keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30

Author	SHA1	Message	Date
Ingrid Kamga	ce05241c7f	[OID4VCI] Tolerate clock skew in SD-JWT time checks (#43506 ) Closes #43456 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2025-11-11 09:02:44 +01:00
Steven Hawkins	9ef7ff22d2	allow non-optimized commands to run without a separate java launch (#43591 ) * fix: allow non-optimized commands to run without a separate java launch closes: #43611 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/AbstractAutoBuildCommand.java Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2025-11-11 08:57:17 +01:00
Šimon Vacek	6926ef83f9	Test framework support for remote databases (#43609 ) Part of #41940 Signed-off-by: Simon Vacek <simonvacky@email.cz>	2025-11-11 07:59:33 +01:00
Stefan Guilhen	ef3de183df	Skip checksum validation for 2.5.0-unicode-oracle, that is preventing migrations when schema name changes Closes #43564 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-11-10 12:56:45 -03:00
Pedro Igor	c23d2af65c	The admin roles manage-authorization and view-authorization should have precedence over manage-client when managing authorization settings Closes #43883 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-10 16:10:48 +01:00
Martin Kanis	39e1e40be4	Document missing artifact dependency for UserStoragePrivateUtil Closes #43212 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-11-10 10:41:12 -03:00
Giuseppe Graziano	c0e34fa45f	Additional configuration and validation for jwt assertion grant (#44014 ) Closes #43873 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-10 14:34:06 +01:00
Vojtěch Boček	cd4543456e	fix: do not re-neable AuthorizationService if it is already enabled The enable action needs the realm-wide "modify client" permission, which restricted admins with the fine-grained-authz feature do not have. This causes a "forbidden" exception when try try to save a client with Authorization already enabled, even if the "enable" action does nothing since it was already enabled. Fixes #22938 Signed-off-by: Vojtěch Boček <vbocek@gmail.com>	2025-11-10 10:20:50 -03:00
vramik	302fa3db08	Make LDAPProvidersIntegrationTest import a test realm after each test Closes #43754 Signed-off-by: vramik <vramik@redhat.com>	2025-11-10 10:19:25 -03:00
Bahaa Zaid	b07e2b8666	Fix Admin Console crash when opening Client'a Authz Permission details (#44061 ) Closes #44056 Signed-off-by: Bahaa Zaid <bahaa.zaid@pixelogicmedia.com>	2025-11-10 07:42:24 -05:00
Stian Thorgersen	d8275fe5df	Remove wildcard imports (#44060 ) Closes #44059 Signed-off-by: stianst <stianst@gmail.com>	2025-11-10 11:46:05 +01:00
Weblate (bot)	39c4c1ed94	Translations update from Hosted Weblate (#43989 ) * Updated translation for Turkish Language: tr Co-authored-by: Arif EROL <arif.erol16@gmail.com> Co-authored-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Arif EROL <arif.erol16@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> * Updated translation for Catalan Language: ca Co-authored-by: Ecron <ecron_89@hotmail.com> Co-authored-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Ecron <ecron_89@hotmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> * Updated translation for Czech Language: cs Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: Martin Kluska <martin@kluska.cz> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Martin Kluska <martin@kluska.cz> * Updated translation for French Language: fr Co-authored-by: Sylvain Pichon <service@spichon.fr> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Sylvain Pichon <service@spichon.fr> * Updated translation for Chinese (Traditional Han script) Language: zh_Hant Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: 秉虎 <s96016641@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: 秉虎 <s96016641@gmail.com> --------- Signed-off-by: Arif EROL <arif.erol16@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Ecron <ecron_89@hotmail.com> Signed-off-by: Martin Kluska <martin@kluska.cz> Signed-off-by: Sylvain Pichon <service@spichon.fr> Signed-off-by: 秉虎 <s96016641@gmail.com> Co-authored-by: Arif EROL <arif.erol16@gmail.com> Co-authored-by: Ecron <ecron_89@hotmail.com> Co-authored-by: Martin Kluska <martin@kluska.cz> Co-authored-by: Sylvain Pichon <service@spichon.fr> Co-authored-by: 秉虎 <s96016641@gmail.com>	2025-11-09 10:29:52 +01:00
Pedro Ruivo	18eeef7b26	Create user session expired event Closes #43942 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-07 22:36:47 +00:00
Pedro Ruivo	80895d7fb4	AUTH_SESSION_ID cookie has the incorrect route Fixes #43933 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-11-07 21:32:45 +00:00
Pedro Igor	c67b6bc007	Ordering attributes will unset the unmanaged attribute policy Closes #44010 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-07 16:03:42 -03:00
Martin Bartoš	d8f1476d7b	Improve test case for single feature option (#44041 ) Closes #44040 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-11-07 15:40:22 +00:00
Pedro Igor	33f1dda2cf	Processing workflow events asynchronously - Part 1 Closes #42386 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-07 10:57:05 -03:00
Martin Bartoš	1f9694358f	Ability to enable/disable feature via single property (#43542 ) * Ability to enable/disable feature via single property Closes #43541 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Provide support for specifying profile preview Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove duplication check, use the new WildcardOptionUtil Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Create quarkus specific single profile config resolver Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove the feature profile capability for single feature option Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-11-07 13:35:39 +01:00
Martin Bartoš	229cd9450e	Improve error message for the HTTPS material loading (#44006 ) Closes #44005 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-11-07 09:48:32 +01:00
Ivan Shcherbakov	442c7a781b	fix(useHash): correctly extract hash from pushState url (#43836 ) Signed-off-by: basedest <basedest@icloud.com>	2025-11-06 14:34:19 -05:00
Steven Hawkins	4a63fcffaf	fix: considering source ordinality with spi options (#43805 ) closes: #43793 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-11-06 18:01:18 +01:00
Martin Bartoš	1d3a1b554b	Print a warning on duplicate options (#43918 ) * Print a warning on duplicate options Closes #43604 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Print duplicated CLI keys and even sys props Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-11-06 14:47:29 +00:00
Lukas Hanusovsky	768cea1b82	Add FIPS suite to the new tests (#43431 ) * Add FIPS test suite to the new tests Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> * Tweaks to FIPS suite in new test Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> Signed-off-by: stianst <stianst@gmail.com> Co-authored-by: stianst <stianst@gmail.com>	2025-11-06 14:08:19 +01:00
mposolda	b8a8be33aa	Audience validation according to latest specs proposal closes #43984 Signed-off-by: mposolda <mposolda@gmail.com>	2025-11-06 10:21:35 +01:00
Stian Thorgersen	6043027d99	Refactor KubernetesIdentityProvider (#43967 ) Closes #43966 Signed-off-by: stianst <stianst@gmail.com>	2025-11-05 16:28:07 +01:00
rmartinc	5822c52a30	JWT Authorization grant should not generate refresh and use transient sessions Closes #43799 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-05 14:17:32 +01:00
Stian Thorgersen	b278dbbb3d	Allow identity provider configuration without defaults for user authentication (#43963 ) Closes #43552 Signed-off-by: stianst <stianst@gmail.com>	2025-11-05 10:13:40 -03:00
Giuseppe Graziano	a9a14bd346	Filter idps by JWT_AUTHORIZATION_GRANT type in client conifig Closes #43791 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-05 13:56:31 +01:00
Steven Hawkins	27252a14ae	fix: adding a single method to get the base uri (#43333 ) * fix: adding a single method to get the base uri closes: #43330 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update server-spi/src/main/java/org/keycloak/urls/HostnameProvider.java Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2025-11-05 12:46:09 +00:00
Bruno Oliveira da Silva	d579bc6cb1	Update maintainers (#43917 ) Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>	2025-11-05 13:20:40 +01:00
Weblate (bot)	084791ec3e	Translations update from Hosted Weblate (#43822 ) * Updated translation for Turkish Language: tr Updated translation for Turkish Language: tr Updated translation for Turkish Language: tr Co-authored-by: Arif EROL <arif.erol16@gmail.com> Co-authored-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Arif EROL <arif.erol16@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> * Updated translation for German Language: de Updated translation for German Language: de Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: Robin <39960884+robson90@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Robin <39960884+robson90@users.noreply.github.com> * Updated translation for Japanese Language: ja Updated translation for Japanese Language: ja Updated translation for Japanese Language: ja Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com> * Updated translation for Czech Language: cs Updated translation for Czech Language: cs Updated translation for Czech Language: cs Added translation for Czech Language: cs Added translation for Czech Language: cs Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Hosted Weblate <hosted@weblate.org> * Updated translation for French Language: fr Updated translation for French Language: fr Updated translation for French Language: fr Updated translation for French Language: fr Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: Sylvain Pichon <service@spichon.fr> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Sylvain Pichon <service@spichon.fr> * Updated translation for Chinese (Traditional Han script) Language: zh_Hant Updated translation for Chinese (Traditional Han script) Language: zh_Hant Updated translation for Chinese (Traditional Han script) Language: zh_Hant Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: 秉虎 <s96016641@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: 秉虎 <s96016641@gmail.com> --------- Signed-off-by: Arif EROL <arif.erol16@gmail.com> Signed-off-by: Hosted Weblate <hosted@weblate.org> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Robin <39960884+robson90@users.noreply.github.com> Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com> Signed-off-by: Sylvain Pichon <service@spichon.fr> Signed-off-by: 秉虎 <s96016641@gmail.com> Co-authored-by: Arif EROL <arif.erol16@gmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Robin <39960884+robson90@users.noreply.github.com> Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com> Co-authored-by: Sylvain Pichon <service@spichon.fr> Co-authored-by: 秉虎 <s96016641@gmail.com>	2025-11-05 11:36:41 +01:00
Alexander Schwartz	3ef8c565f3	Avoid touching the database layer if no changes are necessary for a user Closes #43682 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-05 06:44:48 -03:00
Steven Hawkins	a04d5d7b5e	task: clarifying home dir unset logic (#43904 ) closes: #43903 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-11-05 08:45:06 +01:00
fengyuchuanshen	e321f5ab23	chore: remove repetitive words in comments (#43944 ) Signed-off-by: fengyuchuanshen <fengyuchuanshen@outlook.com>	2025-11-04 17:55:22 +00:00
Martin Kanis	8e71657576	Add rate limiter for sending verification emails in context of update email Closes #43076 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-11-04 12:16:12 -03:00
rmartinc	b5be43ad07	Delete the user in test "creates a user with a password credential" Closes #43523 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-04 10:50:21 -03:00
rmartinc	245dc950d9	Hide the attribute for allowed IdPs when JWT auth capability is not enabled Closes #43925 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-04 14:47:43 +01:00
Giuseppe Graziano	4b443f04ee	JWT Authorization grant idp config (#43841 ) Closes #43568 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-04 14:46:14 +01:00
Martin Bartoš	d5763b9c0b	Migrate the OTelProvider test to the new framework Closes #43858 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-11-04 12:53:47 +01:00
Thomas Diesler	131e2357a9	Cannot issue vc of type oid4vc_natural_person Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2025-11-04 10:46:44 +01:00
KONSTANTINOS GEORGILAKIS	1c0d4616a5	hide scopes from scopes_supported in discovery endpoint Closes #10388 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-03 16:26:12 +00:00
Pedro Igor	2216ada20b	Allow GET and PUT methods using application/yaml media type Closes #42687 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-03 13:09:17 -03:00
vramik	4d912a9c21	Support for YAML payloads for Admin client for creation of workflows Closes #43666 Signed-off-by: vramik <vramik@redhat.com>	2025-11-03 13:09:17 -03:00
sander boer	d805a28ea4	Adds group description during import Adds the group description during group import from a representation. This ensures that the description is properly populated when groups are created from external sources. Closes #42851 Signed-off-by: Sander <mail@sanderboer.nl>	2025-11-03 16:08:49 +00:00
Lukas Hanusovsky	5aa05d08eb	Test Framework - new Forms test suite. (#43894 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2025-11-03 15:15:10 +00:00
Lukas Hanusovsky	0dbcfeb9d0	Test Framework - new Login V1 test suite. (#43895 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2025-11-03 15:08:12 +00:00
Robin Meese	27a47b2537	Add Czech translators (#43910 ) Closes: #43909 Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>	2025-11-03 15:52:59 +01:00
Martin Bartoš	75fcf11a1b	Separate HOW_TO_RUN.md file for the new testsuite (#43860 ) Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-11-03 15:41:01 +01:00
Lukas Hanusovsky	2ddde05afb	Moving UserFederationLdapConnectionTest to federation/ldap package (#43852 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2025-11-03 15:39:40 +01:00
Bernat Moix	733dfdbc1c	fix: use providerId instead of alias for social provider icons Identity provider icons were only displayed when the alias exactly matched predefined values. This fixes the issue by checking the providerId (provider type) instead of the alias, allowing custom aliases while maintaining correct icon display. Closes #43515 Signed-off-by: Bernat Moix <bmoix@bmoix.io>	2025-11-03 15:28:05 +01:00

... 2 3 4 5 6 ...

29695 Commits