keycloak-scim

Author	SHA1	Message	Date
Alexander Schwartz	3a30061c44	Avoid deadlock on CockroachDB when removing authentication sessions Closes #14991	2022-10-24 20:42:31 +02:00
vramik	791c457c32	Add possibility to limit field length in legacy event store Closes #14888	2022-10-21 15:16:26 +02:00
Stian Thorgersen	97ae90de88	Remove Red Hat Single Sign-On product profile from upstream (#14697 ) * Remove Red Hat Single Sign-On product profile from upstream Closes #14916 * review suggestions: Remove Red Hat Single Sign-On product profile from upstream Closes #14916 Co-authored-by: Peter Skopek <pskopek@redhat.com>	2022-10-18 14:43:04 +02:00
vramik	fa947a41ea	Revisit unique constraints in jpa user store Closes #14797	2022-10-17 08:56:45 +02:00
Alexander Schwartz	97c4495c4f	Updating H2 database to 2.x Closes #12607 Co-authored-by: Stian Thorgersen <stian@redhat.com>	2022-10-14 11:52:34 +02:00
vramik	f49582cf63	MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable Closes #14678	2022-10-14 09:32:38 +02:00
danielFesenmeyer	f80a8fbed0	Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving - no longer throw an exception, when a role or group cannot be found, log a warning instead - update mapper references in case of the following events: - moving a group - renaming a group - renaming a role - renaming a client's Client ID (may affect role qualifiers) - in case a role or group is removed, the reference still will not be changed - extend and refactor integration tests in order to check the new behavior Closes #11236	2022-10-13 13:23:29 +02:00
Martin Kanis	761929d174	Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677 ) Closes #13334	2022-10-13 09:26:44 +02:00
Alexander Schwartz	b67ce73227	Cleanup MapUserSessionAdapter.getAuthenticatedClientSessions() Closes #14743	2022-10-10 13:01:14 +02:00
Takashi Norimatsu	c60a34ac06	Keycloak 19 cannot register post logout redirect URIs whose length in total is over 4000 Closes #14013	2022-10-06 20:05:03 +02:00
vramik	a62e98f966	MapUserProvider should throw an exception for more than one user Closes #14672	2022-10-06 13:11:57 +02:00
Hynek Mlnarik	36a1ce6a1a	Ensure map storage providers are closed upon session close Fixes: #14730	2022-10-05 14:16:19 +02:00
vramik	e5408884f6	Revisit parent-child relationship in jpa map store Closes #14278	2022-10-05 09:42:34 +02:00
Marek Posolda	fb24c86a3b	offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 (#14658 ) closes #13706	2022-10-03 12:54:12 +02:00
Alice Wood	1eb7e95b97	enhance existing group search functionality allow exact name search keycloak/keycloak#13973 Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>	2022-09-30 10:37:52 +02:00
Alexander Schwartz	be2deb0517	Modify RealmsAdminResource.importRealm to work with InputStream Closes #13609	2022-09-26 20:58:08 +02:00
Alice Wood	55a660f50b	enhance group search to allow searching for groups via attribute keycloak/keycloak#12964 Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2022-09-19 15:19:36 +02:00
vramik	4f4dbd622a	Ensure entity version is indexed Closes #14161	2022-09-15 08:39:29 -03:00
danielFesenmeyer	3af1134975	Update IDP link username when sync mode is "force" Closes #13049	2022-09-14 08:02:17 -03:00
Pedro Igor	aea6d7da27	Avoid updating offline session refresh time during creation Closes #14384	2022-09-14 07:36:23 -03:00
Alexander Schwartz	621da7b803	Credential validation shouldn't invalidate the user in the cache Instead create a new instance of LegacyUserCredentialManager to ensure all calls are routed via the CacheAdapter and its SubjectCredentialManagerCacheAdapter. Closes #14309	2022-09-13 09:36:19 -03:00
vramik	3120848ef0	Unify package name format in jpa map store Closes #14276	2022-09-12 13:03:17 +02:00
Sebastian Schuster	cc8567e9f4	14294 fixed admin event expiration sql error	2022-09-12 09:15:47 +02:00
Christoph Leistert	7e5b45f999	Issue #8749 : Add an option to control the order of the event query and admin event query	2022-09-11 21:30:12 +02:00
Alexander Schwartz	1d2d3e5ca5	Move UserFederatedStorageProvider into legacy module Closes #13627	2022-09-11 18:37:45 +02:00
Martin Bartoš	0fcf5d3936	Reuse of token in TOTP is possible Fixes #13607	2022-09-09 08:56:02 -03:00
vramik	869ccc82b2	Enable MapUserProvider storing username with the letter case significance Closes #10245 Closes #11602	2022-09-09 11:46:11 +02:00
vramik	fb33cbc2bd	Set correct entity version when adding a child entity with its own entity versioning Closes #14273	2022-09-09 09:43:44 +02:00
cgeorgilakis	07b0df8f62	View groups from account console (#7933 ) Closes #8748	2022-09-07 11:25:31 +02:00
Christoph Leistert	cc2bb96abc	Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.	2022-09-06 21:31:31 +02:00
Thomas Peter	19d69169b1	introduce expiration option for admin events	2022-09-06 16:05:53 +02:00
Michal Hajas	f69497eb28	KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants Closes #14018	2022-09-06 10:38:28 +02:00
Martin Bartoš	e6a5f9c124	Default required action providers are still available after feature disabling Closes #13189	2022-08-31 08:42:47 +02:00
Alexander Schwartz	27ecf7f00f	Use session level cache and avoid resolving by ID too often Closes #12381	2022-08-30 16:42:49 +02:00
Alexander Schwartz	bb6b5abfa1	Remove Infinispan workarounds after upgrading to 13.x Closes #13962	2022-08-30 07:32:19 -03:00
Tero Saarni	4f199c7245	Fix compilation errors with Eclipse Java compiler	2022-08-29 19:33:12 +02:00
Pedro Igor	2cc4b54404	Do not cache policies if they no longer exist (#12797 ) Closes #12657 Co-authored-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2022-08-25 13:52:30 +02:00
Michal Hajas	05b9e6d59e	Upgrade Infinispan to 13.0.10.Final (#13910 ) Closes #12306	2022-08-25 13:09:34 +02:00
Arnaud Martin	af0d97e534	Delete broker links for federated users when an identity provider is deleted Closes #13731	2022-08-25 08:24:09 +02:00
mposolda	254483bc5d	Use separate transactions for each bulk update of offline sessions in PersisterLastSessionRefreshStore to avoid deadlocks closes #13684	2022-08-23 13:52:11 +02:00
David Anderson	ce1331f550	Remove bouncycastle dependency from keycloak-services (#13489 ) Closes #12857 Co-authored-by: mposolda <mposolda@gmail.com>	2022-08-22 15:43:59 +02:00
Alexander Schwartz	bd926b8fd0	Remove warning from StoragePropertyMappers about the deployment state version seed It duplicates the logic in the provider and is incomplete. A follow-up issue will investigate how a provider can defer a configuration option. Closes #13807	2022-08-17 13:55:05 -03:00
Alexander Schwartz	801b20e037	Fix running clusteraware scheduled tasks in Wildfly after legacy migration As the parent class is in another module, the protected field "task" is not accessible from the lambda. Closes #13396	2022-08-17 13:54:34 -03:00
Sebastian Schuster	1445646e77	Fixed n+1 query retrieving user with brief user representation by allowing explicit eager caching of user attributese	2022-08-11 10:51:07 +02:00
Martin Kanis	57f2f4654a	Add limit for authSessions per rootAuthSession in map storage	2022-08-10 12:56:37 +02:00
Michal Hajas	ec808d28bb	Remove possibility to start embedded HotRod server in hotrod-map module Closes #13247	2022-08-05 21:08:38 +02:00
Alexander Schwartz	8470a30446	Introduce CLI parameter to set the deployment state version seed Closes #12710	2022-07-27 20:10:17 +02:00
Michal Hajas	8ed9ce29d1	Enable near-caching for HotRod store Closes #13303	2022-07-27 14:09:48 +02:00
Michal Hajas	3589778a10	Add possibility to configure HotRod storage in Quarkus distribution Closes #12617	2022-07-26 14:13:39 +02:00
Michal Hajas	eb1f31e9dd	Optimize user-client session relationship for HotRod storage Closes #12818	2022-07-26 09:00:13 +02:00
Douglas Palmer	c00514d659	Support for post_logout_redirect_uris in OIDC client registration (#12282 ) Closes #10135	2022-07-25 10:57:52 +02:00
Alexander Schwartz	a14501dd77	Remove concurrently removed elements from the result Closes #13245	2022-07-22 08:25:15 +02:00
Alexander Schwartz	cb81a17611	Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory Provide startup time in UserSessionProvider independent of Infinispan, cleanup code that is not necessary for the map storage as it isn't using Clustering. Move classes to the legacy module. Closes #12972	2022-07-22 08:20:00 +02:00
Pedro Igor	98ac3829d6	Remove KeycloakIntegratorProvider Closes #13233	2022-07-21 09:05:59 -03:00
Stefan Guilhen	e9c55f45e5	Enable action token JPA provider in map-storage-jpa profile Closes #13139	2022-07-20 16:30:20 -03:00
Alexander Schwartz	4d19099c66	Workarounds to make Listeners and non-autocommit work on Quarkus Closes #13200	2022-07-20 12:06:06 +02:00
Alexander Schwartz	d30646b1f6	Refactor object locking for UserSessions Closes #12717	2022-07-19 17:47:33 -03:00
Martin Kanis	c8a6846ee0	Remove offline sessions when deleting a realm	2022-07-19 16:40:22 +02:00
Alexander Schwartz	f490638971	Fall back to standard Liquibase locking As DBLockProvider is "none" for the Map storage providers, there is no locking provided by DB Lock provider. Liquibase's classic lock provider has issues that need to be tackled in a follow-up issue, see https://github.com/liquibase/liquibase/issues/1311 Closes #13130	2022-07-19 10:45:31 +02:00
Alexander Schwartz	247cf0d09a	Assure that a second thread waits for the first thread to process the database changes Closes #13130	2022-07-19 10:45:31 +02:00
Alexander Schwartz	b959e5c32a	Prevent logging changeset on the console for Quarkus Closes #13126	2022-07-15 17:12:22 +02:00
Alexander Schwartz	30b41d02b4	Move non-map-storage related classes to new package Closes #13081	2022-07-15 09:46:29 -03:00
Pedro Igor	f6a2b334d1	Integrate the JPA map store (#13097 ) Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2022-07-14 17:47:51 -03:00
Vlasta Ramik	ec853a6b83	JPA map storage: User / client session no-downtime store (#12241 ) Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Closes #9666	2022-07-14 12:07:02 -03:00
Alexander Schwartz	d4c97bd3a9	Choose alternatives for CockroachDB for referenced computed columns (#12991 )	2022-07-13 15:31:21 -03:00
Pedro Igor	b80731decf	Remove any legacy provider from runtime when running the new store (#12963 )	2022-07-13 07:30:14 -03:00
Michal Hajas	34d8629477	Convert ClientSessionIdleTimeout from seconds to milliseconds before … (#13048 )	2022-07-13 07:29:52 -03:00
Pedro Igor	5b48d72730	Upgrade Resteasy v4 Closes #10916 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2022-07-11 12:17:51 -03:00
Michal Hajas	0f86427dd0	Make user->client sessions relationship consistent Closes #12817	2022-07-11 08:42:28 -03:00
Michal Hajas	5f7f4ad850	Reflect SingleUseObject store objectKey changes to HotRod implementation Closes #12480	2022-07-08 10:34:31 -03:00
Michal Hajas	cbb88ed75d	Store enums as Integers in HotRod store Closes #12502	2022-07-08 10:34:17 -03:00
Alexander Schwartz	29a501552e	Disable the JpaUserFederatedStorageProvider when map storage is enabled Closes #12895	2022-07-07 10:47:42 -03:00
Alexander Schwartz	d91a5eb99f	Move methods from UserStorageUtil to LegacyRealmModel It is better suited to take methods removed from RealmModel earlier. Closes #12805	2022-07-07 09:57:17 -03:00
Stefan Guilhen	dc88dd5286	Users Map JPA implementation (#12871 )	2022-07-05 11:19:31 -03:00
Alexander Schwartz	098d4dda0e	Split PublicKeyStorageProvider (#12897 ) Split PublicKeyStorageProvider - Extract clearCache() method to separate interface and move it to the legacy module - Make PublicKeyProvider factories environment dependent - Simple map storage for public keys that just delegates Resolves #12763 Co-authored-by: Martin Kanis <mkanis@redhat.com>	2022-07-05 09:57:51 -03:00
Alexander Schwartz	63614b1240	Fixing broken build after merging conflicting PRs. This was introduced via #9852 when #11844 was merged. Closes #12898	2022-07-04 15:57:25 -03:00
Stefan Guilhen	007fa1f374	Single Use Objects Map JPA implementation Closes #9852	2022-07-04 10:05:51 -03:00
Alexander Schwartz	4b20e90292	Move session persistence package to legacy-private module Also, disabling the jpa session persister when map storage is enabled. Closes #12712	2022-07-04 10:05:26 -03:00
Alexander Schwartz	9143d8bd0e	Store composite roles within its own table for JPA Map storage. This keeps the JSON column small, enables searching by child, and allows modification of the role's children without loading all children. Closes #11844	2022-07-01 14:13:24 -03:00
Jon Koops	06d1b4faab	Restore enum variant of ResourceType This reverts commit `3b5a578934`.	2022-06-30 12:20:51 -03:00
Tero Saarni	3170efd3ad	Removed unused imports with double semicolons	2022-06-30 09:34:30 -03:00
Michal Hajas	9b889b44b4	Make HotRod schema no-downtime upgradable - Split one schema into schema per area - Check schema stored in the server and update it only when necessary Closes #9113	2022-06-29 20:57:19 +02:00
Alexander Schwartz	a191d7eb3c	Moving CachedObject to the legacy modules Closes #12656	2022-06-29 20:04:32 +02:00
Alexander Schwartz	b581c203e3	Moving ClientScopeStorageProviderModel to the legacy modules Closes #12656	2022-06-29 20:04:32 +02:00
Alexander Schwartz	ddeab744d0	Moving RoleStorageProviderModel to the legacy modules Closes #12656	2022-06-29 20:04:32 +02:00
Alexander Schwartz	05f8f3038f	Moving GroupStorageProviderModel to the legacy modules Closes #12656	2022-06-29 20:04:32 +02:00
Alexander Schwartz	692ce0cd91	Moving ClientStorageProvider to the legacy modules This prepares the move of CachedObject and CacheableStorageProviderModel Closes #12531 fixup! Moving ClientStorageProvider to the legacy modules	2022-06-29 20:04:32 +02:00
Alexander Schwartz	05dcc188bb	Move over caching related interfaces to the legacy module Closes #12531	2022-06-29 20:04:32 +02:00
vramik	3b5a578934	Change enum ResourceType to interface with String constants Closes #12485	2022-06-29 13:35:11 +02:00
vramik	91335ebaad	Change returning type to Set in MapClientEntity when obtaining protocol mappers Closes #11136	2022-06-28 21:47:56 +02:00
Alexander Schwartz	4b499c869c	Encapsulate MigrationModelManager in legacy module Closes #12214	2022-06-28 10:53:04 +02:00
Michal Hajas	e0efdcae22	Make sure HotRod store does not return empty delegate Closes #12304	2022-06-27 15:10:18 +02:00
Pedro Igor	c972ec4383	Allow to conditionally bootstrap the default persistence unit Closes #12662	2022-06-27 08:26:37 -03:00
vramik	c058983655	Enable optimistic locking feature on auth sessions Closes #12242	2022-06-27 09:29:27 +02:00
Patrick Jennings	d048bf22fb	Do not try to delete from related federated user tables when deleting a service account linked user.	2022-06-22 22:52:16 +02:00
Stefan Guilhen	cc65d5491d	Filter out expired entities in JpaMapKeycloakTransaction Closes #12623	2022-06-22 11:35:50 +02:00
Stefan Guilhen	7d96f3ad5a	Events Map JPA implementation Closes #9667	2022-06-21 13:53:48 +02:00
Alexander Schwartz	ae7c01b719	Moving the CacheRealmProvider interface to the legacy module	2022-06-21 08:53:06 +02:00
Alexander Schwartz	7855b93390	Moving the UserCache interface to the legacy module Co-Authored-By: hmlnarik@redhat.com	2022-06-21 08:53:06 +02:00
Alexander Schwartz	896afc4644	rename SingleEntityCredentialManager to SubjectCredentialManager, part 2	2022-06-21 08:53:06 +02:00
Alexander Schwartz	cb0c881821	rename SingleEntityCredentialManager to SubjectCredentialManager	2022-06-21 08:53:06 +02:00
Alexander Schwartz	84d21f0230	for all added files in the PR, update the copyright header or add it if it was missing	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	f1ca325b6b	Add map datastore provider	2022-06-21 08:53:06 +02:00
Alexander Schwartz	d41764b19b	Inline deprecated methods in legacy code	2022-06-21 08:53:06 +02:00
Alexander Schwartz	08bbb1fb92	Move LDAP REST Endpoints to LDAP package - Thus remove implicit dependency on services on the legacy modules - Disable tests for LDAP/Kerberos that won't work when map storage is enabled	2022-06-21 08:53:06 +02:00
Alexander Schwartz	1bc6133e4e	redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos)	2022-06-21 08:53:06 +02:00
Alexander Schwartz	a109e28be7	moving some functionality around imports	2022-06-21 08:53:06 +02:00
Alexander Schwartz	f89b8c356d	Moving logic to create a user from a representation to the legacy module	2022-06-21 08:53:06 +02:00
Alexander Schwartz	a43321c720	Moving logic to create service accounts in local storage only to legacy module	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	e396d0daa1	Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager(): - class SingleUserCredentialManager to SingleEntityCredentialManager - method UserModel.getUserCredentialManager() to credentialManager() Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession	2022-06-21 08:53:06 +02:00
Alexander Schwartz	14a369a8cc	Added LegacySessionSupport SPI While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.	2022-06-21 08:53:06 +02:00
Alexander Schwartz	6f287e7ded	Avoid using methods on UserCredentialStoreManager	2022-06-21 08:53:06 +02:00
Alexander Schwartz	bc8fd21dc6	SingleUserCredentialManager moving in - UserStorageManager now handles authentication for old Kerberos+LDAP style - new getUserByCredential method in MapUserProvider would eventually do the same.	2022-06-21 08:53:06 +02:00
Alexander Schwartz	82094d113e	Move User Storage SPI, introduce ExportImportManager	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	703e868a51	Preparation for moving User Storage SPI - Introduction of new AdminRealmResource SPI - Moving handler of /realm/{realm}/user-storage into model/legacy-service - session.users() and userStorageManager() moved refers legacy module IMPORTANT: Broken as UserStorageSyncManager is not yet moved	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	36f76a37ad	Move realms, clients, groups, roles, clientscopes into legacy module - Introduces Datastore SPI for isolating data store methods - Introduces implementation of the datastore for legacy storage - Updates DefaultKeycloakSession to leverage Datastore SPI instead of direct creating of area providers by the session	2022-06-21 08:53:06 +02:00
Hynek Mlnarik	247ff52187	Introduce legacy datastore module and update dependencies	2022-06-21 08:53:06 +02:00
Michal Hajas	0719d3e49b	Remove EXPIRATION fields and add expired entities filtering to all queries automatically Closes #12563	2022-06-20 21:45:32 +02:00
Michal Hajas	22f9b0fee3	Unify expiration handling for SingleUseObjects Closes #12205	2022-06-20 21:45:32 +02:00
Michal Hajas	781183e551	Enable indexing for ResourceServerEntity Closes #12533	2022-06-20 10:17:19 +02:00
vramik	1b3a76d0af	Do not persist client sessions of transient user sessions Closes #12357	2022-06-15 10:54:23 +02:00
vramik	df41f233d5	Introduce unique index for enums stored by storages Closes #12277	2022-06-15 09:12:10 +02:00
Alexander Schwartz	361a813d81	Keep a list of model instances in the JPA map session. This allows removing them from the persistence context on bulk delete. Closes #12384	2022-06-09 12:39:04 -03:00
Martin Kanis	df72cf72f2	Hot Rod map storage: Single-use (action token) no-downtime store	2022-06-06 16:01:18 +02:00
rmartinc	5332a7d435	Issue #9194 : Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256	2022-06-06 12:07:09 +02:00
vramik	c31d37ddf1	Each JpaRootEntity should have its own current schema version Closes #12272	2022-06-02 17:16:34 +02:00
Michal Hajas	09c0a69a8f	Add HotRod no downtime store for events Closes #9676	2022-06-02 13:30:19 +02:00
Martin Kanis	75754eca6b	Extract timestamp from Expirable entity	2022-06-01 13:03:31 +02:00
vramik	be28e866b9	JPA map storage: Authorization services no-downtime store Closes #9669	2022-05-30 21:05:34 +02:00
Michal Hajas	9b36ea0269	Add cascade removal of client session on user session removal for HotRod Closes #12096	2022-05-30 09:58:54 +02:00
Michal Hajas	1a98765fb7	Fix cascade removal of client session on user session removal for CHM Closes #12146	2022-05-30 09:58:54 +02:00
Alexander Schwartz	063960aaa3	Deferred indexes are not available on CockroachDB, therefore, only use them on PostgreSQL Closes #12176	2022-05-27 08:51:20 -03:00
Marek Posolda	eed944292b	Make script providers working on JDK 17 (#11322 ) Closes #9945	2022-05-27 12:28:50 +02:00
Michal Hajas	bc59fad85b	Unify way how expirable entities are handled in the new store Closes #11947	2022-05-26 13:17:27 +02:00
Martin Kanis	0cb3c95ed5	Map storage: Single-use objects (action token)	2022-05-25 16:47:10 +02:00
Pedro Igor	26c87af9f4	Avoiding unnecessary roundtrips to the database when evaluating permissions Closes #12148 Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2022-05-25 12:23:15 +02:00
vramik	ad3da7f5e4	JPA map storage: disable failing on unknown properties when deserializing the object Closes #12173	2022-05-25 09:31:40 +02:00
vramik	24171d2e47	Rename providers from jpa-map-storage to jpa Closes #12098	2022-05-23 16:47:51 +02:00
vramik	0c3aa597f9	JPA map storage: test failures after cache was disabled Closes #12118	2022-05-23 13:01:30 +02:00
Alexander Schwartz	d1a92680f5	Optimize querying sub-groups of groups Closes #12080	2022-05-19 14:46:53 +02:00
Martin Kanis	0e9f2badff	Make all fields in HotRod store optional	2022-05-18 20:50:47 +02:00
Alexander Schwartz	1a95a58893	Graceful handling if composite roles have been removed concurrently. Closes #12003	2022-05-17 13:29:15 +02:00
Michal Hajas	0bda7e6038	Introduce map event store with CHM implementation Closes #11189	2022-05-17 12:57:35 +02:00
vramik	e1eb9d6d64	Replace equals with == when comparing SearchableFields in JpaModelCriteriaBuilder and LdapModelCriteriaBuilder Closes #11843	2022-05-16 21:51:38 +02:00
Michal Hajas	b86f205cda	Make KeycloakServer runnable with external Infinispan server Closes #12011 Closes #12014	2022-05-16 21:50:35 +02:00
Martin Kanis	0d6bbd437f	Merge single-use token providers into one Fixes first part of: #11173 * Merge single-use token providers into one * Remove PushedAuthzRequestStoreProvider * Remove OAuth2DeviceTokenStoreProvider * Delete SamlArtifactSessionMappingStoreProvider * SingleUseTokenStoreProvider cleanup * Addressing Michal's comments * Add contains method * Add revoked suffix * Rename to SingleUseObjectProvider	2022-05-11 13:58:58 +02:00
Michal Hajas	d3b43a9f59	Make sure there is always Realm or ResourceServer when searching for authz entities Closes #11817	2022-05-11 07:20:01 -03:00
Alexander Schwartz	bfab03b837	Throw an IllegalArgumentException once a ClassCastException occurs. Closes #11775	2022-05-11 09:19:09 +02:00
Michal Hajas	6b5c417742	Add HotRod store for authorization services Closes #9679	2022-05-06 15:31:38 +02:00
Martin Kanis	00ccc78360	Add index to entityVersion for all HotRod entities	2022-05-05 17:42:13 +02:00
Michal Hajas	fc974fc019	Update composite roles on child role removal Closes #11769	2022-05-05 15:18:18 +02:00
Alexander Schwartz	e0d7ad1be5	Leverage the equal() method on the wrapped entity instead of creating a string. Closes #11764	2022-05-03 13:29:12 +02:00
vramik	0d83b51b20	Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field Co-authored-by Michal Hajas <mhajas@redhat.com> Closes #10883	2022-05-03 12:56:27 +02:00
Sven-Torben Janus	0efa4afd49	Evaluate composite roles for hardcoded LDAP roles/groups Closes: 11771 see also KEYCLOAK-18308	2022-05-02 14:13:37 +02:00
Alexander Schwartz	cd20f45b8a	Ensure that values of attributes are unique in the database While this is already ensured on the Java level when using a Set, database inconsistencies as occurred with Hibernate could lead to follow-up problems that are hard to analyze (as seen in #11666). Closes #11671	2022-04-28 12:04:05 +02:00
vramik	2ecf250e37	Deletion of all objects when realm is being removed Closes #11076	2022-04-28 11:09:17 +02:00
vramik	5248815091	Disable infinispan realm and user cache for map storage tests Closes #11213	2022-04-25 09:38:49 +02:00
Stefan Guilhen	0f147ccdc0	Enlist JPA transaction in JpaMapStorageProvider.getStorage Closes #11230 Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2022-04-23 08:19:33 +02:00
Hynek Mlnarik	0ce5dfc09c	Remove dependency of map on services Fixes: 8903	2022-04-22 17:27:21 +02:00
Alexander Schwartz	90155862f3	LdapMapStorageProvider to use a full inline class for MapStorage Closes #11373	2022-04-22 17:25:33 +02:00
Stefan Guilhen	0c7a8c8684	Login Failures Map JPA implementation Closes #9664	2022-04-22 10:47:04 +02:00
vramik	3d1118223b	New Storage: Testsuite fails when JPA Map storage is enabled for groups Closes #11369	2022-04-21 11:14:35 +02:00
Stefan Guilhen	f48d468641	Increase column size for keys that refer to entities that can be stored in different storages (foreign keys) Closes #11329	2022-04-21 08:50:37 +02:00
Stefan Guilhen	b29b27d731	Ensure code does not rely on a particular format for the realm id or component id	2022-04-20 14:40:38 +02:00
Stefan Guilhen	ae90b232ff	Realms Map JPA implementation Closes #9661	2022-04-20 14:40:38 +02:00
Pedro Igor	c5e4dc8cec	Associated permissions should only add resource type permissions if the resource is an instance (#11220 ) Closes #11148	2022-04-19 09:10:14 +02:00
Pedro Igor	52d205ca91	Allow exposing some initial provider config options via web site (#10572 ) * Allow exposing some initial provider config options via web site Co-authored-by: Stian Thorgersen <stian@redhat.com> Closes #10571 * Include type to provider options, and hide build-icon column as it's not relevant Co-authored-by: stianst <stianst@gmail.com>	2022-04-19 08:01:42 +02:00
Bruno Oliveira da Silva	f9d4566723	Replace the cryptographic algorithm by SHA-2 The static code scanning analysis detected the usage of MD5 as part of [ MapDeploymentStateProviderFactory](`a6dd9dc0f1/model/map/src/main/java/org/keycloak/models/map/deploymentState/MapDeploymentStateProviderFactory.java (L58-L58)`). Even though we could not find any ways of exploiting the code, we should avoid its usage considering that MD5 is not collision-resistant. Resolves #11290	2022-04-18 07:10:04 -03:00
Martin Kanis	a2d7cd7a5c	Hot Rod map storage: User / client session no-downtime store	2022-04-14 15:34:22 +02:00
msvechla	820ab52dce	Add support for filtering by enabled attribute on users count endpoint (#9842 ) Resolves #10896	2022-04-13 13:57:22 -03:00
Alexander Schwartz	5c1a8d401d	Store time as seconds as a long in map store This avoids overflowing the value in 2038. Closes #10960	2022-04-12 14:22:44 +02:00
Alexander Schwartz	a6dd9dc0f1	Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests. Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage. Closes #11211	2022-04-12 09:12:21 +02:00
Michal Hajas	6e181a51d5	Add test-jar dependency only if maven.test.skip property is false Closes #11192	2022-04-11 10:37:18 -03:00
Alexander Schwartz	5c810ad0e5	Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST" The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing". Also implementing a retry logic for all remaining errors regarding LDAP. Closes #11171	2022-04-11 10:03:15 +02:00
Pedro Igor	834a276767	NPE when caching policies based on scopes without a resource Closes #11180	2022-04-08 08:43:08 -03:00
Stefan Guilhen	d952669f69	Add clearUpdatedFlag so the flag in associated protocol mappers can be cleared as well Closes #11118	2022-04-08 09:36:55 +02:00
Michal Hajas	1f2ebf4cba	Add HotRod no downtime store for Realms Closes #9670	2022-04-08 09:36:01 +02:00
Martin Kanis	3bb4081bd1	Convert user / client session entities into interface	2022-04-08 09:34:01 +02:00
Michal Hajas	f4f5928727	Add type to filters in MapResourceStore Closes #11154	2022-04-07 15:10:20 -03:00
Joerg Matysiak	235f0f3963	Add index to admin events table to improve performance of admin event view Closes #10625	2022-04-06 09:12:35 +02:00
Martin Kanis	395bd447f2	Hot Rod map storage: Login failure no-downtime store	2022-04-01 20:43:18 +02:00
vramik	8ff768b33b	JPA map storage: Authentication session no-downtime store Closes #9665	2022-03-30 13:43:35 +02:00
Martin Kanis	3356e8b098	Convert login failure entities into interface	2022-03-29 18:40:53 +02:00
Stefan Guilhen	d8bee26ec8	Implement AbstractClientEntity.isUpdated to account for changes in associated protocol mappers. Closes #10927	2022-03-29 18:35:28 +02:00
Martin Kanis	e493b08fa7	Add expiration field to root authentication session	2022-03-23 07:47:47 +01:00
Michal Hajas	99c06d1102	Authorization services refactoring Closes: #10447 * Prepare logical layer to distinguish between ResourceServer id and client.id * Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz * Prepare Logical (Models/Adapters) layer for returning other models instead of ids * Replace resourceServerId with resourceServer model in PermissionTicketStore * Replace resourceServerId with resourceServer model in PolicyStore * Replace resourceServerId with resourceServer model in ScopeStore * Replace resourceServerId with resourceServer model in ResourceStore * Fix PermissionTicketStore bug * Fix NPEs in caching layer * Replace primitive int with Integer for pagination parameters	2022-03-22 20:49:40 +01:00
keycloak-bot	c71aa8b711	Set version to 999-SNAPSHOT (#10784 )	2022-03-22 09:22:48 +01:00
Martin Kanis	0faf3987f6	Hot Rod map storage: Authentication session no-downtime store	2022-03-22 09:05:52 +01:00
Martin Kanis	2394855f48	Add merge tasks optimization to ConcurrentHashMapKeycloakTransaction.delete	2022-03-21 16:45:48 +01:00
Michal Hajas	c18a682f50	Do not store undefined values in store Closes #10744	2022-03-17 16:44:33 +01:00
Bruno Oliveira da Silva	8aa394ca6b	Update to Liquibase 4.8.0 Closes #10678 Co-authored-by: Stefan Guilhen <sguilhen@redhat.com> Co-authored-by: Martin Kanis <mkanis@redhat.com>	2022-03-16 13:46:31 -03:00
Alexander Schwartz	8d1a47f768	adding missing log4j configuration to prevent errors in the log Closes #10613	2022-03-14 10:12:49 -03:00
Pedro Igor	ad865e75c1	Change the flush mode to auto and fixing how entities are checked if they are loaded in the EM Closes #10411	2022-03-11 12:21:52 -03:00
Martin Kanis	1a4d7c297a	Change authentication sessions map to set (#10596 )	2022-03-10 08:45:24 +01:00
Alexander Schwartz	18f391d8c4	Fix spelling error in field and classname It's always a converter, unless electricity is involved. Closes #10573	2022-03-09 08:28:52 -03:00
Alexander Schwartz	3c3f003a38	LDAP Map storage support to support read/write for roles Closes #9929	2022-03-08 12:03:10 +01:00
Michal Hajas	f77ce315bb	Disable Authz caching for new storage tests Closes #10500	2022-03-07 10:22:55 -03:00
Michael Parlee	722ce950bf	Improve user search performance Removes bulder.lower() from user search queries on email and username. Closes #8893	2022-03-04 14:15:14 +01:00
Martin Kanis	6c64d465ea	Convert authentication session entities into interface	2022-03-04 10:50:18 +01:00
Alexander Schwartz	ebfc24d6c1	Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure. Adding additional information like a thread dump when it doesn't shutdown as expected. Closes #10016	2022-03-04 10:47:01 +01:00
giacomo.altiero	91d37b5686	Single offlineSession imported in Infinispan with correctly calculated lifespan and maxIdle parameters Close #8776	2022-03-01 14:51:29 +01:00
Stefan Guilhen	af7a040d54	Ensure Liquibase validation is performed once per area Closes #10132	2022-02-25 08:48:34 +01:00
Martin Kanis	6249e34177	Hot Rod map storage: Client scope no-downtime store	2022-02-24 13:30:27 +01:00
Michal Hajas	b4281468d0	Convert Map Realm Entities into interfaces Closes #9736	2022-02-24 13:23:19 +01:00
Vlasta Ramik	aa6a131b73	Change String client.id to ClientModel client in ResourceServerStore Closes #10442	2022-02-24 12:46:26 +01:00
Luca Graf	febb447919	KEYCLOAK-19297 Use real 'external' client object id to store AuthenticatedClientSession in UserSession object, so that the client session can be looked by the client object id in further requests.	2022-02-18 12:42:59 +01:00
vramik	589606b1c1	JPA map storage: Groups no-downtime store Closes #9660	2022-02-15 08:54:41 +01:00
keycloak-bot	d9f1a9b207	Set version to 18.0.0-SNAPSHOT (#10165 )	2022-02-11 21:28:06 +01:00
Stefan Guilhen	442d9bae2e	Add CockroachDB support in the new JPA storage Closes #10039	2022-02-11 18:04:02 +01:00
Martin Kanis	26ac142b99	Hot Rod map storage: Roles no-downtime store	2022-02-11 14:31:34 +01:00
Michal Hajas	b50b8f883b	Implement HotRod storage for Users Closes #9671	2022-02-11 10:20:36 +01:00
vramik	8a8d59a124	Add prefix "kc_" to all existing tables Closes #10101	2022-02-11 08:59:23 +01:00
Alexander Schwartz	de7be3d65d	Handling JPA Map storage case when parent has been deleted Closes #10033	2022-02-09 14:43:50 +01:00
Stefan Guilhen	7c1d6eae43	Upgrade to Liquibase 4.6.2 * Upgrade to Liquibase 4.6.2 * Add valid checksums to changesets to allow migration to newest liquibase * Update liquibase licenses Co-authored-by: Martin Kanis <mkanis@redhat.com>	2022-02-09 12:56:46 +01:00
vramik	5701c6c85a	JPA delegates can throw NoResultException when entity doesn't have any attributes Closes #10067	2022-02-09 09:18:54 +01:00
vramik	844c210d86	Create common parent for Jpa*AttributeEntity Closes #10071	2022-02-08 22:09:21 +01:00
Alexander Schwartz	45df1adba9	Update generics in JPA Map storage to avoid casting and compiler warnings Closes #10060	2022-02-08 17:38:53 +01:00
Alexander Schwartz	de2c1fbb45	Update the entityVersion also for downgrades, as it needs to match the JSON and auxiliary tables. Will trigger also when changes to a child occur, like for example when attributes change. Closes #9716	2022-02-07 12:14:05 +01:00
Martin Kanis	0471ec4941	Cross-site validation for lazy loading of offline sessions & Switch default offline sessions to lazy loaded	2022-02-03 21:43:47 +01:00
vramik	7bd0dbb3ce	Client Scopes: Added ModelIllegalStateException to handle lazy loading exception. Closes #9645	2022-02-02 21:49:40 +01:00
vramik	165791b1d7	Client Scopes: Ensure that parent's version ID is incremented when an attribute changes Closes #9874	2022-02-02 21:49:22 +01:00
Alexander Schwartz	9d46b45a9c	Ensure that parent's version ID is incremented when an attribute changes. This is necessary to allow the optimistic locking functionality to work as expected when changing only attributes on an entity. Closes #9874	2022-02-01 20:33:10 +01:00
vramik	13e02d5f09	JPA map storage: Client scope no-downtime store Closes #9663	2022-02-01 20:26:00 +01:00
Michal Hajas	c648e121ed	Convert authz entities into interfaces Closes #9740	2022-01-31 13:51:56 +01:00
Alexander Schwartz	df7ddbf9b3	Added ModelIllegalStateException to handle lazy loading exception. Closes #9645	2022-01-31 10:10:41 +01:00
Alexander Schwartz	2b81e62b6b	Adding workaround for deadlock in tests for Infinispan 12.1.7 Closes #9648	2022-01-28 15:29:50 +01:00
bal1imb	9621d513b5	KEYCLOAK-18727 Improve user search query	2022-01-26 17:03:05 +01:00
Alexander Schwartz	9e257d4a01	Added warning when storage contains multi-valued attributes and Keycloak model doesn't support them. Closes #9714	2022-01-26 15:40:00 +01:00
Michal Hajas	de161d02b9	Store updated flag in the entity, not in the delegate Closes #9774	2022-01-26 15:24:42 +01:00
Alexander Schwartz	e2ac7b38f4	Adding missing database constraints for clients in JPA map storage. This should ensure consistency for the store even in the event of concurrent creation of clients by multiple callers. Closes #9610	2022-01-23 20:34:28 +01:00
vramik	873a44459a	Convert MapClientScopeEntity to interface Closes #9657	2022-01-23 16:56:25 +01:00
Martin Kanis	ddcabe61b2	KEYCLOAK-19571 Add indices to HotRodClientEntity fields	2022-01-20 17:46:47 +01:00
vramik	7b89d151c1	KEYCLOAK-18565 JPA roles no-downtime store	2022-01-20 12:02:35 +01:00
Guus der Kinderen	213b1f5042	Closes #9562 : Add DB index for UserEntity getRealmUserByServiceAccount	2022-01-20 09:52:54 +01:00
vramik	61fbb2fb2e	JPA-Map storage might loose writes due to missing locking mechanism Closes #9411	2022-01-20 09:06:14 +01:00
vramik	22bcdcb630	MapRoleProvider could return also client roles when searching for realm roles Closes #9587	2022-01-19 16:39:59 +01:00
Konstantinos Georgilakis	db0b36460f	KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider	2022-01-15 20:15:27 +01:00
Stefan Guilhen	2fd1593abf	Set order of LiquibaseDBLockProviderFactory to 1 - makes it the default provider when no provider is explicitly configured - avoid NPE at server startup when other providers are present and none is set as default	2022-01-13 08:30:25 +01:00
Dominik DS	93419a1797	KEYCLOAK-19289 check if values to set is not null (#8426 ) Closes #9529	2022-01-12 09:22:01 +01:00
Michal Hajas	ab9413b48c	Store user nested entities in Set instead of Map	2022-01-10 15:57:45 +01:00
Michal Hajas	9849df3757	Convert MapUserEntity to interface	2022-01-10 15:57:45 +01:00
Alexander Schwartz	9b18688ce2	fixes #9427 regex pattern is now pre-compiled	2022-01-08 17:30:54 +01:00
Martin Kanis	9d5355b7ad	Upgrade Infinispan to 12.1.7.Final	2022-01-08 17:29:09 +01:00
Hynek Mlnařík	d39eb95705	Introduce per-field delegation of entities	2022-01-05 14:06:45 +01:00
vramik	dd3d7be2b4	Make JpaClientMapStorage generic Closes #9244	2022-01-05 07:04:05 +01:00
andreaTP	4817e152e3	[ref: 8889] Annotation processor support for Java > 11	2022-01-04 21:26:07 +01:00
Stefan Guilhen	b12830ae4f	8947 - Add liquibase extension to handle JSON operations	2022-01-04 20:58:32 +01:00
Michal Hajas	96b2669a00	Refactoring of constructors for generated entities	2021-12-22 16:00:10 +01:00
vramik	009ca27a38	Make JsonbType generic Closes #9165	2021-12-20 17:40:23 +01:00
keycloak-bot	9f3d4a7d42	Set version to 17.0.0-SNAPSHOT	2021-12-20 10:50:39 +01:00

... 3 4 5 6 7 ...

2179 commits