External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,301 Commits 26 Branches 288 Tags
Commit Graph

249 Commits

Author SHA1 Message Date
github-actions[bot]
802e43c58e Set version to 26.4.1 2025-10-16 06:45:28 +00:00
vramik
89c960cd4e Fix scope interference 
Closes #40965

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-15 14:32:46 -03:00
Stian Thorgersen
464f635dc4
Fix SPIFFE client authentication when iss claim is included 
Closes #43394

(cherry picked from commit 5c5905fed3eb3285a8183259035b8c71b26e2135)

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-14 15:43:05 +00:00
Stian Thorgersen
dbd516f8e6
Refactor SimpleHttp to make it injectable and usable outside server (#42936) 
Closes #42902

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-29 08:37:05 +02:00
Stefan Guilhen
ab7daf7fac Add validation to workflow update so that only changes to the name and enabled flag are allowed for now 
Closes #42916

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-26 14:51:05 -03:00
Václav Muzikář
b65a60e40d
Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00
Stefan Guilhen
7e28d13e76 Add workflow condition that uses boolean expressions to combine and negate conditions 
Closes #42583

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-26 07:52:12 -03:00
vramik
80453bdbfb Allow defining steps in a workflow that can run immediate or scheduled 
Closes #42888

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-25 14:37:22 -03:00
rmartinc
1d28c0cd35 Expose system-info information in the serverinfo endpoint only for users in the admin realm 
Closes #42828

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-24 17:21:57 +02:00
vramik
cfec364b17 Add validation of workflow steps also when adding single step to workflow 
Closes #42833

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-24 12:03:05 -03:00
Stian Thorgersen
9655cecf8e
Add tests to check if SPIFFE is available on login and account (#42895) 
Closes #42894

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-24 11:22:15 +02:00
Lukas Hanusovsky
33c6e07c08 Move ClientScopeEvaluateTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-24 09:48:06 +02:00
Lukas Hanusovsky
1088731e4f Moving files to the new test suite 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-24 09:48:06 +02:00
Pedro Igor
fe8fce859d Improve the Workflow JSON schema 
Closes #42697

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:04:44 -03:00
Alexander Schwartz
ff04897d06
Fixing the build 
Closes #42752

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-19 08:22:11 +00:00
Martin Kanis
7ae9ebb467 [RLM] Allow adding and removing actions to existing policies 
Closes #42384

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-18 12:13:13 -03:00
Vlasta Ramik
44b4235b50
Validation for immediate workflows 
Closes #42382

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-18 14:51:04 +02:00
Pedro Igor
c1fdbb0be4
Better names for workflow events 
Closes #42389

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-18 14:50:45 +02:00
Stian Thorgersen
37a99154a5
Refactor and improve tests for federated client authentication (#42720) 
Closes #42718

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-18 09:30:01 +00:00
Pedro Igor
39222e8ca5
Validate actions that support aggregating actions (#42624) 
Closes #42381

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-17 14:15:10 +02:00
Stian Thorgersen
f9ee040ef0
Add federated subject configuration option to federated-jwt authenticator (#42610) 
Closes #42608

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-17 13:39:50 +02:00
Lukas Hanusovsky
d9b4bd047f
[Keycloak Test Framework] Infinispan cache + ClusterlessTestSuite configuration (#42172) 
* [Keycloak Test Framework] Infinispan server + ClusterlessTestSuite and MultisiteTestSuite configuration

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Utilise ClientIntelligence.BASIC to ensure that internal docker IPs
never used by Infinispan client

Signed-off-by: Ryan Emerson <remerson@ibm.com>

* Code refactoring + properties utility

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-09-17 07:13:11 +00:00
vramik
d0e83cc05e Rename RLM to Workflows 
Closes #42512

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-16 08:52:50 -03:00
Stefan Guilhen
20f5a15278 Adjust scheduled action time so that it is always based on the previous action 
Closes #42385

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-12 15:50:38 -03:00
Stian Thorgersen
51465f52a3
Get client by client attribute 
Closes #42543

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-11 12:07:13 +00:00
Pedro Igor
0d5dfc3eae
Add support for ad-hoc policies (#42508) 
Closes #42126

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-10 15:40:17 +00:00
Stefan Guilhen
371e4289c3
Add action that sets a required action for a user (#42509) 
Closes #42506

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-10 14:40:20 +00:00
Vlasta Ramik
b32b612f75
Compilation error in RolePolicyConditionProvider (#42497) 
Closes #42496

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-10 09:04:49 +00:00
Stian Thorgersen
1e5d52975e
Refactor JWTValidator to allow use both for self-signed and federated client assertions (#42472) 
Closes: #42463

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-10 08:11:18 +02:00
Pedro Igor
1b17a3c9a6
Add a policy condition based on user roles (#42487) 
Closes #42117

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-10 03:23:56 +02:00
Vlasta Ramik
4382072d89
[RLM] Disable policy when the origin or selection criteria is removed 
Closes keycloak#42123 
Signed-off-by: vramik <vramik@redhat.com>
 2025-09-09 16:46:43 -03:00
Pedro Igor
58990a5544 Add a policy condition based on user attributes 
Closes #42118

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-09 12:07:59 -03:00
mposolda
5a05d2123e Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie 
closes #40857

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-09 11:05:19 +02:00
vramik
3507773854 [RLM] Cleanup code from initial PR 
Closes #42316

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-08 11:31:12 -03:00
Lukas Hanusovsky
de50a15a2f
Test framework - Fix for wrongly placed custom KeycloakServerConfig (#42422) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-08 11:23:46 +02:00
Steven Hawkins
05c7c625d3
fix: don't show the local access screen if a service account exists (#42218) 
closes: #42201

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 18:22:31 +02:00
Pedro Igor
a42550d2e5 Add support for aggregated actions 
Closes #42119

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-05 10:29:18 -03:00
Stefan Guilhen
3d88846732 Add support for immediate policies 
Closes #42311

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-05 08:50:15 -03:00
Marek Posolda
6a27a4c336
EdDSA support for DPoP (#42362) 
closes #42286

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-05 12:54:43 +02:00
Pedro Igor
4abe5b5f4a
Initial implementation for the RLM scheduled task 
Closes #42105

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-04 17:19:53 +02:00
Stian Thorgersen
320ea5a9a7
Experimental SPIFFE identity provider (#42314) 
Closes #42313

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-04 14:48:18 +02:00
Martin Kanis
fc3914c439 [RLM] Provide a action to notify users by email based on a configurable time 
Closes #41788

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-03 16:38:41 -03:00
Bagautdino
d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation 
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
 2025-09-03 15:10:56 -03:00
Pedro Igor
4d018406e9 Removing unused imports 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
76e02388ff Moving resetOnevent to base class 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
a4f115b4cc Moving deactivation events to base class 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
b65356f3c8 Refactoring how policies are activated based on user-defined events and conditions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
cee9b6803b Refactoring built-in policies to use conditions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
03cbc11e7e Initial refactoring to make federated identities a condition 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
17a053b2af Add support for generic event-based policies and conditions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00