libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
24407 commits 4 branches 5 tags 480 MiB
Commit graph

2258 commits

Author SHA1 Message Date
vramik
d962dec954 Remove workaround for Lazy initialization of Realm's collections 
Closes #19069
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
b508b18391 Removing workaround for H6 as this is now fixed 
This reverts commit c74b832995759d4c9f330a4ba1767d01f9e3c174.

Closes #16551
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
e00af7e172 Fix problem when Hibernate on MySQL is confused to read back Enums from VARCHARs 
It treated the single byte String with its ASCII values, which then didn't find a representation in the enum's values, which lead to a "ArrayIndexOutOfBoundsException: Index 48" for a value "0" (ASCII 48).
This behavior changed when migrating from Hibernate 5 to Hibernate 6.
Hibernate expects a TinyInt value for all Enums by default, and this annotation overrides it.
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
b7d5b6a135 Fix problem when Hibernate exception is hidden when executing "ClientScopeTest". 
This behavior changed when upgrading to Hibernate 6
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
16d4c732e0 Fix problem with "InterpretationException: Error interpreting query / this may indicate a semantic (user query) problem or a bug in the parser" 
This behavior changed when upgrading from Hibernate 6.2.0.CR3 to 6.2.0.CR4
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
b68a5be38d Workaround to avoid replacing element collections 
Relates to #19162
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
2762e17dc0 Create proper one-to-many in RealmLocalizationTextsEntity 
This avoids Hibernate 6.2.0.CR4 to fail with 'BasicValue cannot be cast to class ToOne'.
It used to work on Hibernate 6.2.0.CR3.
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
ad82252a44 Create workaround for "identifier of an instance altered" 
Related to: #19323
 2023-04-27 13:36:54 +02:00
Martin Bartoš
9719e1d210 Handle DB exceptions for JTA TX 2023-04-27 13:36:54 +02:00
Alexander Schwartz
5252992384 Workaround to avoid replacing element collections 
Relates to #19162
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
28975b950d Workaround for lazy loaded collections for RealmEntity 
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
8584174099 Change default DB dialects 2023-04-27 13:36:54 +02:00
Peter Zaoral
181c8a5340 Quarkus3 branch sync no. 11 
24.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed the metadata field's Type annotation

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
vramik
ae56c657b0 JpaMapStorageProviderFactory should use AvailableSettings.JAKARTA... properties 
Closes #17077
 2023-04-27 13:36:54 +02:00
Peter Zaoral
946eacd5b6 Quarkus3 branch sync no. 5 
10.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
vramik
7b51d8617d Remove one side of association which is not used. 
Closes #16693
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
434cc7c711 Fix errors pointed out by Hibernate 6 in the queries 
Closes #16337
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
4bdf2fe21d Fixing parameter which should be a string plus dependencies 
Closes #16649
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
80f7452950 Results of AttributeConverters are mutable; workaround a regression in H6 
Relates to #16551
 2023-04-27 13:36:54 +02:00
vramik
b55be98115 Fix JpaClientModelCriteriaBuilder when querying by ALWAYS_DISPLAY_IN_CONSOLE with H6 2023-04-27 13:36:54 +02:00
Hynek Mlnarik
4189edc9f1 Fix dependency 
Fixes: #16538
 2023-04-27 13:36:54 +02:00
vramik
60e6fb9dae Register custom functions FunctionContributor 
Closes #16336

---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
33e2bcd94f Avoid warnings on bean validation as we don't use it in JPA 
Closes #16502

---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
 2023-04-27 13:36:54 +02:00
Hynek Mlnarik
386c58c78b Use proper @Type annotation for JSON type 
Fixes: #16335
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/client/entity/JpaClientEntity.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/clientScope/entity/JpaClientScopeEntity.java - Modified
 2023-04-27 13:36:54 +02:00
Peter Zaoral
4ff2de7f46 Quarkus3 branch sync 
18.1.2023:
* applied Quarkus 3 OpenRewrite recipe
* fixed the parts that were missed by the script

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
9d217d66a0 Align code with H6 DefaultAutoFlushEventListener 
This is taken from Version 6.1.6

Closes #16334
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
137a2bf0e9 Remove functionality not supported in Hibernate 6 
Closes #16330
 2023-04-27 13:36:54 +02:00
Martin Bartoš
124591ce1a Adapters can still use Java EE 
- Provided all JavaEE dependencies for adapters
- Automatically build Undertow Jakarta EE for testsuite (missing SAML)
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Stefan Guilhen
3111ef0085 Map Storage JPA fixes 
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
 2023-04-27 13:36:54 +02:00
Stefan Guilhen
384d7c17f7 - Fix issues in legacy store 
- Testsuite (switch undertow-embedded.version)
 2023-04-27 13:36:54 +02:00
Martin Bartoš
cecd059af2 WiP - Resolve failure with JakartaEE Tx and Infinispan/HotRod 
---
Quarkus3 branch sync #1 (18.1.2023)
Resolved conflicts:
keycloak/quarkus/runtime/pom.xml - Modified
keycloak/quarkus/pom.xml - Modified
keycloak/quarkus/deployment/pom.xml - Modified
 2023-04-27 13:36:54 +02:00
Stefan Guilhen
e505021681 Model upgrade Hibernate/JPA 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/client/entity/JpaClientEntity.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/clientScope/entity/JpaClientScopeEntity.java - Modified
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/hibernate/dialect/JsonbPostgreSQL95Dialect.java - Modified
 2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.* 
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
 2023-04-27 13:36:54 +02:00
Alexander Schwartz
7562f8ec6e Rewrite changelog SQL to make it work on Oracle 
Closes #19841
 2023-04-24 13:30:16 +02:00
Hynek Mlnarik
68b3c87666 Support for realm-less entities in providers (login failures) 
Closes: #19818
 2023-04-20 21:19:41 +02:00
rmartinc
5a3b8ee577 Avoid adding post.logout.redirect.uris if already defined as client attributes 
Closes https://github.com/keycloak/keycloak/issues/16992
 2023-04-19 10:48:17 +02:00
Alexander Schwartz
8f4c721a7d Fix half-initialized EMF for JPA Map Storage 
Closes #19741
 2023-04-17 09:58:54 +02:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts 
Closes #17359
 2023-04-16 17:41:22 +02:00
Michal Hajas
b730d861e7
Refactor map storage transaction initialization 
* Refactor transaction to be enlisted in MapStorageProvider instead of area provider

* Make KeycloakTransaction methods optional for MapKeycloakTransaction

* Remove MapStorage interface that contained only createTransaction method

* Rename *MapStorage to *CrudOperations

* Adjust File store to new structure

* Rename MapKeycloakTransaction to MapStorage

* Rename getEnlistedTransaction to getMapStorage in AbstractMapProviderFactory

* Rename variables tx and transaction to store

* Add createMapStorageIfAbsent to JpaMapStorageProvider

* Update JavaDoc

Co-authored-by:  Hynek Mlnarik <hmlnarik@redhat.com>
 2023-04-12 11:21:14 +02:00
Martin Kanis
37af5fbffe Introduce optimistic locking for HotRod storage 
Closes #15402
 2023-04-11 09:33:01 +02:00
Stefan Guilhen
ad3b264088 Introduce last modified time validation 
- Also fixes commit/rollback logic to prevent deletion of wrong files on rollback

Closes #17491
Closes #17660
 2023-04-06 14:50:46 +02:00
mposolda
554818f422 Rename jpa-changelog-22.0.0.xml 
closes #19527
 2023-04-04 19:21:14 +02:00
mposolda
4d8d6f8cd8 Preserve authentication flow IDs after import 
closes #9564
 2023-04-03 16:01:52 +02:00
vramik
5aafc99673 Remove em.refresh(realm) call during realm removal in JpaRealmProvider 
Closes #19430
 2023-04-03 09:27:13 +02:00
Alexander Schwartz
9affc262bd Consistent handling of enums in the database schema 
Closes #19404
 2023-03-30 12:14:43 +02:00
Michal Hajas
e49dfe534e Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store 
Closes #17277
 2023-03-29 16:43:01 +02:00
Michal Hajas
2a5b5c4a40 Fix stale client session is present in user session 
Closes #17570
 2023-03-28 08:32:31 +02:00
Michal Hajas
637c47ac0e Fix NoActionHotRodTransactionWrapper using default exists implementation 
Closes #19196
 2023-03-28 08:29:50 +02:00
Alexander Schwartz
251f6151e8 Rework the Import SPI to be configurable via the Config API 
Also rework the export/import CLI for Quarkus, so that runtime options are available.

Closes #17663
 2023-03-24 15:28:55 -03:00
Pedro Hos
bd0a23a865 /users/count endpoint with search field has different behavior than /users query endpoint #17620 
closes #17620
 2023-03-24 13:43:47 +01:00
Michal Hajas
6d2177f2c8
Remove clientRole flag from HotRodRoleEntity (#17655) 
Closes #17086
 2023-03-21 09:31:54 +01:00
Alexander Schwartz
513bb809f3 Add a map storage global locking implementation for JPA 
Closes #14734
 2023-03-21 08:21:11 +01:00
Martin Kanis
5e7793b64d Unexpected invalid_grant error on offline session refresh when client session is not in the cache 
Closes #9959

Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Lex Cao <lexcao@foxmail.com>
 2023-03-15 12:39:43 +01:00
Michal Hajas
9c2511e205 Store index data in memory instead of persistent store to make it consistent with cached data 
Closes #15653
 2023-03-13 14:27:41 +01:00
Michal Hajas
837c64de3d Add support for pessimistic locking to HotRod 
Closes #13273
 2023-03-07 10:44:31 +01:00
Alexander Schwartz
f6f179eaca Rework the export to use CLI options and property mappers 
Also, adding the wiring to support Model tests for the export.

Closes #13613
 2023-03-07 08:22:12 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer 
Closes #17336
 2023-03-03 17:58:34 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
vramik
d923aa5d5d Entity version is not updated when the entity is root entity 
Closes #17339
 2023-03-02 15:21:43 +01:00
Thomas Darimont
16efddc908
Fix NPE in MigrateTo21_0_0 when admin theme is not set explicitly (#17249) 
Only update admin-console theme to keycloak.v2 if it is explicitly set to "keycloak" or "rh-sso".

Fixes #17248

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-02-23 15:37:59 +00:00
Hynek Mlnarik
7d136c5cca Generate map-like collection accessors 
Along the way fixes also problem with field delegates which
applied manually-crafted methods like `MapUserEntity.removeCredential(id)`
to the delegate itself rather than to the underlying object.

Co-authored-By: Michal Hajas <mhajas@redhat.com>

Closes: #17223
 2023-02-22 17:26:31 +01:00
Hynek Mlnarik
878debd2ab Forbid changing ID 
Closes: #16881
 2023-02-22 17:19:22 +01:00
Michal Hajas
1c79a5666d Deprecate RoleModel.SearchableFields.IS_CLIENT_ROLE field 
Closes #17144
 2023-02-16 20:50:46 +01:00
rmartinc
9995a3cdd4 lastSync value into COMPONENT_CONFIG is always updated 
Closes https://github.com/keycloak/keycloak/issues/17022
 2023-02-16 17:48:49 +01:00
Alexander Schwartz
febe134d5b Make the event listeners specific to the persistence unit 
Closes #13219
 2023-02-16 11:08:15 +01:00
Hynek Mlnarik
d768e75be7 Fix clientRole warning 
Fixes: #16857
 2023-02-15 10:59:52 +01:00
Michal Hajas
1f929c78af Make lockTimeout more friendly for JPA map storage 
Closes #16616
 2023-02-15 10:38:18 +01:00
Hynek Mlnarik
bb0eb899a7 Add ability to run arq testsuite with file store 
Fixes: #17032
 2023-02-15 10:17:23 +01:00
Hynek Mlnarik
2665fb01a6 File storage: Fix path traversal 
Fixes: #17029
 2023-02-14 14:30:14 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction 
Closes #13280
 2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme (#16864) 
Closes #16862
 2023-02-08 09:22:39 +01:00
Hynek Mlnařík
f71ab092de
File store basis 
Fixes: #16676

---

* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite

---------

Co-authored-by: vramik <vramik@redhat.com>
 2023-02-07 14:59:23 +01:00
Martin Kanis
5ba004b447 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage 2023-02-07 10:01:32 +01:00
Alexander Schwartz
48aae83891 Close prepared statement used to set the lock timeout 
Closes #16801
 2023-02-06 17:30:58 +01:00
Martin Kanis
a912558d29 Add MapKeycloakTransaction.exists methods 2023-01-31 17:21:40 +01:00
Klaus Betz
20a7a5acdb fix: consider identity provider models from third-party packages 2023-01-31 06:05:02 -08:00
Alexander Schwartz
c6aba2e3de Make LockAcquiringTimeoutException a RuntimeException 
Closes #16690
 2023-01-31 08:21:32 +01:00
Alexander Schwartz
7933f0489d Align startup of Quarkus with the regular startup to ensure boostrap locks are created. 
Also fixing an issue where DBLockGlobalLockProviderFactory held on to an old session, which lead to a closed DB connection on Quarkus.

Closes #16642
 2023-01-30 12:59:40 +01:00
Michal Hajas
eb59fdb772 Add transaction tests to model tests 
Closes: #15890
 2023-01-26 12:55:22 +01:00
Alexander Schwartz
e9e6b73bd2 Avoid using Hibernate APIs to cache query results as the API changes in Hibernate 6 
Closes #16332
 2023-01-18 14:42:42 +01:00
Hynek Mlnarik
3119566407 Prevent endless loop in case of split-brain 
Fixes: #16427
 2023-01-13 16:23:18 +01:00
vramik
f11bef3e7f EntityField mapPut and collectionAdd default methods doesn't insert an element when get(e) returns null 
Closes #16317
 2023-01-09 15:52:58 +01:00
Pedro Igor
522bf1c0b0 Keep consistency when importing realms at startup when they are exported via the export command 
Closes #16281

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2023-01-06 18:53:01 +01:00
Hynek Mlnarik
7708e2cc5c Fix putAll issues 
Closes: #16287
 2023-01-06 12:01:19 +01:00
Michal Hajas
6566b58be1 Introduce Infinispan GlobalLock implementation 
Closes #14721
 2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41 Move transaction processing into session close 
Fixes: #15223
 2023-01-05 16:12:32 +01:00
vramik
f7ad00270e Unique constraints should use attribute value hash instead of the value itself 
Closes #15699
Closes #15507
 2023-01-05 13:38:06 +01:00
vramik
380df3bedf Field generator: getCollectionElementClass method not generated when no addElement method is present in interface 
Closes #16255
 2023-01-04 17:12:59 +01:00
Pedro Igor
fb554c09db Incrementally cache consents on a per client basis 
Closes #16224
 2023-01-03 14:28:41 -08:00
Martin Kanis
5aae3842c4 Upgrade to Infinispan 14.0.4.Final 2022-12-22 10:09:05 +01:00
Martin Kanis
c0e103dc95 Replace old HotRod index annotation with new one 2022-12-21 12:50:08 +01:00
vramik
44715fe397 Generate getMapKeyClass and getMapValueClass methods for map fields 
Closes #16053
 2022-12-20 19:57:00 +01:00
Michal Hajas
c79d29e68c Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile 
Closes #16046
 2022-12-20 17:51:40 +01:00
Alexander Schwartz
6d0e112bf1 Ensure lock table has its primary key created, and re-enable the DBLockTest 
Closes #15487
 2022-12-20 08:50:14 +01:00
Stefan Guilhen
d6a4acceda Exclude commons-text from liquibase-core dependency 
Closes #15915
 2022-12-12 10:38:54 -03:00
Alexander Schwartz
e4804de9e3 Changing Quarkus transaction handling for JPA map storage to JTA 
This has been recommended as the supported way of transaction handling by the Quarkus team.
Adding handling of exceptions thrown when committing JTA.
Re-adding handling of exceptions when interacting with the entity manager, plus wrapping access to queries to map exceptions during auto-flushing.

Closes #13222
 2022-12-09 10:07:05 -03:00
Peter Zaoral
1073a342cf Cleanup dependencies and align with Quarkus 
* aligned parent POM dependency versions with the Quarkus BOM

Closes #15325

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2022-12-09 09:10:30 -03:00
Hynek Mlnařík
208affe000 Update generator to record the entity to fields mapping 
Fixes: #15677
 2022-12-08 15:40:28 +01:00
Hynek Mlnarik
901c85f6c0 Camel case field names 
Fixes: #15846
 2022-12-08 15:40:28 +01:00
Michal Hajas
de7dd77aeb Change id of TermsAndConditions required actions to uppercase 
Closes #9991
 2022-12-07 10:51:37 -03:00
Pedro Igor
168734b817 Removing references to request and response from Resteasy 
Closes #15374
 2022-12-01 08:38:24 -03:00
Stefan Guilhen
55b2162421 Create map-file module with empty implementations 
Closes #15706
 2022-11-29 12:58:55 +01:00
Alexander Schwartz
4a91c07488 Use LOB handling query to select clients on Oracle 
Closes #15639
 2022-11-24 11:47:51 +01:00
Alexander Schwartz
fd152e8a3e Modify RealmAdminResource.partialImport to work with InputStream 
Rework existing PartialImportManager to not interfere with transaction handling, and bundle everything related to AdminEventBuild and JAX-RS Repsonses inside the Resource.

Closes #13611
 2022-11-24 11:45:11 +01:00
Alexander Schwartz
b019172813 Fix query to work on OracleDB CLOB 
Closes #15528
 2022-11-23 13:49:01 +01:00
Martin Kanis
08061afbd4
Replace operation set wrong lifespan in remote infinispan database and leads to session eviction (#15619) 
Closes #10755
 2022-11-23 12:03:50 +01:00
Martin Kanis
8478b01758 Stop reindexing indexes on new version 2022-11-23 10:57:28 +01:00
danielFesenmeyer
18381ecd2e Fix update of group mappers on certain changes of the group path 
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed

Closes #15614
 2022-11-23 10:12:34 +01:00
Martin Kanis
9025ec16f0 Remove workaround in HotRodUtils#paginateQuery 2022-11-23 09:01:15 +01:00
Pedro Igor
6f7c62fc73 Remove unnecessary endpoints from our JAX-RS entensions 
Closes #15525
 2022-11-16 16:25:33 +01:00
Michal Hajas
6d683824a4 Deprecate DBLockProvider and replace it with new GlobalLockProvider 
Closes #9388
 2022-11-16 16:13:25 +01:00
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
Stefan Guilhen
36ebf9dd46 Add missing parameter to the JpaRootAuthenticationSessionEntity constructor. 
Closes #15093
 2022-11-16 13:45:39 +01:00
Stefan Guilhen
bc014d3e69 Upgrade Liquibase to version 4.16.1 
* aligns with version used in quarkus

Closes #15089
 2022-11-16 13:14:23 +01:00
Alexander Schwartz
b6b6d01a8a Importing a representation by first creating the defaults, importing a representation and then copying it over to the real store. 
This is the foundation for a setup that's needed when importing the new file store for which importing the representation serves as a placeholder.

Closes #14583
 2022-11-16 09:56:13 +01:00
Hynek Mlnarik
556146f961 Fix performance issues with many offline sessions 
Fixes: #13340
 2022-11-15 13:05:45 +01:00
Michal Hajas
9944a594eb Use DELETE statement instead of deleting one by one for HotRod store 
Closes #9420
 2022-11-11 13:51:03 +01:00
Stefan Guilhen
02a69561b5 Use JSONB '->>' function to avoid unnecessary JSON conversion in criteria builders. 
Closes #12280
 2022-11-09 13:47:13 +01:00
Jia Chen
c3d53ae6e0 Returns an empty groups stream without querying the database if a user doesn't belong to any groups 
Closes #12567
 2022-11-09 13:07:42 +01:00
Michal Hajas
d9dcb6c60a Fix Infinispan adapter not checking updated value in getAttribute methods 
Closes #12819
 2022-11-07 20:44:43 +01:00
danielFesenmeyer
ec30c52a00 Fix paging on the "Users in role" endpoint, when JPA persistence is used 
- add order-by-clause to the corresponding JPA query (ordering by username ASC)
- adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles)
- adjust tests to use the new method and check that the expected order is returned

Closes #14772
 2022-11-07 20:44:06 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299) 
closes #14965
 2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114) 
Closes #14794
 2022-11-03 09:32:45 +01:00
Alexander Schwartz
9f95b6ec63 Remove unnecessary lookup of an entity via the session 
Closes #11744
 2022-11-02 10:27:14 +01:00
Alexander Schwartz
dd5a60c321 Allow a partial import to overwrite the default role 
Closes #9891
 2022-11-01 15:35:02 -03:00
Lex Cao
43a3677cc7 Fix slow deletion on deleteClientSessionsByRealm and deleteClientSessionsByUser when using mysql and mariadb by converting sub-query to join 2022-10-27 10:37:15 +02:00
Alexander Schwartz
9fb9780f02 Don't rely on DefaultModeLCriteria in equals/hashCode 
Instead, map this to JPA query and then create the cache lookup key from there.

Closes #14938
 2022-10-26 15:49:26 +02:00
Alexander Schwartz
e494649a4e First naïve per-session caching for JPA map store 
Closes #14938
 2022-10-26 15:49:26 +02:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models 
Closes #14720
 2022-10-25 09:01:33 +02:00
Alexander Schwartz
3a30061c44 Avoid deadlock on CockroachDB when removing authentication sessions 
Closes #14991
 2022-10-24 20:42:31 +02:00
vramik
791c457c32 Add possibility to limit field length in legacy event store 
Closes #14888
 2022-10-21 15:16:26 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697) 
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
 2022-10-18 14:43:04 +02:00
vramik
fa947a41ea Revisit unique constraints in jpa user store 
Closes #14797
 2022-10-17 08:56:45 +02:00
Alexander Schwartz
97c4495c4f Updating H2 database to 2.x 
Closes #12607

Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2022-10-14 11:52:34 +02:00
vramik
f49582cf63 MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable 
Closes #14678
 2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0 Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving 
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
   - moving a group
   - renaming a group
   - renaming a role
   - renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior

Closes #11236
 2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677) 
Closes #13334
 2022-10-13 09:26:44 +02:00
Alexander Schwartz
b67ce73227 Cleanup MapUserSessionAdapter.getAuthenticatedClientSessions() 
Closes #14743
 2022-10-10 13:01:14 +02:00
Takashi Norimatsu
c60a34ac06 Keycloak 19 cannot register post logout redirect URIs whose length in total is over 4000 
Closes #14013
 2022-10-06 20:05:03 +02:00
vramik
a62e98f966 MapUserProvider should throw an exception for more than one user 
Closes #14672
 2022-10-06 13:11:57 +02:00
Hynek Mlnarik
36a1ce6a1a Ensure map storage providers are closed upon session close 
Fixes: #14730
 2022-10-05 14:16:19 +02:00
vramik
e5408884f6 Revisit parent-child relationship in jpa map store 
Closes #14278
 2022-10-05 09:42:34 +02:00
Marek Posolda
fb24c86a3b
offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 (#14658) 
closes #13706
 2022-10-03 12:54:12 +02:00
Alice Wood
1eb7e95b97 enhance existing group search functionality allow exact name search keycloak/keycloak#13973 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
 2022-09-30 10:37:52 +02:00
Alexander Schwartz
be2deb0517 Modify RealmsAdminResource.importRealm to work with InputStream 
Closes #13609
 2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b enhance group search to allow searching for groups via attribute keycloak/keycloak#12964 
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-09-19 15:19:36 +02:00
vramik
4f4dbd622a Ensure entity version is indexed 
Closes #14161
 2022-09-15 08:39:29 -03:00
danielFesenmeyer
3af1134975 Update IDP link username when sync mode is "force" 
Closes #13049
 2022-09-14 08:02:17 -03:00
Pedro Igor
aea6d7da27 Avoid updating offline session refresh time during creation 
Closes #14384
 2022-09-14 07:36:23 -03:00
Alexander Schwartz
621da7b803 Credential validation shouldn't invalidate the user in the cache 
Instead create a new instance of LegacyUserCredentialManager to ensure all calls are routed via the CacheAdapter and its SubjectCredentialManagerCacheAdapter.

Closes #14309
 2022-09-13 09:36:19 -03:00
vramik
3120848ef0 Unify package name format in jpa map store 
Closes #14276
 2022-09-12 13:03:17 +02:00
Sebastian Schuster
cc8567e9f4 14294 fixed admin event expiration sql error 2022-09-12 09:15:47 +02:00
Christoph Leistert
7e5b45f999 Issue #8749: Add an option to control the order of the event query and admin event query 2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5 Move UserFederatedStorageProvider into legacy module 
Closes #13627
 2022-09-11 18:37:45 +02:00
Martin Bartoš
0fcf5d3936 Reuse of token in TOTP is possible 
Fixes #13607
 2022-09-09 08:56:02 -03:00
vramik
869ccc82b2 Enable MapUserProvider storing username with the letter case significance 
Closes #10245
Closes #11602
 2022-09-09 11:46:11 +02:00
vramik
fb33cbc2bd Set correct entity version when adding a child entity with its own entity versioning 
Closes #14273
 2022-09-09 09:43:44 +02:00
cgeorgilakis
07b0df8f62
View groups from account console (#7933) 
Closes #8748
 2022-09-07 11:25:31 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Thomas Peter
19d69169b1 introduce expiration option for admin events 2022-09-06 16:05:53 +02:00
Michal Hajas
f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants 
Closes #14018
 2022-09-06 10:38:28 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling 
Closes #13189
 2022-08-31 08:42:47 +02:00
Alexander Schwartz
27ecf7f00f Use session level cache and avoid resolving by ID too often 
Closes #12381
 2022-08-30 16:42:49 +02:00
Alexander Schwartz
bb6b5abfa1 Remove Infinispan workarounds after upgrading to 13.x 
Closes #13962
 2022-08-30 07:32:19 -03:00
Tero Saarni
4f199c7245 Fix compilation errors with Eclipse Java compiler 2022-08-29 19:33:12 +02:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist (#12797) 
Closes #12657

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-08-25 13:52:30 +02:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final (#13910) 
Closes #12306
 2022-08-25 13:09:34 +02:00
Arnaud Martin
af0d97e534 Delete broker links for federated users when an identity provider is deleted 
Closes #13731
 2022-08-25 08:24:09 +02:00
mposolda
254483bc5d Use separate transactions for each bulk update of offline sessions in PersisterLastSessionRefreshStore to avoid deadlocks 
closes #13684
 2022-08-23 13:52:11 +02:00
David Anderson
ce1331f550
Remove bouncycastle dependency from keycloak-services (#13489) 
Closes #12857


Co-authored-by: mposolda <mposolda@gmail.com>
 2022-08-22 15:43:59 +02:00
Alexander Schwartz
bd926b8fd0 Remove warning from StoragePropertyMappers about the deployment state version seed 
It duplicates the logic in the provider and is incomplete. A follow-up issue will investigate how a provider can defer a configuration option.

Closes #13807
 2022-08-17 13:55:05 -03:00
Alexander Schwartz
801b20e037 Fix running clusteraware scheduled tasks in Wildfly after legacy migration 
As the parent class is in another module, the protected field "task" is not accessible from the lambda.

Closes #13396
 2022-08-17 13:54:34 -03:00
Sebastian Schuster
1445646e77 Fixed n+1 query retrieving user with brief user representation by allowing explicit eager caching of user attributese 2022-08-11 10:51:07 +02:00
Martin Kanis
57f2f4654a Add limit for authSessions per rootAuthSession in map storage 2022-08-10 12:56:37 +02:00
Michal Hajas
ec808d28bb Remove possibility to start embedded HotRod server in hotrod-map module 
Closes #13247
 2022-08-05 21:08:38 +02:00
Alexander Schwartz
8470a30446 Introduce CLI parameter to set the deployment state version seed 
Closes #12710
 2022-07-27 20:10:17 +02:00
Michal Hajas
8ed9ce29d1 Enable near-caching for HotRod store 
Closes #13303
 2022-07-27 14:09:48 +02:00
Michal Hajas
3589778a10 Add possibility to configure HotRod storage in Quarkus distribution 
Closes #12617
 2022-07-26 14:13:39 +02:00
Michal Hajas
eb1f31e9dd Optimize user-client session relationship for HotRod storage 
Closes #12818
 2022-07-26 09:00:13 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282) 
Closes #10135
 2022-07-25 10:57:52 +02:00
Alexander Schwartz
a14501dd77 Remove concurrently removed elements from the result 
Closes #13245
 2022-07-22 08:25:15 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory 
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
 2022-07-22 08:20:00 +02:00
Pedro Igor
98ac3829d6 Remove KeycloakIntegratorProvider 
Closes #13233
 2022-07-21 09:05:59 -03:00
Stefan Guilhen
e9c55f45e5 Enable action token JPA provider in map-storage-jpa profile 
Closes #13139
 2022-07-20 16:30:20 -03:00
Alexander Schwartz
4d19099c66 Workarounds to make Listeners and non-autocommit work on Quarkus 
Closes #13200
 2022-07-20 12:06:06 +02:00
Alexander Schwartz
d30646b1f6 Refactor object locking for UserSessions 
Closes #12717
 2022-07-19 17:47:33 -03:00
Martin Kanis
c8a6846ee0 Remove offline sessions when deleting a realm 2022-07-19 16:40:22 +02:00
Alexander Schwartz
f490638971 Fall back to standard Liquibase locking 
As DBLockProvider is "none" for the Map storage providers, there is no locking provided by DB Lock
provider.

Liquibase's classic lock provider has issues that need to be tackled in a follow-up issue, see https://github.com/liquibase/liquibase/issues/1311

Closes #13130
 2022-07-19 10:45:31 +02:00
Alexander Schwartz
247cf0d09a Assure that a second thread waits for the first thread to process the database changes 
Closes #13130
 2022-07-19 10:45:31 +02:00
Alexander Schwartz
b959e5c32a Prevent logging changeset on the console for Quarkus 
Closes #13126
 2022-07-15 17:12:22 +02:00
Alexander Schwartz
30b41d02b4 Move non-map-storage related classes to new package 
Closes #13081
 2022-07-15 09:46:29 -03:00
Pedro Igor
f6a2b334d1
Integrate the JPA map store (#13097) 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2022-07-14 17:47:51 -03:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241) 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
 2022-07-14 12:07:02 -03:00
Alexander Schwartz
d4c97bd3a9
Choose alternatives for CockroachDB for referenced computed columns (#12991) 2022-07-13 15:31:21 -03:00
Pedro Igor
b80731decf
Remove any legacy provider from runtime when running the new store (#12963) 2022-07-13 07:30:14 -03:00
Michal Hajas
34d8629477
Convert ClientSessionIdleTimeout from seconds to milliseconds before … (#13048) 2022-07-13 07:29:52 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4 
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2022-07-11 12:17:51 -03:00
Michal Hajas
0f86427dd0 Make user->client sessions relationship consistent 
Closes #12817
 2022-07-11 08:42:28 -03:00
Michal Hajas
5f7f4ad850 Reflect SingleUseObject store objectKey changes to HotRod implementation 
Closes #12480
 2022-07-08 10:34:31 -03:00
Michal Hajas
cbb88ed75d Store enums as Integers in HotRod store 
Closes #12502
 2022-07-08 10:34:17 -03:00