keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30

Author	SHA1	Message	Date
stianst	7dca54e8dc	Set version to 26.0.11 26.0.11	2025-04-24 14:12:15 +02:00
Stian Thorgersen	35b29bb6d2	Adapt fake_fips for kernel 6.11 (#248 ) Closes #39125 Signed-off-by: rmartinc <rmartinc@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Ricardo Martin <rmartinc@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-04-24 14:10:08 +02:00
mposolda	b329e6e79a	Make sure Cancel AIA does not remove required action from user Signed-off-by: mposolda <mposolda@gmail.com> (cherry picked from commit 5e0915854348c9cb95519d5d2d04b41ee97605db)	2025-04-24 11:44:46 +02:00
Steve Hawkins	f835f49065	fix: remove ANY mode modification of truststores also note that ANY should not be used in production closes: CVE-2025-3501 Add a test for the error (#1) Signed-off-by: Ricardo Martin <rmartinc@redhat.com> Update docs/guides/server/keycloak-truststore.adoc Co-authored-by: Marek Posolda <mposolda@gmail.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com>	2025-04-24 11:44:33 +02:00
Venelin Cvetkov	4ae7d60784	Add config param disableTypeClaimCheck in order to validate external tokens without typ claim Closes #33332 Signed-off-by: Venelin Cvetkov <venelin.tsvetkov@gmail.com> (cherry picked from commit d388dc79361cd8ba2ace049bd888334faf253552)	2025-04-17 15:11:25 +02:00
Alexander Schwartz	a2deff172b	Do not terminate persistent sessions worker on exceptions Closes #38925 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-04-15 13:10:29 +02:00
Martin Bartoš	e2d646ab2c	[Docs] Broken link in ExternalLinksTest for importmap Closes #38930 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-04-15 11:08:32 +02:00
Alexander Schwartz	a07561b64e	Sorting the chapters of the HA guide (#38834 ) Closes #38721 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-04-15 10:28:40 +02:00
Ricardo Martin	8ca108df23	Add chrome install action in GHA to force a specific version of chrome Closes #38817 Signed-off-by: rmartinc <rmartinc@redhat.com> (cherry picked from commit 4c319aa3fa703054602e347a834f3183b18cfb9a)	2025-04-14 20:44:30 +02:00
rmartinc	2a845aa2b5	Migrate old recaptcha secret name when used Closes #38607 Signed-off-by: rmartinc <rmartinc@redhat.com> (cherry picked from commit ba91a092ab6a8266a89be254405d3a6d64dcce85)	2025-04-09 13:56:19 +02:00
Pedro Igor	2caf4ba4aa	Added condition to check offlineSessionMaxLifespanEnabled on clearing Closes #38063 Signed-off-by: Saravana <saravanakumar.a@kobil.com> Co-authored-by: saravanaarh <127546533+saravanaarh@users.noreply.github.com> Co-authored-by: Saravana <saravanakumar.a@kobil.com>	2025-04-08 16:29:58 +00:00
Alexander Schwartz	b62e2f3e8e	Set the mail.from to avoid looking up the local hostname Closes #38353 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-04-03 11:53:38 -03:00
rmartinc	154206c5f3	Define a max expiration window for Signed JWT client authentication Closes #38576 Signed-off-by: rmartinc <rmartinc@redhat.com> (cherry picked from commit a10c8119d4452b866b90a9019b2cc159919276ca)	2025-04-03 13:24:12 +02:00
Václav Muzikář	4f08adc65d	Upgrade to Quarkus 3.15.4 (#38410 ) Closes #38409 Closes #36482 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2025-03-25 11:15:52 -03:00
Alexander Schwartz	415f6c89e7	Upgrade to Infinispan 15.0.14 (#38219 ) Closes #37711 Upgrade to latest JGroups patch version to resolve thread pinning Closes #37285 Upgrade to Infinispan 15.0.13.Final Closes #37253 Upgrade Infinispan to 15.0.12.Final Closes #36686 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Pedro Ruivo <pruivo@redhat.com>	2025-03-24 09:41:31 +01:00
Ricardo Martin	2adeab3c44	Use clickLink and upgrade arquillian/selenium for chrome 134 (26.0) * Use clickLink and upgrade arquillian/selenium for chrome 134 Closes #38041 Signed-off-by: rmartinc <rmartinc@redhat.com> (cherry picked from commit 4ff2c473ef9a003e53a0752e7d84f42a0c310d6a) * Update dependency Signed-off-by: mposolda <mposolda@gmail.com> * Fix AppInitiatedActionWebAuthnTest compilation Signed-off-by: mposolda <mposolda@gmail.com> * More changes in Forms IT for chrome 134 issues in branch 26.0 Signed-off-by: rmartinc <rmartinc@redhat.com> --------- Signed-off-by: mposolda <mposolda@gmail.com> Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: mposolda <mposolda@gmail.com>	2025-03-22 15:45:02 +01:00
Alexander Schwartz	fbf1ad2241	Allow a token to be revoked twice Closes #37621 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-03-05 08:22:14 +01:00
Václav Muzikář	9bf74725df	Upgrade to Quarkus 3.15.3.1 Closes #37683 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2025-02-28 10:29:56 +01:00
Marek Posolda	f62acdaa42	Password policies like NoUsername should compare in case-insensitive way closes #37431 Signed-off-by: mposolda <mposolda@gmail.com> (cherry picked from commit 2bcd2dbe74ac038c1b56b51b49087a9818541f2a)	2025-02-18 13:54:01 +00:00
Jon Koops	8ae5205ae3	Fix broken external link in Gitlab IdP docs (#37435 ) (#37438 ) Closes #37434 Signed-off-by: Jon Koops <jonkoops@gmail.com> (cherry picked from commit 3ccc88628fedd60a2b76aadaf0371d6317e53ad7)	2025-02-18 11:32:48 +00:00
Bruno Oliveira da Silva	3cd5b13df0	CVE-2024-47072 - XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream [26] Closes #37360 Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>	2025-02-14 16:19:03 +00:00
Pedro Igor	44f18467d5	Only set organization to client session when re-authenticating if user is member of the mapped organization Closes #37169 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-14 15:38:22 +00:00
Bruno Oliveira da Silva	9bd12dcacd	Trivy workflow is not reporting issues on other branches [26.0] (#37342 ) Trivy workflow is not reporting issues on other branches Closes #37331 Co-authored-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>	2025-02-14 10:26:08 -03:00
Ricardo Martin	6257cc444e	Show error message only in the username field for the login.ftl (#37350 ) Closes #37229 Signed-off-by: rmartinc <rmartinc@redhat.com> (cherry picked from commit a121418fe7d247e4e416b45ad79f256c0b24e7b1)	2025-02-14 12:18:58 +01:00
Bruno Oliveira da Silva	e2f2bb4ba3	Revert "Move Snyk reports from GitHub Security tab to GitHub issues" This reverts commit 65a96757bd8a0ca46f536198ab8ac7fec6494aaf. Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>	2025-02-13 22:36:48 -03:00
Ricardo Martin	707a556828	Force login in reset-credentials to federated users Closes #37207 Signed-off-by: rmartinc <rmartinc@redhat.com> (cherry picked from commit 6850f410605d79ea1fa98ea20774056e3a210217)	2025-02-13 08:31:06 +00:00
Yoshikazu Nojima	ace9068f35	Add Network Ports section for Keycloak < 26.1 Closes #37160 Signed-off-by: Yoshikazu Nojima <mail@ynojima.net> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2025-02-11 15:00:16 +01:00
Martin Bartoš	c5a7155216	Invalid migration export for empty database Fixes #32535 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-02-11 13:23:39 +01:00
Alexander Schwartz	45d16b1c09	Commit proto.lock changes (only needed in release branches) Closs #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-06 08:41:29 -03:00
Alexander Schwartz	2469a33081	Changes picking up pruivo's suggestions Closes #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-06 08:41:29 -03:00
Alexander Schwartz	61a44657f0	Also cache client roles if looked up by name and not found Closes #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-06 08:41:29 -03:00
Alexander Schwartz	a3c175ffc0	Apply a heuristic to look up by the role by ID or name Closes #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-06 08:41:29 -03:00
Alexander Schwartz	242516624c	Cache empty results for role-by-name lookup Closes #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-06 08:41:29 -03:00
Martin Bartoš	74624e732d	Fix broken JavaScript CI Closes #36998 Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2025-02-06 12:24:57 +01:00
Václav Muzikář	9d0fe94436	Upgrade to Quarkus 3.15.3 (#36796 ) Closes #36793 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2025-02-05 15:00:20 +01:00
Dave Meyer	813cfa16d6	Fixed typos in email theme Closes #36988 Signed-off-by: Dave Meyer <contact@davemeyer.io> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-04 18:48:50 -03:00
Stefan Guilhen	845f8489c5	Ensure LDAPStorageMapper.getGroupMembers is taking the fetch strategy in consideration when retrieving the members - fixes issue when MEMBER-OF strategy is selected but ignored when listing members Closes #33477 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> (cherry picked from commit b2e8942dd1a4d931491bd25a4671e5aaac36c380)	2025-02-03 19:11:17 -03:00
Ricardo Martin	f76b7e80a7	Manage exceptions in waitForPageToLoad for chrome error in version 132 Closes #36781 Closes #36782 Closes #36902 Signed-off-by: rmartinc <rmartinc@redhat.com> (cherry picked from commit efbeb8caa6170cfc870ac99757cdaedb22dcbbcc)	2025-02-03 19:18:57 +00:00
Alexander Schwartz	da2fceb699	Outdated documentation reCAPTCHA (#36982 ) Closes #36887 Signed-off-by: Stepan Papazyan <papastepano@gmail.com> (cherry picked from commit 0c46ad299c4d26f4806303124edb09820fbe9daf) Co-authored-by: papastepano <papastepano@gmail.com>	2025-02-03 11:21:52 +01:00
Ricardo Martin	66a6248d51	Provide an option to force login after reset credentials (#36856 ) Closes #36844 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Ricardo Martin <rmartinc@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Co-authored-by: Marek Posolda <mposolda@gmail.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2025-01-29 10:05:00 +01:00
Miguel C	4d54071551	Add primary key to avoid issues in some mysql 8 server but still keep compatibility with others Closes #35827 Signed-off-by: mike-pt <mike-pt@users.noreply.github.com> Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> (cherry picked from commit ffa85cdd59ee1e5aae0f211091a0ec867cf7530a)	2025-01-28 10:30:57 -03:00
Alexander Schwartz	a9cf9f83df	Avoid using docker hub for pulling images (#36689 ) Closes #36331 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-01-28 11:33:37 +01:00
andymunro	dbdc837355	Add Dependency section for creating an SPI Closes #36798 Signed-off-by: AndyMunro <amunro@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> (cherry picked from commit 1912602a5a98896ba475a27da29119768786248e)	2025-01-28 09:37:12 +01:00
Erik Jan de Wit	3dad95ba28	fix AccessContext in bundle (#36516 ) (#36519 ) Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> (cherry picked from commit b12a0734f448166da5abad879af0c0319039b752)	2025-01-27 10:29:56 +00:00
andymunro	ca87e36031	Openshift conflict Closes #36745 Signed-off-by: AndyMunro <amunro@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com> (cherry picked from commit 9ab28e7ffebb454b500f68918fb3f9441acc51e7)	2025-01-27 08:55:35 +01:00
Pedro Igor	3122e4d18d	Remember the organization once selected when reloading pages Closes #36629 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-24 17:36:57 +01:00
Pedro Igor	4df89c5f47	Support for the login_hint parameter in the identity-first login page Closes #36649 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-24 13:58:44 +01:00
Alexander Schwartz	2a3dc2c643	Avoid both loggingan error and throwing an exception (#36753 ) Closes #36728 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-01-24 09:51:32 +01:00
Vlasta Ramik	f58c393bb8	Update `index-creation-threshold` in migrate_db.adoc Closes #36669 (cherry picked from commit a01c8da2bd5d6ccc235fb545784348c64b718291) Signed-off-by: vramik <vramik@redhat.com>	2025-01-24 08:48:24 +01:00
Pedro Igor	cc6ed54bc3	Allow using a custom scope name when mapping organization to tokens Closes #36514 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-23 13:50:36 +01:00

1 2 3 4 5 ...

26545 Commits