libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24143 commits 4 branches 5 tags 480 MiB
Commit graph

2241 commits

Author SHA1 Message Date
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack 
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-22 09:34:51 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension 
Closes #9758

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-02-16 08:09:34 +01:00
Michal Hajas
f7f7f1bd10 Add caching for subGroupsCount 
Closes #25731

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-15 19:46:04 +09:00
rmartinc
4ff4c3f897 Increase internal algorithm security using HS512 and 128 byte hmac keys 
Closes #13080

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-15 08:16:45 +01:00
Alexander Schwartz
c7b51fc7f0
Use the appropriate database dialect to add quotes to the schema name (#26964) 
Closes #25961

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-13 13:09:55 +01:00
Stefan Guilhen
2161e72872 Add migration for the useTruststoreSpi config property in LDAP user storage provider 
- legacy `ldapsOnly` value now migrated to `always`.

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-12 11:53:19 +01:00
Thomas Darimont
93fc6a6c54 Shorter lifespan for offline session cache entries in memory 
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-02-09 19:44:04 +01:00
Douglas Palmer
66f0d2ff1d blah 
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-07 15:55:06 -03:00
Douglas Palmer
d9d41b1a09 Brute Force Detection is disabled when updating frontenUrl via admin client 
Closes #21409

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-02-07 15:55:06 -03:00
Stian Thorgersen
3e08a1713b
Ignore empty attribute values when retriveing boolean/int/long (#26729) (#26737) 
Resolves #26597, resolves #26665

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-06 15:29:34 +01:00
Stefan Guilhen
fbeba83b87 Upgrade liquibase to version 4.25.1 
Closes #26570

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-05 19:07:25 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces (#26708) 
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-02 16:51:32 +01:00
Thomas Darimont
277af021d7 Improve ScheduledTask task-name handling 
This PR introduces a String getTaskName() default method to
the ScheduledTask interface and adjusts call sites to use the
implementation derived task name where possible.

Previously, ScheduledTask names were passed around separately, which
lead to unhelpful debug messages.
We now give ScheduledTask implementations control over their task-name
which allows for more flexible naming.

Enlist call StoreSyncEvent.fire(...) to after transaction to ensure realm is present in database.
Ensure that Realm is already committed before updating sync via UserStorageSyncManager
Align Sync task name generation for cancellation to support SyncFederationTest
Only log a message if sync task was actually canceled.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-02-02 09:57:03 -03:00
mposolda
cdc5d8fff8 Migrating Realm JSON with declarative user profile fails when scope selectors present on any attributes 
closes #26266

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-02-01 09:54:09 +01:00
Martin Kanis
a3fcacdab7 Map Store Removal: deprecate model legacy module 
Closes #26598

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-31 17:40:45 +01:00
Václav Muzikář
4096a2657e
Supported option to specify site name for multi-site deployments 
Closes #26460

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-31 11:52:19 +00:00
Lex Cao
cf3f05a259
Skip grant role if exists for federated storage (#26508) 
Closes #26507

Signed-off-by: Lex Cao <lexcao@foxmail.com>
 2024-01-26 17:08:47 +00:00
Martin Kanis
7797f778d1 Map Store Removal: Rename legacy modules 
Closes #24107

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-25 16:29:16 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273) 
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-23 13:50:31 +00:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading (#26160) 
Closes #25300

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-16 09:29:01 +01:00
Alexander Schwartz
a8eca6add0
Changing to the Infinispan BOM to avoid mis-aligned Infinispan dependencies (#26137) 
Closes #22922

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
 2024-01-15 09:20:47 +01:00
mposolda
692aeee17d Enable user profile by default 
closes #25151

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-01-11 12:48:44 -03:00
Réda Housni Alaoui
98230aa372 Add federated identity ProviderEvent(s) 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-10 11:56:38 -03:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. (#25709) 
Closes #22082

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
 2024-01-09 16:55:22 +01:00
atharva kshirsagar
d7542c9344 Fix for empty realm name issue 
Throw ModelException if name is empty when creating/updating a realm

Closes #17449

Signed-off-by: atharva kshirsagar <atharva4894@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-01-05 14:23:42 +01:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-02 09:06:55 -03:00
Pedro Igor
810ebf4efd Migration steps for enabling user profile by default 
Closes #25528

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-19 10:19:45 -03:00
Alexander Schwartz
9e4fc3f491 Keep workaround permanently for concurrent shutdowns of embedded Infinispan 
Closes #9871

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-15 10:58:22 +01:00
Alexander Schwartz
e01827693a Avoid shutdown of Infinispan when using cache 
Closes #24508

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-13 15:46:37 +01:00
Alexander Schwartz
a8cff72ed0
Avoid logged warning about objects not present in the cache for tasks (#25324) 
Closes #25322

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-08 13:10:14 +01:00
Alexander Schwartz
5b1b3ca11b
Allow concurrent remote cache operations (#25390) 
Closes #25388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-08 10:07:25 +01:00
Pedro Igor
ab1173182c Make sure realm is available from session when migrating to 23 
Closes #25183

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2023-12-06 07:42:54 -03:00
Alexander Schwartz
e4be3ed244
Prevent client cache stampede after invalidation of a client or on startup (#25217) 
Closes #24202

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2023-12-05 16:01:37 +01:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi (#25206) 
Closes #24103

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-12-01 16:40:56 +00:00
vramik
587cef7de4 Delete Profile.Feature.MAP_STORAGE 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24102
 2023-11-30 13:04:39 +01:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider 
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2023-11-29 18:03:31 +01:00
Michal Hajas
2b2207af93
Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled 
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-11-29 11:06:41 +00:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider 
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
 2023-11-27 14:45:44 +01:00
Sebastian Schuster
030f42ec83
More efficient listing of assigned and available client role mappings 
Closes #23404

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2023-11-22 14:10:11 +01:00
Alexander Schwartz
a45934a762 Disable cache store and load only if a remote store is used 
Closes #10803
Closes #24766

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: daviddelannoy <16318239+daviddelannoy@users.noreply.github.com>
 2023-11-20 18:50:02 +01:00
Douglas Palmer
f9665acc29 KeycloakErrorHandler NullPointerException String.toLowerCase() because message is null 
Closes #22958
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2023-11-16 18:06:33 +01:00
Réda Housni Alaoui
3f014c7299
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2023-11-13 19:13:01 +01:00
vramik
926be135e8 Remove map related modules 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24100
 2023-11-13 12:34:52 +01:00
Alexander Schwartz
26e2fde115
Avoid reseting cachemanger to null to avoid a re-initialization (#24086) 
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.

Closes #24085
 2023-11-08 11:33:44 -05:00
vramik
6fa26d7ff4 Delete map dependencies from dependency management 
Closes #24101
 2023-11-08 13:53:17 +01:00
vramik
593c14cd26 Data too long for column 'DETAILS_JSON' 
Closes #17258
 2023-11-02 20:29:35 +01:00
rokkiter
e1735138cb
clean util * (#24174) 
Signed-off-by: rokkiter <yongen.pan@daocloud.io>
 2023-11-01 17:14:11 +01:00
ashwingroot
dee1cec290 fix to preload offline sessions faster 
slow loading offline tokens during start up leads to connection timeout
closes #24295
 2023-10-30 12:58:06 +01:00
Alice
69497382d8
Group scalability upgrades (#22700) 
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2023-10-26 16:50:45 +02:00
Hynek Mlnarik
c036980c37 Add TRANSIENT_USERS feature flag 2023-10-25 12:02:35 +02:00