libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
25091 commits 4 branches 5 tags 480 MiB
Commit graph

2351 commits

Author SHA1 Message Date
Stefan Guilhen
694ffaf289 Allow organizations in different realms to have the same domain 
Closes #29886

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-28 08:02:30 -03:00
Alexander Schwartz
97cc973af0
Remove explicit flush from JPA user and client session handling (#29819) 
Closes #29818

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-28 09:23:20 +02:00
mposolda
ea1cdc10bd MigrateTo25_0_0 does not complete within default transaction timeout 
closes #29756

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-27 10:31:39 +02:00
sebastianh6r
f34a7c2af4
Optimize settings for Hibernate ORM 
* Optimize settings for Hibernate ORM
* Teach exception handler about the new BatchUpdateException exceptions

Closes #26162

Signed-off-by: Sebastian Hoeninger <Sebastian.Hoeninger@bosch.io>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Sebastian Hoeninger <Sebastian.Hoeninger@bosch.io>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-27 10:20:19 +02:00
Alexander Schwartz
c6e071cf07
Clear entries in remote caches and force events on the remote site (#29597) 
Closes #29592

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-23 14:47:32 +02:00
Marek Posolda
2efc163b89
Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database 
Closes #27941

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-23 12:00:18 +00:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400) 
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-23 08:38:36 +02:00
Stefan Guilhen
37f85937a7 Move organization authenticator into conditional subflows in the default browser and first broker login flows 
Closes #29446

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-22 20:48:29 -03:00
vramik
55bf4feebc Disable identity provider at the realm level when an organization is disabled 
Closes #29483

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-22 07:58:26 -03:00
vramik
278341aff9 Add organizations enabled/disabled capability 
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
 2024-05-22 07:58:26 -03:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions 
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-22 10:30:46 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions 
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-05-22 10:12:20 +02:00
Stefan Guilhen
1aab371912 Fix errors when importing realms with the organization feature enabled 
Closes #29630

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-17 07:25:31 -03:00
Stefan Guilhen
553b1ce695 Ensure org domain removal from the IDP is properly propagated to the DB 
Closes #29599

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-16 10:43:50 -03:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages (#29326) 
Update resource file and tests accordingly

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
 2024-05-16 09:55:41 +02:00
Stefan Guilhen
c4760b8188 Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org. 
Closes #29481

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-14 15:39:18 -03:00
Martin Kanis
3985157f9f Make sure operations on a organization are based on realm they belong to 
Closes #28841

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-14 10:47:39 -03:00
Pedro Igor
b4d231fd40 Fixing realm removal when removing groups and brokers associated with an organization 
Closes #29495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-14 14:29:27 +02:00
Alexander Schwartz
673e122443 Avoid sorting items returned from the database which are already stable 
Closes #29319

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-13 16:15:38 +02:00
Alexander Schwartz
6cc8d653f3 Make SessionWrapper related fields immutable that are part of the equals method 
The cache replace logic depends on it, as values returned by reference from a local cache must never be modified on those critical fields directly.

Closes #28906

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-13 09:59:50 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization 
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-10 21:28:11 -03:00
Stefan Guilhen
3186b6db8e Fix realm removal when orgs are enabled 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 17:23:08 -03:00
Stefan Guilhen
ceed7bc120 Add ability to search organizations by attribute 
Closes #29411

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-10 16:45:41 -03:00
Alexander Schwartz
eaeffe95ac
Avoid conflicts when writing to session stores by checking for concurrent requests within the JVM (#29393) 
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-05-09 08:24:43 +00:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final 
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-08 17:18:39 +02:00
Martin Kanis
d4b7e1a7d9 Prevent to manage groups associated with organizations from different APIs 
Closes #28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-05-07 11:16:40 -03:00
Stefan Guilhen
aa945d5636 Add description field to OrganizationEntity 
Closes #29356

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-07 10:35:51 -03:00
Pedro Igor
c0325c9fdb Do not manage brokers through the Organization API 
Closes #29268

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-07 09:15:25 -03:00
Alice W
584e92aaba Add support for organizational invites to new and existing users based on tokens 
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
 2024-05-06 17:57:13 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971) 
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-06 14:46:56 -03:00
Pedro Ruivo
4c6f3ce35d Remove unused code from model/infinispan module 
Closes #29137

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-06 18:53:23 +02:00
Pedro Ruivo
fe5bed6191
Retry fetching event from remote cache 
Closes #28303

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-06 17:27:07 +02:00
Michal Hajas
128bba34d3 Remove PERSISTENT_USER_SESSIONS_No_CACHE feature 
Closes #29264

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-06 08:53:39 +02:00
Michal Hajas
8b715d3a31 Do not use LastSessionRefreshPersister with persistent user sessions enabled 
Closes #29144

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-06 08:49:48 +02:00
Pedro Igor
32d25f43d0 Support for mutiple identity providers 
Closes #28840

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-04 16:19:27 +02:00
Pedro Ruivo
82a959fa78 Remove WildFly Clustering Marshaller 
Closes #29135

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-03 12:31:47 +02:00
Alexander Schwartz
05b6f897ce
Execute persistent sessions tests in CI and fix deadlock (#29236) 
* Execute persistent sessions tests in CI and fix deadlock in UserSessionConcurrencyTest 
The deadlock was caused by a switch to reactive handling of embedded Infinispan updates introduced here #28862
Closes #29235

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-03 10:42:34 +02:00
Michal Hajas
e93b7d4f3a
Use computeIfPresent also for Persistent sessions 
Follow-up-on #29073

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-02 16:43:54 +00:00
Stefan Guilhen
45e5e6cbbf Introduce filtered (and paginated) search for organization members 
Closes #28844

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-02 11:25:43 -03:00
Michal Hajas
4c17c6107e Merge offline and online sessions transactions 
Closes #29139
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 18:03:17 +02:00
Michal Hajas
7c427e8d38 Remove offline sessions timeouts adjusters as with persistent session we have bounded caches and it is no longer necessary to adjust time in caches 
Closes #29140
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 18:03:17 +02:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions 
All writes for the sessions are handled by a background thread which batches them.

Closes #28862

Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile

Closes #29141

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 14:07:35 +02:00
Pedro Igor
51352622aa Allow adding realm users as an organization member 
Closes #29023

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-29 08:37:47 -03:00
Pedro Ruivo
17a700b6b9 Use cache.compute() method to improve the replace retry loop 
Closes #29073

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-29 12:24:33 +02:00
Stefan Guilhen
bfabc291cc 28843 - Introduce filtered (and paginated) searches for organizations 
Closes #28843

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-25 12:38:20 -03:00
vramik
c56f062416 Typo in Organization table 
Closes #29054

Signed-off-by: vramik <vramik@redhat.com>
 2024-04-24 11:23:44 -03:00
vramik
d65649d5c0 Make sure organization are only manageable by the admin users with the manage-realm role 
Closes #28733

Signed-off-by: vramik <vramik@redhat.com>
 2024-04-23 12:16:57 -03:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400. 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2024-04-22 11:42:18 -03:00
Stefan Guilhen
f1532565b6 Don't use no-arg version of GroupModel.getSubGroupsStream() when fetching the subgroups from the GroupResource endpoint. 
- prevents pre-loading all groups; instead use the stream from the JPA adapter to load subgroups one by one and then filter based on the user permissions.

Closes #28935

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-22 11:27:29 -03:00