External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,138 Commits 26 Branches 288 Tags
Commit Graph

70 Commits

Author SHA1 Message Date
Steven Hawkins
6b6cefd827
fix: aligning the elytron alt name extraction logic (#41975) 
closes: #40629

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-16 10:11:30 -04:00
Anchels
90d241087d
Removed redundant null checks 
Closes #40677

Signed-off-by: Anchels <mishtitov@gmail.com>
 2025-08-14 17:03:27 +02:00
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Björn Eickvonder
c7cc162f6b
Support for RSA Key Size of 3072 
Closes #41551

Signed-off-by: Bjoern Eickvonder <bjoern.eickvonder@inform-software.com>
 2025-07-31 13:30:33 +02:00
Rutger Lubbers
5219101aec Configure Argon2's type correctly in Argon2PasswordHashProviderFactory 
Closes #40232

Signed-off-by: Rutger Lubbers <RutgerLubbers@gmail.com>
 2025-06-04 14:13:34 +02:00
Rutger Lubbers
e15ab7d9f9
Update documentation for Argon2 hash-key length to use the correct property 
Closes #40195

Signed-off-by: Rutger Lubbers <RutgerLubbers@gmail.com>
 2025-06-04 08:03:33 +02:00
Michal Hajas
3839f8e3b5
Add metric for password validations (#36049) 
Closes #36048
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-07 10:05:47 +01:00
Martin Bartoš
959ce9c483 Provide Tracing SPI 
Closes #34711

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2024-11-28 10:45:31 +01:00
Thomas Darimont
f61937f3d9
Prefer usage of StandardCharsets.UTF_8 over "UTF-8" charset reference 
Fixes #35080

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-25 10:45:37 +00:00
rmartinc
b0b247f1f1 Passivate imported keys if the associate certificate is expired 
Closes #34973

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-25 09:40:59 +01:00
Awambeng
cfd187b0ff
Introduce SdJwtFacade layer for simplified SD-JWT handling and enhance test coverage (#34915) 
Closes #32955

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2024-11-15 15:20:10 +01:00
Ingrid Kamga
c4d6979907
Scaffold verification of SD-JWT VP token (#29859) (#33752) 
Closes #29859

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-10-25 14:49:25 +02:00
rmartinc
6d52520730 Load client keys using SubjectPublicKeyInfo and upload jwks type into the jwks attributes for OIDC ones 
Closes #33820

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-22 14:24:15 +02:00
mposolda
b95d12a968 Add AuthzClientCryptoProvider to authz-client in keycloak main repository 
closes #33831

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-15 08:16:14 +02:00
mposolda
dad4477995 Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17 
closes #32586

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-03 15:58:57 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Pascal Knüppel
bf951a5554
Fix certificate creation with cross-keys (#31866) 
fixes #31864

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-08-07 12:41:12 +02:00
Ingrid Kamga
36a141007e
Implement advanced verification of SD-JWT in Keycloak (#30966) 
closes #30907

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-08-05 11:50:03 +02:00
Pascal Knüppel
4a15e1c2b0
Support certificate creation for EC keys (#31817) 
fixes #31816

Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-08-02 11:52:48 +02:00
rmartinc
096e335a92 Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider 
Closes #30880
Closes #29755

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-11 12:40:45 +02:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5 
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2 Issue: 26568 - bcfips version bump and fixes 
* bump BCFIPS to 1.0.2.5
               * fix bc-fips related test error
               * remove unused imports

               Closes: #26568

Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
 2024-06-25 11:07:27 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support (#28518) 
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-06-03 14:17:28 +02:00
Francis Pouatcha
2683c0a7d1
JWSBuilder when used directly with AsymmetricSignatureSignerContext produces non compliant ECDSA signed JWT (#29333) 
closes #29309 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-05-27 13:45:42 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests 
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-13 16:33:29 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
Justin Tay
d807093f63 Fix OCSP nonce handling 
Closes #26439

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-18 09:04:46 +02:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available 
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-15 15:05:09 +02:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
coursar
4a357223b3 Harmonize behaviour of different CertificateUtilsProvider implementations 
Signed-off-by: coursar <coursar@gmail.com>
 2024-02-28 11:12:41 +01:00
coursar
3b721512c4
x509Certificate AuthorityKeyIdentifierExtension (#27272) 
closes #27271 

Signed-off-by: coursar <coursar@gmail.com>
 2024-02-27 15:59:51 +01:00
Stefan Wiedemann
aa6b102e3d
Support EC Key-Imports for the JavaKeystoreKeyProvider #26936 (#27030) 
closes #26936

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-02-19 17:41:40 +01:00
Steven Hawkins
37acb2fd09
task: upgrading to quarkus 3.7.0.CR1 (#26203) 
there are several downgrades from the quarkus versions, and some
additional logic needed to handle changes with re-creating the
configuration

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-01-31 18:23:07 +00:00
David Anderson
ceea11d044
Fix various bugs and issues in crypto/elytron (#23102) 
closes #23173
 2023-10-03 09:42:57 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests 
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
 2023-08-01 11:44:25 +02:00
Václav Muzikář
776bcbcbd4
Update bcpkix and bcprov dependencies (#21543) 
Closes #21360
 2023-07-20 11:57:18 +02:00
mposolda
0ea2891eee Remove support for OpenJDK 11 on the server side 
closes #15014
 2023-07-03 13:12:22 -03:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts 
Closes #17359
 2023-04-16 17:41:22 +02:00
Yoann GUION
ba66fe84fa
iterate any attribute in multi-valued RDN to find the correct one (#14283) 
Closes #14280
 2023-03-23 11:51:01 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode 
Closes #17119
 2023-02-16 08:00:21 -03:00
rmartinc
fbc9177f27 Doublecheck if we need to override properties in java.security 
Closes https://github.com/keycloak/keycloak/issues/16702
 2023-02-15 12:33:48 +01:00
Pedro Igor
2059ffb219 Make sure the distribution is using FIPS providers 
Closes #12428
 2023-02-10 17:26:55 +01:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798) 
Closes #16797
 2023-02-03 15:31:25 +01:00
Marek Posolda
33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode (#16699) 
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
 2023-01-30 16:01:57 +01:00
mposolda
7f017f540e BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication 
Closes #16678
 2023-01-30 08:40:46 +01:00
mposolda
16888eaeab Only available RSA key sizes should be shown in admin console 
Closes #16437
 2023-01-25 13:15:07 +01:00
mposolda
29888dbf1a Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant 
Closes #12420
 2023-01-25 08:26:15 +01:00