External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
28,207 Commits 26 Branches 288 Tags
Commit Graph

851 Commits

Author SHA1 Message Date
Alexander Schwartz
4cd381edbf
Avoid holding on to the realm in cached configurations 
Closes #43744

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 08:01:02 -03:00
rmartinc
36ef5c0959 Return user session started time when client note is missing for offline 
Closes #39021

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 11b032f9cd5b336c1002ccb19e4977b1699f8ffa)
 2025-05-07 11:14:32 +02:00
Stefan Guilhen
a4ca92ab4d
Validate realm name for uniqueness before creating a new realm in the DB 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #38426
 2025-04-07 08:49:42 -04:00
Stefan Guilhen
c4c3e2eee6 Allow redirection to idp when user email matches any of the org domains 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Panzer <martin.panzer@active-logistics.com>

Closes #33804
 2025-04-04 11:28:04 -03:00
rtufisi
134437a5a7
Create recovery keys in user storage or local (#38446) 
closes #38445

Signed-off-by: rtufisi <rtufisi@phasetwo.io>
 2025-04-03 10:09:48 +02:00
Steven Hawkins
06e0885f46
fix: adds back reporting of non-ip client addresses (#37797) 
closes: #36843

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/AbstractTokenExchangeProvider.java
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/StandardTokenExchangeProvider.java
 2025-03-27 19:33:20 +00:00
Sebastian Rose
4fb1c41155 Sending Mails via SMTP and XOAUTH2 authentication mechanism 
Closes #17432

Signed-off-by: Sebastian Rose <sebastian.rose@gmail.com>
 2025-03-21 10:12:18 +01:00
Pedro Igor
a4000575a4 Initial support for partial evaluation 
Closes #38085

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-03-19 13:30:52 -03:00
Steven Hawkins
d9c3511fa5
fix: adding a check if the proxy is trusted prior to using a cert header (#37465) 
closes: #35861

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-03-12 11:21:33 +01:00
Marek Posolda
92c96033f2
Session type incorrectly set in access-token context when token created with scope=offline_access (#37701) 
closes #37694

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-02-27 15:53:23 +01:00
Giuseppe Graziano
fd3a4a3377 Support client policies for token exchange 
Closes #37122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-02-25 14:25:55 +01:00
Pedro Igor
1cb7a4736c
Slow query when checking if a realm has brokers and brokering is enabled 
Closes #37062

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-02-05 13:49:32 +00:00
Pedro Igor
602df06191 Allows querying credential from user storage providers 
Closes #35020

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-02-05 07:56:05 -03:00
rmartinc
25953f2fbb Add option to sign the IdP metadata for SAML 
Closes #34132

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-01-15 11:50:26 +01:00
Michal Hajas
3839f8e3b5
Add metric for password validations (#36049) 
Closes #36048
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-07 10:05:47 +01:00
rmartinc
e7e6185175 Fix expires_in in internal to external token exchange 
Closes #35704

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-12-18 09:08:19 +01:00
Thomas Darimont
368c1f5a76
Add ProviderConfigProperty types for numeric values 
Fixes #29511

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-12-16 14:53:06 +01:00
vramik
044807f162 [FGAP] Create new internal client which would hold the authorization objects for feature V2 
Closes #34565

Signed-off-by: vramik <vramik@redhat.com>
 2024-12-05 11:56:13 -03:00
Stefan Guilhen
9861acc2aa UserSessionProvider.removeUserSessions now removes all user sessions (both regular and offline) 
Closes #31359

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-11-29 12:35:15 -03:00
Pedro Igor
45f9bcd673 Resolve scopes from bearer tokens when processing requests to the Account API 
Closes #35357

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-27 14:17:53 -03:00
Pedro Igor
5d6b9c1460 Resolve scopes from authenticated client sessions when selecting attributes 
Closes #35192

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-22 12:32:24 +01:00
vramik
440e81c8b9 Add a realm-level setting to enable FGAP to a realm 
Closes #34920

Signed-off-by: vramik <vramik@redhat.com>
 2024-11-19 09:59:34 -03:00
Giuseppe Graziano
05adf19848
Authentication session with changelog transaction 
Closes #23881
Closes #32658

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-11-15 14:10:15 +01:00
Giuseppe Graziano
84f60bc121 Ignore Accept-Language header for email themes 
Closes #10233

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-11-15 10:29:11 +01:00
Pedro Igor
d04f7900f5 added membershipType to members list and membership type filter 
Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>
 Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-12 09:13:18 -03:00
Pedro Igor
b70303f293 Adding organization membership provider events 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-07 17:19:43 -03:00
Thomas Darimont
3315ea718a Add ability to enable OID4VCI Verifiable Credentials per realm (#34524) 
- Added new realm property verifiableCredentialsEnabled
- Updated RealmRepresentation
- Guarded route to Oid4VCI page
- Add boolean switch to Realm settings page to control Verifiable Credentials enablement
- We now only show the Verifiable Credentials page in the nave if the "Verifiable Credentials" realm setting is enabled.

Fixes #34524

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-11-04 14:58:30 +01:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol 
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-22 20:19:19 +00:00
Gilvan Filho
c4005d29f0 add linear strategy to brute force 
closes #25917

Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
 2024-10-22 10:33:22 -03:00
mposolda
703f16ea86 Hide the 'Delete' button in the account console when DeleteCredentialAction is disabled or unavailable 
closes #30204

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-22 11:07:08 +02:00
mposolda
07cf71e818 Better logging when error happens during transaction commit 
closes #33275

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-08 11:14:10 +02:00
Erik Jan de Wit
e8d8de8936
Use feature versions for admin3, account3, and login2 (#33458) 
Closes #33405

Signed-off-by: stianst <stianst@gmail.com>
 2024-10-03 12:09:36 +02:00
vramik
c1653448f3 [Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link 
Closes #33201

Signed-off-by: vramik <vramik@redhat.com>
 2024-10-02 07:37:48 -03:00
mposolda
e582a17a7c Fix client-attributes condition configuration 
closes #33390

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-01 10:12:28 +02:00
Steven Hawkins
5d99d91818
fix: allows for the detection of a master realm with --import-realms (#32914) 
also moving initial bootstrapping after import

closes: #32689

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-09-30 14:40:16 +02:00
Stefan Guilhen
6424708695 Ensure organization id is preserved on export/import 
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.

Closes #33207

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-25 16:07:44 +02:00
Stefan Guilhen
900c496ffe
Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead 
Closes #32209

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-09-20 16:08:55 +02:00
vramik
fcb31a5aa6 Implement invitation-only self-registration for realm users 
Closes #31643

Signed-off-by: vramik <vramik@redhat.com>
 2024-09-18 13:50:23 +02:00
Stefan Guilhen
3e597722a9
Add cache for IdentityProviderStorageProvider.getForLogin (#32918) 
Closes #32573

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-18 09:05:57 +02:00
Thomas Darimont
b68cae9fd1 Revise KeyURI generation in OTPPolicy 
- More idiomatic URLEncoder usage
- Replace `:` character with space in issuer if present in OTP label
- Ease testing for OTP KeyURI generation

Fixes #32833

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-09-12 08:55:49 +02:00
cgeorgilakis-grnet
f8b1b3ee03 Search Identity Providers by alias or display name 
Closes #32588

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-09-10 21:52:59 +02:00
Stefan Guilhen
e7a4635620 Filter out org brokers from the account console 
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination

Closes #31944

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 09:00:52 -03:00
Stefan Guilhen
557d7e87b2 Avoid iterating through all mappers when running the config event listeners 
Closes #32233

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 07:40:58 -03:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel (#32251) 
* Decouple Identity provider mappers from RealmModel

Closes #31731

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-22 12:05:19 -03:00
yelhouti
e8840df0e0
Fix: admin GUI not working with 1000s of realms 
Search by RealmName is done before loading all realms when filtering

Closes #31956

Signed-off-by: Youssef El Houti <youssef.elhouti@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-21 14:58:36 +02:00
Erik Jan de Wit
35ce3c0a1f Make login v2 the default reverting test code 
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-08-21 08:50:01 -04:00
Stefan Guilhen
585d179fe0 Ensure identity providers returned to the org IDP selection are IDPs not associated with any orgs. 
Closes #32238

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-21 07:49:01 -03:00
Pedro Ruivo
4675a4eda9 Deprecate UserSessionCrossDCManager 
Fixes #31878

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-08-21 08:52:39 +02:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00