keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30

Author	SHA1	Message	Date
Martin Bartoš	fe40730aed	Invalid migration export for empty database Fixes #32535 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-02-11 09:24:53 +01:00
Pedro Igor	4b2d5ed472	Minor fixes, test coverage, and allow deleting local users Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-07 10:42:45 -03:00
Christian Janker	87db882a89	Do not remove users in LDAP when queries return an empty result closes #34764 Signed-off-by: Christian Janker <christian.janker@gmx.at>	2025-02-07 10:42:45 -03:00
Stefan Guilhen	0fc0dcd119	Ensure IDPs returned from infinispan provider are ordered by alias Closes #33243 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-02-07 08:53:09 -03:00
Pedro Igor	bf355f83d3	Review how all resource type permissions are evaluated Closes #37081 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-06 08:43:29 -03:00
Steven Hawkins	f52cc73548	fix: narrow fix for creating single file import without a system prop (#36457 ) closes: #34270 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-02-05 14:13:53 +00:00
Pedro Igor	1cb7a4736c	Slow query when checking if a realm has brokers and brokering is enabled Closes #37062 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-02-05 13:49:32 +00:00
Pedro Igor	602df06191	Allows querying credential from user storage providers Closes #35020 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-05 07:56:05 -03:00
Alexander Schwartz	7bcc2c4b28	Remove redundant information from cache entries Closes #37034 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-04 18:47:53 -03:00
Olivier Boudet	e507eb6175	fix: wrong briefRepresentation behavior on Organization Signed-off-by: Olivier Boudet <o.boudet@gmail.com>	2025-02-04 08:52:35 -03:00
Alexander Schwartz	41e0e3751c	Changes picking up pruivo's suggestions Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-03 18:12:41 -03:00
Alexander Schwartz	1cf51a700c	Also cache client roles if looked up by name and not found Closes #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-03 18:12:41 -03:00
Alexander Schwartz	d9fe2dcc48	Cache empty results for role-by-name lookup Closes #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-03 18:12:41 -03:00
Pedro Ruivo	beb20dc425	Add default configuration for cache 'crl' Fixes #36752 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Signed-off-by: Pedro Ruivo <pruivo@users.noreply.github.com> Co-authored-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2025-02-03 09:53:31 +01:00
vramik	b82aecd89f	Remove resources from permissions when updating the associated resources Closes #36837 Signed-off-by: vramik <vramik@redhat.com>	2025-01-29 07:10:36 -03:00
Steven Hawkins	827e82ad25	fix: adding a check and documenting import naming conventions (#36340 ) closes: #36284 #34793 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-01-28 18:44:47 +01:00
Arthenice	c20f7e50c7	docs: update JavaDoc for ImportSynchronization The JavaDoc for ImportSynchronization was wrongfully referencing the UserStorageProvider instead of the UserStorageProviderFactory. Closes #36834 Signed-off-by: arthenice <wistful.arthenice@gmail.com>	2025-01-28 12:13:19 +01:00
Johannes Knutsen	c889c6a79b	Update realm: Remove browser security header attributes from the list of attributes to remove if missing (#32922 ) Closes #32921 Signed-off-by: Johannes Knutsen <johannes@knutsen.me> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2025-01-23 10:37:56 +01:00
rmartinc	6cf92d9dc7	Add crl cache to certificate validation Closes #26473 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-01-22 14:58:35 +01:00
Paul Schwabauer	7d8505a2dc	Remove usage of deprecated `thread_dumps_threshold` configuration (#36620 ) Closes #36633 Signed-off-by: Paul Schwabauer <pschwabauer@intevation.de>	2025-01-21 15:16:23 +01:00
Stian Thorgersen	fc2b9018f1	Extend REST API for login and admin events to support sync scenarios (#36601 ) Closes #36600 Signed-off-by: stianst <stianst@gmail.com>	2025-01-20 14:32:55 +01:00
Pedro Igor	aca84824c0	Allow enforce that users are members of organizations when authenticating Closes #34275 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-17 19:48:55 +01:00
vramik	8b5ebe98d8	[FGAP] Design AdminPermissionEvaluator implementation for FGAP v2 Closes #34921 Signed-off-by: vramik <vramik@redhat.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-15 16:05:14 -03:00
Ryan Emerson	4e3e73195a	Add protostream compatibility check against release/26.1 Closes #36490	2025-01-15 15:21:34 +01:00
Stian Thorgersen	c1c147cb17	Restrict access to environment variables when at the server runtime (#36472 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-15 09:36:19 +01:00
Alexander Schwartz	69d36fcd65	Connect to primary PostgreSQL instance by default (#36330 ) Closes #24493 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-01-14 10:24:52 +01:00
Alexander Schwartz	34df1edf53	Avoid too many retries when writing persistent sessions fails Closes #35047 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-01-13 15:15:06 -03:00
Alexander Schwartz	40f39f3f09	Avoid looking up the client if it is known during the commit phase Closes #36332 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-01-13 12:28:23 -03:00
Miguel C	ffa85cdd59	Add primary key to avoid issues in some mysql 8 server but still keep compatibility with others Closes #35827 Signed-off-by: mike-pt <mike-pt@users.noreply.github.com>	2025-01-07 22:26:28 +01:00
Alexander Schwartz	c651323b7d	Trace validation of users to see contribution of external timing (#36060 ) Closes #36059 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-01-07 12:35:48 +01:00
Pedro Igor	761e9fb729	Make sure brokers are managed within the scope of the realm model object Closes #34356 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-02 20:55:53 +01:00
Rungsikorn Rungsikavanich	41696b964b	Add client ID length validation (#35725 ) Closes #35723 Signed-off-by: Rungsikorn Rungsikavarnich <rungsikorn@me.com>	2024-12-19 11:19:59 +01:00
rmartinc	bac5ec8858	Better caching for federated users Closes #35637 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-12-12 09:22:58 -03:00
Pedro Igor	ad679b8729	Exact searches should be the default when querying user by attributes Closes #35822 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-12-12 12:46:51 +01:00
Sven-Torben Janus	7531f97e54	Fix potential NPE in migration script for KC 26 (#35794 ) Closes #35793 Signed-off-by: Sven-Torben Janus <sven-torben.janus@conciso.de>	2024-12-11 11:36:00 +01:00
Alexander Schwartz	cde8f25cc2	Group persistent session work activities in parent span or link them Closes #35430 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-12-10 13:55:35 +01:00
vramik	044807f162	[FGAP] Create new internal client which would hold the authorization objects for feature V2 Closes #34565 Signed-off-by: vramik <vramik@redhat.com>	2024-12-05 11:56:13 -03:00
Pedro Ruivo	86c475b9fc	Invoking BaseUpdater.markDeleted() more than once cause the transient status to be lost Fixes #35570 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-12-03 18:06:07 +01:00
Pedro Igor	7a35d4970d	Do not run changeset if comlumn already exists Closes #35290 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-12-03 09:32:14 +01:00
Pedro Igor	a4d70ad6d2	Avoid creating ObjectMapper but using JsonSerialization utility class when managing event details Closes #35457 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-12-02 13:54:14 +01:00
Pedro Igor	e5f1c9a6de	Make sure event details are not stored if they are null Closes #35288 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-12-02 12:49:43 +01:00
Stefan Guilhen	88cfe426d8	Fix migration for MySQL database - MariaDB and MySQL now use the same statement - prevents a possible illegal mix of collations Closes #34995 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-12-02 08:37:57 -03:00
Stefan Guilhen	9861acc2aa	UserSessionProvider.removeUserSessions now removes all user sessions (both regular and offline) Closes #31359 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-11-29 12:35:15 -03:00
kanwhoa	85c582bb73	Aligned call flags for addDefaultRequiredActions Closes #34769 Signed-off-by: kanwhoa <kano@kano.org.uk>	2024-11-29 10:14:01 +01:00
Miguel C	195ace8cb8	Use regular CREATE TABLE instead of CREATE TEMPORARY Some hosted/managed environments like google CloudSQL, might not support this type of statement (i.e. when using replication and GTID) Since we are dropping the table anyway it seems a regular CREATE statement should work fine here. Signed-off-by: mike-pt <mike-pt@users.noreply.github.com>	2024-11-28 10:17:04 -03:00
Pedro Ruivo	a65fd34bbf	Make PermissionTicket events marshallable Fixes #35328 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-11-28 10:14:54 +01:00
Thomas Darimont	f61937f3d9	Prefer usage of `StandardCharsets.UTF_8` over `"UTF-8"` charset reference Fixes #35080 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-11-25 10:45:37 +00:00
rmartinc	9c348562b5	Drop old table USERNAME_LOGIN_FAILURE used before by UserSessionProvider Closes #34380 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-11-19 17:13:16 +01:00
vramik	440e81c8b9	Add a realm-level setting to enable FGAP to a realm Closes #34920 Signed-off-by: vramik <vramik@redhat.com>	2024-11-19 09:59:34 -03:00
Giuseppe Graziano	05adf19848	Authentication session with changelog transaction Closes #23881 Closes #32658 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-11-15 14:10:15 +01:00

1 2 3 4 5 ...

2557 Commits