KeyCloak/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-26 13:50:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
30,289 Commits 34 Branches 307 Tags
copilot/refactor-java-keystore-provider
Commit Graph

564 Commits

Author SHA1 Message Date
Tero Saarni 128384ca15 Implement forced password change for LDAP federated user (password policy control) (#15253) 
* Add limited support for LDAP password policy control

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2026-02-20 09:15:51 -03:00
Pedro Ruivo 7e00961ee1 Cache evaluation of client roles with dots for role mapper 
Closes #43726

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-02-17 12:45:37 +01:00
Stefan Guilhen dd0edc24c2 Decode objectGUID when it is imported as a group attribute 
Closes #45917

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-02-11 11:13:39 -03:00
Ricardo Martin 047230a052 Remove XMLUtils.java from the SSSD federation provider 
Closes #45962

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-03 12:40:14 +00:00
Ricardo Martin 1aa1621eaa Use MIME decoder instead of the default one to replace deprecated Base64 class 
Closes #45226

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-09 16:38:09 +01:00
Pedro Igor 6a437521a9 Only allow LDAP URL references when following referrals (#44993) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2025-12-18 14:27:10 +01:00
Pedro Igor 3ec0dd24fe Avoid multiple calls to LDAP when querying group memberships 
Closes #44558

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-01 14:01:58 +01:00
schnillerman 4e87b1f5a0 Fix grammar in LDAP federation group mapper 
Closes #44341

Signed-off-by: schnillerman <till.reymann@gmail.com>
 2025-11-19 23:11:24 +00:00
Stian Thorgersen a2c1055f8d Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
Pedro Igor ded372a57f Adding utility class for working with throwables and updating the cause check to limit the number of iterations on the stacktrace 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-11 08:48:26 -03:00
Martin Kanis c28cde359c Local user can't login when ldap error 
Closes #43639

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-11 08:48:26 -03:00
Stian Thorgersen d8275fe5df Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Tomáš Kyjovský 4c64b7189c Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
Pedro Igor 6527b139dc Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:33 +02:00
stianst aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
Pedro Igor 54289f0130 Lowercase username and email when fetching values from LDAP object 
Closes #43254

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 14:14:50 +00:00
Stian Thorgersen dbd516f8e6 Refactor SimpleHttp to make it injectable and usable outside server (#42936) 
Closes #42902

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-29 08:37:05 +02:00
Pedro Igor 41b64c91aa Do not update email if there is no email from the IdP 
Closes #42390

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:05:05 -03:00
Pedro Igor d65c17ebc7 Do not fail when querying user federation providers and log messages to indicate the problem 
Closes #42276

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Pedro Igor 8f0d528126 Make sure inner transactions are using their own session 
Closes #41942

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-03 17:38:19 +02:00
Steven Hawkins b6f039a4cc fix: adding a default for ldap connection timeout (#41726) 
closes: #39299

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-19 16:43:42 +00:00
sguilhen b7d3c8eb8b Forward isMemberOf call to the next delegate if the group is not managed by the mapper instance 
Closes #40680

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-15 15:49:08 -03:00
Pedro Igor 3136ec25e6 memberOf attribute empty or values with a DN that does not match the role base DN fetches all roles 
Closes #41842

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-14 11:15:52 +02:00
Peter Skopek 651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Stefan Guilhen 5b4973f0e8 Change e-mail verification to perform a find by UUID on LDAP only when the local and imported users are different 
Closes #41532

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-07 15:28:01 -03:00
Martin Kanis 235691b6cb LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and KERBEROS_PRINCIPAL was null on creation 
Closes #41520

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-31 17:28:28 +02:00
Martin Kylian d97d27f827 Kerberos Server fields now trims whitespace 
Closes #41335

Signed-off-by: Martin Kylián <kylianm@plzen.eu>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kylián <kylianm@plzen.eu>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-28 08:07:52 +00:00
Pedro Igor d5206b61f6 Update email feature only enabled if the required action is enabled at the realm 
Closes #41045

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-14 16:31:15 -03:00
Sylvere Richard 173471a1c9 Fix #40995 avoid ModelException: At least one condition should be provided to OR query 
Closes #40995
Signed-off-by: Sylvere Richard <sylvere.richard@gmail.com>
 2025-07-10 15:34:02 -03:00
Martin Kanis 5a42390341 Make UPDATE_EMAIL a supported feature 
Closes #40227

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-09 10:15:48 -03:00
Pedro Igor 0188d276d8 Invalidate user cache entries when email or username are different from storage 
Closes #40085

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-06-17 20:44:01 +00:00
Pedro Igor 9412e339a8 Password modification time attribute as an operational and read-only attribute 
Closes #40270

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-06-10 16:28:55 +02:00
vramik 6bf5727b7b LDAP group mapper skips configured filter and imports all groups with memberOf strategy when fetching the user's groups 
Closes #37537

Signed-off-by: vramik <vramik@redhat.com>
 2025-05-22 09:57:31 -03:00
vramik f45b8e0c6d Move FGAP classes to specific package 
Signed-off-by: vramik <vramik@redhat.com>
 2025-05-22 09:53:16 -03:00
Pedro Igor 953ba04018 Skip updating account controls if no control is set when enabling/disabling users 
Closes #37720

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-09 09:11:21 +02:00
Pedro Igor 9ad0e1abfa Check if LDAP entry is still valid before validating duplicate emails 
Closes #39345

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-06 21:54:30 +02:00
Pedro Igor 68fc5aa44b Make sure LDAP connections are released when closing sessions 
Closes #38660

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-28 20:13:30 +02:00
Stefan Guilhen 9976f9380c Fix NPE in LDAPUtils.loadAllLDAPObjects when batch size is set to value <= 0 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #39022
 2025-04-16 12:32:57 -03:00
Pedro Igor ab41366757 Allow setting locale when edit mode is READ_ONLY 
Closes #38981

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-16 08:55:30 +02:00
Stefan Guilhen 86b2a6a95c Fix docs to also mention roles 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #28569

Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com>
 2025-03-10 16:13:36 -03:00
Stefan Guilhen a0a314aece Append comma to the relative DN only if it is missing 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-03-10 16:13:36 -03:00
Jakob Overrein aec62803c7 Allow users, roles, and groups, to be created in a specified DN relative to the parent DN 
The new field introduced will prefix the parent DN as a relative path and allow created items to be placed in a subtree instead of the parent DN.

Closes #28569

Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com>
 2025-03-10 16:13:36 -03:00
Ricardo Martin 6751c8cb35 Include JNA dependency for the SSSD in the keycloak server (#37905) 
Closes #37898

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-03-07 11:56:33 -05:00
Stefan Guilhen 5babc6c1a3 Ensure the group being joined is not an organization group in GroupLDAPStorageMapper 
Closes #37393

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-02-17 14:41:53 -03:00
Pedro Igor 4b2d5ed472 Minor fixes, test coverage, and allow deleting local users 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-02-07 10:42:45 -03:00
Pedro Igor 602df06191 Allows querying credential from user storage providers 
Closes #35020

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-02-05 07:56:05 -03:00
Stefan Guilhen b2e8942dd1 Ensure LDAPStorageMapper.getGroupMembers is taking the fetch strategy in consideration when retrieving the members 
- fixes issue when MEMBER-OF strategy is selected but ignored when listing members

Closes #33477

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-01-31 09:54:40 -03:00
Justin Stephenson d22179e6fa ipatuura README updates (#36660) 
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
 2025-01-23 08:13:16 +01:00
Pedro Igor db986c496e Allow tracing packets sent to and from LDAP for troubleshooting purposes 
Closes #36087

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-07 12:42:23 +01:00
Alexander Schwartz 180be7b182 Avoid NPE when checking exceptions for password based Kerberos login 
Closes #36061

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-06 17:17:53 +01:00