Commit graph

2347 commits

Author SHA1 Message Date
Alexander Schwartz
c6e071cf07
Clear entries in remote caches and force events on the remote site (#29597)
Closes #29592

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-23 14:47:32 +02:00
Marek Posolda
2efc163b89
Entry 999.0.0 in MIGRATION_MODEL prevents future migrations of the database
Closes #27941

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-23 12:00:18 +00:00
Thomas Darimont
ab376d9101 Make required actions configurable (#28400)
- Add tests for crud operations on configurable required actions
- Add support exposing the required action configuration via RequiredActionContext
- Make configSaveError message reusable in other contexts
- Introduced admin-ui specific endpoint for retrieving required actions with config metadata

Fixes #28400

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-23 08:38:36 +02:00
Stefan Guilhen
37f85937a7 Move organization authenticator into conditional subflows in the default browser and first broker login flows
Closes #29446

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-22 20:48:29 -03:00
vramik
55bf4feebc Disable identity provider at the realm level when an organization is disabled
Closes #29483

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
vramik
278341aff9 Add organizations enabled/disabled capability
Closes #28804

Signed-off-by: vramik <vramik@redhat.com>
2024-05-22 07:58:26 -03:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 10:30:46 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Stefan Guilhen
1aab371912 Fix errors when importing realms with the organization feature enabled
Closes #29630

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-17 07:25:31 -03:00
Stefan Guilhen
553b1ce695 Ensure org domain removal from the IDP is properly propagated to the DB
Closes #29599

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-16 10:43:50 -03:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages (#29326)
Update resource file and tests accordingly

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2024-05-16 09:55:41 +02:00
Stefan Guilhen
c4760b8188 Ensure that IDP's linked domains are remove when org is deleted or when the domain is removed from the org.
Closes #29481

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-14 15:39:18 -03:00
Martin Kanis
3985157f9f Make sure operations on a organization are based on realm they belong to
Closes #28841

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-14 10:47:39 -03:00
Pedro Igor
b4d231fd40 Fixing realm removal when removing groups and brokers associated with an organization
Closes #29495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-14 14:29:27 +02:00
Alexander Schwartz
673e122443 Avoid sorting items returned from the database which are already stable
Closes #29319

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-13 16:15:38 +02:00
Alexander Schwartz
6cc8d653f3 Make SessionWrapper related fields immutable that are part of the equals method
The cache replace logic depends on it, as values returned by reference from a local cache must never be modified on those critical fields directly.

Closes #28906

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-13 09:59:50 +02:00
Pedro Igor
b50d481b10 Make sure organization groups can not be managed but when managing an organization
Closes #29431

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-10 21:28:11 -03:00
Stefan Guilhen
3186b6db8e Fix realm removal when orgs are enabled
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 17:23:08 -03:00
Stefan Guilhen
ceed7bc120 Add ability to search organizations by attribute
Closes #29411

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:45:41 -03:00
Alexander Schwartz
eaeffe95ac
Avoid conflicts when writing to session stores by checking for concurrent requests within the JVM (#29393)
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-05-09 08:24:43 +00:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-08 17:18:39 +02:00
Martin Kanis
d4b7e1a7d9 Prevent to manage groups associated with organizations from different APIs
Closes #28734

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-05-07 11:16:40 -03:00
Stefan Guilhen
aa945d5636 Add description field to OrganizationEntity
Closes #29356

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-07 10:35:51 -03:00
Pedro Igor
c0325c9fdb Do not manage brokers through the Organization API
Closes #29268

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 09:15:25 -03:00
Alice W
584e92aaba Add support for organizational invites to new and existing users based on tokens
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-05-06 17:57:13 -03:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971)
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-06 14:46:56 -03:00
Pedro Ruivo
4c6f3ce35d Remove unused code from model/infinispan module
Closes #29137

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-06 18:53:23 +02:00
Pedro Ruivo
fe5bed6191
Retry fetching event from remote cache
Closes #28303

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-06 17:27:07 +02:00
Michal Hajas
128bba34d3 Remove PERSISTENT_USER_SESSIONS_No_CACHE feature
Closes #29264

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-05-06 08:53:39 +02:00
Michal Hajas
8b715d3a31 Do not use LastSessionRefreshPersister with persistent user sessions enabled
Closes #29144

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-05-06 08:49:48 +02:00
Pedro Igor
32d25f43d0 Support for mutiple identity providers
Closes #28840

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-04 16:19:27 +02:00
Pedro Ruivo
82a959fa78 Remove WildFly Clustering Marshaller
Closes #29135

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-03 12:31:47 +02:00
Alexander Schwartz
05b6f897ce
Execute persistent sessions tests in CI and fix deadlock (#29236)
* Execute persistent sessions tests in CI and fix deadlock in UserSessionConcurrencyTest 
The deadlock was caused by a switch to reactive handling of embedded Infinispan updates introduced here #28862
Closes #29235

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-03 10:42:34 +02:00
Michal Hajas
e93b7d4f3a
Use computeIfPresent also for Persistent sessions
Follow-up-on #29073

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-05-02 16:43:54 +00:00
Stefan Guilhen
45e5e6cbbf Introduce filtered (and paginated) search for organization members
Closes #28844

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-02 11:25:43 -03:00
Michal Hajas
4c17c6107e Merge offline and online sessions transactions
Closes #29139
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 18:03:17 +02:00
Michal Hajas
7c427e8d38 Remove offline sessions timeouts adjusters as with persistent session we have bounded caches and it is no longer necessary to adjust time in caches
Closes #29140
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 18:03:17 +02:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions
All writes for the sessions are handled by a background thread which batches them.

Closes #28862

Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile

Closes #29141

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-04-30 14:07:35 +02:00
Pedro Igor
51352622aa Allow adding realm users as an organization member
Closes #29023

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-29 08:37:47 -03:00
Pedro Ruivo
17a700b6b9 Use cache.compute() method to improve the replace retry loop
Closes #29073

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-29 12:24:33 +02:00
Stefan Guilhen
bfabc291cc 28843 - Introduce filtered (and paginated) searches for organizations
Closes #28843

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-25 12:38:20 -03:00
vramik
c56f062416 Typo in Organization table
Closes #29054

Signed-off-by: vramik <vramik@redhat.com>
2024-04-24 11:23:44 -03:00
vramik
d65649d5c0 Make sure organization are only manageable by the admin users with the manage-realm role
Closes #28733

Signed-off-by: vramik <vramik@redhat.com>
2024-04-23 12:16:57 -03:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-04-22 11:42:18 -03:00
Stefan Guilhen
f1532565b6 Don't use no-arg version of GroupModel.getSubGroupsStream() when fetching the subgroups from the GroupResource endpoint.
- prevents pre-loading all groups; instead use the stream from the JPA adapter to load subgroups one by one and then filter based on the user permissions.

Closes #28935

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:27:29 -03:00
Stefan Guilhen
8ca4bc77a1 Improve the performance of the queries used to find granted resources
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time

Closes #28861

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:26:06 -03:00
Pedro Ruivo
3de5357091 CLI options to disable encryption and authentication to external Infinispan
Closes #28750

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
mposolda
c427e65354 Secondary factor bypass in step-up authentication
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
2024-04-19 14:43:53 +02:00