Commit graph

1466 commits

Author SHA1 Message Date
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
mposolda
63673c4328 KEYCLOAK-5569 Added JWE 2017-09-29 13:01:42 +02:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens.
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b Merge pull request #4209 from guitaro/feature/group-search-and-pagination
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
mposolda
ca92bcbf7f KEYCLOAK-5480 Cross-DC setup: Remote cache stores are connecting to Infinispan servers in both datacenters 2017-09-18 18:04:04 +02:00
Oguz Kilcan
6ec5264f20 KEYCLOAK-5416 Migration from 3.2.1 to 3.3.0 doesn't work on MSSQL due to constraint violation (#4461) 2017-09-15 09:56:22 +02:00
Levente NAGY
d18aa44fb4 Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination 2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7 KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache 2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f Merge branch 'master' into feature/group-search-and-pagination 2017-09-13 10:27:38 +02:00
Pedro Igor
90db6654d3 Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00
Levente NAGY
c8c88dd58c KEYCLOAK 2538 - UI group pagination - TU + some code improvement + add mockito dependency 2017-09-12 15:09:08 +02:00
Levente NAGY
db56d82dbd KEYCLOAK 2538 - UI group pagination - fix duplicate result for search + sort result 2017-09-12 11:45:37 +02:00
Marek Posolda
2a1f40d487 Merge pull request #4408 from MarkSchmitt/master
KEYCLOAK-5322: Rewrote delete statement to scale better
2017-09-12 11:14:08 +02:00
Marek Posolda
d636bc2616 Merge pull request #4468 from hmlnarik/KEYCLOAK-4899-Optimize-client-session-writes
KEYCLOAK-4899 Replace updates to user session with temporary auth ses…
2017-09-12 10:42:38 +02:00
Bill Burke
1a74288413 Merge pull request #4458 from vramik/KEYCLOAK-5405
KEYCLOAK-5405 add synchronization of the persistence context when cre…
2017-09-11 18:49:33 -04:00
Hynek Mlnarik
24e9cbb292 KEYCLOAK-4899 Replace updates to user session with temporary auth session 2017-09-11 21:43:49 +02:00
Gabriel Lavoie
bf184e8599 KEYCLOAK-4858: ResourceServer PK change to CLIENT_ID.
- MSSQL needs the index to be dropped before the column.
- Different UPDATE statement format to support MSSQL.
2017-09-11 13:50:58 -04:00
Levente NAGY
2c24b39268 KEYCLOAK 2538 - UI group pagination 2017-09-07 19:39:06 +02:00
fmugrau
998262177f KEYCLOAK-5422: Rewrote statement to scale better 2017-09-07 10:17:22 +02:00
Pedro Igor
f10891b662 [KEYCLOAK-4858] - Migration configuration for resource server pk changes 2017-09-06 11:28:58 -03:00
Gabriel Lavoie
c1664478d9 KEYCLOAK-4858: Slow query performance for client with large data volume
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00
Pedro Igor
9ed5fc5595 [KEYCLOAK-5389] - Invalidating ResourceStore.findByUri cache when creating new resources 2017-09-05 11:45:51 -03:00
vramik
37479a9afe KEYCLOAK-5405 add synchronization of the persistence context when creating a group 2017-09-05 14:34:43 +02:00
vramik
d62164f6f0 KEYCLOAK-5385 add not null constraint for user_entity.not_before (#4446) 2017-09-01 08:57:50 +02:00
vramik
8bfab22417 KEYCLOAK-5049 add explicit removal of groups (#4416) 2017-08-30 08:16:00 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnařík
23560d9e41 KEYCLOAK-5235 Fix JPA update script for MariaDB (#4423) 2017-08-28 08:05:49 +02:00
mposolda
43ce466aa6 KEYCLOAK-5294 Cross-dc working on Wildfly 2017-08-24 18:03:01 +02:00
Pedro Igor
3ff38e22cf [KEYCLOAK-4639] - Invalidating resource query by owner cache 2017-08-23 15:11:48 -03:00
mposolda
fe5891fbdb KEYCLOAK-5293 Add notBefore to user 2017-08-23 08:58:26 +02:00
mark.schmitt
6a28971218 KEYCLOAK-5322: Rewrote delete statement to scale better 2017-08-22 13:15:09 +00:00
mposolda
089514d8a6 KEYCLOAK-4634 Cross-dc support for UserLoginFailures 2017-08-17 10:22:12 +02:00
mposolda
fc777e166c KEYCLOAK-3298 Bit more perf improvement for bulk removal of sessions 2017-08-14 16:17:59 +02:00
mposolda
c4bb29b4bb KEYCLOAK-4187 SessionExpirationCrossDCTest - added tests for user logout and removal 2017-08-14 11:19:07 +02:00
mposolda
868e76fcf3 KEYCLOAK-4630 Added SessionsPreloadCrossDCTest for test preloading sessions and offline sessions. Support for manual.mode to control manually lifecycle of all servers. 2017-08-11 17:44:00 +02:00
mposolda
1289e84cdb KEYCLOAK-4630 Refactor RemoteCacheSessionsLoader to use JS script for preload sessions through more pages 2017-08-11 17:44:00 +02:00
Levente NAGY
c8aa708cff Merge remote-tracking branch 'upstream/master' 2017-08-10 18:14:49 +02:00
mposolda
0f7440d344 KEYCLOAK-4187 Fixes and tests related to sessions expiration and bulk removal in cross-dc environment 2017-08-10 08:29:59 +02:00
mposolda
a72c297d5d KEYCLOAK-4187 Fix LoginCrossDCTest 2017-08-08 14:02:48 +02:00
Hynek Mlnarik
9ca72dc5c6 KEYCLOAK-4189 Improve logging and concurrency/cross-DC testing 2017-08-08 10:11:51 +02:00
Hynek Mlnarik
80177e8712 KEYCLOAK-4187 Include version when marshalling UserSessionEntity 2017-08-08 10:11:51 +02:00
Hynek Mlnarik
125b178297 KEYCLOAK-4187 Fix warnings 2017-08-08 10:11:51 +02:00
mposolda
251b41a7ac KEYCLOAK-4187 Fix LastSessionRefreshCrossDCTest and ConcurrentLoginCrossDCTest 2017-08-07 11:55:49 +02:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
Pedro Igor
6865b4bbb1 [KEYCLOAK-4808] - Import large authz settings a bit faster 2017-07-06 18:22:13 -03:00
Pedro Igor
65251748c7 [KEYCLOAK-5148] - Create authorization settings when creating a new client using a config file 2017-07-05 18:19:00 -03:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Léventé NAGY
1a50e77a4d Merge branch 'master' into feature/group-search-and-pagination 2017-06-26 20:36:36 +02:00
Bill Burke
bc05560d4d Merge remote-tracking branch 'upstream/master' 2017-06-26 11:41:12 -04:00
Stian Thorgersen
1c10199698 Merge pull request #4252 from hmlnarik/KEYCLOAK-5078-ConcurrencyTest-fails-intermittently
KEYCLOAK-5078 ConcurrencyTest fails intermittently
2017-06-26 12:48:37 +02:00
Hynek Mlnarik
955cbc76d7 KEYCLOAK-5030 Change action tokens cache type to distributed 2017-06-26 10:11:53 +02:00
Bill Burke
3ee86fedc7 Merge remote-tracking branch 'upstream/master' 2017-06-23 09:57:35 -04:00
Hynek Mlnarik
8f9ed32a66 KEYCLOAK-5078 ConcurrencyTest fails intermittently
This commit fixes 401 Unauthorized issues
2017-06-23 15:16:23 +02:00
Léventé NAGY
41d8d17062 Merge branch 'master' into feature/group-search-and-pagination 2017-06-22 17:41:30 +02:00
Levente NAGY
124bf43a27 [KEYCLOAK-2538] - groups count for pagination 2017-06-22 17:32:38 +02:00
Bill Burke
d08ddade2e merge 2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc removal 2017-06-21 17:42:57 -04:00
mposolda
fc61a4e89f KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model 2017-06-21 22:14:20 +02:00
Marek Posolda
be5291f710 Merge pull request #4242 from mposolda/master
KEYCLOAK-4438 Disable kerberos flow when provider removed
2017-06-21 11:54:50 +02:00
mposolda
e91dd011c5 KEYCLOAK-4438 Disable kerberos flow when provider removed 2017-06-21 09:38:20 +02:00
Hynek Mlnarik
2e2d15be9f KEYCLOAK-4189 Infinispan cache and channel statistics for Cross-DC-testing 2017-06-20 12:48:08 +02:00
Pedro Igor
6202222da4 Merge pull request #4221 from pedroigor/KEYCLOAK-5051
[KEYCLOAK-5051] - Invalidate authz cache when realm cache is cleared
2017-06-14 07:53:46 -03:00
Pedro Igor
473065fd31 [KEYCLOAK-5051] - Invalidate authz cache when realm cache is cleared 2017-06-12 12:29:21 -03:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
Pedro Igor
84d2d7b431 Missing invalidation for some queries cache 2017-06-08 18:09:44 -03:00
Levente NAGY
f377a45c4e [KEYCLOAK-2538] - groups count for pagination limits 2017-06-07 20:52:22 +02:00
Levente NAGY
c4da7637d6 [KEYCLOAK-2538] - groups pagination and group search 2017-06-06 18:32:48 +02:00
Bill Burke
b9f7a43a72 group permissions 2017-06-01 20:16:35 -04:00
Stian Thorgersen
684689d40d Merge pull request #3561 from glavoie/KEYCLOAK-3990
KEYCLOAK-3990: Very slow use of NamedQueries.
2017-05-29 09:39:39 +02:00
Pedro Igor
554e692d8f Merge pull request #4171 from pedroigor/KEYCLOAK-4913
[KEYCLOAK-4913] - Caching more query methods
2017-05-23 17:40:51 -03:00
Pedro Igor
1d5bd2567e [KEYCLOAK-4913] - Caching more query methods 2017-05-23 16:13:20 -03:00
Gabriel Lavoie
e59aeb56cc KEYCLOAK-3990: Very slow use of NamedQueries.
- Generates too many auto-flush checks by Hibernate.
- Moved to collections mapping to allow batching and the use of Hibernate L2 cache.
2017-05-23 08:09:39 -04:00
Stian Thorgersen
e3a04ebd90 Merge pull request #3557 from glavoie/KEYCLOAK-3988
KEYCLOAK-3988: Multiple missing indexes on FKs.
2017-05-23 14:07:51 +02:00
Pedro Igor
37a98fba20 [KEYCLOAK-4913] - Caching more query methods 2017-05-22 19:08:24 -03:00
Bill Burke
ab763e7c5b fixes after merge 2017-05-19 15:54:36 -04:00
mposolda
e2a7b71cf3 KEYCLOAK-4939 ConcurrentLoginTest broken in latest master 2017-05-19 14:00:52 +02:00
Bill Burke
2cac8b1bb7 KEYCLOAK-4929 2017-05-18 16:53:31 -04:00
Bill Burke
c291748f43 KEYCLOAK-4929 2017-05-18 16:48:04 -04:00
mposolda
c178a2392d KEYCLOAK-4907 Fix postgresql and mssql. Fix migration 2017-05-17 22:44:44 +02:00
Gabriel Lavoie
4581272dcd KEYCLOAK-3988: Multiple missing indexes on FKs. 2017-05-15 08:15:58 -04:00
Marek Posolda
70d7e07526 Merge pull request #4132 from mposolda/cross-dc4-squash
KEYCLOAK-4626 KEYCLOAK-4627 Authentication sessions & Action tokens
2017-05-15 12:46:43 +02:00
Pedro Igor
d824b4d93c Changing cache key for findByResource 2017-05-12 10:25:06 -03:00
Pedro Igor
7569493b17 Invalidating cache for findByowner 2017-05-12 10:23:54 -03:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
mposolda
db8b733610 KEYCLOAK-4626 Fix TrustStoreEmailTest and PolicyEvaluationCompositeRoleTest. Distribution update 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01 KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes 2017-05-11 22:16:26 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
Pedro Igor
e14be4460b [KEYCLOAK-4867] - Cluster events and invalidations 2017-05-05 22:48:51 -03:00
Stian Thorgersen
8da766e02e Merge pull request #4104 from sjvs/master
Fix three lgtm.com alerts: two possible NPEs, one possible int overflow
2017-05-05 13:13:02 +02:00
Bill Burke
af792b8abe fix 2017-04-29 17:03:36 -04:00
Bill Burke
1f4311a02c KEYCLOAK-4821 2017-04-29 10:41:32 -04:00
Bas van Schaik
eb93eef874 Fix lgtm.com alert: variable 'config' is always null (likely false logic)
Details:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/dist-7900299-1490802114895/files/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserCredentialStore.java#V122
2017-04-28 14:50:30 +01:00
Eriksson Fabian
ca1152c3e5 KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
mposolda
8000baeb1f KEYCLOAK-4789 Can't remove userStorage when linked users have consent 2017-04-25 11:32:26 +02:00
Stian Thorgersen
54ee055bd8 KEYCLOAK-4671 Add server-private-spi to dependency deployer 2017-04-25 10:16:24 +02:00
mposolda
d05a894831 KEYCLOAK-4326 KEYCLOAK-4588 Can't get granted consents if client template mappers were consented to 2017-04-24 15:44:38 +02:00
mposolda
1fd5af840b KEYCLOAK-4525 Deleting a client with existing sessions/offline_tokens leads to Internal Server Errors 2017-04-24 11:24:09 +02:00
Pedro Igor
bf69bc94bb [KEYCLOAK-4754] - Unable to delete realm when using aggregated policies 2017-04-20 12:10:52 -03:00
Pedro Igor
8e877a7f6c [KEYCLOAK-3135] - More tests 2017-04-12 14:34:27 -03:00
Pedro Igor
eec712a259 [KEYCLOAK-3135] - Role and user policies apis 2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c [KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests 2017-04-12 00:52:13 -03:00
Pedro Igor
55f747ecd0 [KEYCLOAK-3135] - Part 1: Permission Management API 2017-04-12 00:52:13 -03:00
Pedro Igor
1f50421a54 [KEYCLOAK-4726] - Multiple role policies crash realm delete 2017-04-06 12:36:03 -03:00
Jared Blashka
61bd9bb58c Fix CachePolicy.MAX_LIFESPAN invalidation 2017-03-20 22:56:35 -04:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Johannes Knutsen
9a0de676c4 KEYCLOAK-4559 Filter users by realm id when searching for user by user attribute 2017-03-14 11:05:12 +01:00
Pedro Igor
e7e6314146 [KEYCLOAK-4555] - Fixes and improvements to evaluation code 2017-03-13 14:08:54 -03:00
Stian Thorgersen
e7cd8d41c6 Merge pull request #3558 from glavoie/KEYCLOAK-3989
KEYCLOAK-3989: Replacing COMPOSITE_ROLE Collection with Set.
2017-03-10 12:00:59 +01:00
Bill Burke
efffcc5f41 Merge pull request #3915 from TeliaSoneraNorge/KEYCLOAK-4524
KEYCLOAK-4524
2017-03-08 10:08:04 -05:00
Martin Hardselius
a0a85f62c6 KEYCLOAK-4524 possible to add identity prover mappers with same name into single identity provider
- unique name enforcement working
- test added
2017-03-03 16:40:49 +01:00
Bill Burke
3bb29e033b KEYCLOAK-4501, KEYCLOAK-4511, KEYCLOAK-4513 2017-03-03 09:48:52 -05:00
Stian Thorgersen
49ac3587b6 KEYCLOAK-4384 Remove Mongo support 2017-02-15 15:20:58 +01:00
Bill Burke
d9633dc20c Merge remote-tracking branch 'upstream/master' 2017-02-09 09:13:00 -05:00
Bill Burke
cf5e2a1d20 unlink/remoteimported 2017-02-08 19:48:22 -05:00
Stian Thorgersen
1c7de24084 Merge pull request #3832 from stianst/KEYCLOAK-4370
KEYCLOAK-4370 Prevent LDAP provider from being migrated twice
2017-02-06 08:21:30 +01:00
Stian Thorgersen
f73aaef67a KEYCLOAK-4370 Prevent LDAP provider from being migrated twice 2017-02-03 10:05:57 +01:00
Bill Burke
0d308e2b69 KEYCLOAK-4218 2017-01-31 15:15:49 -05:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
mposolda
e487db349c KEYCLOAK-4274 Fix recursive composite role mappings 2017-01-23 17:55:45 +01:00
Stian Thorgersen
99e1eac094 Merge pull request #3775 from hmlnarik/KEYCLOAK-2847-Unexpected-error-when-trying-to-update-clientTemplate-to-already-existing-name
KEYCLOAK-2847 Fix exception convertor for Wildfly
2017-01-23 13:00:58 +01:00
Stian Thorgersen
7410bdb31c Merge pull request #3756 from mstruk/KEYCLOAK-3657
KEYCLOAK-3657 Role id is not preserved during import-export operation
2017-01-23 09:59:02 +01:00
Hynek Mlnarik
13e4f607ad KEYCLOAK-2847 Fix exception convertor for Wildfly 2017-01-19 18:11:51 +01:00
Bill Burke
73d3e8afd9 Merge pull request #3770 from patriot1burke/master
KEYCLOAK-4077
2017-01-19 07:35:10 -05:00
Bill Burke
8daa2c3703 KEYCLOAK-4256 2017-01-18 18:28:08 -05:00
Pedro Igor
c19360c6f2 [KEYCLOAK-4203] - Removing references to Drools 2017-01-18 12:44:30 -02:00
Marko Strukelj
7de999a7f9 KEYCLOAK-3657 Role id is not preserved during import-export operation 2017-01-13 17:46:30 +01:00
Bill Burke
aa78c9eaf5 Merge pull request #3666 from hmlnarik/KEYCLOAK-4072-User-ID-from-User-Storage-Provider-too-long-for-Offline-User-Session
KEYCLOAK-4072 Add explicit check for key format
2017-01-13 09:39:45 -05:00
mposolda
9a6f202c46 KEYCLOAK-4137 Significant performance lag in 'get client role by role name' 2017-01-12 11:55:58 +01:00
mposolda
7098daaf72 KEYCLOAK-4066 TimeoutException in cluster environment in ClearExpiredSessions 2017-01-11 12:27:51 +01:00
Bill Burke
d075172fd2 KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118 2017-01-09 17:14:20 -05:00
Stian Thorgersen
8a0859fcba Merge pull request #3700 from stianst/KEYCLOAK-2980
KEYCLOAK-2980 Fix admin query for resource path
2017-01-04 07:01:19 +01:00
Stian Thorgersen
b7c98ed433 KEYCLOAK-2980 Fix admin query for resource path 2017-01-03 10:34:21 +01:00
Stian Thorgersen
1c0e204f50 Merge pull request #3690 from stianst/master
Bump version to 2.5.1.Final-SNAPSHOT
2017-01-02 08:52:04 +01:00
mposolda
b5317f3485 RHSSO-377 Added reproducer unit test L1SerializationIssueTest 2016-12-22 11:41:10 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Pedro Igor
85446c3b46 Merge pull request #3688 from pedroigor/KEYCLOAK-4125
[KEYCLOAK-4125] - Fixing when running in a cluster
2016-12-21 20:34:10 -02:00
Pedro Igor
df7a68b709 [KEYCLOAK-4125] - Fixing when running in a cluster 2016-12-21 20:04:08 -02:00
mposolda
c998198aac KEYCLOAK-4128 ResourcePermissionManagementTest fails on Oracle DB 2016-12-21 13:01:37 +01:00
Stian Thorgersen
663b99d884 KEYCLOAK-4127
Temporarily disable cache for authorization services as it breaks clustering
2016-12-21 08:36:24 +01:00
Hynek Mlnarik
66eb9095c1 KEYCLOAK-4122 2016-12-20 20:28:13 +01:00
mposolda
96f2985e86 Fix StackOverflowError on Mongo 2016-12-20 12:21:21 +01:00
mposolda
aee8398ee8 KEYCLOAK-4072 Minor update 2016-12-20 11:42:24 +01:00
Bill Burke
8b5aafc4b4 KEYCLOAK-4072 2016-12-20 09:42:43 +01:00
Pedro Igor
c9c8acd029 [KEYCLOAK-4034] - Invalidating policy cache when creating resources and scopes 2016-12-19 20:28:49 -02:00
Pedro Igor
40591cff25 Merge pull request #3662 from pedroigor/KEYCLOAK-4034
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
5cf5168770 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 16:48:16 -02:00
Marek Posolda
c6363aa146 Merge pull request #3630 from sldab/duplicate-email-support
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 15:37:18 +01:00
Pedro Igor
c9c9f05e29 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 11:22:37 -02:00
Stian Thorgersen
3bd3d0285d Merge branch 'duplicate-groups' of https://github.com/ssilvert/keycloak into ssilvert-duplicate-groups 2016-12-19 13:07:39 +01:00
Hynek Mlnarik
3e3216fb23 KEYCLOAK-4072 Add explicit check for key format 2016-12-19 11:01:45 +01:00
Slawomir Dabek
93cec9b3ee KEYCLOAK-4059 Support for duplicate emails 2016-12-19 10:55:12 +01:00
Bill Burke
9b18601102 KEYCLOAK-3973 2016-12-07 16:10:33 -05:00
Bill Burke
223cc1fb50 KEYCLOAK-3973 2016-12-07 12:56:03 -05:00
Bill Burke
77d17de14d Merge pull request #3611 from patriot1burke/master
KEYCLOAK-3620
2016-12-06 08:18:36 -05:00
Marek Posolda
3826e933c1 Merge pull request #3609 from hmlnarik/KEYCLOAK-3439-database-encoding
KEYCLOAK-4026 - Workaround for liquibase error in MySQL/MariaDB
2016-12-06 10:25:08 +01:00
Marek Posolda
c8b22e71f0 Merge pull request #3573 from glavoie/KEYCLOAK-4003
KEYCLOAK-4003: Slow Infinispan RoleAdapter.hasRole() call.
2016-12-06 09:49:42 +01:00
Bill Burke
6587cd2478 KEYCLOAK-3620 2016-12-05 17:51:06 -05:00
Hynek Mlnarik
819105c3aa KEYCLOAK-4026 - Workaround for liquibase error in MySQL/MariaDB 2016-12-05 16:48:52 +01:00
Gabriel Lavoie
32c23c2410 KEYCLOAK-4002: realmRevisions cache too small with high number of realms.
- Increased the hardcoded default value to help running master with high number of realms.
- Added a value computation based on the realms cache max size (to match the userRevisions cache configuration pattern).
- Computed revisions cache size is now 2 times the configured maximum cache size.
- Added a maximum realms cache size configuration to the different standalone.xml templates.
- Added a missing users cache size configuration to standalone.xsl.
2016-12-05 08:07:24 -05:00
Bill Burke
e8f2527fcd Merge pull request #3555 from vramik/KEYCLOAK-3977
KEYCLOAK-3977 fix logicalFilePath for jpa-changelog-1.0.0.Final-db2.xml
2016-12-03 13:44:54 -05:00
Bill Burke
305dcb2b1e Merge pull request #3552 from hmlnarik/KEYCLOAK-3439-database-encoding
KEYCLOAK-3439, KEYCLOAK-3893, KEYCLOAK-3894 - Support for Unicode
2016-12-03 13:44:10 -05:00
Bill Burke
54758b800b Merge pull request #3585 from abstractj/KEYCLOAK-4011
[KEYCLOAK-4011] - Integrity constraint error when try to delete SSSD Federation Provider
2016-12-03 13:37:36 -05:00
Bill Burke
88d08c4f38 component query and remove provider alis fix 2016-12-03 11:34:48 -05:00
Bill Burke
672e1b3575 oops 2016-12-02 20:14:01 -05:00
Bill Burke
ce50b0ed29 Merge remote-tracking branch 'upstream/master' 2016-12-02 19:26:34 -05:00
Bill Burke
e88af874ca finish 2016-12-02 19:25:17 -05:00
Bruno Oliveira
e7dd49b453 [KEYCLOAK-4011] - Integrity constraint error when try to delete SSSD Federation Provider 2016-12-02 06:52:29 -02:00
Hynek Mlnarik
46d3555798 KEYCLOAK-3439, KEYCLOAK-3893, KEYCLOAK-3894 - Support for Unicode
Treatment of Unicode characters varies among databases. This change
adds support for Unicode characters in the following fields:

* Realms: display name, HTML display name
* Users: username, given name, last name, attribute values
* Groups: name, attribute values
* Components: attribute values
* Roles: name
* Descriptions of objects

Unicode support for the rest of the fields depends on database vendor
and is described in the installation guide in more detail.
2016-12-01 17:23:58 +01:00
Gabriel Lavoie
6fa504489f KEYCLOAK-4003: Slow Infinispan RoleAdapter.hasRole() call.
- Added a session/query cache for the result getComposites() to avoid always hitting the Infinispan cache.
- KeycloakModelUtils doesn't rely anymore on a "visited" set as performance seems good without it.
- Added test for multiple levels of composite roles. Only one level was covered.
2016-11-30 10:56:26 -05:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
mposolda
ec49d10007 KEYCLOAK-3997 InfinispanKeyStorageProviderTest was failing 2016-11-30 08:38:35 +01:00
Bill Burke
b33afcd47c KEYCLOAK-3903 KEYCLOAK-3960 2016-11-29 16:43:06 -05:00
Gabriel Lavoie
4910b35d69 KEYCLOAK-3989: Replacing COMPOSITE_ROLE Collection with Set.
- Hibernate optimization that avoids deleting/re-inserting all composite roles when adding/removing a composite.
2016-11-28 09:43:05 -05:00
mposolda
69ce1e05f0 KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected 2016-11-28 15:27:25 +01:00
Vlasta Ramik
8d3136188d KEYCLOAK-3977 fix logicalFilePath for jpa-changelog-1.0.0.Final-db2.xml 2016-11-28 14:52:09 +01:00
mposolda
7c6032cc84 KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite 2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70 remove User Fed SPI 2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf remove realm UserFed SPI methods 2016-11-23 08:31:20 -05:00
Bill Burke
045d6ef1d0 Merge remote-tracking branch 'upstream/master' 2016-11-22 11:28:09 -05:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
Bill Burke
50fc083d97 fix migration scripts 2016-11-21 11:43:09 -05:00
Bill Burke
798fd84698 Merge remote-tracking branch 'upstream/master' 2016-11-21 11:33:52 -05:00
Bill Burke
19575b2c8f port kerberos 2016-11-21 11:33:44 -05:00
mposolda
6df7a80352 KEYCLOAK-3931 Fix Mongo to have LDAP tests pass 2016-11-21 11:25:18 +01:00
mposolda
da52a5c9cf KEYCLOAK-3930 KEYCLOAK-3931 LDAP and Mongo fixes 2016-11-18 20:02:02 +01:00
mposolda
76bfbad2c4 KEYCLOAK-3895 Make UserSessionProvider and UserSessionPersisterProvider to rely on UserRemovedEvent callbacks 2016-11-18 15:58:33 +01:00
Stian Thorgersen
7043ecc21b KEYCLOAK-3881 Fix login status iframe with * origin 2016-11-18 12:50:52 +01:00
mposolda
a27be0cee7 KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches. 2016-11-16 22:29:23 +01:00
Bill Burke
8794416241 fix db2 2016-11-14 16:22:30 -05:00
Bill Burke
cc0eb47814 merge 2016-11-14 15:09:41 -05:00
Bill Burke
c280634bfa fix tests 2016-11-14 15:06:17 -05:00
Hynek Mlnarik
223041bc6b KEYCLOAK-3734 Unify master changelog of DB2 and other databases 2016-11-14 15:19:54 +01:00
Bill Burke
4ce055cede mongo ldap migration script 2016-11-11 09:06:25 -05:00
Bill Burke
8a5f817030 ldap jpa migration 2016-11-10 16:52:18 -05:00
Stian Thorgersen
7e33f4a7d1 KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private 2016-11-10 13:28:42 +01:00
Stan Silvert
80b071024f KEYCLOAK-2720: Add unique constraint 2016-11-08 15:05:19 -05:00
Bill Burke
14dc0ff92f Merge remote-tracking branch 'upstream/master' 2016-11-05 20:05:01 -04:00
Bill Burke
4302b440ee ldap port 2016-11-05 20:04:53 -04:00
Bill Burke
c75dcb90c2 ldap port 2016-11-04 21:25:47 -04:00
Pedro Igor
4bf5da8fac Merge pull request #3371 from brewers/bug/cache-dynamic-resource
KEYCLOAK-3752 : Include programmatically created resources in the resource cache
2016-11-02 07:19:04 -02:00
Stian Thorgersen
3d46b4c425 KEYCLOAK-3667 2016-10-28 08:43:24 +02:00
Bill Burke
b67cb0e97a Merge remote-tracking branch 'upstream/master' 2016-10-25 11:44:22 -04:00
Bill Burke
3e28ac1e46 user spi cache policy 2016-10-24 15:36:37 -04:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Bill Burke
fd86f3bda8 Merge pull request #3399 from patriot1burke/master
realm cache event
2016-10-20 14:02:41 -04:00
Stian Thorgersen
390becb935 Merge pull request #3394 from hmlnarik/KEYCLOAK-3769
KEYCLOAK-3769 Workaround for ChangeLogService stale instance
2016-10-20 19:43:24 +02:00
Bill Burke
139158e614 fix 2016-10-20 12:36:24 -04:00
mposolda
c4ad84945c KEYCLOAK-3773 Testsuite failing with mongo 2016-10-20 17:47:34 +02:00
Bill Burke
36c2422fa4 realm cache event 2016-10-20 10:35:28 -04:00
Hynek Mlnarik
d59f6e397f KEYCLOAK-3769 Workaround for ChangeLogService stale instance
Before applying update or validation operation, Liquibase
ChangeLogService needs to be reset to forget about previously set
change log table. Reason is that the factory creating the
ChangeLogService caches this service per DB connection, not per
Liquibase object, hence changes in name of change log table needed for
custom JpaEntityProvider are not reflected and use only the first
change log table name, i.e. the change log table of the main database.
2016-10-20 14:57:51 +02:00
Bill Burke
cdf7dd3a6c Merge pull request #3372 from patriot1burke/master
onCreate for Components
2016-10-19 16:21:20 -04:00
mposolda
3779bfb6b4 KEYCLOAK-3666 client registration policies - polishing 2016-10-19 17:45:23 +02:00
Bill Burke
fdb8c04ac9 Merge remote-tracking branch 'upstream/master' 2016-10-19 10:06:48 -04:00
Bill Burke
46e32b36d2 onCreate for Components 2016-10-19 10:06:09 -04:00
Hynek Mlnarik
49d3d3f6e3 KEYCLOAK-3698 Manual migration - custom JpaEntityProvide changelog table
Reflect in the SQL script that custom JpaEntityProviders have their
own changelog tables, and issue DDL commands to create them when
initializing a new database.
2016-10-19 12:08:14 +02:00
Cherian Mathew
2bba6af6d9 Include programmatically created resources in the resource cache 2016-10-19 11:04:22 +02:00
Bill Burke
d941e07169 Merge pull request #3350 from patriot1burke/master
federated import/export to json
2016-10-18 14:15:25 -04:00
Stian Thorgersen
a87c08416d Merge pull request #3346 from hmlnarik/KEYCLOAK-3588
KEYCLOAK-3698 Make manual update scripts play nicely with custom JpaEntityProviders
2016-10-18 19:41:02 +02:00
Bill Burke
2199df71bf Merge remote-tracking branch 'upstream/master' 2016-10-18 10:14:00 -04:00
Bill Burke
4182e4d92a federated import/export 2016-10-18 10:13:51 -04:00
Marek Posolda
940237ee78 Merge pull request #3304 from hmlnarik/KEYCLOAK-2964
KEYCLOAK-2964 - Fix groups not applied for authentication of admin operations
2016-10-18 14:50:12 +02:00
Hynek Mlnarik
658988ccd0 KEYCLOAK-3588 Make manual update scripts play nicely with custom JpaEntityProviders 2016-10-18 13:59:24 +02:00
Marek Posolda
386bf8d39e Merge pull request #3344 from hmlnarik/KEYCLOAK-3732
KEYCLOAK-3732 Include 2.3.0 DB changelog for DB2
2016-10-18 10:29:01 +02:00
Hynek Mlnarik
2ea93b8a8b KEYCLOAK-3732 Include 2.3.0 DB changelog for DB2 2016-10-18 09:53:27 +02:00
Hynek Mlnarik
9df3091b22 KEYCLOAK-3588 Update comment with related KC issue 2016-10-18 08:17:18 +02:00
Stian Thorgersen
06ad1537c8 Merge pull request #3323 from hmlnarik/KEYCLOAK-3639
KEYCLOAK-3639 Drop default value that prevents MSSQL update
2016-10-17 19:40:05 +02:00
Stian Thorgersen
3b2f7630bb Merge pull request #3320 from hmlnarik/KEYCLOAK-3698
KEYCLOAK-3698: Add creation of DB changelog to SQL script
2016-10-17 18:55:45 +02:00
Stian Thorgersen
7c09b0c7b4 Merge pull request #3319 from hmlnarik/KEYCLOAK-3588
KEYCLOAK-3588: DB up-to-date check should not modify DB
2016-10-17 18:54:59 +02:00
Geir Ole Hiåsen Stevning
95f62c6aeb KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent 2016-10-17 13:53:12 +02:00
mposolda
18e0c0277f KEYCLOAK-3666 Dynamic client registration policies 2016-10-14 20:20:40 +02:00
Hynek Mlnarik
8bdd8f4274 KEYCLOAK-3639 Drop default value that prevents MSSQL update 2016-10-14 17:51:35 +02:00
Hynek Mlnarik
f256e2b102 KEYCLOAK-3588: DB up-to-date check should not modify DB
The DB up-to-date check uses Liquibase.listUnrunChangeSets() that in
its available variants unconditionally creates a DatabaseChangeLog
tables. Until the variant of listUnrunChangeSets() that suppresses this
behaviour is made public [1] (currently it is protected), workaround
has been implemented that invokes less invasive variant of
listUnrunChangeSets() via reflection.

[1] https://liquibase.jira.com/browse/CORE-2919
2016-10-14 14:29:01 +02:00
Hynek Mlnarik
3d47ab3665 KEYCLOAK-3698: Add creation of DB changelog to SQL script
Creation of database table DatabaseChangeLog was omitted from SQL
script which prevented creation of the database from scratch. The fix
adds DDL commands to create the table to the output SQL script in case
of empty database initialization.

Please note that DatabaseChangeLogLock is intentionally omitted. It is
created automatically before the update is even executed because a lock
is acquired (thus the table is properly created if it does not exist)
before check for up-to-dateness of database and potential migration in
KeycloakApplication constructor.
2016-10-14 14:27:07 +02:00
Bill Burke
8c8a39c833 sync and import 2016-10-13 20:49:02 -04:00
Bill Burke
0938390654 sync and import 2016-10-13 20:38:49 -04:00
Hynek Mlnarik
6578ce73a1 KEYCLOAK-3697: Evaluate preconditions when generating SQL script
Plus minor related change - replace deprecated call with equivalent
supported, add javadoc

Further info:
* http://forum.liquibase.org/topic/unexpected-behaviour-of-preconditions-with-updatesql
* http://stackoverflow.com/questions/17671923/liquibase-migrate-sql-does-not-check-precondtions
2016-10-13 13:00:33 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Hynek Mlnarik
03cf9bad2e KEYCLOAK-2964 - Fix groups not applied for authentication of admin operations 2016-10-11 15:21:38 +02:00
Bill Burke
c5600e888d revactor CredentialValidationOutput apis 2016-10-04 17:26:45 -04:00
Bill Burke
4af0976194 remove UserCredValueModel and hold hash providers 2016-10-04 12:34:15 -04:00
Marek Posolda
c32cf51808 Merge pull request #3254 from didiez/master
KEYCLOAK-3608 Update existing user single attribute removes all other attributes from user
2016-10-04 08:43:22 +02:00
mposolda
0f9798a10d KEYCLOAK-3493 KEYCLOAK-3532 Renamed KeyStorageProvider to PublicKeyStorageProvider 2016-10-03 15:23:50 +02:00