External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-08 14:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,878 Commits 26 Branches 288 Tags
Commit Graph

5628 Commits

Author SHA1 Message Date
Alexander Schwartz
3b01bbb551
Adding x-robots HTTP header to all Keycloak resources (#44864) 
Closes #44863

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-07 15:11:54 +01:00
Martin Kanis
a9a89005fa Can not get through SSO login if using a custom attribute with default value 
Closes #44785

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2026-01-07 09:41:40 -03:00
forkimenjeckayang
c76676ebef
[OID4VCI] Make sure events are properly used in OID4VCI endpoints (#44946) 
Closes: #44679


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-07 11:06:45 +01:00
Marek Posolda
f938d894b9
AdminEvent.getResourcePath() returns paths with duplicated slashes 
closes #45114

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-05 21:18:39 +00:00
ksushant881
5939864b76 Add action that removes a required action step in workflow 
Closes #44647

Signed-off-by: ksushant881 <ksushant881@gmail.com>
 2026-01-05 16:10:20 -03:00
Pedro Igor
0d5766f3a8 Allow running scheduled workflows 
Closes #44865

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-05 13:03:47 -03:00
Rathan Naik
2af7c843af Fix organization invitation redirect to respect account client base URL 
When an organization's redirect URL is left empty, Keycloak currently defaults
to the account console URL, ignoring the account client's configured Home URL
(base URL). This fix checks the account client's base URL before falling back
to the default account console URL.

Changes:
- Added resolveAccountClientBaseUrl() helper method in OrganizationInvitationResource
- Added setBaseUrl() method to ClientAttributeUpdater test utility
- Added integration tests for the new behavior

Closes #45052

Signed-off-by: Rathan Naik <30756840+Rathan-Naik@users.noreply.github.com>
 2026-01-05 08:58:27 -03:00
Alexander Schwartz
a6bf194487
Remove usage of kcSanitize() to avoid printing HTML (#44755) 
Closes #44753


Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 10:45:32 +01:00
Robin Meese
0d0d468f27
Add ability to delete offline sessions via account console 
Closes #15502

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2026-01-05 08:26:47 +01:00
Christian Ja
374e45b883
Use default locale from realm an intermediate fallback 
closes #40990

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-01 14:23:33 +00:00
Robin Meese
35ee49b5d4
Add logout event to UserSessionLimitsAuthenticator 
Closes #44843

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-01 13:22:54 +00:00
Stefan Guilhen
b567372d20 Use KeycloakModelUtils to resolve groups by path 
Closes #45072

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 11:29:43 -03:00
Stefan Guilhen
985ec6d306 Add name uniqueness validation to workflows 
Closes #43914

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

# Conflicts:
#	tests/base/src/test/java/org/keycloak/tests/workflow/WorkflowManagementTest.java
 2025-12-29 10:24:56 -03:00
Robin Meese
0957572751
Add logout event to SessionResource 
Closes #44842

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-12-29 12:25:45 +00:00
Stefan Guilhen
44c492ed97
Add OpenAPI annotations to workflows resources (#45007) 
* feat(openapi): add missing OpenAPI annotations to API methods

Add missing OpenAPI annotations to API methods across the REST services so the generated OpenAPI spec and Swagger UI include the complete API metadata.

Ensures consistent tagging and parameter/response descriptions for admin endpoints.

No behavior change; only adds documentation annotations.

Closes #42695

Signed-off-by: MOUNIAT-1002 <20225680@etud.univ-evry.fr>

* Add missing OpenAPI annotations

Closes #42695

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

---------

Signed-off-by: MOUNIAT-1002 <20225680@etud.univ-evry.fr>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: MOUNIAT-1002 <20225680@etud.univ-evry.fr>
 2025-12-19 13:02:23 -05:00
Stephan Seifermann
aefecade5c
Client cert lookup provider compliant to RFC 9440 (#36161) 
* Client cert lookup provider compliant to RFC 9440 (#20761)

Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com>

* Release notes

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Stephan Seifermann <seiferma@users.noreply.github.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-12-19 12:38:54 +01:00
rmartinc
7be37f1e0d Add webauthn for organization authenticator when org is selected 
Closes #44735

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-19 08:45:10 +01:00
mposolda
ff1274c07a Mandatory claims are not enforced for OID4VCI 
closes #44796

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-18 16:04:13 +01:00
Pedro Igor
f36819e943
Adding join and leave group steps (#44841) 
Closes #44649

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-18 13:07:23 +01:00
Giuseppe Graziano
790fb557db
Limit access Token expiration for jwt authorization grant (#44775) 
Closes #43972


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-18 09:21:29 +01:00
forkimenjeckayang
f5a3086027
Use correct parameter for the getCredentialOfferPreflight method (#44931) 
Closes #44742

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-17 18:41:57 +01:00
Pascal Knüppel
b2778a6792
[OID4VCI] Add mapper for mapping unmanaged attributes (#44828) 
closes #44780


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2025-12-17 18:39:00 +01:00
forkimenjeckayang
ca617d9711
[OID4VCI]: Use Keycloak time utility for OID4VC related timestamps (#44871) 
Closes: #44235


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-17 14:58:01 +01:00
Awambeng Rodrick
3218cd1847 Adjust OID4VC request logging verbosity 
- Downgrade request-level INFO logs in the OID4VC issuer flow to DEBUG and log malformed display metadata as WARN instead of INFO to keep lifecycle logs clean.

Closes #44675

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-12-17 14:08:02 +01:00
Sebastian Łaskawiec
9597537bf3
Additional fields for the Welcome Resource (#44758) 
* Additional fields added to the Welcome Page

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>

* Updated the order of fields

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>

---------

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-12-17 13:11:44 +01:00
Ryan Emerson
9f6b8159ec
Create a LocalCacheProvider SPI (#44950) 
Closes #42223

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-12-17 12:46:05 +01:00
Martin Kanis
012cefb654 The existence of an organization attribute called id is not validated 
Closes #44522

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-12-17 08:05:32 -03:00
Steven Hawkins
148d14816c
fix: allowing settable connection request timeout (#44592) 
also defaulting to 5000

closes: #44500

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-16 16:35:01 +00:00
Steven Hawkins
5bf740e383
fix: preventing raw stacktrace response and error log (#44815) 
closes: #44712

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-16 15:28:29 +01:00
Palpable
94ee6d81fb
[OID4VCI] Realign naming of attribute configuring algorithms for credential (#44765) 
Closes #44621


Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-12-16 14:46:17 +01:00
Stian Thorgersen
5ae60f3513
Fix NPE in JWT authenticators (#44941) 
Closes #44940

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-16 14:41:14 +01:00
Awambeng Rodrick
a1bffa3ddc Add spec-compliant jwt vc issuer well-known endpoint 
- expose /.well-known/jwt-vc-issuer/realms/{realm} and keep legacy route with deprecation headers
- build consumer metadata URL per draft-ietf-oauth-sd-jwt-vc-13 and add realm-path coverage
- add integration test for new path plus deprecation headers on legacy endpoint

Closes #44256

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-12-16 13:46:06 +01:00
forkimenjeckayang
2f7045d7dd
Remove deferred credential endpoint from OID4VC metadata (#44907) 
Closes #44779

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-16 12:50:12 +01:00
Awambeng
af8e905774
refactor(oid4vc): remove notification ID handling and related endpoint (#44844) 
Closes #44802


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-12-12 14:38:01 +01:00
Pedro Igor
84a0324d60 Adding grant and revoke role steps 
Closes #44648

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-12 09:38:39 -03:00
Ruchika Jha
26fe8dc7d8
Added validation for client session timeout post comparing the realm session timeouts 
Closes #41019

Signed-off-by: ruchikajha95 <Ruchika.Jha1@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-11 13:58:04 +01:00
Christian Ja
4e01d85772
Add configurable SMTP timeouts (#43594) 
* Add configurable SMTP timeouts

closes #35836 #14509

Signed-off-by: Christian Janker <christian.janker@gmx.at>

* Allow setting SMTP timeout in realm settings

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-11 11:19:09 +00:00
forkimenjeckayang
be22a4bd62
[OID4VCI] Fix OID4VC wallet interoperability issues (#44682) 
closes #44736


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-10 12:08:01 +01:00
Marek Posolda
f641269ac1
CredentialRequest with credentialIdentifier does not work when creden… (#44794) 
closes #44793


Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-10 12:02:52 +01:00
Martin Kanis
5ee4cb5157
Fix for missing object representation in admin event log when deleting user, group, client (#43620) 
* Fix for missing object representation in admin event log when deleting user, group, client

Closes #33009

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>

* Fix issues and add role representation when deleting a role

Closes #33009

Signed-off-by: Martin Kanis <mkanis@redhat.com>

---------

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: jwozniakowski <wozniakowski@netguardians.ch>
 2025-12-09 12:32:18 +01:00
rmartinc
43c1a169e4 Manage service accounts when updating a client using registration 
Closes #44257

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-09 12:11:11 +01:00
Stefan Guilhen
484980dbbe Add API method to allow activating a workflow for all eligible resources 
Closes #44643

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-08 09:45:45 -03:00
Alexander Schwartz
2f81a2fb76
Updating and ordering the release notes 
Closes #44706

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-08 10:55:33 +01:00
mposolda
3e001a378f Credential offer endpoint has parameter user_id, but expects username 
closes #44642

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-08 10:42:35 +01:00
Marek Posolda
11210743f7
Arquillian tests fails when running from Intellij Idea 
closes #44713

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-06 21:44:11 +01:00
Pedro Igor
985777ebcc
Improvements to the notify step 
Closes #44708

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-05 18:58:03 +01:00
Pascal Knüppel
46e5979b17
[OID4VCI] Handle key_attestation_required in metadata endpoint (#44471) 
fixes #43801


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>
 2025-12-05 16:00:32 +01:00
Steve Hawkins
25186278fc fix: consolidating config logic 
closes: #42000

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-04 14:25:56 -03:00
forkimenjeckayang
3099cc2294
[OID4VCI]: Add UI for OID4VCI Protocol Mapper Configuration (#44390) 
Closes: #43901


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 14:18:37 +01:00
forkimenjeckayang
4dd68c0316
[OID4VCI] Conformance Test Fixes (#44439) 
closes #44659


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 09:03:38 +01:00