External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,337 Commits 26 Branches 288 Tags
Commit Graph

29337 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
96cdef8e08 Set version to 26.4.3 26.4.3 2025-11-06 09:56:20 +00:00
Stan Silvert
c877c638e2
Only check required field when i18n dialog is open. 
Fixes #41271
Fixes #41270


(cherry picked from commit 322cbcdd84b304157ea658801b23f20679b01c40)

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-11-05 21:29:25 +01:00
Alexander Schwartz
bb9015a1f2
Avoid touching the database layer if no changes are necessary for a user 
Closes #43682

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-05 14:42:40 +01:00
Martin Kanis
9ebab2f017 Add rate limiter for sending verification emails in context of update email 
Closes #43076

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-04 15:16:29 -03:00
Alexander Schwartz
d8055acb45
hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: KONSTANTINOS GEORGILAKIS <55974447+cgeorgilakis@users.noreply.github.com>
 2025-11-04 14:42:35 -03:00
vramik
2a2f48c0ea Make set creadential label use reset-password scope 
Closes #43460

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 19:53:24 -03:00
Tobi
0564876645 Add new indices on offline_client_session 
Closes #43566
Closes #43516

Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:07:05 -03:00
Martin Bartoš
013835ec53
ExternalLinksTest is broken due to missing path parameters 
Closes #43082

(cherry picked from commit 70a9a600ded0ba9fe04917fef48507bb44e985ec)

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 13:00:41 +01:00
Ricardo Martin
5101031516
Ensure the logout endpoint removes the authentication session 
Closes #43853


(cherry picked from commit 3b3adcf1e4819bf63e08269142459f747c31cb37)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 18:59:58 +01:00
Alexander Schwartz
34b9ede377
Allow only normalized paths in requests (#43869) 
* Allow only normalized paths in requests

Closes #43763

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>

* Remove the trailing slash for base url in the account and admin tests

Closes #43863

Signed-off-by: rmartinc <rmartinc@redhat.com>
# Conflicts:
#	js/apps/account-ui/test/account-security/linked-accounts.spec.ts

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2025-10-31 15:57:40 +01:00
Steven Hawkins
4357fc43c7
fix: simplify debug handling and remove the 0.0.0.0 default 
* fix: simplify debug handling and remove the 0.0.0.0 default

closes: #43160



* Update quarkus/dist/src/main/content/bin/kc.sh




* removing the ability to specify just the ip



* Apply suggestions from code review




---------





(cherry picked from commit 9e98f2bf961f68853cea6fbec58b512ed8be7ca9)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
 2025-10-30 21:20:29 +01:00
Alexander Schwartz
6a4e4abf30
Don't keep an old session to avoid a stable objects and a memory leak 
Closes #43761

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 17:36:41 -03:00
Alexander Schwartz
15fe032e8d
Resolve session leak in DeclarativeUserProfileProvider 
Closes #43785

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 17:36:09 -03:00
Ryan Emerson
7b60e54e62
Document debug log settings required to show applied Infinispan configuration 
Closes #43655

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-10-29 16:01:53 +01:00
Pedro Igor
0b1a17b82d
Migration step to add the reset-password scope to user resource type resources 
Closes #43736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-29 13:30:55 +00:00
Alexander Schwartz
b378499bee
Avoid holding on to the realm in cached configurations 
Closes #43744

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 08:01:18 -03:00
Ricardo Martin
89dd6127c3
Check offline scope is still assigned when performing a refresh 
Closes #43734


(cherry picked from commit e0c1f2ee0fd14ba76338d9c2c213d45d0e857450)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-29 08:33:23 +00:00
Steven Hawkins
a2c2b7e08f
fix: forcing the namespace for the servicemonitor check 
closes: #43774


(cherry picked from commit d9e3f55b69264e45467a752803f0f0665c123607)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-28 17:54:12 +00:00
Alexander Schwartz
781d458b50
Role mapper should check if an update is needed for the role 
Closes #43698

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 14:53:16 -03:00
Alexander Schwartz
8b253f9e12
Cleaning up threadlocals to prevent (small) memory leak 
Closes #43759

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 13:10:37 -03:00
Ricardo Martin
29eacdd9d3
Only add the none verifier when attestation conveyance preference is none 
Closes #43723


(cherry picked from commit 1bd9a3f4733f80f30111a5e2bad973b85530dc16)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-28 14:09:09 +00:00
Marco N.
334f403653
Add authorization checks for workflows 
Require the "manage-realm" role to perform any operation on a workflow

Closes #43509

Signed-off-by: Marco Neuhaus <m.neuhaus@smf.de>
 2025-10-27 17:46:25 +01:00
Pedro Igor
0407446206
Prevent the username field from being rendered when running the identity-first login flow 
Closes #43091

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-26 18:45:49 +01:00
Pedro Igor
abd5cd292f
Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-26 17:37:44 +01:00
rmartinc
d415cc1385 DPoP replay check should take clockSkew into account 
Closes #43505

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 62f68b2f197e00a7ae5532984c08a42164184301)
 2025-10-24 09:30:28 +02:00
Pedro Igor
59b20d1d63
Allow managing realm admin roles if the the realm-admin role is granted 
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2025-10-23 21:53:17 +02:00
Stian Thorgersen
84fd00c9f7
SPIFFE should support OIDC JWK endpoint (#43651) (#43656) 
Closes #43650


(cherry picked from commit f6ac64907d300025c70bbb0ab42a6cacb2730e51)

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-23 08:08:31 +02:00
Alexander Schwartz
4ad4ce5d58 Adding this as a breaking change plus deprecation 
Closes #43022

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 14:55:31 -03:00
Ronaldo Paulino Jiconda
489d10157a Fix OIDC IDP broker basic auth encoding 
Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters.

Closes #26374
Closes #43022

Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2025-10-21 14:55:31 -03:00
Martin Kanis
a321c2c91f Make pending email verification attribute removable by admin 
Closes #43351

Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 986fdd7341a0f42a59f5eec1bd6c3d5a715f2893)
 2025-10-21 08:50:07 -03:00
Alexander Schwartz
7c50d94f14
Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 08:16:40 -03:00
Martin Kanis
add43bd394
Final review and update for UPDATE_EMAIL documentation 
Closes #42991


(cherry picked from commit 3f70da04f6a9511831e1fe2fd2de304e7e411f60)

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-10-21 12:45:29 +02:00
Steven Hawkins
c0ba2599b1
fix: noting db support level changes (#43549) (#43608) 
closes: #43191


(cherry picked from commit 736d4920d70e54b71f293f3b681fbdf51d3cc373)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-21 11:45:06 +02:00
Steven Hawkins
bcc73bc98b
fix: allow for --optimized to receive signals (#43580) (#43610) 
* fix: allowing --optimized to terminate gracefully

closes: #43561



* Update quarkus/dist/src/main/content/bin/kc.sh




---------




(cherry picked from commit 3b7f364b4fa1b3265b89924f666886654cbd933d)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-20 13:47:15 -04:00
Stan Silvert
3419734bf5
Handle options component with no value set. (#43548) 
Fixes #43244


(cherry picked from commit afd4d04dcf69c96e92a77a032e2ab8fbcaa705e8)

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-10-20 08:06:49 -04:00
mposolda
c318afb5c5 Possible overflow in brute force computation 
closes #30939

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit a2cc51aed7692ec09c619f2a6f4ecc7055beb9e1)
 2025-10-16 17:11:36 +02:00
Giuseppe Graziano
e5e4e804f3
Update changes.adoc to include changes-26_4_1.adoc 
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-16 10:49:46 +02:00
Giuseppe Graziano
a340941007
Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328


(cherry picked from commit bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b)

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-15 19:08:05 +00:00
vramik
89c960cd4e Fix scope interference 
Closes #40965

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-15 14:32:46 -03:00
Steven Hawkins
f860491397
fix: refining activation condition error handling 
closes: #43096


(cherry picked from commit 43ee41e8a82fc7f326cc74df462fe44a5f95de61)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-15 13:31:20 +00:00
Pedro Ruivo
bb91dbf7ee
Client session may be lost during session restart 
Fixes #43349

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-15 15:20:45 +02:00
Alexander Schwartz
7f17393b52
Use quoted values for boolean and number values in Operator examples 
Closes #43459

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 13:28:28 -04:00
Steven Hawkins
329b22ad35
fix: refining https-protocols documentation (#43420) (#43462) 
closes: #43164
(cherry picked from commit 700b86fad85c17d90cc133013e5704e760f30686)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-14 17:08:26 +00:00
Stian Thorgersen
464f635dc4
Fix SPIFFE client authentication when iss claim is included 
Closes #43394

(cherry picked from commit 5c5905fed3eb3285a8183259035b8c71b26e2135)

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-14 15:43:05 +00:00
Alexander Schwartz
4c1a1dee48
JDBC_PING publishes its physical address on startup 
Closes #43357

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 09:59:57 +01:00
mposolda
272d2fc66d Minor UI fixes on 'Keys' tab of SAML client 
closes #43304

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit a77c4a6ad2ddb820f2ae9fa57c72924973d5bf99)
 2025-10-13 17:35:42 +02:00
Alexander Schwartz
fbf98c7834
Rework formatting for release notes 
Closes #43320

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-10 07:42:36 -03:00
Alexander Schwartz
2d829e3db1
Adding attributes for section links so they work in upstream and downstream 
Closes #43286

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-10 07:42:20 -03:00
Alexander Schwartz
7ef8f5ec1d
Prevent using JTA transaction when initializing JDBC_PING 
Closes #43335

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-10 09:42:46 +00:00
Marek Posolda
7f5da7f1c2
openid-connect flow is missing response type on language change 
closes #41292


(cherry picked from commit 76d271bf00847370a4ef39b2c46b74212a3ce7bd)

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 10:46:18 +02:00