keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30

Author	SHA1	Message	Date
Lukas Hanusovsky	d478162401	Old Testsuite - admin package cleanup, abstract classes refactor. (#42656 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2025-09-23 11:45:50 +02:00
Stefan Wiedemann	83cfd4a3e2	[OID4VCI] filter for asymmetric keys (#42758 ) Closes #42755 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2025-09-23 09:37:25 +02:00
Giuseppe Graziano	bb9c9ac1e3	Dpop binding only for refresh token Closes #26277 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-09-23 08:10:29 +02:00
Martin Kanis	a718c988af	The new email is mandatory error for update profile action with enabled update email Closes #42737 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-09-22 22:18:28 -03:00
rmartinc	f560ea8f29	Allow EdDSA keys in JWTClientCredentialsProvider Closes #42751 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-22 13:53:19 +02:00
Šimon Vacek	d57be09f1d	Fix problem with CredentialRequest#setFormat() (#42820 ) * fix main branch fixes: #42622 Signed-off-by: Simon Vacek <simonvacky@email.cz> * remove CredentialRequest#setFormat() from tests Signed-off-by: Simon Vacek <simonvacky@email.cz> --------- Signed-off-by: Simon Vacek <simonvacky@email.cz>	2025-09-22 13:23:56 +02:00
forkimenjeckayang	8ad6427123	[OID4VC]: Update authorization_details for OID4VCI draft-16 compliance (#42622 ) Closes #41586 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-22 10:19:24 +02:00
Awambeng Rodrick	f6627f99b2	chore(oid4vc): Remove format parameter from CredentialRequest Closes #42677 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-09-22 10:14:56 +02:00
mposolda	45fa5edbbb	Possibility to enforce authorization code binding to DPoP closes #42740 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-20 10:22:32 +02:00
Pedro Ruivo	47f85631f3	Automatically create external caches for MULTI_SITE deployments Closes #32129 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-09-19 18:56:38 +02:00
mposolda	f5c71e3e55	Incorrect scheme in the WWW-Authenticate when Authorization: DPoP used closes #42706 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-18 12:22:00 +02:00
Stian Thorgersen	37a99154a5	Refactor and improve tests for federated client authentication (#42720 ) Closes #42718 Signed-off-by: stianst <stianst@gmail.com>	2025-09-18 09:30:01 +00:00
Stian Thorgersen	f9ee040ef0	Add federated subject configuration option to federated-jwt authenticator (#42610 ) Closes #42608 Signed-off-by: stianst <stianst@gmail.com>	2025-09-17 13:39:50 +02:00
Pedro Ruivo	f7ff7e55d8	Replace UUID with composite key for client session cache Closes #42547 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-09-17 10:25:51 +00:00
Lukas Hanusovsky	d9b4bd047f	[Keycloak Test Framework] Infinispan cache + ClusterlessTestSuite configuration (#42172 ) * [Keycloak Test Framework] Infinispan server + ClusterlessTestSuite and MultisiteTestSuite configuration Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> * Utilise ClientIntelligence.BASIC to ensure that internal docker IPs never used by Infinispan client Signed-off-by: Ryan Emerson <remerson@ibm.com> * Code refactoring + properties utility Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> --------- Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> Signed-off-by: Ryan Emerson <remerson@ibm.com> Co-authored-by: Ryan Emerson <remerson@ibm.com>	2025-09-17 07:13:11 +00:00
Ricardo Martin	a2acdda535	Automatic download and cache of the SAML client public keys (#41947 ) Closes #17028 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-16 13:07:33 +02:00
Awambeng	20f9306b78	[OID4VCI] Adjust Credential Issuer Metadata endpoint, return issuer metadata at /.well-known/openid-credential-issuer/realms/{realm} (#42577 ) Closes #41589 Signed-off-by: Awambeng <awambengrodrick@gmail.com>	2025-09-16 10:24:44 +02:00
rmartinc	8a94bd90f9	redirectToAuthentication if the request uses PAR to not lose the single object after a refresh Closes #36716 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-16 10:14:35 +02:00
Alexander Schwartz	cdea7d79a7	Fix chinese language names Closes #42575 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-09-15 15:01:08 -03:00
forkimenjeckayang	64e0b450aa	[OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint (#40751 ) Closes #39278 Closes #39279 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2025-09-15 14:02:45 +02:00
rmartinc	605b51905c	Do not regenerate the secret key when the size is not explicitly passed Closes #42405 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-15 13:30:35 +02:00
Ogen Bertrand	70b50e93e9	[OID4VCI] Add support for credential_request_encryption in metadat (#42169 ) closes #41594 closes #41593 closes #41592 closes #41582 closes #41595 Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>	2025-09-15 09:19:15 +02:00
Martin Kanis	5a02bc1adb	Admin UI hides local users when LDAP provider fails Closes #42276 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-09-12 10:43:08 -03:00
Stefan Wiedemann	232c91e6b7	Allow configuration of clientId in TargetRoleMapper again (#42377 ) closes #42375 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2025-09-12 08:56:53 +02:00
forkimenjeckayang	66677da8f7	[OID4VC]: Update the issuer metadata for signed metadata (#42428 ) Closes #41588 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-12 08:51:56 +02:00
KONSTANTINOS GEORGILAKIS	b6cee86e74	Add openid scope in Allowed Client Scopes options of client registration access policies Closes #42339 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr> Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2025-09-11 16:04:31 +02:00
Alexander Schwartz	6a202146b4	Handle already existing user session in the store Closes #40374 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-09-11 14:58:53 +02:00
Stian Thorgersen	51465f52a3	Get client by client attribute Closes #42543 Signed-off-by: stianst <stianst@gmail.com>	2025-09-11 12:07:13 +00:00
Pedro Ruivo	8567eec526	ClientSession timestamp not updated in the database Closes #42012 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-09-10 20:34:22 +02:00
Stian Thorgersen	1e5d52975e	Refactor JWTValidator to allow use both for self-signed and federated client assertions (#42472 ) Closes: #42463 Signed-off-by: stianst <stianst@gmail.com>	2025-09-10 08:11:18 +02:00
mposolda	5a05d2123e	Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie closes #40857 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-09 11:05:19 +02:00
Ogen Bertrand	d13c953fe4	[OID4VCI] Implement multiple credential issuance (#42167 ) closes #39277 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com> Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2025-09-09 09:49:03 +02:00
Pedro Igor	0074704e76	Fixing UI to allow linking brokers ot orgs without a domain Closes #42408 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-08 17:46:46 +00:00
Takashi Norimatsu	d740c0f3db	FAPI 2.0 Security Profile Final - Add FAPI 2.0 Final security profile as default profile of client policies closes #41120 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2025-09-08 17:23:53 +02:00
Ingrid Kamga	8fafd4c209	Understand key attestations as additional information to jwt proofs or as per new attestation proof type (for Key binding) Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2025-09-08 17:18:37 +02:00
Steven Hawkins	05c7c625d3	fix: don't show the local access screen if a service account exists (#42218 ) closes: #42201 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-09-05 18:22:31 +02:00
Marek Posolda	6a27a4c336	EdDSA support for DPoP (#42362 ) closes #42286 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-05 12:54:43 +02:00
Johannes Knutsen	973e9ad176	Add a global filter which throws bad request if a query parameter value has a control character Closes #41117 Signed-off-by: Johannes Knutsen <johannes@kodet.no>	2025-09-04 10:19:51 -03:00
Awambeng	f9cb8dfe3d	[OID4VCI]: Add DPoP nonce header support to OID4VCI nonce endpoint (#41999 ) Closes #41580 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-09-04 14:52:10 +02:00
forkimenjeckayang	d5feb76f1f	Restructure credential_configurations_supported parsing to handle credential_metadata with display and claims && Update Credential Issuer Metadata structure (#42001 ) Closes #41587 Closes #41597 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-04 14:48:56 +02:00
Awambeng	3cd2141698	Add invalid_nonce error support for OID4VCI (#41977 ) Closes #39292 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-09-04 13:15:29 +02:00
Takashi Norimatsu	ea63cdc97a	Compliant with RFC8414, return server metadata at /.well-known/oauth-authorization-server/realms/{realm} closes #40923 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2025-09-03 19:14:37 +02:00
forkimenjeckayang	a74076e8ab	Enforce batch_size ≥ 2 validation for batch_credential_issuance (#42003 ) Closes #41590 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-03 17:15:55 +02:00
Awambeng Rodrick	dc6afee14e	Update OID4VCI error handling for draft 16 specification - Replace unsupported_credential_type and unsupported_credential_format with unknown_credential_configuration - Add new unknown_credential_identifier error type as per OID4VCI draft 16 - Update error handling logic to differentiate between credential configuration and identifier errors - Add comprehensive test coverage for new error types Closes #41591 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> Refactor error handling in OID4VCIssuerEndpoint Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> Resolve comments on PR Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> fix failing test Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-09-03 16:53:22 +02:00
forkimenjeckayang	fc73537ba7	Rename ldp_vp to di_vp and restructure proofs object for Draft 16 compliance (#41982 ) Closes #41576 Closes #41577 Closes #41581 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-03 16:33:43 +02:00
Alexander Schwartz	e46c879cde	Retry duplicate exceptions to handle concurrent client sessions Closes #42278 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-09-02 10:43:03 -03:00
mposolda	624d236ced	DPoP verification support for admin/account REST API endpoints. Java admin-client DPoP support closes #33942 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-02 14:29:30 +02:00
Giuseppe Graziano	6dc9d0d439	Check manage-account-links role for client initiated account linking Closes #41914 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-09-01 11:25:49 +02:00
Alexis Rico	224ccbb79d	Make organization `domains` optional Closes #31285 Signed-off-by: Alexis Rico <sferadev@gmail.com>	2025-08-27 18:11:15 -03:00
Niko Köbler	236d2f9f62	Add configuration option to automatically add recovery codes action after otp configuration closes #41836 Signed-off-by: Niko Köbler <niko@n-k.de> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-08-27 17:56:59 +02:00

1 2 3 4 5 ...

7595 Commits