mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-21 14:30:05 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,450 Commits 20 Branches 287 Tags
2b51d6f4ac9f4f5f71da6e8453fbac217e4f725c
Commit Graph

2766 Commits

Author SHA1 Message Date
Alexander Schwartz
2b51d6f4ac Avoid holding on to the realm in cached configurations 
Closes #43744

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 13:10:24 -03:00
Alexander Schwartz
ba0fe9bd70 Cleaning up threadlocals to prevent (small) memory leak 
Closes #43759

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 10:36:27 -03:00
Stefan Guilhen
3751bc050d Workflows enhancements 
- Allow specifying a parameter in events to better tie workflows to more specific events (e.g. user-role-added(name-of-role))
 - Make workflows 'if' and 'on' fields use expressions by default
 - Fix condition evaluation inconsistencies by having a single param for each condition
 - Remove need to use double quotes for condition parameters
 - Reference groups by path instead of id in conditions

Closes #43137
Closes #43536
Closes #43537
Closes #43661
Closes #43715

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-27 07:20:59 -03:00
Pedro Igor
6527b139dc Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:33 +02:00
vramik
4dc398354a Restart workflow basen on concurrency/cancel-if-running option rather than reset-on option 
Closes #42911

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-17 10:06:43 -03:00
Alexander Schwartz
02dfb4bd8a Remove extra flush events to increase performance 
Closes #43362

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-15 12:39:49 +02:00
Pedro Ruivo
468c063e27 Client session may be lost during session restart 
Fixes #43349

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 11:01:16 +00:00
Pedro Igor
fa581c8148 Allow passing a context to steps 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-13 09:53:30 -03:00
Pedro Igor
5b5a83b800 Moving WorkflowsManager and WorkflowStateSpi to server-spi-private module 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-13 09:53:30 -03:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
Alexander Schwartz
10f06e9eb7 JDBC_PING publishes its physical address on startup 
Closes #43357

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-13 09:53:30 +01:00
Alexander Schwartz
66b9e801c1 Mark the reading of admin and user events read-only 
This should decrease the memory usage and improve response times

Closes #43365

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-13 09:46:38 +02:00
Giuseppe Graziano
0bfb9079f2 Reject search for not allowed client attributes 
Closes #42541

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-10 09:37:40 +02:00
Alexander Schwartz
17fb20c58d Prevent using JTA transaction when initializing JDBC_PING 
Closes #43335

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-09 23:09:36 +02:00
Steve Hawkins
6f36a02ffe fix: retaining user creation timestamp when importing 
closes: #43195

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-08 11:36:29 -03:00
vramik
e4dc88de13 [FGAP] Make additional rest endpoints respect permissions 
Closes #40058

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-08 08:47:22 -03:00
Pedro Igor
4f55b9b6bd Filter invalid resources and scopes when processing entries from the cache 
Closes #42907

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-03 19:25:57 +02:00
Ryan Emerson
5cb0562fd2 Prevent users configuring max-count=-1 for caches with a default upper-bound 
Closes #33146

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-10-02 19:58:28 +00:00
Pedro Ruivo
4f24f93b85 Restarting an user session broken for persistent sessions 
Fixes #43161

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-02 21:29:04 +02:00
Pedro Igor
37577cde14 Make sure the component state is updated when invoking sync on user storage providers 
Make sure periodic tasks are cancelled if the provider is disabled or import users is disabled

Closes #42470

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-02 10:22:50 -03:00
Stefan Guilhen
7f29c9bb88 Improve workflow logging messages 
- every execution gets its own id that can be used to track all activities related to that particular workflow execution

Closes #42952

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-29 23:10:21 -03:00
Pedro Igor
6e851ce80e Only filter default organization related scopes based on dynamic scope format 
Closes #42877

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-26 16:28:12 -03:00
Václav Muzikář
b65a60e40d Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00
Stefan Guilhen
7e28d13e76 Add workflow condition that uses boolean expressions to combine and negate conditions 
Closes #42583

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-26 07:52:12 -03:00
Alexander Schwartz
a84d243d47 Avoid invalidating the realm when managing client initial access 
Closes #42922

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 21:31:32 +02:00
Martin Bartoš
5acec7d5fc [PERF] InitClusterStartupTime debug messages (#42908) 
Closes #42880

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-24 16:04:03 +02:00
Alexander Schwartz
4389bc2990 Fix duplicate label when using password history 
Closes #42736

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 11:21:59 +02:00
Pedro Igor
fe8fce859d Improve the Workflow JSON schema 
Closes #42697

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:04:44 -03:00
Pedro Igor
54d2451b35 Make user read-only and a proper error message when the user federation provider is not available 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Pedro Igor
d65c17ebc7 Do not fail when querying user federation providers and log messages to indicate the problem 
Closes #42276

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Alexander Schwartz
a9ed355bfc Adding missing time column to index 
Closes #42792

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-23 07:33:08 -03:00
Pedro Ruivo
47f85631f3 Automatically create external caches for MULTI_SITE deployments 
Closes #32129

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-19 18:56:38 +02:00
Pedro Ruivo
4ccf7407ed Lazy load client sessions 
Closes #42628

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-19 10:45:11 +00:00
Pedro Igor
c1fdbb0be4 Better names for workflow events 
Closes #42389

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-18 14:50:45 +02:00
Stian Thorgersen
f9ee040ef0 Add federated subject configuration option to federated-jwt authenticator (#42610) 
Closes #42608

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-17 13:39:50 +02:00
Pedro Ruivo
f7ff7e55d8 Replace UUID with composite key for client session cache 
Closes #42547

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-17 10:25:51 +00:00
Pedro Ruivo
f1bd42116e NullPointerException when persisting a client session 
Fixes #42652

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-16 17:49:36 +02:00
vramik
d0e83cc05e Rename RLM to Workflows 
Closes #42512

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-16 08:52:50 -03:00
Ricardo Martin
a2acdda535 Automatic download and cache of the SAML client public keys (#41947) 
Closes #17028

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-16 13:07:33 +02:00
Pedro Ruivo
714d71b4f5 Concurrent update embedded caches and database 
Closes #42374

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-15 18:38:03 +00:00
Stefan Guilhen
20f5a15278 Adjust scheduled action time so that it is always based on the previous action 
Closes #42385

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-12 15:50:38 -03:00
Martin Kanis
5a02bc1adb Admin UI hides local users when LDAP provider fails 
Closes #42276

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-12 10:43:08 -03:00
Ryan Emerson
73a4020baa Remove default cache configurations from cache-local.xml 
Closes #42351

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-09-11 21:11:56 +02:00
Alexander Schwartz
6ea3c8aedf Session IDs and auth codes should have 128 bits of entropy 
Closes #42274

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 17:05:40 +02:00
Alexander Schwartz
6a202146b4 Handle already existing user session in the store 
Closes #40374

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 14:58:53 +02:00
Stian Thorgersen
51465f52a3 Get client by client attribute 
Closes #42543

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-11 12:07:13 +00:00
Pedro Ruivo
8567eec526 ClientSession timestamp not updated in the database 
Closes #42012

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-10 20:34:22 +02:00
Pedro Igor
0d5dfc3eae Add support for ad-hoc policies (#42508) 
Closes #42126

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-10 15:40:17 +00:00
Vlasta Ramik
b32b612f75 Compilation error in RolePolicyConditionProvider (#42497) 
Closes #42496

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-10 09:04:49 +00:00
Pedro Igor
1b17a3c9a6 Add a policy condition based on user roles (#42487) 
Closes #42117

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-10 03:23:56 +02:00