keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30

Author	SHA1	Message	Date
forkimenjeckayang	3099cc2294	[OID4VCI]: Add UI for OID4VCI Protocol Mapper Configuration (#44390 ) Closes: #43901 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-12-04 14:18:37 +01:00
forkimenjeckayang	4dd68c0316	[OID4VCI] Conformance Test Fixes (#44439 ) closes #44659 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-12-04 09:03:38 +01:00
Stefan Guilhen	65ab7f541d	Add API method that fetches the scheduled workflow steps for a resource Closes #43660 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-03 11:09:55 -03:00
Ricardo Martin	f91363d12d	Improve Public Key Management for JWTAuthorizationGrant identity provider Closes #44243 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-12-03 11:45:34 +01:00
mposolda	9c6a6276e4	Polishing of sd-jwt SDK builder related methods closes #44532 Signed-off-by: mposolda <mposolda@gmail.com>	2025-12-03 11:09:08 +01:00
Martin Bartoš	5828fab258	[admin-api-v2] Incorrect DTO/DAO mapping (#44587 ) * [admin-api-v2] Incorrect DTO/DAO mapping Closes #44586 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Handle roles and service account operations, cleanup service contract Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-12-03 09:41:18 +01:00
rmartinc	ae7e7ba084	New Identity Provider condition for client policies Closes #44442 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-12-03 08:50:31 +01:00
Pascal Knüppel	9b870d3d8a	Fix ClassCastException on mixing AddressMapper with ClaimsMapper (#44457 ) closes #44455 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>	2025-12-01 14:55:44 +01:00
Stefan Guilhen	6653b72f88	Ensure delete step is triggering UserRemovedEvent Closes #44398 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-01 10:52:40 -03:00
Stefan Guilhen	3e312d91d8	Ensure null values are not serialized when fetching workflows in YAML format Closes #44396 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-01 10:45:35 -03:00
PavlNekrasov	a92221ba38	Fix NPE when importing SAML EntityDescriptor without SPSSODescriptor (#44431 ) closes #44430 Signed-off-by: PavlNekrasov <95914807+PavlNekrasov@users.noreply.github.com>	2025-12-01 12:45:35 +01:00
Giuseppe Graziano	2b4855ff97	Executor for checking claims in JWT assertions (#44537 ) Closes #4443 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-12-01 11:07:42 +01:00
Sebastian Łaskawiec	aa789dd023	Logout confirmation Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>	2025-11-28 14:24:32 +01:00
Marek Posolda	38768819e1	Make sure that signature validation possible to configure for OIDC id… (#44516 ) closes #44473 Signed-off-by: mposolda <mposolda@gmail.com> Signed-off-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Ricardo Martin <rmartinc@redhat.com>	2025-11-28 08:51:20 +01:00
Thomas Diesler	54bf9206b2	[OID4VCI] Credential Offer must be created by Issuer not Holder (#44255 ) closes #44116 Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2025-11-27 16:07:10 +01:00
Alexander Schwartz	f3cd38219a	Use central method to create a DocumentBuilder for SAML Closes #44486 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-27 11:11:49 +01:00
Alexis Rico	b0b38176f0	Manage Organization Invites Closes #38809 Signed-off-by: Alexis Rico <sferadev@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-27 10:28:52 +01:00
resah	0b3d928ae2	fix: handle localized date formatting in message format Closes #44377 Signed-off-by: Theresa Henze <theresa.henze@bare.id>	2025-11-27 10:05:49 +01:00
Pedro Igor	96aea99d6c	Make sure LDAP sync runs in a single cluster node and respecting the configured period Closes #43752 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-27 08:08:20 +01:00
mposolda	cbb823bc0e	Make sd-jwt key binding verification work with EdDSA keys closes #44369 Signed-off-by: mposolda <mposolda@gmail.com>	2025-11-26 14:44:29 +01:00
rmartinc	d0e4d1f620	Better events for jwt-bearer and check all details in the tests CLoses #44137 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-26 12:09:51 +01:00
Stian Thorgersen	2acfd41b19	Stop looking up client in ClientAssertionState to prevent lookup by clientId in federated client authentication (#44448 ) Closes #44447 Signed-off-by: stianst <stianst@gmail.com>	2025-11-26 06:31:05 +01:00
Giuseppe Graziano	b323fea8bc	Always allow to setup JWKS URL in oidc idp Closes #44217 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-25 17:09:13 +01:00
dawg	d5a507e90d	fix #43819 - partial import fails to overwrite existing groups (#43924 ) * fix #43819 - partial import fails to overwrite existing groups - when removal is delayed until insertion of the newly imported group this causes a duplicate key constrain violation (`Key (realm_id, parent_group, name)`) - fixed by flushing group removals Signed-off-by: Martin Nowak <code@dawg.eu> * adding a test and using a general fix Signed-off-by: Steve Hawkins <shawkins@redhat.com> # Conflicts: # services/src/main/java/org/keycloak/partialimport/PartialImportManager.java --------- Signed-off-by: Martin Nowak <code@dawg.eu> Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Steve Hawkins <shawkins@redhat.com>	2025-11-25 16:17:51 +01:00
Thomas Diesler	39264edf3f	[OID4VCI] Fix deprecated realm-scoped well-known endpoint access Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2025-11-25 12:19:17 +01:00
rmartinc	5ab371f1ff	Use PrivateKey directly when decrypting SAML Closes #44289 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-25 09:11:05 +01:00
rmartinc	ca205272ba	Initial integration of the JWT Authorization Grant in client Policies Using the downscope executor for testing Closes #44201 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-24 19:37:07 +01:00
Awambeng	8406cf34fb	[OID4VCI]: Realm-Configurable Time-Claim Normalization (Randomize/Round) to Mitigate Correlation (#43834 ) Closes #43399 Signed-off-by: Awambeng <awambengrodrick@gmail.com>	2025-11-24 11:07:07 +01:00
Pascal Knüppel	64d5e1a3d5	[OID4VCI] Redesign SDJwt API and handle keybinding JWT (#44227 ) closes #42091 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2025-11-24 11:01:19 +01:00
Stian Thorgersen	2a78bc67d7	Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325 ) Closes #44253 Closes #42987 Closes #44063 Signed-off-by: stianst <stianst@gmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-11-22 12:53:22 +01:00
Giuseppe Graziano	3e8b2f8ab7	New JWT Authorization Grant Identity provider (#44176 ) Closes #43570 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-19 09:18:23 +01:00
Marek Posolda	a4c583246d	Use the unified constants class for sd-jwt/oid4vc standard data and claims (#44153 ) closes #44152 Signed-off-by: mposolda <mposolda@gmail.com>	2025-11-18 10:41:04 +01:00
Pedro Igor	d4f9a09236	Fixing encoding of forwarded parameters Closes #44125 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-14 15:46:09 -03:00
jhgojbis	fd99aa6244	Bug fix double-encoding for query parameter acr_values Related bug fix in Keycloak version 26.4 space with mutiple values results in → "+" → "%2B" Reported bug: https://github.com/keycloak/keycloak/issues/44125 Signed-off-by: jhgojbis <gh_wipe@hotmail.com>	2025-11-14 15:46:09 -03:00
Stefan Guilhen	3319e8d9b5	Add optional parameter in WorkflowResource.toRepresentation to allow retrieval of the rep without the ids Closes #44183 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-11-14 12:20:40 -03:00
Giuseppe Graziano	bcf6df545b	Fix npe in ConditionalUserConfiguredAuthenticator Closes #44156 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-14 10:09:30 +01:00
Stian Thorgersen	a2c1055f8d	Proposed import order (#43432 ) * Add importOrder to Spotless Closes #43235 Signed-off-by: stianst <stianst@gmail.com> * Re-order imports with Spotless Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: stianst <stianst@gmail.com>	2025-11-14 09:34:49 +01:00
Hamza Hathoute	8fb8fd5346	fix: add flag to delete-step to control user removal from federation provider Closes #43538 Signed-off-by: Hathoute <whitesmith.thedj@gmail.com>	2025-11-13 22:32:11 +00:00
Pedro Igor	b46b0321d6	Skip FGAP when evaluating permissions for regular clients Closes #40712 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-13 22:16:09 +01:00
Vlasta Ramik	d2697232b9	Rename `bind` endpoint to `activate` Closes #44155 Signed-off-by: vramik <vramik@redhat.com>	2025-11-13 22:15:33 +01:00
Chance Coleman	b2317dabdc	Add configurable HTTP retry mechanism for OCSP validation (#42535 ) Closes #42401 Signed-off-by: UnicornChance <chance@defenseunicorns.com> Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>	2025-11-13 13:21:13 +01:00
vramik	748b58bf64	Remove creation of default policy, resource and permission upon enabling authorization for a client Closes #43867 Signed-off-by: vramik <vramik@redhat.com>	2025-11-13 09:14:56 -03:00
Sebastian Łaskawiec	3288f83dc9	Adding an integration test with Minikube for Kubernetes Service Account Federated Authenticator Closes #42983 Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-13 08:52:46 +01:00
Stefan Guilhen	da7993896d	Allow ISO-8601 compatible format for the after field in workflow steps - aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations Closes #42913 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-11-12 18:51:49 -03:00
Stefan Guilhen	7acf2ceccb	Add pagination and search by name capabilities to WorkflowsResource Closes #44164 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-11-12 17:18:11 -03:00
vramik	84a679224b	Add operation to deactivate a workflow execution for a resource Closes #42124 Signed-off-by: vramik <vramik@redhat.com>	2025-11-12 17:02:17 -03:00
Pedro Igor	9d728dd686	Missing message properties when rendering pages for organization invites Closes #44113 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-12 15:56:39 -03:00
Martin Kanis	a7c02076a1	UPDATE_EMAIL action invalidates old email Closes #43738 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-11-12 11:32:36 -03:00
Steven Hawkins	63fc0eec28	task: use client v1 logic for v2 impl (#43982 ) * task: use client v1 logic for v2 impl closes: #43733 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * removing the provider module Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-11-12 15:08:27 +01:00
Awambeng	c0be5c42b9	[OID4VCI]: Add backward compatibility for Draft 15 wallets (single proof support) (#43951 ) Closes #43926 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-11-12 14:30:33 +01:00

1 2 3 4 5 ...

5580 Commits