Commit graph

403 commits

Author SHA1 Message Date
Tomohiro Nagai
a4f6134ba3 Support kerberos IllegalArgumentException
closes #10672
2022-11-16 08:19:32 +01:00
Tomohiro Nagai
ba369a2c2b Support for communication timeout with kerberos server
Closes #10668
2022-11-16 08:17:35 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299)
closes #14965
2022-11-03 16:35:57 +01:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models
Closes #14720
2022-10-25 09:01:33 +02:00
Mark Andreev
581def56d6
Fix null username in ldap (#8717)
Closes #14667
2022-09-30 09:34:02 +02:00
rmartinc
cc9326fcad
Delay LDAPObject creation until mandatory attributes are set (#14341)
Closes #14286
2022-09-16 20:35:50 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Clara Fang
4643fd09e3 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
This should reduce GC pressure.

Closes #12644
2022-06-29 08:53:09 +02:00
Alexander Schwartz
6376db0f9c code cleanup 2022-06-21 08:53:06 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Nick Farley
91e88f554e Replaces instances of himself with more inclusive language
Closes #12300
2022-06-03 12:25:14 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing (#7943)
Closes #11875
2022-05-09 18:52:22 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups
Closes: 11771

see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
R0Wi
cb4a513e24 Fail authenticate if credentialInput is not of type UserCredentialModel
Code fix inside LDAPStorageProvider.java:
return failed result if credential input object is not of expected type

Closes #11191
2022-04-12 14:38:17 +02:00
Alexander Schwartz
fb92b95c33 Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible.
This reverts commit bc27c7c464.

Closes #10840
2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Clara Fang
bc27c7c464 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
Closes #10333
2022-03-18 11:20:52 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
pravsjv
a6acc89bf3
Update LDAPOperationManager.java (#9561)
Update LDAPOperationManager.java
Closes #9560
2022-01-20 17:33:56 +01:00
keycloak-bot
9f3d4a7d42 Set version to 17.0.0-SNAPSHOT 2021-12-20 10:50:39 +01:00
Marcelo Sales
afeaa6f593 KEYCLOAK-19391: Fix ldap query search adding custom serach filter 2021-12-15 08:54:52 +01:00
Marcelo Sales
e69c3dcb1f KEYCLOAK-19391: Fix ldap query search adding custom serach filter 2021-12-15 08:54:52 +01:00
Daniel Fesenmeyer
339224578e KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Marek Posolda
11e5f66c60
KEYCLOAK-19056 EDIT MODE field should not be leave empty (#8380) 2021-09-14 20:27:09 +02:00
bohmber
0c64d32b9b KEYCLOAK-19183
LDAPDn should use a static Pattern instead calling String.split with a regex
2021-09-06 09:17:26 +02:00
bohmber
ba946b54f7 KEYCLOAK-19021
LDAPOperationManager.getFilterById is causing additional call to AD
2021-08-19 09:25:33 +02:00
Thomas Darimont
f9b4e47851 KEYCLOAK-19036 Avoid infinite loop during LDAP sync with OpenLDAP and olcSizeLimit
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 17:42:13 +02:00
mposolda
418d1e3471 KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper 2021-08-18 17:39:19 +02:00
cturkalj
b4536a394a Missing null check for session.userCache() added
NPE when existing user from LDAP is found (same LDAP_ID, but with changed username) and session.userCache() is null.
2021-08-03 13:40:02 +02:00
keycloak-bot
262ec3d031 Set version to 16.0.0-SNAPSHOT 2021-07-30 14:56:10 +02:00
mposolda
e58eeca800 KEYCLOAK-18706 Add UPDATE_PASSWORD required action only to authenticationSession when MSAD requires user to change password 2021-07-28 08:47:01 +02:00
Sven-Torben Janus
c6e7c06f6c KEYCLOAK-18695 Support user lookup by ID with Novell eDirectory
The LDAPOperationManager does not encode GUID correctly when looking up
federated users from Novell eDirectory.

The correct encoding can be found here:
https://support.novell.com/docs/Tids/Solutions/10096551.html
2021-07-27 08:46:04 +02:00
keycloak-bot
13f7831a77 Set version to 15.0.0-SNAPSHOT 2021-06-18 10:42:27 +02:00
rmartinc
b97f177f26 [KEYCLOAK-14696] Unable to fetch list of members from a group through keycloak admin console. 2021-05-20 11:32:23 +02:00
keycloak-bot
4b44f7d566 Set version to 14.0.0-SNAPSHOT 2021-05-06 14:55:01 +02:00
Pascal Euhus
82fc401298 [KEYCLOAK-9841] use LDAPUser UUID as an identifier instead of username 2021-03-16 17:55:24 +01:00
Andrew Elwell
c76ca4ad13
Correct "doesn't exists" typos - fixes KEYCLOAK-14986 (#7316)
* Correct "doesn't exists" typos

* Revert changes to imported package

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2021-03-16 11:52:36 +01:00
Mathieu CLAUDEL
197b34889c KEYCLOAK-17146 : Fix reset password MS AD LDS mapper 2021-03-03 09:17:39 +01:00
Thomas Darimont
2faf809536 KEYCLOAK-16464 Allow to map enabled user model attribute to LDAP attribute 2021-01-20 09:24:06 +01:00
Thomas Darimont
f76e9cc833 KEYCLOAK-16464 Allow to map emailVerified user model attribute to LDAP attribute 2021-01-20 09:24:06 +01:00
Michal Hajas
ba8e2fef6b KEYCLOAK-15524 Cleanup user related interfaces 2021-01-18 16:56:10 +01:00