keycloak-aplcache
Changes
adapters/oidc/as7-eap6/as7-adapter-spi/src/main/java/org/keycloak/adapters/jbossweb/JBossWebPrincipalFactory.java 2(+1 -1)
adapters/oidc/jetty/jetty9.1/src/main/java/org/keycloak/adapters/jetty/Jetty91RequestAuthenticator.java 2(+1 -1)
adapters/oidc/jetty/jetty9.2/src/main/java/org/keycloak/adapters/jetty/Jetty92RequestAuthenticator.java 2(+1 -1)
adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/Tomcat8RequestAuthenticator.java 2(+1 -1)
adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java 2(+1 -1)
adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/SecurityInfoHelper.java 2(+1 -1)
adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java 2(+1 -1)
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/IdentityProviderAddHandler.java 9(+8 -1)
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeyAddHandler.java 9(+8 -1)
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java 5(+5 -0)
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java 20(+15 -5)
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/SecureDeploymentAddHandler.java 4(+4 -0)
adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderAddHandler.java 9(+8 -1)
adapters/saml/jetty/jetty9.1/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java 2(+1 -1)
adapters/saml/jetty/jetty9.2/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java 2(+1 -1)
adapters/saml/tomcat/tomcat8/src/main/java/org/keycloak/adapters/saml/tomcat/Tomcat8SamlSessionStore.java 2(+1 -1)
adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java 2(+1 -1)
adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/SecurityInfoHelper.java 2(+1 -1)
adapters/spi/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java 2(+1 -1)
adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java 2(+1 -1)
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/msad/UserAccountControl.java 44(+22 -22)
model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/LiquibaseJpaUpdaterProvider.java 7(+6 -1)
pom.xml 37(+1 -36)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java 2(+1 -1)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java 4(+2 -2)
testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json 25(+11 -14)
testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/CreateClientForm.java 145(+0 -145)
testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/settings/ClientSettingsForm.java 149(+146 -3)
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/AbstractClientTest.java 40(+27 -13)
Details
diff --git a/adapters/oidc/as7-eap6/as7-adapter-spi/src/main/java/org/keycloak/adapters/jbossweb/JBossWebPrincipalFactory.java b/adapters/oidc/as7-eap6/as7-adapter-spi/src/main/java/org/keycloak/adapters/jbossweb/JBossWebPrincipalFactory.java
index 9536970..f9e804d 100755
--- a/adapters/oidc/as7-eap6/as7-adapter-spi/src/main/java/org/keycloak/adapters/jbossweb/JBossWebPrincipalFactory.java
+++ b/adapters/oidc/as7-eap6/as7-adapter-spi/src/main/java/org/keycloak/adapters/jbossweb/JBossWebPrincipalFactory.java
@@ -125,7 +125,7 @@ public class JBossWebPrincipalFactory extends GenericPrincipalFactory {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
- if ((next instanceof Group) == false)
+ if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {
diff --git a/adapters/oidc/jetty/jetty9.1/src/main/java/org/keycloak/adapters/jetty/Jetty91RequestAuthenticator.java b/adapters/oidc/jetty/jetty9.1/src/main/java/org/keycloak/adapters/jetty/Jetty91RequestAuthenticator.java
index cc3395f..ca00f0d 100755
--- a/adapters/oidc/jetty/jetty9.1/src/main/java/org/keycloak/adapters/jetty/Jetty91RequestAuthenticator.java
+++ b/adapters/oidc/jetty/jetty9.1/src/main/java/org/keycloak/adapters/jetty/Jetty91RequestAuthenticator.java
@@ -24,7 +24,7 @@ public class Jetty91RequestAuthenticator extends JettyRequestAuthenticator {
if (session == null) {
return request.getSession(true).getId();
}
- if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
+ if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}
diff --git a/adapters/oidc/jetty/jetty9.2/src/main/java/org/keycloak/adapters/jetty/Jetty92RequestAuthenticator.java b/adapters/oidc/jetty/jetty9.2/src/main/java/org/keycloak/adapters/jetty/Jetty92RequestAuthenticator.java
index 9c7e127..f1dd6aa 100755
--- a/adapters/oidc/jetty/jetty9.2/src/main/java/org/keycloak/adapters/jetty/Jetty92RequestAuthenticator.java
+++ b/adapters/oidc/jetty/jetty9.2/src/main/java/org/keycloak/adapters/jetty/Jetty92RequestAuthenticator.java
@@ -24,7 +24,7 @@ public class Jetty92RequestAuthenticator extends JettyRequestAuthenticator {
if (session == null) {
return request.getSession(true).getId();
}
- if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
+ if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}
diff --git a/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/Tomcat8RequestAuthenticator.java b/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/Tomcat8RequestAuthenticator.java
index b221129..fa58fcd 100755
--- a/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/Tomcat8RequestAuthenticator.java
+++ b/adapters/oidc/tomcat/tomcat8/src/main/java/org/keycloak/adapters/tomcat/Tomcat8RequestAuthenticator.java
@@ -22,7 +22,7 @@ public class Tomcat8RequestAuthenticator extends CatalinaRequestAuthenticator {
if (session == null) {
return request.getSession(true).getId();
}
- if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
+ if (!deployment.isTurnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}
diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java
index 2c288ac..95618ff 100755
--- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java
+++ b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java
@@ -64,7 +64,7 @@ public class ServletRequestAuthenticator extends AbstractUndertowRequestAuthenti
@Override
protected String changeHttpSessionId(boolean create) {
- if (deployment.isTurnOffChangeSessionIdOnLogin() == false) return ChangeSessionId.changeSessionId(exchange, create);
+ if (!deployment.isTurnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, create);
else return getHttpSessionId(create);
}
diff --git a/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/SecurityInfoHelper.java b/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/SecurityInfoHelper.java
index 33c149b..6fe3c8a 100755
--- a/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/SecurityInfoHelper.java
+++ b/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/SecurityInfoHelper.java
@@ -89,7 +89,7 @@ public class SecurityInfoHelper {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
- if ((next instanceof Group) == false)
+ if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {
diff --git a/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java b/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java
index 80ed882..3f5782f 100755
--- a/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java
+++ b/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java
@@ -108,7 +108,7 @@ public class WildflyRequestAuthenticator extends ServletRequestAuthenticator {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
- if ((next instanceof Group) == false)
+ if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {
diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/IdentityProviderAddHandler.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/IdentityProviderAddHandler.java
index 679658b..1e36ffe 100644
--- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/IdentityProviderAddHandler.java
+++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/IdentityProviderAddHandler.java
@@ -17,6 +17,7 @@
package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractAddStepHandler;
+import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler;
@@ -31,11 +32,17 @@ import java.util.List;
class IdentityProviderAddHandler extends AbstractAddStepHandler {
IdentityProviderAddHandler() {
- super(IdentityProviderDefinition.ALL_ATTRIBUTES);
}
@Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model);
}
+
+ @Override
+ protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
+ for (AttributeDefinition attr : IdentityProviderDefinition.ALL_ATTRIBUTES) {
+ attr.validateAndSet(operation, model);
+ }
+ }
}
diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeyAddHandler.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeyAddHandler.java
index b362d4f..204d30b 100644
--- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeyAddHandler.java
+++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeyAddHandler.java
@@ -17,6 +17,7 @@
package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractAddStepHandler;
+import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler;
@@ -31,11 +32,17 @@ import java.util.List;
class KeyAddHandler extends AbstractAddStepHandler {
KeyAddHandler() {
- super(KeyDefinition.ALL_ATTRIBUTES);
}
@Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model);
}
+
+ @Override
+ protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
+ for (AttributeDefinition attr : KeyDefinition.ALL_ATTRIBUTES) {
+ attr.validateAndSet(operation, model);
+ }
+ }
}
diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java
index eda678f..a66c79f 100755
--- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java
+++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java
@@ -18,6 +18,7 @@ package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler;
import org.jboss.as.server.AbstractDeploymentChainStep;
import org.jboss.as.server.DeploymentProcessorTarget;
@@ -58,4 +59,8 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
private DeploymentUnitProcessor chooseConfigDeploymentProcessor() {
return new KeycloakAdapterConfigDeploymentProcessor();
}
+
+ @Override
+ protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
+ }
}
diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java
index cfffb0e..866fb6c 100755
--- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java
+++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java
@@ -35,6 +35,7 @@ import javax.xml.stream.XMLStreamException;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
+import java.util.Set;
/**
* The subsystem parser, which uses stax to read and write to and from xml
@@ -263,7 +264,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
throw new XMLStreamException("KeyStore element must have 'file' or 'resource' attribute set", reader.getLocation());
}
if (!addKeyStore.hasDefined(Constants.Model.PASSWORD)) {
- throw ParseUtils.missingRequired(reader, Constants.XML.PASSWORD);
+ throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PASSWORD));
}
while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
@@ -292,10 +293,10 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_ALIAS)) {
- throw ParseUtils.missingRequired(reader, Constants.XML.PRIVATE_KEY_ALIAS);
+ throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRIVATE_KEY_ALIAS));
}
if (!addKeyStore.hasDefined(Constants.Model.PRIVATE_KEY_PASSWORD)) {
- throw ParseUtils.missingRequired(reader, Constants.XML.PRIVATE_KEY_PASSWORD);
+ throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRIVATE_KEY_PASSWORD));
}
ParseUtils.requireNoContent(reader);
@@ -314,7 +315,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
if (!addKeyStore.hasDefined(Constants.Model.CERTIFICATE_ALIAS)) {
- throw ParseUtils.missingRequired(reader, Constants.XML.CERTIFICATE_ALIAS);
+ throw ParseUtils.missingRequired(reader, asSet(Constants.XML.CERTIFICATE_ALIAS));
}
ParseUtils.requireNoContent(reader);
@@ -356,7 +357,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
if (!policySet) {
- throw ParseUtils.missingRequired(reader, Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY);
+ throw ParseUtils.missingRequired(reader, asSet(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY));
}
ParseUtils.requireNoContent(reader);
}
@@ -568,4 +569,13 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
writer.writeEndElement();
}
+
+
+ private static Set<String> asSet(String ... values) {
+ HashSet ret = new HashSet();
+ for (String value: values) {
+ ret.add(value);
+ }
+ return ret;
+ }
}
diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/SecureDeploymentAddHandler.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/SecureDeploymentAddHandler.java
index c5325f6..14e6e3f 100644
--- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/SecureDeploymentAddHandler.java
+++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/SecureDeploymentAddHandler.java
@@ -39,4 +39,8 @@ class SecureDeploymentAddHandler extends AbstractAddStepHandler {
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model);
}
+
+ @Override
+ protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
+ }
}
diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderAddHandler.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderAddHandler.java
index 33d6015..f8ee1ae 100644
--- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderAddHandler.java
+++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderAddHandler.java
@@ -17,6 +17,7 @@
package org.keycloak.subsystem.saml.as7;
import org.jboss.as.controller.AbstractAddStepHandler;
+import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ServiceVerificationHandler;
@@ -33,11 +34,17 @@ class ServiceProviderAddHandler extends AbstractAddStepHandler {
static final ServiceProviderAddHandler INSTANCE = new ServiceProviderAddHandler();
ServiceProviderAddHandler() {
- super(ServiceProviderDefinition.ALL_ATTRIBUTES);
}
@Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
Configuration.INSTANCE.updateModel(operation, model);
}
+
+ @Override
+ protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
+ for (AttributeDefinition attr : ServiceProviderDefinition.ALL_ATTRIBUTES) {
+ attr.validateAndSet(operation, model);
+ }
+ }
}
diff --git a/adapters/saml/jetty/jetty9.1/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java b/adapters/saml/jetty/jetty9.1/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java
index 56a26ca..291568e 100755
--- a/adapters/saml/jetty/jetty9.1/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java
+++ b/adapters/saml/jetty/jetty9.1/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java
@@ -21,7 +21,7 @@ public class Jetty9SamlSessionStore extends JettySamlSessionStore {
@Override
protected String changeSessionId(HttpSession session) {
Request request = this.request;
- if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
+ if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}
diff --git a/adapters/saml/jetty/jetty9.2/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java b/adapters/saml/jetty/jetty9.2/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java
index 56a26ca..291568e 100755
--- a/adapters/saml/jetty/jetty9.2/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java
+++ b/adapters/saml/jetty/jetty9.2/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java
@@ -21,7 +21,7 @@ public class Jetty9SamlSessionStore extends JettySamlSessionStore {
@Override
protected String changeSessionId(HttpSession session) {
Request request = this.request;
- if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
+ if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}
diff --git a/adapters/saml/tomcat/tomcat8/src/main/java/org/keycloak/adapters/saml/tomcat/Tomcat8SamlSessionStore.java b/adapters/saml/tomcat/tomcat8/src/main/java/org/keycloak/adapters/saml/tomcat/Tomcat8SamlSessionStore.java
index 4bd9cfa..d7b7450 100755
--- a/adapters/saml/tomcat/tomcat8/src/main/java/org/keycloak/adapters/saml/tomcat/Tomcat8SamlSessionStore.java
+++ b/adapters/saml/tomcat/tomcat8/src/main/java/org/keycloak/adapters/saml/tomcat/Tomcat8SamlSessionStore.java
@@ -22,7 +22,7 @@ public class Tomcat8SamlSessionStore extends CatalinaSamlSessionStore {
@Override
protected String changeSessionId(Session session) {
Request request = this.request;
- if (deployment.turnOffChangeSessionIdOnLogin() == false) return request.changeSessionId();
+ if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
else return session.getId();
}
}
diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java
index 48af4ed..46b677e 100755
--- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java
+++ b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java
@@ -165,7 +165,7 @@ public class ServletSamlSessionStore implements SamlSessionStore {
}
protected String changeSessionId(HttpSession session) {
- if (deployment.turnOffChangeSessionIdOnLogin() == false) return ChangeSessionId.changeSessionId(exchange, false);
+ if (!deployment.turnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, false);
else return session.getId();
}
diff --git a/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/SecurityInfoHelper.java b/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/SecurityInfoHelper.java
index 7170ac6..f6c8f0e 100755
--- a/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/SecurityInfoHelper.java
+++ b/adapters/saml/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/saml/wildfly/SecurityInfoHelper.java
@@ -89,7 +89,7 @@ public class SecurityInfoHelper {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
- if ((next instanceof Group) == false)
+ if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {
diff --git a/adapters/spi/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java b/adapters/spi/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java
index 250517e..9050851 100755
--- a/adapters/spi/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java
+++ b/adapters/spi/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java
@@ -30,7 +30,7 @@ public class KeycloakLoginModule extends AbstractServerLoginModule {
@Override
public boolean login() throws LoginException {
log.debug("KeycloakLoginModule.login()");
- if (super.login() == true) {
+ if (super.login()) {
log.debug("super.login()==true");
return true;
}
diff --git a/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java b/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java
index 201a409..37cdd08 100755
--- a/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java
+++ b/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java
@@ -81,7 +81,7 @@ public abstract class GenericPrincipalFactory {
Iterator<Principal> iter = principals.iterator();
while (iter.hasNext()) {
Object next = iter.next();
- if ((next instanceof Group) == false)
+ if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) {
diff --git a/common/src/main/java/org/keycloak/common/util/StringPropertyReplacer.java b/common/src/main/java/org/keycloak/common/util/StringPropertyReplacer.java
index a01665b..b5b5e9d 100755
--- a/common/src/main/java/org/keycloak/common/util/StringPropertyReplacer.java
+++ b/common/src/main/java/org/keycloak/common/util/StringPropertyReplacer.java
@@ -207,7 +207,7 @@ public final class StringPropertyReplacer
}
// No properties
- if (properties == false)
+ if (!properties)
return string;
// Collect the trailing characters
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/msad/UserAccountControl.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/msad/UserAccountControl.java
index c7f8317..04ed808 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/msad/UserAccountControl.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/msad/UserAccountControl.java
@@ -7,28 +7,28 @@ package org.keycloak.federation.ldap.mappers.msad;
*/
public class UserAccountControl {
- public static final long SCRIPT = 0x0001l;
- public static final long ACCOUNTDISABLE = 0x0002l;
- public static final long HOMEDIR_REQUIRED = 0x0008l;
- public static final long LOCKOUT = 0x0010l;
- public static final long PASSWD_NOTREQD = 0x0020l;
- public static final long PASSWD_CANT_CHANGE = 0x0040l;
- public static final long ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080l;
- public static final long TEMP_DUPLICATE_ACCOUNT = 0x0100l;
- public static final long NORMAL_ACCOUNT = 0x0200l;
- public static final long INTERDOMAIN_TRUST_ACCOUNT = 0x0800l;
- public static final long WORKSTATION_TRUST_ACCOUNT = 0x1000l;
- public static final long SERVER_TRUST_ACCOUNT = 0x2000l;
- public static final long DONT_EXPIRE_PASSWORD = 0x10000l;
- public static final long MNS_LOGON_ACCOUNT = 0x20000l;
- public static final long SMARTCARD_REQUIRED = 0x40000l;
- public static final long TRUSTED_FOR_DELEGATION = 0x80000l;
- public static final long NOT_DELEGATED = 0x100000l;
- public static final long USE_DES_KEY_ONLY = 0x200000l;
- public static final long DONT_REQ_PREAUTH = 0x400000l;
- public static final long PASSWORD_EXPIRED = 0x800000l;
- public static final long TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000l;
- public static final long PARTIAL_SECRETS_ACCOUNT = 0x04000000l;
+ public static final long SCRIPT = 0x0001L;
+ public static final long ACCOUNTDISABLE = 0x0002L;
+ public static final long HOMEDIR_REQUIRED = 0x0008L;
+ public static final long LOCKOUT = 0x0010L;
+ public static final long PASSWD_NOTREQD = 0x0020L;
+ public static final long PASSWD_CANT_CHANGE = 0x0040L;
+ public static final long ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080L;
+ public static final long TEMP_DUPLICATE_ACCOUNT = 0x0100L;
+ public static final long NORMAL_ACCOUNT = 0x0200L;
+ public static final long INTERDOMAIN_TRUST_ACCOUNT = 0x0800L;
+ public static final long WORKSTATION_TRUST_ACCOUNT = 0x1000L;
+ public static final long SERVER_TRUST_ACCOUNT = 0x2000L;
+ public static final long DONT_EXPIRE_PASSWORD = 0x10000L;
+ public static final long MNS_LOGON_ACCOUNT = 0x20000L;
+ public static final long SMARTCARD_REQUIRED = 0x40000L;
+ public static final long TRUSTED_FOR_DELEGATION = 0x80000L;
+ public static final long NOT_DELEGATED = 0x100000L;
+ public static final long USE_DES_KEY_ONLY = 0x200000L;
+ public static final long DONT_REQ_PREAUTH = 0x400000L;
+ public static final long PASSWORD_EXPIRED = 0x800000L;
+ public static final long TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000L;
+ public static final long PARTIAL_SECRETS_ACCOUNT = 0x04000000L;
private long value;
diff --git a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java
index 255bec4..9c44cf4 100755
--- a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java
+++ b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java
@@ -12,7 +12,7 @@ public interface JpaUpdaterProvider extends Provider {
public String FIRST_VERSION = "1.0.0.Final";
- public String LAST_VERSION = "1.8.0";
+ public String LAST_VERSION = "1.9.0";
public String getCurrentVersionSql(String defaultSchema);
diff --git a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/LiquibaseJpaUpdaterProvider.java b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/LiquibaseJpaUpdaterProvider.java
index 211c00e..400b69c 100755
--- a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/LiquibaseJpaUpdaterProvider.java
+++ b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/LiquibaseJpaUpdaterProvider.java
@@ -7,6 +7,7 @@ import liquibase.changelog.DatabaseChangeLog;
import liquibase.changelog.RanChangeSet;
import liquibase.database.Database;
import liquibase.database.DatabaseFactory;
+import liquibase.database.core.DB2Database;
import liquibase.database.jvm.JdbcConnection;
import liquibase.logging.LogFactory;
import liquibase.logging.LogLevel;
@@ -29,6 +30,7 @@ public class LiquibaseJpaUpdaterProvider implements JpaUpdaterProvider {
private static final Logger logger = Logger.getLogger(LiquibaseJpaUpdaterProvider.class);
private static final String CHANGELOG = "META-INF/jpa-changelog-master.xml";
+ private static final String DB2_CHANGELOG = "META-INF/db2-jpa-changelog-master.xml";
@Override
public String getCurrentVersionSql(String defaultSchema) {
@@ -117,7 +119,10 @@ public class LiquibaseJpaUpdaterProvider implements JpaUpdaterProvider {
if (defaultSchema != null) {
database.setDefaultSchemaName(defaultSchema);
}
- return new Liquibase(CHANGELOG, new ClassLoaderResourceAccessor(getClass().getClassLoader()), database);
+
+ String changelog = (database instanceof DB2Database) ? DB2_CHANGELOG : CHANGELOG;
+ logger.debugf("Using changelog file: %s", changelog);
+ return new Liquibase(changelog, new ClassLoaderResourceAccessor(getClass().getClassLoader()), database);
}
@Override
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 52b104c..b3c1e8c 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -264,7 +264,7 @@ public class RealmAdapter implements RealmModel {
@Override
public long getQuickLoginCheckMilliSeconds() {
- return getAttribute("quickLoginCheckMilliSeconds", 0l);
+ return getAttribute("quickLoginCheckMilliSeconds", 0L);
}
@Override
diff --git a/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.0.0.Final.xml b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.0.0.Final.xml
new file mode 100644
index 0000000..20acca6
--- /dev/null
+++ b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.0.0.Final.xml
@@ -0,0 +1,442 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
+ <changeSet author="sthorger@redhat.com" id="1.0.0.Final">
+ <createTable tableName="APPLICATION_DEFAULT_ROLES">
+ <column name="APPLICATION_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ROLE_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="CLIENT">
+ <column name="DTYPE" type="VARCHAR(31)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ALLOWED_CLAIMS_MASK" type="BIGINT"/>
+ <column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="FULL_SCOPE_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="NOT_BEFORE" type="INT"/>
+ <column name="PUBLIC_CLIENT" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="SECRET" type="VARCHAR(255)"/>
+ <column name="BASE_URL" type="VARCHAR(255)"/>
+ <column name="BEARER_ONLY" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="MANAGEMENT_URL" type="VARCHAR(255)"/>
+ <column name="SURROGATE_AUTH_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="DIRECT_GRANTS_ONLY" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="CLIENT_SESSION">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ACTION" type="INT"/>
+ <column name="CLIENT_ID" type="VARCHAR(36)"/>
+ <column name="REDIRECT_URI" type="VARCHAR(255)"/>
+ <column name="STATE" type="VARCHAR(255)"/>
+ <column name="TIMESTAMP" type="INT"/>
+ <column name="SESSION_ID" type="VARCHAR(36)"/>
+ </createTable>
+ <createTable tableName="CLIENT_SESSION_ROLE">
+ <column name="ROLE_ID" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="CLIENT_SESSION" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="COMPOSITE_ROLE">
+ <column name="COMPOSITE" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="CHILD_ROLE" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="CREDENTIAL">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="DEVICE" type="VARCHAR(255)"/>
+ <column name="HASH_ITERATIONS" type="INT"/>
+ <column name="SALT" type="BLOB(16)"/>
+ <column name="TYPE" type="VARCHAR(255)"/>
+ <column name="VALUE" type="VARCHAR(255)"/>
+ <column name="USER_ID" type="VARCHAR(36)"/>
+ </createTable>
+ <createTable tableName="EVENT_ENTITY">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="CLIENT_ID" type="VARCHAR(255)"/>
+ <column name="DETAILS_JSON" type="VARCHAR(2550)"/>
+ <column name="ERROR" type="VARCHAR(255)"/>
+ <column name="IP_ADDRESS" type="VARCHAR(255)"/>
+ <column name="REALM_ID" type="VARCHAR(255)"/>
+ <column name="SESSION_ID" type="VARCHAR(255)"/>
+ <column name="TIME" type="BIGINT"/>
+ <column name="TYPE" type="VARCHAR(255)"/>
+ <column name="USER_ID" type="VARCHAR(255)"/>
+ </createTable>
+ <createTable tableName="FED_PROVIDERS">
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USERFEDERATIONPROVIDERS_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="KEYCLOAK_ROLE">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="APP_REALM_CONSTRAINT" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="APPLICATION_ROLE" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="DESCRIPTION" type="VARCHAR(255)"/>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REALM_ID" type="VARCHAR(255)"/>
+ <column name="APPLICATION" type="VARCHAR(36)"/>
+ <column name="REALM" type="VARCHAR(36)"/>
+ </createTable>
+ <createTable tableName="REALM">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ACCESS_CODE_LIFESPAN" type="INT"/>
+ <column name="USER_ACTION_LIFESPAN" type="INT"/>
+ <column name="ACCESS_TOKEN_LIFESPAN" type="INT"/>
+ <column name="ACCOUNT_THEME" type="VARCHAR(255)"/>
+ <column name="ADMIN_THEME" type="VARCHAR(255)"/>
+ <column name="EMAIL_THEME" type="VARCHAR(255)"/>
+ <column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="EVENTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="EVENTS_EXPIRATION" type="BIGINT"/>
+ <column name="LOGIN_THEME" type="VARCHAR(255)"/>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="NOT_BEFORE" type="INT"/>
+ <column name="PASSWORD_CRED_GRANT_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="PASSWORD_POLICY" type="VARCHAR(255)"/>
+ <column name="PRIVATE_KEY" type="VARCHAR(2048)"/>
+ <column name="PUBLIC_KEY" type="VARCHAR(2048)"/>
+ <column name="REGISTRATION_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REMEMBER_ME" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="RESET_PASSWORD_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="SOCIAL" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="SSL_REQUIRED" type="VARCHAR(255)"/>
+ <column name="SSO_IDLE_TIMEOUT" type="INT"/>
+ <column name="SSO_MAX_LIFESPAN" type="INT"/>
+ <column name="UPDATE_PROFILE_ON_SOC_LOGIN" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VERIFY_EMAIL" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="MASTER_ADMIN_APP" type="VARCHAR(36)"/>
+ </createTable>
+ <createTable tableName="REALM_APPLICATION">
+ <column name="APPLICATION_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="REALM_ATTRIBUTE">
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(255)"/>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="REALM_DEFAULT_ROLES">
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ROLE_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="REALM_EVENTS_LISTENERS">
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(255)"/>
+ </createTable>
+ <createTable tableName="REALM_REQUIRED_CREDENTIAL">
+ <column name="TYPE" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="FORM_LABEL" type="VARCHAR(255)"/>
+ <column name="INPUT" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="SECRET" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="REALM_SMTP_CONFIG">
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(255)"/>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="REALM_SOCIAL_CONFIG">
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(255)"/>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="REDIRECT_URIS">
+ <column name="CLIENT_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(255)"/>
+ </createTable>
+ <createTable tableName="SCOPE_MAPPING">
+ <column name="CLIENT_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ROLE_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="USERNAME_LOGIN_FAILURE">
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USERNAME" type="VARCHAR(200)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="FAILED_LOGIN_NOT_BEFORE" type="INT"/>
+ <column name="LAST_FAILURE" type="BIGINT"/>
+ <column name="LAST_IP_FAILURE" type="VARCHAR(255)"/>
+ <column name="NUM_FAILURES" type="INT"/>
+ </createTable>
+ <createTable tableName="USER_ATTRIBUTE">
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(255)"/>
+ <column name="USER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="USER_ENTITY">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="EMAIL" type="VARCHAR(255)"/>
+ <column name="EMAIL_CONSTRAINT" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="EMAIL_VERIFIED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="FEDERATION_LINK" type="VARCHAR(255)"/>
+ <column name="FIRST_NAME" type="VARCHAR(255)"/>
+ <column name="LAST_NAME" type="VARCHAR(255)"/>
+ <column name="REALM_ID" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="TOTP" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USERNAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="USER_FEDERATION_CONFIG">
+ <column name="USER_FEDERATION_PROVIDER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(255)"/>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="USER_FEDERATION_PROVIDER">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="CHANGED_SYNC_PERIOD" type="INT"/>
+ <column name="DISPLAY_NAME" type="VARCHAR(255)"/>
+ <column name="FULL_SYNC_PERIOD" type="INT"/>
+ <column name="LAST_SYNC" type="INT"/>
+ <column name="PRIORITY" type="INT"/>
+ <column name="PROVIDER_NAME" type="VARCHAR(255)"/>
+ <column name="REALM_ID" type="VARCHAR(36)"/>
+ </createTable>
+ <createTable tableName="USER_REQUIRED_ACTION">
+ <column name="ACTION" type="INT">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="USER_ROLE_MAPPING">
+ <column name="ROLE_ID" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="USER_SESSION">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="AUTH_METHOD" type="VARCHAR(255)"/>
+ <column name="IP_ADDRESS" type="VARCHAR(255)"/>
+ <column name="LAST_SESSION_REFRESH" type="INT"/>
+ <column name="LOGIN_USERNAME" type="VARCHAR(255)"/>
+ <column name="REALM_ID" type="VARCHAR(255)"/>
+ <column name="REMEMBER_ME" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="STARTED" type="INT"/>
+ <column name="USER_ID" type="VARCHAR(255)"/>
+ </createTable>
+ <createTable tableName="USER_SOCIAL_LINK">
+ <column name="SOCIAL_PROVIDER" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REALM_ID" type="VARCHAR(255)"/>
+ <column name="SOCIAL_USER_ID" type="VARCHAR(255)"/>
+ <column name="SOCIAL_USERNAME" type="VARCHAR(255)"/>
+ <column name="USER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="WEB_ORIGINS">
+ <column name="CLIENT_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(255)"/>
+ </createTable>
+ <addPrimaryKey columnNames="REALM_ID, NAME" constraintName="CONSTRAINT_1" tableName="REALM_SOCIAL_CONFIG"/>
+ <addPrimaryKey columnNames="REALM_ID, USERNAME" constraintName="CONSTRAINT_17" tableName="USERNAME_LOGIN_FAILURE"/>
+ <addPrimaryKey columnNames="ACTION, USER_ID" constraintName="CONSTRAINT_2" tableName="USER_REQUIRED_ACTION"/>
+ <addPrimaryKey columnNames="SOCIAL_PROVIDER, USER_ID" constraintName="CONSTRAINT_3" tableName="USER_SOCIAL_LINK"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_4" tableName="EVENT_ENTITY"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_4A" tableName="REALM"/>
+ <addPrimaryKey columnNames="CLIENT_SESSION, ROLE_ID" constraintName="CONSTRAINT_5" tableName="CLIENT_SESSION_ROLE"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_57" tableName="USER_SESSION"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_5C" tableName="USER_FEDERATION_PROVIDER"/>
+ <addPrimaryKey columnNames="NAME, USER_ID" constraintName="CONSTRAINT_6" tableName="USER_ATTRIBUTE"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_7" tableName="CLIENT"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_8" tableName="CLIENT_SESSION"/>
+ <addPrimaryKey columnNames="CLIENT_ID, ROLE_ID" constraintName="CONSTRAINT_81" tableName="SCOPE_MAPPING"/>
+ <addPrimaryKey columnNames="NAME, REALM_ID" constraintName="CONSTRAINT_9" tableName="REALM_ATTRIBUTE"/>
+ <addPrimaryKey columnNames="REALM_ID, TYPE" constraintName="CONSTRAINT_92" tableName="REALM_REQUIRED_CREDENTIAL"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_A" tableName="KEYCLOAK_ROLE"/>
+ <addPrimaryKey columnNames="ROLE_ID, USER_ID" constraintName="CONSTRAINT_C" tableName="USER_ROLE_MAPPING"/>
+ <addPrimaryKey columnNames="REALM_ID, NAME" constraintName="CONSTRAINT_E" tableName="REALM_SMTP_CONFIG"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_F" tableName="CREDENTIAL"/>
+ <addPrimaryKey columnNames="USER_FEDERATION_PROVIDER_ID, NAME" constraintName="CONSTRAINT_F9" tableName="USER_FEDERATION_CONFIG"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_FB" tableName="USER_ENTITY"/>
+ <!-- Added later in 1.2.0.CR1 -->
+ <!--<addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_8AELWNIBJI49AVXSRTUF6XJOW" tableName="APPLICATION_DEFAULT_ROLES"/>-->
+ <!--<addUniqueConstraint columnNames="REALM_ID,NAME" constraintName="UK_B71CJLBENV945RB6GCON438AT" tableName="CLIENT"/>-->
+
+ <addUniqueConstraint columnNames="USERFEDERATIONPROVIDERS_ID" constraintName="UK_DCCIRJLIPU1478VQC89DID88C" tableName="FED_PROVIDERS"/>
+ <addUniqueConstraint columnNames="REALM_ID,EMAIL_CONSTRAINT" constraintName="UK_DYKN684SL8UP1CRFEI6ECKHD7" tableName="USER_ENTITY"/>
+ <addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_H4WPD7W4HSOOLNI3H0SW7BTJE" tableName="REALM_DEFAULT_ROLES"/>
+
+ <!-- Added later in 1.2.0.CR1 -->
+ <!--<addUniqueConstraint columnNames="NAME,APP_REALM_CONSTRAINT" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2" tableName="KEYCLOAK_ROLE"/>-->
+ <addUniqueConstraint columnNames="REALM_ID" constraintName="UK_L5QGA3RFME47335JY8JXYXH3I" tableName="REALM_APPLICATION"/>
+ <addUniqueConstraint columnNames="NAME" constraintName="UK_ORVSDMLA56612EAEFIQ6WL5OI" tableName="REALM"/>
+ <addUniqueConstraint columnNames="REALM_ID,USERNAME" constraintName="UK_RU8TT6T700S9V50BU18WS5HA6" tableName="USER_ENTITY"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_ROLE" constraintName="FK_11B7SGQW18I532811V7O2DV76" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="REDIRECT_URIS" constraintName="FK_1BURS8PB4OUJ97H5WUPPAHV9F" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="USER_FEDERATION_PROVIDER" constraintName="FK_1FJ32F6PTOLW2QY60CD8N01E8" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="FED_PROVIDERS" constraintName="FK_213LYQ09FKXQ8K8NY8DY3737T" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_REQUIRED_CREDENTIAL" constraintName="FK_5HG65LYBEVAVKQFKI3KPONH9V" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_ATTRIBUTE" constraintName="FK_5HRM2VLF9QL5FU043KQEPOVBR" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
+ <addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_SOCIAL_LINK" constraintName="FK_68CJYS5UWM55UY823Y75XG4OM" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
+ <addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_REQUIRED_ACTION" constraintName="FK_6QJ3W1JW9CVAFHE19BWSIUVMD" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
+ <addForeignKeyConstraint baseColumnNames="REALM" baseTableName="KEYCLOAK_ROLE" constraintName="FK_6VYQFE4CN4WLQ8R6KT5VDSJ5C" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SMTP_CONFIG" constraintName="FK_70EJ8XDXGXD0B9HH6180IRR0O" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="REALM_APPLICATION" constraintName="FK_71S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <!-- Added later in 1.2.0.CR1 -->
+ <!--<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_8AELWNIBJI49AVXSRTUF6XJOW" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>-->
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_ATTRIBUTE" constraintName="FK_8SHXD6L3E9ATQUKACXGPFFPTW" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="COMPOSITE" baseTableName="COMPOSITE_ROLE" constraintName="FK_A63WVEKFTU8JO1PNJ81E7MCE2" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
+ <addForeignKeyConstraint baseColumnNames="SESSION_ID" baseTableName="CLIENT_SESSION" constraintName="FK_B4AO2VCVAT6UKAU74WBWTFQO1" referencedColumnNames="ID" referencedTableName="USER_SESSION"/>
+ <addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_ROLE_MAPPING" constraintName="FK_C4FQV34P1MBYLLOXANG7B1Q3L" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
+ <addForeignKeyConstraint baseColumnNames="USERFEDERATIONPROVIDERS_ID" baseTableName="FED_PROVIDERS" constraintName="FK_DCCIRJLIPU1478VQC89DID88C" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_DEFAULT_ROLES" constraintName="FK_EVUDB1PPW84OXFAX2DRS03ICC" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="CHILD_ROLE" baseTableName="COMPOSITE_ROLE" constraintName="FK_GR7THLLB9LU8Q4VQA4524JJY8" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
+ <addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="REALM_DEFAULT_ROLES" constraintName="FK_H4WPD7W4HSOOLNI3H0SW7BTJE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_EVENTS_LISTENERS" constraintName="FK_H846O4H0W8EPX5NXEV9F5Y69J" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_APPLICATION" constraintName="FK_L5QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="WEB_ORIGINS" constraintName="FK_LOJPHO213XCX4WNKOG82SSRFY" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+ <!-- Added later in 1.2.0.CR1 -->
+ <!--<addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_MAYLTS7KLWQW2H8M2B5JOYTKY" referencedColumnNames="ID" referencedTableName="CLIENT"/>-->
+ <addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="SCOPE_MAPPING" constraintName="FK_OUSE064PLMLR732LXJCN1Q5F1" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+ <addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="SCOPE_MAPPING" constraintName="FK_P3RH9GRKU11KQFRS4FLTT7RNQ" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="CLIENT" constraintName="FK_P56CTINXXB9GSK57FO49F9TAC" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="CREDENTIAL" constraintName="FK_PFYR0GLASQYL0DEI3KL69R6V0" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
+ <addForeignKeyConstraint baseColumnNames="APPLICATION" baseTableName="KEYCLOAK_ROLE" constraintName="FK_PIMO5LE2C0RAL09FL8CM9WFW9" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+ <addForeignKeyConstraint baseColumnNames="MASTER_ADMIN_APP" baseTableName="REALM" constraintName="FK_RSAF444KK6QRKMS7N56AIWQ5Y" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SOCIAL_CONFIG" constraintName="FK_SV5I3C2TI7G0G922FGE683SOV" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="USER_FEDERATION_PROVIDER_ID" baseTableName="USER_FEDERATION_CONFIG" constraintName="FK_T13HPU1J94R2EBPEKR39X5EU5" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
+ </changeSet>
+</databaseChangeLog>
diff --git a/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.2.0.Beta1.xml b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.2.0.Beta1.xml
new file mode 100644
index 0000000..844b21b
--- /dev/null
+++ b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.2.0.Beta1.xml
@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
+ <changeSet author="psilva@redhat.com" id="1.2.0.Beta1">
+ <delete tableName="CLIENT_SESSION_ROLE" />
+ <delete tableName="CLIENT_SESSION_NOTE" />
+ <delete tableName="CLIENT_SESSION" />
+ <delete tableName="USER_SESSION" />
+ <createTable tableName="PROTOCOL_MAPPER">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false" />
+ </column>
+ <column name="PROTOCOL" type="VARCHAR(255)">
+ <constraints nullable="false" />
+ </column>
+ <column name="PROTOCOL_MAPPER_NAME" type="VARCHAR(255)">
+ <constraints nullable="false" />
+ </column>
+ <column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false" />
+ </column>
+ <column name="CONSENT_TEXT" type="VARCHAR(255)" />
+ <column name="CLIENT_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ </createTable>
+ <createTable tableName="PROTOCOL_MAPPER_CONFIG">
+ <column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="VALUE" type="CLOB" />
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false" />
+ </column>
+ </createTable>
+ <createTable tableName="FEDERATED_IDENTITY">
+ <column name="IDENTITY_PROVIDER" type="VARCHAR(255)">
+ <constraints nullable="false" />
+ </column>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="FEDERATED_USER_ID" type="VARCHAR(255)" />
+ <column name="FEDERATED_USERNAME" type="VARCHAR(255)" />
+ <column name="TOKEN" type="TEXT" />
+ <column name="USER_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ </createTable>
+ <createTable tableName="IDENTITY_PROVIDER">
+ <column name="INTERNAL_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false" />
+ </column>
+ <column name="PROVIDER_ALIAS" type="VARCHAR(255)">
+ <constraints nullable="false" />
+ </column>
+ <column name="PROVIDER_ID" type="VARCHAR(255)" />
+ <column name="UPDATE_PROFILE_FIRST_LOGIN" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false" />
+ </column>
+ <column name="STORE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false" />
+ </column>
+ <column name="AUTHENTICATE_BY_DEFAULT" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false" />
+ </column>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ </createTable>
+ <createTable tableName="IDENTITY_PROVIDER_CONFIG">
+ <column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="VALUE" type="CLOB" />
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false" />
+ </column>
+ </createTable>
+ <createTable tableName="CLIENT_IDENTITY_PROV_MAPPING">
+ <column name="CLIENT_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="IDENTITY_PROVIDER_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="RETRIEVE_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false" />
+ </column>
+ </createTable>
+ <createTable tableName="REALM_SUPPORTED_LOCALES">
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="VALUE" type="VARCHAR(255)" />
+ </createTable>
+ <createTable tableName="USER_SESSION_NOTE">
+ <column name="USER_SESSION" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false" />
+ </column>
+ <column name="VALUE" type="VARCHAR(2048)" />
+ </createTable>
+ <addColumn tableName="CLIENT">
+ <column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false" />
+ </column>
+ </addColumn>
+ <addColumn tableName="USER_SESSION">
+ <column name="USER_SESSION_STATE" type="INT" />
+ <column name="BROKER_SESSION_ID" type="VARCHAR(255)" />
+ <column name="BROKER_USER_ID" type="VARCHAR(255)" />
+ </addColumn>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_PCM" tableName="PROTOCOL_MAPPER" />
+ <addPrimaryKey columnNames="INTERNAL_ID" constraintName="CONSTRAINT_2B" tableName="IDENTITY_PROVIDER" />
+ <addPrimaryKey columnNames="IDENTITY_PROVIDER, USER_ID" constraintName="CONSTRAINT_40" tableName="FEDERATED_IDENTITY" />
+ <addPrimaryKey columnNames="IDENTITY_PROVIDER_ID, NAME" constraintName="CONSTRAINT_D" tableName="IDENTITY_PROVIDER_CONFIG" />
+ <addPrimaryKey columnNames="PROTOCOL_MAPPER_ID, NAME" constraintName="CONSTRAINT_PMConfig" tableName="PROTOCOL_MAPPER_CONFIG" />
+ <addPrimaryKey columnNames="USER_SESSION, NAME" constraintName="CONSTRAINT_USN_PK" tableName="USER_SESSION_NOTE" />
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER" constraintName="FK2B4EBC52AE5C3B34" referencedColumnNames="ID" referencedTableName="REALM" />
+ <addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_PCM_REALM" referencedColumnNames="ID" referencedTableName="CLIENT" />
+ <addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="FEDERATED_IDENTITY" constraintName="FK404288B92EF007A6" referencedColumnNames="ID" referencedTableName="USER_ENTITY" />
+ <addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="IDENTITY_PROVIDER_CONFIG" constraintName="FKDC4897CF864C4E43" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER" />
+ <addForeignKeyConstraint baseColumnNames="PROTOCOL_MAPPER_ID" baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMConfig" referencedColumnNames="ID" referencedTableName="PROTOCOL_MAPPER" />
+ <addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_7CELWNIBJI49AVXSRTUF6XJ12" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER" />
+ <addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_IDENTITY_PROV_MAPPING" constraintName="FK_56ELWNIBJI49AVXSRTUF6XJ23" referencedColumnNames="ID" referencedTableName="CLIENT" />
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_SUPPORTED_LOCALES" constraintName="FK_SUPPORTED_LOCALES_REALM" referencedColumnNames="ID" referencedTableName="REALM" />
+ <addForeignKeyConstraint baseColumnNames="USER_SESSION" baseTableName="USER_SESSION_NOTE" constraintName="FK5EDFB00FF51D3472" referencedColumnNames="ID" referencedTableName="USER_SESSION" />
+ <addUniqueConstraint columnNames="PROVIDER_ALIAS, REALM_ID" constraintName="UK_2DAELWNIBJI49AVXSRTUF6XJ33" tableName="IDENTITY_PROVIDER" />
+ <addUniqueConstraint columnNames="IDENTITY_PROVIDER_ID,CLIENT_ID" constraintName="UK_7CAELWNIBJI49AVXSRTUF6XJ12" tableName="CLIENT_IDENTITY_PROV_MAPPING" />
+ <addColumn tableName="REALM">
+ <column name="LOGIN_LIFESPAN" type="INT" />
+ <column name="INTERNATIONALIZATION_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false" />
+ </column>
+ <column name="DEFAULT_LOCALE" type="VARCHAR(255)" />
+ <column name="REG_EMAIL_AS_USERNAME" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false" />
+ </column>
+ </addColumn>
+ <!-- KEYCLOAK-1106 APPLICATION_ID and REALM_ID switched in REALM_APPLICATION table -->
+ <dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_71S3P0DIUXAWWQQSA528UBY2Q" />
+ <dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_L5QGA3RFME47335JY8JXYXH3I" />
+ <dropUniqueConstraint tableName="REALM_APPLICATION" constraintName="UK_L5QGA3RFME47335JY8JXYXH3I" />
+ <renameColumn tableName="REALM_APPLICATION" oldColumnName="APPLICATION_ID" newColumnName="APPLICATION_ID_TMP" columnDataType="VARCHAR(36)" />
+ <renameColumn tableName="REALM_APPLICATION" oldColumnName="REALM_ID" newColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)" />
+ <renameColumn tableName="REALM_APPLICATION" oldColumnName="APPLICATION_ID_TMP" newColumnName="REALM_ID" columnDataType="VARCHAR(36)" />
+ <!--<addUniqueConstraint columnNames="APPLICATION_ID" constraintName="UK_M6QGA3RFME47335JY8JXYXH3I" tableName="REALM_APPLICATION" />
+ <addForeignKeyConstraint baseColumnNames="APPLICATION_ID" baseTableName="REALM_APPLICATION" constraintName="FK_82S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="CLIENT" />
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_APPLICATION" constraintName="FK_M6QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="REALM" />-->
+ <customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_2_0_Beta1" />
+ <!-- Remove obsolete 'social' and 'claims' stuff -->
+ <dropForeignKeyConstraint baseTableName="USER_SOCIAL_LINK" constraintName="FK_68CJYS5UWM55UY823Y75XG4OM" />
+ <dropTable tableName="USER_SOCIAL_LINK" cascadeConstraints="true" />
+ <dropForeignKeyConstraint baseTableName="REALM_SOCIAL_CONFIG" constraintName="FK_SV5I3C2TI7G0G922FGE683SOV" />
+ <dropTable tableName="REALM_SOCIAL_CONFIG" cascadeConstraints="true" />
+ <dropColumn tableName="CLIENT" columnName="ALLOWED_CLAIMS_MASK" />
+ <createTable tableName="REALM_ENABLED_EVENT_TYPES">
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false" />
+ </column>
+ <column name="VALUE" type="VARCHAR(255)" />
+ </createTable>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_ENABLED_EVENT_TYPES" constraintName="FK_H846O4H0W8EPX5NWEDRF5Y69J" referencedColumnNames="ID" referencedTableName="REALM" />
+ </changeSet>
+</databaseChangeLog>
diff --git a/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.2.0.CR1.xml b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.2.0.CR1.xml
new file mode 100644
index 0000000..dab760e
--- /dev/null
+++ b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.2.0.CR1.xml
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
+ <changeSet author="bburke@redhat.com" id="1.2.0.RC1">
+ <delete tableName="CLIENT_SESSION_ROLE"/>
+ <delete tableName="CLIENT_SESSION_NOTE"/>
+ <delete tableName="CLIENT_SESSION"/>
+ <delete tableName="USER_SESSION_NOTE"/>
+ <delete tableName="USER_SESSION"/>
+
+ <createTable tableName="MIGRATION_MODEL">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VERSION" type="VARCHAR(36)">
+ <constraints nullable="true"/>
+ </column>
+ </createTable>
+
+ <createTable tableName="IDENTITY_PROVIDER_MAPPER">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="IDP_ALIAS" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="IDP_MAPPER_NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="IDP_MAPPER_CONFIG">
+ <column name="IDP_MAPPER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="CLOB"/>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <addColumn tableName="CREDENTIAL">
+ <column name="CREATED_DATE" type="BIGINT"/>
+ </addColumn>
+ <createTable tableName="USER_CONSENT">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="CLIENT_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="USER_CONSENT_ROLE">
+ <column name="USER_CONSENT_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ROLE_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="USER_CONSENT_PROT_MAPPER">
+ <column name="USER_CONSENT_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="CLIENT_SESSION_PROT_MAPPER">
+ <column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="CLIENT_SESSION" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_MIGMOD" tableName="MIGRATION_MODEL"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_IDPM" tableName="IDENTITY_PROVIDER_MAPPER"/>
+ <addPrimaryKey columnNames="IDP_MAPPER_ID, NAME" constraintName="CONSTRAINT_IDPMConfig" tableName="IDP_MAPPER_CONFIG"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_GRNTCSNT_PM" tableName="USER_CONSENT"/>
+ <addPrimaryKey columnNames="USER_CONSENT_ID, ROLE_ID" constraintName="CONSTRAINT_GRNTCSNT_ROLE_PM" tableName="USER_CONSENT_ROLE"/>
+ <addPrimaryKey columnNames="USER_CONSENT_ID, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_GRNTCSNT_PRM_PM" tableName="USER_CONSENT_PROT_MAPPER"/>
+ <addPrimaryKey columnNames="CLIENT_SESSION, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_CS_PMP_PK" tableName="CLIENT_SESSION_PROT_MAPPER"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER_MAPPER" constraintName="FK_IDPM_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="IDP_MAPPER_ID" baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMConfig" referencedColumnNames="ID" referencedTableName="IDENTITY_PROVIDER_MAPPER"/>
+ <addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_CONSENT" constraintName="FK_GRNTCSNT_USER" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
+ <addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_ROLE" constraintName="FK_GRNTCSNT_ROLE_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
+ <addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_PROT_MAPPER" constraintName="FK_GRNTCSNT_PRM_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_PROT_MAPPER" constraintName="FK_33A8SGQW18I532811V7O2DK89" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
+
+ <renameColumn tableName="CLIENT" newColumnName="CLIENT_ID" oldColumnName="NAME" columnDataType="VARCHAR(255)"/>
+ <!-- DB2 specific. Original changelog has this in 1.0.0.Final -->
+ <addUniqueConstraint columnNames="REALM_ID,CLIENT_ID" constraintName="UK_B71CJLBENV945RB6GCON438AT" tableName="CLIENT"/>
+
+ <addColumn tableName="CLIENT">
+ <column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="NAME" type="VARCHAR(255)" />
+ </addColumn>
+ <addColumn tableName="IDENTITY_PROVIDER">
+ <column name="ADD_TOKEN_ROLE" type="BOOLEAN" defaultValueBoolean="true">
+ <constraints nullable="false"/>
+ </column>
+ </addColumn>
+ <update tableName="CLIENT">
+ <column name="CONSENT_REQUIRED" valueBoolean="true"/>
+ <where>DTYPE = 'OAuthClientEntity'</where>
+ </update>
+ <dropColumn tableName="CLIENT" columnName="DTYPE"/>
+
+ <dropForeignKeyConstraint baseTableName="REALM" constraintName="FK_RSAF444KK6QRKMS7N56AIWQ5Y" />
+ <renameColumn tableName="REALM" newColumnName="MASTER_ADMIN_CLIENT" oldColumnName="MASTER_ADMIN_APP" columnDataType="VARCHAR(36)"/>
+ <addForeignKeyConstraint baseColumnNames="MASTER_ADMIN_CLIENT" baseTableName="REALM" constraintName="FK_TRAF444KK6QRKMS7N56AIWQ5Y" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+
+ <!--<dropForeignKeyConstraint baseTableName="REALM_APPLICATION" constraintName="FK_82S3P0DIUXAWWQQSA528UBY2Q" />-->
+ <renameTable oldTableName="REALM_APPLICATION" newTableName="REALM_CLIENT"/>
+ <renameColumn tableName="REALM_CLIENT" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
+ <addUniqueConstraint columnNames="CLIENT_ID" constraintName="UK_M6QGA3RFME47335JY8JXYXH3I" tableName="REALM_CLIENT" />
+ <addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="REALM_CLIENT" constraintName="FK_93S3P0DIUXAWWQQSA528UBY2Q" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_CLIENT" constraintName="FK_M6QGA3RFME47335JY8JXYXH3I" referencedColumnNames="ID" referencedTableName="REALM" />
+
+ <!--<dropForeignKeyConstraint baseTableName="APPLICATION_DEFAULT_ROLES" constraintName="FK_MAYLTS7KLWQW2H8M2B5JOYTKY" />-->
+ <renameTable oldTableName="APPLICATION_DEFAULT_ROLES" newTableName="CLIENT_DEFAULT_ROLES"/>
+ <renameColumn tableName="CLIENT_DEFAULT_ROLES" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
+ <addUniqueConstraint columnNames="ROLE_ID" constraintName="UK_8AELWNIBJI49AVXSRTUF6XJOW" tableName="CLIENT_DEFAULT_ROLES"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_DEFAULT_ROLES" constraintName="FK_NUILTS7KLWQW2H8M2B5JOYTKY" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+ <addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="CLIENT_DEFAULT_ROLES" constraintName="FK_8AELWNIBJI49AVXSRTUF6XJOW" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
+
+ <dropForeignKeyConstraint baseTableName="APP_NODE_REGISTRATIONS" constraintName="FK8454723BA992F594" />
+ <dropPrimaryKey constraintName="CONSTRAINT_84" tableName="APP_NODE_REGISTRATIONS"/>
+ <renameTable oldTableName="APP_NODE_REGISTRATIONS" newTableName="CLIENT_NODE_REGISTRATIONS"/>
+ <renameColumn tableName="CLIENT_NODE_REGISTRATIONS" newColumnName="CLIENT_ID" oldColumnName="APPLICATION_ID" columnDataType="VARCHAR(36)"/>
+ <addPrimaryKey columnNames="CLIENT_ID, NAME" constraintName="CONSTRAINT_84_2" tableName="CLIENT_NODE_REGISTRATIONS"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_ID" baseTableName="CLIENT_NODE_REGISTRATIONS" constraintName="FK4129723BA992F594" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+
+ <dropForeignKeyConstraint baseTableName="KEYCLOAK_ROLE" constraintName="FK_PIMO5LE2C0RAL09FL8CM9WFW9" />
+ <renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT" oldColumnName="APPLICATION" columnDataType="VARCHAR(36)"/>
+ <renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT_ROLE" oldColumnName="APPLICATION_ROLE" columnDataType="BOOLEAN"/>
+ <renameColumn tableName="KEYCLOAK_ROLE" newColumnName="CLIENT_REALM_CONSTRAINT" oldColumnName="APP_REALM_CONSTRAINT" columnDataType="VARCHAR(36)"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT" baseTableName="KEYCLOAK_ROLE" constraintName="FK_KJHO5LE2C0RAL09FL8CM9WFW9" referencedColumnNames="ID" referencedTableName="CLIENT"/>
+
+ <!--<dropUniqueConstraint tableName="KEYCLOAK_ROLE" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2"/>-->
+ <addUniqueConstraint columnNames="NAME,CLIENT_REALM_CONSTRAINT" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2-2" tableName="KEYCLOAK_ROLE"/>
+ <addUniqueConstraint columnNames="CLIENT_ID, USER_ID" constraintName="UK_JKUWUVD56ONTGSUHOGM8UEWRT" tableName="USER_CONSENT"/>
+
+ <customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_2_0_CR1"/>
+
+ </changeSet>
+</databaseChangeLog>
diff --git a/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.4.0.xml b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.4.0.xml
new file mode 100644
index 0000000..cb47c7e
--- /dev/null
+++ b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.4.0.xml
@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
+ <changeSet author="bburke@redhat.com" id="1.4.0">
+ <delete tableName="CLIENT_SESSION_AUTH_STATUS"/>
+ <delete tableName="CLIENT_SESSION_ROLE"/>
+ <delete tableName="CLIENT_SESSION_PROT_MAPPER"/>
+ <delete tableName="CLIENT_SESSION_NOTE"/>
+ <delete tableName="CLIENT_SESSION"/>
+ <delete tableName="USER_SESSION_NOTE"/>
+ <delete tableName="USER_SESSION"/>
+
+ <addColumn tableName="CLIENT">
+ <column name="SERVICE_ACCOUNTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ </addColumn>
+ <addColumn tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" type="VARCHAR(36)">
+ <constraints nullable="true"/>
+ </column>
+ </addColumn>
+ <addColumn tableName="AUTHENTICATION_FLOW">
+ <column name="PROVIDER_ID" type="VARCHAR(36)" defaultValue="basic-flow">
+ <constraints nullable="false"/>
+ </column>
+ <column name="TOP_LEVEL" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="BUILT_IN" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ </addColumn>
+ <addColumn tableName="AUTHENTICATION_EXECUTION">
+ <column name="AUTH_FLOW_ID" type="VARCHAR(36)">
+ <constraints nullable="true"/>
+ </column>
+ <column name="AUTH_CONFIG" type="VARCHAR(36)">
+ <constraints nullable="true"/>
+ </column>
+ </addColumn>
+ <addColumn tableName="USER_ATTRIBUTE">
+ <column name="ID" type="VARCHAR(36)" defaultValue="sybase-needs-something-here">
+ <constraints nullable="false"/>
+ </column>
+ </addColumn>
+
+ <dropColumn tableName="AUTHENTICATOR" columnName="PROVIDER_ID"/>
+ <renameTable oldTableName="AUTHENTICATOR_CONFIG" newTableName="AUTHENTICATOR_CONFIG_ENTRY"/>
+
+ <dropForeignKeyConstraint baseTableName="AUTHENTICATOR" constraintName="FK_AUTH_REALM" />
+ <renameTable oldTableName="AUTHENTICATOR" newTableName="AUTHENTICATOR_CONFIG"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATOR_CONFIG" constraintName="FK_AUTH_REALM_2" referencedColumnNames="ID" referencedTableName="REALM"/>
+
+ <!-- OAUTH_GRANT,
+ CODE_TO_TOKEN,
+ VERIFY_EMAIL,
+ UPDATE_PROFILE,
+ CONFIGURE_TOTP,
+ UPDATE_PASSWORD,
+ RECOVER_PASSWORD,
+ AUTHENTICATE,
+ SOCIAL_CALLBACK,
+ LOGGED_OUT -->
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="OAUTH_GRANT"/>
+ <where>ACTION = 0</where>
+ </update>
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="CODE_TO_TOKEN"/>
+ <where>ACTION = 1</where>
+ </update>
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="VERIFY_EMAIL"/>
+ <where>ACTION = 2</where>
+ </update>
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="UPDATE_PROFILE"/>
+ <where>ACTION = 3</where>
+ </update>
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="CONFIGURE_TOTP"/>
+ <where>ACTION = 4</where>
+ </update>
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="UPDATE_PASSWORD"/>
+ <where>ACTION = 5</where>
+ </update>
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="RECOVER_PASSWORD"/>
+ <where>ACTION = 6</where>
+ </update>
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="AUTHENTICATE"/>
+ <where>ACTION = 7</where>
+ </update>
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="SOCIAL_CALLBACK"/>
+ <where>ACTION = 8</where>
+ </update>
+ <update tableName="CLIENT_SESSION">
+ <column name="CURRENT_ACTION" value="LOGGED_OUT"/>
+ <where>ACTION = 9</where>
+ </update>
+
+ <createTable tableName="CLIENT_USER_SESSION_NOTE">
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(2048)"/>
+ <column name="CLIENT_SESSION" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="REQUIRED_ACTION_PROVIDER">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ALIAS" type="VARCHAR(255)"/>
+ <column name="NAME" type="VARCHAR(255)"/>
+ <column name="REALM_ID" type="VARCHAR(36)"/>
+ <column name="ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="DEFAULT_ACTION" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="PROVIDER_ID" type="VARCHAR(255)"/>
+ </createTable>
+ <createTable tableName="REQUIRED_ACTION_CONFIG">
+ <column name="REQUIRED_ACTION_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="CLOB"/>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+
+ <customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_4_0_Final"/>
+
+ <dropPrimaryKey constraintName="CONSTRAINT_6" tableName="USER_ATTRIBUTE"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_USER_ATTRIBUTE_PK" tableName="USER_ATTRIBUTE"/>
+ <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_REQ_ACT_PRV_PK" tableName="REQUIRED_ACTION_PROVIDER"/>
+ <addPrimaryKey columnNames="REQUIRED_ACTION_ID, NAME" constraintName="CONSTRAINT_REQ_ACT_CFG_PK" tableName="REQUIRED_ACTION_CONFIG"/>
+ <addPrimaryKey columnNames="CLIENT_SESSION, NAME" constraintName="CONSTR_CL_USR_SES_NOTE" tableName="CLIENT_USER_SESSION_NOTE"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REQUIRED_ACTION_PROVIDER" constraintName="FK_REQ_ACT_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_USER_SESSION_NOTE" constraintName="FK_CL_USR_SES_NOTE" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
+ <dropColumn tableName="CLIENT_SESSION" columnName="ACTION"/>
+ <addColumn tableName="USER_ENTITY">
+ <column name="CREATED_TIMESTAMP" type="BIGINT"/>
+ <column name="SERVICE_ACCOUNT_CLIENT_LINK" type="VARCHAR(36)"/>
+ </addColumn>
+
+ </changeSet>
+</databaseChangeLog>
diff --git a/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.8.0.xml b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.8.0.xml
new file mode 100644
index 0000000..fe3d8bd
--- /dev/null
+++ b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-1.8.0.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
+ <changeSet author="mposolda@redhat.com" id="1.8.0">
+
+ <addColumn tableName="IDENTITY_PROVIDER">
+ <column name="POST_BROKER_LOGIN_FLOW_ID" type="VARCHAR(36)">
+ <constraints nullable="true"/>
+ </column>
+ </addColumn>
+ <createTable tableName="CLIENT_TEMPLATE">
+ <column name="ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="DESCRIPTION" type="VARCHAR(255)"/>
+ <column name="PROTOCOL" type="VARCHAR(255)"/>
+ <column name="FULL_SCOPE_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="STANDARD_FLOW_ENABLED" type="BOOLEAN" defaultValueBoolean="true">
+ <constraints nullable="false"/>
+ </column>
+ <column name="IMPLICIT_FLOW_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="DIRECT_ACCESS_GRANTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="SERVICE_ACCOUNTS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="BEARER_ONLY" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="PUBLIC_CLIENT" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="CLIENT_TEMPLATE_ATTRIBUTES">
+ <column name="TEMPLATE_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="VALUE" type="VARCHAR(2048)"/>
+ <column name="NAME" type="VARCHAR(255)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+ <createTable tableName="TEMPLATE_SCOPE_MAPPING">
+ <column name="TEMPLATE_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="ROLE_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+
+
+
+ <dropNotNullConstraint tableName="PROTOCOL_MAPPER" columnName="CLIENT_ID" columnDataType="VARCHAR(36)"/>
+ <addColumn tableName="CLIENT">
+ <column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
+ <constraints nullable="true"/>
+ </column>
+ <column name="USE_TEMPLATE_CONFIG" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USE_TEMPLATE_SCOPE" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USE_TEMPLATE_MAPPERS" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ </addColumn>
+ <addColumn tableName="PROTOCOL_MAPPER">
+ <column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
+ <constraints nullable="true"/>
+ </column>
+ </addColumn>
+ <createTable tableName="REALM_CLIENT_TEMPLATE">
+ <column name="CLIENT_TEMPLATE_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ </createTable>
+
+ <addPrimaryKey columnNames="ID" constraintName="PK_CLI_TEMPLATE" tableName="CLIENT_TEMPLATE"/>
+ <addUniqueConstraint columnNames="REALM_ID,NAME" constraintName="UK_CLI_TEMPLATE" tableName="CLIENT_TEMPLATE"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="CLIENT_TEMPLATE" constraintName="FK_REALM_CLI_TMPLT" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_CLI_TMPLT_MAPPER" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="CLIENT" constraintName="FK_CLI_TMPLT_CLIENT" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
+ <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_RLM" referencedColumnNames="ID" referencedTableName="REALM"/>
+ <addForeignKeyConstraint baseColumnNames="CLIENT_TEMPLATE_ID" baseTableName="REALM_CLIENT_TEMPLATE" constraintName="FK_RLM_CLI_TMPLT_CLI" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
+ <addPrimaryKey columnNames="TEMPLATE_ID, ROLE_ID" constraintName="PK_TEMPLATE_SCOPE" tableName="TEMPLATE_SCOPE_MAPPING"/>
+ <addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
+ <addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="TEMPLATE_SCOPE_MAPPING" constraintName="FK_TEMPL_SCOPE_ROLE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
+ <addPrimaryKey columnNames="TEMPLATE_ID, NAME" constraintName="PK_CL_TMPL_ATTR" tableName="CLIENT_TEMPLATE_ATTRIBUTES"/>
+ <addForeignKeyConstraint baseColumnNames="TEMPLATE_ID" baseTableName="CLIENT_TEMPLATE_ATTRIBUTES" constraintName="FK_CL_TEMPL_ATTR_TEMPL" referencedColumnNames="ID" referencedTableName="CLIENT_TEMPLATE"/>
+
+ <update tableName="CREDENTIAL">
+ <column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
+ <where>TYPE in ('password-history', 'password') AND ALGORITHM is NULL</where>
+ </update>
+
+ </changeSet>
+
+ <changeSet id="1.8.0-2" author="keycloak">
+ <dropDefaultValue tableName="CREDENTIAL" columnName="ALGORITHM" columnDataType="VARCHAR(36)"/>
+
+ <update tableName="CREDENTIAL">
+ <column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
+ <where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
+ </update>
+
+ </changeSet>
+
+</databaseChangeLog>
\ No newline at end of file
diff --git a/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-master.xml b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-master.xml
new file mode 100644
index 0000000..a44604e
--- /dev/null
+++ b/model/jpa/src/main/resources/META-INF/db2-jpa-changelog-master.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
+ <include file="META-INF/db2-jpa-changelog-1.0.0.Final.xml"/>
+ <include file="META-INF/jpa-changelog-1.1.0.Beta1.xml"/>
+ <include file="META-INF/jpa-changelog-1.1.0.Final.xml"/>
+ <include file="META-INF/db2-jpa-changelog-1.2.0.Beta1.xml"/>
+ <include file="META-INF/db2-jpa-changelog-1.2.0.CR1.xml"/>
+ <include file="META-INF/jpa-changelog-1.2.0.Final.xml"/>
+ <include file="META-INF/jpa-changelog-1.3.0.xml"/>
+ <include file="META-INF/db2-jpa-changelog-1.4.0.xml"/>
+ <include file="META-INF/jpa-changelog-1.5.0.xml"/>
+ <include file="META-INF/jpa-changelog-1.6.1.xml"/>
+ <include file="META-INF/jpa-changelog-1.7.0.xml"/>
+ <include file="META-INF/db2-jpa-changelog-1.8.0.xml"/>
+ <include file="META-INF/jpa-changelog-1.9.0.xml"/>
+</databaseChangeLog>
diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-1.8.0.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
index 12606a3..7bb2f79 100755
--- a/model/jpa/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
+++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
@@ -119,6 +119,12 @@
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
<where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
</update>
+
+ <!-- Sybase specific hacks -->
+ <modifySql dbms="sybase">
+ <regExpReplace replace=".*(SET DEFAULT NULL)" with="SELECT 1" />
+ </modifySql>
+
</changeSet>
</databaseChangeLog>
\ No newline at end of file
diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-1.9.0.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-1.9.0.xml
new file mode 100644
index 0000000..80ebdc4
--- /dev/null
+++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-1.9.0.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
+ <changeSet author="mposolda@redhat.com" id="1.9.0">
+
+ <!-- This is needed for MSSQL :( -->
+ <!-- 1.5 -->
+ <update tableName="REALM">
+ <column name="OTP_POLICY_COUNTER" type="INT" valueNumeric="0" />
+ <where>OTP_POLICY_COUNTER is NULL</where>
+ </update>
+ <update tableName="REALM">
+ <column name="OTP_POLICY_WINDOW" type="INT" valueNumeric="1" />
+ <where>OTP_POLICY_WINDOW is NULL</where>
+ </update>
+ <update tableName="REALM">
+ <column name="OTP_POLICY_PERIOD" type="INT" valueNumeric="30" />
+ <where>OTP_POLICY_PERIOD is NULL</where>
+ </update>
+ <update tableName="REALM">
+ <column name="OTP_POLICY_DIGITS" type="INT" valueNumeric="6" />
+ <where>OTP_POLICY_DIGITS is NULL</where>
+ </update>
+ <update tableName="CREDENTIAL">
+ <column name="COUNTER" type="INT" valueNumeric="0" />
+ <where>COUNTER is NULL</where>
+ </update>
+ <update tableName="CREDENTIAL">
+ <column name="DIGITS" type="INT" valueNumeric="6" />
+ <where>DIGITS is NULL</where>
+ </update>
+ <update tableName="CREDENTIAL">
+ <column name="PERIOD" type="INT" valueNumeric="30" />
+ <where>PERIOD is NULL</where>
+ </update>
+ <!-- 1.6 -->
+ <update tableName="REALM">
+ <column name="OFFLINE_SESSION_IDLE_TIMEOUT" type="INT" valueNumeric="2592000" />
+ <where>OFFLINE_SESSION_IDLE_TIMEOUT is NULL</where>
+ </update>
+ <!-- 1.7 -->
+ <update tableName="REALM">
+ <column name="ACCESS_TOKEN_LIFE_IMPLICIT" type="INT" valueNumeric="900" />
+ <where>ACCESS_TOKEN_LIFE_IMPLICIT is NULL</where>
+ </update>
+
+ </changeSet>
+</databaseChangeLog>
\ No newline at end of file
diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml
index 0f907e0..987d5e2 100755
--- a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml
+++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml
@@ -12,4 +12,5 @@
<include file="META-INF/jpa-changelog-1.6.1.xml"/>
<include file="META-INF/jpa-changelog-1.7.0.xml"/>
<include file="META-INF/jpa-changelog-1.8.0.xml"/>
+ <include file="META-INF/jpa-changelog-1.9.0.xml"/>
</databaseChangeLog>
pom.xml 37(+1 -36)
diff --git a/pom.xml b/pom.xml
index 2786ebe..45b8d99 100644
--- a/pom.xml
+++ b/pom.xml
@@ -55,8 +55,7 @@
<eap.version>7.0.0.Beta</eap.version>
- <!-- this is EAP 6.4 alpha, publicly available -->
- <jboss.version>7.5.0.Final-redhat-15</jboss.version>
+ <jboss.version>7.2.0.Final</jboss.version>
<servlet.api.30.version>1.0.2.Final</servlet.api.30.version>
<google.zxing.version>3.2.1</google.zxing.version>
@@ -1332,39 +1331,5 @@
</plugins>
</build>
</profile>
-
- <!-- Configure the JBoss Early Access Maven repository -->
- <profile>
- <id>jboss-earlyaccess-repository</id>
- <activation>
- <property>
- <name>!no-jboss-ea-repo</name>
- </property>
- </activation>
- <repositories>
- <repository>
- <id>jboss-earlyaccess-repository</id>
- <url>http://maven.repository.redhat.com/earlyaccess/all/</url>
- <releases>
- <enabled>true</enabled>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>jboss-earlyaccess-plugin-repository</id>
- <url>http://maven.repository.redhat.com/earlyaccess/all/</url>
- <releases>
- <enabled>true</enabled>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
</profiles>
</project>
diff --git a/saml-core/src/main/java/org/keycloak/saml/common/util/StringUtil.java b/saml-core/src/main/java/org/keycloak/saml/common/util/StringUtil.java
index 3db64c2..15ce2f0 100755
--- a/saml-core/src/main/java/org/keycloak/saml/common/util/StringUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/util/StringUtil.java
@@ -130,7 +130,7 @@ public class StringUtil {
* @param second
*/
public static void match(String first, String second) {
- if (first.equals(second) == false)
+ if (!first.equals(second))
throw logger.notEqualError(first, second);
}
diff --git a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
index dd4a9d0..508a66a 100755
--- a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
@@ -191,7 +191,7 @@ public class TransformerUtil {
public void transform(Source xmlSource, Result outputTarget) throws TransformerException {
if (!(xmlSource instanceof StAXSource))
throw logger.wrongTypeError("xmlSource should be a stax source");
- if (outputTarget instanceof DOMResult == false)
+ if (!(outputTarget instanceof DOMResult))
throw logger.wrongTypeError("outputTarget should be a dom result");
String rootTag = null;
@@ -208,7 +208,7 @@ public class TransformerUtil {
try {
XMLEvent xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader);
- if (xmlEvent instanceof StartElement == false)
+ if (!(xmlEvent instanceof StartElement))
throw new TransformerException(ErrorCodes.WRITER_SHOULD_START_ELEMENT);
StartElement rootElement = (StartElement) xmlEvent;
diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/StatementUtil.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/StatementUtil.java
index c184e58..77268b9 100755
--- a/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/StatementUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/StatementUtil.java
@@ -167,7 +167,7 @@ public class StatementUtil {
* @return
*/
public static AttributeStatementType createAttributeStatementForRoles(List<String> roles, boolean multivalued) {
- if (multivalued == false) {
+ if (!multivalued) {
return createAttributeStatement(roles);
}
AttributeStatementType attrStatement = new AttributeStatementType();
diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
index 836b3fc..9ab4c15 100755
--- a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
@@ -136,7 +136,7 @@ public class JAXPValidationUtil {
public void error(SAXParseException ex) throws SAXException {
logException(ex);
- if (ex.getMessage().contains("null") == false) {
+ if (!ex.getMessage().contains("null")) {
throw ex;
}
}
diff --git a/server-spi/src/main/java/org/keycloak/models/ClaimMask.java b/server-spi/src/main/java/org/keycloak/models/ClaimMask.java
index 20a5543..137f15e 100755
--- a/server-spi/src/main/java/org/keycloak/models/ClaimMask.java
+++ b/server-spi/src/main/java/org/keycloak/models/ClaimMask.java
@@ -5,16 +5,16 @@ package org.keycloak.models;
* @version $Revision: 1 $
*/
public class ClaimMask {
- public static final long NAME = 0x01l;
- public static final long USERNAME = 0x02l;
- public static final long PROFILE = 0x04l;
- public static final long PICTURE = 0x08l;
- public static final long WEBSITE = 0x10l;
- public static final long EMAIL = 0x20l;
- public static final long GENDER = 0x40l;
- public static final long LOCALE = 0x80l;
- public static final long ADDRESS = 0x100l;
- public static final long PHONE = 0x200l;
+ public static final long NAME = 0x01L;
+ public static final long USERNAME = 0x02L;
+ public static final long PROFILE = 0x04L;
+ public static final long PICTURE = 0x08L;
+ public static final long WEBSITE = 0x10L;
+ public static final long EMAIL = 0x20L;
+ public static final long GENDER = 0x40L;
+ public static final long LOCALE = 0x80L;
+ public static final long ADDRESS = 0x100L;
+ public static final long PHONE = 0x200L;
public static final long ALL = NAME | USERNAME | PROFILE | PICTURE | WEBSITE | EMAIL | GENDER | LOCALE | ADDRESS | PHONE;
diff --git a/server-spi/src/main/java/org/keycloak/models/OTPPolicy.java b/server-spi/src/main/java/org/keycloak/models/OTPPolicy.java
index 8d76bb9..3097acf 100755
--- a/server-spi/src/main/java/org/keycloak/models/OTPPolicy.java
+++ b/server-spi/src/main/java/org/keycloak/models/OTPPolicy.java
@@ -96,25 +96,25 @@ public class OTPPolicy implements Serializable {
}
public String getKeyURI(RealmModel realm, UserModel user, String secret) {
+ try {
+ String displayName = realm.getDisplayName() != null && !realm.getDisplayName().isEmpty() ? realm.getDisplayName() : realm.getName();
+ String uri;
- String displayName = realm.getDisplayName();
- String uri = null;
-
- if (displayName == null || displayName.isEmpty()) { displayName = realm.getName(); }
- uri = "otpauth://" + type + "/" + displayName + ":" + user.getUsername() + "?secret=" +
- Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
- try {
- uri += "&issuer=" + URLEncoder.encode(realm.getName(), "UTF-8");
- } catch (UnsupportedEncodingException e) {
- logger.debug("Failed to add issuer parameter to OTP URI becasue UTF-8 is not supported.");
- }
- if (type.equals(UserCredentialModel.HOTP)) {
- uri += "&counter=" + initialCounter;
- }
- if (type.equals(UserCredentialModel.TOTP)) {
- uri += "&period=" + period;
- }
- return uri;
+ uri = "otpauth://" + type + "/" + URLEncoder.encode(user.getUsername(), "UTF-8") + "?secret=" +
+ Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
+
+ uri += "&issuer=" + URLEncoder.encode(displayName, "UTF-8");
+ if (type.equals(UserCredentialModel.HOTP)) {
+ uri += "&counter=" + initialCounter;
+ }
+ if (type.equals(UserCredentialModel.TOTP)) {
+ uri += "&period=" + period;
+ }
+
+ return uri;
+ } catch (UnsupportedEncodingException e) {
+ throw new RuntimeException(e);
+ }
}
}
diff --git a/server-spi/src/main/java/org/keycloak/models/PasswordPolicy.java b/server-spi/src/main/java/org/keycloak/models/PasswordPolicy.java
index a45e9f2..08d8da3 100755
--- a/server-spi/src/main/java/org/keycloak/models/PasswordPolicy.java
+++ b/server-spi/src/main/java/org/keycloak/models/PasswordPolicy.java
@@ -32,7 +32,7 @@ public class PasswordPolicy implements Serializable {
this.policyString = policyString;
this.policies = new LinkedList<>();
- if (policyString != null && !policyString.isEmpty()) {
+ if (policyString != null && !policyString.trim().isEmpty()) {
for (String policy : policyString.split(" and ")) {
policy = policy.trim();
diff --git a/services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtector.java b/services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtector.java
index 240bf23..8299489 100644
--- a/services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtector.java
+++ b/services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtector.java
@@ -21,6 +21,7 @@ import org.keycloak.common.ClientConnection;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.services.ServicesLogger;
@@ -91,44 +92,49 @@ public class DefaultBruteForceProtector implements Runnable, BruteForceProtector
logger.debug("failure");
RealmModel realm = getRealmModel(session, event);
logFailure(event);
- UsernameLoginFailureModel user = getUserModel(session, event);
- if (user == null) {
- user = session.sessions().addUserLoginFailure(realm, event.username.toLowerCase());
- }
- user.setLastIPFailure(event.ip);
- long currentTime = System.currentTimeMillis();
- long last = user.getLastFailure();
- long deltaTime = 0;
- if (last > 0) {
- deltaTime = currentTime - last;
- }
- user.setLastFailure(currentTime);
- if (deltaTime > 0) {
- // if last failure was more than MAX_DELTA clear failures
- if (deltaTime > (long)realm.getMaxDeltaTimeSeconds() *1000L) {
- user.clearFailures();
+ UserModel user = session.users().getUserByUsername(event.username.toString(), realm);
+ UsernameLoginFailureModel userLoginFailure = getUserModel(session, event);
+ if (user != null) {
+ if (userLoginFailure == null) {
+ userLoginFailure = session.sessions().addUserLoginFailure(realm, event.username.toLowerCase());
}
- }
- user.incrementFailures();
- logger.debugv("new num failures: {0}" , user.getNumFailures());
-
- int waitSeconds = realm.getWaitIncrementSeconds() * (user.getNumFailures() / realm.getFailureFactor());
- logger.debugv("waitSeconds: {0}", waitSeconds);
- logger.debugv("deltaTime: {0}", deltaTime);
- if (waitSeconds == 0) {
- if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
- logger.debugv("quick login, set min wait seconds");
- waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
+ userLoginFailure.setLastIPFailure(event.ip);
+ long currentTime = System.currentTimeMillis();
+ long last = userLoginFailure.getLastFailure();
+ long deltaTime = 0;
+ if (last > 0) {
+ deltaTime = currentTime - last;
+ }
+ userLoginFailure.setLastFailure(currentTime);
+ if (deltaTime > 0) {
+ // if last failure was more than MAX_DELTA clear failures
+ if (deltaTime > (long) realm.getMaxDeltaTimeSeconds() * 1000L) {
+ userLoginFailure.clearFailures();
+ }
+ }
+ userLoginFailure.incrementFailures();
+ logger.debugv("new num failures: {0}", userLoginFailure.getNumFailures());
+
+ int waitSeconds = realm.getWaitIncrementSeconds() * (userLoginFailure.getNumFailures() / realm.getFailureFactor());
+ logger.debugv("waitSeconds: {0}", waitSeconds);
+ logger.debugv("deltaTime: {0}", deltaTime);
+
+ if (waitSeconds == 0) {
+ if (last > 0 && deltaTime < realm.getQuickLoginCheckMilliSeconds()) {
+ logger.debugv("quick login, set min wait seconds");
+ waitSeconds = realm.getMinimumQuickLoginWaitSeconds();
+ }
+ }
+ if (waitSeconds > 0) {
+ waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds);
+ int notBefore = (int) (currentTime / 1000) + waitSeconds;
+ logger.debugv("set notBefore: {0}", notBefore);
+ userLoginFailure.setFailedLoginNotBefore(notBefore);
}
- }
- if (waitSeconds > 0) {
- waitSeconds = Math.min(realm.getMaxFailureWaitSeconds(), waitSeconds);
- int notBefore = (int) (currentTime / 1000) + waitSeconds;
- logger.debugv("set notBefore: {0}", notBefore);
- user.setFailedLoginNotBefore(notBefore);
}
}
+
protected UsernameLoginFailureModel getUserModel(KeycloakSession session, LoginEvent event) {
RealmModel realm = getRealmModel(session, event);
if (realm == null) return null;
diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
index f19151a..3a8efff 100755
--- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
+++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
@@ -299,7 +299,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
} else if (context.getUsername() == null) {
username = context.getIdpConfig().getAlias() + "." + context.getId();
} else {
- username = context.getIdpConfig().getAlias() + "." + context.getUsername();
+ username = context.getUsername();
}
}
username = username.trim();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
index 457b5aa..2f0dc27 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
@@ -155,7 +155,7 @@ public abstract class AbstractIdentityProviderTest {
FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
- assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName());
+ assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
driver.navigate().to("http://localhost:8081/test-app/logout");
driver.navigate().to("http://localhost:8081/test-app");
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java
index f0d2ed0..4b61c81 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractKeycloakIdentityProviderTest.java
@@ -138,7 +138,7 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent
FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
- assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName());
+ assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
driver.navigate().to("http://localhost:8081/test-app/logout");
driver.navigate().to("http://localhost:8081/test-app");
@@ -485,7 +485,7 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent
System.out.println("after logout currentUrl: " + currentUrl);
assertTrue(currentUrl.startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
- unconfigureUserRetrieveToken(getProviderId() + ".test-user");
+ unconfigureUserRetrieveToken("test-user");
loginIDP("test-user");
//authenticateWithIdentityProvider(identityProviderModel, "test-user");
assertEquals("http://localhost:8081/test-app", driver.getCurrentUrl());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/PostBrokerFlowTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/PostBrokerFlowTest.java
index dc8cc35..9fc168f 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/PostBrokerFlowTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/PostBrokerFlowTest.java
@@ -122,7 +122,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
- assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId());
+ assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
driver.navigate().to("http://localhost:8081/test-app/logout");
@@ -131,7 +131,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
loginTotpPage.assertCurrent();
loginTotpPage.login(totp.generateTOTP(totpSecret));
- assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId());
+ assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
driver.navigate().to("http://localhost:8081/test-app/logout");
@@ -141,7 +141,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
this.session = brokerServerRule.startSession();
loginIDP("test-user");
- assertFederatedUser(getProviderId() + ".test-user", "test-user@localhost", "test-user", getProviderId());
+ assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId());
driver.navigate().to("http://localhost:8081/test-app/logout");
}
@@ -248,7 +248,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
// assert reauthentication with login page. On login page is link to kc-saml-idp-basic as user has it linked already
Assert.assertEquals("Log in to " + APP_REALM_ID, this.driver.getTitle());
- Assert.assertEquals("Authenticate as kc-saml-idp-basic.test-user to link your account with " + getProviderId(), this.loginPage.getSuccessMessage());
+ Assert.assertEquals("Authenticate as test-user to link your account with " + getProviderId(), this.loginPage.getSuccessMessage());
// reauthenticate with SAML broker. OTP authentication is required as well
this.loginPage.clickSocial("kc-saml-idp-basic");
@@ -267,7 +267,7 @@ public class PostBrokerFlowTest extends AbstractIdentityProviderTest {
}
// authenticated and redirected to app. User is linked with both identity providers
- assertFederatedUser("kc-saml-idp-basic.test-user", "test-user@localhost", "test-user", getProviderId(), "kc-saml-idp-basic");
+ assertFederatedUser("test-user", "test-user@localhost", "test-user", getProviderId(), "kc-saml-idp-basic");
}
private void setPostBrokerFlowForProvider(IdentityProviderModel identityProvider, RealmModel realm, boolean enable) {
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java
index 534f056..2f35d59 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java
@@ -68,7 +68,7 @@ public class AdminEventStoreProviderTest {
Assert.assertEquals(1, eventStore.createAdminQuery().authUser("userId").operation(OperationType.ACTION).getResultList().size());
Assert.assertEquals(2, eventStore.createAdminQuery().maxResults(2).getResultList().size());
- Assert.assertEquals(1, eventStore.createAdminQuery().firstResult(5).getResultList().size());
+ Assert.assertEquals(1, eventStore.createAdminQuery().firstResult(5).maxResults(5).getResultList().size());
Assert.assertEquals(newest, eventStore.createAdminQuery().maxResults(1).getResultList().get(0).getTime());
Assert.assertEquals(oldest, eventStore.createAdminQuery().firstResult(5).maxResults(1).getResultList().get(0).getTime());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
index 19beaf6..3f9c5c7 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
@@ -41,6 +41,7 @@ import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage;
+import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.rule.GreenMailRule;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
@@ -102,12 +103,14 @@ public class BruteForceTest {
protected LoginPage loginPage;
@WebResource
+ private RegisterPage registerPage;
+
+ @WebResource
protected LoginTotpPage loginTotpPage;
@WebResource
protected OAuthClient oauth;
-
private TimeBasedOTP totp = new TimeBasedOTP();
private int lifespan;
@@ -340,6 +343,17 @@ public class BruteForceTest {
loginSuccess();
}
+ @Test
+ public void testNonExistingAccounts() throws Exception {
+
+ loginInvalidPassword("non-existent-user");
+ loginInvalidPassword("non-existent-user");
+ loginInvalidPassword("non-existent-user");
+
+ registerUser("non-existent-user");
+
+ }
+
public void expectTemporarilyDisabled() throws Exception {
expectTemporarilyDisabled("test-user@localhost");
}
@@ -430,4 +444,16 @@ public class BruteForceTest {
events.clear();
}
+ public void registerUser(String username){
+ loginPage.open();
+ loginPage.clickRegister();
+ registerPage.assertCurrent();
+
+ registerPage.register("user", "name", username + "@localhost", username, "password", "password");
+
+ Assert.assertNull(registerPage.getInstruction());
+
+ events.clear();
+ }
+
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java
index 29b5f9f..9820ad4 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java
@@ -57,6 +57,10 @@ public class RegisterPage extends AbstractPage {
@FindBy(className = "alert-error")
private WebElement loginErrorMessage;
+ @FindBy(className = "instruction")
+ private WebElement loginInstructionMessage;
+
+
public void register(String firstName, String lastName, String email, String username, String password, String passwordConfirm) {
firstNameInput.clear();
if (firstName != null) {
@@ -131,6 +135,15 @@ public class RegisterPage extends AbstractPage {
return loginErrorMessage != null ? loginErrorMessage.getText() : null;
}
+ public String getInstruction() {
+ try {
+ return loginInstructionMessage != null ? loginInstructionMessage.getText() : null;
+ } catch (NoSuchElementException e){
+ // OK
+ }
+ return null;
+ }
+
public String getFirstName() {
return firstNameInput.getAttribute("value");
}
@@ -164,4 +177,4 @@ public class RegisterPage extends AbstractPage {
throw new UnsupportedOperationException();
}
-}
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java
index c85ac68..2656fd4 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java
@@ -11,7 +11,7 @@ public abstract class SAMLServletWithLogout extends AbstractPageWithInjectedUrl
public void logout() {
driver.navigate().to(getUriBuilder().queryParam("GLO", "true").build().toASCIIString());
- getUriBuilder().replaceQueryParam("GLO", new Object());
+ getUriBuilder().replaceQueryParam("GLO", null);
pause(300);
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json
index 1c3ca75..bb6ce6e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json
@@ -116,11 +116,10 @@
}
],
- "applications": [
+ "clients": [
{
- "name": "customer-portal",
+ "clientId": "customer-portal",
"enabled": true,
- "directAccessGrantsEnabled": true,
"adminUrl": "/customer-portal",
"baseUrl": "/customer-portal",
"redirectUris": [
@@ -129,7 +128,7 @@
"secret": "password"
},
{
- "name": "customer-cookie-portal",
+ "clientId": "customer-cookie-portal",
"enabled": true,
"baseUrl": "/customer-cookie-portal",
"redirectUris": [
@@ -138,7 +137,7 @@
"secret": "password"
},
{
- "name": "customer-portal-js",
+ "clientId": "customer-portal-js",
"enabled": true,
"publicClient": true,
"adminUrl": "/customer-portal-js",
@@ -148,7 +147,7 @@
]
},
{
- "name": "customer-portal-cli",
+ "clientId": "customer-portal-cli",
"enabled": true,
"publicClient": true,
"redirectUris": [
@@ -157,7 +156,7 @@
]
},
{
- "name": "product-portal",
+ "clientId": "product-portal",
"enabled": true,
"adminUrl": "/product-portal",
"baseUrl": "/product-portal",
@@ -167,7 +166,7 @@
"secret": "password"
},
{
- "name": "secure-portal",
+ "clientId": "secure-portal",
"enabled": true,
"adminUrl": "/secure-portal",
"baseUrl": "/secure-portal",
@@ -180,7 +179,7 @@
}
},
{
- "name": "session-portal",
+ "clientId": "session-portal",
"enabled": true,
"adminUrl": "/session-portal",
"baseUrl": "/session-portal",
@@ -190,7 +189,7 @@
"secret": "password"
},
{
- "name": "input-portal",
+ "clientId": "input-portal",
"enabled": true,
"adminUrl": "/input-portal",
"baseUrl": "/input-portal",
@@ -198,11 +197,9 @@
"/input-portal/*"
],
"secret": "password"
- }
- ],
- "oauthClients": [
+ },
{
- "name": "third-party",
+ "clientId": "third-party",
"enabled": true,
"redirectUris": [
"/oauth-client/*",
diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/CreateClientForm.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/CreateClientForm.java
index 8182638..d622f63 100644
--- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/CreateClientForm.java
+++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/CreateClientForm.java
@@ -25,24 +25,6 @@ public class CreateClientForm extends Form {
@FindBy(id = "clientId")
private WebElement clientIdInput;
- @FindBy(id = "name")
- private WebElement nameInput;
-
- @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='enabled']]")
- private OnOffSwitch enabledSwitch;
-
- @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='consentRequired']]")
- private OnOffSwitch consentRequiredSwitch;
-
- @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='standardFlowEnabled']]")
- private OnOffSwitch standardFlowEnabledSwitch;
-
- @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='implicitFlowEnabled']]")
- private OnOffSwitch implicitFlowEnabledSwitch;
-
- @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='directAccessGrantsEnabled']]")
- private OnOffSwitch directAccessGrantsEnabledSwitch;
-
@FindBy(id = "protocol")
private Select protocolSelect;
@@ -53,43 +35,11 @@ public class CreateClientForm extends Form {
return samlForm;
}
- @FindBy(id = "accessType")
- private Select accessTypeSelect;
- @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='serviceAccountsEnabled']]")
- private OnOffSwitch serviceAccountsEnabledSwitch;
-
- @FindBy(id = "newRedirectUri")
- private WebElement newRedirectUriInput;
- @FindBy(xpath = ".//i[contains(@data-ng-click, 'newRedirectUri')]")
- private WebElement newRedirectUriSubmit;
- @FindBy(xpath = ".//input[@ng-model='client.redirectUris[i]']")
- private List<WebElement> redirectUriInputs;
- @FindBy(xpath = ".//i[contains(@data-ng-click, 'deleteRedirectUri')]")
- private List<WebElement> deleteRedirectUriIcons;
-
public void setValues(ClientRepresentation client) {
waitUntilElement(clientIdInput).is().present();
setClientId(client.getClientId());
- setName(client.getName());
- setEnabled(client.isEnabled());
- setConsentRequired(client.isConsentRequired());
setProtocol(client.getProtocol());
- if (OIDC.equals(client.getProtocol())) {
- setAccessType(client);
- if (!client.isBearerOnly()) {
- setStandardFlowEnabled(client.isStandardFlowEnabled());
- setDirectAccessGrantsEnabled(client.isDirectAccessGrantsEnabled());
- if (client.isPublicClient()) {
- setImplicitFlowEnabled(client.isImplicitFlowEnabled());
- } else {//confidential
- setServiceAccountsEnabled(client.isServiceAccountsEnabled());
- }
- if (client.isStandardFlowEnabled() || client.isImplicitFlowEnabled()) {
- setRedirectUris(client.getRedirectUris());
- }
- }
- }
}
public String getClientId() {
@@ -100,22 +50,6 @@ public class CreateClientForm extends Form {
setInputValue(clientIdInput, clientId);
}
- public String getName() {
- return getInputValue(nameInput);
- }
-
- public void setName(String name) {
- setInputValue(nameInput, name);
- }
-
- public boolean isEnabled() {
- return enabledSwitch.isOn();
- }
-
- public void setEnabled(boolean enabled) {
- enabledSwitch.setOn(enabled);
- }
-
public enum OidcAccessType {
BEARER_ONLY("bearer-only"),
PUBLIC("public"),
@@ -131,77 +65,6 @@ public class CreateClientForm extends Form {
return name;
}
}
-
- public void setAccessType(ClientRepresentation client) {
- if (client.isBearerOnly()) {
- accessTypeSelect.selectByVisibleText(BEARER_ONLY.getName());
- } else if (client.isPublicClient()) {
- accessTypeSelect.selectByVisibleText(PUBLIC.getName());
- } else {
- accessTypeSelect.selectByVisibleText(CONFIDENTIAL.getName());
- }
- }
-
- public void addRedirectUri(String redirectUri) {
- newRedirectUriInput.sendKeys(redirectUri);
- newRedirectUriSubmit.click();
- }
-
- public List<String> getRedirectUris() {
- List<String> values = new ArrayList<>();
- for (WebElement input : redirectUriInputs) {
- values.add(getInputValue(input));
- }
- return values;
- }
-
- public void setRedirectUris(List<String> redirectUris) {
- Timer.time();
- while (!deleteRedirectUriIcons.isEmpty()) {
- deleteRedirectUriIcons.get(0).click();
- pause(100);
- }
- Timer.time("deleteRedirectUris");
- if (redirectUris != null) {
- for (String redirectUri : redirectUris) {
- addRedirectUri(redirectUri);
- pause(100);
- }
- }
- Timer.time("addRedirectUris");
- }
-
- public boolean isConsentRequired() {
- return consentRequiredSwitch.isOn();
- }
-
- public void setConsentRequired(boolean consentRequired) {
- consentRequiredSwitch.setOn(consentRequired);
- }
-
- public boolean isStandardFlowEnabled() {
- return standardFlowEnabledSwitch.isOn();
- }
-
- public void setStandardFlowEnabled(boolean standardFlowEnabled) {
- standardFlowEnabledSwitch.setOn(standardFlowEnabled);
- }
-
- public boolean isImplicitFlowEnabled() {
- return implicitFlowEnabledSwitch.isOn();
- }
-
- public void setImplicitFlowEnabled(boolean implicitFlowEnabled) {
- implicitFlowEnabledSwitch.setOn(implicitFlowEnabled);
- }
-
- public boolean isDirectAccessGrantsEnabled() {
- return directAccessGrantsEnabledSwitch.isOn();
- }
-
- public void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled) {
- directAccessGrantsEnabledSwitch.setOn(directAccessGrantsEnabled);
- }
public String getProtocol() {
waitUntilElement(protocolSelect.getFirstSelectedOption()).is().present();
@@ -214,14 +77,6 @@ public class CreateClientForm extends Form {
Timer.time("clientSettings.setProtocol()");
}
- public boolean isServiceAccountsEnabled() {
- return serviceAccountsEnabledSwitch.isOn();
- }
-
- public void setServiceAccountsEnabled(boolean serviceAccountsEnabled) {
- serviceAccountsEnabledSwitch.setOn(serviceAccountsEnabled);
- }
-
public class SAMLClientSettingsForm extends Form {
public static final String SAML_ASSERTION_SIGNATURE = "saml.assertion.signature";
diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/settings/ClientSettingsForm.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/settings/ClientSettingsForm.java
index 2eaa5d0..4f284bf 100644
--- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/settings/ClientSettingsForm.java
+++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/settings/ClientSettingsForm.java
@@ -2,14 +2,19 @@ package org.keycloak.testsuite.console.page.clients.settings;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
+import org.keycloak.testsuite.util.Timer;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import java.util.ArrayList;
import java.util.List;
import org.keycloak.testsuite.console.page.clients.CreateClientForm;
+import org.openqa.selenium.support.ui.Select;
import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
+import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.BEARER_ONLY;
+import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.CONFIDENTIAL;
+import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.PUBLIC;
import static org.keycloak.testsuite.util.WaitUtils.pause;
/**
@@ -17,11 +22,43 @@ import static org.keycloak.testsuite.util.WaitUtils.pause;
*/
public class ClientSettingsForm extends CreateClientForm {
+ @FindBy(id = "name")
+ private WebElement nameInput;
+
@FindBy(id = "baseUrl")
private WebElement baseUrlInput;
@FindBy(id = "adminUrl")
private WebElement adminUrlInput;
+ @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='enabled']]")
+ private OnOffSwitch enabledSwitch;
+
+ @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='consentRequired']]")
+ private OnOffSwitch consentRequiredSwitch;
+
+ @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='standardFlowEnabled']]")
+ private OnOffSwitch standardFlowEnabledSwitch;
+
+ @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='implicitFlowEnabled']]")
+ private OnOffSwitch implicitFlowEnabledSwitch;
+
+ @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='directAccessGrantsEnabled']]")
+ private OnOffSwitch directAccessGrantsEnabledSwitch;
+
+ @FindBy(id = "accessType")
+ private Select accessTypeSelect;
+ @FindBy(xpath = ".//div[@class='onoffswitch' and ./input[@id='serviceAccountsEnabled']]")
+ private OnOffSwitch serviceAccountsEnabledSwitch;
+
+ @FindBy(id = "newRedirectUri")
+ private WebElement newRedirectUriInput;
+ @FindBy(xpath = ".//i[contains(@data-ng-click, 'newRedirectUri')]")
+ private WebElement newRedirectUriSubmit;
+ @FindBy(xpath = ".//input[@ng-model='client.redirectUris[i]']")
+ private List<WebElement> redirectUriInputs;
+ @FindBy(xpath = ".//i[contains(@data-ng-click, 'deleteRedirectUri')]")
+ private List<WebElement> deleteRedirectUriIcons;
+
@FindBy(id = "newWebOrigin")
private WebElement newWebOriginInput;
@FindBy(xpath = ".//i[contains(@data-ng-click, 'newWebOrigin')]")
@@ -79,16 +116,122 @@ public class ClientSettingsForm extends CreateClientForm {
@Override
public void setValues(ClientRepresentation client) {
super.setValues(client);
+ setName(client.getName());
+ setEnabled(client.isEnabled());
+ setConsentRequired(client.isConsentRequired());
setBaseUrl(client.getBaseUrl());
if (OIDC.equals(client.getProtocol())) {
+ setAccessType(client);
+ if (!client.isBearerOnly()) {
+ setStandardFlowEnabled(client.isStandardFlowEnabled());
+ setDirectAccessGrantsEnabled(client.isDirectAccessGrantsEnabled());
+ if (client.isPublicClient()) {
+ setImplicitFlowEnabled(client.isImplicitFlowEnabled());
+ } else {//confidential
+ setServiceAccountsEnabled(client.isServiceAccountsEnabled());
+ }
+ if (client.isStandardFlowEnabled() || client.isImplicitFlowEnabled()) {
+ setRedirectUris(client.getRedirectUris());
+ }
+ }
setAdminUrl(client.getAdminUrl());
setWebOrigins(client.getWebOrigins());
}
}
- @Override
- public void setConsentRequired(boolean value) {
- consentRequired.setOn(value);
+ public String getName() {
+ return getInputValue(nameInput);
+ }
+
+ public void setName(String name) {
+ setInputValue(nameInput, name);
+ }
+
+ public boolean isEnabled() {
+ return enabledSwitch.isOn();
+ }
+
+ public void setEnabled(boolean enabled) {
+ enabledSwitch.setOn(enabled);
+ }
+
+ public boolean isConsentRequired() {
+ return consentRequiredSwitch.isOn();
+ }
+
+ public void setConsentRequired(boolean consentRequired) {
+ consentRequiredSwitch.setOn(consentRequired);
+ }
+
+ public void setAccessType(ClientRepresentation client) {
+ if (client.isBearerOnly()) {
+ accessTypeSelect.selectByVisibleText(BEARER_ONLY.getName());
+ } else if (client.isPublicClient()) {
+ accessTypeSelect.selectByVisibleText(PUBLIC.getName());
+ } else {
+ accessTypeSelect.selectByVisibleText(CONFIDENTIAL.getName());
+ }
+ }
+
+ public void addRedirectUri(String redirectUri) {
+ newRedirectUriInput.sendKeys(redirectUri);
+ newRedirectUriSubmit.click();
+ }
+
+ public List<String> getRedirectUris() {
+ List<String> values = new ArrayList<>();
+ for (WebElement input : redirectUriInputs) {
+ values.add(getInputValue(input));
+ }
+ return values;
+ }
+
+ public void setRedirectUris(List<String> redirectUris) {
+ Timer.time();
+ while (!deleteRedirectUriIcons.isEmpty()) {
+ deleteRedirectUriIcons.get(0).click();
+ pause(100);
+ }
+ Timer.time("deleteRedirectUris");
+ if (redirectUris != null) {
+ for (String redirectUri : redirectUris) {
+ addRedirectUri(redirectUri);
+ pause(100);
+ }
+ }
+ Timer.time("addRedirectUris");
+ }
+
+ public boolean isStandardFlowEnabled() {
+ return standardFlowEnabledSwitch.isOn();
+ }
+
+ public void setStandardFlowEnabled(boolean standardFlowEnabled) {
+ standardFlowEnabledSwitch.setOn(standardFlowEnabled);
+ }
+
+ public boolean isImplicitFlowEnabled() {
+ return implicitFlowEnabledSwitch.isOn();
+ }
+
+ public void setImplicitFlowEnabled(boolean implicitFlowEnabled) {
+ implicitFlowEnabledSwitch.setOn(implicitFlowEnabled);
+ }
+
+ public boolean isDirectAccessGrantsEnabled() {
+ return directAccessGrantsEnabledSwitch.isOn();
+ }
+
+ public void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled) {
+ directAccessGrantsEnabledSwitch.setOn(directAccessGrantsEnabled);
+ }
+
+ public boolean isServiceAccountsEnabled() {
+ return serviceAccountsEnabledSwitch.isOn();
+ }
+
+ public void setServiceAccountsEnabled(boolean serviceAccountsEnabled) {
+ serviceAccountsEnabledSwitch.setOn(serviceAccountsEnabled);
}
}
diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/AbstractClientTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/AbstractClientTest.java
index 211406c..0847294 100644
--- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/AbstractClientTest.java
+++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/AbstractClientTest.java
@@ -17,6 +17,10 @@ import org.keycloak.testsuite.console.page.clients.Client;
import org.keycloak.testsuite.console.page.clients.Clients;
import org.keycloak.testsuite.console.page.clients.CreateClient;
import org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType;
+import org.keycloak.testsuite.console.page.clients.settings.ClientSettings;
+import org.keycloak.testsuite.util.WaitUtils;
+import org.openqa.selenium.By;
+
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.OidcAccessType.*;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_POST;
import static org.keycloak.testsuite.console.page.clients.CreateClientForm.SAMLClientSettingsForm.SAML_ASSERTION_CONSUMER_URL_REDIRECT;
@@ -53,6 +57,8 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
protected Client clientPage; // note: cannot call navigateTo() unless client id is set
@Page
protected CreateClient createClientPage;
+ @Page
+ protected ClientSettings clientSettingsPage;
@Before
public void beforeClientTest() {
@@ -61,13 +67,17 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
}
public void createClient(ClientRepresentation client) {
+ WaitUtils.waitUntilElement(By.tagName("body"));
assertCurrentUrlEquals(clientsPage);
clientsPage.table().createClient();
createClientPage.form().setValues(client);
+ createClientPage.form().save();
+
+ clientSettingsPage.form().setValues(client);
if (SAML.equals(client.getProtocol())) {
createClientPage.form().samlForm().setValues(client);
}
- createClientPage.form().save();
+ clientSettingsPage.form().save();
}
private static ClientRepresentation createClientRep(String clientId) {
@@ -149,21 +159,25 @@ public abstract class AbstractClientTest extends AbstractConsoleTest {
assertEqualsStringAttributes(c1.getClientId(), c2.getClientId());
assertEqualsStringAttributes(c1.getName(), c2.getName());
assertEqualsBooleanAttributes(c1.isEnabled(), c2.isEnabled());
+ assertEqualsStringAttributes(c1.getBaseUrl(), c2.getBaseUrl());
assertEqualsBooleanAttributes(c1.isConsentRequired(), c2.isConsentRequired());
- assertEqualsBooleanAttributes(c1.isDirectAccessGrantsEnabled(), c2.isDirectAccessGrantsEnabled());
assertEqualsStringAttributes(c1.getProtocol(), c2.getProtocol());
-
- assertEqualsBooleanAttributes(c1.isBearerOnly(), c2.isBearerOnly());
- assertEqualsBooleanAttributes(c1.isPublicClient(), c2.isPublicClient());
- assertEqualsBooleanAttributes(c1.isSurrogateAuthRequired(), c2.isSurrogateAuthRequired());
-
- assertEqualsBooleanAttributes(c1.isFrontchannelLogout(), c2.isFrontchannelLogout());
-
- assertEqualsBooleanAttributes(c1.isServiceAccountsEnabled(), c2.isServiceAccountsEnabled());
assertEqualsListAttributes(c1.getRedirectUris(), c2.getRedirectUris());
- assertEqualsStringAttributes(c1.getBaseUrl(), c2.getBaseUrl());
- assertEqualsStringAttributes(c1.getAdminUrl(), c2.getAdminUrl());
- assertEqualsListAttributes(c1.getWebOrigins(), c2.getWebOrigins());
+
+ if (c1.getProtocol().equals(OIDC)) {
+ assertEqualsBooleanAttributes(c1.isBearerOnly(), c2.isBearerOnly());
+ if (!c1.isBearerOnly()) {
+ assertEqualsBooleanAttributes(c1.isDirectAccessGrantsEnabled(), c2.isDirectAccessGrantsEnabled());
+ assertEqualsBooleanAttributes(c1.isPublicClient(), c2.isPublicClient());
+ assertEqualsListAttributes(c1.getWebOrigins(), c2.getWebOrigins());
+ assertEqualsStringAttributes(c1.getAdminUrl(), c2.getAdminUrl());
+ }
+ assertEqualsBooleanAttributes(c1.isSurrogateAuthRequired(), c2.isSurrogateAuthRequired());
+ assertEqualsBooleanAttributes(c1.isServiceAccountsEnabled(), c2.isServiceAccountsEnabled());
+ }
+ else if (c1.getProtocol().equals(SAML)) {
+ assertEqualsBooleanAttributes(c1.isFrontchannelLogout(), c2.isFrontchannelLogout());
+ }
}
public void assertClientSamlAttributes(Map<String, String> expected, Map<String, String> actual) {
diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/ClientSettingsTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/ClientSettingsTest.java
index da601e7..d3aa64f 100644
--- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/ClientSettingsTest.java
+++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/ClientSettingsTest.java
@@ -35,6 +35,7 @@ import org.keycloak.testsuite.util.Timer;
*
* @author Filip Kiss
* @author tkyjovsk
+ * @author Vaclav Muzikar <vmuzikar@redhat.com>
*/
public class ClientSettingsTest extends AbstractClientTest {
@@ -49,7 +50,7 @@ public class ClientSettingsTest extends AbstractClientTest {
createClient(newClient);
assertAlertSuccess();
- setExpectedWebOrigins(newClient);
+ //setExpectedWebOrigins(newClient);
// read & verify
ClientRepresentation found = findClientByClientId(newClient.getClientId());
@@ -96,7 +97,7 @@ public class ClientSettingsTest extends AbstractClientTest {
createClient(newClient);
assertAlertSuccess();
- setExpectedWebOrigins(newClient);
+ //setExpectedWebOrigins(newClient);
ClientRepresentation found = findClientByClientId(newClient.getClientId());
assertNotNull("Client " + newClient.getClientId() + " was not found.", found);
@@ -144,10 +145,6 @@ public class ClientSettingsTest extends AbstractClientTest {
clientsPage.table().createClient();
createClientPage.form().save();
assertAlertDanger();
-
- createClientPage.form().setClientId("test-client");
- createClientPage.form().save();
- assertAlertDanger();
}
// @Test
@@ -182,4 +179,14 @@ public class ClientSettingsTest extends AbstractClientTest {
clientsPage.navigateTo();
pause(120000);
}
+
+ @Test
+ public void disabledClient() {
+ newClient = createOidcClientRep(CONFIDENTIAL, "disabled-client");
+ newClient.setEnabled(false);
+ createClient(newClient);
+
+ ClientRepresentation clientRepre = findClientByClientId("disabled-client");
+ assertTrue("Client should be disabled", clientRepre.isEnabled());
+ }
}
diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
old mode 100755
new mode 100644
index 3c1a17d..bb2782d
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
@@ -538,8 +538,10 @@ composite.associated-roles.tooltip=Realm level roles associated with this compos
composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role.
composite.associated-roles-client.tooltip=Client roles associated with this composite role.
partial-import=Partial Import
+partial-import.tooltip=Partial import allows you to import users, clients, and other resources from a previously exported json file.
file=File
+exported-json-file=Exported json file
import-from-realm=Import from realm
import-users=Import users
import-clients=Import clients
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/partial-import.html b/themes/src/main/resources/theme/base/admin/resources/partials/partial-import.html
index 4c7a719..f4ab51d 100644
--- a/themes/src/main/resources/theme/base/admin/resources/partials/partial-import.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/partial-import.html
@@ -1,11 +1,14 @@
<div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
- <h1>{{:: 'partial-import' | translate}}</h1>
+ <h1>
+ <span>{{:: 'partial-import' | translate}}</span>
+ <kc-tooltip>{{:: 'partial-import.tooltip' | translate}}</kc-tooltip>
+ </h1>
<form class="form-horizontal" name="partialImportForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
- <label for="name" class="col-sm-2 control-label">{{:: 'file' | translate}}</label>
+ <label for="name" class="col-sm-2 control-label">{{:: 'exported-json-file' | translate}}</label>
<div class="col-md-6" data-ng-hide="importing">
<label for="import-file" class="btn btn-default">{{:: 'select-file'| translate}} <i class="pficon pficon-import"></i></label>