9f3d4a7d42
Set version to 17.0.0-SNAPSHOT
2021-12-20 10:50:39 +01:00
afeaa6f593
KEYCLOAK-19391: Fix ldap query search adding custom serach filter
2021-12-15 08:54:52 +01:00
e69c3dcb1f
KEYCLOAK-19391: Fix ldap query search adding custom serach filter
2021-12-15 08:54:52 +01:00
339224578e
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
...
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
11e5f66c60
KEYCLOAK-19056 EDIT MODE field should not be leave empty ( #8380 )
2021-09-14 20:27:09 +02:00
0c64d32b9b
KEYCLOAK-19183
...
LDAPDn should use a static Pattern instead calling String.split with a regex
2021-09-06 09:17:26 +02:00
ba946b54f7
KEYCLOAK-19021
...
LDAPOperationManager.getFilterById is causing additional call to AD
2021-08-19 09:25:33 +02:00
f9b4e47851
KEYCLOAK-19036 Avoid infinite loop during LDAP sync with OpenLDAP and olcSizeLimit
...
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com >
2021-08-18 17:42:13 +02:00
418d1e3471
KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper
2021-08-18 17:39:19 +02:00
b4536a394a
Missing null check for session.userCache() added
...
NPE when existing user from LDAP is found (same LDAP_ID, but with changed username) and session.userCache() is null.
2021-08-03 13:40:02 +02:00
262ec3d031
Set version to 16.0.0-SNAPSHOT
2021-07-30 14:56:10 +02:00
e58eeca800
KEYCLOAK-18706 Add UPDATE_PASSWORD required action only to authenticationSession when MSAD requires user to change password
2021-07-28 08:47:01 +02:00
c6e7c06f6c
KEYCLOAK-18695 Support user lookup by ID with Novell eDirectory
...
The LDAPOperationManager does not encode GUID correctly when looking up
federated users from Novell eDirectory.
The correct encoding can be found here:
https://support.novell.com/docs/Tids/Solutions/10096551.html
2021-07-27 08:46:04 +02:00
13f7831a77
Set version to 15.0.0-SNAPSHOT
2021-06-18 10:42:27 +02:00
b97f177f26
[KEYCLOAK-14696] Unable to fetch list of members from a group through keycloak admin console.
2021-05-20 11:32:23 +02:00
4b44f7d566
Set version to 14.0.0-SNAPSHOT
2021-05-06 14:55:01 +02:00
82fc401298
[KEYCLOAK-9841] use LDAPUser UUID as an identifier instead of username
2021-03-16 17:55:24 +01:00
c76ca4ad13
Correct "doesn't exists" typos - fixes KEYCLOAK-14986 ( #7316 )
...
* Correct "doesn't exists" typos
* Revert changes to imported package
Co-authored-by: Stian Thorgersen <stianst@gmail.com >
2021-03-16 11:52:36 +01:00
197b34889c
KEYCLOAK-17146 : Fix reset password MS AD LDS mapper
2021-03-03 09:17:39 +01:00
2faf809536
KEYCLOAK-16464 Allow to map enabled user model attribute to LDAP attribute
2021-01-20 09:24:06 +01:00
f76e9cc833
KEYCLOAK-16464 Allow to map emailVerified user model attribute to LDAP attribute
2021-01-20 09:24:06 +01:00
ba8e2fef6b
KEYCLOAK-15524 Cleanup user related interfaces
2021-01-18 16:56:10 +01:00
91a51c2dbe
KEYCLOAK-16606 add default value to mandatory LDAP attributes
2021-01-15 21:58:04 +01:00
1402d021de
KEYCLOAK-14846 Default roles processing
2021-01-08 13:55:48 +01:00
75be33ccad
Set version to 13.0.0-SNAPSHOT
2020-12-16 17:31:55 +01:00
f4abc86a66
KEYCLOAK-16112 don't remove username attribute
2020-12-14 15:46:25 +01:00
8e376aef51
KEYCLOAK-15847 Add MapUserProvider
2020-12-10 08:57:53 +01:00
f45e187c35
Finish renaming 'application role' to 'client role' in help texts
2020-12-08 12:18:13 +01:00
edef93cd49
[KEYCLOAK-16232] Streamify the UserCredentialStore and UserCredentialManager interfaces
2020-12-07 19:48:35 +01:00
73d0bb34c4
[KEYCLOAK-16232] Replace usages of deprecated collection-based methods with the respective stream variants
2020-12-07 19:48:35 +01:00
84df008bc2
[KEYCLOAK-16341] Make the new stream-based methods in server-spi user interfaces default instead of the collection-based versions.
...
- this ensures that providing implementation for the collection-based methods is enough, which preserves
backwards compatibility with older custom implementations.
- alternative interfaces now allow new implementations to focus on the stream variants of the query methods.
2020-11-18 21:07:51 +01:00
aa46735173
[KEYCLOAK-15200] Complement methods for accessing users with Stream variants
2020-11-10 15:13:11 +01:00
79f0703d62
KEYCLOAK-3365 Configure required actions for LDAP in READ_ONLY mode
2020-10-15 08:43:31 +02:00
086f7b4696
KEYCLOAK-15450 Complement methods for accessing realms with Stream variants
2020-10-14 08:16:49 +02:00
269a72d672
KEYCLOAK-15184: Use static inner class where possible
2020-10-09 23:37:08 +02:00
2cd03569d6
KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader
2020-09-21 13:05:03 +02:00
5d5e56dde3
KEYCLOAK-15199 Complement methods for accessing roles with Stream variants
2020-09-16 16:29:51 +02:00
4e9bdd44f3
KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak
2020-09-07 13:11:55 +02:00
d59a74c364
KEYCLOAK-15102 Complement methods for accessing groups with Stream variants
2020-08-28 20:56:10 +02:00
bd48d7914d
KEYCLOAK-15139 Backwards compatibility for LDAP Read-only mode with IMPORT_USERS enabled
2020-08-20 14:05:21 +02:00
a427784350
KEYCLOAK-14996 Fix performance bottleneck in GroupLDAPStorageMapper.getAllKcGroups
2020-08-18 18:04:32 +02:00
ae39760a62
KEYCLOAK-14972 Add independent GroupProvider interface
2020-08-13 21:13:12 +02:00
32bf50e037
KEYCLOAK-14336: LDAP group membership is not visible under "Users in Role" tab for users imported from LDAP
2020-07-30 16:19:22 +02:00
97400827d2
KEYCLOAK-14870: Fix bug where user is incorrectly imported
...
Bug: SerializedBrokeredIdentityContext was changed to mirror
UserModel changes. However, when creating the user in LDAP,
the username must be provided first (everything else can
be handled via attributes).
2020-07-29 11:33:41 +02:00
47f5b56a9a
KEYCLOAK-14747 LDAP pooling should include SSL protocol by default
2020-07-28 18:59:42 +02:00
c4fca5895f
KEYCLOAK-14892 NullPointerException when group mappings for LDAP users are accessed
2020-07-28 14:45:06 +02:00
bf411d7567
KEYCLOAK-14869: Fix nullpointer exception in FullNameLDAPStorageMapper
...
Setting an attribute should be possible with a list
containing no elements or a null list
This can happen e.g. when creating users via idps
using a UserAttributeStatementMapper.
Fix this unprotected access in other classes too
2020-07-28 09:54:37 +02:00
afff0a5109
Set version to 12.0.0-SNAPSHOT
2020-07-22 14:36:15 +02:00
05b6ef8327
KEYCLOAK-14536 Migrate UserModel fields to attributes
...
- In order to make lastName/firstName/email/username field
configurable in profile
we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)
Fix tests with logic changes
- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes
Potential impact on users:
- When subclassing UserModel, consistency issues may occur since one can
now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
3c82f523ff
[KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech >
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com >
2020-06-11 18:07:53 +02:00
keycloak-bot