External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
26,898 Commits 26 Branches 288 Tags
Commit Graph

511 Commits

Author SHA1 Message Date
Stefan Guilhen
24fab37519 Add README.md for the IPA-Tuura user federation 
#Closes 35563

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-12-03 17:08:27 -03:00
Stefan Guilhen
590944b111 Use proper field type for the IPA-Tuura federation provider password 
#Closes 35529

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-12-03 05:27:27 -03:00
Stefan Guilhen
3c33a7180e
Add initial IPA-Tuura federation (#35467) 
* Add initial federation ipatuura plugin

Closes #35325

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-12-02 14:59:21 -03:00
Pedro Igor
4668abc802 Better message when failing to update passwords due to invalid constraint/policy violation 
Closes #35421

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-28 18:28:26 +01:00
Martin Bartoš
594218382d
OTEL: Instrument parts of Keycloak with OTEL spans 
Closes #32114

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-28 12:08:50 +00:00
Thomas Darimont
f61937f3d9
Prefer usage of StandardCharsets.UTF_8 over "UTF-8" charset reference 
Fixes #35080

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-25 10:45:37 +00:00
Ricardo Martin
ca1c10f7ba
Use short UUID for ldap components (#34815) 
Closes #32143

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-15 15:15:04 +01:00
Pedro Igor
dfe2f2bb54 Allow updating the username when registration as email is enabled during LDAP updates 
Closes #34560

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-15 09:51:44 +01:00
Pedro Igor
f5dcf770dc Improving the error message when failing to query an LDAP provider 
Closes #34760

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-11 10:34:53 +01:00
Pedro Igor
d3c5082244 Better message when updating users when import is disabled 
Closes #31456

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-07 21:21:56 +01:00
Stefan Guilhen
af434d6bc1 Add checks to prevent GroupLDAPStorageMapper from performing operations on groups it does not manage 
Closes #11008
Closes #17593
Closes #19652

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-11-01 15:49:55 -03:00
Pedro Igor
4ad462fbd3 Do not rely on the pwdLastSet attribute when updating AD entries 
Closes #34467

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-30 17:43:07 +01:00
Stefan Guilhen
d66030fcad Check if LDAPObject is available from a previously cached proxied user 
Closes #34412

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-10-28 19:19:16 -03:00
Alexi Vandevoorde
0d07342649
Implement pagination for getLDAPRoleMappings (#34043) 
* Implement pagination for getLDAPRoleMappings

On Active Directory, allow to retrieve more groups than the MaxPageSize
(default to 1000). Without this patch, we need to increase the
MaxPageSize which does not really scale. Implemented only for the
LoadRolesByMember startegy.

Closes #34042

Signed-off-by: Alexi Vandevoorde <alexi@vandevoor.de>
 2024-10-28 16:40:20 -03:00
Stefan Guilhen
4690e00d91 Ensure searched LDAPObject is properly cached before other methods that trigger user validation run 
Closes #34050

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-10-28 15:39:16 -03:00
Martin Kanis
0ebf862b63 LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and user already exists 
Closes #32266

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-10-11 09:16:17 -03:00
Martin Kanis
51fd133f05 [Keycloak CI] - User Federation Tests - fixing AD tests 
Closes #33231

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-10-02 16:02:55 -03:00
Stefan Guilhen
be13366c17
Improve response time when displaying group members using LDAP Provider 
Closes #31786

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2024-09-20 21:20:24 +02:00
Alexander Schwartz
2a95d0abfa
Sort order of updates for user properties (#32853) 
This should reduce deadlocks on the user property table if the users are updated concurrently.

Closes #32852

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-18 12:37:42 +02:00
Stefan Guilhen
92e435f192 Do not automatically re-import users if they already exist locally when searching by attributes 
Closes #32870

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-13 08:54:44 +02:00
Pedro Igor
d04d2bb852 Allow removing users federated from a kerberos provider 
Closes #31603

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-13 18:47:55 +02:00
Thomas Darimont
2140e573f2
Fix test LDAP connection with multiple ldap connection urls 
Previously, the given connection string was check with URI.create(..) which
failed when multiple space separated LDAP URLs were given.

Closes #31267

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-07-16 08:57:50 +02:00
rmartinc
bd90ead892 Do not compare user DN using DN comparison as Ad can login via username@domain 
Closes #31196

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-10 17:01:49 -03:00
Pedro Igor
ead1b4a851
Testing ldap connection should not process or bind the credentials (#31081) 
Closes #30821

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-08 13:58:02 +02:00
Rishabh Singh
3a156b1a8b This fix allows the LDAP connection pool parameters - maxsize, prefsize, initsize - to be configured using JVM arguments. 
Removed the check on connectionPoolingMaxSize, connectionPoolingInitSize and connectionPoolingPrefSize

Closes #30677

Signed-off-by: Rishabh Singh <rishabhsvats@gmail.com>

This fix allows all the LDAP connection pool parameters to be configured using JVM arguments.

Removed all the ldap connection pool parameters

Signed-off-by: Rishabh Singh <rishabhsvats@gmail.com>
 2024-07-02 07:47:14 -03:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
rmartinc
c51640546d Improvements for ldap test authentication 
Closes #30434

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-15 10:01:24 +02:00
Stefan Guilhen
c49b5749ef Fix GroupLDAPStorageMapper so it doesn't attempt to update a group fetched in a different tx when synchronizing groups from LDAP 
Closes #29784

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-06-12 10:42:21 -03:00
rmartinc
eedfd0ef51 Missing auth checks in some admin endpoints (#166) 
Closes keycloak/keycloak-private#156

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-05 12:04:47 +02:00
Stefan Guilhen
7f232f1510 Switch to VaultStringSecret to avoid encoding issues when special characters (such as §) are present in the ldap bind credential 
Closes #29808

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-05-27 10:11:16 -03:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages (#29326) 
Update resource file and tests accordingly

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
 2024-05-16 09:55:41 +02:00
Alexander Schwartz
2d053312a0
Retrieve UUID from LDAP in same context (#29470) 
This should avoid out-of-sync problems in distributed LDAP environments.

Closes #29206

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-13 16:18:30 +02:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971) 
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-05-06 18:57:55 +00:00
Robin Meese
8a5fb8337b Fix catching NameAlreadyBoundException 
Closes #29142

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2024-05-02 15:10:08 -03:00
Tero Saarni
64862d568e Convert database errors to 500 instead of 400. 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2024-04-22 11:42:18 -03:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
Stefan Guilhen
e6b9d287af Add null checks after retrieving user from LDAP for validation to prevent NPE when user is removed in LDAP. 
Closes #28523

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-11 14:29:30 -03:00
Stijn Last
e9498079e0 LDAP: Show error message when groups synchronization fails 
closes: #28436
Signed-off-by: Stijn Last <stijn.last@barco.com>
 2024-04-09 09:10:19 -03:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user 
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-04-08 09:05:16 -03:00
Stefan Guilhen
9bb2402d3b Propagate Username LDAP Attribute changes to the username mapper to keep mapper and main LDAP storage config in synch. 
Closed #27984

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-03 09:11:55 -03:00
Stefan Guilhen
2ca59d4141 Align isEnabled in MSAD mappers to how other properties are processed in UserAttributeLDAPStorageMapper 
- user model is updated by onImport with the enabled/disabled status of the LDAP user
- a config option always.read.enabled.value.from.ldap was introduced, in synch to what we have in UserAttributeLDAPStorageMapper
- isEnabled checks the flag to decide if it should always retrieve the value from LDAP, or return the local value.
- setEnabled first updates the LDAP tx, and then calls the delegate to avoid issue #24201

Closes #26695
Closed #24201

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-04-01 08:20:35 -03:00
Pedro Igor
b9a7152a29 Avoid commiting the transaction prematurely when creating users through the User API 
Closes #28217

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-27 19:16:09 -03:00
rmartinc
d679c13040 Continue LDAP search if a duplicated user (ModelDuplicateException) is found 
Closes #25778

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-13 08:52:58 -03:00
Steven Hawkins
8d9439913c
fix: removal of resteasy-core (#27032) 
* fix: partial removal of resteasy-core

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: fully removing resteasy-core

closes: #26315

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-02-29 11:43:13 +00:00
Ricardo Martin
3bc074913e
Allow LDAP provider to search using any attribute configured via mappers (#26235) 
Closes #22436

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-21 08:48:39 +00:00
Stefan Guilhen
143ccbfa15 Check if kerberos auth is enabled before creating the kerberos principal in LDAPStorageProvider 
- prevents misleading warn messages from being logged

Closes #25294

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-16 15:44:45 +01:00
Stefan Guilhen
2161e72872 Add migration for the useTruststoreSpi config property in LDAP user storage provider 
- legacy `ldapsOnly` value now migrated to `always`.

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-12 11:53:19 +01:00
Stefan Guilhen
eac43822c3 Avoid changing the config value for the useTruststoreSpi property 
- prevents cached LDAPConfig entry from changing when retrieving this value

Closes #25912

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-12 11:53:19 +01:00
Stefan Guilhen
d3ae075a33 Fix MembershipType so that NPE is not thrown when an empty member is found within a group 
Closes #25883

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-02-09 19:04:37 +01:00
rmartinc
509f618992 Improvements for test connection and authentication in the LDAP provider 
Closes #26464

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-02-06 13:04:06 -03:00