 Added JWE 2017-09-29 13:01:42 +02:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens.
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b Merge pull request #4209 from guitaro/feature/group-search-and-pagination
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
mposolda
ca92bcbf7f KEYCLOAK-5480 Cross-DC setup: Remote cache stores are connecting to Infinispan servers in both datacenters 2017-09-18 18:04:04 +02:00
Levente NAGY
d18aa44fb4 Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination 2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7 KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache 2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f Merge branch 'master' into feature/group-search-and-pagination 2017-09-13 10:27:38 +02:00
Pedro Igor
90db6654d3 Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00
Hynek Mlnarik
24e9cbb292 KEYCLOAK-4899 Replace updates to user session with temporary auth session 2017-09-11 21:43:49 +02:00
Levente NAGY
2c24b39268 KEYCLOAK 2538 - UI group pagination 2017-09-07 19:39:06 +02:00
Gabriel Lavoie
c1664478d9 KEYCLOAK-4858: Slow query performance for client with large data volume
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00
Pedro Igor
9ed5fc5595 [KEYCLOAK-5389] - Invalidating ResourceStore.findByUri cache when creating new resources 2017-09-05 11:45:51 -03:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
mposolda
43ce466aa6 KEYCLOAK-5294 Cross-dc working on Wildfly 2017-08-24 18:03:01 +02:00
Pedro Igor
3ff38e22cf [KEYCLOAK-4639] - Invalidating resource query by owner cache 2017-08-23 15:11:48 -03:00
mposolda
fe5891fbdb KEYCLOAK-5293 Add notBefore to user 2017-08-23 08:58:26 +02:00
mposolda
089514d8a6 KEYCLOAK-4634 Cross-dc support for UserLoginFailures 2017-08-17 10:22:12 +02:00
mposolda
fc777e166c KEYCLOAK-3298 Bit more perf improvement for bulk removal of sessions 2017-08-14 16:17:59 +02:00
mposolda
c4bb29b4bb KEYCLOAK-4187 SessionExpirationCrossDCTest - added tests for user logout and removal 2017-08-14 11:19:07 +02:00
mposolda
868e76fcf3 KEYCLOAK-4630 Added SessionsPreloadCrossDCTest for test preloading sessions and offline sessions. Support for manual.mode to control manually lifecycle of all servers. 2017-08-11 17:44:00 +02:00
mposolda
1289e84cdb KEYCLOAK-4630 Refactor RemoteCacheSessionsLoader to use JS script for preload sessions through more pages 2017-08-11 17:44:00 +02:00
Levente NAGY
c8aa708cff Merge remote-tracking branch 'upstream/master' 2017-08-10 18:14:49 +02:00
mposolda
0f7440d344 KEYCLOAK-4187 Fixes and tests related to sessions expiration and bulk removal in cross-dc environment 2017-08-10 08:29:59 +02:00
mposolda
a72c297d5d KEYCLOAK-4187 Fix LoginCrossDCTest 2017-08-08 14:02:48 +02:00
Hynek Mlnarik
9ca72dc5c6 KEYCLOAK-4189 Improve logging and concurrency/cross-DC testing 2017-08-08 10:11:51 +02:00
Hynek Mlnarik
80177e8712 KEYCLOAK-4187 Include version when marshalling UserSessionEntity 2017-08-08 10:11:51 +02:00
Hynek Mlnarik
125b178297 KEYCLOAK-4187 Fix warnings 2017-08-08 10:11:51 +02:00
mposolda
251b41a7ac KEYCLOAK-4187 Fix LastSessionRefreshCrossDCTest and ConcurrentLoginCrossDCTest 2017-08-07 11:55:49 +02:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Léventé NAGY
1a50e77a4d Merge branch 'master' into feature/group-search-and-pagination 2017-06-26 20:36:36 +02:00
Stian Thorgersen
1c10199698 Merge pull request #4252 from hmlnarik/KEYCLOAK-5078-ConcurrencyTest-fails-intermittently
KEYCLOAK-5078 ConcurrencyTest fails intermittently
2017-06-26 12:48:37 +02:00
Hynek Mlnarik
955cbc76d7 KEYCLOAK-5030 Change action tokens cache type to distributed 2017-06-26 10:11:53 +02:00
Hynek Mlnarik
8f9ed32a66 KEYCLOAK-5078 ConcurrencyTest fails intermittently
This commit fixes 401 Unauthorized issues
2017-06-23 15:16:23 +02:00
Léventé NAGY
41d8d17062 Merge branch 'master' into feature/group-search-and-pagination 2017-06-22 17:41:30 +02:00
mposolda
fc61a4e89f KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model 2017-06-21 22:14:20 +02:00
Hynek Mlnarik
2e2d15be9f KEYCLOAK-4189 Infinispan cache and channel statistics for Cross-DC-testing 2017-06-20 12:48:08 +02:00
Pedro Igor
6202222da4 Merge pull request #4221 from pedroigor/KEYCLOAK-5051
[KEYCLOAK-5051] - Invalidate authz cache when realm cache is cleared
2017-06-14 07:53:46 -03:00
Pedro Igor
473065fd31 [KEYCLOAK-5051] - Invalidate authz cache when realm cache is cleared 2017-06-12 12:29:21 -03:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
Pedro Igor
84d2d7b431 Missing invalidation for some queries cache 2017-06-08 18:09:44 -03:00
Levente NAGY
f377a45c4e [KEYCLOAK-2538] - groups count for pagination limits 2017-06-07 20:52:22 +02:00
Levente NAGY
c4da7637d6 [KEYCLOAK-2538] - groups pagination and group search 2017-06-06 18:32:48 +02:00
Pedro Igor
1d5bd2567e [KEYCLOAK-4913] - Caching more query methods 2017-05-23 16:13:20 -03:00
Pedro Igor
37a98fba20 [KEYCLOAK-4913] - Caching more query methods 2017-05-22 19:08:24 -03:00
mposolda
e2a7b71cf3 KEYCLOAK-4939 ConcurrentLoginTest broken in latest master 2017-05-19 14:00:52 +02:00
Bill Burke
2cac8b1bb7 KEYCLOAK-4929 2017-05-18 16:53:31 -04:00
Bill Burke
c291748f43 KEYCLOAK-4929 2017-05-18 16:48:04 -04:00
Marek Posolda
70d7e07526 Merge pull request #4132 from mposolda/cross-dc4-squash
KEYCLOAK-4626 KEYCLOAK-4627 Authentication sessions & Action tokens
2017-05-15 12:46:43 +02:00
Pedro Igor
d824b4d93c Changing cache key for findByResource 2017-05-12 10:25:06 -03:00
Pedro Igor
7569493b17 Invalidating cache for findByowner 2017-05-12 10:23:54 -03:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
mposolda
db8b733610 KEYCLOAK-4626 Fix TrustStoreEmailTest and PolicyEvaluationCompositeRoleTest. Distribution update 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01 KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes 2017-05-11 22:16:26 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
Pedro Igor
e14be4460b [KEYCLOAK-4867] - Cluster events and invalidations 2017-05-05 22:48:51 -03:00
Bill Burke
af792b8abe fix 2017-04-29 17:03:36 -04:00
Bill Burke
1f4311a02c KEYCLOAK-4821 2017-04-29 10:41:32 -04:00
Eriksson Fabian
ca1152c3e5 KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
mposolda
1fd5af840b KEYCLOAK-4525 Deleting a client with existing sessions/offline_tokens leads to Internal Server Errors 2017-04-24 11:24:09 +02:00
Pedro Igor
bf69bc94bb [KEYCLOAK-4754] - Unable to delete realm when using aggregated policies 2017-04-20 12:10:52 -03:00
Pedro Igor
8e877a7f6c [KEYCLOAK-3135] - More tests 2017-04-12 14:34:27 -03:00
Pedro Igor
eec712a259 [KEYCLOAK-3135] - Role and user policies apis 2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c [KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests 2017-04-12 00:52:13 -03:00
Pedro Igor
55f747ecd0 [KEYCLOAK-3135] - Part 1: Permission Management API 2017-04-12 00:52:13 -03:00
Pedro Igor
1f50421a54 [KEYCLOAK-4726] - Multiple role policies crash realm delete 2017-04-06 12:36:03 -03:00
Jared Blashka
61bd9bb58c Fix CachePolicy.MAX_LIFESPAN invalidation 2017-03-20 22:56:35 -04:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Pedro Igor
e7e6314146 [KEYCLOAK-4555] - Fixes and improvements to evaluation code 2017-03-13 14:08:54 -03:00
Bill Burke
cf5e2a1d20 unlink/remoteimported 2017-02-08 19:48:22 -05:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
mposolda
e487db349c KEYCLOAK-4274 Fix recursive composite role mappings 2017-01-23 17:55:45 +01:00
Marko Strukelj
7de999a7f9 KEYCLOAK-3657 Role id is not preserved during import-export operation 2017-01-13 17:46:30 +01:00
mposolda
9a6f202c46 KEYCLOAK-4137 Significant performance lag in 'get client role by role name' 2017-01-12 11:55:58 +01:00
mposolda
7098daaf72 KEYCLOAK-4066 TimeoutException in cluster environment in ClearExpiredSessions 2017-01-11 12:27:51 +01:00
Stian Thorgersen
1c0e204f50 Merge pull request #3690 from stianst/master
Bump version to 2.5.1.Final-SNAPSHOT
2017-01-02 08:52:04 +01:00
mposolda
b5317f3485 RHSSO-377 Added reproducer unit test L1SerializationIssueTest 2016-12-22 11:41:10 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Pedro Igor
df7a68b709 [KEYCLOAK-4125] - Fixing when running in a cluster 2016-12-21 20:04:08 -02:00
Stian Thorgersen
663b99d884 KEYCLOAK-4127
Temporarily disable cache for authorization services as it breaks clustering
2016-12-21 08:36:24 +01:00
Pedro Igor
c9c8acd029 [KEYCLOAK-4034] - Invalidating policy cache when creating resources and scopes 2016-12-19 20:28:49 -02:00
Pedro Igor
40591cff25 Merge pull request #3662 from pedroigor/KEYCLOAK-4034
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
5cf5168770 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 16:48:16 -02:00
Pedro Igor
c9c9f05e29 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 11:22:37 -02:00
Slawomir Dabek
93cec9b3ee KEYCLOAK-4059 Support for duplicate emails 2016-12-19 10:55:12 +01:00
Marek Posolda
c8b22e71f0 Merge pull request #3573 from glavoie/KEYCLOAK-4003
KEYCLOAK-4003: Slow Infinispan RoleAdapter.hasRole() call.
2016-12-06 09:49:42 +01:00
Gabriel Lavoie
32c23c2410 KEYCLOAK-4002: realmRevisions cache too small with high number of realms.
- Increased the hardcoded default value to help running master with high number of realms.
- Added a value computation based on the realms cache max size (to match the userRevisions cache configuration pattern).
- Computed revisions cache size is now 2 times the configured maximum cache size.
- Added a maximum realms cache size configuration to the different standalone.xml templates.
- Added a missing users cache size configuration to standalone.xsl.
2016-12-05 08:07:24 -05:00
Gabriel Lavoie
6fa504489f KEYCLOAK-4003: Slow Infinispan RoleAdapter.hasRole() call.
- Added a session/query cache for the result getComposites() to avoid always hitting the Infinispan cache.
- KeycloakModelUtils doesn't rely anymore on a "visited" set as performance seems good without it.
- Added test for multiple levels of composite roles. Only one level was covered.
2016-11-30 10:56:26 -05:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
mposolda
ec49d10007 KEYCLOAK-3997 InfinispanKeyStorageProviderTest was failing 2016-11-30 08:38:35 +01:00
Bill Burke
b33afcd47c KEYCLOAK-3903 KEYCLOAK-3960 2016-11-29 16:43:06 -05:00
mposolda
69ce1e05f0 KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected 2016-11-28 15:27:25 +01:00
mposolda
7c6032cc84 KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite 2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70 remove User Fed SPI 2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf remove realm UserFed SPI methods 2016-11-23 08:31:20 -05:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
mposolda
6df7a80352 KEYCLOAK-3931 Fix Mongo to have LDAP tests pass 2016-11-21 11:25:18 +01:00
mposolda
76bfbad2c4 KEYCLOAK-3895 Make UserSessionProvider and UserSessionPersisterProvider to rely on UserRemovedEvent callbacks 2016-11-18 15:58:33 +01:00
Stian Thorgersen
7043ecc21b KEYCLOAK-3881 Fix login status iframe with * origin 2016-11-18 12:50:52 +01:00
mposolda
a27be0cee7 KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches. 2016-11-16 22:29:23 +01:00
Bill Burke
cc0eb47814 merge 2016-11-14 15:09:41 -05:00
Bill Burke
c280634bfa fix tests 2016-11-14 15:06:17 -05:00
Bill Burke
8a5f817030 ldap jpa migration 2016-11-10 16:52:18 -05:00
Stian Thorgersen
7e33f4a7d1 KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private 2016-11-10 13:28:42 +01:00
Bill Burke
14dc0ff92f Merge remote-tracking branch 'upstream/master' 2016-11-05 20:05:01 -04:00
Bill Burke
4302b440ee ldap port 2016-11-05 20:04:53 -04:00
Pedro Igor
4bf5da8fac Merge pull request #3371 from brewers/bug/cache-dynamic-resource
KEYCLOAK-3752 : Include programmatically created resources in the resource cache
2016-11-02 07:19:04 -02:00
Stian Thorgersen
3d46b4c425 KEYCLOAK-3667 2016-10-28 08:43:24 +02:00
Bill Burke
b67cb0e97a Merge remote-tracking branch 'upstream/master' 2016-10-25 11:44:22 -04:00
Bill Burke
3e28ac1e46 user spi cache policy 2016-10-24 15:36:37 -04:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Bill Burke
139158e614 fix 2016-10-20 12:36:24 -04:00
Bill Burke
36c2422fa4 realm cache event 2016-10-20 10:35:28 -04:00
mposolda
3779bfb6b4 KEYCLOAK-3666 client registration policies - polishing 2016-10-19 17:45:23 +02:00
Cherian Mathew
2bba6af6d9 Include programmatically created resources in the resource cache 2016-10-19 11:04:22 +02:00
Bill Burke
2199df71bf Merge remote-tracking branch 'upstream/master' 2016-10-18 10:14:00 -04:00
Bill Burke
4182e4d92a federated import/export 2016-10-18 10:13:51 -04:00
Marek Posolda
940237ee78 Merge pull request #3304 from hmlnarik/KEYCLOAK-2964
KEYCLOAK-2964 - Fix groups not applied for authentication of admin operations
2016-10-18 14:50:12 +02:00
Geir Ole Hiåsen Stevning
95f62c6aeb KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent 2016-10-17 13:53:12 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Hynek Mlnarik
03cf9bad2e KEYCLOAK-2964 - Fix groups not applied for authentication of admin operations 2016-10-11 15:21:38 +02:00