libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
24983 commits 4 branches 9 tags 483 MiB
Commit graph

2336 commits

Author SHA1 Message Date
Stefan Guilhen
c4760b8188 Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org. 
Closes #29481

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-14 15:39:18 -03:00
Martin Kanis
3985157f9f Make sure operations on a organization are based on realm they belong to 
Closes #28841

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-14 10:47:39 -03:00
Pedro Igor
b4d231fd40 Fixing realm removal when removing groups and brokers associated with an organization 
Closes #29495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 14:29:27 +02:00
Alexander Schwartz
673e122443 Avoid sorting items returned from the database which are already stable 
Closes #29319

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-13 16:15:38 +02:00
Alexander Schwartz
6cc8d653f3 Make SessionWrapper related fields immutable that are part of the equals method 
The cache replace logic depends on it, as values returned by reference from a local cache must never be modified on those critical fields directly.

Closes #28906

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-13 09:59:50 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization 
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-10 21:28:11 -03:00
Stefan Guilhen
3186b6db8e Fix realm removal when orgs are enabled 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 17:23:08 -03:00
Stefan Guilhen
ceed7bc120 Add ability to search organizations by attribute 
Closes #29411

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 16:45:41 -03:00
Alexander Schwartz
eaeffe95ac
Avoid conflicts when writing to session stores by checking for concurrent requests within the JVM (#29393) 
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-05-09 08:24:43 +00:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final 
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-08 17:18:39 +02:00
Martin Kanis
d4b7e1a7d9 Prevent to manage groups associated with organizations from different APIs 
Closes #28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-07 11:16:40 -03:00
Stefan Guilhen
aa945d5636 Add description field to OrganizationEntity 
Closes #29356

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-07 10:35:51 -03:00
Pedro Igor
c0325c9fdb Do not manage brokers through the Organization API 
Closes #29268

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 09:15:25 -03:00
Alice W
584e92aaba Add support for organizational invites to new and existing users based on tokens 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971) 
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-06 14:46:56 -03:00
Pedro Ruivo
4c6f3ce35d Remove unused code from model/infinispan module 
Closes #29137

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-06 18:53:23 +02:00
Pedro Ruivo
fe5bed6191
Retry fetching event from remote cache 
Closes #28303

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-06 17:27:07 +02:00
Michal Hajas
128bba34d3 Remove PERSISTENT_USER_SESSIONS_No_CACHE feature 
Closes #29264

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-06 08:53:39 +02:00
Michal Hajas
8b715d3a31 Do not use LastSessionRefreshPersister with persistent user sessions enabled 
Closes #29144

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-06 08:49:48 +02:00
Pedro Igor
32d25f43d0 Support for mutiple identity providers 
Closes #28840

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-04 16:19:27 +02:00
Pedro Ruivo
82a959fa78 Remove WildFly Clustering Marshaller 
Closes #29135

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-03 12:31:47 +02:00
Alexander Schwartz
05b6f897ce
Execute persistent sessions tests in CI and fix deadlock (#29236) 
* Execute persistent sessions tests in CI and fix deadlock in UserSessionConcurrencyTest 
The deadlock was caused by a switch to reactive handling of embedded Infinispan updates introduced here #28862
Closes #29235

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-03 10:42:34 +02:00
Michal Hajas
e93b7d4f3a
Use computeIfPresent also for Persistent sessions 
Follow-up-on #29073

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-02 16:43:54 +00:00
Stefan Guilhen
45e5e6cbbf Introduce filtered (and paginated) search for organization members 
Closes #28844

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-02 11:25:43 -03:00
Michal Hajas
4c17c6107e Merge offline and online sessions transactions 
Closes #29139
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 18:03:17 +02:00
Michal Hajas
7c427e8d38 Remove offline sessions timeouts adjusters as with persistent session we have bounded caches and it is no longer necessary to adjust time in caches 
Closes #29140
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 18:03:17 +02:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions 
All writes for the sessions are handled by a background thread which batches them.

Closes #28862

Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile

Closes #29141

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 14:07:35 +02:00
Pedro Igor
51352622aa Allow adding realm users as an organization member 
Closes #29023

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-29 08:37:47 -03:00
Pedro Ruivo
17a700b6b9 Use cache.compute() method to improve the replace retry loop 
Closes #29073

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-29 12:24:33 +02:00
Stefan Guilhen
bfabc291cc 28843 - Introduce filtered (and paginated) searches for organizations 
Closes #28843

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-25 12:38:20 -03:00
vramik
c56f062416 Typo in Organization table 
Closes #29054

Signed-off-by: vramik <vramik@redhat.com>
 2024-04-24 11:23:44 -03:00
vramik
d65649d5c0 Make sure organization are only manageable by the admin users with the manage-realm role 
Closes #28733

Signed-off-by: vramik <vramik@redhat.com>
 2024-04-23 12:16:57 -03:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400. 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2024-04-22 11:42:18 -03:00
Stefan Guilhen
f1532565b6 Don't use no-arg version of GroupModel.getSubGroupsStream() when fetching the subgroups from the GroupResource endpoint. 
- prevents pre-loading all groups; instead use the stream from the JPA adapter to load subgroups one by one and then filter based on the user permissions.

Closes #28935

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-22 11:27:29 -03:00
Stefan Guilhen
8ca4bc77a1 Improve the performance of the queries used to find granted resources 
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time

Closes #28861

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-22 11:26:06 -03:00
Pedro Ruivo
3de5357091 CLI options to disable encryption and authentication to external Infinispan 
Closes #28750

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
mposolda
c427e65354 Secondary factor bypass in step-up authentication 
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
 2024-04-19 14:43:53 +02:00
Joerg Matysiak
76a5a27082 Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it 
Don't mask secrets at realm export

Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
 2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130 Make sure admin events are not referencing sensitive data from their representation 
Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
 2024-04-18 18:26:47 -03:00
Pedro Igor
1e3837421e Organization member onboarding using the organization identity provider 
Closes #28273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-17 07:24:01 -03:00
Alexander Schwartz
13af4f44f5
Defer updates of last session updates and batch them (#28502) 
Defer updates of last session refreshes and batch them

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-04-17 09:25:05 +02:00
Martin Kanis
f764a9cb4a NPE when listing sessions in UI if associated user is gone 
Closes #28801

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-04-16 11:53:36 -03:00
Pedro Ruivo
2494ad6950 Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory 
Closes #28752

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-16 10:51:57 +02:00
Stefan Guilhen
2ab8bf852d Add validation for the organization's internet domains. 
Closes #28634

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-15 09:03:52 -03:00
Alexander Schwartz
004f419fd0 Leave a tombstone after the deletion of a cache entry 
This captures the scenario of multiple deletion calls in the current session.

Closes #28672

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-12 17:00:19 +02:00
Pedro Igor
61b1eec504 Prevent members with an email other than the domain set to an organization 
Closes #28644

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions (#28319) 
Persistent sessions code also for offline sessions

Closes #28318

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default 
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-12 10:53:39 +02:00