keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30

Author	SHA1	Message	Date
rmartinc	ca205272ba	Initial integration of the JWT Authorization Grant in client Policies Using the downscope executor for testing Closes #44201 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-24 19:37:07 +01:00
Awambeng	8406cf34fb	[OID4VCI]: Realm-Configurable Time-Claim Normalization (Randomize/Round) to Mitigate Correlation (#43834 ) Closes #43399 Signed-off-by: Awambeng <awambengrodrick@gmail.com>	2025-11-24 11:07:07 +01:00
Pascal Knüppel	64d5e1a3d5	[OID4VCI] Redesign SDJwt API and handle keybinding JWT (#44227 ) closes #42091 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2025-11-24 11:01:19 +01:00
Stian Thorgersen	2a78bc67d7	Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325 ) Closes #44253 Closes #42987 Closes #44063 Signed-off-by: stianst <stianst@gmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-11-22 12:53:22 +01:00
Giuseppe Graziano	3e8b2f8ab7	New JWT Authorization Grant Identity provider (#44176 ) Closes #43570 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-19 09:18:23 +01:00
Marek Posolda	a4c583246d	Use the unified constants class for sd-jwt/oid4vc standard data and claims (#44153 ) closes #44152 Signed-off-by: mposolda <mposolda@gmail.com>	2025-11-18 10:41:04 +01:00
Pedro Igor	d4f9a09236	Fixing encoding of forwarded parameters Closes #44125 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-14 15:46:09 -03:00
jhgojbis	fd99aa6244	Bug fix double-encoding for query parameter acr_values Related bug fix in Keycloak version 26.4 space with mutiple values results in → "+" → "%2B" Reported bug: https://github.com/keycloak/keycloak/issues/44125 Signed-off-by: jhgojbis <gh_wipe@hotmail.com>	2025-11-14 15:46:09 -03:00
Stefan Guilhen	3319e8d9b5	Add optional parameter in WorkflowResource.toRepresentation to allow retrieval of the rep without the ids Closes #44183 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-11-14 12:20:40 -03:00
Giuseppe Graziano	bcf6df545b	Fix npe in ConditionalUserConfiguredAuthenticator Closes #44156 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-14 10:09:30 +01:00
Stian Thorgersen	a2c1055f8d	Proposed import order (#43432 ) * Add importOrder to Spotless Closes #43235 Signed-off-by: stianst <stianst@gmail.com> * Re-order imports with Spotless Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: stianst <stianst@gmail.com>	2025-11-14 09:34:49 +01:00
Hamza Hathoute	8fb8fd5346	fix: add flag to delete-step to control user removal from federation provider Closes #43538 Signed-off-by: Hathoute <whitesmith.thedj@gmail.com>	2025-11-13 22:32:11 +00:00
Pedro Igor	b46b0321d6	Skip FGAP when evaluating permissions for regular clients Closes #40712 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-13 22:16:09 +01:00
Vlasta Ramik	d2697232b9	Rename `bind` endpoint to `activate` Closes #44155 Signed-off-by: vramik <vramik@redhat.com>	2025-11-13 22:15:33 +01:00
Chance Coleman	b2317dabdc	Add configurable HTTP retry mechanism for OCSP validation (#42535 ) Closes #42401 Signed-off-by: UnicornChance <chance@defenseunicorns.com> Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>	2025-11-13 13:21:13 +01:00
vramik	748b58bf64	Remove creation of default policy, resource and permission upon enabling authorization for a client Closes #43867 Signed-off-by: vramik <vramik@redhat.com>	2025-11-13 09:14:56 -03:00
Sebastian Łaskawiec	3288f83dc9	Adding an integration test with Minikube for Kubernetes Service Account Federated Authenticator Closes #42983 Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-13 08:52:46 +01:00
Stefan Guilhen	da7993896d	Allow ISO-8601 compatible format for the after field in workflow steps - aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations Closes #42913 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-11-12 18:51:49 -03:00
Stefan Guilhen	7acf2ceccb	Add pagination and search by name capabilities to WorkflowsResource Closes #44164 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-11-12 17:18:11 -03:00
vramik	84a679224b	Add operation to deactivate a workflow execution for a resource Closes #42124 Signed-off-by: vramik <vramik@redhat.com>	2025-11-12 17:02:17 -03:00
Pedro Igor	9d728dd686	Missing message properties when rendering pages for organization invites Closes #44113 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-12 15:56:39 -03:00
Martin Kanis	a7c02076a1	UPDATE_EMAIL action invalidates old email Closes #43738 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-11-12 11:32:36 -03:00
Steven Hawkins	63fc0eec28	task: use client v1 logic for v2 impl (#43982 ) * task: use client v1 logic for v2 impl closes: #43733 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * removing the provider module Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-11-12 15:08:27 +01:00
Awambeng	c0be5c42b9	[OID4VCI]: Add backward compatibility for Draft 15 wallets (single proof support) (#43951 ) Closes #43926 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-11-12 14:30:33 +01:00
forkimenjeckayang	a05ed3154c	[OID4VCI] Relax CORS policy on credential offer endpoint (#43182 ) Closes #43183 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com> Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> Co-authored-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-11-12 14:25:20 +01:00
rmartinc	c8c110a049	Use normal scope parameter checking for the JWT Authorization grant Closes #43646 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-12 14:09:00 +01:00
Ricardo Martin	de49500393	Client policy to enforce only downscoping in Token Exchange (#44030 ) Closes #43931 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-12 08:48:42 +01:00
Felix Herbst	f9fd9bce9e	MessageFormatterMethod should detect and map SimpleNumber Closes #43993 Fixes: java.lang.IllegalArgumentException: Cannot format given Object as a Number freemarker.template.SimpleNumber was added as is, expected was freemarker.template.Number from java.text.NumberFormat::format Signed-off-by: Felix Herbst <ofherbst@googlemail.com>	2025-11-11 13:21:25 +01:00
Pedro Igor	c23d2af65c	The admin roles manage-authorization and view-authorization should have precedence over manage-client when managing authorization settings Closes #43883 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-10 16:10:48 +01:00
Giuseppe Graziano	c0e34fa45f	Additional configuration and validation for jwt assertion grant (#44014 ) Closes #43873 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-10 14:34:06 +01:00
Vojtěch Boček	cd4543456e	fix: do not re-neable AuthorizationService if it is already enabled The enable action needs the realm-wide "modify client" permission, which restricted admins with the fine-grained-authz feature do not have. This causes a "forbidden" exception when try try to save a client with Authorization already enabled, even if the "enable" action does nothing since it was already enabled. Fixes #22938 Signed-off-by: Vojtěch Boček <vbocek@gmail.com>	2025-11-10 10:20:50 -03:00
Stian Thorgersen	d8275fe5df	Remove wildcard imports (#44060 ) Closes #44059 Signed-off-by: stianst <stianst@gmail.com>	2025-11-10 11:46:05 +01:00
Pedro Ruivo	80895d7fb4	AUTH_SESSION_ID cookie has the incorrect route Fixes #43933 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-11-07 21:32:45 +00:00
Pedro Igor	33f1dda2cf	Processing workflow events asynchronously - Part 1 Closes #42386 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-07 10:57:05 -03:00
mposolda	b8a8be33aa	Audience validation according to latest specs proposal closes #43984 Signed-off-by: mposolda <mposolda@gmail.com>	2025-11-06 10:21:35 +01:00
Stian Thorgersen	6043027d99	Refactor KubernetesIdentityProvider (#43967 ) Closes #43966 Signed-off-by: stianst <stianst@gmail.com>	2025-11-05 16:28:07 +01:00
rmartinc	5822c52a30	JWT Authorization grant should not generate refresh and use transient sessions Closes #43799 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-05 14:17:32 +01:00
Stian Thorgersen	b278dbbb3d	Allow identity provider configuration without defaults for user authentication (#43963 ) Closes #43552 Signed-off-by: stianst <stianst@gmail.com>	2025-11-05 10:13:40 -03:00
Steven Hawkins	27252a14ae	fix: adding a single method to get the base uri (#43333 ) * fix: adding a single method to get the base uri closes: #43330 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update server-spi/src/main/java/org/keycloak/urls/HostnameProvider.java Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2025-11-05 12:46:09 +00:00
Martin Kanis	8e71657576	Add rate limiter for sending verification emails in context of update email Closes #43076 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-11-04 12:16:12 -03:00
Giuseppe Graziano	4b443f04ee	JWT Authorization grant idp config (#43841 ) Closes #43568 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-11-04 14:46:14 +01:00
Thomas Diesler	131e2357a9	Cannot issue vc of type oid4vc_natural_person Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2025-11-04 10:46:44 +01:00
KONSTANTINOS GEORGILAKIS	1c0d4616a5	hide scopes from scopes_supported in discovery endpoint Closes #10388 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-03 16:26:12 +00:00
Pedro Igor	2216ada20b	Allow GET and PUT methods using application/yaml media type Closes #42687 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-03 13:09:17 -03:00
Václav Muzikář	9c86eae7ed	Initial Client API v2 impl (#43395 ) Closes #43224 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Peter Zaoral <pzaoral@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>	2025-11-03 14:31:54 +01:00
vramik	ece96e397e	Make set creadential label use `reset-password` scope Closes #43460 Signed-off-by: vramik <vramik@redhat.com>	2025-11-03 07:57:58 -03:00
Stian Thorgersen	d0a7225b3d	Allow CORS Access-Control-Allow-Headers customization (#43767 ) Closes #12682 Signed-off-by: stianst <stianst@gmail.com>	2025-11-03 06:39:44 +00:00
Alexander Schwartz	52ba359cc3	Make client and IDP required when using federated client authentication (#43890 ) Closes #43889 Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-11-03 07:21:55 +01:00
Stian Thorgersen	1048c8d9c9	Filter out non-user authentication IdPs from account and login (#43798 ) Closes #43553 Signed-off-by: stianst <stianst@gmail.com>	2025-10-31 12:40:04 +01:00
rmartinc	f92adda310	Improve JWT Assertion Validation using client validators Closes #43642 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-31 11:58:08 +01:00

1 2 3 4 5 ...

5554 Commits