External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,208 Commits 26 Branches 288 Tags
Commit Graph

546 Commits

Author SHA1 Message Date
Pedro Igor
d65c17ebc7 Do not fail when querying user federation providers and log messages to indicate the problem 
Closes #42276

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Pedro Igor
8f0d528126
Make sure inner transactions are using their own session 
Closes #41942

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-03 17:38:19 +02:00
Steven Hawkins
b6f039a4cc
fix: adding a default for ldap connection timeout (#41726) 
closes: #39299

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-19 16:43:42 +00:00
sguilhen
b7d3c8eb8b Forward isMemberOf call to the next delegate if the group is not managed by the mapper instance 
Closes #40680

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-15 15:49:08 -03:00
Pedro Igor
3136ec25e6
memberOf attribute empty or values with a DN that does not match the role base DN fetches all roles 
Closes #41842

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-14 11:15:52 +02:00
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Stefan Guilhen
5b4973f0e8 Change e-mail verification to perform a find by UUID on LDAP only when the local and imported users are different 
Closes #41532

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-07 15:28:01 -03:00
Martin Kanis
235691b6cb
LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and KERBEROS_PRINCIPAL was null on creation 
Closes #41520

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-31 17:28:28 +02:00
Martin Kylian
d97d27f827
Kerberos Server fields now trims whitespace 
Closes #41335

Signed-off-by: Martin Kylián <kylianm@plzen.eu>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kylián <kylianm@plzen.eu>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-28 08:07:52 +00:00
Pedro Igor
d5206b61f6 Update email feature only enabled if the required action is enabled at the realm 
Closes #41045

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-14 16:31:15 -03:00
Sylvere Richard
173471a1c9 Fix #40995 avoid ModelException: At least one condition should be provided to OR query 
Closes #40995
Signed-off-by: Sylvere Richard <sylvere.richard@gmail.com>
 2025-07-10 15:34:02 -03:00
Martin Kanis
5a42390341 Make UPDATE_EMAIL a supported feature 
Closes #40227

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-09 10:15:48 -03:00
Pedro Igor
0188d276d8
Invalidate user cache entries when email or username are different from storage 
Closes #40085

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-06-17 20:44:01 +00:00
Pedro Igor
9412e339a8
Password modification time attribute as an operational and read-only attribute 
Closes #40270

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-06-10 16:28:55 +02:00
vramik
6bf5727b7b LDAP group mapper skips configured filter and imports all groups with memberOf strategy when fetching the user's groups 
Closes #37537

Signed-off-by: vramik <vramik@redhat.com>
 2025-05-22 09:57:31 -03:00
vramik
f45b8e0c6d Move FGAP classes to specific package 
Signed-off-by: vramik <vramik@redhat.com>
 2025-05-22 09:53:16 -03:00
Pedro Igor
953ba04018
Skip updating account controls if no control is set when enabling/disabling users 
Closes #37720

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-09 09:11:21 +02:00
Pedro Igor
9ad0e1abfa
Check if LDAP entry is still valid before validating duplicate emails 
Closes #39345

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-06 21:54:30 +02:00
Pedro Igor
68fc5aa44b
Make sure LDAP connections are released when closing sessions 
Closes #38660

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-28 20:13:30 +02:00
Stefan Guilhen
9976f9380c Fix NPE in LDAPUtils.loadAllLDAPObjects when batch size is set to value <= 0 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #39022
 2025-04-16 12:32:57 -03:00
Pedro Igor
ab41366757
Allow setting locale when edit mode is READ_ONLY 
Closes #38981

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-16 08:55:30 +02:00
Stefan Guilhen
86b2a6a95c Fix docs to also mention roles 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #28569

Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com>
 2025-03-10 16:13:36 -03:00
Stefan Guilhen
a0a314aece Append comma to the relative DN only if it is missing 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-03-10 16:13:36 -03:00
Jakob Overrein
aec62803c7 Allow users, roles, and groups, to be created in a specified DN relative to the parent DN 
The new field introduced will prefix the parent DN as a relative path and allow created items to be placed in a subtree instead of the parent DN.

Closes #28569

Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com>
 2025-03-10 16:13:36 -03:00
Ricardo Martin
6751c8cb35
Include JNA dependency for the SSSD in the keycloak server (#37905) 
Closes #37898

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-03-07 11:56:33 -05:00
Stefan Guilhen
5babc6c1a3 Ensure the group being joined is not an organization group in GroupLDAPStorageMapper 
Closes #37393

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-02-17 14:41:53 -03:00
Pedro Igor
4b2d5ed472 Minor fixes, test coverage, and allow deleting local users 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-02-07 10:42:45 -03:00
Pedro Igor
602df06191 Allows querying credential from user storage providers 
Closes #35020

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-02-05 07:56:05 -03:00
Stefan Guilhen
b2e8942dd1 Ensure LDAPStorageMapper.getGroupMembers is taking the fetch strategy in consideration when retrieving the members 
- fixes issue when MEMBER-OF strategy is selected but ignored when listing members

Closes #33477

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-01-31 09:54:40 -03:00
Justin Stephenson
d22179e6fa
ipatuura README updates (#36660) 
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
 2025-01-23 08:13:16 +01:00
Pedro Igor
db986c496e Allow tracing packets sent to and from LDAP for troubleshooting purposes 
Closes #36087

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-07 12:42:23 +01:00
Alexander Schwartz
180be7b182 Avoid NPE when checking exceptions for password based Kerberos login 
Closes #36061

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-06 17:17:53 +01:00
Alexander Schwartz
4ef178242f Enable LDAP connection pool by default when using the Admin UI 
Closes #35852

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-12-19 10:24:47 -03:00
Alexander Schwartz
af54d6469d Remove unused LDAP properties 
Closes #35854

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-12-18 10:39:06 -03:00
Pedro Igor
45a6b5c657 Setting protocol when initializing the LDAP provider 
Closes #35758

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-12-11 10:21:11 +01:00
Stefan Guilhen
24fab37519 Add README.md for the IPA-Tuura user federation 
#Closes 35563

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-12-03 17:08:27 -03:00
Stefan Guilhen
590944b111 Use proper field type for the IPA-Tuura federation provider password 
#Closes 35529

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-12-03 05:27:27 -03:00
Stefan Guilhen
3c33a7180e
Add initial IPA-Tuura federation (#35467) 
* Add initial federation ipatuura plugin

Closes #35325

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-12-02 14:59:21 -03:00
Pedro Igor
4668abc802 Better message when failing to update passwords due to invalid constraint/policy violation 
Closes #35421

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-28 18:28:26 +01:00
Martin Bartoš
594218382d
OTEL: Instrument parts of Keycloak with OTEL spans 
Closes #32114

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-28 12:08:50 +00:00
Thomas Darimont
f61937f3d9
Prefer usage of StandardCharsets.UTF_8 over "UTF-8" charset reference 
Fixes #35080

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-25 10:45:37 +00:00
Ricardo Martin
ca1c10f7ba
Use short UUID for ldap components (#34815) 
Closes #32143

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-15 15:15:04 +01:00
Pedro Igor
dfe2f2bb54 Allow updating the username when registration as email is enabled during LDAP updates 
Closes #34560

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-15 09:51:44 +01:00
Pedro Igor
f5dcf770dc Improving the error message when failing to query an LDAP provider 
Closes #34760

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-11 10:34:53 +01:00
Pedro Igor
d3c5082244 Better message when updating users when import is disabled 
Closes #31456

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-07 21:21:56 +01:00
Stefan Guilhen
af434d6bc1 Add checks to prevent GroupLDAPStorageMapper from performing operations on groups it does not manage 
Closes #11008
Closes #17593
Closes #19652

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-11-01 15:49:55 -03:00
Pedro Igor
4ad462fbd3 Do not rely on the pwdLastSet attribute when updating AD entries 
Closes #34467

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-30 17:43:07 +01:00
Stefan Guilhen
d66030fcad Check if LDAPObject is available from a previously cached proxied user 
Closes #34412

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-10-28 19:19:16 -03:00
Alexi Vandevoorde
0d07342649
Implement pagination for getLDAPRoleMappings (#34043) 
* Implement pagination for getLDAPRoleMappings

On Active Directory, allow to retrieve more groups than the MaxPageSize
(default to 1000). Without this patch, we need to increase the
MaxPageSize which does not really scale. Implemented only for the
LoadRolesByMember startegy.

Closes #34042

Signed-off-by: Alexi Vandevoorde <alexi@vandevoor.de>
 2024-10-28 16:40:20 -03:00
Stefan Guilhen
4690e00d91 Ensure searched LDAPObject is properly cached before other methods that trigger user validation run 
Closes #34050

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-10-28 15:39:16 -03:00