External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
28,755 Commits 26 Branches 288 Tags
Commit Graph

67 Commits

Author SHA1 Message Date
Björn Eickvonder
c7cc162f6b
Support for RSA Key Size of 3072 
Closes #41551

Signed-off-by: Bjoern Eickvonder <bjoern.eickvonder@inform-software.com>
 2025-07-31 13:30:33 +02:00
Rutger Lubbers
5219101aec Configure Argon2's type correctly in Argon2PasswordHashProviderFactory 
Closes #40232

Signed-off-by: Rutger Lubbers <RutgerLubbers@gmail.com>
 2025-06-04 14:13:34 +02:00
Rutger Lubbers
e15ab7d9f9
Update documentation for Argon2 hash-key length to use the correct property 
Closes #40195

Signed-off-by: Rutger Lubbers <RutgerLubbers@gmail.com>
 2025-06-04 08:03:33 +02:00
Michal Hajas
3839f8e3b5
Add metric for password validations (#36049) 
Closes #36048
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-07 10:05:47 +01:00
Martin Bartoš
959ce9c483 Provide Tracing SPI 
Closes #34711

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2024-11-28 10:45:31 +01:00
Thomas Darimont
f61937f3d9
Prefer usage of StandardCharsets.UTF_8 over "UTF-8" charset reference 
Fixes #35080

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-25 10:45:37 +00:00
rmartinc
b0b247f1f1 Passivate imported keys if the associate certificate is expired 
Closes #34973

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-25 09:40:59 +01:00
Awambeng
cfd187b0ff
Introduce SdJwtFacade layer for simplified SD-JWT handling and enhance test coverage (#34915) 
Closes #32955

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2024-11-15 15:20:10 +01:00
Ingrid Kamga
c4d6979907
Scaffold verification of SD-JWT VP token (#29859) (#33752) 
Closes #29859

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-10-25 14:49:25 +02:00
rmartinc
6d52520730 Load client keys using SubjectPublicKeyInfo and upload jwks type into the jwks attributes for OIDC ones 
Closes #33820

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-22 14:24:15 +02:00
mposolda
b95d12a968 Add AuthzClientCryptoProvider to authz-client in keycloak main repository 
closes #33831

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-15 08:16:14 +02:00
mposolda
dad4477995 Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17 
closes #32586

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-03 15:58:57 +02:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Pascal Knüppel
bf951a5554
Fix certificate creation with cross-keys (#31866) 
fixes #31864

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-08-07 12:41:12 +02:00
Ingrid Kamga
36a141007e
Implement advanced verification of SD-JWT in Keycloak (#30966) 
closes #30907

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-08-05 11:50:03 +02:00
Pascal Knüppel
4a15e1c2b0
Support certificate creation for EC keys (#31817) 
fixes #31816

Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-08-02 11:52:48 +02:00
rmartinc
096e335a92 Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider 
Closes #30880
Closes #29755

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-11 12:40:45 +02:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5 
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2 Issue: 26568 - bcfips version bump and fixes 
* bump BCFIPS to 1.0.2.5
               * fix bc-fips related test error
               * remove unused imports

               Closes: #26568

Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
 2024-06-25 11:07:27 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support (#28518) 
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-06-03 14:17:28 +02:00
Francis Pouatcha
2683c0a7d1
JWSBuilder when used directly with AsymmetricSignatureSignerContext produces non compliant ECDSA signed JWT (#29333) 
closes #29309 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-05-27 13:45:42 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests 
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-13 16:33:29 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
Justin Tay
d807093f63 Fix OCSP nonce handling 
Closes #26439

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-18 09:04:46 +02:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available 
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-15 15:05:09 +02:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
coursar
4a357223b3 Harmonize behaviour of different CertificateUtilsProvider implementations 
Signed-off-by: coursar <coursar@gmail.com>
 2024-02-28 11:12:41 +01:00
coursar
3b721512c4
x509Certificate AuthorityKeyIdentifierExtension (#27272) 
closes #27271 

Signed-off-by: coursar <coursar@gmail.com>
 2024-02-27 15:59:51 +01:00
Stefan Wiedemann
aa6b102e3d
Support EC Key-Imports for the JavaKeystoreKeyProvider #26936 (#27030) 
closes #26936

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-02-19 17:41:40 +01:00
Steven Hawkins
37acb2fd09
task: upgrading to quarkus 3.7.0.CR1 (#26203) 
there are several downgrades from the quarkus versions, and some
additional logic needed to handle changes with re-creating the
configuration

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-01-31 18:23:07 +00:00
David Anderson
ceea11d044
Fix various bugs and issues in crypto/elytron (#23102) 
closes #23173
 2023-10-03 09:42:57 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests 
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
 2023-08-01 11:44:25 +02:00
Václav Muzikář
776bcbcbd4
Update bcpkix and bcprov dependencies (#21543) 
Closes #21360
 2023-07-20 11:57:18 +02:00
mposolda
0ea2891eee Remove support for OpenJDK 11 on the server side 
closes #15014
 2023-07-03 13:12:22 -03:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts 
Closes #17359
 2023-04-16 17:41:22 +02:00
Yoann GUION
ba66fe84fa
iterate any attribute in multi-valued RDN to find the correct one (#14283) 
Closes #14280
 2023-03-23 11:51:01 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334) 
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2023-03-03 11:11:44 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode 
Closes #17119
 2023-02-16 08:00:21 -03:00
rmartinc
fbc9177f27 Doublecheck if we need to override properties in java.security 
Closes https://github.com/keycloak/keycloak/issues/16702
 2023-02-15 12:33:48 +01:00
Pedro Igor
2059ffb219 Make sure the distribution is using FIPS providers 
Closes #12428
 2023-02-10 17:26:55 +01:00
Pedro Igor
d97b9c48c4
Make sure PBKDF2 providers are using the expect size for derived keys (#16798) 
Closes #16797
 2023-02-03 15:31:25 +01:00
Marek Posolda
33ff9ef17e
Fix remaining failing tests with BCFIPS approved mode (#16699) 
* Fix remaining failing tests with BCFIPS approved mode
Closes #16698
 2023-01-30 16:01:57 +01:00
mposolda
7f017f540e BCFIPS approved mode: Some tests failing due the short secret for client-secret-jwt client authentication 
Closes #16678
 2023-01-30 08:40:46 +01:00
mposolda
16888eaeab Only available RSA key sizes should be shown in admin console 
Closes #16437
 2023-01-25 13:15:07 +01:00
mposolda
29888dbf1a Update realm keys in the testsuite to be generated where possible. Update other keys to be FIPS compliant 
Closes #12420
 2023-01-25 08:26:15 +01:00
mposolda
36bd76957d Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL 
Closes #15721
 2022-12-20 21:03:55 +01:00
mposolda
264c5a6cdb Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms 
Closes #14968
 2022-12-06 13:02:46 +01:00
mposolda
3e9c729f9e X.509 authentication fixes for FIPS 
Closes #14967
 2022-11-25 11:50:30 +01:00