libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
26203 commits 4 branches 5 tags 480 MiB
Commit graph

727 commits

Author SHA1 Message Date
Alexander Schwartz
5bb23eb0fc
Optimize update of user attributes (#32907) 
Closes #32906
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-25 16:39:42 +02:00
Stefan Guilhen
6424708695 Ensure organization id is preserved on export/import 
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.

Closes #33207

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-25 16:07:44 +02:00
Christian Janker
21f90145ac Send UserRemovedEvent containing all user attributes 
Invalidate CachedUserModel before UserRemovedEvent

closes #32194

Signed-off-by: Christian Janker <christian.janker@gmx.at>
 2024-09-20 16:22:08 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin (#32918) 
Closes #32573

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-18 09:05:57 +02:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature 
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-09-13 13:03:13 +02:00
Martin Kanis
ccb166d0e9 Add caching when querying brokers by organization 
Closes #32574

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-09-09 09:24:43 -03:00
Alexander Schwartz
d9dfe74e8b
Set idle time the same as for the internal cache, but extend it for refreshes 
Closes #32100

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-09-09 10:47:56 +02:00
Alexander Schwartz
9454c01d88
Fix parsing of broker user ID if it contains a dot (#32699) 
Closes #32698

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-06 14:09:44 +02:00
Stefan Guilhen
557d7e87b2 Avoid iterating through all mappers when running the config event listeners 
Closes #32233

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 07:40:58 -03:00
Pedro Ruivo
ba861fc5d7 Remove version() projection from Ickle Queries 
Closes #32590

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-09-03 18:07:32 +02:00
Pedro Ruivo
29c8060bda Trigger mass re-index of the sessions caches when the entity changes 
Closes #32594

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-09-03 15:48:14 +02:00
Pedro Igor
4b5b1a4c25 Unignore backchannel logout tests 
Closes #20643

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-09-02 08:34:21 +02:00
Pedro Ruivo
378db25016
Skip creating sessions cache when Persistent Sessions is enabled 
Re-order the configuration steps to avoid redundant warnings

Closes #32416

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-27 16:21:08 +00:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel (#32251) 
* Decouple Identity provider mappers from RealmModel

Closes #31731

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-22 12:05:19 -03:00
Alexander Schwartz
a7964a588b Avoid n+1 SQL selects to load sessions 
Closes #32273

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-22 12:51:43 +02:00
vramik
14494fb148 Ensure organization aware IdentityProviderModel is used in the infinispan IDPProvider 
Closes #32108

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-22 07:22:18 -03:00
yelhouti
e8840df0e0
Fix: admin GUI not working with 1000s of realms 
Search by RealmName is done before loading all realms when filtering

Closes #31956

Signed-off-by: Youssef El Houti <youssef.elhouti@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-21 14:58:36 +02:00
Stefan Guilhen
585d179fe0 Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs. 
Closes #32238

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-21 07:49:01 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00
Stefan Guilhen
fa7c2b5da6 Address review comments 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
Michal Hajas
6a9245546e Set clientId if it is not set in the entity 
Closes #32195

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-16 14:27:18 +02:00
Alexander Schwartz
88904c0a01
Call JPA code in blocking thread (#32154) 
Closes #32153

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-16 10:17:30 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Martin Kanis
708a6898db Add a count method to the OrganizationMembersResource 
Closes #31388

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-15 09:12:57 -03:00
Pedro Ruivo
e13c9bf462 Retry remote cache operations with back off 
Implement a retry mechanism for remote cache writes.

Fixes #32030

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-13 15:55:59 +02:00
vramik
4d7f25535c IDP storage provider Infinispan implementation 
Closes #31251

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-13 08:36:15 -03:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions 
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-12 20:35:50 +02:00
Alexander Schwartz
07a168cb14 Deleted authentication sessions should not be re-surrected with an update 
Closes #31829

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-09 07:26:05 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Michal Hajas
6847af0068 Remove InfinispanMultiSiteLoadBalancerCheckProviderFactory.java 
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 07:58:12 -03:00
Pedro Ruivo
1e9f6bbb8c Non clustered Keycloak with External Infinispan feature 
Disables JGroups (clustering) when remote-cache feature is enabled

Fixes #31876

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-05 17:04:36 +02:00
Pedro Ruivo
fed804160b Enable ProtoStream encoding for External Infinispan feature 
The ProtoStream schema is automatically uploaded to the Infinispan
server during startup.
When the schema is updated, the indexes are updated and re-created.
Use the delete statement to delete entities when a realm is removed.

Fixes #30931

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-01 16:16:19 +02:00
Alexander Schwartz
00bfc2c34f
Adding an index for the revoked tokens table to speed up the cleanup (#31790) 
Closes #31725

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-01 11:12:53 +02:00
Ryan Emerson
8d7e18ec29 Clear local caches on split-brain heal 
Closes #25837

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-07-31 13:59:06 +02:00
Pedro Ruivo
17e30e9ec1 Persist revoke tokens with remote cache feature 
Stores the revoked tokens into the database and preloads them during
startup.

Fixes #31760

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-31 11:02:38 +02:00
Alexander Schwartz
11b19bc272
For persistent sessions, don't remove user session if there is no session in the remote store (#31756) 
Closes #31115

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-30 17:57:09 +02:00
Pedro Ruivo
e62604b1ec ConditionalRemover interface for External Infinispan feature 
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries

On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.

Fixes #31046

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-30 15:16:17 +02:00
Alexander Schwartz
00d8e06f79
Optimize CPU cycles for persistent sessions (#31702) 
Closes #31701

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-29 16:34:13 +02:00
Stefan Guilhen
f45529de8c Deprecate IDP related methods in RealmModel 
- delegate to the new provider

Closes #31253

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Alexander Schwartz
557cf1e60e Add a tombstone operation to optimize multiple deletes 
Closes #31699

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-29 13:23:06 +02:00
Alexander Schwartz
6d404b86c9 Trigger clearing the user cache when the duplicate email allowed flag changes 
Closes #31045

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-29 10:37:42 +02:00
Pedro Igor
04bd6653ec Invalidating domain cache and introducing cache for more query methods 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Pedro Igor
1f8280c71a Allow members joining multiple organizations 
Closes #30747

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:02:36 +02:00
Ryan Emerson
69a8509f6c Remove outdated test code from model/infinispan module 
Closes #31661

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-07-26 17:14:49 +02:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens 
Closes #31296

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-26 11:46:14 +02:00
vramik
649b35929e Make sure users created through a registration link are managed members 
Closes #30743

Signed-off-by: vramik <vramik@redhat.com>
 2024-07-25 04:30:13 -03:00
Pedro Igor
6ce89670b5 Flaky test: org.keycloak.testsuite.model.user.UserModelTest#testAddRemoveUserConcurrent 
Closes #30236

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-24 22:40:32 +02:00
Alexander Schwartz
d70f78072e
Make persistent sessions co-exist with remote cache feature (#30859) 
Closes #30855

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-09 09:03:36 +02:00