External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,783 Commits 26 Branches 288 Tags
Commit Graph

5603 Commits

Author SHA1 Message Date
Ryan Emerson
9f6b8159ec
Create a LocalCacheProvider SPI (#44950) 
Closes #42223

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-12-17 12:46:05 +01:00
Martin Kanis
012cefb654 The existence of an organization attribute called id is not validated 
Closes #44522

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-12-17 08:05:32 -03:00
Steven Hawkins
148d14816c
fix: allowing settable connection request timeout (#44592) 
also defaulting to 5000

closes: #44500

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-16 16:35:01 +00:00
Steven Hawkins
5bf740e383
fix: preventing raw stacktrace response and error log (#44815) 
closes: #44712

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-16 15:28:29 +01:00
Palpable
94ee6d81fb
[OID4VCI] Realign naming of attribute configuring algorithms for credential (#44765) 
Closes #44621


Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-12-16 14:46:17 +01:00
Stian Thorgersen
5ae60f3513
Fix NPE in JWT authenticators (#44941) 
Closes #44940

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-16 14:41:14 +01:00
Awambeng Rodrick
a1bffa3ddc Add spec-compliant jwt vc issuer well-known endpoint 
- expose /.well-known/jwt-vc-issuer/realms/{realm} and keep legacy route with deprecation headers
- build consumer metadata URL per draft-ietf-oauth-sd-jwt-vc-13 and add realm-path coverage
- add integration test for new path plus deprecation headers on legacy endpoint

Closes #44256

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-12-16 13:46:06 +01:00
forkimenjeckayang
2f7045d7dd
Remove deferred credential endpoint from OID4VC metadata (#44907) 
Closes #44779

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-16 12:50:12 +01:00
Awambeng
af8e905774
refactor(oid4vc): remove notification ID handling and related endpoint (#44844) 
Closes #44802


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-12-12 14:38:01 +01:00
Pedro Igor
84a0324d60 Adding grant and revoke role steps 
Closes #44648

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-12 09:38:39 -03:00
Ruchika Jha
26fe8dc7d8
Added validation for client session timeout post comparing the realm session timeouts 
Closes #41019

Signed-off-by: ruchikajha95 <Ruchika.Jha1@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-11 13:58:04 +01:00
Christian Ja
4e01d85772
Add configurable SMTP timeouts (#43594) 
* Add configurable SMTP timeouts

closes #35836 #14509

Signed-off-by: Christian Janker <christian.janker@gmx.at>

* Allow setting SMTP timeout in realm settings

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-11 11:19:09 +00:00
forkimenjeckayang
be22a4bd62
[OID4VCI] Fix OID4VC wallet interoperability issues (#44682) 
closes #44736


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-10 12:08:01 +01:00
Marek Posolda
f641269ac1
CredentialRequest with credentialIdentifier does not work when creden… (#44794) 
closes #44793


Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-10 12:02:52 +01:00
Martin Kanis
5ee4cb5157
Fix for missing object representation in admin event log when deleting user, group, client (#43620) 
* Fix for missing object representation in admin event log when deleting user, group, client

Closes #33009

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>

* Fix issues and add role representation when deleting a role

Closes #33009

Signed-off-by: Martin Kanis <mkanis@redhat.com>

---------

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: jwozniakowski <wozniakowski@netguardians.ch>
 2025-12-09 12:32:18 +01:00
rmartinc
43c1a169e4 Manage service accounts when updating a client using registration 
Closes #44257

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-09 12:11:11 +01:00
Stefan Guilhen
484980dbbe Add API method to allow activating a workflow for all eligible resources 
Closes #44643

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-08 09:45:45 -03:00
Alexander Schwartz
2f81a2fb76
Updating and ordering the release notes 
Closes #44706

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-08 10:55:33 +01:00
mposolda
3e001a378f Credential offer endpoint has parameter user_id, but expects username 
closes #44642

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-08 10:42:35 +01:00
Marek Posolda
11210743f7
Arquillian tests fails when running from Intellij Idea 
closes #44713

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-06 21:44:11 +01:00
Pedro Igor
985777ebcc
Improvements to the notify step 
Closes #44708

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-05 18:58:03 +01:00
Pascal Knüppel
46e5979b17
[OID4VCI] Handle key_attestation_required in metadata endpoint (#44471) 
fixes #43801


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>
 2025-12-05 16:00:32 +01:00
Steve Hawkins
25186278fc fix: consolidating config logic 
closes: #42000

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-04 14:25:56 -03:00
forkimenjeckayang
3099cc2294
[OID4VCI]: Add UI for OID4VCI Protocol Mapper Configuration (#44390) 
Closes: #43901


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 14:18:37 +01:00
forkimenjeckayang
4dd68c0316
[OID4VCI] Conformance Test Fixes (#44439) 
closes #44659


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 09:03:38 +01:00
Stefan Guilhen
65ab7f541d Add API method that fetches the scheduled workflow steps for a resource 
Closes #43660

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-03 11:09:55 -03:00
Ricardo Martin
f91363d12d
Improve Public Key Management for JWTAuthorizationGrant identity provider 
Closes #44243

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-03 11:45:34 +01:00
mposolda
9c6a6276e4 Polishing of sd-jwt SDK builder related methods 
closes #44532

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-03 11:09:08 +01:00
Martin Bartoš
5828fab258
[admin-api-v2] Incorrect DTO/DAO mapping (#44587) 
* [admin-api-v2] Incorrect DTO/DAO mapping

Closes #44586

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Handle roles and service account operations, cleanup service contract

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-03 09:41:18 +01:00
rmartinc
ae7e7ba084 New Identity Provider condition for client policies 
Closes #44442

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-03 08:50:31 +01:00
Pascal Knüppel
9b870d3d8a
Fix ClassCastException on mixing AddressMapper with ClaimsMapper (#44457) 
closes #44455


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2025-12-01 14:55:44 +01:00
Stefan Guilhen
6653b72f88 Ensure delete step is triggering UserRemovedEvent 
Closes #44398

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:52:40 -03:00
Stefan Guilhen
3e312d91d8 Ensure null values are not serialized when fetching workflows in YAML format 
Closes #44396

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:45:35 -03:00
PavlNekrasov
a92221ba38
Fix NPE when importing SAML EntityDescriptor without SPSSODescriptor (#44431) 
closes #44430


Signed-off-by: PavlNekrasov <95914807+PavlNekrasov@users.noreply.github.com>
 2025-12-01 12:45:35 +01:00
Giuseppe Graziano
2b4855ff97
Executor for checking claims in JWT assertions (#44537) 
Closes #4443


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-01 11:07:42 +01:00
Sebastian Łaskawiec
aa789dd023 Logout confirmation 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-11-28 14:24:32 +01:00
Marek Posolda
38768819e1
Make sure that signature validation possible to configure for OIDC id… (#44516) 
closes #44473


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2025-11-28 08:51:20 +01:00
Thomas Diesler
54bf9206b2
[OID4VCI] Credential Offer must be created by Issuer not Holder (#44255) 
closes #44116


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-27 16:07:10 +01:00
Alexander Schwartz
f3cd38219a
Use central method to create a DocumentBuilder for SAML 
Closes #44486

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-27 11:11:49 +01:00
Alexis Rico
b0b38176f0
Manage Organization Invites 
Closes #38809

Signed-off-by: Alexis Rico <sferadev@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-27 10:28:52 +01:00
resah
0b3d928ae2
fix: handle localized date formatting in message format 
Closes #44377

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
 2025-11-27 10:05:49 +01:00
Pedro Igor
96aea99d6c
Make sure LDAP sync runs in a single cluster node and respecting the configured period 
Closes #43752

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-27 08:08:20 +01:00
mposolda
cbb823bc0e Make sd-jwt key binding verification work with EdDSA keys 
closes #44369

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-26 14:44:29 +01:00
rmartinc
d0e4d1f620 Better events for jwt-bearer and check all details in the tests 
CLoses #44137

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-26 12:09:51 +01:00
Stian Thorgersen
2acfd41b19
Stop looking up client in ClientAssertionState to prevent lookup by clientId in federated client authentication (#44448) 
Closes #44447

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-26 06:31:05 +01:00
Giuseppe Graziano
b323fea8bc Always allow to setup JWKS URL in oidc idp 
Closes #44217

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-25 17:09:13 +01:00
dawg
d5a507e90d
fix #43819 - partial import fails to overwrite existing groups (#43924) 
* fix #43819 - partial import fails to overwrite existing groups

- when removal is delayed until insertion of the newly imported group
  this causes a duplicate key constrain violation (`Key (realm_id, parent_group, name)`)
- fixed by flushing group removals

Signed-off-by: Martin Nowak <code@dawg.eu>

* adding a test and using a general fix

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	services/src/main/java/org/keycloak/partialimport/PartialImportManager.java

---------

Signed-off-by: Martin Nowak <code@dawg.eu>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-25 16:17:51 +01:00
Thomas Diesler
39264edf3f [OID4VCI] Fix deprecated realm-scoped well-known endpoint access 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-25 12:19:17 +01:00
rmartinc
5ab371f1ff Use PrivateKey directly when decrypting SAML 
Closes #44289

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-25 09:11:05 +01:00
rmartinc
ca205272ba Initial integration of the JWT Authorization Grant in client Policies 
Using the downscope executor for testing
Closes #44201

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-24 19:37:07 +01:00