External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,823 Commits 26 Branches 288 Tags
Commit Graph

5616 Commits

Author SHA1 Message Date
Stefan Guilhen
985ec6d306 Add name uniqueness validation to workflows 
Closes #43914

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

# Conflicts:
#	tests/base/src/test/java/org/keycloak/tests/workflow/WorkflowManagementTest.java
 2025-12-29 10:24:56 -03:00
Robin Meese
0957572751
Add logout event to SessionResource 
Closes #44842

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-12-29 12:25:45 +00:00
Stefan Guilhen
44c492ed97
Add OpenAPI annotations to workflows resources (#45007) 
* feat(openapi): add missing OpenAPI annotations to API methods

Add missing OpenAPI annotations to API methods across the REST services so the generated OpenAPI spec and Swagger UI include the complete API metadata.

Ensures consistent tagging and parameter/response descriptions for admin endpoints.

No behavior change; only adds documentation annotations.

Closes #42695

Signed-off-by: MOUNIAT-1002 <20225680@etud.univ-evry.fr>

* Add missing OpenAPI annotations

Closes #42695

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

---------

Signed-off-by: MOUNIAT-1002 <20225680@etud.univ-evry.fr>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: MOUNIAT-1002 <20225680@etud.univ-evry.fr>
 2025-12-19 13:02:23 -05:00
Stephan Seifermann
aefecade5c
Client cert lookup provider compliant to RFC 9440 (#36161) 
* Client cert lookup provider compliant to RFC 9440 (#20761)

Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com>

* Release notes

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Stephan Seifermann <seiferma@users.noreply.github.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-12-19 12:38:54 +01:00
rmartinc
7be37f1e0d Add webauthn for organization authenticator when org is selected 
Closes #44735

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-19 08:45:10 +01:00
mposolda
ff1274c07a Mandatory claims are not enforced for OID4VCI 
closes #44796

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-18 16:04:13 +01:00
Pedro Igor
f36819e943
Adding join and leave group steps (#44841) 
Closes #44649

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-18 13:07:23 +01:00
Giuseppe Graziano
790fb557db
Limit access Token expiration for jwt authorization grant (#44775) 
Closes #43972


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-18 09:21:29 +01:00
forkimenjeckayang
f5a3086027
Use correct parameter for the getCredentialOfferPreflight method (#44931) 
Closes #44742

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-17 18:41:57 +01:00
Pascal Knüppel
b2778a6792
[OID4VCI] Add mapper for mapping unmanaged attributes (#44828) 
closes #44780


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2025-12-17 18:39:00 +01:00
forkimenjeckayang
ca617d9711
[OID4VCI]: Use Keycloak time utility for OID4VC related timestamps (#44871) 
Closes: #44235


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-17 14:58:01 +01:00
Awambeng Rodrick
3218cd1847 Adjust OID4VC request logging verbosity 
- Downgrade request-level INFO logs in the OID4VC issuer flow to DEBUG and log malformed display metadata as WARN instead of INFO to keep lifecycle logs clean.

Closes #44675

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-12-17 14:08:02 +01:00
Sebastian Łaskawiec
9597537bf3
Additional fields for the Welcome Resource (#44758) 
* Additional fields added to the Welcome Page

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>

* Updated the order of fields

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>

---------

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-12-17 13:11:44 +01:00
Ryan Emerson
9f6b8159ec
Create a LocalCacheProvider SPI (#44950) 
Closes #42223

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-12-17 12:46:05 +01:00
Martin Kanis
012cefb654 The existence of an organization attribute called id is not validated 
Closes #44522

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-12-17 08:05:32 -03:00
Steven Hawkins
148d14816c
fix: allowing settable connection request timeout (#44592) 
also defaulting to 5000

closes: #44500

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-16 16:35:01 +00:00
Steven Hawkins
5bf740e383
fix: preventing raw stacktrace response and error log (#44815) 
closes: #44712

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-16 15:28:29 +01:00
Palpable
94ee6d81fb
[OID4VCI] Realign naming of attribute configuring algorithms for credential (#44765) 
Closes #44621


Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-12-16 14:46:17 +01:00
Stian Thorgersen
5ae60f3513
Fix NPE in JWT authenticators (#44941) 
Closes #44940

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-16 14:41:14 +01:00
Awambeng Rodrick
a1bffa3ddc Add spec-compliant jwt vc issuer well-known endpoint 
- expose /.well-known/jwt-vc-issuer/realms/{realm} and keep legacy route with deprecation headers
- build consumer metadata URL per draft-ietf-oauth-sd-jwt-vc-13 and add realm-path coverage
- add integration test for new path plus deprecation headers on legacy endpoint

Closes #44256

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-12-16 13:46:06 +01:00
forkimenjeckayang
2f7045d7dd
Remove deferred credential endpoint from OID4VC metadata (#44907) 
Closes #44779

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-16 12:50:12 +01:00
Awambeng
af8e905774
refactor(oid4vc): remove notification ID handling and related endpoint (#44844) 
Closes #44802


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-12-12 14:38:01 +01:00
Pedro Igor
84a0324d60 Adding grant and revoke role steps 
Closes #44648

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-12 09:38:39 -03:00
Ruchika Jha
26fe8dc7d8
Added validation for client session timeout post comparing the realm session timeouts 
Closes #41019

Signed-off-by: ruchikajha95 <Ruchika.Jha1@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-11 13:58:04 +01:00
Christian Ja
4e01d85772
Add configurable SMTP timeouts (#43594) 
* Add configurable SMTP timeouts

closes #35836 #14509

Signed-off-by: Christian Janker <christian.janker@gmx.at>

* Allow setting SMTP timeout in realm settings

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-11 11:19:09 +00:00
forkimenjeckayang
be22a4bd62
[OID4VCI] Fix OID4VC wallet interoperability issues (#44682) 
closes #44736


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-10 12:08:01 +01:00
Marek Posolda
f641269ac1
CredentialRequest with credentialIdentifier does not work when creden… (#44794) 
closes #44793


Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-10 12:02:52 +01:00
Martin Kanis
5ee4cb5157
Fix for missing object representation in admin event log when deleting user, group, client (#43620) 
* Fix for missing object representation in admin event log when deleting user, group, client

Closes #33009

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>

* Fix issues and add role representation when deleting a role

Closes #33009

Signed-off-by: Martin Kanis <mkanis@redhat.com>

---------

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: jwozniakowski <wozniakowski@netguardians.ch>
 2025-12-09 12:32:18 +01:00
rmartinc
43c1a169e4 Manage service accounts when updating a client using registration 
Closes #44257

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-09 12:11:11 +01:00
Stefan Guilhen
484980dbbe Add API method to allow activating a workflow for all eligible resources 
Closes #44643

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-08 09:45:45 -03:00
Alexander Schwartz
2f81a2fb76
Updating and ordering the release notes 
Closes #44706

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-08 10:55:33 +01:00
mposolda
3e001a378f Credential offer endpoint has parameter user_id, but expects username 
closes #44642

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-08 10:42:35 +01:00
Marek Posolda
11210743f7
Arquillian tests fails when running from Intellij Idea 
closes #44713

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-06 21:44:11 +01:00
Pedro Igor
985777ebcc
Improvements to the notify step 
Closes #44708

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-05 18:58:03 +01:00
Pascal Knüppel
46e5979b17
[OID4VCI] Handle key_attestation_required in metadata endpoint (#44471) 
fixes #43801


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>
 2025-12-05 16:00:32 +01:00
Steve Hawkins
25186278fc fix: consolidating config logic 
closes: #42000

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-04 14:25:56 -03:00
forkimenjeckayang
3099cc2294
[OID4VCI]: Add UI for OID4VCI Protocol Mapper Configuration (#44390) 
Closes: #43901


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 14:18:37 +01:00
forkimenjeckayang
4dd68c0316
[OID4VCI] Conformance Test Fixes (#44439) 
closes #44659


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 09:03:38 +01:00
Stefan Guilhen
65ab7f541d Add API method that fetches the scheduled workflow steps for a resource 
Closes #43660

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-03 11:09:55 -03:00
Ricardo Martin
f91363d12d
Improve Public Key Management for JWTAuthorizationGrant identity provider 
Closes #44243

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-03 11:45:34 +01:00
mposolda
9c6a6276e4 Polishing of sd-jwt SDK builder related methods 
closes #44532

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-03 11:09:08 +01:00
Martin Bartoš
5828fab258
[admin-api-v2] Incorrect DTO/DAO mapping (#44587) 
* [admin-api-v2] Incorrect DTO/DAO mapping

Closes #44586

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Handle roles and service account operations, cleanup service contract

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-03 09:41:18 +01:00
rmartinc
ae7e7ba084 New Identity Provider condition for client policies 
Closes #44442

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-03 08:50:31 +01:00
Pascal Knüppel
9b870d3d8a
Fix ClassCastException on mixing AddressMapper with ClaimsMapper (#44457) 
closes #44455


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2025-12-01 14:55:44 +01:00
Stefan Guilhen
6653b72f88 Ensure delete step is triggering UserRemovedEvent 
Closes #44398

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:52:40 -03:00
Stefan Guilhen
3e312d91d8 Ensure null values are not serialized when fetching workflows in YAML format 
Closes #44396

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:45:35 -03:00
PavlNekrasov
a92221ba38
Fix NPE when importing SAML EntityDescriptor without SPSSODescriptor (#44431) 
closes #44430


Signed-off-by: PavlNekrasov <95914807+PavlNekrasov@users.noreply.github.com>
 2025-12-01 12:45:35 +01:00
Giuseppe Graziano
2b4855ff97
Executor for checking claims in JWT assertions (#44537) 
Closes #4443


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-01 11:07:42 +01:00
Sebastian Łaskawiec
aa789dd023 Logout confirmation 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-11-28 14:24:32 +01:00
Marek Posolda
38768819e1
Make sure that signature validation possible to configure for OIDC id… (#44516) 
closes #44473


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2025-11-28 08:51:20 +01:00