keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30

Author	SHA1	Message	Date
Pascal Knüppel	f39a37d8d1	[OID4VCI] Move realm attributes to clientScope and protocol-mappers (#39768 ) fixes #39527 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>	2025-07-10 14:46:36 +02:00
Martin Kanis	5a42390341	Make UPDATE_EMAIL a supported feature Closes #40227 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-07-09 10:15:48 -03:00
rmartinc	900d8c7400	Changing default passwordless webauthn policy to follow recommended values in the documentation Closes #40792 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-07-09 11:34:28 +02:00
rmartinc	d62114e50e	Do not add steps if feature disabled in default flows Allow login if a step is disabled even the authenticator is not enabled by profile Closes #40954 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-07-09 10:44:36 +02:00
Steven Hawkins	d74e71e5ed	fix: streamlining the client scope update (#40808 ) closes: #40805 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-07-07 17:57:39 +02:00
Steven Hawkins	2b44c5676f	fix: adding logic to isolate realm migration processing (#39377 ) * fix: adding logic to isolate realm migration processing also adding an info log for each realm migrated closes: #33978 #38649 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * switching to an export strategy tolerant to read committed also preventing creating cached users during export Signed-off-by: Steve Hawkins <shawkins@redhat.com> * updating the docs to still recommend shutting the server down for export Signed-off-by: Steve Hawkins <shawkins@redhat.com> * accounting for null managed users Signed-off-by: Steve Hawkins <shawkins@redhat.com> * refinements based upon review comments Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Scaling back the docs Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> * Remove rogue release note Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>	2025-06-30 08:31:57 -04:00
Pedro Igor	304bcdce88	Do not show update email link if the email attribute is not writable Closes #39669 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-06-28 10:19:41 +02:00
rmartinc	cc7b63cfc6	Integrate passkeys with separate username and password forms Closes #40021 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-06-25 09:43:48 +02:00
rmartinc	86f0a7864f	Disable email verification when email manually changed by idp review Closes #40446 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-06-25 08:56:03 +02:00
Douglas Palmer	1183157d86	Key generation for client authentication is always RSA 2048 with a 10-year validity, regardless of the selected algorithm Closes #38620 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2025-06-25 08:15:43 +02:00
Steven Hawkins	c01736a9cd	fix: correcting additional legacy scope usage (#40644 ) closes: #39063 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-06-24 14:58:27 +02:00
Pedro Igor	828f9f7916	Mark user as disabled if reaching max login failures and permanent lockout is enabled Closes #40159 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-06-18 08:34:56 +02:00
Giuseppe Graziano	b9033ad9c3	Validate client policy condition configuration Closes #40187 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-06-11 11:01:08 -03:00
Giuseppe Graziano	1d9ecb2d7a	Added WebAuthn and recovery codes as disabled in the First Broker Login Flow (#40319 ) Closes #40000 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-06-09 12:40:53 +02:00
rmartinc	2ec1496c5b	Rename "Browser - Conditional OTP" to "Browser - Conditional 2FA" in default browser flow Closes #40281 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-06-09 08:41:23 +02:00
rmartinc	c3bbf45a7b	Add webauthn and recovery codes to the default browser flow as disabled Closes #39999 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-06-05 16:09:32 +02:00
Ricardo Martin	41110823c7	Integrate current auth-username-password-form authenticator with passkeys isConditionalMediationAvailable (#38781 ) Closes #29596 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-06-05 08:53:00 +02:00
Pascal Knüppel	17e2602a56	[OID4VCI] Fix creation of clientScopes with protocol oid4vc (#39556 ) closes #39527 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2025-06-05 08:49:05 +02:00
mposolda	ab7edb0d01	Introduce ExternalToInternalTokenExchangeProvider. Make it working with Google IDP using token-info endpoint instead of user-info endpoint closes #40146 closes #40133 Signed-off-by: mposolda <mposolda@gmail.com>	2025-06-04 10:03:52 +02:00
Martin Kanis	f35c413b31	Add re-authentication when updating email via UPDATE_EMAIL feature Closes #39670 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-06-03 09:09:44 -03:00
mposolda	a66f7fbc53	Fix NPE during external-internal token exchange in case that user exists closes #40104 Signed-off-by: mposolda <mposolda@gmail.com>	2025-05-31 08:31:45 +02:00
Pedro Igor	7cc055f8a6	Verify brokered user email based on the email_verified claim from the ID Token returned by the OP Closes #39885 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-05-29 10:45:18 -03:00
rmartinc	9e7ef7989d	Better locale management in the admin console Closes #39934 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-05-28 10:47:14 +02:00
Pedro Igor	e6e6fa60fa	Adding OAuth2-based identity broker Closes #35266 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-05-27 12:07:01 -03:00
Michal Hajas	88f660b235	Add experimental feature rolling-updates:v2 that allows rolling updat… (#39751 ) ...e for patch releases Closes #38882 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2025-05-27 11:17:42 -03:00
rmartinc	5c28ee4d4c	Create client passwords calculating the entropy size for JWT with client secret Closes #38621 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-05-27 10:23:58 +02:00
Giuseppe Graziano	8833c0aa5d	Ignore Accept-Language header for reset email from admin api Closes #36986 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-05-27 10:14:22 +02:00
Anchels	d91688198c	Removed dead local stores Closes #39698 Signed-off-by: Anchels <mishtitov@gmail.com>	2025-05-27 09:09:13 +02:00
Pedro Igor	7aab9fade8	Move FGAP types to a specific package Closes #39712 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-05-22 09:53:16 -03:00
rmartinc	3c511635ba	Skip AIA for webauthn register if a crendential of teh correct type already exists Closes #39191 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-05-20 18:09:12 +02:00
Kai J. Witt	c76bb0683c	Make max auth age configurable for all required actions by default Moved the current configuration implementation for the update password Closes #39408 Signed-off-by: Kai Josef Witt <KWitt@vhv.de> Signed-off-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Kai Josef Witt <KWitt@vhv.de> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2025-05-15 08:44:38 +02:00
Erik Jan de Wit	cbd0d18f6a	add description to groups fixes #39172 Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-05-14 06:41:01 -04:00
Pedro Igor	34ad280665	Build user representations when searching based on the user profile settings Closes #39595 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-05-14 10:42:25 +02:00
Alexander Schwartz	4b47697c83	Lazily process sessions from ISPN to avoid fetching client sessions (#39639 ) Closes #39638 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-05-13 13:16:41 +02:00
Steven Hawkins	9193a9ccad	fix: refining DefaultCors logging (#39582 ) also using allowAllOrigins where possible closes: #39492 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-05-13 09:54:01 +02:00
Pedro Igor	4973de6314	Do not show email during registation if user has no permission Closes #37899 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-05-09 09:11:35 +02:00
Pedro Igor	8716d2425d	Skip partial evaluation if there is no realm bound to the session Closes #39465 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-05-08 09:29:53 +02:00
Steve Hawkins	abc448e4d1	fix: performing inline user import for multi-file closes: #38251 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-05-07 14:22:39 -03:00
vramik	56389c44c8	[FGAP] Refactor permission evaluation code for V2 Closes #38086 Signed-off-by: vramik <vramik@redhat.com>	2025-05-05 17:11:16 -03:00
Steven Hawkins	24910d9e1c	addresses slow import/export performance by limiting persistence context size (#37926 ) * fix: addresses slow import/export performance with more batching closes: #37991 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * removing flush/detach manipulation Signed-off-by: Steve Hawkins <shawkins@redhat.com> * refining the doc note about using multiple files for larger user counts Signed-off-by: Steve Hawkins <shawkins@redhat.com> * adding doc note about useExistingSession method removal and expanding javadocs Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-04-29 18:57:45 -04:00
rmartinc	4730dbdd8d	Make recovery codes supported Closes #38994 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-04-29 10:25:46 +02:00
Pedro Ruivo	eafe08a73a	Create CacheEmbeddedConfigProvider Closes #38497 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-04-28 13:00:53 +02:00
mposolda	4e95bde179	Avoid using password policy for configuration of recovery codes warning threshold closes #39214 Signed-off-by: mposolda <mposolda@gmail.com>	2025-04-28 10:06:01 +02:00
Garth	2c06078484	Added ThemeManagerSpi and ported DefaultThemeManagerFactory to use it. Closes #38433. Signed-off-by: Garth <244253+xgp@users.noreply.github.com> Moved ThemeManagerSpi and ThemeManagerFactory to server-spi-private. Marked internal. Added to org.keycloak.provider.Spi file Signed-off-by: Garth <244253+xgp@users.noreply.github.com>	2025-04-25 09:35:10 +02:00
Marek Posolda	025b2ba442	Introducing IdpLinkAction as AIA to replace client-initiated account linking (#38952 ) closes #37269 closes #35446 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2025-04-17 13:20:05 +02:00
Pedro Ruivo	636fffe0bc	Create CacheRemoteConfigProvider (#38570 ) Closes #38496 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2025-04-16 17:08:43 +02:00
Michal Hajas	4dc4de7c12	Remove CACHE-EMBEDDED-REMOTE-STORE experimental feature Closes #34160 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2025-04-16 12:01:55 +00:00
Vlasta Ramik	367c76417e	Change IDENTITY_PROVIDER_LOGIN and its ERROR to be saved by default (#38825 ) Closes #38824 Signed-off-by: vramik <vramik@redhat.com>	2025-04-14 09:23:44 -03:00
Pedro Igor	e68e43cbc8	Cache resource names associated to policies to improve partial evaluation Closes #38837 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-10 19:50:26 +02:00
vramik	fcd4e2bfff	Client 'admin-permissions' doesn't have protocol set. Closes #38765 Signed-off-by: vramik <vramik@redhat.com>	2025-04-09 13:41:14 -03:00

1 2 3 4 5 ...

1240 Commits