Commit Graph

2529 Commits

Author SHA1 Message Date
Miguel C
ffa85cdd59 Add primary key to avoid issues in some mysql 8 server but still keep compatibility with others
Closes #35827

Signed-off-by: mike-pt <mike-pt@users.noreply.github.com>
2025-01-07 22:26:28 +01:00
Alexander Schwartz
c651323b7d Trace validation of users to see contribution of external timing (#36060)
Closes #36059

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-01-07 12:35:48 +01:00
Pedro Igor
761e9fb729 Make sure brokers are managed within the scope of the realm model object
Closes #34356

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-01-02 20:55:53 +01:00
Rungsikorn Rungsikavanich
41696b964b Add client ID length validation (#35725)
Closes #35723

Signed-off-by: Rungsikorn Rungsikavarnich <rungsikorn@me.com>
2024-12-19 11:19:59 +01:00
rmartinc
bac5ec8858 Better caching for federated users
Closes #35637

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-12-12 09:22:58 -03:00
Pedro Igor
ad679b8729 Exact searches should be the default when querying user by attributes
Closes #35822

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-12-12 12:46:51 +01:00
Sven-Torben Janus
7531f97e54 Fix potential NPE in migration script for KC 26 (#35794)
Closes #35793

Signed-off-by: Sven-Torben Janus <sven-torben.janus@conciso.de>
2024-12-11 11:36:00 +01:00
Alexander Schwartz
cde8f25cc2 Group persistent session work activities in parent span or link them
Closes #35430

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-12-10 13:55:35 +01:00
vramik
044807f162 [FGAP] Create new internal client which would hold the authorization objects for feature V2
Closes #34565

Signed-off-by: vramik <vramik@redhat.com>
2024-12-05 11:56:13 -03:00
Pedro Ruivo
86c475b9fc Invoking BaseUpdater.markDeleted() more than once cause the transient status to be lost
Fixes #35570

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-12-03 18:06:07 +01:00
Pedro Igor
7a35d4970d Do not run changeset if comlumn already exists
Closes #35290

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-12-03 09:32:14 +01:00
Pedro Igor
a4d70ad6d2 Avoid creating ObjectMapper but using JsonSerialization utility class when managing event details
Closes #35457

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-12-02 13:54:14 +01:00
Pedro Igor
e5f1c9a6de Make sure event details are not stored if they are null
Closes #35288

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-12-02 12:49:43 +01:00
Stefan Guilhen
88cfe426d8 Fix migration for MySQL database
- MariaDB and MySQL now use the same statement
- prevents a possible illegal mix of collations

Closes #34995

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-12-02 08:37:57 -03:00
Stefan Guilhen
9861acc2aa UserSessionProvider.removeUserSessions now removes all user sessions (both regular and offline)
Closes #31359

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-11-29 12:35:15 -03:00
kanwhoa
85c582bb73 Aligned call flags for addDefaultRequiredActions
Closes #34769

Signed-off-by: kanwhoa <kano@kano.org.uk>
2024-11-29 10:14:01 +01:00
Miguel C
195ace8cb8 Use regular CREATE TABLE instead of CREATE TEMPORARY
Some hosted/managed environments like google CloudSQL, might not support this type of statement (i.e. when using replication and GTID)

Since we are dropping the table anyway it seems a regular CREATE statement should work fine here.

Signed-off-by: mike-pt <mike-pt@users.noreply.github.com>
2024-11-28 10:17:04 -03:00
Pedro Ruivo
a65fd34bbf Make PermissionTicket events marshallable
Fixes #35328

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-11-28 10:14:54 +01:00
Thomas Darimont
f61937f3d9 Prefer usage of StandardCharsets.UTF_8 over "UTF-8" charset reference
Fixes #35080

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-11-25 10:45:37 +00:00
rmartinc
9c348562b5 Drop old table USERNAME_LOGIN_FAILURE used before by UserSessionProvider
Closes #34380

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-11-19 17:13:16 +01:00
vramik
440e81c8b9 Add a realm-level setting to enable FGAP to a realm
Closes #34920

Signed-off-by: vramik <vramik@redhat.com>
2024-11-19 09:59:34 -03:00
Giuseppe Graziano
05adf19848 Authentication session with changelog transaction
Closes #23881
Closes #32658

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-11-15 14:10:15 +01:00
vramik
ebd411b93d Upgrade 24 to 25 fails because db jpa changes drop nonexisting indexes.
Closes #34899

Signed-off-by: vramik <vramik@redhat.com>
2024-11-14 13:18:39 +01:00
Steven Hawkins
f8c1b6e779 fix: liquibase update summary to log only (#34836)
closes: #34818

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-11-14 11:28:08 +01:00
Pedro Igor
d04f7900f5 added membershipType to members list and membership type filter
Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>
 Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-11-12 09:13:18 -03:00
Pedro Igor
d3c5082244 Better message when updating users when import is disabled
Closes #31456

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-11-07 21:21:56 +01:00
Pedro Igor
b70303f293 Adding organization membership provider events
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-11-07 17:19:43 -03:00
Pedro Igor
0a05ba49d1 Adding a details map to admin events to store additional contextual data when the event is fired
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-11-07 17:19:43 -03:00
Stefan Guilhen
e28b88bc02 Guard against NPE by checking if caches are null in InfinispanOrganizationProvider
- caches can be disabled and the provider has to check if they are set when using them

Closes #34603

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-11-07 10:11:54 -03:00
Ricardo Martin
226daa41c7 Add service account mappers via client scope instead of dedicated scope (#34664)
Closes #10417

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
2024-11-07 08:45:11 +01:00
Thomas Darimont
3315ea718a Add ability to enable OID4VCI Verifiable Credentials per realm (#34524)
- Added new realm property verifiableCredentialsEnabled
- Updated RealmRepresentation
- Guarded route to Oid4VCI page
- Add boolean switch to Realm settings page to control Verifiable Credentials enablement
- We now only show the Verifiable Credentials page in the nave if the "Verifiable Credentials" realm setting is enabled.

Fixes #34524

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-11-04 14:58:30 +01:00
Stefan Guilhen
9c50813bf4 Add validChecksum to jpa-changelog-26.0.0.xml
Closes #34450

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-31 07:54:27 -03:00
Stefan Guilhen
ac25844731 Ensure hide_on_login has the default value set to 0 on MSSQL
Closes #34450

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-30 12:46:17 -03:00
Marek Posolda
3784fd1f67 Attempt to run snapshot Keycloak server against production DB should fail during migration
closes #30364

Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-28 15:02:26 +00:00
Pedro Ruivo
84f4bd8af1 Client Scope updates are not replicated between Keycloak nodes
Fixes #33731

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-25 11:22:15 +02:00
Martin Kanis
4f3ced9560 ConcurrentModificationException when restarting user sessions
Closes #34093

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-10-24 21:26:50 +02:00
Erik Jan de Wit
cc5b8dfd38 reset first when selecting subgroup (#34200)
fixes: #34149

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-10-23 14:34:09 -04:00
Pedro Ruivo
f507caae6c Deleting a user leads to ISPN marshalling exception
Fixes #34224

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-23 11:53:25 +02:00
Ryan Emerson
902abfdae4 JDBC_PING as default discovery protocol
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-22 20:19:19 +00:00
Gilvan Filho
c4005d29f0 add linear strategy to brute force
closes #25917

Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
2024-10-22 10:33:22 -03:00
Pedro Hos
91026d6713 NPE when Default Role is not present on CachedRealm
closes: #33817

Signed-off-by: Pedro Hos <pedro-hos@outlook.com>
2024-10-15 09:23:18 +02:00
Kevin Köllmann
23a6822715 Don't fail on drop index IDX_US_SESS_ID_ON_CL_SESS
Closes #33780

Signed-off-by: Kevin Köllmann <kevin@kllmnn.de>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-10-10 15:37:40 +00:00
Pedro Igor
f4f3a7de4a The event should also support user invalidation events
Closes #33777

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-10 11:41:50 -03:00
Pedro Ruivo
464fc90519 Fail to start if work cache is not replicated
Keycloak will now fail to start if the work cache is replicated.
Listeners require the data to be local.

Closes #33702

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-09 19:40:24 +00:00
Ryan Emerson
42484bd884 Allow proto-schema-compatibility-maven-plugin to be skipped with property (#33693)
Closes #33692

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-10-08 14:22:41 +00:00
mposolda
07cf71e818 Better logging when error happens during transaction commit
closes #33275

Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-08 11:14:10 +02:00
Ryan Emerson
e7ad9ff2d6 Add proto-schema-compatibility-maven-plugin check against release/26.0 branch to main
Closes #33565

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-10-04 15:55:12 +02:00
Pedro Igor
13111daceb Move organization membership cache entries to the user cache
Closes #33412

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-03 10:31:26 -03:00
vramik
b7eaa9b0cb Wildcard search not working for custom user attributes
Closes #32451

Signed-off-by: vramik <vramik@redhat.com>
2024-10-03 08:48:36 -03:00
vramik
c1653448f3 [Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link
Closes #33201

Signed-off-by: vramik <vramik@redhat.com>
2024-10-02 07:37:48 -03:00