fix: adding admin role invalidation when a new realm is found#46019
Merged
Conversation
Closed
2 tasks
2149696 to
c9db92b
Compare
closes: keycloak#45966 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
…ispan/RealmCacheSession.java Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
ahus1
approved these changes
Feb 13, 2026
ahus1
left a comment
Member
There was a problem hiding this comment.
Thank you for all the investigation to find this solution, and thank you for implementing this.
shawkins
added a commit
to shawkins/keycloak
that referenced
this pull request
Feb 13, 2026
…ak#46019) * fix: adding admin role invalidation when a new realm is found closes: keycloak#45966 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * adding a comment and a permission tweak for imported realms Signed-off-by: Steve Hawkins <shawkins@redhat.com> * checking getShouldUseLightweightToken Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> (cherry picked from commit 19118a0)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes: #45966
In order to not require a restart on a new realm import there are two changes.
Whenever an admin performs an operation on the new realm, the new logic in RealmSessionCache will invalidate the master admin role if needed.
Then for that to be applicable to the current operation, it needs to also be taken into account for the MgmtPermissions role logic - the newly invalidated admin role is checked for new roles.