External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 15:02:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,885 Commits 26 Branches 288 Tags
Commit Graph

1373 Commits

Author SHA1 Message Date
Pascal Knüppel
17e2602a56
[OID4VCI] Fix creation of clientScopes with protocol oid4vc (#39556) 
closes #39527

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2025-06-05 08:49:05 +02:00
mposolda
ab7edb0d01 Introduce ExternalToInternalTokenExchangeProvider. Make it working with Google IDP using token-info endpoint instead of user-info endpoint 
closes #40146
closes #40133

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-06-04 10:03:52 +02:00
Martin Kanis
f35c413b31 Add re-authentication when updating email via UPDATE_EMAIL feature 
Closes #39670

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-06-03 09:09:44 -03:00
mposolda
a66f7fbc53 Fix NPE during external-internal token exchange in case that user exists 
closes #40104

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-05-31 08:31:45 +02:00
Pedro Igor
7cc055f8a6 Verify brokered user email based on the email_verified claim from the ID Token returned by the OP 
Closes #39885

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-29 10:45:18 -03:00
rmartinc
9e7ef7989d Better locale management in the admin console 
Closes #39934

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-28 10:47:14 +02:00
Pedro Igor
e6e6fa60fa Adding OAuth2-based identity broker 
Closes #35266

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-27 12:07:01 -03:00
Michal Hajas
88f660b235
Add experimental feature rolling-updates:v2 that allows rolling updat… (#39751) 
...e for patch releases
Closes #38882
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-05-27 11:17:42 -03:00
rmartinc
5c28ee4d4c Create client passwords calculating the entropy size for JWT with client secret 
Closes #38621

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-27 10:23:58 +02:00
Giuseppe Graziano
8833c0aa5d Ignore Accept-Language header for reset email from admin api 
Closes #36986

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-05-27 10:14:22 +02:00
Anchels
d91688198c Removed dead local stores 
Closes #39698

Signed-off-by: Anchels <mishtitov@gmail.com>
 2025-05-27 09:09:13 +02:00
Pedro Igor
7aab9fade8 Move FGAP types to a specific package 
Closes #39712

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-22 09:53:16 -03:00
rmartinc
3c511635ba Skip AIA for webauthn register if a crendential of teh correct type already exists 
Closes #39191

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-20 18:09:12 +02:00
Kai J. Witt
c76bb0683c
Make max auth age configurable for all required actions by default 
Moved the current configuration implementation for the update password

Closes #39408

Signed-off-by: Kai Josef Witt <KWitt@vhv.de>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Kai Josef Witt <KWitt@vhv.de>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-05-15 08:44:38 +02:00
Erik Jan de Wit
cbd0d18f6a
add description to groups 
fixes #39172

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-14 06:41:01 -04:00
Pedro Igor
34ad280665
Build user representations when searching based on the user profile settings 
Closes #39595

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-14 10:42:25 +02:00
Alexander Schwartz
4b47697c83
Lazily process sessions from ISPN to avoid fetching client sessions (#39639) 
Closes #39638

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-13 13:16:41 +02:00
Steven Hawkins
9193a9ccad
fix: refining DefaultCors logging (#39582) 
also using allowAllOrigins where possible

closes: #39492

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-05-13 09:54:01 +02:00
Pedro Igor
4973de6314
Do not show email during registation if user has no permission 
Closes #37899

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-09 09:11:35 +02:00
Pedro Igor
8716d2425d
Skip partial evaluation if there is no realm bound to the session 
Closes #39465

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-08 09:29:53 +02:00
Steve Hawkins
abc448e4d1 fix: performing inline user import for multi-file 
closes: #38251

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-05-07 14:22:39 -03:00
vramik
56389c44c8 [FGAP] Refactor permission evaluation code for V2 
Closes #38086

Signed-off-by: vramik <vramik@redhat.com>
 2025-05-05 17:11:16 -03:00
Steven Hawkins
24910d9e1c
addresses slow import/export performance by limiting persistence context size (#37926) 
* fix: addresses slow import/export performance with more batching

closes: #37991

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing flush/detach manipulation

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* refining the doc note about using multiple files for larger user counts

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding doc note about useExistingSession method removal

and expanding javadocs

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-04-29 18:57:45 -04:00
rmartinc
4730dbdd8d Make recovery codes supported 
Closes #38994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-29 10:25:46 +02:00
Pedro Ruivo
eafe08a73a
Create CacheEmbeddedConfigProvider 
Closes #38497

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-04-28 13:00:53 +02:00
mposolda
4e95bde179 Avoid using password policy for configuration of recovery codes warning threshold 
closes #39214

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-28 10:06:01 +02:00
Garth
2c06078484 Added ThemeManagerSpi and ported DefaultThemeManagerFactory to use it. 
Closes #38433.

Signed-off-by: Garth <244253+xgp@users.noreply.github.com>

Moved ThemeManagerSpi and ThemeManagerFactory to server-spi-private. Marked internal. Added to org.keycloak.provider.Spi file

Signed-off-by: Garth <244253+xgp@users.noreply.github.com>
 2025-04-25 09:35:10 +02:00
Marek Posolda
025b2ba442
Introducing IdpLinkAction as AIA to replace client-initiated account linking (#38952) 
closes #37269
closes #35446

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2025-04-17 13:20:05 +02:00
Pedro Ruivo
636fffe0bc
Create CacheRemoteConfigProvider (#38570) 
Closes #38496

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2025-04-16 17:08:43 +02:00
Michal Hajas
4dc4de7c12
Remove CACHE-EMBEDDED-REMOTE-STORE experimental feature 
Closes #34160

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-04-16 12:01:55 +00:00
Vlasta Ramik
367c76417e
Change IDENTITY_PROVIDER_LOGIN and its ERROR to be saved by default (#38825) 
Closes #38824

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-14 09:23:44 -03:00
Pedro Igor
e68e43cbc8
Cache resource names associated to policies to improve partial evaluation 
Closes #38837

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-10 19:50:26 +02:00
vramik
fcd4e2bfff Client 'admin-permissions' doesn't have protocol set. 
Closes #38765

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-09 13:41:14 -03:00
Pedro Igor
ae88d7921f
Improvements to partial evaluation 
Closes #38732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-09 18:15:28 +02:00
Pedro Igor
be880ae204
Do not cache partial results when FGAP is enabled 
Closes #38705

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-08 08:22:22 +02:00
Pedro Igor
8521b9952a
Export failing if the realm has FGAP enabled 
Closes #38695

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-07 18:47:44 +02:00
Pedro Igor
87430fc181
Add impersonate-members scope to group resource type 
Closes #38566

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-07 14:56:27 +00:00
vramik
6488890585 [FGAP:V2] remove configure scope from Client resource type 
Closes #38567

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-07 07:05:02 -03:00
Stefan Guilhen
c4c3e2eee6 Allow redirection to idp when user email matches any of the org domains 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Panzer <martin.panzer@active-logistics.com>

Closes #33804
 2025-04-04 11:28:04 -03:00
Pedro Igor
dbb0179a93 Aligning partial evaluation with the outcome from regular evaluations 
Closes #38626

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-03 12:07:30 -03:00
rtufisi
134437a5a7
Create recovery keys in user storage or local (#38446) 
closes #38445

Signed-off-by: rtufisi <rtufisi@phasetwo.io>
 2025-04-03 10:09:48 +02:00
Giuseppe Graziano
50fef70f14 Change cookie type for KC_AUTH_SESSION_HASH 
Closes #38417

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-04-03 08:45:31 +02:00
rmartinc
a10c8119d4 Define a max expiration window for Signed JWT client authentication 
Closes #38576

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-02 18:32:54 +02:00
mposolda
a978d8b56b Better handling of incorrect roleName in KeycloakModelUtils.getRoleFromString 
closes #38579

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-02 09:53:58 +02:00
Pedro Igor
61cb0acbc4 Fixing inconsistencies when evaluating permission in the evaluation tab 
Closes #38498

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-01 11:40:27 -03:00
Steven Hawkins
06e0885f46
fix: adds back reporting of non-ip client addresses (#37797) 
closes: #36843

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/AbstractTokenExchangeProvider.java
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/StandardTokenExchangeProvider.java
 2025-03-27 19:33:20 +00:00
Stefan Guilhen
e694065aed User UserModel.isFederated() instead of comparing federation link to null 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #38137
 2025-03-27 08:11:14 -03:00
Pedro Igor
78aa8b486f User not visible when permission with different scope exists 
Closes #38369

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-03-27 08:01:04 -03:00
Pedro Igor
75651ff5c0 Partial evaluation processing only permissions with scope view 
Closes #38436

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-03-27 08:01:04 -03:00
Yoshiyuki Tabata
08bac045be Raising an event when a ClientPolicyException is caught #38366 
Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2025-03-27 10:41:21 +01:00