External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
28,828 Commits 26 Branches 288 Tags
Commit Graph

1252 Commits

Author SHA1 Message Date
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
rmartinc
acf39b34c3 Make passkeys feature supported 
Closes #41556

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-12 11:18:57 +02:00
vramik
a8225655cf Initial commit for the RLM feature 
Closes #40340
Closes #40341

Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>

Signed-off-by: vramik <vramik@redhat.com>
 2025-08-11 17:34:41 -03:00
Pedro Igor
a8997c364f Fixing updating attribute value 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 13:59:54 -03:00
huyenvu2101
5436f9781c Allow setting default value for userprofile attribute 
Closes #36160

Signed-off-by: huyenvu2101 <vhuyen2101@gmail.com>
 2025-08-06 13:59:54 -03:00
Steven Hawkins
11924e6473
enhance: adding the ability to get the root config from a Scope 
closes: #36268

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-05 18:51:33 +02:00
forkimenjeckayang
43610cfa67
[OID4VCI] Update SD-JWT VCs Format Identifier to dc+sd-jwt (#41233) 
Closes #39293

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-08-01 09:13:35 +02:00
Keshav Deshpande
bee7e4b335
Change error to 400 for unknown user (#40939) 
Closes #39079

Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>
 2025-07-31 10:23:14 +02:00
rmartinc
1f608fae6e Create a new condition for credential type and add it to default flows 
Closes #41354

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-31 10:14:15 +02:00
Thomas Darimont
97dfbd2c84
Add details about client assertion to event 
Fixes #41405

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-07-30 18:50:27 +00:00
Björn Eickvonder
d62d5030fe
Adds log context information for MDC for realm, users, etc. 
Closes #39812

Signed-off-by: Björn Eickvonder <b.eicki@gmx.net>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Bjoern Eickvonder <bjoern.eickvonder@inform-software.com>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-16 17:46:46 +02:00
Pedro Igor
d5206b61f6 Update email feature only enabled if the required action is enabled at the realm 
Closes #41045

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-14 16:31:15 -03:00
Pascal Knüppel
f39a37d8d1
[OID4VCI] Move realm attributes to clientScope and protocol-mappers (#39768) 
fixes #39527


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2025-07-10 14:46:36 +02:00
Martin Kanis
5a42390341 Make UPDATE_EMAIL a supported feature 
Closes #40227

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-09 10:15:48 -03:00
rmartinc
900d8c7400 Changing default passwordless webauthn policy to follow recommended values in the documentation 
Closes #40792

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-09 11:34:28 +02:00
rmartinc
d62114e50e Do not add steps if feature disabled in default flows 
Allow login if a step is disabled even the authenticator is not enabled by profile
Closes #40954

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-09 10:44:36 +02:00
Steven Hawkins
d74e71e5ed
fix: streamlining the client scope update (#40808) 
closes: #40805

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-07 17:57:39 +02:00
Steven Hawkins
2b44c5676f
fix: adding logic to isolate realm migration processing (#39377) 
* fix: adding logic to isolate realm migration processing

also adding an info log for each realm migrated

closes: #33978 #38649

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* switching to an export strategy tolerant to read committed

also preventing creating cached users during export

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* updating the docs to still recommend shutting the server down for export

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* accounting for null managed users

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* refinements based upon review comments

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Scaling back the docs

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>

* Remove rogue release note

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-06-30 08:31:57 -04:00
Pedro Igor
304bcdce88
Do not show update email link if the email attribute is not writable 
Closes #39669

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-06-28 10:19:41 +02:00
rmartinc
cc7b63cfc6 Integrate passkeys with separate username and password forms 
Closes #40021

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-25 09:43:48 +02:00
rmartinc
86f0a7864f Disable email verification when email manually changed by idp review 
Closes #40446

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-25 08:56:03 +02:00
Douglas Palmer
1183157d86 Key generation for client authentication is always RSA 2048 with a 10-year validity, regardless of the selected algorithm 
Closes #38620

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2025-06-25 08:15:43 +02:00
Steven Hawkins
c01736a9cd
fix: correcting additional legacy scope usage (#40644) 
closes: #39063

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-06-24 14:58:27 +02:00
Pedro Igor
828f9f7916
Mark user as disabled if reaching max login failures and permanent lockout is enabled 
Closes #40159

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-06-18 08:34:56 +02:00
Giuseppe Graziano
b9033ad9c3 Validate client policy condition configuration 
Closes #40187

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-06-11 11:01:08 -03:00
Giuseppe Graziano
1d9ecb2d7a
Added WebAuthn and recovery codes as disabled in the First Broker Login Flow (#40319) 
Closes #40000

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-06-09 12:40:53 +02:00
rmartinc
2ec1496c5b Rename "Browser - Conditional OTP" to "Browser - Conditional 2FA" in default browser flow 
Closes #40281

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-09 08:41:23 +02:00
rmartinc
c3bbf45a7b Add webauthn and recovery codes to the default browser flow as disabled 
Closes #39999

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-05 16:09:32 +02:00
Ricardo Martin
41110823c7
Integrate current auth-username-password-form authenticator with passkeys isConditionalMediationAvailable (#38781) 
Closes #29596

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-05 08:53:00 +02:00
Pascal Knüppel
17e2602a56
[OID4VCI] Fix creation of clientScopes with protocol oid4vc (#39556) 
closes #39527

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2025-06-05 08:49:05 +02:00
mposolda
ab7edb0d01 Introduce ExternalToInternalTokenExchangeProvider. Make it working with Google IDP using token-info endpoint instead of user-info endpoint 
closes #40146
closes #40133

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-06-04 10:03:52 +02:00
Martin Kanis
f35c413b31 Add re-authentication when updating email via UPDATE_EMAIL feature 
Closes #39670

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-06-03 09:09:44 -03:00
mposolda
a66f7fbc53 Fix NPE during external-internal token exchange in case that user exists 
closes #40104

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-05-31 08:31:45 +02:00
Pedro Igor
7cc055f8a6 Verify brokered user email based on the email_verified claim from the ID Token returned by the OP 
Closes #39885

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-29 10:45:18 -03:00
rmartinc
9e7ef7989d Better locale management in the admin console 
Closes #39934

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-28 10:47:14 +02:00
Pedro Igor
e6e6fa60fa Adding OAuth2-based identity broker 
Closes #35266

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-27 12:07:01 -03:00
Michal Hajas
88f660b235
Add experimental feature rolling-updates:v2 that allows rolling updat… (#39751) 
...e for patch releases
Closes #38882
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-05-27 11:17:42 -03:00
rmartinc
5c28ee4d4c Create client passwords calculating the entropy size for JWT with client secret 
Closes #38621

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-27 10:23:58 +02:00
Giuseppe Graziano
8833c0aa5d Ignore Accept-Language header for reset email from admin api 
Closes #36986

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-05-27 10:14:22 +02:00
Anchels
d91688198c Removed dead local stores 
Closes #39698

Signed-off-by: Anchels <mishtitov@gmail.com>
 2025-05-27 09:09:13 +02:00
Pedro Igor
7aab9fade8 Move FGAP types to a specific package 
Closes #39712

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-22 09:53:16 -03:00
rmartinc
3c511635ba Skip AIA for webauthn register if a crendential of teh correct type already exists 
Closes #39191

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-20 18:09:12 +02:00
Kai J. Witt
c76bb0683c
Make max auth age configurable for all required actions by default 
Moved the current configuration implementation for the update password

Closes #39408

Signed-off-by: Kai Josef Witt <KWitt@vhv.de>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Kai Josef Witt <KWitt@vhv.de>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-05-15 08:44:38 +02:00
Erik Jan de Wit
cbd0d18f6a
add description to groups 
fixes #39172

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-14 06:41:01 -04:00
Pedro Igor
34ad280665
Build user representations when searching based on the user profile settings 
Closes #39595

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-14 10:42:25 +02:00
Alexander Schwartz
4b47697c83
Lazily process sessions from ISPN to avoid fetching client sessions (#39639) 
Closes #39638

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-13 13:16:41 +02:00
Steven Hawkins
9193a9ccad
fix: refining DefaultCors logging (#39582) 
also using allowAllOrigins where possible

closes: #39492

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-05-13 09:54:01 +02:00
Pedro Igor
4973de6314
Do not show email during registation if user has no permission 
Closes #37899

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-09 09:11:35 +02:00
Pedro Igor
8716d2425d
Skip partial evaluation if there is no realm bound to the session 
Closes #39465

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-08 09:29:53 +02:00
Steve Hawkins
abc448e4d1 fix: performing inline user import for multi-file 
closes: #38251

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-05-07 14:22:39 -03:00