External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,354 Commits 26 Branches 288 Tags
Commit Graph

29354 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stan Silvert
1e48f9e512
Add quotes to payload when adding user to organization 
Fixes #43812


(cherry picked from commit 0b2d673cb70476369367774a5eacf93700b8537c)

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-11-18 22:22:33 +01:00
Pedro Ruivo
3442d9b087
Update protolock file list 
Closes #44300

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-18 18:37:37 +00:00
Jon Koops
7cdca0a8d3
Prevent slash duplication in request URLs 
Closes #44269


(cherry picked from commit f7e4b78f1d717e72a8905b32e95aac3b7bae2e88)

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-11-18 17:19:53 +01:00
Pedro Igor
5d6718354c
Fixing encoding of forwarded parameters 
Closes #44125

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-18 09:58:05 +01:00
Pedro Ruivo
51dbd6ff79
Find highest sequence number in jgroups_ping 
* Find the highest sequence number in jgroups_ping table to avoid duplicates

Fixes #44189

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-17 21:21:37 +01:00
Lucas
083d79c560
Fix logger call to align arguments with format pattern (#44236) 
Signed-off-by: Lucas <lucas.bickel@adfinis.com>
 2025-11-14 16:13:31 +00:00
Ricardo Martin
02803528d6
Fix recaptcha links to the new docs.cloud.google.com site 
Closes #44187


(cherry picked from commit 20f9bb15709742adf7754999c00f321f661f0f35)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-14 12:03:37 +01:00
Pedro Ruivo
07ffcaa72b
Sessions not removed when user is deleted 
Fixes #43323

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-13 14:14:13 +01:00
Steven Hawkins
fd4059b7fb
fix: ensure that direct building works (#44042) (#44134) 
also cleaning up a couple of javadocs

closes: #44031


(cherry picked from commit 6be362de9555ed8ce5341ada2d80d989fee56850)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-12 12:29:24 +00:00
Stian Thorgersen
670ddaa7cc
Use http for the DockerClientTest to avoid certificate issues (#44151) 
Closes #44117


(cherry picked from commit fb13aa50390ddfb03cce2bd2f798e5547d2c433c)

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 12:05:16 +01:00
Pedro Igor
fa108e3534 Email should be set when email as username is enabled and email is read-only 
Closes #43718

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-11 10:47:46 -03:00
Pedro Igor
8aada2c8e2
Document missing artifact dependency for UserStoragePrivateUtil 
Closes #43212

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2025-11-11 13:46:51 +01:00
Pedro Igor
0a05348ab6
Ordering attributes will unset the unmanaged attribute policy 
Closes #44010

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-11 13:45:35 +01:00
Pedro Igor
9b9f1bfe8c
Fixing flaky test KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP 
Closes #42601

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-11 13:44:57 +01:00
Stefan Guilhen
d58a1c1c9a Skip checksum validation for 2.5.0-unicode-oracle, that is preventing migrations when schema name changes 
Closes #43564

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit ef3de183dfc21257f7ddc3ff777ddf0118fd92a7)
 2025-11-10 15:11:18 -03:00
Pedro Igor
ab93d338e2
The admin roles manage-authorization and view-authorization should have precedence over manage-client when managing authorization settings 
Closes #43883

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-10 16:41:25 +00:00
Pedro Igor
4c47759545
Fix Admin Console crash when opening Client'a Authz Permission details 
Closes #44056

Signed-off-by: Bahaa Zaid <bahaa.zaid@pixelogicmedia.com>
Co-authored-by: Bahaa Zaid <bahaazaid@gmail.com>
 2025-11-10 16:07:18 +01:00
Steven Hawkins
5819ea2d32
fix: considering source ordinality with spi options (#43805) (#44019) 
closes: #43793


(cherry picked from commit 4a63fcffaf99666867789562d4aff492089432e9)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-07 13:35:11 +01:00
Stan Silvert
c877c638e2
Only check required field when i18n dialog is open. 
Fixes #41271
Fixes #41270


(cherry picked from commit 322cbcdd84b304157ea658801b23f20679b01c40)

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-11-05 21:29:25 +01:00
Alexander Schwartz
bb9015a1f2
Avoid touching the database layer if no changes are necessary for a user 
Closes #43682

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-05 14:42:40 +01:00
Martin Kanis
9ebab2f017 Add rate limiter for sending verification emails in context of update email 
Closes #43076

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-04 15:16:29 -03:00
Alexander Schwartz
d8055acb45
hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: KONSTANTINOS GEORGILAKIS <55974447+cgeorgilakis@users.noreply.github.com>
 2025-11-04 14:42:35 -03:00
vramik
2a2f48c0ea Make set creadential label use reset-password scope 
Closes #43460

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 19:53:24 -03:00
Tobi
0564876645 Add new indices on offline_client_session 
Closes #43566
Closes #43516

Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:07:05 -03:00
Martin Bartoš
013835ec53
ExternalLinksTest is broken due to missing path parameters 
Closes #43082

(cherry picked from commit 70a9a600ded0ba9fe04917fef48507bb44e985ec)

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 13:00:41 +01:00
Ricardo Martin
5101031516
Ensure the logout endpoint removes the authentication session 
Closes #43853


(cherry picked from commit 3b3adcf1e4819bf63e08269142459f747c31cb37)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 18:59:58 +01:00
Alexander Schwartz
34b9ede377
Allow only normalized paths in requests (#43869) 
* Allow only normalized paths in requests

Closes #43763

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>

* Remove the trailing slash for base url in the account and admin tests

Closes #43863

Signed-off-by: rmartinc <rmartinc@redhat.com>
# Conflicts:
#	js/apps/account-ui/test/account-security/linked-accounts.spec.ts

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2025-10-31 15:57:40 +01:00
Steven Hawkins
4357fc43c7
fix: simplify debug handling and remove the 0.0.0.0 default 
* fix: simplify debug handling and remove the 0.0.0.0 default

closes: #43160



* Update quarkus/dist/src/main/content/bin/kc.sh




* removing the ability to specify just the ip



* Apply suggestions from code review




---------





(cherry picked from commit 9e98f2bf961f68853cea6fbec58b512ed8be7ca9)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
 2025-10-30 21:20:29 +01:00
Alexander Schwartz
6a4e4abf30
Don't keep an old session to avoid a stable objects and a memory leak 
Closes #43761

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 17:36:41 -03:00
Alexander Schwartz
15fe032e8d
Resolve session leak in DeclarativeUserProfileProvider 
Closes #43785

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 17:36:09 -03:00
Ryan Emerson
7b60e54e62
Document debug log settings required to show applied Infinispan configuration 
Closes #43655

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-10-29 16:01:53 +01:00
Pedro Igor
0b1a17b82d
Migration step to add the reset-password scope to user resource type resources 
Closes #43736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-29 13:30:55 +00:00
Alexander Schwartz
b378499bee
Avoid holding on to the realm in cached configurations 
Closes #43744

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 08:01:18 -03:00
Ricardo Martin
89dd6127c3
Check offline scope is still assigned when performing a refresh 
Closes #43734


(cherry picked from commit e0c1f2ee0fd14ba76338d9c2c213d45d0e857450)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-29 08:33:23 +00:00
Steven Hawkins
a2c2b7e08f
fix: forcing the namespace for the servicemonitor check 
closes: #43774


(cherry picked from commit d9e3f55b69264e45467a752803f0f0665c123607)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-28 17:54:12 +00:00
Alexander Schwartz
781d458b50
Role mapper should check if an update is needed for the role 
Closes #43698

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 14:53:16 -03:00
Alexander Schwartz
8b253f9e12
Cleaning up threadlocals to prevent (small) memory leak 
Closes #43759

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 13:10:37 -03:00
Ricardo Martin
29eacdd9d3
Only add the none verifier when attestation conveyance preference is none 
Closes #43723


(cherry picked from commit 1bd9a3f4733f80f30111a5e2bad973b85530dc16)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-28 14:09:09 +00:00
Marco N.
334f403653
Add authorization checks for workflows 
Require the "manage-realm" role to perform any operation on a workflow

Closes #43509

Signed-off-by: Marco Neuhaus <m.neuhaus@smf.de>
 2025-10-27 17:46:25 +01:00
Pedro Igor
0407446206
Prevent the username field from being rendered when running the identity-first login flow 
Closes #43091

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-26 18:45:49 +01:00
Pedro Igor
abd5cd292f
Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-26 17:37:44 +01:00
rmartinc
d415cc1385 DPoP replay check should take clockSkew into account 
Closes #43505

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 62f68b2f197e00a7ae5532984c08a42164184301)
 2025-10-24 09:30:28 +02:00
Pedro Igor
59b20d1d63
Allow managing realm admin roles if the the realm-admin role is granted 
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2025-10-23 21:53:17 +02:00
Stian Thorgersen
84fd00c9f7
SPIFFE should support OIDC JWK endpoint (#43651) (#43656) 
Closes #43650


(cherry picked from commit f6ac64907d300025c70bbb0ab42a6cacb2730e51)

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-23 08:08:31 +02:00
Alexander Schwartz
4ad4ce5d58 Adding this as a breaking change plus deprecation 
Closes #43022

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 14:55:31 -03:00
Ronaldo Paulino Jiconda
489d10157a Fix OIDC IDP broker basic auth encoding 
Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters.

Closes #26374
Closes #43022

Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2025-10-21 14:55:31 -03:00
Martin Kanis
a321c2c91f Make pending email verification attribute removable by admin 
Closes #43351

Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 986fdd7341a0f42a59f5eec1bd6c3d5a715f2893)
 2025-10-21 08:50:07 -03:00
Alexander Schwartz
7c50d94f14
Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 08:16:40 -03:00
Martin Kanis
add43bd394
Final review and update for UPDATE_EMAIL documentation 
Closes #42991


(cherry picked from commit 3f70da04f6a9511831e1fe2fd2de304e7e411f60)

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-10-21 12:45:29 +02:00
Steven Hawkins
c0ba2599b1
fix: noting db support level changes (#43549) (#43608) 
closes: #43191


(cherry picked from commit 736d4920d70e54b71f293f3b681fbdf51d3cc373)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-21 11:45:06 +02:00