External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,383 Commits 26 Branches 288 Tags
Commit Graph

7646 Commits

Author SHA1 Message Date
Pedro Ruivo
f5d2f80697
Admin UI: slow response time listing second user page 
Fixes #44860

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-07 13:23:28 +01:00
Pedro Igor
8646451349
Automatically redirect based on login hint 
Closes #42715

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-07 09:46:10 +01:00
Alexander Schwartz
fce07e936e
Escape passkeys descriptions and labels depending on the context 
Closes #44387

(cherry picked from commit 39d1fa2825c6d7b1e759968babe7713b21045c07)

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 13:50:23 +01:00
Ricardo Martin
797bd2221c
Add webauthn for organization authenticator when org is selected 
Closes #44735

(cherry picked from commit 7be37f1e0dbab2aa8437eaeb3f2edeae9c963a15)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-05 12:18:34 +01:00
Alexander Schwartz
a6d27705d2
When joining a group, don't rely on cached values if user has already been updated (#44491) 
Closes #44480

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-26 13:00:14 +01:00
Vlasta Ramik
dcbb5c7513
Make LDAPProvidersIntegrationTest import a test realm after each test 
Closes #43754


(cherry picked from commit 302fa3db084fbd138089e1127fe103ed259c9755)

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-19 20:48:45 +01:00
Martin Kanis
4bbb16b135
UPDATE_EMAIL action invalidates old email 
Closes #43738


(cherry picked from commit a7c02076a1b8870bb24946c7bd445953f858e8f6)

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-19 20:41:31 +01:00
Pedro Igor
5d6718354c
Fixing encoding of forwarded parameters 
Closes #44125

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-18 09:58:05 +01:00
Pedro Ruivo
07ffcaa72b
Sessions not removed when user is deleted 
Fixes #43323

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-13 14:14:13 +01:00
Stian Thorgersen
670ddaa7cc
Use http for the DockerClientTest to avoid certificate issues (#44151) 
Closes #44117


(cherry picked from commit fb13aa50390ddfb03cce2bd2f798e5547d2c433c)

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 12:05:16 +01:00
Pedro Igor
fa108e3534 Email should be set when email as username is enabled and email is read-only 
Closes #43718

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-11 10:47:46 -03:00
Pedro Igor
9b9f1bfe8c
Fixing flaky test KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP 
Closes #42601

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-11 13:44:57 +01:00
Alexander Schwartz
bb9015a1f2
Avoid touching the database layer if no changes are necessary for a user 
Closes #43682

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-05 14:42:40 +01:00
Martin Kanis
9ebab2f017 Add rate limiter for sending verification emails in context of update email 
Closes #43076

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-04 15:16:29 -03:00
Alexander Schwartz
d8055acb45
hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: KONSTANTINOS GEORGILAKIS <55974447+cgeorgilakis@users.noreply.github.com>
 2025-11-04 14:42:35 -03:00
Ricardo Martin
5101031516
Ensure the logout endpoint removes the authentication session 
Closes #43853


(cherry picked from commit 3b3adcf1e4819bf63e08269142459f747c31cb37)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 18:59:58 +01:00
Ricardo Martin
89dd6127c3
Check offline scope is still assigned when performing a refresh 
Closes #43734


(cherry picked from commit e0c1f2ee0fd14ba76338d9c2c213d45d0e857450)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-29 08:33:23 +00:00
Ricardo Martin
29eacdd9d3
Only add the none verifier when attestation conveyance preference is none 
Closes #43723


(cherry picked from commit 1bd9a3f4733f80f30111a5e2bad973b85530dc16)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-28 14:09:09 +00:00
Pedro Igor
0407446206
Prevent the username field from being rendered when running the identity-first login flow 
Closes #43091

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-26 18:45:49 +01:00
Pedro Igor
abd5cd292f
Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-26 17:37:44 +01:00
rmartinc
d415cc1385 DPoP replay check should take clockSkew into account 
Closes #43505

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 62f68b2f197e00a7ae5532984c08a42164184301)
 2025-10-24 09:30:28 +02:00
Ronaldo Paulino Jiconda
489d10157a Fix OIDC IDP broker basic auth encoding 
Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters.

Closes #26374
Closes #43022

Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2025-10-21 14:55:31 -03:00
Martin Kanis
a321c2c91f Make pending email verification attribute removable by admin 
Closes #43351

Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 986fdd7341a0f42a59f5eec1bd6c3d5a715f2893)
 2025-10-21 08:50:07 -03:00
mposolda
c318afb5c5 Possible overflow in brute force computation 
closes #30939

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit a2cc51aed7692ec09c619f2a6f4ecc7055beb9e1)
 2025-10-16 17:11:36 +02:00
Giuseppe Graziano
a340941007
Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328


(cherry picked from commit bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b)

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-15 19:08:05 +00:00
Pedro Ruivo
bb91dbf7ee
Client session may be lost during session restart 
Fixes #43349

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-15 15:20:45 +02:00
Marek Posolda
7f5da7f1c2
openid-connect flow is missing response type on language change 
closes #41292


(cherry picked from commit 76d271bf00847370a4ef39b2c46b74212a3ce7bd)

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 10:46:18 +02:00
Ricardo Martin
39bda8a6d0
Use UserSessionUtil.findValidSessionForAccessToken in revocation endpoint 
Closes #43218


(cherry picked from commit 4476b444827894e3b6e7737657b14fc8abd6cc7c)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-09 14:45:25 +02:00
Thomas Darimont
38052e07eb
Ensure conformance for Signed JWT Validation 
* Ensure conformance for Signed JWT Validation (#43269)

This re-adds the explicit client assertion parameter validation to produce the correct error responses required by RFC7523.
See: https://www.rfc-editor.org/rfc/rfc7523.html#section-3.2

The refactoring for the support for Federated JWT Client authentication broke the OIDF conformance tests for https://www.rfc-editor.org/rfc/rfc7523.html.

Fixes #43269
Fixes #43270

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
(cherry picked from commit e0ef5ea0c79914b16e6d9f8498da99382432d84a)

* Ensure conformance for Signed JWT Validation + tests (#43269)

Add additional tests for ClientAuthSignedJWTTest.

Fixes #43269

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
(cherry picked from commit 8dd28533583e7c638bd1b9bbb34042b76b9e91e1)

---------

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-10-08 10:03:15 +00:00
Pedro Igor
ba1af723c7
Lowercase username and email when fetching values from LDAP object 
Closes #43254

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 23:59:11 +02:00
Martin Kanis
c0150ddbe4 Hide read-only email attribute in update profile context with update … …email enabled (#43024) 
* Hide read-only email attribute in update profile context with update email enabled

Closes #42990

Signed-off-by: Martin Kanis <mkanis@redhat.com>

* Simplifying conditions when checking read/write on email attribute and more tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
(cherry picked from commit a493213ad4f9824eca6f204776962b6c6417e6f5)
 2025-10-07 09:33:31 -03:00
Pedro Igor
a8e295d326
Filter invalid resources and scopes when processing entries from the cache (#43223) 
Closes #42907

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 13:06:46 +02:00
Pedro Ruivo
f4af3e2d23
Restarting an user session broken for persistent sessions 
Fixes #43161

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-03 19:27:12 +02:00
Ricardo Martin
28bef142ca
Do not remove sid claim when the session is transient only for the client 
Closes #42565


(cherry picked from commit e256513ceb7d423f0532b9fd9c182171c3e23309)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-01 22:58:03 +02:00
Martin Kanis
e280d32ad9 Update email page with pending verification email messages prefilled with old email 
Closes #43070

Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 6e89bd72a92366faba6bf2e446abf06a7500d1c4)
 2025-10-01 07:31:41 -03:00
Pedro Igor
a3db07a8f5
Re-adding max age setting to the update email action (#43036) 
Closes #43035

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-30 05:31:23 +02:00
Pedro Igor
d6da849206 Introducing a EMAL_PENDING user attribute to set the email pending verification 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-29 12:41:41 -03:00
Martin Kanis
88eea73cdc Introduce pending email verification message for UPDATE_EMAIL 
Closes #42770

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-29 12:41:41 -03:00
rmartinc
a44758d4ae Upgrade bc-fips testing and documentation to 2.1.2 
Closes #42958

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-29 09:04:43 +02:00
Stian Thorgersen
dbd516f8e6
Refactor SimpleHttp to make it injectable and usable outside server (#42936) 
Closes #42902

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-29 08:37:05 +02:00
Pedro Igor
6e851ce80e Only filter default organization related scopes based on dynamic scope format 
Closes #42877

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-26 16:28:12 -03:00
Václav Muzikář
b65a60e40d
Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00
forkimenjeckayang
29bee21683
[OID4VCI] Fix authorization_details generation and credential identifier mapping for conformance tests (#42819) 
Closes: #42818

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-25 13:56:30 +02:00
rmartinc
83994c4a5c Enable validate signature for SAML IdP to true when there are signing keys in the IdP metadata 
Closes #42213

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-25 10:17:13 +02:00
Pedro Igor
05a8dc006b
Do not skip dedicated client mapper when validating dynamic scopes in authorization or token requests 
Closes #42142
Closes #42208

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-25 08:43:56 +02:00
Alexander Schwartz
4389bc2990
Fix duplicate label when using password history 
Closes #42736

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 11:21:59 +02:00
Lukas Hanusovsky
1088731e4f Moving files to the new test suite 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-24 09:48:06 +02:00
Pedro Igor
1948e5baf3 Prevent empty usernames and allow restarting the login 
Closes #42837
Closes #42409

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:07:03 -03:00
Pedro Igor
41b64c91aa Do not update email if there is no email from the IdP 
Closes #42390

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:05:05 -03:00
Pedro Igor
54d2451b35 Make user read-only and a proper error message when the user federation provider is not available 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00