External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity
28,206 Commits 26 Branches 288 Tags
Commit Graph

28206 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
e2159c32d1 Set version to 26.2.12 26.2.12 2025-12-01 07:00:59 +00:00
Martin Bartoš
f7e82a5c37
Upgrade to Quarkus 3.20.4 (#44352) 
Closes #44294

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-26 11:38:08 +01:00
Alexander Schwartz
1cd354ef54
Fix race condition in SAML DocumentBuilderFactory creation (#44469) 
Closes #44438

Signed-off-by: martins <martin.soderstrom@aurorainnovation.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Martin Söderström <martin@radovation.com>
 2025-11-26 08:49:05 +01:00
Alexander Schwartz
b90fec41ff
[26.2] Only allow LDAP URL references when following referrals (#286) 
* Only allow LDAP URL references when following referrals

Closes #280

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Updating docs

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Adjusting CI for slowness

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

---------

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-21 11:20:33 +01:00
Pedro Ruivo
32e24dff6c
Update protolock file list 
Closes #44300

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-18 18:32:07 +00:00
Martin Bartoš
7e17ea8068 ExternalLinksTest is broken due to missing path parameters 
Closes #43082

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-14 12:30:45 +01:00
rmartinc
aee68b0fdf Ignore external links to https://www.npmjs.com/package 
Closes #42856

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-14 12:30:45 +01:00
Ricardo Martin
64c42b01ea Fix recaptcha links to the new docs.cloud.google.com site 
Closes #44187

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 20f9bb15709742adf7754999c00f321f661f0f35)
 2025-11-14 12:30:45 +01:00
Ricardo Martin
abaa38a8a8
Use http for the DockerClientTest to avoid certificate issues (#44175) 
Closes #44117


(cherry picked from commit fb13aa50390ddfb03cce2bd2f798e5547d2c433c)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-14 08:47:40 +01:00
Pedro Igor
ac227ca956
Ordering attributes will unset the unmanaged attribute policy 
Closes #44010

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-11 13:46:12 +01:00
Stefan Guilhen
eb10072d53 Skip checksum validation for 2.5.0-unicode-oracle, that is preventing migrations when schema name changes 
Closes #43564

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit ef3de183dfc21257f7ddc3ff777ddf0118fd92a7)
 2025-11-10 15:10:59 -03:00
Tobi
84c5701b89 Add new indices on offline_client_session 
Closes #43566
Closes #43516

Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:07:22 -03:00
Ricardo Martin
1f0b5d4cb2
Ensure the logout endpoint removes the authentication session 
Closes #43853


(cherry picked from commit 3b3adcf1e4819bf63e08269142459f747c31cb37)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-01 20:14:32 +01:00
Alexander Schwartz
c64b722400
Don't keep an old session to avoid a stable objects and a memory leak 
Closes #43761

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 17:36:28 -03:00
Alexander Schwartz
0a5c97d3a9
Resolve session leak in DeclarativeUserProfileProvider 
Closes #43785

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 17:35:59 -03:00
Ricardo Martin
50102e50de
Check offline scope is still assigned when performing a refresh 
Closes #43734


(cherry picked from commit e0c1f2ee0fd14ba76338d9c2c213d45d0e857450)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-29 13:53:14 +01:00
Alexander Schwartz
4cd381edbf
Avoid holding on to the realm in cached configurations 
Closes #43744

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 08:01:02 -03:00
Alexander Schwartz
8f8dabab55
Role mapper should check if an update is needed for the role 
Closes #43698

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 14:53:06 -03:00
Ricardo Martin
5ad8f1a026
Only add the none verifier when attestation conveyance preference is none 
Closes #43723


(cherry picked from commit 1bd9a3f4733f80f30111a5e2bad973b85530dc16)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-28 15:51:56 +00:00
Alexander Schwartz
e7938a7c22
Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 08:16:22 -03:00
mposolda
a794fca977 Possible overflow in brute force computation 
closes #30939

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit a2cc51aed7692ec09c619f2a6f4ecc7055beb9e1)
 2025-10-16 16:09:00 +02:00
Giuseppe Graziano
a752492843
Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-16 15:06:38 +02:00
Martin Bartoš
494b230c97
[26.2] Upgrade to Quarkus 3.20.3 LTS (#42897) 
* Upgrade to Quarkus 3.20.3 LTS

Closes #41371

Closes #42491

Closes #42492

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Revert "MariaDB connector dependency is not properly overriden (#41372)"

This reverts commit 089975417b5819d08d8652525dfbcb044e42b7c2.

Closes #41373

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-15 10:01:23 +02:00
Alexander Schwartz
e5f2e2f45a
Use quoted values for boolean and number values in Operator examples 
Closes #43459

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 13:28:47 -04:00
Steven Hawkins
f20dd66196
fix: refining https-protocols documentation 
closes: #43164


(cherry picked from commit 700b86fad85c17d90cc133013e5704e760f30686)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-14 17:02:31 +00:00
Alexander Schwartz
a97613bf7b
Prevent using JTA transaction when initializing JDBC_PING 
Closes #43335

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 09:15:37 +00:00
Alexander Schwartz
cce230818e
Register new protocols to avoid exceptions on startup 
Closes #43337

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-10 07:43:13 -03:00
Marek Posolda
0c3a042029
openid-connect flow is missing response type on language change 
closes #41292


(cherry picked from commit 76d271bf00847370a4ef39b2c46b74212a3ce7bd)

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 10:45:51 +02:00
Marek Posolda
2720ed988f
Security Defenses realm settings lost when switching between Headers and Brute Force Detection tabs (#43318) 
closes #42676


(cherry picked from commit 0100ac6d6eec6ca4c6b45e11d54d5de9cb0660b6)

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-09 14:21:59 +02:00
Alexander Schwartz
c0fe9b197b
Close spans in the exceptional path 
Closes #41469

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-10-08 11:36:58 -03:00
Pedro Igor
0404f78f39 Lowercase username and email when fetching values from LDAP object 
Closes #43254

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 23:58:40 +02:00
Pedro Igor
e3ad01f777 Invalidate user cache entries when email or username are different from storage 
Closes #40085

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-10-07 23:58:40 +02:00
Pedro Ruivo
02fb1299d2
Restarting an user session broken for persistent sessions 
Fixes #43161

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-03 19:27:34 +02:00
Steven Hawkins
2b1b2c2d7d
fix: removing test os restriction (#41952) (#43172) 
closes: #13501


(cherry picked from commit c2a7914c739e96294efa457e75aea71c58ec800e)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-03 10:25:36 +02:00
Alexander Schwartz
30a278eda0
Disable Secure Client-Initiated Renegotiation by default 
The parameter  -Djdk.tls.rejectClientInitiatedRenegotiation=true disables Secure Client-Initiated Renegotiation in Keycloak to resolve a potential DoS vulnerability. Note this is applicable only to TLS 1.2.

Closes #43020

Signed-off-by: Erasure5959 <154384607+Erasure5959@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Erasure5959 <154384607+erasure5959@users.noreply.github.com>
 2025-10-02 18:07:39 +02:00
Ricardo Martin
02db622a50
Do not remove sid claim when the session is transient only for the client 
Closes #42565


(cherry picked from commit e256513ceb7d423f0532b9fd9c182171c3e23309)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-01 22:57:40 +02:00
Martin Kanis
e2726e7342 Username containing a '#' is truncated in Admin Console when hiding inherited roles (#42950) 
Closes #42949

Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 0baeff171aecf76c0bf38788bf221bc44c5ea838)
 2025-09-30 08:39:32 -03:00
Ricardo Martin
69685b54f2
Expose system-info information in the serverinfo endpoint only for users in the admin realm 
Closes #42828


(cherry picked from commit 1d28c0cd35a186551cf4114cbd6cdf75b9e3fe58)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-29 18:21:50 +02:00
Alexander Schwartz
27121d010c
Avoid invalidating the realm when managing client initial access 
Closes #42922

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-25 06:14:13 +02:00
rmartinc
afec535e61 Do not regenerate the secret key when the size is not explicitly passed 
Closes #42405

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 605b51905ca9d991e1656ab875fec22840289761)
 2025-09-23 17:30:01 +02:00
Pedro Igor
19da322d88
URL encode forwarded parameters 
Closes #41755

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-22 14:58:33 +02:00
mposolda
86516bb3dc Missing switch 'ID Token as detached signature' in the admin console client settings 
closes #42769

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 201ea6d19c92ea91a9943521d486402d55fd1b63)
 2025-09-22 12:09:10 +02:00
Alexander Schwartz
f21138745c
Add missing fields for client offline session timeout and lifespan 
Closes #42369

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-12 14:23:29 +02:00
Alexander Schwartz
2743174f2c
Handle already existing user session in the store 
Closes #40374

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 17:09:50 +02:00
Pedro Ruivo
60a93d7d80
[26.2] ClientSession timestamp not updated in the database 
Closes #42012

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-10 20:33:22 +02:00
Ricardo Martin
85a66c071f
Add User_agent header for documentation links checker 
Closes #42164

(cherry picked from commit 93791f67fba08c15be229d1acf7f573d305ccc35)

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-10 09:20:26 +00:00
mposolda
4d1330593d Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie 
closes #40857

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 5a05d2123ee14f36b64b6aac08041ef7623734cf)
(cherry picked from commit 8c04f6d65585003eb63b256a2b3628a042507529)
 2025-09-09 17:09:12 +02:00
Ricardo Martin
a61f1d90be Use back keycloak-js instead of initiate login in the backend for account (#42035) 
Closes #40463

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 360ff7050c290939d529e68b461ba61c7c11404a)
 2025-09-09 08:51:04 +02:00
Alexander Schwartz
077aa8b19c
Avoid removing client sessions before the user session times out 
As the client session timeout can be overwritten on a per client level, the realm level timeout can not be used to remove client sessions early.

Closes #35825

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-08 16:38:05 -03:00
Alexander Schwartz
399aa6cfd4
Translate the validation error returned from the backend 
Closes #42182

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-08 14:47:56 -04:00