External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,572 Commits 26 Branches 288 Tags
Commit Graph

2784 Commits

Author SHA1 Message Date
vramik
748b58bf64 Remove creation of default policy, resource and permission upon enabling authorization for a client 
Closes #43867

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-13 09:14:56 -03:00
Stefan Guilhen
da7993896d Allow ISO-8601 compatible format for the after field in workflow steps 
- aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations

Closes #42913

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 18:51:49 -03:00
vramik
84a679224b Add operation to deactivate a workflow execution for a resource 
Closes #42124

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-12 17:02:17 -03:00
Pedro Ruivo
39964befef
Sessions not removed when user is deleted 
Fixes #43323

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-11 14:09:05 +01:00
Martin Kanis
c28cde359c Local user can't login when ldap error 
Closes #43639

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-11 08:48:26 -03:00
Stefan Guilhen
ef3de183df Skip checksum validation for 2.5.0-unicode-oracle, that is preventing migrations when schema name changes 
Closes #43564

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-10 12:56:45 -03:00
Stian Thorgersen
d8275fe5df
Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Pedro Ruivo
18eeef7b26
Create user session expired event 
Closes #43942

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-07 22:36:47 +00:00
Pedro Ruivo
80895d7fb4
AUTH_SESSION_ID cookie has the incorrect route 
Fixes #43933

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-07 21:32:45 +00:00
Pedro Igor
33f1dda2cf Processing workflow events asynchronously - Part 1 
Closes #42386

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-07 10:57:05 -03:00
Stian Thorgersen
b278dbbb3d
Allow identity provider configuration without defaults for user authentication (#43963) 
Closes #43552

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 10:13:40 -03:00
Alexander Schwartz
3ef8c565f3
Avoid touching the database layer if no changes are necessary for a user 
Closes #43682

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-05 06:44:48 -03:00
Tobi
479859a7a3
Add new indices on offline_client_session 
Closes #43566

Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-31 17:49:47 +01:00
Stian Thorgersen
1048c8d9c9
Filter out non-user authentication IdPs from account and login (#43798) 
Closes #43553

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-31 12:40:04 +01:00
Pedro Ruivo
e40c5de050
Session cache affinity 
Closes #42776

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 21:01:09 +00:00
Tomáš Kyjovský
4c64b7189c
Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
Marek Posolda
2fc5419676
Avoid using UserCredentialManager from user storage extensions (#43695) 
closes #43694

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-29 16:26:59 +01:00
Pedro Igor
ce5dd51921 Migration step to add the reset-password scope to user resource type resources 
Closes #43736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-29 08:49:51 -03:00
Alexander Schwartz
2b51d6f4ac
Avoid holding on to the realm in cached configurations 
Closes #43744

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 13:10:24 -03:00
Alexander Schwartz
ba0fe9bd70
Cleaning up threadlocals to prevent (small) memory leak 
Closes #43759

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 10:36:27 -03:00
Stefan Guilhen
3751bc050d Workflows enhancements 
- Allow specifying a parameter in events to better tie workflows to more specific events (e.g. user-role-added(name-of-role))
 - Make workflows 'if' and 'on' fields use expressions by default
 - Fix condition evaluation inconsistencies by having a single param for each condition
 - Remove need to use double quotes for condition parameters
 - Reference groups by path instead of id in conditions

Closes #43137
Closes #43536
Closes #43537
Closes #43661
Closes #43715

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-27 07:20:59 -03:00
Pedro Igor
6527b139dc
Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:33 +02:00
vramik
4dc398354a Restart workflow basen on concurrency/cancel-if-running option rather than reset-on option 
Closes #42911

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-17 10:06:43 -03:00
Alexander Schwartz
02dfb4bd8a
Remove extra flush events to increase performance 
Closes #43362

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-15 12:39:49 +02:00
Pedro Ruivo
468c063e27
Client session may be lost during session restart 
Fixes #43349

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 11:01:16 +00:00
Pedro Igor
fa581c8148 Allow passing a context to steps 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-13 09:53:30 -03:00
Pedro Igor
5b5a83b800 Moving WorkflowsManager and WorkflowStateSpi to server-spi-private module 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-13 09:53:30 -03:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
Alexander Schwartz
10f06e9eb7
JDBC_PING publishes its physical address on startup 
Closes #43357

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-13 09:53:30 +01:00
Alexander Schwartz
66b9e801c1
Mark the reading of admin and user events read-only 
This should decrease the memory usage and improve response times

Closes #43365

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-13 09:46:38 +02:00
Giuseppe Graziano
0bfb9079f2 Reject search for not allowed client attributes 
Closes #42541

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-10 09:37:40 +02:00
Alexander Schwartz
17fb20c58d
Prevent using JTA transaction when initializing JDBC_PING 
Closes #43335

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-09 23:09:36 +02:00
Steve Hawkins
6f36a02ffe fix: retaining user creation timestamp when importing 
closes: #43195

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-08 11:36:29 -03:00
vramik
e4dc88de13 [FGAP] Make additional rest endpoints respect permissions 
Closes #40058

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-08 08:47:22 -03:00
Pedro Igor
4f55b9b6bd
Filter invalid resources and scopes when processing entries from the cache 
Closes #42907

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-03 19:25:57 +02:00
Ryan Emerson
5cb0562fd2
Prevent users configuring max-count=-1 for caches with a default upper-bound 
Closes #33146

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-10-02 19:58:28 +00:00
Pedro Ruivo
4f24f93b85
Restarting an user session broken for persistent sessions 
Fixes #43161

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-02 21:29:04 +02:00
Pedro Igor
37577cde14 Make sure the component state is updated when invoking sync on user storage providers 
Make sure periodic tasks are cancelled if the provider is disabled or import users is disabled

Closes #42470

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-02 10:22:50 -03:00
Stefan Guilhen
7f29c9bb88 Improve workflow logging messages 
- every execution gets its own id that can be used to track all activities related to that particular workflow execution

Closes #42952

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-29 23:10:21 -03:00
Pedro Igor
6e851ce80e Only filter default organization related scopes based on dynamic scope format 
Closes #42877

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-26 16:28:12 -03:00
Václav Muzikář
b65a60e40d
Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00
Stefan Guilhen
7e28d13e76 Add workflow condition that uses boolean expressions to combine and negate conditions 
Closes #42583

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-26 07:52:12 -03:00
Alexander Schwartz
a84d243d47
Avoid invalidating the realm when managing client initial access 
Closes #42922

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 21:31:32 +02:00
Martin Bartoš
5acec7d5fc
[PERF] InitClusterStartupTime debug messages (#42908) 
Closes #42880

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-24 16:04:03 +02:00
Alexander Schwartz
4389bc2990
Fix duplicate label when using password history 
Closes #42736

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 11:21:59 +02:00
Pedro Igor
fe8fce859d Improve the Workflow JSON schema 
Closes #42697

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:04:44 -03:00
Pedro Igor
54d2451b35 Make user read-only and a proper error message when the user federation provider is not available 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Pedro Igor
d65c17ebc7 Do not fail when querying user federation providers and log messages to indicate the problem 
Closes #42276

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Alexander Schwartz
a9ed355bfc
Adding missing time column to index 
Closes #42792

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-23 07:33:08 -03:00
Pedro Ruivo
47f85631f3
Automatically create external caches for MULTI_SITE deployments 
Closes #32129

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-19 18:56:38 +02:00