* Avoid path traversal vis double-url encoding of redirect URI (#8)
(cherry picked from commit a2128fb9e940d96c2f9a64edcd4fbcc768eedb4f)
* Do not resolve user session if corresponding auth session does not exist (#7)
* Stabilizing the ConcurrentLoginTest when running with JPA map storage by locking user sessions (#9)
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
- Tests still disabled for Hotrod and CHM
- Fixes concurrent login issues with CRDB. Verified with both PostgreSQL and CockroachDB.
Closes#12707Closes#13210
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed
Closes#15614
- add order-by-clause to the corresponding JPA query (ordering by username ASC)
- adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles)
- adjust tests to use the new method and check that the expected order is returned
Closes#14772
* Short passwords with PBKDF2 mode working
Closes#14314
* Add config option to Pbkdf2 provider to control max padding
* Update according to PR review - more testing for padding and for non-fips mode
* Remove Red Hat Single Sign-On product profile from upstream
Closes#14916
* review suggestions: Remove Red Hat Single Sign-On product profile from upstream
Closes#14916
Co-authored-by: Peter Skopek <pskopek@redhat.com>
Refactoring ThemeSelector and DefaultThemeManager to re-use the same logic for selecting default theme as there used to be two places where one had a broken implementation
Closes#14889
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
- moving a group
- renaming a group
- renaming a role
- renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior
Closes#11236
