keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-05-03 13:40:46 -05:00

Author	SHA1	Message	Date
Vlasta Ramik	115200d3cc	Import migration step for kc22 Closes #24031 Co-authored-by: Alexander Schwartz <aschwart@redhat.com> (cherry picked from commit `f6d582c761`)	2023-10-19 21:57:21 +02:00
Bernd Bohmann	f3574b16d7	Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430 ) Closes #14820 --------- Co-authored-by: Michal Hajas <mhajas@redhat.com> (cherry picked from commit `bb2f59df87`)	2023-10-16 12:50:12 -04:00
Todor Staykovski	e377662a94	Add subgroups sorting (#22295 ) * Review comments to add a test, update the API description and adjust the map storage. Closes #19348 Co-authored-by: Alexander Schwartz <aschwart@redhat.com> (cherry picked from commit `dffa7a31cb`)	2023-10-16 12:50:12 -04:00
Lex Cao	9421735865	Fix unexpected expiration when import offline client session Closes #23397 (cherry picked from commit `eedc4ceb18`)	2023-10-13 17:30:56 +02:00
vramik	cac15f703c	Upgrade liquibase version to avoid a bug where a changeset is executed twice Closes #23220 (cherry picked from commit `7f2f4aae67`) Conflicts: testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/zerodowntime/ZeroDowntimeTest.java	2023-10-09 14:25:01 +02:00
Martin Kanis	2e13d23639	Concurrent code-to-token request is allowed to success only once (#28 ) Closes keycloak/security#63 Co-authored-by: mposolda <mposolda@gmail.com>	2023-10-04 10:29:16 +02:00
Peter Skopek	ef9726af81	SAML Adapter fix for EAP8 and WF29 Signed-off-by: Peter Skopek <pskopek@redhat.com> (cherry picked from commit `ef272f7668`)	2023-09-07 15:22:42 +02:00
Marek Posolda	83000cb77f	Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22788 ) closes #22352 #9422 (cherry picked from commit `6f989fc132`)	2023-08-29 14:42:08 +00:00
Alexander Schwartz	0b180543ce	Upgrade to Infinispan 14.0.14 (#22485 ) Closes #21092 (cherry picked from commit `dfc8c80264`)	2023-08-16 14:00:30 +00:00
Alexander Schwartz	4cd44d7f8d	Prevent concurrent session cleanup on different instances in the cluster (#22298 ) Closes #22198 (cherry picked from commit `5f95929092`)	2023-08-07 18:33:03 +02:00
mposolda	29d5fc6c49	Fix authenticatorConfig for javascript providers Closes #20005 (cherry picked from commit `6f6b5e8e84`)	2023-08-01 08:59:28 +02:00
vramik	bacc114c24	Introduce re-try mechanism when deserializing during import for map store Closes #21824 (cherry picked from commit `2f5a96351d`)	2023-07-21 10:30:32 +02:00
William Burns	d7603f607a	Do not cache a session that is already expired in listener (#21684 ) Fixes part of #20983 (cherry picked from commit `de04684dd0`)	2023-07-18 15:56:24 +02:00
Patrick Jennings	399a23bd56	Find an appropriate key based on the given KID and JWA (#21160 ) * keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found. Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication. * Update js/apps/admin-ui/public/locales/en/clients.json Co-authored-by: Marek Posolda <mposolda@gmail.com> * Updating boolean variable name based on suggestions by Marek. * Adding integration test specifically for the JWT parameters for regression #20847. --------- Co-authored-by: Marek Posolda <mposolda@gmail.com>	2023-07-10 13:28:55 +02:00
Pedro Igor	bde57ca839	Ignoring artifacts when running re-aug to isolate the current and new stores Closes #20974	2023-07-05 07:56:49 -03:00
Stijn Last	91e543f415	Improve error messages when testing LDAP connection (#21013 ) Closes #15434	2023-07-01 19:45:49 +02:00
Hynek Mlnarik	c092c76ae8	Remove ldapsOnly (Java) In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`. Closes: #9313	2023-06-28 08:30:09 +02:00
Martin Kanis	db9b6c2152	Make awaitInitialTransfer for ISPN configurable Closes #16671	2023-06-27 14:04:03 +02:00
Gilvan Filho	2493f11331	count users by custom user attribute closes #14747	2023-06-21 11:56:22 -03:00
Stian Thorgersen	f82577a7f3	Removed old account console (#21098 ) Co-authored-by: Jon Koops <jonkoops@gmail.com> Closes #9864	2023-06-20 20:46:57 +02:00
Alexander Schwartz	f0f664dbb5	Prevent NPE on close() if postInit() hasn't been called Closes #20977	2023-06-14 10:50:12 +02:00
Alexander Schwartz	e410a76c42	Avoid caching the list of clientscopes in two places Closes #20426 Co-authored-by: Martin Kanis <mkanis@redhat.com>	2023-06-13 21:33:21 +02:00
vramik	535bba5792	Update UserQueryProvider methods Closes #20438	2023-06-12 16:04:26 +02:00
Arnaud Martin	ae5a47d548	Impossible to update a federated user credential label Closes #16613	2023-06-12 15:39:52 +02:00
Vlasta Ramik	ed473da22b	Clean-up of deprecated methods and interfaces Fixes #20877 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-06-09 17:11:20 +00:00
Marek Posolda	8080085cc1	Removing 'http challenge' authentication flow and related authenticators (#20731 ) closes #20497 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2023-06-08 14:52:34 +02:00
Hynek Mlnarik	12dd3edb10	Fix pagination issue with H6 With Hibernate ORM 6, pagination started to be unreliable: When setting the max results only if the first row was 0 has randomly affected other threads where first row was greater than 0. The latter thread sometimes produced query which did not account for the offset (cf. threads `-t1` and `-t2` below, while `-t2` missed the `offset ? rows` part whic `-t3` has). This has been fixed by setting the first row offset unconditionally. Closes: #20202 Closes: #16570 ``` 2023-06-02 10:19:03.855000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t1) Running computation for segment 0 with worker 0 2023-06-02 10:19:03.856000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t1) Loading sessions for segment=0 lastSessionId=00000000-0000-0000-0000-000000000000 first=0 2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@2fb60f8b 2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) After pagination: 0, 64 2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t2) Running computation for segment 1 with worker 1 2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t2) Loading sessions for segment=1 lastSessionId=00000000-0000-0000-0000-000000000000 first=64 2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t3) Running computation for segment 2 with worker 2 2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set first to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f 2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f 2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) After pagination: 64, 64 2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t3) Loading sessions for segment=2 lastSessionId=00000000-0000-0000-0000-000000000000 first=128 10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t1) select p1_0.OFFLINE_FLAG, p1_0.USER_SESSION_ID, p1_0.CREATED_ON, p1_0.DATA, p1_0.LAST_SESSION_REFRESH, p1_0.REALM_ID, p1_0.USER_ID from OFFLINE_USER_SESSION p1_0, REALM r1_0 where r1_0.ID=p1_0.REALM_ID and p1_0.OFFLINE_FLAG=? and p1_0.USER_SESSION_ID>? order by p1_0.USER_SESSION_ID fetch first ? rows only 10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t2) select p1_0.OFFLINE_FLAG, p1_0.USER_SESSION_ID, p1_0.CREATED_ON, p1_0.DATA, p1_0.LAST_SESSION_REFRESH, p1_0.REALM_ID, p1_0.USER_ID from OFFLINE_USER_SESSION p1_0, REALM r1_0 where r1_0.ID=p1_0.REALM_ID and p1_0.OFFLINE_FLAG=? and p1_0.USER_SESSION_ID>? order by p1_0.USER_SESSION_ID fetch first ? rows only 2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [1] as [VARCHAR] - [1] 2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [2] as [VARCHAR] - [00000000-0000-0000-0000-000000000000] 2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [3] as [INTEGER] - [64] 10:19:03,860 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t3) select p1_0.OFFLINE_FLAG, p1_0.USER_SESSION_ID, p1_0.CREATED_ON, p1_0.DATA, p1_0.LAST_SESSION_REFRESH, p1_0.REALM_ID, p1_0.USER_ID from OFFLINE_USER_SESSION p1_0, REALM r1_0 where r1_0.ID=p1_0.REALM_ID and p1_0.OFFLINE_FLAG=? and p1_0.USER_SESSION_ID>? order by p1_0.USER_SESSION_ID offset ? rows fetch first ? rows only 2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [3] as [INTEGER] - [128] 2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [4] as [INTEGER] - [64] ``` Co-authored-by: mkanis <mkanis@redhat.com>	2023-06-07 20:45:34 +02:00
Vlasta Ramik	3b2dea64ac	Remove duplicated and unused PersistenceExceptionConverter (#20844 ) Closes #20842	2023-06-07 14:46:36 +02:00
Martin Bartoš	bea8778683	Use new method for obtaining DB dialect	2023-06-07 10:14:34 +02:00
rmartinc	81aa588ddc	Fix and correlate session timeout calculations in legacy and new map implementations Closes https://github.com/keycloak/keycloak/issues/14854 Closes https://github.com/keycloak/keycloak/issues/11990	2023-06-05 18:46:23 +02:00
vramik	a175efcb72	Split `UserQueryProvider` into `UserQueryMethods` and `UserCountMethods` and make `LdapStorageProvider` implement only `UserQueryMethods` Co-authored-by: mhajas <mhajas@redhat.com> Closed #20156	2023-05-31 11:47:54 +02:00
stianst	0832992e59	Removing OpenShift integration and moving to separate extension closes #20496 Co-authored-by: mposolda <mposolda@gmail.com>	2023-05-30 17:39:32 +02:00
Tomas Slusny	1b06c4cf6c	Use cached policy store in Infinispan PolicyAdapter (#20566 )	2023-05-29 10:39:24 -03:00
Alexander Schwartz	5cd0d51fa6	Don't remove an element from the cache that was queued to be created during the current request This avoids a remove Infinispan call in multi-node and cross-DC setups. Closes #20404	2023-05-25 10:33:23 +02:00
Hynek Mlnarik	fc0e47caa4	Fix KcCustomOidcBrokerTest Fixes: #20541	2023-05-25 10:20:36 +02:00
Pedro Ruivo	abd75a786f	Enable simple-cache for local-cache Closes #20486	2023-05-24 09:47:20 +02:00
Stefan Guilhen	2252b09949	Remove deprecated default roles methods Closes #15046	2023-05-23 22:32:52 +02:00
Alexander Schwartz	7f64ca0048	Avoid querying with secondary columns which might fetch and lock additional rows (#20474 ) * Accessing UserSession by primary key This resolves problematic locking queries databases running on SERIALIZABLE isolation level like CockroachDB Closes #16977 * Avoid querying with expiring column This resolves problematic locking queries databases running on SERIALIZABLE isolation level like CockroachDB Closes #16977	2023-05-23 07:19:58 +00:00
Alexander Schwartz	23683970bb	Avoid optimistic locking queries on CockroachDB to avoid rolling back transactions Closes #16976	2023-05-23 08:42:03 +02:00
Alexander Schwartz	d7a408d081	Remove log4j dependency from model/jpa which is EOL Closes #20421	2023-05-19 17:43:51 -03:00
Alex Szczuczko	1578506475	Seperate version properties for hibernate-enhance and quarkus-maven (#20264 ) This will allow them to be defined seperately from aligned dependency versions suitable for product Closes #20261	2023-05-18 14:37:55 +00:00
mkrueger92	256bb84cc4	Avoid NPE while fetching offline sessions (#17577 )	2023-05-18 13:32:02 +02:00
Stefan Guilhen	053f774f13	Fix broker link query param order to match the columns order in the primary key index Closes #19193	2023-05-17 10:22:59 +02:00
Dominik Schlosser	8c58f39a49	Updates Datastore provider to contain full data model Closes #15490	2023-05-16 15:05:10 +02:00
Hynek Mlnařík	edb292664c	File store freeze * File store: Fix ID determination * Forbid changing ID (other setters) * Improve handling of null values * Support convertible keys in maps * Fix writing empty values * Fix updated flag * Proceed if an object has been deleted in the same tx * Fix condition Co-authored-by: Michal Hajas <mhajas@redhat.com> --------- Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-05-16 12:03:59 +02:00
Martin Bartoš	960e3503ec	Artifact SLF4J LOG4J-12 has been relocated (#20113 )	2023-05-05 13:57:45 +02:00
vramik	d1ab921c50	JpaUserProvider count methods are inconsistent with searchForUser's param filter handling Closes #17581	2023-05-05 08:22:05 +02:00
rmartinc	d9025db536	Migrate realms if configured to use RH-SSO themes Closes https://github.com/keycloak/keycloak/issues/17484	2023-05-02 15:38:33 +02:00
vramik	6c6907ef4e	Clean RealmProvider from methods from other areas Closes #15044	2023-05-02 15:09:26 +02:00
Alexander Schwartz	c2c5012cfb	Upgrade to latest Infinispan version 14.0.8 Closes #20067	2023-05-02 13:45:05 +02:00

1 2 3 4 5 ...

2162 Commits