rmartinc
ad3b9fc389
KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups
2020-03-11 06:14:29 +01:00
Sebastian Schuster
99aba33980
KEYCLOAK-13163 Fixed searching for user with fine-grained permissions
2020-03-09 09:56:13 -03:00
Phy
8aa5019efe
KEYCLOAK-13074 Don't return LDAP group members if under IMPORT mode
...
If GroupLDAPStorageMapper is running under IMPORT mode, getGroupMembers should not return users in LDAP, which, according to how UserStorageManager.query works (getting both user federation and Keycloak storage), will cause duplicate users in the list.
A test has been added as well, which will fail before the fix in the mapper.
2020-03-06 11:44:36 +01:00
keycloak-bot
d352d3fa8e
Set version to 9.0.1-SNAPSHOT
2020-02-17 20:38:54 +01:00
BrunoJCM
5c910d6f13
KEYCLOAK-12437 Revert KEYCLOAK-11802 ( #6700 )
...
This reverts commit e018ca3e29
from:
Simplifying logic for determining disabled status (#6416 )
Co-authored-by: brunomedeiros-visagio <55057005+brunomedeiros-visagio@users.noreply.github.com>
2020-01-28 14:59:03 +01:00
mposolda
fea7b4e031
KEYCLOAK-12424 SPNEGO / Kerberos sends multiple 401 responses with WWW-Authenticate: Negotiate header when kerberos token is invalid
2020-01-09 10:21:24 +01:00
Tero Saarni
1ac76fde59
KEYCLOAK-12242 KEYCLOAK-12280
...
(cherry picked from commit 6f47d7fc2ccab4f31e373774c983501e83dffa4b)
2019-12-18 13:29:21 +01:00
Cédric Couralet
bde94f2f08
KEYCLOAK-11770 add an hardcoded attribute mapper ( #6396 )
...
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-12-10 12:57:46 +01:00
Martin Kanis
685d49c693
KEYCLOAK-11967 Violation of UNIQUE KEY constraint SIBLING_NAMES ( #6485 )
2019-11-26 16:00:50 +01:00
Ramon Spahr
0f00e23f96
KEYCLOAK-10977 Allow disabling Kerberos athentication with LDAP federation provider ( #6422 )
2019-11-18 14:12:26 +01:00
keycloak-bot
76aa199fee
Set version to 9.0.0-SNAPSHOT
2019-11-15 20:43:21 +01:00
Andrei Arlou
b72fe79791
KEYCLOAK-12015 Use StandartCharsets in org.keycloak.storage.ldap.idm.query.EscapeStrategy ( #6474 )
2019-11-14 17:10:31 +01:00
AlistairDoswald
4553234f64
KEYCLOAK-11745 Multi-factor authentication ( #6459 )
...
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
lounsbrough
e018ca3e29
KEYCLOAK-11802 Simplifying logic for determining disabled status ( #6416 )
...
* KEYCLOAK-11802 Simplifying logic for determining disabled status
2019-10-24 21:43:16 +02:00
Martin Kanis
37304fdd7d
KEYCLOAK-10728 Upgrade to WildFly 18 Final
2019-10-21 14:06:44 +02:00
Cédric Couralet
5f006b283a
KEYCLOAK-8316 Add an option to ldap provider to trust emails on import
...
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-10-04 16:28:02 +02:00
Felix Borchers
3d175dbe0c
KEYCLOAK-11582 Fix ldap groups sync which fails when syncing back to MSAD ( #6348 )
...
* KEYCLOAK-11582 Fix sync which fails when syncing to MSAD
2019-10-03 20:13:12 +02:00
Sven-Torben Janus
1887d3b038
KEYCLOAK-10942 Incorporate comments from code review
...
see https://github.com/keycloak/keycloak/pull/6251/files#r325212980
2019-09-18 09:47:18 +02:00
Sven-Torben Janus
f261c43fab
KEYCLOAK-10942 Support eDirectory GUID
...
Convert eDirectory GUID which is in binary format to a UUID in dashed
string format.
2019-09-18 09:47:18 +02:00
Jan Lieskovsky
7ab854fecf
[KEYCLOAK-8253] When syncing flat (all groups being the top-level ones) structure
...
of LDAP groups from federation provider to Keycloak, perform the search if the
currently processed group already exists in Keycloak in log(N) time
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 20:14:18 +02:00
Jan Lieskovsky
cfb225b499
[KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization
...
(in the direction from LDAP provider to Keycloak) from exponential to
linear time in the case of syncing flat LDAP groups structure
Add a corresponding test (intentionally configured as to be ignored
by CI/CD due to higher demand on time, required fo the test completion)
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 09:54:13 +02:00
mhajas
9c2525ec1a
KEYCLOAK-11245 Use transcription object for LDAP bindCredential
2019-09-09 19:39:53 +02:00
keycloak-bot
17e9832dc6
Set version to 8.0.0-SNAPSHOT
2019-07-19 19:05:03 +02:00
Sven-Torben Janus
c883c11e7e
KEYCLOAK-10158 Use PEM cert as X.509 user identity
...
Allows to use the full PEM encoded X.509 certificate from client cert
authentication as a user identity. Also allows to validate that user's
identity against LDAP in PEM (String and binary format). In addition,
a new custom attribute mapper allows to validate against LDAP when
certificate is stored in DER format (binay, Octet-String).
KEYCLOAK-10158 Allow lookup of certs in binary adn DER format from LDAP
2019-07-08 11:58:26 +02:00
Ian Duffy
de0ee474dd
Review feedback
2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4
[KEYCLOAK-10230] Support for LDAP with Start TLS
...
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
2019-05-27 21:30:01 +02:00
keycloak-bot
49d4e935cb
Set version to 7.0.0-SNAPSHOT
2019-04-17 09:48:07 +01:00
rmartinc
a9a4e9daae
KEYCLOAK-9884: "user-attribute-ldap-mapper" is not propagating the change of "username" (uid) attribute.
2019-03-27 19:07:51 +01:00
rmartinc
2602c222cd
KEYCLOAK-4640: LDAP memberships are being replaced instead of being added or deleted
2019-03-14 18:40:15 +01:00
keycloak-bot
e843d84f6e
Set version to 6.0.0-SNAPSHOT
2019-03-06 15:54:08 +01:00
stianst
e06c705ca8
Set version 5.0.0
2019-02-21 09:35:14 +01:00
mposolda
adc3017ff9
KEYCLOAK-8688 LDAPSyncTest is failing in some environments
2019-02-13 12:48:48 +01:00
stianst
7c9f15778a
Set version to 4.8.3.Final
2019-01-09 20:39:30 +01:00
stianst
7c4890152c
Set version to 4.8.2
2019-01-03 14:43:22 +01:00
Jonatas Esteves Silverio
0d9964c185
KEYCLOAK-7990 Use attribute name from config on LDAP group creation
...
Use CommonLDAPGroupMapperConfig.getMembershipLdapAttribute() instead of
constant LDAPConstants.MEMBER to honor the "membership.ldap.attribute"
config key when creating a LDAP group. This fixes an error when trying
to create a group on a DS server configured with a different member
attribute than the standard "member" (eg. 389ds).
2018-12-13 07:53:09 +01:00
mposolda
88141320ac
KEYCLOAK-9002 StackOverflowError when reading LDAP-backed users via REST API
2018-12-07 12:25:05 +01:00
stianst
b674c0d4d9
Prepare for 4.8.0.Final
2018-12-04 13:54:25 +01:00
Pedro Igor
91637120ee
[KEYCLOAK-5052] - LDAP group names containing / in the name violates SIBILING_NAME constraint in db
2018-11-23 08:48:08 -02:00
stianst
ecd476fb10
Prepare for 4.7.0.Final
2018-11-14 20:10:59 +01:00
vramik
7a96911a83
KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
...
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
stianst
c3fc9e9815
Set version to 4.6.0.Final-SNAPSHOT
2018-09-26 20:58:41 +02:00
stianst
1fb4ca4525
Set version to 4.5.0.Final
2018-09-06 20:08:02 +02:00
mposolda
959cd035ba
Set version to 4.3.0.Final-SNAPSHOT
2018-08-01 22:40:05 +02:00
mposolda
d0a824dde4
Updating version to 4.2.0.Final-SNAPSHOT
2018-07-05 07:42:48 -04:00
Jean-Loup Maillet
af47bd5da8
corrected groups set to be able to add group & explicit imports
2018-06-26 13:30:44 +02:00
J-Loup
0ee5c97b1c
Tooltip correction on group selection
...
Tooltip correction on group selection for hardcoded-ldap-group-mapper
2018-06-26 13:30:44 +02:00
Jean-Loup Maillet
d07f13eace
hardcoded-ldap-group-mapper
2018-06-26 13:30:44 +02:00
stianst
e1a0e581b9
Update to 4.1.0.Final-SNAPSHOT
2018-06-14 14:22:28 +02:00
Rick van den Hof
2e22dcfc47
Add unit tests
2018-05-29 10:03:54 +02:00
Rick van den Hof
16fd6558a6
Enable adding of default groups
2018-05-29 10:03:54 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final ( #5224 )
2018-05-24 19:02:30 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT ( #5185 )
2018-05-02 14:32:20 +02:00
Lubos.Palisek
2bab2acf5b
[KEYCLOAK-7239] Fixed ConcurrentModificationException while importing from LDAP with "ignoreMissingGroups" checked.
...
Fixed test so that now it checks this use case.
2018-04-26 18:54:00 +02:00
Ingo Bauersachs
5e4d173f1d
KEYCLOAK-7194: avoid NullPointerException ( #5157 )
2018-04-20 09:24:12 +02:00
Douglas Palmer
cf056b3464
[KEYCLOAK-6069] Allow configuration of LDAP connection pooling
2018-04-06 20:27:11 +02:00
stianst
07fea02146
Bump versions to 4.0.0.Beta2-SNAPSHOT
2018-03-26 18:17:38 +02:00
stianst
0bedbb4dd3
Bump version to 4.0.0.CR1-SNAPSHOT
2017-12-21 15:06:00 +01:00
mposolda
b793e42c53
KEYCLOAK-5017 Adding user to newly created group caused sync all groups to LDAP
2017-12-13 09:15:47 +01:00
stianst
37de8e9f69
Bump version to 3.4.2.Final-SNAPSHOT
2017-12-01 09:34:48 +01:00
mposolda
bd25040e22
KEYCLOAK-5827 Retrieve member attribute from LDAP on group/role queries just when necessary
2017-11-15 15:29:19 +01:00
mposolda
c4a1764801
KEYCLOAK-5836 More logging around LDAP performance. Added LdapManyObjectsInitializerCommand to easily add many users and groups to the LDAP
2017-11-15 15:29:19 +01:00
mposolda
0c414eee80
KEYCLOAK-5848 Possibility to configure different attribute for GET_GROUPS_FROM_USER_MEMBEROF_STRATEGY
2017-11-14 15:05:26 +01:00
Stian Thorgersen
128ff12f8f
Bump versions
2017-11-09 15:37:21 +01:00
Bill Burke
54ebc21880
KEYCLOAK-5698
2017-10-19 19:38:56 -04:00
Cédric Couralet
656fc5d7c0
KEYCLOAK-4052 - add an option to validate Password Policy for ldap user storage
2017-10-13 13:54:50 +02:00
Markus Heberling
79c51a6a80
KEYCLOAK-5510
...
Allow import of groups with missing subgroups.
2017-09-21 13:11:49 +02:00
Przemyslaw Kadej
5b1a761b0f
KEYCLOAK-5453 - Empty RDNs makes Keycloak unstable
2017-09-12 13:28:35 +02:00
filipe lautert
f1628ab903
KEYCLOAK-5381 Implementation of method LDAPStorageProvider.searchForUserByUserAttribute and tests for it.
2017-08-31 16:13:03 -03:00
Stian Thorgersen
463661b051
Set version to 3.4.0.CR1-SNAPSHOT
2017-08-28 15:46:22 +02:00
mposolda
07e2136b3b
KEYCLOAK-4187 Added UserSession support for cross-dc
2017-07-27 22:32:58 +02:00
Stian Thorgersen
454c5f4d83
Set version to 3.3.0.CR1-SNAPSHOT
2017-06-30 09:47:11 +02:00
mposolda
e91dd011c5
KEYCLOAK-4438 Disable kerberos flow when provider removed
2017-06-21 09:38:20 +02:00
mposolda
8adde64e2c
KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout
2017-05-23 09:08:58 +02:00
Stian Thorgersen
87dedb56e5
Set version to 3.2.0.CR1-SNAPSHOT
2017-04-27 14:23:03 +02:00
Stian Thorgersen
54ee055bd8
KEYCLOAK-4671 Add server-private-spi to dependency deployer
2017-04-25 10:16:24 +02:00
Stian Thorgersen
a87ee04024
Bump to 3.1.0.CR1-SNAPSHOT
2017-03-16 14:21:40 +01:00
mposolda
091b376624
KEYCLOAK-1590 Realm import per test class
2017-03-01 09:38:44 +01:00
mposolda
098d8e915d
KEYCLOAK-4433 Added HardcodedLDAPAttributeMapper
2017-02-21 08:29:57 +01:00
Bill Burke
c3e72b11db
KEYCLOAK-4382
2017-02-13 10:51:10 -05:00
Bill Burke
d9633dc20c
Merge remote-tracking branch 'upstream/master'
2017-02-09 09:13:00 -05:00
Bill Burke
cf5e2a1d20
unlink/remoteimported
2017-02-08 19:48:22 -05:00
Bill Burke
f128be9b31
LDAP No-Import
2017-02-04 10:29:34 -05:00
mposolda
73cad40fb7
KEYCLOAK-4364 Fix OpenLDAP issue with renaming DN
2017-02-02 22:21:29 +01:00
Bill Burke
79dede8e78
KEYCLOAK-4363
2017-02-01 10:19:15 -05:00
Stian Thorgersen
6f22f88d85
Bump version to 3.0.0.CR1
2017-01-26 06:18:11 +01:00
mposolda
57127f39d0
KEYCLOAK-4269
2017-01-23 13:36:54 +01:00
mposolda
39f8311484
KEYCLOAK-2403 Cannot create user in LDAP/AD from Keycloak using Full Name User Federation Mapper
2017-01-20 21:08:26 +01:00
mposolda
3444fb62f1
KEYCLOAK-4266 MSAD: User is disabled after registration
2017-01-19 21:32:10 +01:00
mposolda
843b4b470b
KEYCLOAK-2333 LDAP/MSAD password policies are not used when user changes password
2017-01-17 21:06:09 +01:00
Marek Posolda
227900f288
Merge pull request #3731 from mposolda/master
...
KEYCLOAK-4175 Provide a way to set the connect and read timeout for l…
2017-01-10 09:49:18 +01:00
Stian Thorgersen
7eeebff874
Merge pull request #3720 from hmlnarik/KEYCLOAK-4091-Possible-NullPointerExceptions-with-disabled-cache
...
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-10 06:23:10 +01:00
mposolda
c32620b718
KEYCLOAK-4175 Provide a way to set the connect and read timeout for ldap connections
2017-01-09 21:35:58 +01:00
mposolda
a09bc6520f
KEYCLOAK-2888 KEYCLOAK-3927 Fully migrate kerberos tests to the new testsuite
2017-01-09 13:50:41 +01:00
Hynek Mlnarik
377fbced4a
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-06 10:00:11 +01:00
Stian Thorgersen
e805ffd945
Bump version to 2.5.1.Final-SNAPSHOT
2016-12-22 08:22:18 +01:00
mposolda
4b6df5d489
LDAP polishing
2016-12-19 18:11:23 +01:00
mposolda
ac00f7fee2
KEYCLOAK-4087 LDAP group mapping should be possible via uidNumber in memberUid mode
2016-12-19 16:27:57 +01:00
Slawomir Dabek
93cec9b3ee
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 10:55:12 +01:00
mposolda
7453e96f5c
KEYCLOAK-2397 LDAP_ENTRY_DN attribute in LDAP user storage is not updated on changes in LDAP
2016-12-15 21:12:29 +01:00
mposolda
40216b5e7d
KEYCLOAK-3921 LDAP binary attributes
2016-12-13 18:31:26 +01:00