keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30

Author	SHA1	Message	Date
Stefan Guilhen	590944b111	Use proper field type for the IPA-Tuura federation provider password #Closes 35529 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-12-03 05:27:27 -03:00
Stefan Guilhen	3c33a7180e	Add initial IPA-Tuura federation (#35467 ) * Add initial federation ipatuura plugin Closes #35325 Signed-off-by: Justin Stephenson <jstephen@redhat.com> Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>	2024-12-02 14:59:21 -03:00
Pedro Igor	4668abc802	Better message when failing to update passwords due to invalid constraint/policy violation Closes #35421 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-11-28 18:28:26 +01:00
Martin Bartoš	594218382d	OTEL: Instrument parts of Keycloak with OTEL spans Closes #32114 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-11-28 12:08:50 +00:00
Thomas Darimont	f61937f3d9	Prefer usage of `StandardCharsets.UTF_8` over `"UTF-8"` charset reference Fixes #35080 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-11-25 10:45:37 +00:00
Ricardo Martin	ca1c10f7ba	Use short UUID for ldap components (#34815 ) Closes #32143 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-11-15 15:15:04 +01:00
Pedro Igor	dfe2f2bb54	Allow updating the username when registration as email is enabled during LDAP updates Closes #34560 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-11-15 09:51:44 +01:00
Pedro Igor	f5dcf770dc	Improving the error message when failing to query an LDAP provider Closes #34760 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-11-11 10:34:53 +01:00
Pedro Igor	d3c5082244	Better message when updating users when import is disabled Closes #31456 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-11-07 21:21:56 +01:00
Stefan Guilhen	af434d6bc1	Add checks to prevent GroupLDAPStorageMapper from performing operations on groups it does not manage Closes #11008 Closes #17593 Closes #19652 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-11-01 15:49:55 -03:00
Pedro Igor	4ad462fbd3	Do not rely on the pwdLastSet attribute when updating AD entries Closes #34467 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-10-30 17:43:07 +01:00
Stefan Guilhen	d66030fcad	Check if LDAPObject is available from a previously cached proxied user Closes #34412 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-10-28 19:19:16 -03:00
Alexi Vandevoorde	0d07342649	Implement pagination for getLDAPRoleMappings (#34043 ) * Implement pagination for getLDAPRoleMappings On Active Directory, allow to retrieve more groups than the MaxPageSize (default to 1000). Without this patch, we need to increase the MaxPageSize which does not really scale. Implemented only for the LoadRolesByMember startegy. Closes #34042 Signed-off-by: Alexi Vandevoorde <alexi@vandevoor.de>	2024-10-28 16:40:20 -03:00
Stefan Guilhen	4690e00d91	Ensure searched LDAPObject is properly cached before other methods that trigger user validation run Closes #34050 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-10-28 15:39:16 -03:00
Martin Kanis	0ebf862b63	LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and user already exists Closes #32266 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-10-11 09:16:17 -03:00
Martin Kanis	51fd133f05	[Keycloak CI] - User Federation Tests - fixing AD tests Closes #33231 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-10-02 16:02:55 -03:00
Stefan Guilhen	be13366c17	Improve response time when displaying group members using LDAP Provider Closes #31786 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: rmartinc <rmartinc@redhat.com>	2024-09-20 21:20:24 +02:00
Alexander Schwartz	2a95d0abfa	Sort order of updates for user properties (#32853 ) This should reduce deadlocks on the user property table if the users are updated concurrently. Closes #32852 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-18 12:37:42 +02:00
Stefan Guilhen	92e435f192	Do not automatically re-import users if they already exist locally when searching by attributes Closes #32870 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-09-13 08:54:44 +02:00
Pedro Igor	d04d2bb852	Allow removing users federated from a kerberos provider Closes #31603 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-13 18:47:55 +02:00
Thomas Darimont	2140e573f2	Fix test LDAP connection with multiple ldap connection urls Previously, the given connection string was check with URI.create(..) which failed when multiple space separated LDAP URLs were given. Closes #31267 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-07-16 08:57:50 +02:00
rmartinc	bd90ead892	Do not compare user DN using DN comparison as Ad can login via username@domain Closes #31196 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-10 17:01:49 -03:00
Pedro Igor	ead1b4a851	Testing ldap connection should not process or bind the credentials (#31081 ) Closes #30821 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-08 13:58:02 +02:00
Rishabh Singh	3a156b1a8b	This fix allows the LDAP connection pool parameters - maxsize, prefsize, initsize - to be configured using JVM arguments. Removed the check on connectionPoolingMaxSize, connectionPoolingInitSize and connectionPoolingPrefSize Closes #30677 Signed-off-by: Rishabh Singh <rishabhsvats@gmail.com> This fix allows all the LDAP connection pool parameters to be configured using JVM arguments. Removed all the ldap connection pool parameters Signed-off-by: Rishabh Singh <rishabhsvats@gmail.com>	2024-07-02 07:47:14 -03:00
Jon Koops	df18629ffe	Use a default Java version from root POM (#29927 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-21 14:19:31 +02:00
rmartinc	c51640546d	Improvements for ldap test authentication Closes #30434 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-15 10:01:24 +02:00
Stefan Guilhen	c49b5749ef	Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP Closes #29784 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-06-12 10:42:21 -03:00
rmartinc	eedfd0ef51	Missing auth checks in some admin endpoints (#166 ) Closes keycloak/keycloak-private#156 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-06-05 12:04:47 +02:00
Stefan Guilhen	7f232f1510	Switch to VaultStringSecret to avoid encoding issues when special characters (such as §) are present in the ldap bind credential Closes #29808 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-27 10:11:16 -03:00
Dimitri Papadopoulos Orfanos	64a145e960	Fix user-facing typos in error messages (#29326 ) Update resource file and tests accordingly Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>	2024-05-16 09:55:41 +02:00
Alexander Schwartz	2d053312a0	Retrieve UUID from LDAP in same context (#29470 ) This should avoid out-of-sync problems in distributed LDAP environments. Closes #29206 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-13 16:18:30 +02:00
Dimitri Papadopoulos Orfanos	cd8e0fd333	Fix user-facing typos in Javadoc (#28971 ) Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-05-06 18:57:55 +00:00
Robin Meese	8a5fb8337b	Fix catching NameAlreadyBoundException Closes #29142 Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>	2024-05-02 15:10:08 -03:00
Tero Saarni	64862d568e	Convert database errors to 500 instead of 400. Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2024-04-22 11:42:18 -03:00
Pedro Ruivo	3e0a185070	Remove deprecated EnvironmentDependentProviderFactory.isSupported method Closes #26280 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-04-19 16:36:49 +02:00
Stefan Guilhen	e6b9d287af	Add null checks after retrieving user from LDAP for validation to prevent NPE when user is removed in LDAP. Closes #28523 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-11 14:29:30 -03:00
Stijn Last	e9498079e0	LDAP: Show error message when groups synchronization fails closes: #28436 Signed-off-by: Stijn Last <stijn.last@barco.com>	2024-04-09 09:10:19 -03:00
Pedro Igor	52ba9b4b7f	Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user Closes #28248 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-08 09:05:16 -03:00
Stefan Guilhen	9bb2402d3b	Propagate Username LDAP Attribute changes to the username mapper to keep mapper and main LDAP storage config in synch. Closed #27984 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-03 09:11:55 -03:00
Stefan Guilhen	2ca59d4141	Align isEnabled in MSAD mappers to how other properties are processed in UserAttributeLDAPStorageMapper - user model is updated by onImport with the enabled/disabled status of the LDAP user - a config option always.read.enabled.value.from.ldap was introduced, in synch to what we have in UserAttributeLDAPStorageMapper - isEnabled checks the flag to decide if it should always retrieve the value from LDAP, or return the local value. - setEnabled first updates the LDAP tx, and then calls the delegate to avoid issue #24201 Closes #26695 Closed #24201 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-01 08:20:35 -03:00
Pedro Igor	b9a7152a29	Avoid commiting the transaction prematurely when creating users through the User API Closes #28217 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-27 19:16:09 -03:00
rmartinc	d679c13040	Continue LDAP search if a duplicated user (ModelDuplicateException) is found Closes #25778 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-03-13 08:52:58 -03:00
Steven Hawkins	8d9439913c	fix: removal of resteasy-core (#27032 ) * fix: partial removal of resteasy-core Signed-off-by: Steve Hawkins <shawkins@redhat.com> * fix: fully removing resteasy-core closes: #26315 Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-02-29 11:43:13 +00:00
Ricardo Martin	3bc074913e	Allow LDAP provider to search using any attribute configured via mappers (#26235 ) Closes #22436 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-02-21 08:48:39 +00:00
Stefan Guilhen	143ccbfa15	Check if kerberos auth is enabled before creating the kerberos principal in LDAPStorageProvider - prevents misleading warn messages from being logged Closes #25294 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-02-16 15:44:45 +01:00
Stefan Guilhen	2161e72872	Add migration for the useTruststoreSpi config property in LDAP user storage provider - legacy `ldapsOnly` value now migrated to `always`. Closes #25912 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-02-12 11:53:19 +01:00
Stefan Guilhen	eac43822c3	Avoid changing the config value for the useTruststoreSpi property - prevents cached LDAPConfig entry from changing when retrieving this value Closes #25912 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-02-12 11:53:19 +01:00
Stefan Guilhen	d3ae075a33	Fix MembershipType so that NPE is not thrown when an empty member is found within a group Closes #25883 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-02-09 19:04:37 +01:00
rmartinc	509f618992	Improvements for test connection and authentication in the LDAP provider Closes #26464 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-02-06 13:04:06 -03:00
Marek Posolda	651d99db25	Allow selecting attributes from user profile when managing token mappers (#26415 ) * Allow selecting attributes from user profile when managing token mappers closes #24250 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-01-25 17:01:02 +01:00

1 2 3 4 5 ...

560 Commits