External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,676 Commits 26 Branches 288 Tags
Commit Graph

318 Commits

Author SHA1 Message Date
stianst
f6676ccd76 Migrate i18n package to new testsuite 
Closes #44520

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-28 08:56:11 -03:00
Marek Posolda
38768819e1
Make sure that signature validation possible to configure for OIDC id… (#44516) 
closes #44473


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2025-11-28 08:51:20 +01:00
Pedro Ruivo
3ed15e740a
Add new option to schedule user session expiration 
Closes #44068

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-11-27 23:01:32 +01:00
Thomas Diesler
54bf9206b2
[OID4VCI] Credential Offer must be created by Issuer not Holder (#44255) 
closes #44116


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-27 16:07:10 +01:00
Stian Thorgersen
33b6065c2a
Introduces a ManagedWebDriver to provide a single entry point for utilities around WebDriver 
This will make it easier to discover various utilities without having to find static methods in various classes; and will also provides us with a wrapper around Selenium where we can add any tweaks needed. It is also now possible to construct a page instance without injection using `page().createPage(MyPage.class)`

Closes #44464

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-26 15:20:23 +01:00
rmartinc
d0e4d1f620 Better events for jwt-bearer and check all details in the tests 
CLoses #44137

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-26 12:09:51 +01:00
Stian Thorgersen
a8d4336da6
Migrate transactions package to new testsuite 
Closes #44460

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-26 10:57:19 +01:00
Giuseppe Graziano
b323fea8bc Always allow to setup JWKS URL in oidc idp 
Closes #44217

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-25 17:09:13 +01:00
dawg
d5a507e90d
fix #43819 - partial import fails to overwrite existing groups (#43924) 
* fix #43819 - partial import fails to overwrite existing groups

- when removal is delayed until insertion of the newly imported group
  this causes a duplicate key constrain violation (`Key (realm_id, parent_group, name)`)
- fixed by flushing group removals

Signed-off-by: Martin Nowak <code@dawg.eu>

* adding a test and using a general fix

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	services/src/main/java/org/keycloak/partialimport/PartialImportManager.java

---------

Signed-off-by: Martin Nowak <code@dawg.eu>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-25 16:17:51 +01:00
rmartinc
ca205272ba Initial integration of the JWT Authorization Grant in client Policies 
Using the downscope executor for testing
Closes #44201

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-24 19:37:07 +01:00
vramik
0825f22331 Add toPredicate implementation for conditions 
Closes #42696

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-24 08:56:36 -03:00
Stian Thorgersen
2a78bc67d7
Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325) 
Closes #44253
Closes #42987
Closes #44063

Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-22 12:53:22 +01:00
Giuseppe Graziano
3e8b2f8ab7
New JWT Authorization Grant Identity provider (#44176) 
Closes #43570

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-19 09:18:23 +01:00
Stefan Guilhen
464d1a6741 Improve updating existing workflows 
- allow updating entire workflow when no scheduled tasks exist
- allow updating conditions, concurrency, and steps config when scheduled tasks exists

Closes #42618

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-17 09:10:29 -03:00
Stian Thorgersen
c284f9ae66
Rename ApiUtil to AdminApiUtil (#44224) 
Closes #44196

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:52:04 +01:00
Stian Thorgersen
b7815190a2
Merge GenerateKeystoreForTestUtil with CryptoKeyStore (#44223) 
Closes #44195

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:51:45 +01:00
Stefan Guilhen
3319e8d9b5 Add optional parameter in WorkflowResource.toRepresentation to allow retrieval of the rep without the ids 
Closes #44183

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-14 12:20:40 -03:00
Stian Thorgersen
a2c1055f8d
Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
Hamza Hathoute
8fb8fd5346
fix: add flag to delete-step to control user removal from federation provider 
Closes #43538

Signed-off-by: Hathoute <whitesmith.thedj@gmail.com>
 2025-11-13 22:32:11 +00:00
Vlasta Ramik
d2697232b9
Rename bind endpoint to activate 
Closes #44155

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-13 22:15:33 +01:00
stianst
8dce1eff15 Migrate keys package to new test framework 
Closes #44118

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-13 10:19:53 -03:00
Stefan Guilhen
da7993896d Allow ISO-8601 compatible format for the after field in workflow steps 
- aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations

Closes #42913

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 18:51:49 -03:00
Stefan Guilhen
7acf2ceccb Add pagination and search by name capabilities to WorkflowsResource 
Closes #44164

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 17:18:11 -03:00
vramik
84a679224b Add operation to deactivate a workflow execution for a resource 
Closes #42124

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-12 17:02:17 -03:00
rmartinc
c8c110a049 Use normal scope parameter checking for the JWT Authorization grant 
Closes #43646

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 14:09:00 +01:00
Stian Thorgersen
2a196cb373
Split new base tests into multiple jobs (#44096) 
* Split new base tests into multiple jobs

Closes #38200

Signed-off-by: stianst <stianst@gmail.com>

* Update tests/base/src/test/java/org/keycloak/tests/suites/Base2TestSuite.java

Signed-off-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
 2025-11-12 10:12:32 +01:00
Pedro Igor
c23d2af65c
The admin roles manage-authorization and view-authorization should have precedence over manage-client when managing authorization settings 
Closes #43883

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-10 16:10:48 +01:00
Giuseppe Graziano
c0e34fa45f
Additional configuration and validation for jwt assertion grant (#44014) 
Closes #43873

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-10 14:34:06 +01:00
Stian Thorgersen
d8275fe5df
Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Pedro Igor
33f1dda2cf Processing workflow events asynchronously - Part 1 
Closes #42386

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-07 10:57:05 -03:00
Lukas Hanusovsky
768cea1b82
Add FIPS suite to the new tests (#43431) 
* Add FIPS test suite to the new tests

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Tweaks to FIPS suite in new test

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
 2025-11-06 14:08:19 +01:00
mposolda
b8a8be33aa Audience validation according to latest specs proposal 
closes #43984

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-06 10:21:35 +01:00
Stian Thorgersen
6043027d99
Refactor KubernetesIdentityProvider (#43967) 
Closes #43966

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 16:28:07 +01:00
rmartinc
5822c52a30 JWT Authorization grant should not generate refresh and use transient sessions 
Closes #43799

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-05 14:17:32 +01:00
Stian Thorgersen
b278dbbb3d
Allow identity provider configuration without defaults for user authentication (#43963) 
Closes #43552

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 10:13:40 -03:00
Giuseppe Graziano
4b443f04ee
JWT Authorization grant idp config (#43841) 
Closes #43568

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-04 14:46:14 +01:00
Martin Bartoš
d5763b9c0b
Migrate the OTelProvider test to the new framework 
Closes #43858

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-04 12:53:47 +01:00
Pedro Igor
2216ada20b Allow GET and PUT methods using application/yaml media type 
Closes #42687

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-03 13:09:17 -03:00
vramik
4d912a9c21 Support for YAML payloads for Admin client for creation of workflows 
Closes #43666

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 13:09:17 -03:00
Lukas Hanusovsky
5aa05d08eb
Test Framework - new Forms test suite. (#43894) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-11-03 15:15:10 +00:00
Lukas Hanusovsky
0dbcfeb9d0
Test Framework - new Login V1 test suite. (#43895) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-11-03 15:08:12 +00:00
vramik
ece96e397e Make set creadential label use reset-password scope 
Closes #43460

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 07:57:58 -03:00
Stian Thorgersen
d0a7225b3d
Allow CORS Access-Control-Allow-Headers customization (#43767) 
Closes #12682

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-03 06:39:44 +00:00
Alexander Schwartz
52ba359cc3
Make client and IDP required when using federated client authentication (#43890) 
Closes #43889

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-03 07:21:55 +01:00
Stian Thorgersen
1048c8d9c9
Filter out non-user authentication IdPs from account and login (#43798) 
Closes #43553

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-31 12:40:04 +01:00
rmartinc
f92adda310 Improve JWT Assertion Validation using client validators 
Closes #43642

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 11:58:08 +01:00
Pedro Ruivo
e40c5de050
Session cache affinity 
Closes #42776

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 21:01:09 +00:00
Stian Thorgersen
be6a3814fb
Add CORS support to OIDC dynamic client registration endpoints (#43625) 
Closes #8863

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-30 12:12:08 +01:00
Tomáš Kyjovský
4c64b7189c
Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
Giuseppe Graziano
759e062131
JWT Authorization grant client configuration (#43685) 
closes #43567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-29 08:45:51 +01:00