External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
26,566 Commits 26 Branches 288 Tags
Commit Graph

1099 Commits

Author SHA1 Message Date
github-actions[bot]
ba2566fe5f Set version to 26.0.13 2025-07-15 17:22:26 +00:00
rmartinc
eab83b40d5 Disable email verification when email manually changed by idp review 
Closes #40446

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 86f0a7864f2bdd991d5e24e6844ddabfce0aa6de)
 2025-06-27 16:26:01 +02:00
Alexander Schwartz
20d272304b
Lazily process sessions from ISPN to avoid fetching client sessions 
Closes #39638

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-13 16:54:56 +02:00
rmartinc
154206c5f3 Define a max expiration window for Signed JWT client authentication 
Closes #38576

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit a10c8119d4452b866b90a9019b2cc159919276ca)
 2025-04-03 13:24:12 +02:00
Marek Posolda
f62acdaa42
Password policies like NoUsername should compare in case-insensitive way 
closes #37431

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 2bcd2dbe74ac038c1b56b51b49087a9818541f2a)
 2025-02-18 13:54:01 +00:00
Pedro Igor
1ca1d5e909
Make sure brokers are managed within the scope of the realm model object 
Closes #34356

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-14 09:44:26 +01:00
Martin Kanis
1cd854fe73 Incomplete registration form when edit email is disabled and email is set as username 
Closes #34876

Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit dbd94292560d91eb57d29dd2f9fab0de4bd605df)
 2025-01-13 14:24:10 -03:00
Douglas Palmer
93b2a7327b
EMBARGOED CVE-2024-11734 org.keycloak/keycloak-quarkus-server: Denial of Service in Keycloak Server via Security Headers (#228) 
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-12-13 10:43:31 +01:00
Pedro Igor
c0911aebd7
organizationEnabled attributes are present as attributes in an export 
Closes #35052

Signed-off-by: vramik <vramik@redhat.com>
Co-authored-by: vramik <vramik@redhat.com>
 2024-12-06 13:43:06 +01:00
Ricardo Martin
154e14122f
Check the authentication config exists before returning its reference 
Closes #34888


(cherry picked from commit 8d559d542c1b4f3f030caa1b11c7d8bc9717618b)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-22 12:11:42 +01:00
Jon Koops
4c2ebfbde6
Use short UUID for ldap components 
Closes #32143

(cherry picked from commit ca1c10f7ba923349e7bb1643fb6f78115543c908)

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2024-11-22 12:09:52 +01:00
Pedro Igor
cc64375c88
Allow returning attributes when querying organizations 
Closes #34590

Signed-off-by: Himanshi Gupta <higupta@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Himanshi Gupta <higupta@redhat.com>
 2024-11-22 11:50:28 +01:00
Pedro Igor
5c9f1837d7
Added a representation that includes an organization and user model 
Closes #34013

Signed-off-by: Robert Rieser <Robert.Rieser@degoya.studio>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Robert Rieser <Robert.Rieser@degoya.studio>
 2024-11-12 10:12:51 +01:00
Pedro Igor
80c17f8392 Better message when updating users when import is disabled 
Closes #31456

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-11 22:41:30 +01:00
Gilvan Filho
c5d9edf7b7 add linear strategy to brute force 
closes #25917

Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
 2024-10-28 10:47:02 -03:00
Pedro Igor
225f767d67 Avoid iterating over user policies when removing users 
Closes #19358

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-10-15 17:57:35 +02:00
mposolda
1c4b93daa4 Better logging when error happens during transaction commit 
closes #33275

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 07cf71e818e7feca1a36164c216a225f198d50f0)
 2024-10-08 13:15:41 +02:00
vramik
c1653448f3 [Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link 
Closes #33201

Signed-off-by: vramik <vramik@redhat.com>
 2024-10-02 07:37:48 -03:00
Steven Hawkins
5d99d91818
fix: allows for the detection of a master realm with --import-realms (#32914) 
also moving initial bootstrapping after import

closes: #32689

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2024-09-30 14:40:16 +02:00
Maksim Zvankovich
90dc7c168c Add organization admin crud events 
Closes #31421

Signed-off-by: Maksim Zvankovich <m.zvankovich@rheagroup.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-27 09:09:28 +02:00
Stefan Guilhen
6424708695 Ensure organization id is preserved on export/import 
- Also fixes issues with description, enabled, and custom attributes missing when re-importing the orgs.

Closes #33207

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-25 16:07:44 +02:00
Stian Thorgersen
af5eef57bf
Improve handling for loopback redirect-uri validation (#195) (#33189) 
Closes #33116

Signed-off-by: stianst <stianst@gmail.com>
 2024-09-23 13:51:02 +02:00
Stefan Guilhen
900c496ffe
Remove the kc.org.broker.public attribute and use hideOnLogin in the IDP instead 
Closes #32209

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2024-09-20 16:08:55 +02:00
Michal Hajas
d065be362a
Fix flaky UserSessionPersisterProviderTest 
Closes #32892

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-20 13:24:34 +02:00
Alexander Schwartz
2a95d0abfa
Sort order of updates for user properties (#32853) 
This should reduce deadlocks on the user property table if the users are updated concurrently.

Closes #32852

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-18 12:37:42 +02:00
Stefan Guilhen
5ff9e9147d
Remove unnecessary AbstractConfigPropertySynchronizer class (#33002) 
Closes #33000

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-18 08:58:32 +02:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature 
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-09-13 13:03:13 +02:00
Stian Thorgersen
40049f31fa
Remove ProxyClassLoader and PlatformProvider returning script classloader (#32806) 
Closes #32804

Signed-off-by: stianst <stianst@gmail.com>
 2024-09-11 17:11:26 +02:00
rmartinc
b60621d819 Allow brute force to have http request/response and send emails 
Closes #29542

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-11 08:35:03 +02:00
Thomas Darimont
693a63b532
Handle ClientData parsing errors in SessionCodeChecks gracefully 
- Move ClientData parsing out of SessionCodeChecks ctor
- Respond with a bad request if invalid client data is presented

Closes #32515

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-05 10:50:27 +02:00
Alexander Schwartz
0e1a7c6f8e Add information about token expiry to events 
Closes #28311

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-09-04 14:44:51 +02:00
Alexander Schwartz
4d1e1e0bcb
Show details for error messages where they were missing (#32534) 
Closes #32533

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-09-04 07:23:54 -04:00
Stefan Guilhen
557d7e87b2 Avoid iterating through all mappers when running the config event listeners 
Closes #32233

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 07:40:58 -03:00
Theresa Henze
a1c23fef8c introduce event types to update/remove credentials 
Closes #10114

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
 2024-09-03 18:27:27 +02:00
Stefan Guilhen
88cca10472 Rename IDPSpi to IdentityProviderStorageSpi 
Closes #31639

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-26 15:10:09 -03:00
Vlasta Ramik
d63c0fbd13
Decouple Identity provider mappers from RealmModel (#32251) 
* Decouple Identity provider mappers from RealmModel

Closes #31731

Signed-off-by: vramik <vramik@redhat.com>
 2024-08-22 12:05:19 -03:00
Peter Zaoral
1b5fe5437a
Warnings for temporary admin user and service account (#31387) 
* UI banner, labels and log messages are shown when temporary admin account is used
* added UI tests that check the elements' presence

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2024-08-21 09:30:24 +02:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
mposolda
3d787727f9 Add acr scope to all clients for those migrating from older than Keycloak 18 
closes #31107

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-16 12:17:43 +02:00
Stefan Guilhen
aeb1951aba Replace calls to deprecated RealmModel IDP methods 
- use the new provider instead

Closes #31254

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-15 10:55:36 -03:00
Stian Thorgersen
310824cc2b
Remove legacy cookies 
Closes #16770

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2024-08-15 15:27:38 +02:00
kaustubh-rh
cf8905efe8
Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. (#32067) 
* Stripping secrets for the credential representation

Signed-off-by: kaustubh B <kbawanka@redhat.com>
 2024-08-12 13:47:41 -03:00
Pedro Igor
3ab2446074 Do not return identity providers when querying the realm representation 
Closes #21072

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-07 10:06:51 -03:00
StephanSchrader
4d64092119
Fix persist config values for custom components (#31862) 
Closes #31858

Signed-off-by: Stephan Schrader <stephan.schrader@wallis.de>
Signed-off-by: Stephan Schrader <zstephanz@gmail.com>
Co-authored-by: Stephan Schrader <stephan.schrader@wallis.de>
 2024-08-07 14:40:30 +02:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE 
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2024-08-06 16:14:33 +00:00
Alexander Schwartz
aa91f60278
Caches the id-to-user mapping for the evaluation in the current session (#31794) 
Closes #31519

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-01 10:38:46 +02:00
rmartinc
a6c70d65ee Do not generate secret when client rep do not specifiy public or bearer 
Closes #31444

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-30 18:32:15 +02:00
Pascal Knüppel
94784182df
Implement DPoP for all grantTypes (#29967) 
fixes #30179
fixes #30181


Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-07-29 16:30:54 +02:00
Stefan Guilhen
c16e88bcee Make the IDPProvider via session.identityProviders() 
Closes #31252

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-07-29 16:02:26 +02:00