Commit graph

1253 commits

Author SHA1 Message Date
Hynek Mlnarik
c02a706a86 KEYCLOAK-17748 Optimize validation of redirect URIs in logout endpoint
Reimplementation of KEYCLOAK-17718
2021-05-18 20:31:21 +02:00
vramik
4d776cd780 KEYCLOAK-18137 Fix introduced SPI name 2021-05-18 20:30:21 +02:00
Václav Muzikář
62e6883524 KEYCLOAK-17084 KEYCLOAK-17434 Support querying clients by client attributes 2021-05-14 13:58:53 +02:00
Peter Flintholm
919899b994 KEYCLOAK-18039: Optimise offline session load on startup
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-05-13 16:26:26 +02:00
Hynek Mlnarik
8feefe94ac KEYCLOAK-18074 Ignore server version for MySQL in ChangeLogHistoryService 2021-05-12 15:01:30 +02:00
Pedro Igor
6397671c88 [KEYCLOAK-17885] - Delete user-managed policies when removing groups 2021-05-10 16:33:23 -03:00
keycloak-bot
4b44f7d566 Set version to 14.0.0-SNAPSHOT 2021-05-06 14:55:01 +02:00
vramik
020dd530b9 KEYCLOAK-18009 Invalid role creation with oracle database 2021-05-06 09:01:42 +02:00
mposolda
20fc430be0 KEYCLOAK-17874 Server cannot be started with oracle19cRAC 2021-05-05 13:12:07 +02:00
vramik
0cecd0f33f KEYCLOAK-17992 MSSQL not updatable 2021-05-05 13:12:07 +02:00
Hynek Mlnarik
96501760e0 KEYCLOAK-17501 Add support for map storage in WildFly 2021-05-03 16:00:30 +02:00
Hynek Mlnarik
7d4255b2a1 KEYCLOAK-17871 Add support for running parallel model tests 2021-04-30 16:13:57 +02:00
Hynek Mlnarik
3e91e6f966 KEYCLOAK-17870 Fix ConcurrentModificationException upon liquibase initialization 2021-04-30 16:13:57 +02:00
Takashi Norimatsu
65c48a4183
KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA) (#7679)
* KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)

Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
Co-authored-by: Christophe Lannoy <c4r1570p4e@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-29 15:56:39 +02:00
vramik
162043beec KEYCLOAK-17615 Move database initialization from KeycloakApplication to JpaConnectionProviderFactory 2021-04-28 13:43:48 +02:00
Yoshiyuki Tabata
45202bd49a KEYCLOAK-17637 Client Scope Policy for authorization service 2021-04-26 08:58:33 -03:00
Hynek Mlnarik
ff4c0e4412 KEYCLOAK-16935 Fix liquibase to work with MySQL 8.0.23+ 2021-04-21 20:20:33 +02:00
Michal Hajas
1e2db74d86 KEYCLOAK-16932 Authorization map storage 2021-04-16 17:26:16 +02:00
Takashi Norimatsu
42dec08f3c
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) (#7780)
* KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation)

* support tests using auth-server-quarkus

* Configuration changes for ClientPolicyExecutorProvider

* Change VALUE of table REALM_ATTRIBUTES to NCLOB

* add author tag

* incorporate all review comments

Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-06 16:31:10 +02:00
vramik
185075d373 KEYCLOAK-14552 Realm Map Store 2021-03-31 15:49:03 +02:00
rmartinc
0a0caa07d6 KEYCLOAK-17215 Slowness issue while hitting /auth/admin/realms/$REALM/clients?viewableOnly=true after DELETE a role 2021-03-31 12:57:17 +02:00
vramik
c3b9c66941 KEYCLOAK-17460 invalidate client when assigning scope 2021-03-30 10:58:16 +02:00
Michito Okai
298ab0bc3e KEYCLOAK-7675 Support for Device Authorization Grant 2021-03-15 10:09:20 -03:00
Hiroyuki Wada
9d57b88dba KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant.
Author:    Hiroyuki Wada <h2-wada@nri.co.jp>
Date:      Thu May 2 00:22:24 2019 +0900

Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
vramik
6e501946b1 KEYCLOAK-17021 Client Scope map store 2021-03-08 21:59:28 +01:00
Pedro Igor
0f30b3118a [KEYCLOAK-16676] - Client attributes should not be stored if null or empty 2021-03-03 15:37:05 +01:00
stefvdwel
11b0c23937 Reduced code duplication 2021-02-17 09:40:19 -03:00
stefvdwel
5a500055f6 Added permission ticket /count endpoint. Todo: testing 2021-02-17 09:40:19 -03:00
Pedro Igor
cdf0ead957
[KEYCLOAK-16780] - Allow batching writes to storage when running migration (#7717)
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2021-01-29 09:35:19 -03:00
Martin Kanis
8432513daa KEYCLOAK-16908 Refactor UserSessionPersisterProvider 2021-01-29 09:29:00 +01:00
mposolda
99a70267d9 KEYCLOAK-16801 Improve performance of ClearExpiredEvents background task 2021-01-27 09:57:46 +01:00
Michito Okai
7f421fb20a KEYCLOAK-16844 Create an index to support offline sessions loading 2021-01-21 22:48:54 +01:00
Hynek Mlnarik
78c05d2da2 KEYCLOAK-16118 Replace MapStorage.entrySet() with search by criteria
* Add model class parameter to MapStorage
* Add shortcut read(id) method to MapKeycloakTransaction
2021-01-20 16:20:56 +01:00
Martin Kanis
9f580e3ed8 KEYCLOAK-15695 Streamification cleanup 2021-01-20 14:39:53 +01:00
Michal Hajas
ba8e2fef6b KEYCLOAK-15524 Cleanup user related interfaces 2021-01-18 16:56:10 +01:00
Yoshiyuki Tabata
ab1dba5fa6 KEYCLOAK-11908 Support for conditional creating indices based on number
of records
2021-01-12 09:06:27 +01:00
vramik
1402d021de KEYCLOAK-14846 Default roles processing 2021-01-08 13:55:48 +01:00
keycloak-bot
75be33ccad Set version to 13.0.0-SNAPSHOT 2020-12-16 17:31:55 +01:00
Michal Hajas
8e376aef51
KEYCLOAK-15847 Add MapUserProvider 2020-12-10 08:57:53 +01:00
Stefan Guilhen
edef93cd49 [KEYCLOAK-16232] Streamify the UserCredentialStore and UserCredentialManager interfaces 2020-12-07 19:48:35 +01:00
Stefan Guilhen
73d0bb34c4 [KEYCLOAK-16232] Replace usages of deprecated collection-based methods with the respective stream variants 2020-12-07 19:48:35 +01:00
Hynek Mlnarik
363df6cab4 KEYCLOAK-16405 Tests for storage logical layer 2020-11-25 12:16:48 +01:00
Stefan Guilhen
84df008bc2 [KEYCLOAK-16341] Make the new stream-based methods in server-spi user interfaces default instead of the collection-based versions.
- this ensures that providing implementation for the collection-based methods is enough, which preserves
   backwards compatibility with older custom implementations.
 - alternative interfaces now allow new implementations to focus on the stream variants of the query methods.
2020-11-18 21:07:51 +01:00
mposolda
9b2f2015f7 KEYCLOAK-16244 RealmRealmLocalizationResourceTest fails on auth-server-quarkus 2020-11-11 14:56:31 +01:00
Pedro Igor
852c4a57ff [KEYCLOAK-14468] - Scope permission sometimes not removed when removing scopes 2020-11-11 08:44:28 +01:00
Martin Kanis
d9029b06b9 KEYCLOAK-15889 Streamification of ProtocolMappers 2020-11-10 16:40:34 +01:00
Stefan Guilhen
aa46735173 [KEYCLOAK-15200] Complement methods for accessing users with Stream variants 2020-11-10 15:13:11 +01:00
Hynek Mlnarik
f0bdcdd204 KEYCLOAK-16113 Add JPA event test 2020-10-30 21:08:27 +01:00
Christoph Leistert
e131de9574 KEYCLOAK-14855 Added realm-specific localization texts which affect texts in every part of the UI (admin console / login page / personal info page / email templates). Also new API endpoints and a new UI screen to manage the realm-specific localization texts were introduced.
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
2020-10-30 08:02:43 -03:00
vramik
785f2e78bc KEYCLOAK-14977 create MapRoleProvider 2020-10-30 08:15:22 +01:00
Martin Kanis
b494b8bb44 KEYCLOAK-16034 Not scroll-able event queries for postgres and mssql 2020-10-30 08:10:00 +01:00
Hynek Mlnarik
925f089d62 KEYCLOAK-16077 Remove need for MapStorage.replace 2020-10-29 15:40:47 +01:00
mposolda
4f93dc8376 KEYCLOAK-11693 Clean startup log output in Keycloak.X 2020-10-23 09:33:54 -03:00
Martin Kanis
f5c52345fc KEYCLOAK-16033 Revert Jpa*EventQuery to getResultList 2020-10-22 13:33:30 +02:00
Daniel Fesenmeyer
de8d2eafa3 KEYCLOAK-14781 Extend Admin REST API with search by federated identity
- Add parameters idpAlias and idpUserId to the resource /{realm}/users and allow it to be combined with the other search parameters like username, email and so on
- Add attribute "federatedIdentities" to UserEntity to allow joining on this field
- extend integration test "UserTest"
2020-10-22 08:51:26 +02:00
mhajas
4556e858ad KEYCLOAK-15522 Use AbstractStorageManager in UserStorageManager 2020-10-15 20:41:13 +02:00
Martin Kanis
086f7b4696 KEYCLOAK-15450 Complement methods for accessing realms with Stream variants 2020-10-14 08:16:49 +02:00
Thomas Darimont
12576e339d KEYCLOAK-15146 Add support for searching users by emailVerified status
We now allow to search for users by their emailVerified status.
This enables users to easily find users and deal with incomplete user accounts.
2020-09-29 08:28:59 -03:00
mhajas
12bc84322a KEYCLOAK-14974 Map group storage provider 2020-09-21 15:56:32 +02:00
Martin Kanis
f037dabdc1 KEYCLOAK-15199 Use stream variant method in jpa/RoleAdapter.getFirstAttribute 2020-09-17 13:18:21 +02:00
Martin Kanis
5d5e56dde3 KEYCLOAK-15199 Complement methods for accessing roles with Stream variants 2020-09-16 16:29:51 +02:00
testn
706299557e KEYCLOAK-15174: ResourceServerAdapter.toEntity checks the wrong type 2020-09-10 12:19:25 -03:00
testn
c288175c03 KEYCLOAK-15208: PermissionTicketAdapter checks for the wrong type 2020-09-10 12:16:48 -03:00
Martin Kanis
4e9bdd44f3 KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak 2020-09-07 13:11:55 +02:00
Martin Kanis
d59a74c364 KEYCLOAK-15102 Complement methods for accessing groups with Stream variants 2020-08-28 20:56:10 +02:00
Martin Kanis
4be99772d8 KEYCLOAK-14967 Closing streams obtained from JPA layer 2020-08-25 21:47:24 +02:00
Pedro Igor
cb57c58b4b [KEYCLOAK-14730] - Consent not working when using federation storage and client is displayed on consent screen 2020-08-19 10:08:21 +02:00
mhajas
ae39760a62 KEYCLOAK-14972 Add independent GroupProvider interface 2020-08-13 21:13:12 +02:00
vramik
bfa21c912c KEYCLOAK-14811 Create RoleProvider and make it independent of ClientProvider and RealmProvider 2020-07-31 15:11:25 -03:00
Martin Idel
bf411d7567 KEYCLOAK-14869: Fix nullpointer exception in FullNameLDAPStorageMapper
Setting an attribute should be possible with a list
containing no elements or a null list

This can happen e.g. when creating users via idps
using a UserAttributeStatementMapper.

Fix this unprotected access in other classes too
2020-07-28 09:54:37 +02:00
Martin Kanis
feef5b4db2 KEYCLOAK-14220 Complement methods for accessing clients with Stream variants 2020-07-27 10:38:39 +02:00
keycloak-bot
afff0a5109 Set version to 12.0.0-SNAPSHOT 2020-07-22 14:36:15 +02:00
Hynek Mlnarik
8fae2997c9 KEYCLOAK-14553 Improve logging 2020-07-22 00:08:15 +02:00
Hynek Mlnarik
c566b46e8f KEYCLOAK-14549 Make ClientProvider independent of RealmProvider
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Pedro Igor
7501e42969 [KEYCLOAK-14646] - Improving permission resolution and evaluation 2020-07-21 14:22:09 +02:00
Yao
ec61c45da5 KEYCLOAK-4593: Moved NamedQuery to entity attribute to improve performance 2020-07-16 08:32:51 +02:00
Plamen Kostov
914b226d11 [KEYCLOAK-14282] Create additional filtering for GET /users endpoint for enabled/disabled users 2020-07-03 09:07:42 -03:00
Martin Idel
05b6ef8327 KEYCLOAK-14536 Migrate UserModel fields to attributes
- In order to make lastName/firstName/email/username field
  configurable in profile
  we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)

Fix tests with logic changes

- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes

Potential impact on users:

- When subclassing UserModel, consistency issues may occur since one can
  now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Pedro Igor
d331091c5e [KEYCLOAK-11330] - Quarkus tests 2020-06-17 17:20:55 +02:00
kurisumakise2011
bfde3ac080 When any liquibase exception is thrown and it catches in LiquibaseJpaUpdaterProvider update method inside try\catch block, an exception will be retrown like RuntimeException, but it will not be logged anywhere. It reaches platform.exit(t) and then only message of wrapped RuntimeException is propagated. But real caused can be noticed only via debug mode. 2020-06-15 14:01:07 +02:00
Pedro Igor
e16f30d31f [KEYCLOAK-2343] - Allow exact user search by user attributes
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2020-06-10 12:02:50 -03:00
Yoshiyuki Tabata
f03ee2ec98 KEYCLOAK-14145 OIDC support for Client "offline" session lifespan 2020-06-04 14:24:52 +02:00
Pedro Igor
0870041b0b [KEYCLOAK-14335] - Not initializing entity associations and removing bi-directional ones
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2020-06-02 11:31:10 -03:00
Pedro Igor
bae802bcfa [KEYCLOAK-11784] - Using Hibernate Extension 2020-05-14 11:10:46 +02:00
stianst
b04932ede5 KEYCLOAK-12414 Remove the need to specify defaults in config file 2020-05-13 09:02:29 -03:00
Álvaro Gómez Giménez
666832d1be KEYCLOAK-13066 Include resourceType in ScopePermissionRepresentation 2020-05-12 17:11:35 -03:00
Michael Cooney
3291161954 KEYCLOAK-13818: Addressing performance issues with adding client scopes during realm creation. Removing redundant lookups by passing all scopes that need to be created at once. 2020-05-12 15:59:42 +02:00
Pedro Igor
19ab9ba53d [KEYCLOAK-13829] - DML for DELETE is executed even though attribute does not exist 2020-05-06 14:04:06 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
Pedro Igor
601bf8d63e [KEYCLOAK-12735] - Improving queries and cache for authz 2020-04-29 03:58:03 +02:00
Yoshiyuki Tabata
874642fe9e KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC 2020-04-28 15:34:25 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
mposolda
b29810c923 KEYCLOAK-13306 Model fixes for check realm when lookup by ID
(cherry picked from commit e40a62de31f6f5d326234314a9e285010665f707)
2020-04-21 08:19:50 +02:00
mposolda
6f62c0ed98 KEYCLOAK-13442 Backwards compatibility in users searching. searchForUser(String, RealmModel, int, int) is no longer called when searching users from the admin console 2020-03-27 13:29:55 +01:00
Pedro Igor
b812159193 [KEYCLOAK-10675] - Deleting an Identity Provider doesn't remove the associated IdP Mapper for that user 2020-03-26 11:41:17 +01:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
mposolda
5ddd605ee9 KEYCLOAK-13259 2020-03-24 05:32:41 +01:00
vramik
86089d40b8 KEYCLOAK-13249 jpa-changelog-8.0.0.xml contains whitespace character 2020-03-18 09:36:23 +01:00
stianst
aece5d1b4c KEYCLOAK-5162 Add index to even table 2020-03-17 17:05:21 +01:00
rmartinc
ad3b9fc389 KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups 2020-03-11 06:14:29 +01:00
Sebastian Schuster
99aba33980 KEYCLOAK-13163 Fixed searching for user with fine-grained permissions 2020-03-09 09:56:13 -03:00
vramik
701fb06de1 KEYCLOAK-12968 fix ClientTest.getAllClientsSearchAndPagination for postgresql 2020-03-05 06:40:03 +01:00
Dmitry Telegin
08319db242 KEYCLOAK-13167 - JDBC resource leak in custom migrations 2020-03-02 21:19:07 +01:00
Hynek Mlnarik
93f05f9291 KEYCLOAK-12450 Revert em.clear() call 2020-03-02 11:22:29 +01:00
Erik Jan de Wit
93a1374558 KEYCLOAK-11129 coalesce possible null values 2020-02-27 09:11:29 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
stianst
32fccfa99e KEYCLOAK-10391 Fix lower-case column names in IdentityProviderMapperEntity, while they are upper-case in Liquibase scripts 2020-02-06 13:31:12 +01:00
Axel Messinese
b73553e305 Keycloak-11526 search and pagination for roles 2020-02-05 15:28:25 +01:00
Leon Graser
01a42f417f Search and Filter for the count endpoint 2020-02-03 09:36:30 +01:00
Pedro Igor
658a083a0c [KEYCLOAK-9600] - Find by name in authz client returning wrong resource 2020-02-03 08:57:20 +01:00
vramik
a83467047b KEYCLOAK-9053 KEYCLOAK-9818 Increase column size for federated foreign keys 2020-01-31 21:24:55 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless (#6649) 2020-01-29 09:33:45 +01:00
Denis Richtárik
24c6e2ba08 KEYCLOAK-12742 Authentication -> WebAuthn Policy: Unable to delete the Acceptable AAGUIDS via the provided minus (-) button, once set (#6695) 2020-01-24 11:55:20 +01:00
vramik
47d6d65bbb KEYCLOAK-12724 - workaround hibernate bug - set explicitly dialect for oracle version greater than 12 2020-01-22 18:34:11 +01:00
Denis Richtárik
8d312d748b KEYCLOAK-12163 Old account console: UI not updated after removing of TOTP (#6688) 2020-01-22 12:26:28 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector (#6591) 2020-01-14 21:54:45 +01:00
vramik
a2b3747d0e KEYCLOAK-7014 - Correctly handle null-values in UserAttributes 2020-01-10 12:44:52 +01:00
Douglas Palmer
106e6e15a9 [KEYCLOAK-11859] Added option to always display a client in the accounts console 2019-12-17 17:12:49 -03:00
vramik
c3d80651bf KEYCLOAK-12473 Add possibility to specify length of event detail when storing to database 2019-12-17 17:15:50 +01:00
Cristian Schuszter
5c7ce775cf KEYCLOAK-11472 Pagination support for clients
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
Martin Kanis
685d49c693 KEYCLOAK-11967 Violation of UNIQUE KEY constraint SIBLING_NAMES (#6485) 2019-11-26 16:00:50 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
vramik
af5df1e535 KEYCLOAK-11808 Add support for MySQL8, update supported database versions 2019-11-15 08:43:48 +01:00
stianst
3a36569e20 KEYCLOAK-9129 Don't expose Keycloak version in resource paths 2019-11-15 08:21:28 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459)
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Patrick Teubner
b3d87b52c2 KEYCLOAK-11888 Fix inconsistent pagination of groups by ordering the results of 'getTopLevelGroupIds' query 2019-11-11 09:22:51 +01:00
Wim Vandenhaute
b6ee342713 KEYCLOAK-4593 Flush and clear when fetching multiple realms for performance improvement with large number of realms 2019-11-04 21:11:26 +01:00
Hynek Mlnarik
f0685cc246 KEYCLOAK-11739 Ensure unique / PK constraint in JPA is on par with Liquibase 2019-10-23 14:53:17 +02:00
Martin Kanis
37304fdd7d KEYCLOAK-10728 Upgrade to WildFly 18 Final 2019-10-21 14:06:44 +02:00
Pedro Igor
6acb87bd7a [KEYCLOAK-10822] - Prevent access to users from another realm 2019-10-21 10:32:50 +02:00
Pedro Igor
17785dac08 [KEYCLOAK-10714] - Add filtering support in My Resources endpoint by name 2019-10-16 16:26:55 +02:00
Hynek Mlnarik
9d685a2c47 KEYCLOAK-11558 Fix unique constraint violation in PartialImportTest
(cherry picked from commit 672703cbc1320466d37761c4cb0d46c5dd0ce0f1)
2019-10-14 14:40:20 +02:00
Takashi Norimatsu
7c75546eac KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
Jan Lieskovsky
cfb225b499 [KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization
(in the direction from LDAP provider to Keycloak) from exponential to
linear time in the case of syncing flat LDAP groups structure

Add a corresponding test (intentionally configured as to be ignored
by CI/CD due to higher demand on time, required fo the test completion)

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 09:54:13 +02:00
Hynek Mlnarik
9eb2e1d845 KEYCLOAK-11028 Use pessimistic locks to prevent DB deadlock when deleting objects 2019-09-09 10:57:49 +02:00
Pedro Igor
967d21dbb5 [KEYCLOAK-10713] - Pagination to resources rest api 2019-07-29 16:19:22 -03:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Hynek Mlnarik
04f266d381 KEYCLOAK-10744 Fix MariaDB cannot create database 2019-07-18 13:59:49 +02:00
rmartinc
bd5dec1830 KEYCLOAK-10112: Issues in loading offline session in a cluster environment during startup 2019-07-03 13:17:45 +02:00
Pedro Igor
0cdd23763c [KEYCLOAK-10443] - Define a global decision strategy for resource servers 2019-07-02 09:14:37 -03:00
mposolda
c124aec586 KEYCLOAK-10262 DBLockTest.testLockConcurrently fails with MariaDB Galera 10.1 2019-06-24 11:23:18 +02:00
Pedro Igor
61eb94c674 [KEYCLOAK-8915] - Support resource type in authorization requests 2019-06-04 21:02:54 -03:00
skyfalke
0007bad6f3 KEYCLOAK-10393 Fix permission ticket pagination in Authz Client
KEYCLOAK-10393 Ensure idempotency of find method of permission ticket store
2019-05-29 09:43:54 -03:00
Hynek Mlnarik
835b2cf9c2 KEYCLOAK-9944 Add Primary Key Constraint into RESOURCE_URIS table 2019-05-13 12:43:23 +02:00
Sebastian Loesch
96250c9685 [KEYCLOAK-9573] Allow AdminEvents for custom resource types 2019-04-26 09:57:28 +01:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
Bekh-Ivanov George
ebcfeb20a3 [KEYCLOAK-10020] - Add ability to request user-managed (ticket) permissions by name 2019-04-12 08:44:57 -03:00
Axel Messinese
e18fb56389 KEYCLOAK-4978 Add endpoint to get groups by role 2019-03-15 06:00:17 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
stianst
7ad02e7318 Fixes for releasing 2019-03-06 11:38:09 +01:00
Gideon Caranzo
4cd617bc42 KEYCLOAK-8977 Added method to return KeycloakSession from RealmCreationEvent 2019-02-21 11:21:54 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
Hynek Mlnarik
a74d6ab932 KEYCLOAK-9107 Fix NPE 2019-02-13 15:49:49 +01:00
Pedro Igor
885eec5ef2 [KEYCLOAK-8348] - Containerize database tests 2019-01-30 16:29:03 -02:00
vramik
c4a46a5591 KEYCLOAK-7677 KEYCLOAK-7723 fix version collision of httpclient
Co-authored-by: Pedro Igor <psilva@redhat.com>
2019-01-10 17:45:41 -02:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
Stefan Guilhen
3462be857b [KEYCLOAK-8835] Add missing not-null constraint to the new remember-me columns in the realm table 2018-12-07 11:32:30 +01:00
Pedro Igor
0c39eda8d2 [KECLOAK-8237] - Openshift Client Storage 2018-12-06 10:57:53 -02:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
Hynek Mlnarik
d395043fc7 KEYCLOAK-8707 Fix client template to scope migration 2018-11-22 15:07:47 +01:00
mposolda
6e93ca36af KEYCLOAK-8519 OIDCScopeTest.testClientDisplayedOnConsentScreenWithEmptyConsentText failing on Oracle 2018-11-22 09:30:01 +01:00
mposolda
0533782d90 KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB 2018-11-16 14:23:28 +01:00
Michael Gottlieb
3bdbbf41af KEYCLOAK-8702:Fix Offline Sessions requires column
Prevent RemoveDuplicateOfflineSessions from running when migration to 3.2.0 has been run.
This prevents running when the  database has already dropped CLIENT_SESSION_ID from  OFFLINE_CLIENT_SESSION table.
This change unblocks migrating from 3.2.0 to 4.4.0 and later.
2018-11-16 12:03:57 +01:00
Leon Graser
85f11873c3 KEYCLOAK-8613 Group Membership Pagination 2018-11-15 17:54:07 +01:00
Thomas Darimont
cf57a1bc4b KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.

SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.

Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
Graser Leon
9ef4c7fffd KEYCLOAK-8377 Role Attributes 2018-10-24 22:04:28 +02:00
Gideon Caranzo
7d85ce93bb KEYCLOAK-8555 queried only realms with user storage provider to speed up user storage sync bootstrap 2018-10-19 09:53:58 +02:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
Pedro Igor
79ca722b49 [KEYCLOAK-7605] - Make sure Evaluation API is read-only 2018-10-09 08:09:29 -03:00
Pedro Igor
b4b3527df7 [KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups 2018-10-02 15:44:23 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
Pedro Igor
609c521c17 [KEYCLOAK-8281] - Deletion of client with token exchange policy leads to breaking errors 2018-09-18 18:58:45 -03:00
stianst
24e60747b6 KEYCLOAK-7560 Refactor token signature SPI PR
Also incorporates:
KEYCLOAK-6770 ES256/384/512 providers
KEYCLOAK-4622 Use HS256 for refresh tokens
KEYCLOAK-4623 Use HS256 for client reg tokens
2018-09-11 08:14:10 +02:00
Leon Graser
df22c4d613 changed user and resource entity to fetch mode select with batch size 20 2018-09-10 20:31:04 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
Hynek Mlnarik
5fe1905e4b KEYCLOAK-6803 Prevent duplicating required actions in JPA user storage 2018-09-03 19:42:18 +02:00
Hynek Mlnarik
8a7a545628 KEYCLOAK-7944 Remove duplicate offline client sessions 2018-08-29 10:55:38 +02:00
Hynek Mlnarik
2077975b1c KEYCLOAK-6411 Fix list of keywords on MySQL/MariaDB 2018-08-28 09:51:58 +02:00
Stefan Guilhen
f36e45cb10 [KEYCLOAK-4902] - Using streams to process scopes and cache improvements 2018-08-14 06:29:10 -03:00
Stefan Guilhen
060b3b8d0f [KEYCLOAK-4902] - Using streams when fetching resources 2018-08-09 16:28:31 -03:00
Pedro Igor
905fd3ae00 [KEYCLOAK-8003] - Migration to 4.2.1 extracting RESOURCE_URIs fails with fine-grained admin permissions 2018-08-08 11:00:25 +02:00
Pedro Igor
80e5227bcd [KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests 2018-08-07 10:53:40 -03:00
Hiroyuki Wada
263792a4ab KEYCLOAK-7984 Fix migration issue 2018-08-02 14:58:20 +02:00
alva.huang
3380fdc119 [KEYCLOAK-7985] fix the table name error, from RESOURCE_URI to RESOURCE_URIS
Signed-off-by: alva.huang <alva@izhiju.cn>
2018-08-02 08:31:44 -03:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
Hiroyuki Wada
7c0ca9aad2 KEYCLOAK-6313 Add required action's priority for customizing the execution order 2018-07-23 22:21:04 +02:00
mhajas
1308a3231d KEYCLOAK-7931 Correct wrong JPA changelog filenames 2018-07-23 11:49:54 +02:00
mhajas
5aebc74f8c KEYCLOAK-7269 Setting more uris for Authorization Resource 2018-07-11 17:48:34 -03:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
Martin Kanis
0e2e867e4a KEYCLOAK-5023 database migration fails if mysql schema name has hyphen 2018-06-27 10:11:09 +02:00
Takashi Norimatsu
2fb022e501 KEYCLOAK-7688 Offline Session Max for Offline Token 2018-06-26 08:25:06 +02:00
Martin Kanis
998227ac53 KEYCLOAK-5461 Upgrade to Liquibase 3.5.5 2018-06-22 13:20:10 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076)
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Pedro Igor
f8919f8baa
Merge pull request #5211 from pedroigor/KEYCLOAK-7367
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-06-04 09:35:13 -03:00
Pedro Igor
2b6597e9f1 [KEYCLOAK-7367] - User-Managed Policy Provider 2018-05-25 16:18:15 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
Pedro Igor
5cae1bb134
Merge pull request #5093 from pedroigor/KEYCLOAK-4102
[KEYCLOAK-4102] - Support lazy load paths
2018-03-29 09:16:34 -03:00
pedroigor
4a425c2674 [KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config 2018-03-28 09:23:59 -03:00
dongay
707b80f436 KEYCLOAK-3210 Apply @Nationalized attribute to entity fields that should support unicode character sets 2018-03-27 20:55:59 +02:00
Pedro Igor
ffeb0420bf
Merge pull request #5079 from pedroigor/KEYCLOAK-6529
[KEYCLOAK-6529] - Resource Attributes
2018-03-27 09:30:38 -03:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
pedroigor
758ae41999 [KEYCLOAK-6529] - Constraint name too long 2018-03-22 07:05:03 -03:00
pedroigor
08896ee9c9 [KEYCLOAK-6529] - Resource Attributes 2018-03-19 13:21:39 -03:00
Pedro Igor
2aa71d1737
Merge pull request #5051 from pedroigor/KEYCLOAK-6787
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-12 11:41:49 -03:00
Bill Burke
4b6b45cf43 KEYCLOAK-6026 2018-03-05 11:57:05 -05:00
vramik
9bd2e70376 KEYCLOAK-6790 Identifier for RESOURCE_SERVER_PERMISSION_TICKET table is too long for Oracle databases 2018-03-02 12:46:19 +01:00
Bill Burke
7f21cdd1f4 KEYCLOAK-6551 2018-03-02 10:41:05 +01:00
pedroigor
1e1de85685 [KEYCLOAK-6787] - Wrong validation of resources with same name and different owners 2018-03-01 16:50:05 -03:00
pedroigor
cb531056a6 [KEYCLOAK-6621] - Fixing cache and queries of policies with type scope 2018-02-28 16:33:45 -03:00
Pedro Igor
91bdc4bde2 [KEYCLOAK-3169] - UMA 2.0 (#4368)
* [KEYCLOAK-3169] - UMA 2.0 Support

* [KEYCLOAK-3169] - Changes to account service and more tests

* [KEYCLOAK-3169] - Code cleanup and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - More tests

* [KEYCLOAK-3169] - Changes to adapter configuration

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring

* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests

* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers

* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console

* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console

* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests

* [KEYCLOAK-3169] - Removing more UMA 1.0 related code

* [KEYCLOAK-3169] - Only submit requests if ticket exists

* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - 403 response in case ticket is not created

* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent

* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
gonzalad
898347366d KEYCLOAK-6589: Optimize jpql in User search API
This commit removes the 6 n+1 select
that are issued when calling GET /users api.

We now have 4 select queries.
2018-02-22 14:21:42 +01:00
pedroigor
d590600c12 [KEYCLOAK-6321] - NPE when deleting a resource with admin events enabled 2018-02-21 19:41:44 +01:00
Bruno Oliveira
b91998a0d8 [KEYCLOAK-6111] 'Override User-Initiated Action Lifespan' admin GUI can break realm configuration 2018-02-09 06:36:23 -02:00
pedroigor
76657d5239 [KEYCLOAK-6528] - Fixing mysql error. Probably a consequence of KEYCLOAK-6228 changes. 2018-02-08 21:17:33 +01:00
Bill Burke
a0d275c850 whoops, fix db script 2018-01-31 14:28:40 -05:00
Bill Burke
26411a123e migrate fix 2018-01-31 13:11:46 -05:00
Bill Burke
bd3eb9d662 more hynek db changes 2018-01-30 19:46:42 -05:00
Bill Burke
a571781240 hynek db changes 2018-01-30 17:00:55 -05:00
Bill Burke
dd4c0d448c Merge remote-tracking branch 'upstream/master' into client-storage-spi 2018-01-27 09:47:41 -05:00
Bill Burke
6b84b9b4b6 done 1st iteration 2018-01-27 09:47:16 -05:00
vramik
b0fbe5c8ba KEYCLOAK-6300 List of group members is not sorted alphabetically 2018-01-25 20:21:03 +01:00
Bill Burke
4bfb62d7f4 marek suggested fixes 2018-01-24 09:32:38 -05:00
Bill Burke
a9297df89c KEYCLOAK-6335 2018-01-23 12:09:49 -05:00
Douglas Palmer
fc3c07f6de [KEYCLOAK-6236] Use MessageDigest.isEquals in place of String.equals 2018-01-18 13:04:54 +01:00
Hynek Mlnarik
e4c875eb41 KEYCLOAK-6108 Remove DROP INDEX in postgres (handled automatically) 2018-01-04 09:03:52 +01:00
Hynek Mlnarik
f0c1e65b2d KEYCLOAK-6095 Include schema in custom SQL 2018-01-04 09:03:52 +01:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Martin Kanis
351dbffaf2 KEYCLOAK-5172 Set oidc as default protocol to clients 2017-12-20 13:38:12 +01:00
mposolda
6696c0f0b2 KEYCLOAK-5245 Restart failures when deleting a client with existing sessions/offline_tokens 2017-12-13 15:53:10 +01:00
Bill Burke
efa5949f69
Merge pull request #4814 from patriot1burke/master
KEYCLOAK-5350
2017-12-07 10:07:35 -05:00
stianst
c055ffb083 KEYCLOAK-4215 Consider session expiration when setting token timeouts 2017-12-07 10:45:02 +01:00
stianst
5fd3c9161d KEYCLOAK-5868 2017-12-07 10:42:21 +01:00
Bill Burke
64f8d7ce25 KEYCLOAK-5350 2017-12-06 16:00:23 -05:00
stianst
6d1c33ccdc KEYCLOAK-5667 2017-12-06 06:45:23 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
pedroigor
17748d5ba8 [KEYCLOAK-5660] - Adding UserQueryProvider.getUsersCount(realm, includeServiceAccount) method 2017-11-30 10:45:54 +01:00
pedroigor
674fb31a2c [KEYCLOAK-5660] - Rest API User count returns wrong value 2017-11-30 10:45:54 +01:00
stianst
2be78a0239 KEYCLOAK-5924 Add error handler for uncaught errors 2017-11-30 10:33:13 +01:00
pedroigor
9ffc11d04f [KEYCLOAK-4231] - Unable to import PEM certificate > 2048 2017-11-29 20:26:22 +01:00
Bill Burke
8993ca08ad KEYCLOAK-4715 2017-11-21 17:46:48 -05:00
Hynek Mlnarik
a787cfa33a KEYCLOAK-5425 Have preconditions evaluated in manual mode 2017-11-15 13:37:32 +01:00
Bruno Oliveira
03d0488335 [KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-13 19:57:04 -02:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Hynek Mlnarik
c9aa5e638e KEYCLOAK-5230 Add indices to FED_* tables 2017-10-27 12:43:22 +02:00
vramik
223713bc53 KEYCLOAK-4928 Add primary key constraints 2017-10-24 10:46:46 +02:00
Bruno Oliveira da Silva
b6ab2852c2 Remove unused imports (#4558) 2017-10-16 14:23:42 +02:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens.
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b Merge pull request #4209 from guitaro/feature/group-search-and-pagination
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Oguz Kilcan
6ec5264f20 KEYCLOAK-5416 Migration from 3.2.1 to 3.3.0 doesn't work on MSSQL due to constraint violation (#4461) 2017-09-15 09:56:22 +02:00
Levente NAGY
d18aa44fb4 Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination 2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7 KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache 2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f Merge branch 'master' into feature/group-search-and-pagination 2017-09-13 10:27:38 +02:00
Pedro Igor
90db6654d3 Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00
Levente NAGY
c8c88dd58c KEYCLOAK 2538 - UI group pagination - TU + some code improvement + add mockito dependency 2017-09-12 15:09:08 +02:00
Levente NAGY
db56d82dbd KEYCLOAK 2538 - UI group pagination - fix duplicate result for search + sort result 2017-09-12 11:45:37 +02:00
Marek Posolda
2a1f40d487 Merge pull request #4408 from MarkSchmitt/master
KEYCLOAK-5322: Rewrote delete statement to scale better
2017-09-12 11:14:08 +02:00
Gabriel Lavoie
bf184e8599 KEYCLOAK-4858: ResourceServer PK change to CLIENT_ID.
- MSSQL needs the index to be dropped before the column.
- Different UPDATE statement format to support MSSQL.
2017-09-11 13:50:58 -04:00
Levente NAGY
2c24b39268 KEYCLOAK 2538 - UI group pagination 2017-09-07 19:39:06 +02:00
fmugrau
998262177f KEYCLOAK-5422: Rewrote statement to scale better 2017-09-07 10:17:22 +02:00
Pedro Igor
f10891b662 [KEYCLOAK-4858] - Migration configuration for resource server pk changes 2017-09-06 11:28:58 -03:00
Gabriel Lavoie
c1664478d9 KEYCLOAK-4858: Slow query performance for client with large data volume
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00
vramik
37479a9afe KEYCLOAK-5405 add synchronization of the persistence context when creating a group 2017-09-05 14:34:43 +02:00
vramik
d62164f6f0 KEYCLOAK-5385 add not null constraint for user_entity.not_before (#4446) 2017-09-01 08:57:50 +02:00
vramik
8bfab22417 KEYCLOAK-5049 add explicit removal of groups (#4416) 2017-08-30 08:16:00 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnařík
23560d9e41 KEYCLOAK-5235 Fix JPA update script for MariaDB (#4423) 2017-08-28 08:05:49 +02:00
mposolda
fe5891fbdb KEYCLOAK-5293 Add notBefore to user 2017-08-23 08:58:26 +02:00
mark.schmitt
6a28971218 KEYCLOAK-5322: Rewrote delete statement to scale better 2017-08-22 13:15:09 +00:00
Levente NAGY
c8aa708cff Merge remote-tracking branch 'upstream/master' 2017-08-10 18:14:49 +02:00
Pedro Igor
6865b4bbb1 [KEYCLOAK-4808] - Import large authz settings a bit faster 2017-07-06 18:22:13 -03:00
Pedro Igor
65251748c7 [KEYCLOAK-5148] - Create authorization settings when creating a new client using a config file 2017-07-05 18:19:00 -03:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Léventé NAGY
1a50e77a4d Merge branch 'master' into feature/group-search-and-pagination 2017-06-26 20:36:36 +02:00
Bill Burke
3ee86fedc7 Merge remote-tracking branch 'upstream/master' 2017-06-23 09:57:35 -04:00
Léventé NAGY
41d8d17062 Merge branch 'master' into feature/group-search-and-pagination 2017-06-22 17:41:30 +02:00
Levente NAGY
124bf43a27 [KEYCLOAK-2538] - groups count for pagination 2017-06-22 17:32:38 +02:00
Bill Burke
d08ddade2e merge 2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc removal 2017-06-21 17:42:57 -04:00
mposolda
fc61a4e89f KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model 2017-06-21 22:14:20 +02:00
mposolda
e91dd011c5 KEYCLOAK-4438 Disable kerberos flow when provider removed 2017-06-21 09:38:20 +02:00
Levente NAGY
f377a45c4e [KEYCLOAK-2538] - groups count for pagination limits 2017-06-07 20:52:22 +02:00
Levente NAGY
c4da7637d6 [KEYCLOAK-2538] - groups pagination and group search 2017-06-06 18:32:48 +02:00
Bill Burke
b9f7a43a72 group permissions 2017-06-01 20:16:35 -04:00
Gabriel Lavoie
e59aeb56cc KEYCLOAK-3990: Very slow use of NamedQueries.
- Generates too many auto-flush checks by Hibernate.
- Moved to collections mapping to allow batching and the use of Hibernate L2 cache.
2017-05-23 08:09:39 -04:00
Stian Thorgersen
e3a04ebd90 Merge pull request #3557 from glavoie/KEYCLOAK-3988
KEYCLOAK-3988: Multiple missing indexes on FKs.
2017-05-23 14:07:51 +02:00
Bill Burke
ab763e7c5b fixes after merge 2017-05-19 15:54:36 -04:00
Bill Burke
2cac8b1bb7 KEYCLOAK-4929 2017-05-18 16:53:31 -04:00
Bill Burke
c291748f43 KEYCLOAK-4929 2017-05-18 16:48:04 -04:00
mposolda
c178a2392d KEYCLOAK-4907 Fix postgresql and mssql. Fix migration 2017-05-17 22:44:44 +02:00
Gabriel Lavoie
4581272dcd KEYCLOAK-3988: Multiple missing indexes on FKs. 2017-05-15 08:15:58 -04:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
Pedro Igor
e14be4460b [KEYCLOAK-4867] - Cluster events and invalidations 2017-05-05 22:48:51 -03:00
Stian Thorgersen
8da766e02e Merge pull request #4104 from sjvs/master
Fix three lgtm.com alerts: two possible NPEs, one possible int overflow
2017-05-05 13:13:02 +02:00
Bas van Schaik
eb93eef874 Fix lgtm.com alert: variable 'config' is always null (likely false logic)
Details:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/dist-7900299-1490802114895/files/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserCredentialStore.java#V122
2017-04-28 14:50:30 +01:00
Eriksson Fabian
ca1152c3e5 KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
mposolda
8000baeb1f KEYCLOAK-4789 Can't remove userStorage when linked users have consent 2017-04-25 11:32:26 +02:00
Stian Thorgersen
54ee055bd8 KEYCLOAK-4671 Add server-private-spi to dependency deployer 2017-04-25 10:16:24 +02:00
mposolda
d05a894831 KEYCLOAK-4326 KEYCLOAK-4588 Can't get granted consents if client template mappers were consented to 2017-04-24 15:44:38 +02:00
Pedro Igor
8e877a7f6c [KEYCLOAK-3135] - More tests 2017-04-12 14:34:27 -03:00
Pedro Igor
eec712a259 [KEYCLOAK-3135] - Role and user policies apis 2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c [KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests 2017-04-12 00:52:13 -03:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Johannes Knutsen
9a0de676c4 KEYCLOAK-4559 Filter users by realm id when searching for user by user attribute 2017-03-14 11:05:12 +01:00
Pedro Igor
e7e6314146 [KEYCLOAK-4555] - Fixes and improvements to evaluation code 2017-03-13 14:08:54 -03:00
Stian Thorgersen
e7cd8d41c6 Merge pull request #3558 from glavoie/KEYCLOAK-3989
KEYCLOAK-3989: Replacing COMPOSITE_ROLE Collection with Set.
2017-03-10 12:00:59 +01:00
Bill Burke
efffcc5f41 Merge pull request #3915 from TeliaSoneraNorge/KEYCLOAK-4524
KEYCLOAK-4524
2017-03-08 10:08:04 -05:00
Martin Hardselius
a0a85f62c6 KEYCLOAK-4524 possible to add identity prover mappers with same name into single identity provider
- unique name enforcement working
- test added
2017-03-03 16:40:49 +01:00
Bill Burke
3bb29e033b KEYCLOAK-4501, KEYCLOAK-4511, KEYCLOAK-4513 2017-03-03 09:48:52 -05:00
Bill Burke
d9633dc20c Merge remote-tracking branch 'upstream/master' 2017-02-09 09:13:00 -05:00
Bill Burke
cf5e2a1d20 unlink/remoteimported 2017-02-08 19:48:22 -05:00
Stian Thorgersen
1c7de24084 Merge pull request #3832 from stianst/KEYCLOAK-4370
KEYCLOAK-4370 Prevent LDAP provider from being migrated twice
2017-02-06 08:21:30 +01:00
Stian Thorgersen
f73aaef67a KEYCLOAK-4370 Prevent LDAP provider from being migrated twice 2017-02-03 10:05:57 +01:00
Bill Burke
0d308e2b69 KEYCLOAK-4218 2017-01-31 15:15:49 -05:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
mposolda
e487db349c KEYCLOAK-4274 Fix recursive composite role mappings 2017-01-23 17:55:45 +01:00
Hynek Mlnarik
13e4f607ad KEYCLOAK-2847 Fix exception convertor for Wildfly 2017-01-19 18:11:51 +01:00
Bill Burke
73d3e8afd9 Merge pull request #3770 from patriot1burke/master
KEYCLOAK-4077
2017-01-19 07:35:10 -05:00
Bill Burke
8daa2c3703 KEYCLOAK-4256 2017-01-18 18:28:08 -05:00
Pedro Igor
c19360c6f2 [KEYCLOAK-4203] - Removing references to Drools 2017-01-18 12:44:30 -02:00
Bill Burke
aa78c9eaf5 Merge pull request #3666 from hmlnarik/KEYCLOAK-4072-User-ID-from-User-Storage-Provider-too-long-for-Offline-User-Session
KEYCLOAK-4072 Add explicit check for key format
2017-01-13 09:39:45 -05:00
Bill Burke
d075172fd2 KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118 2017-01-09 17:14:20 -05:00
Stian Thorgersen
b7c98ed433 KEYCLOAK-2980 Fix admin query for resource path 2017-01-03 10:34:21 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
mposolda
c998198aac KEYCLOAK-4128 ResourcePermissionManagementTest fails on Oracle DB 2016-12-21 13:01:37 +01:00
Hynek Mlnarik
66eb9095c1 KEYCLOAK-4122 2016-12-20 20:28:13 +01:00
mposolda
aee8398ee8 KEYCLOAK-4072 Minor update 2016-12-20 11:42:24 +01:00
Bill Burke
8b5aafc4b4 KEYCLOAK-4072 2016-12-20 09:42:43 +01:00
Pedro Igor
c9c8acd029 [KEYCLOAK-4034] - Invalidating policy cache when creating resources and scopes 2016-12-19 20:28:49 -02:00
Pedro Igor
40591cff25 Merge pull request #3662 from pedroigor/KEYCLOAK-4034
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
5cf5168770 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 16:48:16 -02:00
Marek Posolda
c6363aa146 Merge pull request #3630 from sldab/duplicate-email-support
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 15:37:18 +01:00
Pedro Igor
c9c9f05e29 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 11:22:37 -02:00
Stian Thorgersen
3bd3d0285d Merge branch 'duplicate-groups' of https://github.com/ssilvert/keycloak into ssilvert-duplicate-groups 2016-12-19 13:07:39 +01:00
Hynek Mlnarik
3e3216fb23 KEYCLOAK-4072 Add explicit check for key format 2016-12-19 11:01:45 +01:00
Slawomir Dabek
93cec9b3ee KEYCLOAK-4059 Support for duplicate emails 2016-12-19 10:55:12 +01:00
Bill Burke
9b18601102 KEYCLOAK-3973 2016-12-07 16:10:33 -05:00
Bill Burke
223cc1fb50 KEYCLOAK-3973 2016-12-07 12:56:03 -05:00
Bill Burke
77d17de14d Merge pull request #3611 from patriot1burke/master
KEYCLOAK-3620
2016-12-06 08:18:36 -05:00