Commit graph

310 commits

Author SHA1 Message Date
Sebastian Schuster
99aba33980 KEYCLOAK-13163 Fixed searching for user with fine-grained permissions 2020-03-09 09:56:13 -03:00
Phy
8aa5019efe KEYCLOAK-13074 Don't return LDAP group members if under IMPORT mode
If GroupLDAPStorageMapper is running under IMPORT mode, getGroupMembers should not return users in LDAP, which, according to how UserStorageManager.query works (getting both user federation and Keycloak storage), will cause duplicate users in the list.

A test has been added as well, which will fail before the fix in the mapper.
2020-03-06 11:44:36 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
BrunoJCM
5c910d6f13 KEYCLOAK-12437 Revert KEYCLOAK-11802 (#6700)
This reverts commit e018ca3e29 from:
Simplifying logic for determining disabled status (#6416)

Co-authored-by: brunomedeiros-visagio <55057005+brunomedeiros-visagio@users.noreply.github.com>
2020-01-28 14:59:03 +01:00
mposolda
fea7b4e031 KEYCLOAK-12424 SPNEGO / Kerberos sends multiple 401 responses with WWW-Authenticate: Negotiate header when kerberos token is invalid 2020-01-09 10:21:24 +01:00
Tero Saarni
1ac76fde59 KEYCLOAK-12242 KEYCLOAK-12280
(cherry picked from commit 6f47d7fc2ccab4f31e373774c983501e83dffa4b)
2019-12-18 13:29:21 +01:00
Cédric Couralet
bde94f2f08 KEYCLOAK-11770 add an hardcoded attribute mapper (#6396)
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-12-10 12:57:46 +01:00
Martin Kanis
685d49c693 KEYCLOAK-11967 Violation of UNIQUE KEY constraint SIBLING_NAMES (#6485) 2019-11-26 16:00:50 +01:00
Ramon Spahr
0f00e23f96 KEYCLOAK-10977 Allow disabling Kerberos athentication with LDAP federation provider (#6422) 2019-11-18 14:12:26 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
Andrei Arlou
b72fe79791 KEYCLOAK-12015 Use StandartCharsets in org.keycloak.storage.ldap.idm.query.EscapeStrategy (#6474) 2019-11-14 17:10:31 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459)
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
lounsbrough
e018ca3e29 KEYCLOAK-11802 Simplifying logic for determining disabled status (#6416)
* KEYCLOAK-11802 Simplifying logic for determining disabled status
2019-10-24 21:43:16 +02:00
Martin Kanis
37304fdd7d KEYCLOAK-10728 Upgrade to WildFly 18 Final 2019-10-21 14:06:44 +02:00
Cédric Couralet
5f006b283a KEYCLOAK-8316 Add an option to ldap provider to trust emails on import
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-10-04 16:28:02 +02:00
Felix Borchers
3d175dbe0c KEYCLOAK-11582 Fix ldap groups sync which fails when syncing back to MSAD (#6348)
* KEYCLOAK-11582 Fix sync which fails when syncing to MSAD
2019-10-03 20:13:12 +02:00
Sven-Torben Janus
1887d3b038 KEYCLOAK-10942 Incorporate comments from code review
see https://github.com/keycloak/keycloak/pull/6251/files#r325212980
2019-09-18 09:47:18 +02:00
Sven-Torben Janus
f261c43fab KEYCLOAK-10942 Support eDirectory GUID
Convert eDirectory GUID which is in binary format to a UUID in dashed
string format.
2019-09-18 09:47:18 +02:00
Jan Lieskovsky
7ab854fecf [KEYCLOAK-8253] When syncing flat (all groups being the top-level ones) structure
of LDAP groups from federation provider to Keycloak, perform the search if the
currently processed group already exists in Keycloak in log(N) time

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 20:14:18 +02:00
Jan Lieskovsky
cfb225b499 [KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization
(in the direction from LDAP provider to Keycloak) from exponential to
linear time in the case of syncing flat LDAP groups structure

Add a corresponding test (intentionally configured as to be ignored
by CI/CD due to higher demand on time, required fo the test completion)

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 09:54:13 +02:00
mhajas
9c2525ec1a KEYCLOAK-11245 Use transcription object for LDAP bindCredential 2019-09-09 19:39:53 +02:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Sven-Torben Janus
c883c11e7e KEYCLOAK-10158 Use PEM cert as X.509 user identity
Allows to use the full PEM encoded X.509 certificate from client cert
authentication as a user identity. Also allows to validate that user's
identity against LDAP in PEM (String and binary format). In addition,
a new custom attribute mapper allows to validate against LDAP when
certificate is stored in DER format (binay, Octet-String).

KEYCLOAK-10158 Allow lookup of certs in binary adn DER format from LDAP
2019-07-08 11:58:26 +02:00
Ian Duffy
de0ee474dd Review feedback 2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4 [KEYCLOAK-10230] Support for LDAP with Start TLS
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
2019-05-27 21:30:01 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
rmartinc
a9a4e9daae KEYCLOAK-9884: "user-attribute-ldap-mapper" is not propagating the change of "username" (uid) attribute. 2019-03-27 19:07:51 +01:00
rmartinc
2602c222cd KEYCLOAK-4640: LDAP memberships are being replaced instead of being added or deleted 2019-03-14 18:40:15 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
mposolda
adc3017ff9 KEYCLOAK-8688 LDAPSyncTest is failing in some environments 2019-02-13 12:48:48 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
Jonatas Esteves Silverio
0d9964c185 KEYCLOAK-7990 Use attribute name from config on LDAP group creation
Use CommonLDAPGroupMapperConfig.getMembershipLdapAttribute() instead of
constant LDAPConstants.MEMBER to honor the "membership.ldap.attribute"
config key when creating a LDAP group. This fixes an error when trying
to create a group on a DS server configured with a different member
attribute than the standard "member" (eg. 389ds).
2018-12-13 07:53:09 +01:00
mposolda
88141320ac KEYCLOAK-9002 StackOverflowError when reading LDAP-backed users via REST API 2018-12-07 12:25:05 +01:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
Pedro Igor
91637120ee [KEYCLOAK-5052] - LDAP group names containing / in the name violates SIBILING_NAME constraint in db 2018-11-23 08:48:08 -02:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
mposolda
575851d45c KEYCLOAK-6038 Kerberos cross-realm trust test 2018-08-10 13:31:36 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
Jean-Loup Maillet
af47bd5da8 corrected groups set to be able to add group & explicit imports 2018-06-26 13:30:44 +02:00
J-Loup
0ee5c97b1c Tooltip correction on group selection
Tooltip correction on group selection for hardcoded-ldap-group-mapper
2018-06-26 13:30:44 +02:00
Jean-Loup Maillet
d07f13eace hardcoded-ldap-group-mapper 2018-06-26 13:30:44 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Rick van den Hof
2e22dcfc47 Add unit tests 2018-05-29 10:03:54 +02:00
Rick van den Hof
16fd6558a6 Enable adding of default groups 2018-05-29 10:03:54 +02:00