External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-08 14:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,878 Commits 26 Branches 288 Tags
Commit Graph

1371 Commits

Author SHA1 Message Date
Pedro Igor
17f0dbdc1c Update browser flow with organization flow on migration 
Closes #36593

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-07 09:37:46 -03:00
forkimenjeckayang
c76676ebef
[OID4VCI] Make sure events are properly used in OID4VCI endpoints (#44946) 
Closes: #44679


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-07 11:06:45 +01:00
Bailey Lissington
b1536cf523
fix typo in authentication flows descriptions 
Closes #45066

Signed-off-by: Bailey Lissington <54869395+llamington@users.noreply.github.com>
 2025-12-23 13:40:33 +00:00
Giuseppe Graziano
790fb557db
Limit access Token expiration for jwt authorization grant (#44775) 
Closes #43972


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-18 09:21:29 +01:00
Ryan Emerson
9f6b8159ec
Create a LocalCacheProvider SPI (#44950) 
Closes #42223

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-12-17 12:46:05 +01:00
Palpable
94ee6d81fb
[OID4VCI] Realign naming of attribute configuring algorithms for credential (#44765) 
Closes #44621


Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-12-16 14:46:17 +01:00
Stefan Guilhen
22c144dd30 Rename workflow events 
- USER_ADDED -> USER_CREATED
- USER_ROLE_ADDED -> USER_ROLE_GRANTED
- USER_ROLE_REMOVED -> USER_ROLE_REVOKED

Closes #44879

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-12 14:15:24 -03:00
Christian Glasmachers
921b10ee80
Login failure cache: Evict entries after the configured failure reset time 
Closes #44801

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Christian Glasmachers <Christian.Glasmachers-extern@deutschebahn.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
 2025-12-10 11:20:19 +01:00
Stefan Guilhen
21eeb95fbc Rename workflow event USER_LOGGED_IN to USER_AUTHENTICATED 
Closes #44717

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-08 19:00:25 -03:00
Pedro Igor
89a8cddfd6
Make sure group permissions on view scope are not processed when querying users 
Closes #44329

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
 2025-12-08 14:39:40 +01:00
Pedro Igor
985777ebcc
Improvements to the notify step 
Closes #44708

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-05 18:58:03 +01:00
Pascal Knüppel
46e5979b17
[OID4VCI] Handle key_attestation_required in metadata endpoint (#44471) 
fixes #43801


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>
 2025-12-05 16:00:32 +01:00
Steve Hawkins
25186278fc fix: consolidating config logic 
closes: #42000

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-04 14:25:56 -03:00
forkimenjeckayang
4dd68c0316
[OID4VCI] Conformance Test Fixes (#44439) 
closes #44659


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 09:03:38 +01:00
Stefan Guilhen
65ab7f541d Add API method that fetches the scheduled workflow steps for a resource 
Closes #43660

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-03 11:09:55 -03:00
Stefan Guilhen
be714d935d Ensure GroupMemberLeaveEvent has a reference to the user leaving the group 
Closes #44400

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:46:43 -03:00
Pedro Ruivo
b35dd72392
User session deleted events for invalid sessions 
Closes #44513

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-28 15:43:59 +00:00
Sebastian Łaskawiec
aa789dd023 Logout confirmation 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-11-28 14:24:32 +01:00
Thomas Diesler
54bf9206b2
[OID4VCI] Credential Offer must be created by Issuer not Holder (#44255) 
closes #44116


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-27 16:07:10 +01:00
Pedro Igor
96aea99d6c
Make sure LDAP sync runs in a single cluster node and respecting the configured period 
Closes #43752

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-27 08:08:20 +01:00
rmartinc
d0e4d1f620 Better events for jwt-bearer and check all details in the tests 
CLoses #44137

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-26 12:09:51 +01:00
rmartinc
ca205272ba Initial integration of the JWT Authorization Grant in client Policies 
Using the downscope executor for testing
Closes #44201

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-24 19:37:07 +01:00
vramik
0825f22331 Add toPredicate implementation for conditions 
Closes #42696

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-24 08:56:36 -03:00
Awambeng
8406cf34fb
[OID4VCI]: Realm-Configurable Time-Claim Normalization (Randomize/Round) to Mitigate Correlation (#43834) 
Closes #43399


Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-11-24 11:07:07 +01:00
Stian Thorgersen
2a78bc67d7
Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325) 
Closes #44253
Closes #42987
Closes #44063

Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-22 12:53:22 +01:00
vramik
091b57c1e4 Flaky test: org.keycloak.testsuite.account.AccountRestServiceTest#listApplicationsWithoutPermission 
Closes #43755

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-21 15:05:41 -03:00
Pedro Ruivo
13ef89664c
More accurate user session expiration logic 
Closes #44204

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-19 21:06:17 +01:00
Giuseppe Graziano
3e8b2f8ab7
New JWT Authorization Grant Identity provider (#44176) 
Closes #43570

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-19 09:18:23 +01:00
Marek Posolda
a4c583246d
Use the unified constants class for sd-jwt/oid4vc standard data and claims (#44153) 
closes #44152

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-18 10:41:04 +01:00
Stefan Guilhen
464d1a6741 Improve updating existing workflows 
- allow updating entire workflow when no scheduled tasks exist
- allow updating conditions, concurrency, and steps config when scheduled tasks exists

Closes #42618

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-17 09:10:29 -03:00
Stian Thorgersen
a2c1055f8d
Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
Vlasta Ramik
d2697232b9
Rename bind endpoint to activate 
Closes #44155

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-13 22:15:33 +01:00
Chance Coleman
b2317dabdc
Add configurable HTTP retry mechanism for OCSP validation (#42535) 
Closes #42401


Signed-off-by: UnicornChance <chance@defenseunicorns.com>
Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>
 2025-11-13 13:21:13 +01:00
Stefan Guilhen
da7993896d Allow ISO-8601 compatible format for the after field in workflow steps 
- aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations

Closes #42913

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 18:51:49 -03:00
Stefan Guilhen
7acf2ceccb Add pagination and search by name capabilities to WorkflowsResource 
Closes #44164

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 17:18:11 -03:00
vramik
84a679224b Add operation to deactivate a workflow execution for a resource 
Closes #42124

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-12 17:02:17 -03:00
Ricardo Martin
de49500393
Client policy to enforce only downscoping in Token Exchange (#44030) 
Closes #43931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 08:48:42 +01:00
Giuseppe Graziano
c0e34fa45f
Additional configuration and validation for jwt assertion grant (#44014) 
Closes #43873

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-10 14:34:06 +01:00
Stian Thorgersen
d8275fe5df
Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Pedro Ruivo
18eeef7b26
Create user session expired event 
Closes #43942

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-07 22:36:47 +00:00
Pedro Ruivo
80895d7fb4
AUTH_SESSION_ID cookie has the incorrect route 
Fixes #43933

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-07 21:32:45 +00:00
Pedro Igor
33f1dda2cf Processing workflow events asynchronously - Part 1 
Closes #42386

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-07 10:57:05 -03:00
mposolda
b8a8be33aa Audience validation according to latest specs proposal 
closes #43984

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-06 10:21:35 +01:00
Stian Thorgersen
b278dbbb3d
Allow identity provider configuration without defaults for user authentication (#43963) 
Closes #43552

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 10:13:40 -03:00
Giuseppe Graziano
4b443f04ee
JWT Authorization grant idp config (#43841) 
Closes #43568

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-04 14:46:14 +01:00
Thomas Diesler
131e2357a9 Cannot issue vc of type oid4vc_natural_person 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-04 10:46:44 +01:00
KONSTANTINOS GEORGILAKIS
1c0d4616a5
hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:26:12 +00:00
sander boer
d805a28ea4
Adds group description during import 
Adds the group description during group import from a
representation. This ensures that the description is properly
populated when groups are created from external sources.

Closes #42851

Signed-off-by: Sander <mail@sanderboer.nl>
 2025-11-03 16:08:49 +00:00
Stian Thorgersen
d0a7225b3d
Allow CORS Access-Control-Allow-Headers customization (#43767) 
Closes #12682

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-03 06:39:44 +00:00
Stian Thorgersen
1048c8d9c9
Filter out non-user authentication IdPs from account and login (#43798) 
Closes #43553

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-31 12:40:04 +01:00