d4604984d0
Compatibility with Maven4 and parallel builds ( #16312 )
...
Closes #16308
2023-02-14 11:44:53 +01:00
a804400c84
Added KERBEROS feature. Disable it when running tests on FIPS
...
closes #14966
2023-01-25 18:38:46 +01:00
60ce949304
Ignore unknown clients in LDAP role mapper
...
Fixes : #10958
2022-12-01 09:51:05 +01:00
b7188c3891
Unknown bind DN using LDAP anonymous bind aka bind type none ( #15546 )
...
Closes #15497
2022-11-23 10:23:46 +01:00
fe6853c691
Update JavaDoc generation to be JDK11 compatible ( #15569 )
...
Fixes : #15566
2022-11-21 08:44:17 +01:00
6f7c62fc73
Remove unnecessary endpoints from our JAX-RS entensions
...
Closes #15525
2022-11-16 16:25:33 +01:00
a4f6134ba3
Support kerberos IllegalArgumentException
...
closes #10672
2022-11-16 08:19:32 +01:00
ba369a2c2b
Support for communication timeout with kerberos server
...
Closes #10668
2022-11-16 08:17:35 +01:00
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS ( #15299 )
...
closes #14965
2022-11-03 16:35:57 +01:00
883e83e625
Remove deprecated methods from data providers and models
...
Closes #14720
2022-10-25 09:01:33 +02:00
581def56d6
Fix null username in ldap ( #8717 )
...
Closes #14667
2022-09-30 09:34:02 +02:00
cc9326fcad
Delay LDAPObject creation until mandatory attributes are set ( #14341 )
...
Closes #14286
2022-09-16 20:35:50 +02:00
cc2bb96abc
Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.
2022-09-06 21:31:31 +02:00
5b48d72730
Upgrade Resteasy v4
...
Closes #10916
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2022-07-11 12:17:51 -03:00
4643fd09e3
Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
...
This should reduce GC pressure.
Closes #12644
2022-06-29 08:53:09 +02:00
6376db0f9c
code cleanup
2022-06-21 08:53:06 +02:00
cb0c881821
rename SingleEntityCredentialManager to SubjectCredentialManager
2022-06-21 08:53:06 +02:00
84d21f0230
for all added files in the PR, update the copyright header or add it if it was missing
2022-06-21 08:53:06 +02:00
d41764b19b
Inline deprecated methods in legacy code
2022-06-21 08:53:06 +02:00
08bbb1fb92
Move LDAP REST Endpoints to LDAP package
...
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
1bc6133e4e
redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos)
2022-06-21 08:53:06 +02:00
e396d0daa1
Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
...
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()
Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
bc8fd21dc6
SingleUserCredentialManager moving in
...
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
703e868a51
Preparation for moving User Storage SPI
...
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
247ff52187
Introduce legacy datastore module and update dependencies
2022-06-21 08:53:06 +02:00
91e88f554e
Replaces instances of himself with more inclusive language
...
Closes #12300
2022-06-03 12:25:14 -03:00
5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing ( #7943 )
...
Closes #11875
2022-05-09 18:52:22 +02:00
0efa4afd49
Evaluate composite roles for hardcoded LDAP roles/groups
...
Closes: 11771
see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
cb4a513e24
Fail authenticate if credentialInput is not of type UserCredentialModel
...
Code fix inside LDAPStorageProvider.java:
return failed result if credential input object is not of expected type
Closes #11191
2022-04-12 14:38:17 +02:00
fb92b95c33
Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible.
...
This reverts commit bc27c7c464Closes #10840
2022-03-22 10:23:25 +01:00
c71aa8b711
Set version to 999-SNAPSHOT ( #10784 )
2022-03-22 09:22:48 +01:00
bc27c7c464
Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
...
Closes #10333
2022-03-18 11:20:52 +01:00
d9f1a9b207
Set version to 18.0.0-SNAPSHOT ( #10165 )
2022-02-11 21:28:06 +01:00
a6acc89bf3
Update LDAPOperationManager.java ( #9561 )
...
Update LDAPOperationManager.java
Closes #9560
2022-01-20 17:33:56 +01:00
9f3d4a7d42
Set version to 17.0.0-SNAPSHOT
2021-12-20 10:50:39 +01:00
afeaa6f593
KEYCLOAK-19391: Fix ldap query search adding custom serach filter
2021-12-15 08:54:52 +01:00
e69c3dcb1f
KEYCLOAK-19391: Fix ldap query search adding custom serach filter
2021-12-15 08:54:52 +01:00
339224578e
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
...
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
11e5f66c60
KEYCLOAK-19056 EDIT MODE field should not be leave empty ( #8380 )
2021-09-14 20:27:09 +02:00
0c64d32b9b
KEYCLOAK-19183
...
LDAPDn should use a static Pattern instead calling String.split with a regex
2021-09-06 09:17:26 +02:00
ba946b54f7
KEYCLOAK-19021
...
LDAPOperationManager.getFilterById is causing additional call to AD
2021-08-19 09:25:33 +02:00
f9b4e47851
KEYCLOAK-19036 Avoid infinite loop during LDAP sync with OpenLDAP and olcSizeLimit
...
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com >
2021-08-18 17:42:13 +02:00
418d1e3471
KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper
2021-08-18 17:39:19 +02:00
b4536a394a
Missing null check for session.userCache() added
...
NPE when existing user from LDAP is found (same LDAP_ID, but with changed username) and session.userCache() is null.
2021-08-03 13:40:02 +02:00
262ec3d031
Set version to 16.0.0-SNAPSHOT
2021-07-30 14:56:10 +02:00
e58eeca800
KEYCLOAK-18706 Add UPDATE_PASSWORD required action only to authenticationSession when MSAD requires user to change password
2021-07-28 08:47:01 +02:00
c6e7c06f6c
KEYCLOAK-18695 Support user lookup by ID with Novell eDirectory
...
The LDAPOperationManager does not encode GUID correctly when looking up
federated users from Novell eDirectory.
The correct encoding can be found here:
https://support.novell.com/docs/Tids/Solutions/10096551.html
2021-07-27 08:46:04 +02:00
13f7831a77
Set version to 15.0.0-SNAPSHOT
2021-06-18 10:42:27 +02:00
b97f177f26
[KEYCLOAK-14696] Unable to fetch list of members from a group through keycloak admin console.
2021-05-20 11:32:23 +02:00
4b44f7d566
Set version to 14.0.0-SNAPSHOT
2021-05-06 14:55:01 +02:00
Alexander Schwartz