External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
28,060 Commits 26 Branches 288 Tags
Commit Graph

5137 Commits

Author SHA1 Message Date
maxhov
9654210402 Allow searching for multiple users by their ids. Closes #12025. 
Signed-off-by: maxhov <14804474+maxhov@users.noreply.github.com>
 2025-04-23 10:07:45 -03:00
Marek Posolda
f8a4a8da86
Unexpected AIA Cause Server Errors 
closes #37526

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-17 14:15:07 +00:00
Marek Posolda
025b2ba442
Introducing IdpLinkAction as AIA to replace client-initiated account linking (#38952) 
closes #37269
closes #35446

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2025-04-17 13:20:05 +02:00
Pedro Igor
1ba8fe16ac
Deprecate for removal Instagram Identity Broker (#38998) 
Closes #37967
Closes #36562

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-17 09:07:06 +02:00
Michal Hajas
4dc4de7c12
Remove CACHE-EMBEDDED-REMOTE-STORE experimental feature 
Closes #34160

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-04-16 12:01:55 +00:00
Pedro Igor
b9d38d0fe9
Resolve first the user by username and fallback to the email during the identity-first login flow 
Closes #38852

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-15 23:07:20 +02:00
Pedro Igor
8e74e2c8d6
Do not validate hd claim if hd parameter is set to any 
Closes #38910

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-15 22:47:54 +02:00
vramik
bd58b70447 Test coverage for count methods when filtering 
Closes #38692

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-15 15:31:02 -03:00
Pedro Igor
86a1e9d209 Remove authentication session when deleting the account 
Closes #38671

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-15 07:40:13 -03:00
Thomas Darimont
ec4d35e6a4
Add missing null-checks to IdentityProviderResource 
Fixes #38938

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-04-14 21:39:45 +00:00
Peter Tóth
c6e1878087
Add organizations count endpoint 
Closes #38262

Signed-off-by: Péter Tóth <tothp@sztaki.hu>
 2025-04-14 19:44:44 +00:00
sophie [⛧-440729]
d1ff1b186e
add option to the nginx x509 client cert lookup provider to not url-decode the passed client cert 
Closes #17171 

Signed-off-by: ⛧-440729 [sophie] <sophie@999eagle.moe>
 2025-04-11 10:38:38 +02:00
Thomas Darimont
478e0b3264 Make sure that there is single audience allowed by default in JWT tokens sent to client authentication 
closes #38819

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2025-04-10 18:08:10 +02:00
Pedro Igor
ae88d7921f
Improvements to partial evaluation 
Closes #38732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-09 18:15:28 +02:00
WMartel
182758f046
Improve Organization endpoints with String body 
- Added trim() call to get rid of surrounding white space characters
  for organization POST endpoints that expect a String body instead of
  an actual object

Closes #38760

Signed-off-by: WMartel <10606973+WMartel@users.noreply.github.com>
 2025-04-09 11:59:24 +00:00
vramik
9c02bb29d3 Fix AvailableRoleMappingResource 
Closes #35580

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-09 08:41:15 -03:00
Martin Bartoš
83001e4024
OTelHttpClientFactory not configured properly when tracing enabled 
Closes #38740

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-04-08 17:04:23 +00:00
rmartinc
ba91a092ab Migrate old recaptcha secret name when used 
Closes #38607

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-08 14:22:25 +02:00
Pedro Igor
79b533ee02
Allow managing client authorization settings is manage scope is granted for clients 
Closes #38726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-08 13:07:48 +02:00
Pedro Igor
be880ae204
Do not cache partial results when FGAP is enabled 
Closes #38705

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-08 08:22:22 +02:00
Pedro Igor
8521b9952a
Export failing if the realm has FGAP enabled 
Closes #38695

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-07 18:47:44 +02:00
rmartinc
540ee9eda2 Add webauthn tests for the passkeys conditional UI authenticator 
Closes #23659

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-07 15:04:59 +02:00
Pedro Igor
d98ca0a2a2
Make sure searches by identifiers are filtered 
Closes #38679

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-07 14:59:43 +02:00
Stefan Guilhen
a4ca92ab4d
Validate realm name for uniqueness before creating a new realm in the DB 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #38426
 2025-04-07 08:49:42 -04:00
vramik
6488890585 [FGAP:V2] remove configure scope from Client resource type 
Closes #38567

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-07 07:05:02 -03:00
Stefan Guilhen
c4c3e2eee6 Allow redirection to idp when user email matches any of the org domains 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Panzer <martin.panzer@active-logistics.com>

Closes #33804
 2025-04-04 11:28:04 -03:00
Alexander Schwartz
b211391e02
Enhance logging for a missing provider factory dependency 
Closes #38594

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-04-04 15:38:02 +02:00
Pedro Igor
9f079f7874
Permission checks that do not check a specific client should check the permissions granted to the client resource type 
Closes #38653

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-03 17:00:47 +00:00
vramik
8127a9da60 [FGAP] Allow user creation when the admin has permission to manage-members and manage-membership for all existing groups defined in UserRepresentation 
Closes #38269

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-03 12:08:46 -03:00
Pedro Igor
29d3dcb49a
Do not allow delete the FGAP client 
Closes #38644

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-03 14:57:06 +02:00
vramik
999d9aa75b [FGAP] Override canList() for V2. 
Closes #38641

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-03 08:35:08 -03:00
rtufisi
134437a5a7
Create recovery keys in user storage or local (#38446) 
closes #38445

Signed-off-by: rtufisi <rtufisi@phasetwo.io>
 2025-04-03 10:09:48 +02:00
vramik
f12fa0b5bb [FGAP] remove transitiveness from auth scopes 
Closes #38557

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-02 16:56:25 -03:00
tranthanhhien06072001
13405b184a
Add totp policy to TotpLoginBean (#38606) 
Closes #38523

Signed-off-by: hientt85 <hientt85@viettel.com.vn>
 2025-04-02 18:34:07 +02:00
rmartinc
a10c8119d4 Define a max expiration window for Signed JWT client authentication 
Closes #38576

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-02 18:32:54 +02:00
rmartinc
43c79e8d1b Add locale attribute to the registration context 
Closes #38029

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-02 09:03:06 +02:00
Pedro Igor
61cb0acbc4 Fixing inconsistencies when evaluating permission in the evaluation tab 
Closes #38498

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-01 11:40:27 -03:00
Alexander Schwartz
85737f52b5
Make access Token in user info endpoint bound to the dpop proof 
Closes #38333

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-03-31 09:41:57 +02:00
Václav Muzikář
2a0ce46471
Prevent frontend endpoint redirect to admin endpoint (#38464) 
Closes #38463

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-03-28 18:44:43 +01:00
Douglas Palmer
4ccb50106a
Add audience to the client-scopes evaluate tab (#38457) 
* Add audience to the client-scopes evaluate tab #37548

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>

* Simulate audience parameter in the evaluate tab - polishing

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2025-03-28 16:22:34 +01:00
Steven Hawkins
06e0885f46
fix: adds back reporting of non-ip client addresses (#37797) 
closes: #36843

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/AbstractTokenExchangeProvider.java
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/StandardTokenExchangeProvider.java
 2025-03-27 19:33:20 +00:00
Stefan Guilhen
d62fa871b5 Allow users to unset their e-mail when the previous e-mail matches org domain but user is not an org member 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #38257
 2025-03-27 08:50:08 -03:00
Stefan Guilhen
e694065aed User UserModel.isFederated() instead of comparing federation link to null 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #38137
 2025-03-27 08:11:14 -03:00
Pedro Igor
78aa8b486f User not visible when permission with different scope exists 
Closes #38369

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-03-27 08:01:04 -03:00
Yoshiyuki Tabata
08bac045be Raising an event when a ClientPolicyException is caught #38366 
Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2025-03-27 10:41:21 +01:00
Giuseppe Graziano
0d5346e8ca
Add broker session id in IDENTITY_PROVIDER_LOGIN event 
Closes #34720

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-03-26 16:18:12 +00:00
Pedro Igor
26c90f369f Support for partial evaluation for clients 
Closes #38393

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-03-25 09:04:12 -03:00
Thomas Darimont
6c1f0d25cd Avoid NPE in WebAuthnPasswordlessAuthenticator 
- If the user provided a custom username, we check if the user actually exists.
If no user exists, we mark this authenticator as attempted.
- If the user provided no username and selected no webauthn credential,
but submitted the form, we mark this authenticator as attempted.

Fixes #29585

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-03-25 10:53:46 +01:00
Steven Hawkins
c0da146873
fix: limit the scope of when a single transaction is used for import (#37990) 
closes: #34364

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-03-24 14:39:07 -04:00
Pedro Igor
1c57035d41 Support partial evaluation for the group resource type 
Closes #38273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-03-24 11:49:53 -03:00