keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30

Author	SHA1	Message	Date
Lukas Hanusovsky	d9b4bd047f	[Keycloak Test Framework] Infinispan cache + ClusterlessTestSuite configuration (#42172 ) * [Keycloak Test Framework] Infinispan server + ClusterlessTestSuite and MultisiteTestSuite configuration Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> * Utilise ClientIntelligence.BASIC to ensure that internal docker IPs never used by Infinispan client Signed-off-by: Ryan Emerson <remerson@ibm.com> * Code refactoring + properties utility Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> --------- Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> Signed-off-by: Ryan Emerson <remerson@ibm.com> Co-authored-by: Ryan Emerson <remerson@ibm.com>	2025-09-17 07:13:11 +00:00
Ricardo Martin	a2acdda535	Automatic download and cache of the SAML client public keys (#41947 ) Closes #17028 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-16 13:07:33 +02:00
Awambeng	20f9306b78	[OID4VCI] Adjust Credential Issuer Metadata endpoint, return issuer metadata at /.well-known/openid-credential-issuer/realms/{realm} (#42577 ) Closes #41589 Signed-off-by: Awambeng <awambengrodrick@gmail.com>	2025-09-16 10:24:44 +02:00
rmartinc	8a94bd90f9	redirectToAuthentication if the request uses PAR to not lose the single object after a refresh Closes #36716 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-16 10:14:35 +02:00
Alexander Schwartz	cdea7d79a7	Fix chinese language names Closes #42575 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-09-15 15:01:08 -03:00
forkimenjeckayang	64e0b450aa	[OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint (#40751 ) Closes #39278 Closes #39279 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2025-09-15 14:02:45 +02:00
rmartinc	605b51905c	Do not regenerate the secret key when the size is not explicitly passed Closes #42405 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-15 13:30:35 +02:00
Ogen Bertrand	70b50e93e9	[OID4VCI] Add support for credential_request_encryption in metadat (#42169 ) closes #41594 closes #41593 closes #41592 closes #41582 closes #41595 Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>	2025-09-15 09:19:15 +02:00
Martin Kanis	5a02bc1adb	Admin UI hides local users when LDAP provider fails Closes #42276 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-09-12 10:43:08 -03:00
Stefan Wiedemann	232c91e6b7	Allow configuration of clientId in TargetRoleMapper again (#42377 ) closes #42375 Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>	2025-09-12 08:56:53 +02:00
forkimenjeckayang	66677da8f7	[OID4VC]: Update the issuer metadata for signed metadata (#42428 ) Closes #41588 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-12 08:51:56 +02:00
KONSTANTINOS GEORGILAKIS	b6cee86e74	Add openid scope in Allowed Client Scopes options of client registration access policies Closes #42339 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr> Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2025-09-11 16:04:31 +02:00
Alexander Schwartz	6a202146b4	Handle already existing user session in the store Closes #40374 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-09-11 14:58:53 +02:00
Stian Thorgersen	51465f52a3	Get client by client attribute Closes #42543 Signed-off-by: stianst <stianst@gmail.com>	2025-09-11 12:07:13 +00:00
Pedro Ruivo	8567eec526	ClientSession timestamp not updated in the database Closes #42012 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-09-10 20:34:22 +02:00
Stian Thorgersen	1e5d52975e	Refactor JWTValidator to allow use both for self-signed and federated client assertions (#42472 ) Closes: #42463 Signed-off-by: stianst <stianst@gmail.com>	2025-09-10 08:11:18 +02:00
mposolda	5a05d2123e	Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie closes #40857 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-09 11:05:19 +02:00
Ogen Bertrand	d13c953fe4	[OID4VCI] Implement multiple credential issuance (#42167 ) closes #39277 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com> Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2025-09-09 09:49:03 +02:00
Pedro Igor	0074704e76	Fixing UI to allow linking brokers ot orgs without a domain Closes #42408 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-08 17:46:46 +00:00
Takashi Norimatsu	d740c0f3db	FAPI 2.0 Security Profile Final - Add FAPI 2.0 Final security profile as default profile of client policies closes #41120 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2025-09-08 17:23:53 +02:00
Ingrid Kamga	8fafd4c209	Understand key attestations as additional information to jwt proofs or as per new attestation proof type (for Key binding) Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2025-09-08 17:18:37 +02:00
Steven Hawkins	05c7c625d3	fix: don't show the local access screen if a service account exists (#42218 ) closes: #42201 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-09-05 18:22:31 +02:00
Marek Posolda	6a27a4c336	EdDSA support for DPoP (#42362 ) closes #42286 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-05 12:54:43 +02:00
Johannes Knutsen	973e9ad176	Add a global filter which throws bad request if a query parameter value has a control character Closes #41117 Signed-off-by: Johannes Knutsen <johannes@kodet.no>	2025-09-04 10:19:51 -03:00
Awambeng	f9cb8dfe3d	[OID4VCI]: Add DPoP nonce header support to OID4VCI nonce endpoint (#41999 ) Closes #41580 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-09-04 14:52:10 +02:00
forkimenjeckayang	d5feb76f1f	Restructure credential_configurations_supported parsing to handle credential_metadata with display and claims && Update Credential Issuer Metadata structure (#42001 ) Closes #41587 Closes #41597 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-04 14:48:56 +02:00
Awambeng	3cd2141698	Add invalid_nonce error support for OID4VCI (#41977 ) Closes #39292 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-09-04 13:15:29 +02:00
Takashi Norimatsu	ea63cdc97a	Compliant with RFC8414, return server metadata at /.well-known/oauth-authorization-server/realms/{realm} closes #40923 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2025-09-03 19:14:37 +02:00
forkimenjeckayang	a74076e8ab	Enforce batch_size ≥ 2 validation for batch_credential_issuance (#42003 ) Closes #41590 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-03 17:15:55 +02:00
Awambeng Rodrick	dc6afee14e	Update OID4VCI error handling for draft 16 specification - Replace unsupported_credential_type and unsupported_credential_format with unknown_credential_configuration - Add new unknown_credential_identifier error type as per OID4VCI draft 16 - Update error handling logic to differentiate between credential configuration and identifier errors - Add comprehensive test coverage for new error types Closes #41591 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> Refactor error handling in OID4VCIssuerEndpoint Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> Resolve comments on PR Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> fix failing test Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2025-09-03 16:53:22 +02:00
forkimenjeckayang	fc73537ba7	Rename ldp_vp to di_vp and restructure proofs object for Draft 16 compliance (#41982 ) Closes #41576 Closes #41577 Closes #41581 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-09-03 16:33:43 +02:00
Alexander Schwartz	e46c879cde	Retry duplicate exceptions to handle concurrent client sessions Closes #42278 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-09-02 10:43:03 -03:00
mposolda	624d236ced	DPoP verification support for admin/account REST API endpoints. Java admin-client DPoP support closes #33942 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-02 14:29:30 +02:00
Giuseppe Graziano	6dc9d0d439	Check manage-account-links role for client initiated account linking Closes #41914 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-09-01 11:25:49 +02:00
Alexis Rico	224ccbb79d	Make organization `domains` optional Closes #31285 Signed-off-by: Alexis Rico <sferadev@gmail.com>	2025-08-27 18:11:15 -03:00
Niko Köbler	236d2f9f62	Add configuration option to automatically add recovery codes action after otp configuration closes #41836 Signed-off-by: Niko Köbler <niko@n-k.de> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-08-27 17:56:59 +02:00
Alexander Schwartz	ca1e61047a	Adding TiDB dialect for Quarkus Closes #41897 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Dennis Kniep <kniepdennis@gmail.com> Co-authored-by: Dennis Kniep <kniepdennis@gmail.com>	2025-08-26 17:44:45 -03:00
Ricardo Martin	360ff7050c	Use back keycloak-js instead of initiate login in the backend for account (#42035 ) Closes #40463 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-08-26 16:29:46 +02:00
laureat-natzka	edbe28147e	Pass IDP config values to themes (#40373 ) Signed-off-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local> Co-authored-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>	2025-08-25 17:50:06 +00:00
Pedro Ruivo	6bcaa63124	Concurrently update the remote caches Closes #42096 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-08-25 16:39:17 +02:00
Ricardo Martin	46e990b7a7	Check for non-ascii local part on emails depending on SMTP configuration Closes #41994 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-08-21 08:16:47 +00:00
Alexander Schwartz	09f863bf9d	Don't validate duplicate credential label on update if label is unchanged Closes #41945 Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-08-20 08:06:06 +02:00
Pedro Igor	c7fedb77e3	Skip processing HEAD requests for action tokens Closes #41834 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-08-19 17:26:03 -03:00
rmartinc	0ff7d551dd	Check null for new keySize and validity parameters when generating certificates Closes #41906 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-08-19 21:53:24 +02:00
Pedro Igor	b97aad0938	URL encode forwarded parameters Closes #41755 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-08-19 11:44:12 +02:00
Sebastian Łaskawiec	988bf9cb0b	WelcomeResource do not create temporary admins (#41416 ) Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>	2025-08-18 17:31:26 +02:00
Martin Kanis	aa5fadb863	Flaky test: org.keycloak.testsuite.federation.ldap.LDAPReadOnlyTest#testReadOnlyUserGetsPermanentlyLocked Closes #41882 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-08-15 15:51:25 -03:00
Moshie Samuel	6958f57f0a	add configurable cooldown for email resend in VerifyEmail Closes #41331 Signed-off-by: Moshie Samuel <moshie.samuel@gmail.com> Signed-off-by: moshiem <moshiem@hardcorebiometric.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: moshiem <moshiem@hardcorebiometric.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-08-15 07:31:00 +02:00
Akbar Husain	06f80416fb	Replace keySet with entrySet Closes #40064 Signed-off-by: akbarhusainpatel <apatel@intermiles.com> Co-authored-by: akbarhusainpatel <apatel@intermiles.com>	2025-08-14 17:31:15 +02:00
Pedro Igor	3bf46e5421	"linked-accounts" endpoint displays all Identity providers Closes #19732 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com> Co-authored-by: Réda Housni Alaoui <reda-alaoui@hey.com>	2025-08-14 15:21:03 +02:00

1 2 3 4 5 ...

7581 Commits