UNIX.dog
/
keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
21,676 Commits 1 Branch 0 Tags 434 MiB
Commit Graph

416 Commits

Author SHA1 Message Date
Hynek Mlnarik 6014070431 Fix memory leak in LDAP 
The caching in LDAP stores and reuses the session at the time of creating
`LDAPIdentityStore`. On top of that, there is not much cached, since apart
from the session which must not be part of long-lived cache, only config
is cached in the objects which is anyway always recomputed.

The cache for the LDAP still retains the LDAPConfig to keep
the `logLDAPConfig` call upon config change.

Closes: #19396
 2023-04-06 11:09:00 +02:00
Hynek Mlnarik 0d5363d0d5 Throw an exception rather than returning response 
Closes: #17644
 2023-04-03 14:43:50 +02:00
rmartinc 89dfeeec38 The getAttributes method in UserAttributeLDAPStorageMapper does not work for email or other UserModel properties 
Closes https://github.com/keycloak/keycloak/issues/10412
 2023-03-30 21:45:07 +02:00
Hiroyuki Wada 46eb2e1b84 Fix attribute deleted from LDAP is not immediately reflected even if it is "Always Read Value From LDAP" 2023-03-21 10:28:41 +01:00
Jon Koops 972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
Alexander Schwartz 1e4401f521 Avoid returning the same entity multiple times from separate searches 
Closes #15604
 2023-03-02 08:21:38 +01:00
rmartinc 5cdf4d5791 Read-Only attributes should be modified if creation is delayed for LDAP 
Closes https://github.com/keycloak/keycloak/issues/16848
 2023-03-01 11:26:57 +01:00
Alexander Schwartz d4604984d0
Compatibility with Maven4 and parallel builds (#16312) 
Closes #16308
 2023-02-14 11:44:53 +01:00
mposolda a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS 
closes #14966
 2023-01-25 18:38:46 +01:00
Hynek Mlnařík 60ce949304 Ignore unknown clients in LDAP role mapper 
Fixes: #10958
 2022-12-01 09:51:05 +01:00
rmartinc b7188c3891
Unknown bind DN using LDAP anonymous bind aka bind type none (#15546) 
Closes #15497
 2022-11-23 10:23:46 +01:00
Hynek Mlnařík fe6853c691
Update JavaDoc generation to be JDK11 compatible (#15569) 
Fixes: #15566
 2022-11-21 08:44:17 +01:00
Pedro Igor 6f7c62fc73 Remove unnecessary endpoints from our JAX-RS entensions 
Closes #15525
 2022-11-16 16:25:33 +01:00
Tomohiro Nagai a4f6134ba3 Support kerberos IllegalArgumentException 
closes #10672
 2022-11-16 08:19:32 +01:00
Tomohiro Nagai ba369a2c2b Support for communication timeout with kerberos server 
Closes #10668
 2022-11-16 08:17:35 +01:00
Marek Posolda f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299) 
closes #14965
 2022-11-03 16:35:57 +01:00
Michal Hajas 883e83e625 Remove deprecated methods from data providers and models 
Closes #14720
 2022-10-25 09:01:33 +02:00
Mark Andreev 581def56d6
Fix null username in ldap (#8717) 
Closes #14667
 2022-09-30 09:34:02 +02:00
rmartinc cc9326fcad
Delay LDAPObject creation until mandatory attributes are set (#14341) 
Closes #14286
 2022-09-16 20:35:50 +02:00
Christoph Leistert cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Pedro Igor 5b48d72730 Upgrade Resteasy v4 
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2022-07-11 12:17:51 -03:00
Clara Fang 4643fd09e3 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() 
This should reduce GC pressure.

Closes #12644
 2022-06-29 08:53:09 +02:00
Alexander Schwartz 6376db0f9c code cleanup 2022-06-21 08:53:06 +02:00
Alexander Schwartz cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz 84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Alexander Schwartz d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz 08bbb1fb92 Move LDAP REST Endpoints to LDAP package 
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
 2022-06-21 08:53:06 +02:00
Alexander Schwartz 1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Hynek Mlnarik e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager(): 
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
 2022-06-21 08:53:06 +02:00
Alexander Schwartz bc8fd21dc6 SingleUserCredentialManager moving in 
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
 2022-06-21 08:53:06 +02:00
Hynek Mlnarik 703e868a51 Preparation for moving User Storage SPI 
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
 2022-06-21 08:53:06 +02:00
Hynek Mlnarik 247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Nick Farley 91e88f554e Replaces instances of `himself` with more inclusive language 
Closes #12300
 2022-06-03 12:25:14 -03:00
Réda Housni Alaoui 5d87cdf1c6
KEYCLOAK-6455 Ability to require email to be verified before changing (#7943) 
Closes #11875
 2022-05-09 18:52:22 +02:00
Sven-Torben Janus 0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups 
Closes: 11771

see also KEYCLOAK-18308
 2022-05-02 14:13:37 +02:00
R0Wi cb4a513e24 Fail authenticate if credentialInput is not of type UserCredentialModel 
Code fix inside LDAPStorageProvider.java:
return failed result if credential input object is not of expected type

Closes #11191
 2022-04-12 14:38:17 +02:00
Alexander Schwartz fb92b95c33 Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible. 
This reverts commit bc27c7c464.

Closes #10840
 2022-03-22 10:23:25 +01:00
keycloak-bot c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Clara Fang bc27c7c464 Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount() 
Closes #10333
 2022-03-18 11:20:52 +01:00
keycloak-bot d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
pravsjv a6acc89bf3
Update LDAPOperationManager.java (#9561) 
Update LDAPOperationManager.java
Closes #9560
 2022-01-20 17:33:56 +01:00
keycloak-bot 9f3d4a7d42 Set version to 17.0.0-SNAPSHOT 2021-12-20 10:50:39 +01:00
Marcelo Sales afeaa6f593 KEYCLOAK-19391: Fix ldap query search adding custom serach filter 2021-12-15 08:54:52 +01:00
Marcelo Sales e69c3dcb1f KEYCLOAK-19391: Fix ldap query search adding custom serach filter 2021-12-15 08:54:52 +01:00
Daniel Fesenmeyer 339224578e KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role) 
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
 2021-09-22 13:56:29 +02:00
Marek Posolda 11e5f66c60
KEYCLOAK-19056 EDIT MODE field should not be leave empty (#8380) 2021-09-14 20:27:09 +02:00
bohmber 0c64d32b9b KEYCLOAK-19183 
LDAPDn should use a static Pattern instead calling String.split with a regex
 2021-09-06 09:17:26 +02:00
bohmber ba946b54f7 KEYCLOAK-19021 
LDAPOperationManager.getFilterById is causing additional call to AD
 2021-08-19 09:25:33 +02:00
Thomas Darimont f9b4e47851 KEYCLOAK-19036 Avoid infinite loop during LDAP sync with OpenLDAP and olcSizeLimit 
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2021-08-18 17:42:13 +02:00
mposolda 418d1e3471 KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper 2021-08-18 17:39:19 +02:00