436 commits

Author	SHA1	Message	Date
mposolda	57e51e9dd4	Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation ... closes #20045	2023-08-30 13:24:48 +02:00
Marek Posolda	6f989fc132	Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531) ... closes #22352 #9422	2023-08-29 11:21:01 +00:00
rmartinc	7336ff07ac	Check RDN attribute for DN membership ... Closes https://github.com/keycloak/keycloak/issues/20718	2023-07-21 11:13:45 +02:00
mposolda	0ea2891eee	Remove support for OpenJDK 11 on the server side ... closes #15014	2023-07-03 13:12:22 -03:00
rmartinc	f21c35c21f	Compare SSSD email ignoring the case ... Closes https://github.com/keycloak/keycloak/issues/21394	2023-07-03 12:06:29 -03:00
Stijn Last	91e543f415	Improve error messages when testing LDAP connection (#21013) ... Closes #15434	2023-07-01 19:45:49 +02:00
Hynek Mlnarik	c092c76ae8	Remove ldapsOnly (Java) ... In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`. Closes: #9313	2023-06-28 08:30:09 +02:00
vramik	535bba5792	Update UserQueryProvider methods ... Closes #20438	2023-06-12 16:04:26 +02:00
Alexander Schwartz	512e30b210	Add escaping for fields with wildcard search ... Closes #20510	2023-05-31 14:38:04 +02:00
vramik	a175efcb72	Split UserQueryProvider into UserQueryMethods and UserCountMethods and make LdapStorageProvider implement only UserQueryMethods ... Co-authored-by: mhajas <mhajas@redhat.com> Closed #20156	2023-05-31 11:47:54 +02:00
stianst	0832992e59	Removing OpenShift integration and moving to separate extension ... closes #20496 Co-authored-by: mposolda <mposolda@gmail.com>	2023-05-30 17:39:32 +02:00
damien-malescot	1007d6a6d8	Fix AD/LDS password expiration ... Closes #13084	2023-05-29 09:20:25 +02:00
vramik	bdbbd2959d	User search with LDAP federation not consistent ... Closes #10195	2023-05-23 11:48:33 +02:00
vramik	fd6a6ec3ad	Make LDAP searchForUsersStream consistent with other storages ... Co-authored-by: mhajas <mhajas@redhat.com> Closes #17294	2023-05-19 08:40:41 +02:00
Pedro Hos	ca06c49909	Removing duplicated serverPrincipal at LDAPStorageProviderFactory.java ... closes #20101	2023-05-16 15:20:38 +02:00
rmartinc	025778fe9c	SSSD User Federation integration for quarkus distribution ... Closes https://github.com/keycloak/keycloak/issues/16165	2023-05-09 11:32:52 +02:00
rmartinc	87905c186d	Upgrade dbus-java to 4.3.0. Incorporated: dbus-java-core and dbus-java-transport-native-unixsocket	2023-05-09 11:32:52 +02:00
Martin Bartoš	6118e5cfb7	Use JakartaEE dependencies ... --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/pom.xml - Modified --- Quarkus3 branch sync no. 5 (10.2.2023) Resolved conflicts: keycloak/pom.xml - Modified	2023-04-27 13:36:54 +02:00
Martin Bartoš	7cff857238	Migrate packages from javax.* to jakarta.* ... --- Quarkus3 branch sync no. 14 (24.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java - Modified --- Quarkus3 branch sync no. 13 (11.4.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified --- Quarkus3 branch sync no. 12 (31.3.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified --- Quarkus3 branch sync no. 10 (17.3.2023) Resolved conflicts: keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java - Modified --- Quarkus3 branch sync no. 9 (10.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified --- Quarkus3 branch sync no. 8 (3.3.2023) Resolved conflicts: keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java Modified - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified --- Quarkus3 branch sync no. 6 (17.2.2023) Resolved conflicts: keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified --- Quarkus3 branch sync no. 5 (10.2.2023) Resolved conflicts: /keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java Modified - Modified keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified --- Quarkus3 branch sync no. 4 (3.2.2023) Resolved conflicts: keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified --- Quarkus3 branch sync no. 1 (18.1.2023) Resolved conflicts: keycloak/testsuite/client/ClientPoliciesTest.java - Deleted keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified	2023-04-27 13:36:54 +02:00
mposolda	1cbdf4d17e	Fix the issue with LDAP connectionUrl containing multiple hosts ... Closes #17359	2023-04-16 17:41:22 +02:00
Hynek Mlnarik	6014070431	Fix memory leak in LDAP ... The caching in LDAP stores and reuses the session at the time of creating `LDAPIdentityStore`. On top of that, there is not much cached, since apart from the session which must not be part of long-lived cache, only config is cached in the objects which is anyway always recomputed. The cache for the LDAP still retains the LDAPConfig to keep the `logLDAPConfig` call upon config change. Closes: #19396	2023-04-06 11:09:00 +02:00
Hynek Mlnarik	0d5363d0d5	Throw an exception rather than returning response ... Closes: #17644	2023-04-03 14:43:50 +02:00
rmartinc	89dfeeec38	The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties ... Closes https://github.com/keycloak/keycloak/issues/10412	2023-03-30 21:45:07 +02:00
Hiroyuki Wada	46eb2e1b84	Fix attribute deleted from LDAP is not immediately reflected even if it is "Always Read Value From LDAP"	2023-03-21 10:28:41 +01:00
Jon Koops	972ebb9650	Use a valid SemVer format for the SNAPSHOT version (#17334) ... * Use a valid SemVer format for the SNAPSHOT version * Update pom.xml * Update pom.xml --------- Co-authored-by: Stian Thorgersen <stianst@gmail.com> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2023-03-03 11:11:44 +01:00
Alexander Schwartz	1e4401f521	Avoid returning the same entity multiple times from separate searches ... Closes #15604	2023-03-02 08:21:38 +01:00
rmartinc	5cdf4d5791	Read-Only attributes should be modified if creation is delayed for LDAP ... Closes https://github.com/keycloak/keycloak/issues/16848	2023-03-01 11:26:57 +01:00
Alexander Schwartz	d4604984d0	Compatibility with Maven4 and parallel builds (#16312) ... Closes #16308	2023-02-14 11:44:53 +01:00
mposolda	a804400c84	Added KERBEROS feature. Disable it when running tests on FIPS ... closes #14966	2023-01-25 18:38:46 +01:00
Hynek Mlnařík	60ce949304	Ignore unknown clients in LDAP role mapper ... Fixes: #10958	2022-12-01 09:51:05 +01:00
rmartinc	b7188c3891	Unknown bind DN using LDAP anonymous bind aka bind type none (#15546) ... Closes #15497	2022-11-23 10:23:46 +01:00
Hynek Mlnařík	fe6853c691	Update JavaDoc generation to be JDK11 compatible (#15569) ... Fixes: #15566	2022-11-21 08:44:17 +01:00
Pedro Igor	6f7c62fc73	Remove unnecessary endpoints from our JAX-RS entensions ... Closes #15525	2022-11-16 16:25:33 +01:00
Tomohiro Nagai	a4f6134ba3	Support kerberos IllegalArgumentException ... closes #10672	2022-11-16 08:19:32 +01:00
Tomohiro Nagai	ba369a2c2b	Support for communication timeout with kerberos server ... Closes #10668	2022-11-16 08:17:35 +01:00
Marek Posolda	f616495b05	Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299) ... closes #14965	2022-11-03 16:35:57 +01:00
Michal Hajas	883e83e625	Remove deprecated methods from data providers and models ... Closes #14720	2022-10-25 09:01:33 +02:00
Mark Andreev	581def56d6	Fix null username in ldap (#8717) ... Closes #14667	2022-09-30 09:34:02 +02:00
rmartinc	cc9326fcad	Delay LDAPObject creation until mandatory attributes are set (#14341) ... Closes #14286	2022-09-16 20:35:50 +02:00
Christoph Leistert	cc2bb96abc	Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup.	2022-09-06 21:31:31 +02:00
Pedro Igor	5b48d72730	Upgrade Resteasy v4 ... Closes #10916 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2022-07-11 12:17:51 -03:00
Clara Fang	4643fd09e3	Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() ... This should reduce GC pressure. Closes #12644	2022-06-29 08:53:09 +02:00
Alexander Schwartz	6376db0f9c	code cleanup	2022-06-21 08:53:06 +02:00
Alexander Schwartz	cb0c881821	rename SingleEntityCredentialManager to SubjectCredentialManager	2022-06-21 08:53:06 +02:00
Alexander Schwartz	84d21f0230	for all added files in the PR, update the copyright header or add it if it was missing	2022-06-21 08:53:06 +02:00
Alexander Schwartz	d41764b19b	Inline deprecated methods in legacy code	2022-06-21 08:53:06 +02:00
Alexander Schwartz	08bbb1fb92	Move LDAP REST Endpoints to LDAP package ... - Thus remove implicit dependency on services on the legacy modules - Disable tests for LDAP/Kerberos that won't work when map storage is enabled	2022-06-21 08:53:06 +02:00
Alexander Schwartz	1bc6133e4e	redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos)	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	e396d0daa1	Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager(): ... - class SingleUserCredentialManager to SingleEntityCredentialManager - method UserModel.getUserCredentialManager() to credentialManager() Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession	2022-06-21 08:53:06 +02:00
Alexander Schwartz	bc8fd21dc6	SingleUserCredentialManager moving in ... - UserStorageManager now handles authentication for old Kerberos+LDAP style - new getUserByCredential method in MapUserProvider would eventually do the same.	2022-06-21 08:53:06 +02:00