keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 15:02:05 -03:30

Author	SHA1	Message	Date
Stian Thorgersen	d0a7225b3d	Allow CORS Access-Control-Allow-Headers customization (#43767 ) Closes #12682 Signed-off-by: stianst <stianst@gmail.com>	2025-11-03 06:39:44 +00:00
Stian Thorgersen	1048c8d9c9	Filter out non-user authentication IdPs from account and login (#43798 ) Closes #43553 Signed-off-by: stianst <stianst@gmail.com>	2025-10-31 12:40:04 +01:00
rmartinc	f92adda310	Improve JWT Assertion Validation using client validators Closes #43642 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-31 11:58:08 +01:00
forkimenjeckayang	f27982aeb7	[OID4VCI] Ensure authorization_details from PAR requests are properly returned in token responses (#43215 ) Closes #43214 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com> Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> Co-authored-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-10-31 11:39:38 +01:00
Ingrid Kamga	ea06651da5	[OID4VCI] Ensure `openid_credential` is one of `authorization_details_types_supported` on the Authorization Server metadata (#43599 ) Closes #43398 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2025-10-31 11:32:24 +01:00
Stian Thorgersen	be6a3814fb	Add CORS support to OIDC dynamic client registration endpoints (#43625 ) Closes #8863 Signed-off-by: stianst <stianst@gmail.com>	2025-10-30 12:12:08 +01:00
Tomáš Kyjovský	4c64b7189c	Deprecate `org.keycloak.common.util.Base64` Closes #43370 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-30 09:12:14 +01:00
Giuseppe Graziano	759e062131	JWT Authorization grant client configuration (#43685 ) closes #43567 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-10-29 08:45:51 +01:00
Pedro Igor	42edee22d9	Email should be set when email as username is enabled and email is read-only Closes #43718 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-28 14:44:57 +01:00
Stefan Guilhen	3751bc050d	Workflows enhancements - Allow specifying a parameter in events to better tie workflows to more specific events (e.g. user-role-added(name-of-role)) - Make workflows 'if' and 'on' fields use expressions by default - Fix condition evaluation inconsistencies by having a single param for each condition - Remove need to use double quotes for condition parameters - Reference groups by path instead of id in conditions Closes #43137 Closes #43536 Closes #43537 Closes #43661 Closes #43715 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-10-27 07:20:59 -03:00
vramik	b1c0c15ad5	Add validation for Workflwow, Condition and Steps fields Closes #43559 Signed-off-by: vramik <vramik@redhat.com>	2025-10-23 09:33:35 -03:00
Giuseppe Graziano	a25a0268de	Experimental feature for JWT Authorization Grant (#43624 ) Closes #43444 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-10-22 15:34:33 +02:00
Stian Thorgersen	84a161d4dd	Extract related methods from IdentityProvider to UserIdentityProvider (#43535 ) Closes #43534 Signed-off-by: stianst <stianst@gmail.com>	2025-10-21 14:27:07 +00:00
Pedro Igor	c5b560e2d8	Update user profile to allow returning a brief user representation Closes #42225 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-21 12:52:31 +02:00
vramik	4dc398354a	Restart workflow basen on `concurrency/cancel-if-running` option rather than `reset-on` option Closes #42911 Signed-off-by: vramik <vramik@redhat.com>	2025-10-17 10:06:43 -03:00
Stefan Guilhen	4985fa25c6	Add restart step provider, replacing the recurring config option Closes #42910 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-10-16 11:49:14 -03:00
Pedro Igor	fa581c8148	Allow passing a context to steps Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-13 09:53:30 -03:00
Pedro Igor	5b5a83b800	Moving WorkflowsManager and WorkflowStateSpi to server-spi-private module Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-13 09:53:30 -03:00
stianst	aedd7fe5db	Remove unused imports as part of #43233 Signed-off-by: stianst <stianst@gmail.com>	2025-10-13 13:32:01 +02:00
sashyo	8dd7437e90	feat(timer-provider): expose scheduled tasks and start time (#43107 ) update to return task name and taskcontext and using keycloak time over instant fix naming Signed-off-by: Sasha Le <iamsasha.le@gmail.com>	2025-10-07 07:56:38 +00:00
vramik	03052e79b9	Fix scope interference Closes #40965 Signed-off-by: vramik <vramik@redhat.com>	2025-09-30 09:20:22 -03:00
Stefan Guilhen	7f29c9bb88	Improve workflow logging messages - every execution gets its own id that can be used to track all activities related to that particular workflow execution Closes #42952 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-09-29 23:10:21 -03:00
Pedro Igor	d6da849206	Introducing a EMAL_PENDING user attribute to set the email pending verification Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-29 12:41:41 -03:00
Stian Thorgersen	dbd516f8e6	Refactor SimpleHttp to make it injectable and usable outside server (#42936 ) Closes #42902 Signed-off-by: stianst <stianst@gmail.com>	2025-09-29 08:37:05 +02:00
Pedro Igor	6e851ce80e	Only filter default organization related scopes based on dynamic scope format Closes #42877 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-26 16:28:12 -03:00
Stefan Guilhen	7e28d13e76	Add workflow condition that uses boolean expressions to combine and negate conditions Closes #42583 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-09-26 07:52:12 -03:00
vramik	80453bdbfb	Allow defining steps in a workflow that can run immediate or scheduled Closes #42888 Signed-off-by: vramik <vramik@redhat.com>	2025-09-25 14:37:22 -03:00
forkimenjeckayang	29bee21683	[OID4VCI] Fix authorization_details generation and credential identifier mapping for conformance tests (#42819 ) Closes: #42818 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-25 13:56:30 +02:00
rmartinc	1d28c0cd35	Expose system-info information in the serverinfo endpoint only for users in the admin realm Closes #42828 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-24 17:21:57 +02:00
Pedro Igor	41b64c91aa	Do not update email if there is no email from the IdP Closes #42390 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-24 04:05:05 -03:00
Pedro Igor	fe8fce859d	Improve the Workflow JSON schema Closes #42697 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-24 04:04:44 -03:00
Pedro Igor	54d2451b35	Make user read-only and a proper error message when the user federation provider is not available Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-24 04:03:13 -03:00
Vlasta Ramik	44b4235b50	Validation for immediate workflows Closes #42382 Signed-off-by: vramik <vramik@redhat.com>	2025-09-18 14:51:04 +02:00
Pedro Igor	c1fdbb0be4	Better names for workflow events Closes #42389 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-18 14:50:45 +02:00
Stian Thorgersen	f9ee040ef0	Add federated subject configuration option to federated-jwt authenticator (#42610 ) Closes #42608 Signed-off-by: stianst <stianst@gmail.com>	2025-09-17 13:39:50 +02:00
Giuseppe Graziano	fd7f5351ad	Client Authenticator configurable per client Closes #42044 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-09-16 16:54:39 +02:00
vramik	d0e83cc05e	Rename RLM to Workflows Closes #42512 Signed-off-by: vramik <vramik@redhat.com>	2025-09-16 08:52:50 -03:00
forkimenjeckayang	64e0b450aa	[OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint (#40751 ) Closes #39278 Closes #39279 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2025-09-15 14:02:45 +02:00
forkimenjeckayang	66677da8f7	[OID4VC]: Update the issuer metadata for signed metadata (#42428 ) Closes #41588 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-12 08:51:56 +02:00
Pedro Igor	0d5dfc3eae	Add support for ad-hoc policies (#42508 ) Closes #42126 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-10 15:40:17 +00:00
Stefan Guilhen	371e4289c3	Add action that sets a required action for a user (#42509 ) Closes #42506 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-09-10 14:40:20 +00:00
Stian Thorgersen	1e5d52975e	Refactor JWTValidator to allow use both for self-signed and federated client assertions (#42472 ) Closes: #42463 Signed-off-by: stianst <stianst@gmail.com>	2025-09-10 08:11:18 +02:00
Pedro Igor	1b17a3c9a6	Add a policy condition based on user roles (#42487 ) Closes #42117 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-10 03:23:56 +02:00
Vlasta Ramik	4382072d89	[RLM] Disable policy when the origin or selection criteria is removed Closes keycloak#42123 Signed-off-by: vramik <vramik@redhat.com>	2025-09-09 16:46:43 -03:00
Steven Hawkins	b743b3d3b1	fix: adding better management of closed entitymanagers closes: #42114 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-09-05 16:57:47 +02:00
Pedro Igor	a42550d2e5	Add support for aggregated actions Closes #42119 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-05 10:29:18 -03:00
Stefan Guilhen	3d88846732	Add support for immediate policies Closes #42311 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-09-05 08:50:15 -03:00
Pedro Igor	4abe5b5f4a	Initial implementation for the RLM scheduled task Closes #42105 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-04 17:19:53 +02:00
Stian Thorgersen	320ea5a9a7	Experimental SPIFFE identity provider (#42314 ) Closes #42313 Signed-off-by: stianst <stianst@gmail.com>	2025-09-04 14:48:18 +02:00
forkimenjeckayang	6e767a30b8	Centralize OID4VCI Protocol Constants in Oid4VciConstants and Refactor Usages (#41481 ) Closes #40083 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-04 13:12:10 +02:00

1 2 3 4 5 ...

1373 Commits