mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-04 13:59:54 -06:00
Code Issues Packages Projects Releases Wiki Activity
22,720 Commits 20 Branches 287 Tags
d07fe2f7fdfeef1112ca40d4dd4902cf030cd09e
Commit Graph

2170 Commits

Author SHA1 Message Date
Réda Housni Alaoui
e2ed9791ef Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients (#21058) 
closes #21010

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
(cherry picked from commit 3f014c7299)
 2024-02-22 07:16:03 +01:00
Thomas Darimont
3a35cf28f8 Shorter lifespan for offline session cache entries in memory 
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 93fc6a6c54)
 2024-02-13 18:07:26 +01:00
Stian Thorgersen
0d6005d4af Ignore empty attribute values when retriveing boolean/int/long (#26729) (#26738) 
Resolves #26597, resolves #26665

Signed-off-by: stianst <stianst@gmail.com>
 2024-02-06 16:17:42 +00:00
Alexander Schwartz
d912ee6d92 Avoid shutdown of Infinispan when using cache (#25614) 
Closes #24508

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit e01827693a)
 2023-12-18 11:54:27 +01:00
Alexander Schwartz
dc03477f1a Avoid logged warning about objects not present in the cache for tasks 
Closes #25322

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit a8cff72ed0)
 2023-12-15 10:58:47 +01:00
Alexander Schwartz
2202971f3d Allow concurrent remote cache operations 
Closes #25388

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 5b1b3ca11b)
 2023-12-15 10:56:17 +01:00
Alexander Schwartz
30b79c91d6 Avoid reseting cachemanger to null to avoid a re-initialization 
Also follow best practices of using volatile variables for double-locking, and not using shutdown caches.

Closes #24085

(cherry picked from commit 26e2fde115)
 2023-12-15 10:56:17 +01:00
Michal Hajas
1d50fcd162 Publish information about Infinispan availability in lb-check if MULTI_SITE is enabled 
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 2b2207af93)

 Conflicts:
	common/src/main/java/org/keycloak/common/Profile.java
	common/src/test/java/org/keycloak/common/ProfileTest.java
	quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt
	quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2023-11-30 19:31:19 +01:00
Vlasta Ramik
115200d3cc Import migration step for kc22 
Closes #24031

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>

(cherry picked from commit f6d582c761)
 2023-10-19 21:57:21 +02:00
Bernd Bohmann
f3574b16d7 Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted (#8430) 
Closes #14820
---------
Co-authored-by: Michal Hajas <mhajas@redhat.com>

(cherry picked from commit bb2f59df87)
 2023-10-16 12:50:12 -04:00
Todor Staykovski
e377662a94 Add subgroups sorting (#22295) 
* Review comments to add a test, update the API description and adjust the map storage.

Closes #19348

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit dffa7a31cb)
 2023-10-16 12:50:12 -04:00
Lex Cao
9421735865 Fix unexpected expiration when import offline client session 
Closes #23397

(cherry picked from commit eedc4ceb18)
 2023-10-13 17:30:56 +02:00
vramik
cac15f703c Upgrade liquibase version to avoid a bug where a changeset is executed twice 
Closes #23220

(cherry picked from commit 7f2f4aae67)

Conflicts:
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/zerodowntime/ZeroDowntimeTest.java
 2023-10-09 14:25:01 +02:00
Martin Kanis
2e13d23639 Concurrent code-to-token request is allowed to success only once (#28) 
Closes keycloak/security#63

Co-authored-by: mposolda <mposolda@gmail.com>
 2023-10-04 10:29:16 +02:00
Peter Skopek
ef9726af81 SAML Adapter fix for EAP8 and WF29 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
(cherry picked from commit ef272f7668)
 2023-09-07 15:22:42 +02:00
Marek Posolda
83000cb77f Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22788) 
closes #22352 #9422

(cherry picked from commit 6f989fc132)
 2023-08-29 14:42:08 +00:00
Alexander Schwartz
0b180543ce Upgrade to Infinispan 14.0.14 (#22485) 
Closes #21092

(cherry picked from commit dfc8c80264)
 2023-08-16 14:00:30 +00:00
Alexander Schwartz
4cd44d7f8d Prevent concurrent session cleanup on different instances in the cluster (#22298) 
Closes #22198

(cherry picked from commit 5f95929092)
 2023-08-07 18:33:03 +02:00
mposolda
29d5fc6c49 Fix authenticatorConfig for javascript providers 
Closes #20005

(cherry picked from commit 6f6b5e8e84)
 2023-08-01 08:59:28 +02:00
vramik
bacc114c24 Introduce re-try mechanism when deserializing during import for map store 
Closes #21824

(cherry picked from commit 2f5a96351d)
 2023-07-21 10:30:32 +02:00
William Burns
d7603f607a Do not cache a session that is already expired in listener (#21684) 
Fixes part of #20983

(cherry picked from commit de04684dd0)
 2023-07-18 15:56:24 +02:00
Patrick Jennings
399a23bd56 Find an appropriate key based on the given KID and JWA (#21160) 
* keycloak-20847 Find an appropriate key based on the given KID and JWA. Prefers matching on both inputs but will match on partials if found. Or return the first key if a match is not found.

Mark Key as fallback if it is the singular client certificate to be used for signed JWT authentication.

* Update js/apps/admin-ui/public/locales/en/clients.json

Co-authored-by: Marek Posolda <mposolda@gmail.com>

* Updating boolean variable name based on suggestions by Marek.

* Adding integration test specifically for the JWT parameters for regression #20847.

---------

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2023-07-10 13:28:55 +02:00
Pedro Igor
bde57ca839 Ignoring artifacts when running re-aug to isolate the current and new stores 
Closes #20974
 2023-07-05 07:56:49 -03:00
Stijn Last
91e543f415 Improve error messages when testing LDAP connection (#21013) 
Closes #15434
 2023-07-01 19:45:49 +02:00
Hynek Mlnarik
c092c76ae8 Remove ldapsOnly (Java) 
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.

Closes: #9313
 2023-06-28 08:30:09 +02:00
Martin Kanis
db9b6c2152 Make awaitInitialTransfer for ISPN configurable 
Closes #16671
 2023-06-27 14:04:03 +02:00
Gilvan Filho
2493f11331 count users by custom user attribute 
closes #14747
 2023-06-21 11:56:22 -03:00
Stian Thorgersen
f82577a7f3 Removed old account console (#21098) 
Co-authored-by: Jon Koops <jonkoops@gmail.com>

Closes #9864
 2023-06-20 20:46:57 +02:00
Alexander Schwartz
f0f664dbb5 Prevent NPE on close() if postInit() hasn't been called 
Closes #20977
 2023-06-14 10:50:12 +02:00
Alexander Schwartz
e410a76c42 Avoid caching the list of clientscopes in two places 
Closes #20426

Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2023-06-13 21:33:21 +02:00
vramik
535bba5792 Update UserQueryProvider methods 
Closes #20438
 2023-06-12 16:04:26 +02:00
Arnaud Martin
ae5a47d548 Impossible to update a federated user credential label 
Closes #16613
 2023-06-12 15:39:52 +02:00
Vlasta Ramik
ed473da22b Clean-up of deprecated methods and interfaces 
Fixes #20877

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-09 17:11:20 +00:00
Marek Posolda
8080085cc1 Removing 'http challenge' authentication flow and related authenticators (#20731) 
closes #20497


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2023-06-08 14:52:34 +02:00
Hynek Mlnarik
12dd3edb10 Fix pagination issue with H6 
With Hibernate ORM 6, pagination started to be unreliable: When
setting the max results only if the first row was 0 has randomly
affected other threads where first row was greater than 0. The
latter thread sometimes produced query which did *not* account
for the offset (cf. threads `-t1` and `-t2` below, while `-t2`
missed the `offset ? rows` part whic `-t3` has).

This has been fixed by setting the first row offset unconditionally.

Closes: #20202
Closes: #16570

```
2023-06-02 10:19:03.855000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t1) Running computation for segment 0 with worker 0
2023-06-02 10:19:03.856000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t1) Loading sessions for segment=0 lastSessionId=00000000-0000-0000-0000-000000000000 first=0
2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@2fb60f8b
2023-06-02 10:19:03.856000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t1) After pagination: 0, 64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t2) Running computation for segment 1 with worker 1
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t2) Loading sessions for segment=1 lastSessionId=00000000-0000-0000-0000-000000000000 first=64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker] (blocking-thread-node-2-p8-t3) Running computation for segment 2 with worker 2
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set first to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) Set max to 64 in org.hibernate.query.sqm.internal.QuerySqmImpl@71464e9f
2023-06-02 10:19:03.857000 DEBUG [org.keycloak.models.jpa.PaginationUtils] (blocking-thread-node-2-p8-t2) After pagination: 64, 64
2023-06-02 10:19:03.857000 TRACE [org.keycloak.models.sessions.infinispan.initializer.OfflinePersistentUserSessionLoader] (blocking-thread-node-2-p8-t3) Loading sessions for segment=2 lastSessionId=00000000-0000-0000-0000-000000000000 first=128
10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t1)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID fetch first ? rows only
10:19:03,859 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t2)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID fetch first ? rows only
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [1] as [VARCHAR] - [1]
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [2] as [VARCHAR] - [00000000-0000-0000-0000-000000000000]
2023-06-02 10:19:03.860000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t1) binding parameter [3] as [INTEGER] - [64]
10:19:03,860 DEBUG [org.hibernate.SQL] (blocking-thread-node-2-p8-t3)
    select
        p1_0.OFFLINE_FLAG,
        p1_0.USER_SESSION_ID,
        p1_0.CREATED_ON,
        p1_0.DATA,
        p1_0.LAST_SESSION_REFRESH,
        p1_0.REALM_ID,
        p1_0.USER_ID
    from
        OFFLINE_USER_SESSION p1_0,
        REALM r1_0
    where
        r1_0.ID=p1_0.REALM_ID
        and p1_0.OFFLINE_FLAG=?
        and p1_0.USER_SESSION_ID>?
    order by
        p1_0.USER_SESSION_ID offset ? rows fetch first ? rows only
2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [3] as [INTEGER] - [128]
2023-06-02 10:19:03.861000 TRACE [org.hibernate.orm.jdbc.bind] (blocking-thread-node-2-p8-t3) binding parameter [4] as [INTEGER] - [64]
```

Co-authored-by: mkanis <mkanis@redhat.com>
 2023-06-07 20:45:34 +02:00
Vlasta Ramik
3b2dea64ac Remove duplicated and unused PersistenceExceptionConverter (#20844) 
Closes #20842
 2023-06-07 14:46:36 +02:00
Martin Bartoš
bea8778683 Use new method for obtaining DB dialect 2023-06-07 10:14:34 +02:00
rmartinc
81aa588ddc Fix and correlate session timeout calculations in legacy and new map implementations 
Closes https://github.com/keycloak/keycloak/issues/14854
Closes https://github.com/keycloak/keycloak/issues/11990
 2023-06-05 18:46:23 +02:00
vramik
a175efcb72 Split UserQueryProvider into UserQueryMethods and UserCountMethods and make LdapStorageProvider implement only UserQueryMethods 
Co-authored-by: mhajas <mhajas@redhat.com>

Closed #20156
 2023-05-31 11:47:54 +02:00
stianst
0832992e59 Removing OpenShift integration and moving to separate extension 
closes #20496

Co-authored-by: mposolda <mposolda@gmail.com>
 2023-05-30 17:39:32 +02:00
Tomas Slusny
1b06c4cf6c Use cached policy store in Infinispan PolicyAdapter (#20566) 2023-05-29 10:39:24 -03:00
Alexander Schwartz
5cd0d51fa6 Don't remove an element from the cache that was queued to be created during the current request 
This avoids a remove Infinispan call in multi-node and cross-DC setups.

Closes #20404
 2023-05-25 10:33:23 +02:00
Hynek Mlnarik
fc0e47caa4 Fix KcCustomOidcBrokerTest 
Fixes: #20541
 2023-05-25 10:20:36 +02:00
Pedro Ruivo
abd75a786f Enable simple-cache for local-cache 
Closes #20486
 2023-05-24 09:47:20 +02:00
Stefan Guilhen
2252b09949 Remove deprecated default roles methods 
Closes #15046
 2023-05-23 22:32:52 +02:00
Alexander Schwartz
7f64ca0048 Avoid querying with secondary columns which might fetch and lock additional rows (#20474) 
* Accessing UserSession by primary key

This resolves problematic locking queries databases running on SERIALIZABLE isolation level like CockroachDB

Closes #16977

* Avoid querying with expiring column

This resolves problematic locking queries databases running on SERIALIZABLE isolation level like CockroachDB

Closes #16977
 2023-05-23 07:19:58 +00:00
Alexander Schwartz
23683970bb Avoid optimistic locking queries on CockroachDB to avoid rolling back transactions 
Closes #16976
 2023-05-23 08:42:03 +02:00
Alexander Schwartz
d7a408d081 Remove log4j dependency from model/jpa which is EOL 
Closes #20421
 2023-05-19 17:43:51 -03:00
Alex Szczuczko
1578506475 Seperate version properties for hibernate-enhance and quarkus-maven (#20264) 
This will allow them to be defined seperately from aligned dependency
versions suitable for product

Closes #20261
 2023-05-18 14:37:55 +00:00
mkrueger92
256bb84cc4 Avoid NPE while fetching offline sessions (#17577) 2023-05-18 13:32:02 +02:00