External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,629 Commits 26 Branches 288 Tags
Commit Graph

7685 Commits

Author SHA1 Message Date
Pedro Ruivo
13ef89664c
More accurate user session expiration logic 
Closes #44204

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-19 21:06:17 +01:00
mposolda
68cfb8d720 Fix flaky test ClientAuthSignedJWTTest.testClientWithGeneratedKeysJKS 
closes #43713

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-18 11:52:01 +01:00
rmartinc
f0f776e5c8 Fix for WebAuthnSigningInTest WebAuthn test 
Closes #43477

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-18 11:02:13 +01:00
Marek Posolda
a4c583246d
Use the unified constants class for sd-jwt/oid4vc standard data and claims (#44153) 
closes #44152

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-18 10:41:04 +01:00
Pedro Ruivo
7dc7c81b25
Fix UserSessionProviderOfflineModelTest#testLoadUserSessionsWithNotDeletedOfflineClientSessions 
Fixes #43886

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-14 20:46:02 +01:00
Pedro Igor
d4f9a09236 Fixing encoding of forwarded parameters 
Closes #44125

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-14 15:46:09 -03:00
Pedro Ruivo
70e1dba2c3
Create remember_me column for user sessions 
Closes #44112

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-14 14:41:04 +01:00
Stian Thorgersen
a2c1055f8d
Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
Pedro Igor
b46b0321d6
Skip FGAP when evaluating permissions for regular clients 
Closes #40712

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-13 22:16:09 +01:00
Pedro Ruivo
0876ca9aa1
Use batches to expire entries from Database 
Closes #44067

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-13 15:13:15 +00:00
stianst
8dce1eff15 Migrate keys package to new test framework 
Closes #44118

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-13 10:19:53 -03:00
vramik
748b58bf64 Remove creation of default policy, resource and permission upon enabling authorization for a client 
Closes #43867

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-13 09:14:56 -03:00
Pedro Igor
9d728dd686 Missing message properties when rendering pages for organization invites 
Closes #44113

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-12 15:56:39 -03:00
Martin Kanis
a7c02076a1 UPDATE_EMAIL action invalidates old email 
Closes #43738

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-12 11:32:36 -03:00
Awambeng
c0be5c42b9
[OID4VCI]: Add backward compatibility for Draft 15 wallets (single proof support) (#43951) 
Closes #43926

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-11-12 14:30:33 +01:00
forkimenjeckayang
a05ed3154c
[OID4VCI] Relax CORS policy on credential offer endpoint (#43182) 
Closes #43183


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Co-authored-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-11-12 14:25:20 +01:00
Ricardo Martin
de49500393
Client policy to enforce only downscoping in Token Exchange (#44030) 
Closes #43931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 08:48:42 +01:00
rmartinc
fb13aa5039 Use http for the DockerClientTest to avoid certificate issues 
Closes #44117

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-11 17:48:44 +01:00
Pedro Ruivo
39964befef
Sessions not removed when user is deleted 
Fixes #43323

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-11 14:09:05 +01:00
Martin Kanis
c28cde359c Local user can't login when ldap error 
Closes #43639

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-11 08:48:26 -03:00
Ingrid Kamga
ce05241c7f
[OID4VCI] Tolerate clock skew in SD-JWT time checks (#43506) 
Closes #43456

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-11-11 09:02:44 +01:00
vramik
302fa3db08 Make LDAPProvidersIntegrationTest import a test realm after each test 
Closes #43754

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-10 10:19:25 -03:00
Stian Thorgersen
d8275fe5df
Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Pedro Ruivo
18eeef7b26
Create user session expired event 
Closes #43942

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-07 22:36:47 +00:00
Pedro Ruivo
80895d7fb4
AUTH_SESSION_ID cookie has the incorrect route 
Fixes #43933

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-07 21:32:45 +00:00
Lukas Hanusovsky
768cea1b82
Add FIPS suite to the new tests (#43431) 
* Add FIPS test suite to the new tests

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Tweaks to FIPS suite in new test

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
 2025-11-06 14:08:19 +01:00
Stian Thorgersen
b278dbbb3d
Allow identity provider configuration without defaults for user authentication (#43963) 
Closes #43552

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 10:13:40 -03:00
Alexander Schwartz
3ef8c565f3
Avoid touching the database layer if no changes are necessary for a user 
Closes #43682

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-05 06:44:48 -03:00
fengyuchuanshen
e321f5ab23
chore: remove repetitive words in comments (#43944) 
Signed-off-by: fengyuchuanshen <fengyuchuanshen@outlook.com>
 2025-11-04 17:55:22 +00:00
Martin Kanis
8e71657576 Add rate limiter for sending verification emails in context of update email 
Closes #43076

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-04 12:16:12 -03:00
Martin Bartoš
d5763b9c0b
Migrate the OTelProvider test to the new framework 
Closes #43858

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-04 12:53:47 +01:00
Thomas Diesler
131e2357a9 Cannot issue vc of type oid4vc_natural_person 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-04 10:46:44 +01:00
KONSTANTINOS GEORGILAKIS
1c0d4616a5
hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:26:12 +00:00
Lukas Hanusovsky
2ddde05afb
Moving UserFederationLdapConnectionTest to federation/ldap package (#43852) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-11-03 15:39:40 +01:00
Stian Thorgersen
1048c8d9c9
Filter out non-user authentication IdPs from account and login (#43798) 
Closes #43553

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-31 12:40:04 +01:00
forkimenjeckayang
f27982aeb7
[OID4VCI] Ensure authorization_details from PAR requests are properly returned in token responses (#43215) 
Closes #43214


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Co-authored-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-10-31 11:39:38 +01:00
Ingrid Kamga
ea06651da5
[OID4VCI] Ensure openid_credential is one of authorization_details_types_supported on the Authorization Server metadata (#43599) 
Closes #43398

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-10-31 11:32:24 +01:00
rmartinc
3b3adcf1e4 Ensure the logout endpoint removes the authentication session 
Closes #43853

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 10:59:25 +01:00
Martin Bartoš
12d9ec048b
[quarkus-next] Removed exception escaped OTel attribute (#43848) 
Closes #43845

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-31 08:52:07 +01:00
Pedro Ruivo
24f67d0c04
Always validate cookie signature 
Closes #43851

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-30 22:18:13 +00:00
Pedro Ruivo
e40c5de050
Session cache affinity 
Closes #42776

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 21:01:09 +00:00
Pedro Ruivo
6317c02a27
Refactor AuthenticationSessionManager 
Closes #43825

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 12:26:07 +01:00
Tomáš Kyjovský
4c64b7189c
Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
Marek Posolda
2fc5419676
Avoid using UserCredentialManager from user storage extensions (#43695) 
closes #43694

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-29 16:26:59 +01:00
Ricardo Martin
e0c1f2ee0f
Check offline scope is still assigned when performing a refresh 
Closes #43734

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-28 16:42:34 +01:00
Pedro Igor
42edee22d9
Email should be set when email as username is enabled and email is read-only 
Closes #43718

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-28 14:44:57 +01:00
rmartinc
1bd9a3f473 Only add the none verifier when attestation conveyance preference is none 
Closes #43723

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-28 05:30:24 -03:00
Pedro Igor
53142d8f92
Fixing flaky test KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP 
Closes #42601

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-27 17:28:28 +01:00
Pedro Igor
e4d4570404
Prevent the username field from being rendered when running the identity-first login flow 
Closes #43091

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:57 +02:00
Pedro Igor
6527b139dc
Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:33 +02:00