keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30

Author	SHA1	Message	Date
Pedro Ruivo	468c063e27	Client session may be lost during session restart Fixes #43349 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-14 11:01:16 +00:00
Steven Hawkins	f66359ce19	fix: updating service account docs closes: #17268 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-10-14 11:02:20 +02:00
Stian Thorgersen	33987e54ff	Fix schedule-nightly workflow (#43413 ) Signed-off-by: Stian Thorgersen <stianst@gmail.com> Signed-off-by: Stian Thorgersen <stian@redhat.com>	2025-10-14 10:32:25 +02:00
Václav Muzikář	28749042c7	Fix Spotless checks (#43418 ) Closes #43417 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2025-10-13 20:16:27 +02:00
Peter Zaoral	f87b90339d	Stabilize PlainTextVaultProviderTest by enhancing validation logging (#42014 ) Closes: #39660 Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2025-10-13 17:03:50 +00:00
rmartinc	248d6d1feb	Upgrade xmlsec to 3.0.4 and remove KeycloakFipsSecurityProvider workaround Closes #43263 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-13 15:38:58 +02:00
mposolda	a77c4a6ad2	Minor UI fixes on 'Keys' tab of SAML client closes #43304 Signed-off-by: mposolda <mposolda@gmail.com>	2025-10-13 15:28:06 +02:00
Pedro Igor	fa581c8148	Allow passing a context to steps Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-13 09:53:30 -03:00
Pedro Igor	5b5a83b800	Moving WorkflowsManager and WorkflowStateSpi to server-spi-private module Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-13 09:53:30 -03:00
Stefan Guilhen	652270302d	Workflows code cleanup Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-10-13 09:53:30 -03:00
stianst	aedd7fe5db	Remove unused imports as part of #43233 Signed-off-by: stianst <stianst@gmail.com>	2025-10-13 13:32:01 +02:00
stianst	963682a07c	Add Spotless plugin with removeUnusedImports check enabled Closes #43233 Signed-off-by: stianst <stianst@gmail.com>	2025-10-13 13:32:01 +02:00
Robin Meese	ca368706cc	Update translation.md docs (#43402 ) Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>	2025-10-13 13:26:23 +02:00
Alexander Schwartz	10f06e9eb7	JDBC_PING publishes its physical address on startup Closes #43357 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-13 09:53:30 +01:00
Alexander Schwartz	66b9e801c1	Mark the reading of admin and user events read-only This should decrease the memory usage and improve response times Closes #43365 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-13 09:46:38 +02:00
Peter Zaoral	f67dd98dd4	Fix sdjwt tests: make all string-byte conversions explicit (UTF-8) (#43288 ) * this unifies behaviour prior to JDK18 on Windows platform Closes #43264 Signed-off-by: Peter Zaoral <pepo48@gmail.com>	2025-10-13 08:37:52 +02:00
burnedoutman	5c132b34da	The fix will separate the option description from the link in the Referrer Policy settings Closes #43061 Signed-off-by: burnedoutman <97279475+burnedoutman@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-10 15:45:50 -04:00
vramik	815d2d14d4	Check FGAP enabled before proceeding with evaluation Closes #43331 Signed-off-by: vramik <vramik@redhat.com>	2025-10-10 15:44:01 -03:00
Jon Koops	5cbba8f984	Automatically dispose of realms created by `createTestBed()` (#43299 ) Closes #43298 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2025-10-10 10:22:21 -04:00
Alexander Schwartz	934ac48a54	Rework formatting for release notes Closes #43320 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-10 07:42:53 -03:00
mposolda	c2e49c8c59	'Service accounts roles' should be 'Service account roles' closes #43087 Signed-off-by: mposolda <mposolda@gmail.com>	2025-10-10 11:25:37 +02:00
rmartinc	a19f4d00fc	Throw and catch UnsupportedOperationException to fix XPathAttributeMapperTest Closes #43262 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-10 09:39:47 +02:00
Giuseppe Graziano	0bfb9079f2	Reject search for not allowed client attributes Closes #42541 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-10-10 09:37:40 +02:00
Weblate (bot)	00f372fa32	Translations update from Hosted Weblate (#43150 ) * Updated translation for Portuguese (Brazil) Language: pt_BR Updated translation for Portuguese (Brazil) Language: pt_BR Updated translation for Portuguese (Brazil) Language: pt_BR Updated translation for Portuguese (Brazil) Language: pt_BR Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: Rafael Cunha <rafael.danicunha@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Rafael Cunha <rafael.danicunha@gmail.com> * Updated translation for Russian Language: ru Updated translation for Russian Language: ru Updated translation for Russian Language: ru Updated translation for Russian Language: ru Updated translation for Russian Language: ru Updated translation for Russian Language: ru Translated using Weblate (Russian) Translation: Keycloak/Theme base/admin Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ru/ Updated translation for Russian Language: ru Updated translation for Russian Language: ru Co-authored-by: Anton Petrov <petrov9810@gmail.com> Co-authored-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Anton Petrov <petrov9810@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> * Updated translation for French Language: fr Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: Sylvain Pichon <service@spichon.fr> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Sylvain Pichon <service@spichon.fr> * Updated translation for Chinese (Traditional Han script) Language: zh_Hant Updated translation for Chinese (Traditional Han script) Language: zh_Hant Updated translation for Chinese (Traditional Han script) Language: zh_Hant Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: 秉虎 <s96016641@gmail.com> Co-authored-by: 翁震軒 <benwater12@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: 秉虎 <s96016641@gmail.com> Signed-off-by: 翁震軒 <benwater12@gmail.com> --------- Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Rafael Cunha <rafael.danicunha@gmail.com> Signed-off-by: Anton Petrov <petrov9810@gmail.com> Signed-off-by: Sylvain Pichon <service@spichon.fr> Signed-off-by: 秉虎 <s96016641@gmail.com> Signed-off-by: 翁震軒 <benwater12@gmail.com> Co-authored-by: Rafael Cunha <rafael.danicunha@gmail.com> Co-authored-by: Anton Petrov <petrov9810@gmail.com> Co-authored-by: Sylvain Pichon <service@spichon.fr> Co-authored-by: 秉虎 <s96016641@gmail.com> Co-authored-by: 翁震軒 <benwater12@gmail.com>	2025-10-10 09:32:22 +02:00
mposolda	76d271bf00	openid-connect flow is missing response type on language change closes #41292 Signed-off-by: mposolda <mposolda@gmail.com>	2025-10-10 08:38:32 +02:00
Alexander Schwartz	17fb20c58d	Prevent using JTA transaction when initializing JDBC_PING Closes #43335 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-09 23:09:36 +02:00
Pedro Ruivo	48f1978531	Update docs to include PostgreSQL SSL certificate Closes #43311 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-10-09 15:02:53 +02:00
mposolda	0100ac6d6e	Security Defenses realm settings lost when switching between Headers and Brute Force Detection tabs closes #42676 Signed-off-by: mposolda <mposolda@gmail.com>	2025-10-09 13:31:27 +02:00
Pedro Igor	faa0ccbb7d	Automatically redirect based on login hint Closes #42715 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-08 14:43:32 -03:00
Alexander Schwartz	94d428d450	Adding attributes for section links so they work in upstream and downstream Closes #43286 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-08 11:37:13 -03:00
Steve Hawkins	6f36a02ffe	fix: retaining user creation timestamp when importing closes: #43195 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-10-08 11:36:29 -03:00
vramik	e4dc88de13	[FGAP] Make additional rest endpoints respect permissions Closes #40058 Signed-off-by: vramik <vramik@redhat.com>	2025-10-08 08:47:22 -03:00
Thomas Darimont	85afd62452	Use correct error response for missing assertions in Signed JWT Validation * Ensure conformance for Signed JWT Validation (#43269) This re-adds the explicit client assertion parameter validation to produce the correct error responses required by RFC7523. See: https://www.rfc-editor.org/rfc/rfc7523.html#section-3.2 The refactoring for the support for Federated JWT Client authentication broke the OIDF conformance tests for https://www.rfc-editor.org/rfc/rfc7523.html. Fixes #43269 Fixes #43270 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> * Ensure conformance for Signed JWT Validation (#43269) Add additional tests for ClientAuthSignedJWTTest. Fixes #43269 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> --------- Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2025-10-08 11:01:13 +02:00
Ryan Emerson	12ae8b7cc9	CI pipeline breaks when there are no tags for a release branch yet Closes #43057 Signed-off-by: Ryan Emerson <remerson@ibm.com>	2025-10-08 09:26:58 +02:00
Steven Hawkins	817c78f0d9	fix: adds error handling for common redirect codes (#43276 ) closes: #31401 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-10-08 08:55:07 +02:00
Steven Hawkins	a74c178195	fix: making picocli ansi handling match quarkus (#43268 ) closes: #42446 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-10-08 08:51:09 +02:00
rmartinc	5732946388	Add ECDSA as a valid key type that should return EC public key Closes #42588 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-07 19:41:27 +02:00
rmartinc	9f9f5ae97a	Ensure events are fully filled before success is called Closes #42914 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-07 17:06:26 +02:00
Alexander Schwartz	8d79bb082c	Show if integer is required Closes #43202 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-07 12:01:17 -03:00
rmartinc	94a4e062f7	Add a debug statement when the KeycloakFipsSecurityProvider is created Closes #43015 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-07 16:59:22 +02:00
rmartinc	4476b44482	Use UserSessionUtil.findValidSessionForAccessToken in revocation endpoint Closes #43218 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-07 16:49:08 +02:00
Pedro Igor	54289f0130	Lowercase username and email when fetching values from LDAP object Closes #43254 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-07 14:14:50 +00:00
Stian Thorgersen	ab7939f33a	Add support for spiffe_refresh_hint to Spiffe Identity Provider (#43242 ) Closes #42806 Signed-off-by: stianst <stianst@gmail.com>	2025-10-07 14:00:46 +02:00
rmartinc	9546fca45e	Convert the wizard to create client in progressive to validate every step Closes #42971 Signed-off-by: rmartinc <rmartinc@redhat.com> lala	2025-10-07 13:01:00 +02:00
Martin Kanis	a493213ad4	Hide read-only email attribute in update profile context with update … …email enabled (#43024 ) * Hide read-only email attribute in update profile context with update email enabled Closes #42990 Signed-off-by: Martin Kanis <mkanis@redhat.com> * Simplifying conditions when checking read/write on email attribute and more tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> --------- Signed-off-by: Martin Kanis <mkanis@redhat.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-07 12:52:55 +02:00
sashyo	8dd7437e90	feat(timer-provider): expose scheduled tasks and start time (#43107 ) update to return task name and taskcontext and using keycloak time over instant fix naming Signed-off-by: Sasha Le <iamsasha.le@gmail.com>	2025-10-07 07:56:38 +00:00
Steven Hawkins	7bfc33fd5f	fix: auto-defaulting log console color (#42669 ) closes: #42445 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2025-10-06 17:14:30 +00:00
Lukas Hanusovsky	abcc5d418f	Move ConcurrentLoginTest.java to the new testsuite (#43090 ) Part of: #34494 Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2025-10-06 15:00:19 +00:00
Šimon Vacek	ae7c2d29e8	[Test Framework] Ability to run Keycloak test server with HTTPS (#42616 ) * Ability to run Keycloak test server with HTTPS Closes: #34486 Signed-off-by: Simon Vacek <simonvacky@email.cz> # Conflicts: # test-framework/core/src/main/java/org/keycloak/testframework/CoreTestFrameworkExtension.java # test-framework/core/src/main/java/org/keycloak/testframework/server/KeycloakServerConfigBuilder.java # Conflicts: # test-framework/core/src/main/java/org/keycloak/testframework/CoreTestFrameworkExtension.java * PR review fixes Signed-off-by: Simon Vacek <simonvacky@email.cz> * Split keystore into truststore and keystore Signed-off-by: Simon Vacek <simonvacky@email.cz> --------- Signed-off-by: Simon Vacek <simonvacky@email.cz>	2025-10-06 12:56:51 +02:00
dependabot[bot]	54e8c87860	Bump snyk/actions Bumps [snyk/actions](https://github.com/snyk/actions) from e2221410bff24446ba09102212d8bc75a567237d to de2dda699bf7276d103ed6a72a5bc5a1871ad658. - [Release notes](https://github.com/snyk/actions/releases) - [Commits](`e2221410bf...de2dda699b`) --- updated-dependencies: - dependency-name: snyk/actions dependency-version: de2dda699bf7276d103ed6a72a5bc5a1871ad658 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-03 17:45:58 -03:00

1 2 3 4 5 ...

29357 Commits