Commit graph

337 commits

Author SHA1 Message Date
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971)
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Robin Meese
8a5fb8337b Fix catching NameAlreadyBoundException
Closes #29142

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
2024-05-02 15:10:08 -03:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-04-22 11:42:18 -03:00
Stefan Guilhen
e6b9d287af Add null checks after retrieving user from LDAP for validation to prevent NPE when user is removed in LDAP.
Closes #28523

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-11 14:29:30 -03:00
Stijn Last
e9498079e0 LDAP: Show error message when groups synchronization fails
closes: #28436
Signed-off-by: Stijn Last <stijn.last@barco.com>
2024-04-09 09:10:19 -03:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Stefan Guilhen
9bb2402d3b Propagate Username LDAP Attribute changes to the username mapper to keep mapper and main LDAP storage config in synch.
Closed #27984

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-03 09:11:55 -03:00
Stefan Guilhen
2ca59d4141 Align isEnabled in MSAD mappers to how other properties are processed in UserAttributeLDAPStorageMapper
- user model is updated by onImport with the enabled/disabled status of the LDAP user
- a config option always.read.enabled.value.from.ldap was introduced, in synch to what we have in UserAttributeLDAPStorageMapper
- isEnabled checks the flag to decide if it should always retrieve the value from LDAP, or return the local value.
- setEnabled first updates the LDAP tx, and then calls the delegate to avoid issue #24201

Closes #26695
Closed #24201

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-01 08:20:35 -03:00
Pedro Igor
b9a7152a29 Avoid commiting the transaction prematurely when creating users through the User API
Closes #28217

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-27 19:16:09 -03:00
rmartinc
d679c13040 Continue LDAP search if a duplicated user (ModelDuplicateException) is found
Closes #25778

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-13 08:52:58 -03:00
Ricardo Martin
3bc074913e
Allow LDAP provider to search using any attribute configured via mappers (#26235)
Closes #22436

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-21 08:48:39 +00:00
Stefan Guilhen
143ccbfa15 Check if kerberos auth is enabled before creating the kerberos principal in LDAPStorageProvider
- prevents misleading warn messages from being logged

Closes #25294

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-16 15:44:45 +01:00
Stefan Guilhen
2161e72872 Add migration for the useTruststoreSpi config property in LDAP user storage provider
- legacy `ldapsOnly` value now migrated to `always`.

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-12 11:53:19 +01:00
Stefan Guilhen
eac43822c3 Avoid changing the config value for the useTruststoreSpi property
- prevents cached LDAPConfig entry from changing when retrieving this value

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-12 11:53:19 +01:00
Stefan Guilhen
d3ae075a33 Fix MembershipType so that NPE is not thrown when an empty member is found within a group
Closes #25883

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-02-09 19:04:37 +01:00
rmartinc
509f618992 Improvements for test connection and authentication in the LDAP provider
Closes #26464

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-06 13:04:06 -03:00
Marek Posolda
651d99db25
Allow selecting attributes from user profile when managing token mappers (#26415)
* Allow selecting attributes from user profile when managing token mappers
closes #24250

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-01-25 17:01:02 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273)
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
rmartinc
42f0488d76 Avoid returning duplicated users in LDAP and unsynced
Closes #24141

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 12:47:15 +01:00
Réda Housni Alaoui
5287500703 @NoCache is not considered anymore
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2024-01-02 09:06:55 -03:00
mposolda
eb184a8554 More info on UserProfileContext
closes #25691

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-19 13:00:31 -03:00
rmartinc
4e7bd76954 Use conditions instead of String for filters and just use default escape strategy
Closes https://github.com/keycloak/keycloak/issues/24767

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-14 15:50:46 -03:00
rmartinc
c8009b4627 Ensure that all LDAP conditions escape attribute values
Closes https://github.com/keycloak/keycloak/issues/24767

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-12-14 15:50:46 -03:00
Ricardo Martin
f78c54fa42
Fixes for LDAP group membership and search in chunks
Closes #23966
2023-12-08 17:55:17 +01:00
mposolda
479e6bc86b Update Kerberos provider for user-profile
closes #25074

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-29 15:21:26 -03:00
Tero Saarni
ab3758842c
Add configuration option for LDAP referral (#24852)
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-11-28 14:06:34 +01:00
Pedro Igor
2c611cb8fc User profile configuration scoped to user-federation provider
closes #23878

Co-Authored-By: mposolda <mposolda@gmail.com>

Signed-off-by: mposolda <mposolda@gmail.com>
2023-11-27 14:45:44 +01:00
Stian Thorgersen
a32b58d337
Escape ldap id when using normal attribute syntax (#25) (#25036)
Closes https://github.com/keycloak/security/issues/46

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
2023-11-27 11:38:14 +01:00
rmartinc
6963364514 Keep same name on update for LDAP attributes
Closes https://github.com/keycloak/keycloak/issues/23888
2023-11-09 23:54:45 +01:00
Alice
69497382d8
Group scalability upgrades (#22700)
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
rmartinc
d10ccc7245 Use jdk LdapName and Rdn to parse inside LDAPDn and RDN and avoid string conversions
Closes: https://github.com/keycloak/keycloak/issues/21797
Closes: https://github.com/keycloak/keycloak/issues/21818
2023-10-19 08:31:49 +02:00
Martin Bartoš
21a23ace1d Mark required config properties for LDAP Mappers
Closes #23685
2023-10-09 08:46:57 +02:00
Michal Hajas
496c5ad989 Use new findGroupByPath implementation and remove the old one
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2023-09-25 10:44:24 +02:00
Bernd Bohmann
bb2f59df87
Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430)
Closes #14820 
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-09-20 17:20:43 +02:00
Pedro Igor
217a09ce46 Switch to Resteasy Reactive
Closes #10713
2023-09-18 09:19:03 -03:00
Hynek Mlnarik
8effe31fdf Fix ldap:// with STARTTLS
Closes: #21935
2023-09-14 10:07:09 +02:00
rmartinc
48ab2b1688 FullNameLDAPStoreMapper removes values for other attributes
Closes https://github.com/keycloak/keycloak/issues/22526
2023-09-13 08:11:32 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation
closes #20045
2023-08-30 13:24:48 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531)
closes #22352 #9422
2023-08-29 11:21:01 +00:00
rmartinc
7336ff07ac Check RDN attribute for DN membership
Closes https://github.com/keycloak/keycloak/issues/20718
2023-07-21 11:13:45 +02:00
Stijn Last
91e543f415
Improve error messages when testing LDAP connection (#21013)
Closes #15434
2023-07-01 19:45:49 +02:00
Hynek Mlnarik
c092c76ae8 Remove ldapsOnly (Java)
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.

Closes: #9313
2023-06-28 08:30:09 +02:00
vramik
535bba5792 Update UserQueryProvider methods
Closes #20438
2023-06-12 16:04:26 +02:00
Alexander Schwartz
512e30b210 Add escaping for fields with wildcard search
Closes #20510
2023-05-31 14:38:04 +02:00
vramik
a175efcb72 Split UserQueryProvider into UserQueryMethods and UserCountMethods and make LdapStorageProvider implement only UserQueryMethods
Co-authored-by: mhajas <mhajas@redhat.com>

Closed #20156
2023-05-31 11:47:54 +02:00
damien-malescot
1007d6a6d8 Fix AD/LDS password expiration
Closes #13084
2023-05-29 09:20:25 +02:00
vramik
bdbbd2959d User search with LDAP federation not consistent
Closes #10195
2023-05-23 11:48:33 +02:00
vramik
fd6a6ec3ad Make LDAP searchForUsersStream consistent with other storages
Co-authored-by: mhajas <mhajas@redhat.com>

Closes #17294
2023-05-19 08:40:41 +02:00
Pedro Hos
ca06c49909 Removing duplicated serverPrincipal at LDAPStorageProviderFactory.java
closes #20101
2023-05-16 15:20:38 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.*
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
2023-04-27 13:36:54 +02:00