External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,572 Commits 26 Branches 288 Tags
Commit Graph

1397 Commits

Author SHA1 Message Date
vramik
748b58bf64 Remove creation of default policy, resource and permission upon enabling authorization for a client 
Closes #43867

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-13 09:14:56 -03:00
Stefan Guilhen
da7993896d Allow ISO-8601 compatible format for the after field in workflow steps 
- aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations

Closes #42913

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 18:51:49 -03:00
vramik
84a679224b Add operation to deactivate a workflow execution for a resource 
Closes #42124

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-12 17:02:17 -03:00
Stefan Guilhen
ef3de183df Skip checksum validation for 2.5.0-unicode-oracle, that is preventing migrations when schema name changes 
Closes #43564

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-10 12:56:45 -03:00
Stian Thorgersen
d8275fe5df
Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Pedro Ruivo
18eeef7b26
Create user session expired event 
Closes #43942

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-07 22:36:47 +00:00
Pedro Igor
33f1dda2cf Processing workflow events asynchronously - Part 1 
Closes #42386

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-07 10:57:05 -03:00
Stian Thorgersen
b278dbbb3d
Allow identity provider configuration without defaults for user authentication (#43963) 
Closes #43552

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 10:13:40 -03:00
Tobi
479859a7a3
Add new indices on offline_client_session 
Closes #43566

Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-31 17:49:47 +01:00
Stian Thorgersen
1048c8d9c9
Filter out non-user authentication IdPs from account and login (#43798) 
Closes #43553

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-31 12:40:04 +01:00
Tomáš Kyjovský
4c64b7189c
Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
Marek Posolda
2fc5419676
Avoid using UserCredentialManager from user storage extensions (#43695) 
closes #43694

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-29 16:26:59 +01:00
Alexander Schwartz
ba0fe9bd70
Cleaning up threadlocals to prevent (small) memory leak 
Closes #43759

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 10:36:27 -03:00
Stefan Guilhen
3751bc050d Workflows enhancements 
- Allow specifying a parameter in events to better tie workflows to more specific events (e.g. user-role-added(name-of-role))
 - Make workflows 'if' and 'on' fields use expressions by default
 - Fix condition evaluation inconsistencies by having a single param for each condition
 - Remove need to use double quotes for condition parameters
 - Reference groups by path instead of id in conditions

Closes #43137
Closes #43536
Closes #43537
Closes #43661
Closes #43715

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-27 07:20:59 -03:00
vramik
4dc398354a Restart workflow basen on concurrency/cancel-if-running option rather than reset-on option 
Closes #42911

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-17 10:06:43 -03:00
Alexander Schwartz
02dfb4bd8a
Remove extra flush events to increase performance 
Closes #43362

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-15 12:39:49 +02:00
Pedro Igor
fa581c8148 Allow passing a context to steps 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-13 09:53:30 -03:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
Alexander Schwartz
66b9e801c1
Mark the reading of admin and user events read-only 
This should decrease the memory usage and improve response times

Closes #43365

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-13 09:46:38 +02:00
Giuseppe Graziano
0bfb9079f2 Reject search for not allowed client attributes 
Closes #42541

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-10 09:37:40 +02:00
vramik
e4dc88de13 [FGAP] Make additional rest endpoints respect permissions 
Closes #40058

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-08 08:47:22 -03:00
Stefan Guilhen
7f29c9bb88 Improve workflow logging messages 
- every execution gets its own id that can be used to track all activities related to that particular workflow execution

Closes #42952

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-29 23:10:21 -03:00
Pedro Igor
6e851ce80e Only filter default organization related scopes based on dynamic scope format 
Closes #42877

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-26 16:28:12 -03:00
Václav Muzikář
b65a60e40d
Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00
Stefan Guilhen
7e28d13e76 Add workflow condition that uses boolean expressions to combine and negate conditions 
Closes #42583

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-26 07:52:12 -03:00
Alexander Schwartz
4389bc2990
Fix duplicate label when using password history 
Closes #42736

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 11:21:59 +02:00
Pedro Igor
fe8fce859d Improve the Workflow JSON schema 
Closes #42697

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:04:44 -03:00
Alexander Schwartz
a9ed355bfc
Adding missing time column to index 
Closes #42792

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-23 07:33:08 -03:00
Pedro Ruivo
4ccf7407ed
Lazy load client sessions 
Closes #42628

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-19 10:45:11 +00:00
Pedro Igor
c1fdbb0be4
Better names for workflow events 
Closes #42389

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-18 14:50:45 +02:00
Stian Thorgersen
f9ee040ef0
Add federated subject configuration option to federated-jwt authenticator (#42610) 
Closes #42608

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-17 13:39:50 +02:00
vramik
d0e83cc05e Rename RLM to Workflows 
Closes #42512

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-16 08:52:50 -03:00
Pedro Ruivo
714d71b4f5
Concurrent update embedded caches and database 
Closes #42374

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-15 18:38:03 +00:00
Stefan Guilhen
20f5a15278 Adjust scheduled action time so that it is always based on the previous action 
Closes #42385

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-12 15:50:38 -03:00
Alexander Schwartz
6a202146b4
Handle already existing user session in the store 
Closes #40374

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 14:58:53 +02:00
Stian Thorgersen
51465f52a3
Get client by client attribute 
Closes #42543

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-11 12:07:13 +00:00
Pedro Igor
0d5dfc3eae
Add support for ad-hoc policies (#42508) 
Closes #42126

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-10 15:40:17 +00:00
Vlasta Ramik
b32b612f75
Compilation error in RolePolicyConditionProvider (#42497) 
Closes #42496

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-10 09:04:49 +00:00
Pedro Igor
1b17a3c9a6
Add a policy condition based on user roles (#42487) 
Closes #42117

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-10 03:23:56 +02:00
Vlasta Ramik
4382072d89
[RLM] Disable policy when the origin or selection criteria is removed 
Closes keycloak#42123 
Signed-off-by: vramik <vramik@redhat.com>
 2025-09-09 16:46:43 -03:00
Pedro Igor
58990a5544 Add a policy condition based on user attributes 
Closes #42118

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-09 12:07:59 -03:00
vramik
3507773854 [RLM] Cleanup code from initial PR 
Closes #42316

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-08 11:31:12 -03:00
Alexander Schwartz
cad613aa6e
Avoid removing client sessions before the user session times out 
As the client session timeout can be overwritten on a per client level, the realm level timeout can not be used to remove client sessions early.

Closes #35825

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-08 10:59:15 -03:00
Steven Hawkins
b743b3d3b1
fix: adding better management of closed entitymanagers 
closes: #42114

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 16:57:47 +02:00
Alexander Schwartz
4d3589c776
Lock the database before doing migrations 
Closes #41801

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-03 15:22:04 -03:00
Pedro Igor
76e02388ff Moving resetOnevent to base class 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
a4f115b4cc Moving deactivation events to base class 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
b65356f3c8 Refactoring how policies are activated based on user-defined events and conditions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
cee9b6803b Refactoring built-in policies to use conditions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
03cbc11e7e Initial refactoring to make federated identities a condition 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00