Add server-side filtering of users by creation timestamp on the admin
REST API. This avoids the need to retrieve all users and filter
client-side, which is inefficient for large realms.
Two optional query parameters are added to both the user list and count
endpoints. They accept either ISO-8601 date strings (yyyy-MM-dd) or
epoch milliseconds, consistent with the existing events API date
filtering via DateUtil.
Closes#43829
Signed-off-by: RafaelWO <weingartner.rafael@hotmail.com>
closes: #47139
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Closes#47366
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Closes#46861
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Include the original validation message from ReservedCharValidator
in the error response to help users understand exactly why their
organization name cannot be used as an alias.
Closes#45718
Signed-off-by: erenkan <eren@keymate.io>
Closes#46164
Signed-off-by: Peter Skopek <peter.skopek@ibm.com>
Update model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/remote/updater/loginfailures/LoginFailuresUpdater.java
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Signed-off-by: Peter Skopek <peter.skopek@ibm.com>
Add recovery codes to the list of brute force checked authenticators.
Closes#46164
Signed-off-by: Peter Skopek <peter.skopek@ibm.com>
This commit addresses a NullPointerException that occurs when logging in with a mixed-case email domain in a Keycloak Organization. The root cause was a mismatch between how the JPA layer (case-insensitive) and the Infinispan cache layer (case-sensitive) handled domain name casing.
Key changes:
- Normalized the domain name to lowercase when generating Infinispan cache keys in InfinispanOrganizationProvider.
- Added defensive null checks when resolving organizations from the cache to prevent NullPointerException from stale cache entries.
- Added a new integration test testStaleCacheEntryDoesNotThrowNPE in OrganizationCacheTest to verify the fix.
- Fixed a flaky test (incorporated @martin-kanis commit)
Signed-off-by: asafm <asafm1989@gmail.com>
Closes#46671
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Closes#46557
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Closes#46605
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Closes#46471
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Closes#46421
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Fixes#46290
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
* fix: adding admin role invalidation when a new realm is found
closes: #45966
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* adding a comment and a permission tweak for imported realms
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* checking getShouldUseLightweightToken
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Closes#46140
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Closes#46138
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Closes#46100
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Closes#46090
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
