keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30

Author	SHA1	Message	Date
mposolda	bf23259c0f	Removing SdJwtFacade closes #44525 Signed-off-by: mposolda <mposolda@gmail.com>	2025-11-27 14:19:27 +01:00
mposolda	cbb823bc0e	Make sd-jwt key binding verification work with EdDSA keys closes #44369 Signed-off-by: mposolda <mposolda@gmail.com>	2025-11-26 14:44:29 +01:00
Pascal Knüppel	64d5e1a3d5	[OID4VCI] Redesign SDJwt API and handle keybinding JWT (#44227 ) closes #42091 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2025-11-24 11:01:19 +01:00
Stian Thorgersen	f6702decc0	JWK Algorithm Key Pair support (#44203 ) Closes #44141 Signed-off-by: stianst <stianst@gmail.com>	2025-11-17 07:51:08 +01:00
Stian Thorgersen	a2c1055f8d	Proposed import order (#43432 ) * Add importOrder to Spotless Closes #43235 Signed-off-by: stianst <stianst@gmail.com> * Re-order imports with Spotless Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: stianst <stianst@gmail.com>	2025-11-14 09:34:49 +01:00
Tomáš Kyjovský	4c64b7189c	Deprecate `org.keycloak.common.util.Base64` Closes #43370 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-30 09:12:14 +01:00
rmartinc	248d6d1feb	Upgrade xmlsec to 3.0.4 and remove KeycloakFipsSecurityProvider workaround Closes #43263 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-13 15:38:58 +02:00
stianst	aedd7fe5db	Remove unused imports as part of #43233 Signed-off-by: stianst <stianst@gmail.com>	2025-10-13 13:32:01 +02:00
Anchels	90d241087d	Removed redundant null checks Closes #40677 Signed-off-by: Anchels <mishtitov@gmail.com>	2025-08-14 17:03:27 +02:00
Peter Skopek	651d651c30	Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822 ) Signed-off-by: Peter Skopek <pskopek@redhat.com>	2025-08-12 16:50:17 +02:00
Rutger Lubbers	5219101aec	Configure Argon2's `type` correctly in `Argon2PasswordHashProviderFactory` Closes #40232 Signed-off-by: Rutger Lubbers <RutgerLubbers@gmail.com>	2025-06-04 14:13:34 +02:00
Rutger Lubbers	e15ab7d9f9	Update documentation for Argon2 hash-key length to use the correct property Closes #40195 Signed-off-by: Rutger Lubbers <RutgerLubbers@gmail.com>	2025-06-04 08:03:33 +02:00
Michal Hajas	3839f8e3b5	Add metric for password validations (#36049 ) Closes #36048 Signed-off-by: Michal Hajas <mhajas@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-01-07 10:05:47 +01:00
Martin Bartoš	959ce9c483	Provide Tracing SPI Closes #34711 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2024-11-28 10:45:31 +01:00
rmartinc	b0b247f1f1	Passivate imported keys if the associate certificate is expired Closes #34973 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-11-25 09:40:59 +01:00
Awambeng	cfd187b0ff	Introduce SdJwtFacade layer for simplified SD-JWT handling and enhance test coverage (#34915 ) Closes #32955 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2024-11-15 15:20:10 +01:00
Ingrid Kamga	c4d6979907	Scaffold verification of SD-JWT VP token (#29859 ) (#33752 ) Closes #29859 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2024-10-25 14:49:25 +02:00
rmartinc	6d52520730	Load client keys using SubjectPublicKeyInfo and upload jwks type into the jwks attributes for OIDC ones Closes #33820 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-10-22 14:24:15 +02:00
mposolda	b95d12a968	Add AuthzClientCryptoProvider to authz-client in keycloak main repository closes #33831 Signed-off-by: mposolda <mposolda@gmail.com>	2024-10-15 08:16:14 +02:00
mposolda	dad4477995	Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17 closes #32586 Signed-off-by: mposolda <mposolda@gmail.com>	2024-09-03 15:58:57 +02:00
Justin Tay	966a454548	Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928 ) Closes #23596 Closes #23597 Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-08-08 17:29:35 +02:00
Pascal Knüppel	bf951a5554	Fix certificate creation with cross-keys (#31866 ) fixes #31864 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2024-08-07 12:41:12 +02:00
Ingrid Kamga	36a141007e	Implement advanced verification of SD-JWT in Keycloak (#30966 ) closes #30907 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2024-08-05 11:50:03 +02:00
Pascal Knüppel	4a15e1c2b0	Support certificate creation for EC keys (#31817 ) fixes #31816 Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>	2024-08-02 11:52:48 +02:00
rmartinc	096e335a92	Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider Closes #30880 Closes #29755 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-11 12:40:45 +02:00
Jon Koops	df18629ffe	Use a default Java version from root POM (#29927 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-21 14:19:31 +02:00
Martin Bartoš	262fc09edc	OpenJDK 21 support (#28518 ) * OpenJDK 21 support Closes #28517 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * x509 SAN UPN other name is not handled in JDK 21 (#904) closes #29968 Signed-off-by: mposolda <mposolda@gmail.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2024-06-03 14:17:28 +02:00
Francis Pouatcha	2683c0a7d1	JWSBuilder when used directly with AsymmetricSignatureSignerContext produces non compliant ECDSA signed JWT (#29333 ) closes #29309 Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>	2024-05-27 13:45:42 +02:00
mposolda	d8a7773947	Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests closes #12298 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-13 16:33:29 +02:00
Pedro Ruivo	3e0a185070	Remove deprecated EnvironmentDependentProviderFactory.isSupported method Closes #26280 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-04-19 16:36:49 +02:00
Justin Tay	d807093f63	Fix OCSP nonce handling Closes #26439 Co-authored-by: Ricardo Martin <rmartinc@redhat.com> Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>	2024-04-18 09:04:46 +02:00
Alexander Schwartz	5b4a69a6e9	Limit the concurrency of password hashing to the number of CPU cores available Closes #28477 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-04-15 15:05:09 +02:00
Stian Thorgersen	c3a98ae387	Use Argon2 as default password hashing algorithm (#28162 ) Closes #28161 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 13:04:14 +00:00
Stian Thorgersen	cae92cbe8c	Argon2 password hashing provider (#28031 ) Closes #28030 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 07:08:09 +01:00
coursar	3b721512c4	x509Certificate AuthorityKeyIdentifierExtension (#27272 ) closes #27271 Signed-off-by: coursar <coursar@gmail.com>	2024-02-27 15:59:51 +01:00
Stefan Wiedemann	aa6b102e3d	Support EC Key-Imports for the JavaKeystoreKeyProvider #26936 (#27030 ) closes #26936 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2024-02-19 17:41:40 +01:00
Steven Hawkins	37acb2fd09	task: upgrading to quarkus 3.7.0.CR1 (#26203 ) there are several downgrades from the quarkus versions, and some additional logic needed to handle changes with re-creating the configuration Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-01-31 18:23:07 +00:00
Thomas Darimont	82269f789a	Avoid using deprecated junit APIs in tests - Replaced usage of Assert.assertThat with static import - Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat Fixes: #22111	2023-08-01 11:44:25 +02:00
Václav Muzikář	776bcbcbd4	Update bcpkix and bcprov dependencies (#21543 ) Closes #21360	2023-07-20 11:57:18 +02:00
Yoann GUION	ba66fe84fa	iterate any attribute in multi-valued RDN to find the correct one (#14283 ) Closes #14280	2023-03-23 11:51:01 +01:00
Jon Koops	972ebb9650	Use a valid SemVer format for the SNAPSHOT version (#17334 ) * Use a valid SemVer format for the SNAPSHOT version * Update pom.xml * Update pom.xml --------- Co-authored-by: Stian Thorgersen <stianst@gmail.com> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2023-03-03 11:11:44 +01:00
Pedro Igor	d97b9c48c4	Make sure PBKDF2 providers are using the expect size for derived keys (#16798 ) Closes #16797	2023-02-03 15:31:25 +01:00
mposolda	29888dbf1a	Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant Closes #12420	2023-01-25 08:26:15 +01:00
mposolda	3e9c729f9e	X.509 authentication fixes for FIPS Closes #14967	2022-11-25 11:50:30 +01:00
Marek Posolda	f616495b05	Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299 ) closes #14965	2022-11-03 16:35:57 +01:00
mposolda	55c514ad56	More flexibility in keystore related tests, Make keycloak to notify which keystore types it supports, Support for BCFKS Closes #14964	2022-10-24 08:36:37 +02:00
Marek Posolda	0756ef9a75	Initial integration tests with BCFIPS distribution (#14895 ) Closes #14886	2022-10-17 23:33:22 +02:00
David Anderson	a8db79a68c	Introduce crypto module using Wildfly Elytron (#14415 ) Closes #12702	2022-09-27 08:53:46 +02:00
nehachopra27	68a07465a6	Widening cast for BCProvider for existing provider (#14202 ) Closes #14210	2022-09-06 19:40:58 +02:00
Marek Posolda	19daf2b375	Not possible to login in FIPS enabled RHEL 8.6. Support for parsing PEM private keys in BCFIPS module in both traditional and PKCS8 format (#14008 ) Closes #13994	2022-08-30 22:33:12 +02:00

1 2

56 Commits