rmartinc
711440e513
[ #11036 ] Identity Providers: Add support for elliptic curve signatures (ES256/ES384/ES512) using JWKS URL
2022-06-21 10:52:25 -03:00
Alexander Schwartz
ae7c01b719
Moving the CacheRealmProvider interface to the legacy module
2022-06-21 08:53:06 +02:00
Alexander Schwartz
7855b93390
Moving the UserCache interface to the legacy module
...
Co-Authored-By: hmlnarik@redhat.com
2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230
for all added files in the PR, update the copyright header or add it if it was missing
2022-06-21 08:53:06 +02:00
Alexander Schwartz
a109e28be7
moving some functionality around imports
2022-06-21 08:53:06 +02:00
Alexander Schwartz
f89b8c356d
Moving logic to create a user from a representation to the legacy module
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1
Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
...
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()
Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc
Added LegacySessionSupport SPI
...
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded
Avoid using methods on UserCredentialStoreManager
2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6
SingleUserCredentialManager moving in
...
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e
Move User Storage SPI, introduce ExportImportManager
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51
Preparation for moving User Storage SPI
...
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad
Move realms, clients, groups, roles, clientscopes into legacy module
...
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
of direct creating of area providers by the session
2022-06-21 08:53:06 +02:00
Michal Hajas
0719d3e49b
Remove EXPIRATION fields and add expired entities filtering to all queries automatically
...
Closes #12563
2022-06-20 21:45:32 +02:00
vramik
df41f233d5
Introduce unique index for enums stored by storages
...
Closes #12277
2022-06-15 09:12:10 +02:00
Sebastian Schuster
a0c402b93a
11198 added event information to consent granting and revocation via REST API ( #11199 )
2022-06-07 11:29:20 +02:00
Stian Thorgersen
e49e8335e0
Refactor BouncyIntegration ( #12244 )
...
Closes #12243
2022-06-07 09:02:00 +02:00
Michal Hajas
09c0a69a8f
Add HotRod no downtime store for events
...
Closes #9676
2022-06-02 13:30:19 +02:00
Pedro Hos
e121371401
/clients-registrations API doesn't return secret anymore and is not coherent #11116
...
/clients-registrations API doesn't return secret anymore and is not coherent
fixing merge
/clients-registrations API doesn't return secret anymore and is not coherent
fixing test that was failing
Replace tabs with regular spaces
fixing identation
/clients-registrations API doesn't return secret anymore and is not coherent. Closes #11116
fixing test that was failing
2022-05-30 15:18:56 +02:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 ( #11322 )
...
Closes #9945
2022-05-27 12:28:50 +02:00
Michal Hajas
bc59fad85b
Unify way how expirable entities are handled in the new store
...
Closes #11947
2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5
Map storage: Single-use objects (action token)
2022-05-25 16:47:10 +02:00
Pedro Igor
26c87af9f4
Avoiding unnecessary roundtrips to the database when evaluating permissions
...
Closes #12148
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2022-05-25 12:23:15 +02:00
Martin Bartoš
86f31e8df5
Fix BlacklistPasswordPolicyDefaultPath Failures on Windows
...
Fixes #11967
2022-05-24 17:26:19 -03:00
vramik
0c3aa597f9
JPA map storage: test failures after cache was disabled
...
Closes #12118
2022-05-23 13:01:30 +02:00
Michal Hajas
0bda7e6038
Introduce map event store with CHM implementation
...
Closes #11189
2022-05-17 12:57:35 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one
...
Fixes first part of: #11173
* Merge single-use token providers into one
* Remove PushedAuthzRequestStoreProvider
* Remove OAuth2DeviceTokenStoreProvider
* Delete SamlArtifactSessionMappingStoreProvider
* SingleUseTokenStoreProvider cleanup
* Addressing Michal's comments
* Add contains method
* Add revoked suffix
* Rename to SingleUseObjectProvider
2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59
Make sure there is always Realm or ResourceServer when searching for authz entities
...
Closes #11817
2022-05-11 07:20:01 -03:00
Réda Housni Alaoui
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing ( #7943 )
...
Closes #11875
2022-05-09 18:52:22 +02:00
Michal Hajas
6b5c417742
Add HotRod store for authorization services
...
Closes #9679
2022-05-06 15:31:38 +02:00
Dominik Guhr
acd4f5f793
set the standardcharset to UTF-8
...
Closes #10462
2022-05-03 16:14:34 -03:00
vramik
0d83b51b20
Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field
...
Co-authored-by Michal Hajas <mhajas@redhat.com>
Closes #10883
2022-05-03 12:56:27 +02:00
vramik
2ecf250e37
Deletion of all objects when realm is being removed
...
Closes #11076
2022-04-28 11:09:17 +02:00
Hynek Mlnarik
0ce5dfc09c
Remove dependency of map on services
...
Fixes: 8903
2022-04-22 17:27:21 +02:00
Stefan Guilhen
b29b27d731
Ensure code does not rely on a particular format for the realm id or component id
2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature ( #11117 )
...
Closes #9865
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-04-20 14:25:16 +02:00
Pedro Igor
f1fd7af758
Remove policies when user is deleted ( #11385 )
...
Closes #11284
2022-04-20 09:23:46 +02:00
Pedro Igor
b4770c30fd
Fixing NPE when querying resources by type
...
Closes #11137
2022-04-07 15:10:20 -03:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint ( #10887 )
...
* OIDC RP-Initiated logout endpoint
Closes #10885
Co-Authored-By: Marek Posolda <mposolda@gmail.com>
* Review feedback
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
2022-03-30 11:55:26 +02:00
Andrea Peruffo
da5db5a813
Fix NPEs during realm import ( #10962 )
...
Closes #10961
2022-03-29 21:48:37 +02:00
Martin Kanis
e493b08fa7
Add expiration field to root authentication session
2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring
...
Closes : #10447
* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
Alexander Schwartz
fb92b95c33
Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible.
...
This reverts commit bc27c7c464
.
Closes #10840
2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT ( #10784 )
2022-03-22 09:22:48 +01:00
Clara Fang
bc27c7c464
Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
...
Closes #10333
2022-03-18 11:20:52 +01:00
mposolda
9e12587181
Protocol mapper and client scope for 'acr' claim
...
Closes #10161
2022-03-11 09:23:25 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes ( #8730 )
...
Closes #9540
Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
2022-03-10 15:49:25 +01:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation ( #10603 )
...
Closes #10602
2022-03-09 00:05:14 +01:00
rmartinc
48565832d4
[ #10608 ] Password blacklists folder
2022-03-08 08:22:34 -03:00
mposolda
93bba8e338
Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that.
...
Closes #10205
2022-03-08 10:41:05 +01:00