keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30

Author	SHA1	Message	Date
vramik	4d912a9c21	Support for YAML payloads for Admin client for creation of workflows Closes #43666 Signed-off-by: vramik <vramik@redhat.com>	2025-11-03 13:09:17 -03:00
Ingrid Kamga	ea06651da5	[OID4VCI] Ensure `openid_credential` is one of `authorization_details_types_supported` on the Authorization Server metadata (#43599 ) Closes #43398 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2025-10-31 11:32:24 +01:00
Stian Thorgersen	be6a3814fb	Add CORS support to OIDC dynamic client registration endpoints (#43625 ) Closes #8863 Signed-off-by: stianst <stianst@gmail.com>	2025-10-30 12:12:08 +01:00
Tomáš Kyjovský	4c64b7189c	Deprecate `org.keycloak.common.util.Base64` Closes #43370 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-30 09:12:14 +01:00
Stefan Guilhen	3751bc050d	Workflows enhancements - Allow specifying a parameter in events to better tie workflows to more specific events (e.g. user-role-added(name-of-role)) - Make workflows 'if' and 'on' fields use expressions by default - Fix condition evaluation inconsistencies by having a single param for each condition - Remove need to use double quotes for condition parameters - Reference groups by path instead of id in conditions Closes #43137 Closes #43536 Closes #43537 Closes #43661 Closes #43715 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-10-27 07:20:59 -03:00
Giuseppe Graziano	a25a0268de	Experimental feature for JWT Authorization Grant (#43624 ) Closes #43444 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-10-22 15:34:33 +02:00
Stefan Guilhen	657105bb41	Improve WorkflowRepresentation.Builder, changing concurrency(true) to concurrency().cancelIfRunning() for better clarity Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-10-20 10:54:53 -03:00
vramik	4dc398354a	Restart workflow basen on `concurrency/cancel-if-running` option rather than `reset-on` option Closes #42911 Signed-off-by: vramik <vramik@redhat.com>	2025-10-17 10:06:43 -03:00
Stefan Guilhen	4985fa25c6	Add restart step provider, replacing the recurring config option Closes #42910 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-10-16 11:49:14 -03:00
stianst	aedd7fe5db	Remove unused imports as part of #43233 Signed-off-by: stianst <stianst@gmail.com>	2025-10-13 13:32:01 +02:00
Peter Zaoral	f67dd98dd4	Fix sdjwt tests: make all string-byte conversions explicit (UTF-8) (#43288 ) * this unifies behaviour prior to JDK18 on Windows platform Closes #43264 Signed-off-by: Peter Zaoral <pepo48@gmail.com>	2025-10-13 08:37:52 +02:00
rmartinc	5732946388	Add ECDSA as a valid key type that should return EC public key Closes #42588 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-07 19:41:27 +02:00
Stefan Guilhen	7f29c9bb88	Improve workflow logging messages - every execution gets its own id that can be used to track all activities related to that particular workflow execution Closes #42952 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-09-29 23:10:21 -03:00
Stefan Guilhen	ab7daf7fac	Add validation to workflow update so that only changes to the name and enabled flag are allowed for now Closes #42916 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-09-26 14:51:05 -03:00
vramik	80453bdbfb	Allow defining steps in a workflow that can run immediate or scheduled Closes #42888 Signed-off-by: vramik <vramik@redhat.com>	2025-09-25 14:37:22 -03:00
Pedro Igor	fe8fce859d	Improve the Workflow JSON schema Closes #42697 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-24 04:04:44 -03:00
rmartinc	f560ea8f29	Allow EdDSA keys in JWTClientCredentialsProvider Closes #42751 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-22 13:53:19 +02:00
rmartinc	6ae2c4ae30	Place EdECUtilsImpl.java in the normal source folder Closes #42716 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-22 08:08:19 +02:00
mposolda	f5c71e3e55	Incorrect scheme in the WWW-Authenticate when Authorization: DPoP used closes #42706 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-18 12:22:00 +02:00
Giuseppe Graziano	fd7f5351ad	Client Authenticator configurable per client Closes #42044 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-09-16 16:54:39 +02:00
vramik	d0e83cc05e	Rename RLM to Workflows Closes #42512 Signed-off-by: vramik <vramik@redhat.com>	2025-09-16 08:52:50 -03:00
Ricardo Martin	a2acdda535	Automatic download and cache of the SAML client public keys (#41947 ) Closes #17028 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-16 13:07:33 +02:00
forkimenjeckayang	64e0b450aa	[OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint (#40751 ) Closes #39278 Closes #39279 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2025-09-15 14:02:45 +02:00
Vlasta Ramik	4382072d89	[RLM] Disable policy when the origin or selection criteria is removed Closes keycloak#42123 Signed-off-by: vramik <vramik@redhat.com>	2025-09-09 16:46:43 -03:00
Pedro Igor	58990a5544	Add a policy condition based on user attributes Closes #42118 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-09 12:07:59 -03:00
Pedro Igor	a42550d2e5	Add support for aggregated actions Closes #42119 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-05 10:29:18 -03:00
Stefan Guilhen	3d88846732	Add support for immediate policies Closes #42311 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-09-05 08:50:15 -03:00
Marek Posolda	6a27a4c336	EdDSA support for DPoP (#42362 ) closes #42286 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-05 12:54:43 +02:00
Awambeng	f9cb8dfe3d	[OID4VCI]: Add DPoP nonce header support to OID4VCI nonce endpoint (#41999 ) Closes #41580 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-09-04 14:52:10 +02:00
Stian Thorgersen	320ea5a9a7	Experimental SPIFFE identity provider (#42314 ) Closes #42313 Signed-off-by: stianst <stianst@gmail.com>	2025-09-04 14:48:18 +02:00
Martin Kanis	fc3914c439	[RLM] Provide a action to notify users by email based on a configurable time Closes #41788 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-09-03 16:38:41 -03:00
Pedro Igor	17a053b2af	Add support for generic event-based policies and conditions Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-02 17:45:59 -03:00
mposolda	624d236ced	DPoP verification support for admin/account REST API endpoints. Java admin-client DPoP support closes #33942 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-02 14:29:30 +02:00
Pedro Igor	a64c5c0d70	Adding RLM Admin API and basic endpoints Closes #40346 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-08-28 14:49:21 -03:00
Marek Posolda	dd7ad5b866	Ability to display 'authenticator provider' of the WebAuthn credential (#41615 ) closes #41613 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2025-08-20 11:42:24 +02:00
Peter Skopek	651d651c30	Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822 ) Signed-off-by: Peter Skopek <pskopek@redhat.com>	2025-08-12 16:50:17 +02:00
huyenvu2101	5436f9781c	Allow setting default value for userprofile attribute Closes #36160 Signed-off-by: huyenvu2101 <vhuyen2101@gmail.com>	2025-08-06 13:59:54 -03:00
Steven Hawkins	11924e6473	enhance: adding the ability to get the root config from a Scope closes: #36268 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-08-05 18:51:33 +02:00
Steven Hawkins	d3d217e074	fix: showing only the canonical oauth2 property name (#41652 ) closes: #41624 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-08-05 11:03:27 -04:00
forkimenjeckayang	43610cfa67	[OID4VCI] Update SD-JWT VCs Format Identifier to dc+sd-jwt (#41233 ) Closes #39293 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-08-01 09:13:35 +02:00
Alexis Rico	c834e7473c	Fix typo in consent scope) * Deprecate `displayTest` Closes #40786 Signed-off-by: Alexis Rico <sferadev@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-07-07 16:38:47 +00:00
Douglas Palmer	a981f6b6d5	Access Token IDs have less than 128 bits of entropy Closes #38663 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2025-06-26 16:48:03 +02:00
Douglas Palmer	1183157d86	Key generation for client authentication is always RSA 2048 with a 10-year validity, regardless of the selected algorithm Closes #38620 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2025-06-25 08:15:43 +02:00
Pedro Igor	828f9f7916	Mark user as disabled if reaching max login failures and permanent lockout is enabled Closes #40159 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-06-18 08:34:56 +02:00
Steven Hawkins	76bc9fadcb	fix: adding a -- separator for spi options (#40005 ) * fix: adding a -- separator for spi options closes: #39063 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * adding a warning for ambiguous spi options also adding a note about the change Signed-off-by: Steve Hawkins <shawkins@redhat.com> # Conflicts: # docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc * updating docs to the new format Signed-off-by: Steve Hawkins <shawkins@redhat.com> # Conflicts: # docs/guides/high-availability/examples/generated/keycloak-ispn.yaml # docs/guides/high-availability/examples/generated/keycloak.yaml * internally using the new spi options also adding a deprecation notice Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Apply suggestions from code review Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * correcting options output adding + + inlining where needed Signed-off-by: Steve Hawkins <shawkins@redhat.com> * adding test showing the env mapping with __ Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2025-06-13 16:13:53 +02:00
Ricardo Martin	41110823c7	Integrate current auth-username-password-form authenticator with passkeys isConditionalMediationAvailable (#38781 ) Closes #29596 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-06-05 08:53:00 +02:00
Thomas Darimont	04191e0c7a	Add cpu info to serverinfo Fixes #40208 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2025-06-05 00:07:17 +02:00
mposolda	ab7edb0d01	Introduce ExternalToInternalTokenExchangeProvider. Make it working with Google IDP using token-info endpoint instead of user-info endpoint closes #40146 closes #40133 Signed-off-by: mposolda <mposolda@gmail.com>	2025-06-04 10:03:52 +02:00
Erik Jan de Wit	cbd0d18f6a	add description to groups fixes #39172 Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-05-14 06:41:01 -04:00
Tetsuhiro Hiruta	10c0c8fa52	Add OpenAPI annotation to JSON object of ClientPolicycy representations Closes #32600 Signed-off-by: Tetsuhiro Hiruta <tetsuhiro.hiruta.sg@hitachi.com>	2025-04-29 09:41:16 +02:00

1 2 3 4 5 ...

1109 Commits