Commit graph

632 commits

Author SHA1 Message Date
Michal Hajas
7c427e8d38 Remove offline sessions timeouts adjusters as with persistent session we have bounded caches and it is no longer necessary to adjust time in caches
Closes #29140
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 18:03:17 +02:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions
All writes for the sessions are handled by a background thread which batches them.

Closes #28862

Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile

Closes #29141

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 14:07:35 +02:00
Pedro Ruivo
17a700b6b9 Use cache.compute() method to improve the replace retry loop
Closes #29073

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-29 12:24:33 +02:00
Pedro Ruivo
3de5357091 CLI options to disable encryption and authentication to external Infinispan
Closes #28750

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Alexander Schwartz
13af4f44f5
Defer updates of last session updates and batch them (#28502)
Defer updates of last session refreshes and batch them

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-17 09:25:05 +02:00
Martin Kanis
f764a9cb4a NPE when listing sessions in UI if associated user is gone
Closes #28801

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-04-16 11:53:36 -03:00
Pedro Ruivo
2494ad6950 Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory
Closes #28752

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-16 10:51:57 +02:00
Alexander Schwartz
004f419fd0 Leave a tombstone after the deletion of a cache entry
This captures the scenario of multiple deletion calls in the current session.

Closes #28672

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 17:00:19 +02:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions (#28319)
Persistent sessions code also for offline sessions

Closes #28318

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Douglas Palmer
69ba92808d DefaultBruteForceProtector leverages a single thread to write success/failed events
Closes #14084

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-12 09:53:40 +02:00
Michal Hajas
1bb5e14134 Use ReentrantLock instead of synchronized to avoid thread pinning
+ since the runSerialized mechanism is currently on the best effort basis it is possible there are concurrent executions if T1 obtained a lock T2 removed the lock and T3 created a new lock before T1 called putIfAbsent therefore I added a debug log detecting this situation

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-04-09 14:55:21 +02:00
Alexander Schwartz
355901dfd8 Add a back-off period when replacing cache entries fails
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Alexander Schwartz
63e7523a6d Avoid unnecessary updates to the sessions during refreshes of tokens
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
Alexander Schwartz
dc18bd4efb Avoid conflicts when writing to session stores by checking for concurrent requests within the JVM
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 14:55:21 +02:00
vibrown
3fffc5182e Added ClientType implementation from Marek's prototype
Signed-off-by: vibrown <vibrown@redhat.com>

More updates

Signed-off-by: vibrown <vibrown@redhat.com>

Added client type logic from Marek's prototype

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

Testing to see if skipRestart was cause of test failures in MR
2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database (#27977)
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.

Closes #27976

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-03-28 09:17:07 +01:00
Alexander Schwartz
62d24216e3 Remove offline session preloading
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Alexander Schwartz
f168b8cce9 Avoid invalidating the cache if removing an entry doesn't exist
Closes #27852

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 13:36:07 +01:00
Pedro Igor
326d63ce74 Make sure group searches are cached and entries invalidate accordingly
Closes #26983

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-29 05:06:36 +09:00
Vlasta Ramik
ade3b31a91
Introduce new CLI config options for Infinispan remote store
Closes #25676

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 15:49:19 +00:00
Réda Housni Alaoui
a3b3ee4b87
Ability to declare a default "First broker login flow" per Realm
Closes #25823

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-02-28 16:17:51 +01:00
Alexander Schwartz
ee3a4a6e4f
Set expiry and maxidle when loading entries from the remote store (#26942)
Closes #26941

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-27 17:56:17 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Michal Hajas
f7f7f1bd10 Add caching for subGroupsCount
Closes #25731

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-15 19:46:04 +09:00
Thomas Darimont
93fc6a6c54 Shorter lifespan for offline session cache entries in memory
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long (#26729) (#26737)
Resolves #26597, resolves #26665

Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:29:34 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces (#26708)
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
Thomas Darimont
277af021d7 Improve ScheduledTask task-name handling
This PR introduces a String getTaskName() default method to
the ScheduledTask interface and adjusts call sites to use the
implementation derived task name where possible.

Previously, ScheduledTask names were passed around separately, which
lead to unhelpful debug messages.
We now give ScheduledTask implementations control over their task-name
which allows for more flexible naming.

Enlist call StoreSyncEvent.fire(...) to after transaction to ensure realm is present in database.
Ensure that Realm is already committed before updating sync via UserStorageSyncManager
Align Sync task name generation for cancellation to support SyncFederationTest
Only log a message if sync task was actually canceled.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-02-02 09:57:03 -03:00
Václav Muzikář
4096a2657e
Supported option to specify site name for multi-site deployments
Closes #26460

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-31 11:52:19 +00:00
Martin Kanis
7797f778d1 Map Store Removal: Rename legacy modules
Closes #24107

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273)
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading (#26160)
Closes #25300

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Alexander Schwartz
a8eca6add0
Changing to the Infinispan BOM to avoid mis-aligned Infinispan dependencies (#26137)
Closes #22922

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
2024-01-15 09:20:47 +01:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. (#25709)
Closes #22082

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
Alexander Schwartz
9e4fc3f491 Keep workaround permanently for concurrent shutdowns of embedded Infinispan
Closes #9871

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-15 10:58:22 +01:00
Alexander Schwartz
e01827693a Avoid shutdown of Infinispan when using cache
Closes #24508

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 15:46:37 +01:00
Alexander Schwartz
a8cff72ed0
Avoid logged warning about objects not present in the cache for tasks (#25324)
Closes #25322

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-08 13:10:14 +01:00
Alexander Schwartz
5b1b3ca11b
Allow concurrent remote cache operations (#25390)
Closes #25388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-08 10:07:25 +01:00
Alexander Schwartz
e4be3ed244
Prevent client cache stampede after invalidation of a client or on startup (#25217)
Closes #24202

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-05 16:01:37 +01:00
vramik
587cef7de4 Delete Profile.Feature.MAP_STORAGE
Signed-off-by: vramik <vramik@redhat.com>

Closes #24102
2023-11-30 13:04:39 +01:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-29 11:06:41 +00:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2023-11-22 14:10:11 +01:00
Alexander Schwartz
a45934a762 Disable cache store and load only if a remote store is used
Closes #10803
Closes #24766

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: daviddelannoy <16318239+daviddelannoy@users.noreply.github.com>
2023-11-20 18:50:02 +01:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058)
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2023-11-13 19:13:01 +01:00
Alexander Schwartz
26e2fde115
Avoid reseting cachemanger to null to avoid a re-initialization (#24086)
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.

Closes #24085
2023-11-08 11:33:44 -05:00