keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30

Author	SHA1	Message	Date
Ricardo Martin	69685b54f2	Expose system-info information in the serverinfo endpoint only for users in the admin realm Closes #42828 (cherry picked from commit 1d28c0cd35a186551cf4114cbd6cdf75b9e3fe58) Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-29 18:21:50 +02:00
Giuseppe Graziano	1b3541ed15	Validate client policy condition configuration Closes #40187 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> (cherry picked from commit b9033ad9c38bacd16e205866c8891b6df6a210d7)	2025-08-27 12:34:08 +02:00
Ricardo Martin	9f653d7e64	Allow and control sending UTF-8 emails in the default email sender impl Closes #41023 Signed-off-by: rmartinc <rmartinc@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> (cherry picked from commit 949ef35a3bda916b24763c435033258a84ba8596)	2025-08-19 09:46:39 +02:00
rmartinc	5bb39db986	Disable email verification when email manually changed by idp review Closes #40446 Signed-off-by: rmartinc <rmartinc@redhat.com> (cherry picked from commit 86f0a7864f2bdd991d5e24e6844ddabfce0aa6de)	2025-06-26 16:15:15 +02:00
Alexander Schwartz	58124655a4	Lazily process sessions from ISPN to avoid fetching client sessions (#39683 ) Closes #39638 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-05-13 16:55:26 +02:00
Pedro Igor	e68e43cbc8	Cache resource names associated to policies to improve partial evaluation Closes #38837 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-10 19:50:26 +02:00
vramik	fcd4e2bfff	Client 'admin-permissions' doesn't have protocol set. Closes #38765 Signed-off-by: vramik <vramik@redhat.com>	2025-04-09 13:41:14 -03:00
Pedro Igor	ae88d7921f	Improvements to partial evaluation Closes #38732 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-09 18:15:28 +02:00
Pedro Igor	be880ae204	Do not cache partial results when FGAP is enabled Closes #38705 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-08 08:22:22 +02:00
Pedro Igor	8521b9952a	Export failing if the realm has FGAP enabled Closes #38695 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-07 18:47:44 +02:00
Pedro Igor	87430fc181	Add impersonate-members scope to group resource type Closes #38566 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-07 14:56:27 +00:00
vramik	6488890585	[FGAP:V2] remove configure scope from Client resource type Closes #38567 Signed-off-by: vramik <vramik@redhat.com>	2025-04-07 07:05:02 -03:00
Stefan Guilhen	c4c3e2eee6	Allow redirection to idp when user email matches any of the org domains Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> Co-authored-by: Martin Panzer <martin.panzer@active-logistics.com> Closes #33804	2025-04-04 11:28:04 -03:00
Pedro Igor	dbb0179a93	Aligning partial evaluation with the outcome from regular evaluations Closes #38626 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-03 12:07:30 -03:00
rtufisi	134437a5a7	Create recovery keys in user storage or local (#38446 ) closes #38445 Signed-off-by: rtufisi <rtufisi@phasetwo.io>	2025-04-03 10:09:48 +02:00
Giuseppe Graziano	50fef70f14	Change cookie type for KC_AUTH_SESSION_HASH Closes #38417 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-04-03 08:45:31 +02:00
rmartinc	a10c8119d4	Define a max expiration window for Signed JWT client authentication Closes #38576 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-04-02 18:32:54 +02:00
mposolda	a978d8b56b	Better handling of incorrect roleName in KeycloakModelUtils.getRoleFromString closes #38579 Signed-off-by: mposolda <mposolda@gmail.com>	2025-04-02 09:53:58 +02:00
Pedro Igor	61cb0acbc4	Fixing inconsistencies when evaluating permission in the evaluation tab Closes #38498 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-01 11:40:27 -03:00
Steven Hawkins	06e0885f46	fix: adds back reporting of non-ip client addresses (#37797 ) closes: #36843 Signed-off-by: Steve Hawkins <shawkins@redhat.com> # Conflicts: # services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/AbstractTokenExchangeProvider.java # services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/StandardTokenExchangeProvider.java	2025-03-27 19:33:20 +00:00
Stefan Guilhen	e694065aed	User UserModel.isFederated() instead of comparing federation link to null Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> Closes #38137	2025-03-27 08:11:14 -03:00
Pedro Igor	78aa8b486f	User not visible when permission with different scope exists Closes #38369 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-27 08:01:04 -03:00
Pedro Igor	75651ff5c0	Partial evaluation processing only permissions with scope view Closes #38436 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-27 08:01:04 -03:00
Yoshiyuki Tabata	08bac045be	Raising an event when a ClientPolicyException is caught #38366 Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>	2025-03-27 10:41:21 +01:00
rmartinc	01950fde6f	AgePasswordPolicy should not check password for registration Closes #38331 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-03-26 18:45:51 +01:00
Giuseppe Graziano	0d5346e8ca	Add broker session id in IDENTITY_PROVIDER_LOGIN event Closes #34720 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-03-26 16:18:12 +00:00
Ricardo Martin	19f9331e88	Re-add messages for recovery codes credential in the account console Closes #38381 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-03-26 16:05:39 +01:00
Pedro Igor	26c90f369f	Support for partial evaluation for clients Closes #38393 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-25 09:04:12 -03:00
Pedro Igor	1c57035d41	Support partial evaluation for the group resource type Closes #38273 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-24 11:49:53 -03:00
vramik	a72d15b857	`PartialEvaluator` ignores `view-` and `manage-` roles Closes #38284 Signed-off-by: vramik <vramik@redhat.com>	2025-03-24 08:30:59 -03:00
Laurids Møller Jepsen	8f7c1871a7	Add client OIDC configuration for setting the header type in access tokens. If this setting is On, the access token header type will be "at+jwt" in compliance with RFC 9068, see https://datatracker.ietf.org/doc/html/rfc9068#section-2.1. If the setting is Off, the access token header type will be "JWT". The setting is Off per default. Closes #36696 Signed-off-by: Laurids Møller Jepsen <laurids.jepsen@cryptomathic.com>	2025-03-24 10:35:41 +01:00
Sebastian Rose	4fb1c41155	Sending Mails via SMTP and XOAUTH2 authentication mechanism Closes #17432 Signed-off-by: Sebastian Rose <sebastian.rose@gmail.com>	2025-03-21 10:12:18 +01:00
Pedro Igor	ed809d7884	Filtering not working when using view-member permission with a permission that denies access to a resource Closes #38304 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-20 17:06:51 -03:00
mposolda	45344ef65f	User session lookup optimization and fixes closes #37662 Signed-off-by: mposolda <mposolda@gmail.com>	2025-03-20 12:39:50 +01:00
Alexander Schwartz	c9b88c6bf6	Finalizing release notes and documentation for initial rolling update Closes #38168 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-03-19 21:34:09 +01:00
Pedro Igor	a4000575a4	Initial support for partial evaluation Closes #38085 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-19 13:30:52 -03:00
Pedro Ruivo	46bbe073fb	SPI for compatibility metadata Closes #36786 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-03-17 16:48:24 +00:00
vramik	91b0b0cb79	Fix javadoc for `KeycloakModelUtils.findUserByNameOrEmail` Closes #37922 Signed-off-by: vramik <vramik@redhat.com>	2025-03-14 09:32:15 -03:00
Pedro Igor	70114e249a	Fix showing resource display name when listing permissions Closes #38027 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-13 13:05:15 -03:00
vramik	872a691757	Remove permissions and resources when their corresponding objects are deleted Closes #37242 Signed-off-by: vramik <vramik@redhat.com>	2025-03-11 14:58:03 -03:00
Jakob Overrein	aec62803c7	Allow users, roles, and groups, to be created in a specified DN relative to the parent DN The new field introduced will prefix the parent DN as a relative path and allow created items to be placed in a subtree instead of the parent DN. Closes #28569 Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com>	2025-03-10 16:13:36 -03:00
Giuseppe Graziano	0b3cfde860	Support revocation for standard token exchange Closes #37120	2025-03-10 15:02:09 +01:00
Alexey Markevich	44956e10d0	Not email password policy provider: case insensitive comparison Closes #34989 Signed-off-by: Alexey Markevich <buhhunyx@gmail.com>	2025-03-06 14:51:40 +00:00
Martin Kanis	f41ee2fdc6	Add Role resource type and its scopes to authorization schema Closes #35565 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-03-06 09:09:35 -03:00
rmartinc	4f161001ce	Improve events handling for TE Closes #37693 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-03-05 08:35:02 +01:00
mposolda	73cfd9cc80	Polishing of token-exchange features. Remove TOKEN_EXCHANGE_FEDERATED_V2 and TOKEN_EXCHANGE_SUBJECT_IMPERSONATION_V2 closes #37367 Signed-off-by: mposolda <mposolda@gmail.com>	2025-03-03 17:32:17 +01:00
Pedro Igor	77ef5ff795	Returning the denied scopes and the friendly name for resources Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-27 14:12:45 -03:00
Martin Bartoš	2379dd8202	Suppress info message about mapper config synchronizer (#37625 ) Closes #37624 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-02-27 10:34:00 +01:00
Marek Posolda	c8738721df	Encoding context to access token IDs (#37634 ) closes #37118 Signed-off-by: mposolda <mposolda@gmail.com>	2025-02-26 16:33:17 +01:00
rmartinc	c15a24f447	Update default requested token-type and add switch for refresh token Closes #37115 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-02-25 10:08:56 +01:00

1 2 3 4 5 ...

1197 Commits