libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
25965 commits 4 branches 5 tags 483 MiB
Commit graph

232 commits

Author SHA1 Message Date
Pedro Ruivo
ba861fc5d7 Remove version() projection from Ickle Queries 
Closes #32590

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-09-03 18:07:32 +02:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Michal Hajas
f5b2775939 Enable persistent sessions by default 
Run CI with the feature disabled to test also the old settings
Closes #32265

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-21 17:37:54 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Pedro Ruivo
e13c9bf462 Retry remote cache operations with back off 
Implement a retry mechanism for remote cache writes.

Fixes #32030

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-13 15:55:59 +02:00
Pedro Ruivo
07c92c85cb Drop AuthenticatedClientSessionStore from user sessions 
New entities for client and user sessions, more query friendly.
The client sessions are found using query instead of storing them in the
user session entity.
Remove of sessions by its field is done based on queries.

Closes #30934

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-12 20:35:50 +02:00
Martin Kanis
e750b44e9d Flaky test: org.keycloak.testsuite.model.DBLockTest#testTwoLocksCurrently 
Closes #25794

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-08-07 09:00:37 -03:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Pedro Ruivo
3fbe26d2e1 Disable SessionTimeoutsTest for old cross-site code 
The test is disabled for the embedded caches + remote store combination
(old cross-site code) due to the async event processing.

Events can be handled after the test changes the time offset, causing
the test to fail.

Fixes #31612

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-06 15:33:44 +02:00
Ryan Emerson
176ac3404a EmbeddedInfinispanSplitBrainTest fails with "IllegalState Session not bound to a realm" 
Closes #31828

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-08-01 13:58:41 +02:00
Ryan Emerson
8d7e18ec29 Clear local caches on split-brain heal 
Closes #25837

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-07-31 13:59:06 +02:00
Pedro Ruivo
17e30e9ec1 Persist revoke tokens with remote cache feature 
Stores the revoked tokens into the database and preloads them during
startup.

Fixes #31760

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-31 11:02:38 +02:00
Pedro Ruivo
e62604b1ec ConditionalRemover interface for External Infinispan feature 
Add a ConditionalRemover interface to remove entries from a RemoteCache
based on the key or value fields.
The default implementation provided by this PR uses streaming/iteration
to test and remove entries

On a side change, moved all the transactions to the same package and
created one transaction class per entity/cache to simplify code and
avoid writing "RemoteChangeLogTransaction" with a long list of types.

Fixes #31046

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-07-30 15:16:17 +02:00
Stefan Guilhen
17c01c9380 Enable new IDP Storage SPI in JPA model tests 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00
Pedro Igor
87c279d645 Respect the username value format when processing federated users 
Closes #31240

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-29 09:28:43 +02:00
Stefan Guilhen
c9f5a0aa32 Testsuite: ensure realm is set in session context 
Closes #31636

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-26 11:11:44 -03:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens 
Closes #31296

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-07-26 11:46:14 +02:00
Pedro Ruivo
5fc12480fd External Infinispan as cache - Part 4 (#30072) 
UserSessionProvider implementation to make use of Infinispan remote
cache.

Closes #28755

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
9006218559 External Infinispan as cache - Part 3 
Implementation of UserLoginFailureProvider using remote caches only.

Closes #28754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
833aad661e External Infinispan as cache - Part 2 
Includes a new implementation for the providers:

* StickySessionEncoderProviderFactory
* LoadBalancerCheckProviderFactory
* SingleUseObjectProviderFactory

Closes #28648

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1 
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-06-19 14:47:57 +02:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474) 
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-13 18:02:46 +02:00
Alexander Schwartz
f6f3b385c5 Improve the cleanup after a failed test to ensure retries work 
Closes #30018

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-06-03 08:59:03 +02:00
Alexander Schwartz
46f0da43da Instead of the test blocking for an unknown reason, specify a timeout 
Closes #29528

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-28 21:06:49 +02:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions 
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-22 10:30:46 +02:00
Michal Hajas
128bba34d3 Remove PERSISTENT_USER_SESSIONS_No_CACHE feature 
Closes #29264

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-06 08:53:39 +02:00
Michal Hajas
8b715d3a31 Do not use LastSessionRefreshPersister with persistent user sessions enabled 
Closes #29144

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-06 08:49:48 +02:00
Michal Hajas
7c427e8d38 Remove offline sessions timeouts adjusters as with persistent session we have bounded caches and it is no longer necessary to adjust time in caches 
Closes #29140
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 18:03:17 +02:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions 
All writes for the sessions are handled by a background thread which batches them.

Closes #28862

Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile

Closes #29141

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 14:07:35 +02:00
Alexander Schwartz
13af4f44f5
Defer updates of last session updates and batch them (#28502) 
Defer updates of last session refreshes and batch them

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-04-17 09:25:05 +02:00
Pedro Ruivo
2494ad6950 Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory 
Closes #28752

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-16 10:51:57 +02:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions (#28319) 
Persistent sessions code also for offline sessions

Closes #28318

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-12 13:15:02 +02:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database (#27977) 
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.

Closes #27976

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-03-28 09:17:07 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession (#28150) 
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
 2024-03-26 13:43:41 -04:00
Stian Thorgersen
3f9cebca39
Ability to set the default provider for an SPI (#28135) 
Closes #28134

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:45:08 +01:00
Steven Hawkins
35b9d8aa49
task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
Alexander Schwartz
62d24216e3 Remove offline session preloading 
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-15 15:19:27 +01:00
Thomas Darimont
93fc6a6c54 Shorter lifespan for offline session cache entries in memory 
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-02-09 19:44:04 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces (#26708) 
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-02-02 16:51:32 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273) 
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-01-23 13:50:31 +00:00
Réda Housni Alaoui
98230aa372 Add federated identity ProviderEvent(s) 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-01-10 11:56:38 -03:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. (#25709) 
Closes #22082

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
 2024-01-09 16:55:22 +01:00
Vlasta Ramik
df465456b8
Map Store Removal: Remove LockObjectsForModification (#25323) 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24793
 2023-12-07 12:43:43 +00:00
Michal Hajas
ec061e77ed
Remove GlobalLockProviderSpi (#25206) 
Closes #24103

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-12-01 16:40:56 +00:00
vramik
587cef7de4 Delete Profile.Feature.MAP_STORAGE 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24102
 2023-11-30 13:04:39 +01:00
Vlasta Ramik
d86e062a0e
Removal of retry blocks introduced for CRDB 
Closes #24095

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2023-11-16 13:50:56 +01:00
vramik
926be135e8 Remove map related modules 
Signed-off-by: vramik <vramik@redhat.com>

Closes #24100
 2023-11-13 12:34:52 +01:00
Alexander Schwartz
26e2fde115
Avoid reseting cachemanger to null to avoid a re-initialization (#24086) 
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.

Closes #24085
 2023-11-08 11:33:44 -05:00
vramik
593c14cd26 Data too long for column 'DETAILS_JSON' 
Closes #17258
 2023-11-02 20:29:35 +01:00
Martin Kanis
e05effe62d Map Store Removal: Delete map profiles and scopes from model tests 
Closes #24093
 2023-11-02 11:33:00 +01:00