libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
22083 commits 4 branches 5 tags 480 MiB
Commit graph

245 commits

Author SHA1 Message Date
David Anderson
ce1331f550
Remove bouncycastle dependency from keycloak-services (#13489) 
Closes #12857


Co-authored-by: mposolda <mposolda@gmail.com>
 2022-08-22 15:43:59 +02:00
Alexander Schwartz
bd926b8fd0 Remove warning from StoragePropertyMappers about the deployment state version seed 
It duplicates the logic in the provider and is incomplete. A follow-up issue will investigate how a provider can defer a configuration option.

Closes #13807
 2022-08-17 13:55:05 -03:00
Martin Kanis
57f2f4654a Add limit for authSessions per rootAuthSession in map storage 2022-08-10 12:56:37 +02:00
Alexander Schwartz
8470a30446 Introduce CLI parameter to set the deployment state version seed 
Closes #12710
 2022-07-27 20:10:17 +02:00
Michal Hajas
eb1f31e9dd Optimize user-client session relationship for HotRod storage 
Closes #12818
 2022-07-26 09:00:13 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282) 
Closes #10135
 2022-07-25 10:57:52 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory 
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
 2022-07-22 08:20:00 +02:00
Martin Kanis
c8a6846ee0 Remove offline sessions when deleting a realm 2022-07-19 16:40:22 +02:00
Alexander Schwartz
30b41d02b4 Move non-map-storage related classes to new package 
Closes #13081
 2022-07-15 09:46:29 -03:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241) 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
 2022-07-14 12:07:02 -03:00
Pedro Igor
b80731decf
Remove any legacy provider from runtime when running the new store (#12963) 2022-07-13 07:30:14 -03:00
Michal Hajas
34d8629477
Convert ClientSessionIdleTimeout from seconds to milliseconds before … (#13048) 2022-07-13 07:29:52 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4 
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2022-07-11 12:17:51 -03:00
Michal Hajas
0f86427dd0 Make user->client sessions relationship consistent 
Closes #12817
 2022-07-11 08:42:28 -03:00
Michal Hajas
5f7f4ad850 Reflect SingleUseObject store objectKey changes to HotRod implementation 
Closes #12480
 2022-07-08 10:34:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider (#12897) 
Split PublicKeyStorageProvider

- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates

Resolves #12763

Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2022-07-05 09:57:51 -03:00
Stefan Guilhen
007fa1f374 Single Use Objects Map JPA implementation 
Closes #9852
 2022-07-04 10:05:51 -03:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType 
This reverts commit 3b5a578934.
 2022-06-30 12:20:51 -03:00
Alexander Schwartz
692ce0cd91 Moving ClientStorageProvider to the legacy modules 
This prepares the move of CachedObject and CacheableStorageProviderModel

Closes #12531

fixup! Moving ClientStorageProvider to the legacy modules
 2022-06-29 20:04:32 +02:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants 
Closes #12485
 2022-06-29 13:35:11 +02:00
vramik
91335ebaad Change returning type to Set in MapClientEntity when obtaining protocol mappers 
Closes #11136
 2022-06-28 21:47:56 +02:00
Alexander Schwartz
4b499c869c Encapsulate MigrationModelManager in legacy module 
Closes #12214
 2022-06-28 10:53:04 +02:00
Michal Hajas
e0efdcae22 Make sure HotRod store does not return empty delegate 
Closes #12304
 2022-06-27 15:10:18 +02:00
Stefan Guilhen
7d96f3ad5a Events Map JPA implementation 
Closes #9667
 2022-06-21 13:53:48 +02:00
Alexander Schwartz
896afc4644 rename SingleEntityCredentialManager to SubjectCredentialManager, part 2 2022-06-21 08:53:06 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
f1ca325b6b Add map datastore provider 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager(): 
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in 
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Michal Hajas
0719d3e49b Remove EXPIRATION fields and add expired entities filtering to all queries automatically 
Closes #12563
 2022-06-20 21:45:32 +02:00
Michal Hajas
22f9b0fee3 Unify expiration handling for SingleUseObjects 
Closes #12205
 2022-06-20 21:45:32 +02:00
vramik
1b3a76d0af Do not persist client sessions of transient user sessions 
Closes #12357
 2022-06-15 10:54:23 +02:00
vramik
df41f233d5 Introduce unique index for enums stored by storages 
Closes #12277
 2022-06-15 09:12:10 +02:00
Martin Kanis
df72cf72f2 Hot Rod map storage: Single-use (action token) no-downtime store 2022-06-06 16:01:18 +02:00
Martin Kanis
75754eca6b Extract timestamp from Expirable entity 2022-06-01 13:03:31 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store 
Closes #9669
 2022-05-30 21:05:34 +02:00
Michal Hajas
9b36ea0269 Add cascade removal of client session on user session removal for HotRod 
Closes #12096
 2022-05-30 09:58:54 +02:00
Michal Hajas
1a98765fb7 Fix cascade removal of client session on user session removal for CHM 
Closes #12146
 2022-05-30 09:58:54 +02:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store 
Closes #11947
 2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
Alexander Schwartz
d1a92680f5 Optimize querying sub-groups of groups 
Closes #12080
 2022-05-19 14:46:53 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation 
Closes #11189
 2022-05-17 12:57:35 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities 
Closes #11817
 2022-05-11 07:20:01 -03:00
Alexander Schwartz
bfab03b837 Throw an IllegalArgumentException once a ClassCastException occurs. 
Closes #11775
 2022-05-11 09:19:09 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services 
Closes #9679
 2022-05-06 15:31:38 +02:00
Michal Hajas
fc974fc019 Update composite roles on child role removal 
Closes #11769
 2022-05-05 15:18:18 +02:00
vramik
0d83b51b20 Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field 
Co-authored-by Michal Hajas <mhajas@redhat.com>

Closes #10883
 2022-05-03 12:56:27 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups 
Closes: 11771

see also KEYCLOAK-18308
 2022-05-02 14:13:37 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed 
Closes #11076
 2022-04-28 11:09:17 +02:00
vramik
5248815091 Disable infinispan realm and user cache for map storage tests 
Closes #11213
 2022-04-25 09:38:49 +02:00
Hynek Mlnarik
0ce5dfc09c Remove dependency of map on services 
Fixes: 8903
 2022-04-22 17:27:21 +02:00
vramik
3d1118223b New Storage: Testsuite fails when JPA Map storage is enabled for groups 
Closes #11369
 2022-04-21 11:14:35 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance (#11220) 
Closes #11148
 2022-04-19 09:10:14 +02:00
Bruno Oliveira da Silva
f9d4566723 Replace the cryptographic algorithm by SHA-2 
The static code scanning analysis detected the usage of MD5 as part of [
MapDeploymentStateProviderFactory](a6dd9dc0f1/model/map/src/main/java/org/keycloak/models/map/deploymentState/MapDeploymentStateProviderFactory.java (L58-L58)).

Even though we could not find any ways of exploiting the code, we should
avoid its usage considering that MD5 is not collision-resistant.

Resolves #11290
 2022-04-18 07:10:04 -03:00
Alexander Schwartz
5c1a8d401d Store time as seconds as a long in map store 
This avoids overflowing the value in 2038.

Closes #10960
 2022-04-12 14:22:44 +02:00
Stefan Guilhen
d952669f69 Add clearUpdatedFlag so the flag in associated protocol mappers can be cleared as well 
Closes #11118
 2022-04-08 09:36:55 +02:00
Michal Hajas
1f2ebf4cba Add HotRod no downtime store for Realms 
Closes #9670
 2022-04-08 09:36:01 +02:00
Martin Kanis
3bb4081bd1 Convert user / client session entities into interface 2022-04-08 09:34:01 +02:00
Michal Hajas
f4f5928727 Add type to filters in MapResourceStore 
Closes #11154
 2022-04-07 15:10:20 -03:00
Martin Kanis
3356e8b098 Convert login failure entities into interface 2022-03-29 18:40:53 +02:00
Stefan Guilhen
d8bee26ec8 Implement AbstractClientEntity.isUpdated to account for changes in associated protocol mappers. 
Closes #10927
 2022-03-29 18:35:28 +02:00
Martin Kanis
e493b08fa7 Add expiration field to root authentication session 2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring 
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
 2022-03-22 20:49:40 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Martin Kanis
2394855f48 Add merge tasks optimization to ConcurrentHashMapKeycloakTransaction.delete 2022-03-21 16:45:48 +01:00
Michal Hajas
c18a682f50 Do not store undefined values in store 
Closes #10744
 2022-03-17 16:44:33 +01:00
Martin Kanis
1a4d7c297a
Change authentication sessions map to set (#10596) 2022-03-10 08:45:24 +01:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname 
It's always a converter, unless electricity is involved.

Closes #10573
 2022-03-09 08:28:52 -03:00
Alexander Schwartz
3c3f003a38 LDAP Map storage support to support read/write for roles 
Closes #9929
 2022-03-08 12:03:10 +01:00
Michal Hajas
f77ce315bb Disable Authz caching for new storage tests 
Closes #10500
 2022-03-07 10:22:55 -03:00
Martin Kanis
6c64d465ea Convert authentication session entities into interface 2022-03-04 10:50:18 +01:00
Michal Hajas
b4281468d0 Convert Map Realm Entities into interfaces 
Closes #9736
 2022-02-24 13:23:19 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore 
Closes #10442
 2022-02-24 12:46:26 +01:00
vramik
589606b1c1 JPA map storage: Groups no-downtime store 
Closes #9660
 2022-02-15 08:54:41 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
Michal Hajas
b50b8f883b Implement HotRod storage for Users 
Closes #9671
 2022-02-11 10:20:36 +01:00
Alexander Schwartz
45df1adba9 Update generics in JPA Map storage to avoid casting and compiler warnings 
Closes #10060
 2022-02-08 17:38:53 +01:00
Michal Hajas
c648e121ed Convert authz entities into interfaces 
Closes #9740
 2022-01-31 13:51:56 +01:00
bal1imb
9621d513b5 KEYCLOAK-18727 Improve user search query 2022-01-26 17:03:05 +01:00
Alexander Schwartz
9e257d4a01 Added warning when storage contains multi-valued attributes and Keycloak model doesn't support them. 
Closes #9714
 2022-01-26 15:40:00 +01:00
Alexander Schwartz
e2ac7b38f4 Adding missing database constraints for clients in JPA map storage. 
This should ensure consistency for the store even in the event of concurrent creation of clients by multiple callers.

Closes #9610
 2022-01-23 20:34:28 +01:00
vramik
873a44459a Convert MapClientScopeEntity to interface 
Closes #9657
 2022-01-23 16:56:25 +01:00
Martin Kanis
ddcabe61b2 KEYCLOAK-19571 Add indices to HotRodClientEntity fields 2022-01-20 17:46:47 +01:00
vramik
7b89d151c1 KEYCLOAK-18565 JPA roles no-downtime store 2022-01-20 12:02:35 +01:00
vramik
22bcdcb630 MapRoleProvider could return also client roles when searching for realm roles 
Closes #9587
 2022-01-19 16:39:59 +01:00
Konstantinos Georgilakis
db0b36460f KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider 2022-01-15 20:15:27 +01:00
Michal Hajas
ab9413b48c Store user nested entities in Set instead of Map 2022-01-10 15:57:45 +01:00
Michal Hajas
9849df3757 Convert MapUserEntity to interface 2022-01-10 15:57:45 +01:00
Hynek Mlnařík
d39eb95705
Introduce per-field delegation of entities 2022-01-05 14:06:45 +01:00
Michal Hajas
96b2669a00 Refactoring of constructors for generated entities 2021-12-22 16:00:10 +01:00
keycloak-bot
9f3d4a7d42 Set version to 17.0.0-SNAPSHOT 2021-12-20 10:50:39 +01:00
vramik
44184ab0cb MapRoleProvider uses ILIKE operator when EQ operator should be used 
Closes #9130
 2021-12-16 10:31:43 +01:00
vramik
c6312e3308 KEYCLOAK-18717 KEYCLOAK-18716 KEYCLOAK-18715 KEYCLOAK-18713 KEYCLOAK-18712 KEYCLOAK-18711 JPA clients no-downtime store 2021-12-15 13:32:49 +01:00
vramik
848b170a96 Use DeepCloner.Builder().constructorDC in cases when possible 
Closes #9141
 2021-12-15 10:28:08 +01:00
Hynek Mlnarik
8e03942e87 Enhance available tree operations 
Fixes #9022
 2021-12-13 18:05:45 +01:00
Hynek Mlnarik
3c7e5c8440 Create delegates and empty instances in DeepCloner 
Fixes: #9030
 2021-12-13 18:04:48 +01:00