0433b0017d
Organization Groups Import/Export
...
Closes #45507
Signed-off-by: Martin Kanis <mkanis@redhat.com >
2026-01-30 12:11:03 -03:00
02066f4985
Bugfix Refactor SessionsResource
...
Closes #45727
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
2026-01-29 14:51:50 +01:00
bae3963d25
Refactor SessionsResource for better memory usage and performance
...
Closes #45727
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-29 11:38:54 +01:00
b0f93232e9
Prevent NPE when evaluating policies and policy is deleted
...
Closes #45561
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2026-01-28 10:51:16 -03:00
0ddb355d3d
Optimize deletion of composite roles
...
Closes #45065
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-28 08:05:16 -03:00
5e3c0b6b28
Fix realm context handling for StoreSyncEvent processing
...
Signed-off-by: NAMAN JAIN <naman.049259@tmu.ac.in >
Fix realm context handling for StoreSyncEvent processing
Ensure the correct realm is resolved and set when handling StoreSyncEvent
inside transactional jobs. Restore the original session realm context to
avoid leakage and make StoreSyncEvent constructors public so events can be
safely published after transaction commit from RealmManager.
Closes #44574
2026-01-28 11:40:45 +01:00
bc0e2ff10b
Move init/postInit/close to WorkflowConditionProviderFactory, cleanup implementations
...
Closes #45767
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2026-01-27 15:06:01 -03:00
c13a1772f8
Adds ability to migrate scheduled workflow resources from one step to another step in the same or different workflow
...
Closes #45174
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2026-01-27 13:46:18 -03:00
5cb13268ee
Remove fatal log messages from ConsistentHash
...
Fixes #45780
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
2026-01-27 12:52:22 +00:00
2f4f36eabc
Add realm id column to offline_client_session table
...
Closes #44424
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
2026-01-23 16:28:34 +01:00
111ba36504
Organization Groups Core Backend & API
...
Closes #45562
Signed-off-by: vramik <vramik@redhat.com >
2026-01-22 09:39:24 -03:00
2f0689576b
Possible mismatch of charset/collation between columns on mysql/mariadb ( #45632 )
...
* Possible mismatch of charset/collation between columns on mysql/mariadb
Closes #45597
Signed-off-by: vramik <vramik@redhat.com >
2026-01-22 07:17:04 -03:00
ea2083ed2c
Support for clients in workflows
...
Signed-off-by: Hathoute <whitesmith.thedj@gmail.com >
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-21 11:20:30 -03:00
dbd8d47036
Upgrade command rolling updates for patch releases / step 3: Infinispan/JGroups
...
Closes #38884
Signed-off-by: Ruchika <ruchika.jha1@ibm.com >
2026-01-21 15:16:18 +01:00
a1e9e63f06
Drop IDX_IDP_FOR_LOGIN index before changing columns
...
Closes #45396
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-20 09:41:41 +01:00
13a5a92a92
Fix ORG_DOMAIN.ORG_ID charset and collation on mysql and mariadb
...
Closes #45526
Signed-off-by: vramik <vramik@redhat.com >
2026-01-19 11:35:31 -03:00
c8a41dea99
Reverting format changes, updating docs, and only exposing the method to fetch first-factor credentials
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-19 08:30:47 -03:00
348670ae32
Align organization broker redirect after OTP setup
...
Closes #40510
Signed-off-by: Nikita Bohuslavskyi <nikita.bohuslavskyi@student.tuke.sk >
2026-01-19 08:30:47 -03:00
c63a8aa087
Step provider factories cleanup
...
- adds default init, postInit, close, getConfigProperties methods to WorkflowStepProviderFactory
Closes #45398
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2026-01-15 15:32:45 -03:00
ab351170b4
Support aggregated policies during partial evaluation
...
Closes #45324
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-15 15:20:52 +01:00
391593cfa7
Implement asynchronous logging when called from nonblocking threads
...
Closes #45015
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Co-authored-by: Martin Bartoš <mabartos@redhat.com >
2026-01-15 09:20:34 -03:00
c8635f9bf2
ISPN16: Upgrade to Infinispan 16.0.5
...
Closes #45341
- Remove query modules
- Remove unused config file
- Update config file versions
- Update jgroups attributes
- Remove ISPN-16595 workaround
- Call HotRodServer#postStart in HotRodServerRule to start caches as well as the server
- Simplify cluster-ha.xml
- Utilise org.infinispan.commons.util.TimeQuantity in CacheConfiguration
- Cleanup when InfinispanContainer startup fails
- RemoteUserSessionProvider remote query calls must not use negative values for offsets and maxResults
- Remove use of deprecated org.infinispan.server.test.core.InfinispanContainer class
- Use testcontainers-infinispan dependency
- Explicitly utilise "legacy" metrics
- Remove explicit `name-as-tags` configuration as Infinispan 16 defaults to true
- Remove test configuration not required since #31807
Signed-off-by: Ryan Emerson <remerson@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-13 17:26:43 +01:00
75b0a8aa2a
When fetching scheduled workflows, return all steps with status completed/pending
...
Closes #45212
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2026-01-13 14:34:13 +01:00
5d773e688b
Fix charset of ORG.ID for mysql/mariadb
...
Closes #45239
Signed-off-by: vramik <vramik@redhat.com >
2026-01-12 17:02:45 -03:00
e6fb3aa7df
Use RawSqlStatement instead of RawParameterizedSqlStatement for Saml encryption update
...
Closes #45107
Signed-off-by: rmartinc <rmartinc@redhat.com >
2026-01-12 17:06:17 +01:00
f8b114bdd8
Add indexes to BROKER_LINK table
...
Closes #45009
Signed-off-by: Ryan Emerson <remerson@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-09 16:09:40 +00:00
83f31b1003
Reset a password only once
...
Closes #37231
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Co-authored-by: Ricardo Martin <rmartinc@redhat.com >
2026-01-09 09:30:16 -03:00
17f0dbdc1c
Update browser flow with organization flow on migration
...
Closes #36593
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-07 09:37:46 -03:00
695ee725a5
Admin UI: slow response time listing second user page
...
Fixes #44860
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-07 10:53:14 +01:00
0d5766f3a8
Allow running scheduled workflows
...
Closes #44865
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-05 13:03:47 -03:00
cafa1a86eb
Disable state transfer for session caches when persistent sessions are enabled
...
Closes #44518
Signed-off-by: Ryan Emerson <remerson@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-05 08:53:59 +00:00
60b369c622
Validate client session timeout and lifetime settings on realm settings edit
...
Closes #44910
Signed-off-by: Ruchika <Ruchika.Jha1@ibm.com >
Signed-off-by: Ryan Emerson <remerson@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Ryan Emerson <remerson@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-05 08:50:56 +00:00
66f3868ccf
Suppress the step's priority in the returned workflow JSON/YAML
...
Closes #45075
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-12-29 10:26:21 -03:00
985ec6d306
Add name uniqueness validation to workflows
...
Closes #43914
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
# Conflicts:
# tests/base/src/test/java/org/keycloak/tests/workflow/WorkflowManagementTest.java
2025-12-29 10:24:56 -03:00
ba495d1ab1
Remote Infinispan should return count per client only for the current realm ( #44948 )
...
Closes #44577
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
2025-12-17 07:40:49 +01:00
7858e6ff6b
Change workflow condition grammar to accept the token 'not' as the negation operator instead of '!'
...
Closes #44880
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-12-12 13:31:55 -03:00
0419d6711f
Workflow database queries not filtering based on the realm
...
Closes #44858
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-12-12 09:40:17 -03:00
138d1e0588
Allow restarting the step chain at a specific position
...
Closes #44789
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-12-12 09:38:01 -03:00
3bd33528f3
Avoid flushing user information in batch mode
...
Closes #44787
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-12-11 14:02:45 +01:00
2feb158554
ProtoStream marshaller for lambas
...
Closes #44811
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
2025-12-11 12:47:27 +01:00
1231590a52
Avoid lookup of existing workflow instances when not needed
...
Closes #44791
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-12-10 11:53:50 -03:00
921b10ee80
Login failure cache: Evict entries after the configured failure reset time
...
Closes #44801
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Co-authored-by: Christian Glasmachers <Christian.Glasmachers-extern@deutschebahn.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com >
2025-12-10 11:20:19 +01:00
590538c99d
Wrong keycloak session when restarting workflows
...
Closes #44756
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-12-09 10:17:28 +01:00
89a8cddfd6
Make sure group permissions on view scope are not processed when querying users
...
Closes #44329
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
Co-authored-by: vramik <vramik@redhat.com >
2025-12-08 14:39:40 +01:00
985777ebcc
Improvements to the notify step
...
Closes #44708
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-12-05 18:58:03 +01:00
b14d00e08f
Improve workflow concurrency settings
...
- allow restarting based on events
- allow cancelling based on events
Closes #44645
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-12-05 11:28:18 -03:00
65ab7f541d
Add API method that fetches the scheduled workflow steps for a resource
...
Closes #43660
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-12-03 11:09:55 -03:00
a2562caa11
Cache expression EvaluatorContext in the workflow component model's notes
...
Closes #42961
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-12-01 14:29:08 -03:00
cd350082f7
Ensure workflow is only restarted on events that match the activation condition
...
Closes #44399
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-12-01 10:53:59 -03:00
be714d935d
Ensure GroupMemberLeaveEvent has a reference to the user leaving the group
...
Closes #44400
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-12-01 10:46:43 -03:00
Martin Kanis