libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
24889 commits 4 branches 5 tags 483 MiB
Commit graph

2322 commits

Author SHA1 Message Date
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971) 
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-06 18:57:55 +00:00
Stefan Guilhen
dae1eada3d Add enabled field to OrganizationEntity 
Closes #28891

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-06 14:46:56 -03:00
Pedro Ruivo
4c6f3ce35d Remove unused code from model/infinispan module 
Closes #29137

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-06 18:53:23 +02:00
Pedro Ruivo
fe5bed6191
Retry fetching event from remote cache 
Closes #28303

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-06 17:27:07 +02:00
Michal Hajas
128bba34d3 Remove PERSISTENT_USER_SESSIONS_No_CACHE feature 
Closes #29264

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-06 08:53:39 +02:00
Michal Hajas
8b715d3a31 Do not use LastSessionRefreshPersister with persistent user sessions enabled 
Closes #29144

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-06 08:49:48 +02:00
Pedro Igor
32d25f43d0 Support for mutiple identity providers 
Closes #28840

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-05-04 16:19:27 +02:00
Pedro Ruivo
82a959fa78 Remove WildFly Clustering Marshaller 
Closes #29135

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-05-03 12:31:47 +02:00
Alexander Schwartz
05b6f897ce
Execute persistent sessions tests in CI and fix deadlock (#29236) 
* Execute persistent sessions tests in CI and fix deadlock in UserSessionConcurrencyTest 
The deadlock was caused by a switch to reactive handling of embedded Infinispan updates introduced here #28862
Closes #29235

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-03 10:42:34 +02:00
Michal Hajas
e93b7d4f3a
Use computeIfPresent also for Persistent sessions 
Follow-up-on #29073

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-05-02 16:43:54 +00:00
Stefan Guilhen
45e5e6cbbf Introduce filtered (and paginated) search for organization members 
Closes #28844

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-02 11:25:43 -03:00
Michal Hajas
4c17c6107e Merge offline and online sessions transactions 
Closes #29139
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 18:03:17 +02:00
Michal Hajas
7c427e8d38 Remove offline sessions timeouts adjusters as with persistent session we have bounded caches and it is no longer necessary to adjust time in caches 
Closes #29140
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 18:03:17 +02:00
Alexander Schwartz
d69872fa11
Batch writes originating from logins/logouts for persistent sessions 
All writes for the sessions are handled by a background thread which batches them.

Closes #28862

Wait for persistent-store to contain update
instead of cache which has the change immediately since it is in memory + introduce new model-test profile

Closes #29141

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-04-30 14:07:35 +02:00
Pedro Igor
51352622aa Allow adding realm users as an organization member 
Closes #29023

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-29 08:37:47 -03:00
Pedro Ruivo
17a700b6b9 Use cache.compute() method to improve the replace retry loop 
Closes #29073

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-29 12:24:33 +02:00
Stefan Guilhen
bfabc291cc 28843 - Introduce filtered (and paginated) searches for organizations 
Closes #28843

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-25 12:38:20 -03:00
vramik
c56f062416 Typo in Organization table 
Closes #29054

Signed-off-by: vramik <vramik@redhat.com>
 2024-04-24 11:23:44 -03:00
vramik
d65649d5c0 Make sure organization are only manageable by the admin users with the manage-realm role 
Closes #28733

Signed-off-by: vramik <vramik@redhat.com>
 2024-04-23 12:16:57 -03:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400. 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2024-04-22 11:42:18 -03:00
Stefan Guilhen
f1532565b6 Don't use no-arg version of GroupModel.getSubGroupsStream() when fetching the subgroups from the GroupResource endpoint. 
- prevents pre-loading all groups; instead use the stream from the JPA adapter to load subgroups one by one and then filter based on the user permissions.

Closes #28935

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-22 11:27:29 -03:00
Stefan Guilhen
8ca4bc77a1 Improve the performance of the queries used to find granted resources 
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time

Closes #28861

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-22 11:26:06 -03:00
Pedro Ruivo
3de5357091 CLI options to disable encryption and authentication to external Infinispan 
Closes #28750

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
mposolda
c427e65354 Secondary factor bypass in step-up authentication 
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit e632c03ec4dbfbb7c74c65b0627027390b2e605d)
 2024-04-19 14:43:53 +02:00
Joerg Matysiak
76a5a27082 Refactored StripSecretsUtils in order to make it unit-testable, added unit tests for it 
Don't mask secrets at realm export

Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
 2024-04-18 18:26:47 -03:00
Pedro Igor
7483bae130 Make sure admin events are not referencing sensitive data from their representation 
Closes #21562

Signed-off-by: Joerg Matysiak <joerg.matysiak@bosch.com>
 2024-04-18 18:26:47 -03:00
Pedro Igor
1e3837421e Organization member onboarding using the organization identity provider 
Closes #28273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-17 07:24:01 -03:00
Alexander Schwartz
13af4f44f5
Defer updates of last session updates and batch them (#28502) 
Defer updates of last session refreshes and batch them

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-04-17 09:25:05 +02:00
Martin Kanis
f764a9cb4a NPE when listing sessions in UI if associated user is gone 
Closes #28801

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-04-16 11:53:36 -03:00
Pedro Ruivo
2494ad6950 Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory 
Closes #28752

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-16 10:51:57 +02:00
Stefan Guilhen
2ab8bf852d Add validation for the organization's internet domains. 
Closes #28634

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-15 09:03:52 -03:00
Alexander Schwartz
004f419fd0 Leave a tombstone after the deletion of a cache entry 
This captures the scenario of multiple deletion calls in the current session.

Closes #28672

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-12 17:00:19 +02:00
Pedro Igor
61b1eec504 Prevent members with an email other than the domain set to an organization 
Closes #28644

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-12 08:33:18 -03:00
Alexander Schwartz
b4cfebd8d5
Persistent sessions code also for offline sessions (#28319) 
Persistent sessions code also for offline sessions

Closes #28318

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-12 13:15:02 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default 
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-04-12 10:53:39 +02:00
Douglas Palmer
69ba92808d DefaultBruteForceProtector leverages a single thread to write success/failed events 
Closes #14084

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-04-12 09:53:40 +02:00
Pedro Igor
8f8094408e Encapsulate the logic to set attributes into the domain model 
Closes #28646

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-11 15:32:21 -03:00
ali_dandach
eb77220cca
Fix string comparison for action 
Closes #28628

Signed-off-by: ali dandach <alidandach1995@gmail.com>
 2024-04-11 17:59:57 +02:00
tqe1999
6e0fc8a774
fix integer overflow with explicit cast 
Closes #28564

Signed-off-by: tqe1999 <tqe1999@gmail.com>
 2024-04-11 10:58:44 +02:00
Stefan Guilhen
9a466f90ab Add ability to set one or more internet domain to an organization. 
Closed #28274

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-10 13:18:12 -03:00
vramik
00ce3e34bd Manage a single identity provider for an organization 
Closes #28272

Signed-off-by: vramik <vramik@redhat.com>
 2024-04-10 09:47:51 -03:00
Martin Kanis
51fa054ba7 Manage organization attributes 
Closes #28253

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-04-10 09:10:49 -03:00
Michal Hajas
1bb5e14134 Use ReentrantLock instead of synchronized to avoid thread pinning 
+ since the runSerialized mechanism is currently on the best effort basis it is possible there are concurrent executions if T1 obtained a lock T2 removed the lock and T3 created a new lock before T1 called putIfAbsent therefore I added a debug log detecting this situation

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-04-09 14:55:21 +02:00
Alexander Schwartz
355901dfd8 Add a back-off period when replacing cache entries fails 
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 14:55:21 +02:00
Alexander Schwartz
63e7523a6d Avoid unnecessary updates to the sessions during refreshes of tokens 
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 14:55:21 +02:00
Alexander Schwartz
dc18bd4efb Avoid conflicts when writing to session stores by checking for concurrent requests within the JVM 
Closes #28388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-09 14:55:21 +02:00
Stijn Last
e9498079e0 LDAP: Show error message when groups synchronization fails 
closes: #28436
Signed-off-by: Stijn Last <stijn.last@barco.com>
 2024-04-09 09:10:19 -03:00
vibrown
3fffc5182e Added ClientType implementation from Marek's prototype 
Signed-off-by: vibrown <vibrown@redhat.com>

More updates

Signed-off-by: vibrown <vibrown@redhat.com>

Added client type logic from Marek's prototype

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

updates

Signed-off-by: vibrown <vibrown@redhat.com>

Testing to see if skipRestart was cause of test failures in MR
 2024-04-08 20:20:37 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00